feat: Added OpenEBS local storage

feat: Use pre-generated deploy key
chore: Added pre-commit hooks
2025-12-03 04:43:27 +01:00 · 2025-12-03 04:43:26 +01:00 · 2025-12-02 05:10:18 +01:00 · 2025-12-02 05:09:27 +01:00
20 changed files with 185 additions and 1 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1 @@
 deploy.key filter=git-crypt diff=git-crypt
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,28 @@
 default_install_hook_types: [pre-commit, commit-msg]
 exclude: gotk-.*.yaml
 repos:
  - repo: builtin
    hooks:
      - id: trailing-whitespace
      - id: end-of-file-fixer
      - id: check-yaml
        args:
          - --allow-multiple-documents
      - id: check-added-large-files
      - id: check-merge-conflict
      - id: check-executables-have-shebangs
  - repo: https://github.com/crate-ci/typos
    rev: v1.40.0
    hooks:
      - id: typos
  - repo: https://github.com/sirwart/ripsecrets
    rev: v0.1.11
    hooks:
      - id: ripsecrets-system
  - repo: https://github.com/crate-ci/committed
    rev: v1.1.8
    hooks:
      - id: committed
--- a/.secretsignore
+++ b/.secretsignore
@@ -0,0 +1 @@
 deploy.key
--- a/.typos.toml
+++ b/.typos.toml
@@ -0,0 +1,6 @@
 [default]
 extend-ignore-re = [
  "(?Rm)^.*(#|//)\\s*spellchecker:disable-line$",
  "(?s)(#|//)\\s*spellchecker:off.*?\\n\\s*(#|//)\\s*spellchecker:on",
  "(#|//)\\s*spellchecker:ignore-next-line\\n.*",
 ]
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -58,6 +58,7 @@ if [ "${vip}" = "null" ]; then
 fi
 echo -n "Checking connection to ${bootstrap_ip}... "
 # spellchecker:ignore-next-line
 if nmap -Pn ${bootstrap_ip} -p 50000 | grep -q 'open'; then
 	echo "[Success]"
 else
@@ -67,6 +68,7 @@ fi
 count=0
 max_retries=20
 # spellchecker:ignore-next-line
 while ! nmap -Pn ${vip} -p 50000 | grep -q 'open' && [ ${count} -lt ${max_retries} ]; do
 	if [ $count -eq 0 ]; then
 		echo -n "Bootstrapping Kubernetes"
@@ -122,5 +124,9 @@ cilium-cli status --wait
 # cilium-cli connectivity test --namespace-labels pod-security.kubernetes.io/enforce=privileged
 echo "Bootstrapping flux..."
-flux bootstrap git --url ssh://git@huizinga.dev/infra/foundation --branch=main --path=clusters/${cluster_name} \
+flux bootstrap git \
 	--url ssh://git@huizinga.dev/infra/foundation \
 	--branch=main \
 	--private-key-file=clusters/${cluster_name}/deploy.key
 	--path=clusters/${cluster_name} \
 	--components-extra=source-watcher
--- a/clusters/testing/deploy.key
+++ b/clusters/testing/deploy.key
--- a/clusters/testing/deploy.key.pub
+++ b/clusters/testing/deploy.key.pub
@@ -0,0 +1 @@
 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE8tDQzizeDrkzi8MQkIhnI3mZ+x2Rc7JM3K/uU56+griU6hsyG0EijuDlAxsZ2I4iynpG5PkWpRJ4BdPETVZpI= tim@zeus
--- a/clusters/testing/kustomization.yaml
+++ b/clusters/testing/kustomization.yaml
@@ -5,6 +5,8 @@ resources:
  - ../../controllers/artifacts.yaml
  - ../../controllers/cilium/cilium.yaml
  - ../../controllers/cert-manager/cert-manager.yaml
  - ../../controllers/spegel/spegel.yaml
  - ../../controllers/openebs/openebs.yaml
  - ../../configs/artifacts.yaml
  - ../../configs/letsencrypt/letsencrypt.yaml
  - ../../configs/certificates/certificates.yaml
--- a/committed.toml
+++ b/committed.toml
@@ -0,0 +1,2 @@
 style = "conventional"
 ignore_author_re = "Flux"
--- a/controllers/artifacts.yaml
+++ b/controllers/artifacts.yaml
@@ -19,3 +19,13 @@ spec:
      copy:
        - from: "@foundation/controllers/cert-manager/**"
          to: "@artifact/"
    - name: spegel
      originRevision: "@foundation"
      copy:
        - from: "@foundation/controllers/spegel/**"
          to: "@artifact/"
    - name: openebs
      originRevision: "@foundation"
      copy:
        - from: "@foundation/controllers/openebs/**"
          to: "@artifact/"
--- a/controllers/openebs/helm-release.yaml
