lytedev/k8s-clusters
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Cleanup

Browse source
This commit is contained in:
Daniel Flanagan 2022-07-05 14:29:43 -05:00
parent 4ce891e2ba
commit 6d79e716f7
Signed by: lytedev
GPG key ID: 5B2020A0F9921EF4
32 changed files with 1 additions and 5201 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.gitignore vendored
View file

@ -1,12 +1,5 @@
k3s-cluster-config.kubeconfig.yaml
*.agekey
.terraform
.terraform.tfstate*
terraform.tfstate*
.env*
*.tmp
*.log
*.key
.secret*
tags

119
ansible/build-k3s-cluster.yml
View file

@ -1,119 +0,0 @@
- name: debug stuff
hosts: all
tasks:
- name: set token fact for k3s-nodes hosts
run_once: true
with_items: '{{ groups["k3s-nodes"] }}'
delegate_to: '{{ item }}'
set_fact:
fake_hostname: '{{ hostvars[item]["inventory_hostname"] }} for {{ item }}'
- name: debug token fact for k3s-nodes hosts
run_once: true
with_items: '{{ groups["k3s-nodes"] }}'
delegate_to: '{{ item }}'
debug:
msg: '{{ hostvars[item]["fake_hostname"] }} for {{ inventory_hostname }}'
- name: install k3s on k3s-nodes
hosts: k3s-nodes
gather_facts: yes
roles:
- role: k3s-node
# TODO: ensure odd number of k3s-control-nodes hosts
- name: intialize k3s cluster on first control plane node
hosts: k3s-control-nodes[0]
tasks:
- name: create config directory
file:
recurse: yes
path: /etc/rancher/k3s/
state: directory
mode: '0700'
- name: copy initial config
become: true
copy:
src: ./templates/k3s-initial-server-config.yaml
dest: /etc/rancher/k3s/config.yaml
- name: run initial k3s server
become: true
ansible.builtin.command: systemctl enable --now k3s
- name: fetch token
become: true
slurp:
src: /var/lib/rancher/k3s/server/node-token
register: slurped_k3s_node_token
- name: set token fact for initial node
set_fact:
k3s_node_token: '{{ slurped_k3s_node_token.content | b64decode }}'
- name: configure remaining nodes
hosts: k3s-nodes,!k3s-control-nodes[0]
gather_facts: no
tasks:
- name: debug info
ansible.builtin.debug:
msg: '{{ ansible_facts }}'
# - name: debug token fact for k3s-nodes hosts
# run_once: true
# debug:
# msg: '{{ hostvars[groups["k3s-control-nodes"][0]]["k3s_node_token"] }}'
- name: set token fact
set_fact:
k3s_node_token: '{{ hostvars[groups["k3s-control-nodes"][0]]["k3s_node_token"] }}'
- name: configure k3s server with token
lineinfile:
path: /etc/systemd/system/k3s.service.env
state: present
line: K3S_TOKEN={{ k3s_node_token }}
create: yes
- name: configure k3s agent with token
lineinfile:
path: /etc/systemd/system/k3s-agent.service.env
state: present
line: K3S_TOKEN={{ k3s_node_token }}
create: yes
- name: create config directory
file:
recurse: yes
path: /etc/rancher/k3s/
state: directory
mode: '0700'
- name: configure k3s server endpoint
lineinfile:
path: /etc/rancher/k3s/config.yaml
state: present
line: 'server: https://{{ hostvars[groups["k3s-control-nodes"][0]]["ansible_default_ipv4"]["address"] }}:6443'
create: yes
# TODO: assert token is valid?
# - name: debug info2
# ansible.builtin.debug:
# msg: '{{ k3s_node_token }}'
# TODO: wait for initial control node to come up?
- name: start remaining control nodes
hosts: k3s-control-nodes,!k3s-control-nodes[0]
tasks:
- name: run k3s
become: true
ansible.builtin.command: systemctl enable --now k3s
- name: start remaining agent nodes
hosts: k3s-agent-nodes
tasks:
- name: run k3s
become: true
ansible.builtin.command: systemctl enable --now k3s-agent