+++ b/controllers/openebs/helm-release.yaml
@@ -0,0 +1,39 @@
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: openebs
  namespace: openebs
 spec:
  interval: 12h
  install:
    strategy:
      name: RetryOnFailure
      retryInterval: 2m
  upgrade:
    strategy:
      name: RetryOnFailure
      retryInterval: 3m
  chart:
    spec:
      chart: openebs
      version: "4.x"
      sourceRef:
        kind: HelmRepository
        name: openebs
      interval: 24h
  values:
    mayastor:
      csi:
        node:
          initContainers:
            enabled: false
    engines:
      # Disable for now while we set up local storage
      replicated:
        mayastor:
          enabled: false
      local:
        lvm:
          enabled: false
        zfs:
          enabled: false
--- a/controllers/openebs/helm-repository.yaml
+++ b/controllers/openebs/helm-repository.yaml
@@ -0,0 +1,8 @@
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
  name: openebs
  namespace: openebs
 spec:
  interval: 24h
  url: https://openebs.github.io/openebs
--- a/controllers/openebs/kustomization.yaml
+++ b/controllers/openebs/kustomization.yaml
@@ -0,0 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - namespace.yaml
  - helm-repository.yaml
  - helm-release.yaml
--- a/controllers/openebs/namespace.yaml
+++ b/controllers/openebs/namespace.yaml
@@ -0,0 +1,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: openebs
  labels:
    pod-security.kubernetes.io/enforce: privileged
--- a/controllers/openebs/openebs.yaml
+++ b/controllers/openebs/openebs.yaml
@@ -0,0 +1,15 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: openebs
  namespace: flux-system
 spec:
  interval: 1h
  retryInterval: 2m
  timeout: 5m
  sourceRef:
    kind: ExternalArtifact
    name: openebs
  path: ./
  prune: true
  wait: true
--- a/controllers/spegel/helm-release.yaml
+++ b/controllers/spegel/helm-release.yaml
@@ -0,0 +1,17 @@
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: spegel
  namespace: spegel
 spec:
  interval: 1m
  chart:
    spec:
      chart: spegel
      interval: 5m
      sourceRef:
        kind: HelmRepository
        name: spegel
  values:
    spegel:
      containerdRegistryConfigPath: /etc/cri/conf.d/hosts
--- a/controllers/spegel/helm-repository.yaml
+++ b/controllers/spegel/helm-repository.yaml
@@ -0,0 +1,9 @@
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
  name: spegel
  namespace: spegel
 spec:
  type: "oci"
  interval: 5m0s
  url: oci://ghcr.io/spegel-org/helm-charts
--- a/controllers/spegel/kustomization.yaml
+++ b/controllers/spegel/kustomization.yaml
@@ -0,0 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - namespace.yaml
  - helm-repository.yaml
  - helm-release.yaml
--- a/controllers/spegel/namespace.yaml
+++ b/controllers/spegel/namespace.yaml
@@ -0,0 +1,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: spegel
  labels:
    pod-security.kubernetes.io/enforce: privileged
--- a/controllers/spegel/spegel.yaml
+++ b/controllers/spegel/spegel.yaml
@@ -0,0 +1,15 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: spegel
  namespace: flux-system
 spec:
  interval: 1h
  retryInterval: 2m
  timeout: 5m
  sourceRef:
    kind: ExternalArtifact
    name: spegel
  path: ./
  prune: true
  wait: true
Author	SHA1	Message	Date
Dreaded_X	c8ef3652d8	feat: Added OpenEBS local storage	2025-12-03 04:43:27 +01:00
Dreaded_X	0b4ce800a3	feat: Use pre-generated deploy key	2025-12-03 04:43:26 +01:00
Dreaded_X	e19e14e761	chore: Added pre-commit hooks	2025-12-02 05:10:18 +01:00
Dreaded_X	8fc8a589b7	feat: Added spegel	2025-12-02 05:09:27 +01:00
		`@@ -0,0 +1 @@`
							`ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE8tDQzizeDrkzi8MQkIhnI3mZ+x2Rc7JM3K/uU56+griU6hsyG0EijuDlAxsZ2I4iynpG5PkWpRJ4BdPETVZpI= tim@zeus`
		`@@ -0,0 +1,2 @@`
							`style = "conventional"`
							`ignore_author_re = "Flux"`