20
ansible/inventory/hosts.yml
View file

@ -1,20 +0,0 @@
k3s-nodes:
hosts:
"root@10.0.0.87":
"root@10.0.0.138":
vars:
ansible_python_interpreter: /usr/bin/python3.10
k3s:
version: v1.23.3+k3s1
k3s-control-nodes:
hosts:
"root@10.0.0.87":
k3s-agent-nodes:
hosts:
"root@10.0.0.138":
vars:
k3s_command: agent

29
ansible/k3s-node/.travis.yml
View file

@ -1,29 +0,0 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

58
ansible/k3s-node/tasks/aur.yml
View file

@ -1,58 +0,0 @@
- name: AUR | get package metadata for {{ pkg_name }}
connection: local
become: no
uri: >
url=https://aur.archlinux.org/rpc?v=5&type=info&arg={{ pkg_name | mandatory }}
return_content=yes
timeout=6
register: api_info
- assert:
that:
- api_info.status == 200
- api_info.json is defined
- api_info.json.type == 'multiinfo'
- api_info.json.resultcount == 1
- api_info.json.results is defined
- name: AUR | download tarball for package {{ pkg_name }}
become: no
connection: local
get_url: >
url='https://aur.archlinux.org{{ api_info.json.results[0].URLPath }}'
dest='/tmp/'
register: aur_tarball
- name: AUR | cleanup old {{ pkg_name }} builds
ansible.builtin.file:
path: /tmp/{{ pkg_name }}
state: absent
- name: AUR | upload and extract package {{ pkg_name }} tarball to host
become: yes
become_user: '{{ makepkg_nonroot_user }}'
unarchive: >
src={{ aur_tarball.dest }}
dest=/tmp/
register: extracted_pkg
- name: AUR | get dependencies and build package {{ pkg_name }}
when: extracted_pkg.changed
become: yes
become_user: '{{ makepkg_nonroot_user }}'
command: >
makepkg --noconfirm --noprogressbar -mfs
chdir=/tmp/{{ pkg_name }}
register: aur_makepkg_result
- shell: 'ls -1 /tmp/{{ pkg_name | quote }} | grep pkg.tar'
register: compiled_package_name
- name: AUR | install {{ pkg_name }} with pacman
when: aur_makepkg_result.changed
become: yes
shell: >
pacman --noconfirm --noprogressbar --needed -U {{ compiled_package_name.stdout | quote }}
chdir=/tmp/{{ pkg_name }}
register: pacman_install_result
changed_when: pacman_install_result.stdout is defined and pacman_install_result.stdout.find('there is nothing to do') == -1

9
ansible/k3s-node/tasks/create-aur-builder-user.yml
View file

@ -1,9 +0,0 @@
# source: https://wiki.archlinux.org/title/Ansible#AUR
- user: name=aur_builder
- lineinfile:
path: /etc/sudoers.d/aur_builder-allow-to-sudo-pacman
state: present
line: "aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman"
validate: /usr/sbin/visudo -cf %s
create: yes

15
ansible/k3s-node/tasks/install-aur-helper.yml
View file

@ -1,15 +0,0 @@
- name: Check if AUR helper ({{ aur_helper_pkg }}) is already installed
shell: pacman -Q 2>&1 | grep '^{{ aur_helper_pkg }} ' >/dev/null 2>&1
register: is_aur_helper_exist
ignore_errors: yes
# - name: debug is_aur_helper_exist
# debug:
# msg: '{{ is_aur_helper_exist }}'
- name: install AUR helper ({{ aur_helper_pkg }})
include_tasks: aur.yml
when: is_aur_helper_exist.failed
vars:
makepkg_nonroot_user: aur_builder
pkg_name: '{{ aur_helper_pkg }}'

10
ansible/k3s-node/tasks/install-k3s.yml
View file

@ -1,10 +0,0 @@
- name: download k3s installer
ansible.builtin.get_url:
url: https://get.k3s.io
dest: /tmp/k3s-installer.sh
mode: '0777'
- name: run k3s installer
become: true
ansible.builtin.command: >
env INSTALL_K3S_EXEC={{ k3s_command | default('server') }} INSTALL_K3S_SKIP_START=true INSTALL_K3S_VERSION="{{ k3s.version }}" sh /tmp/k3s-installer.sh

9
ansible/k3s-node/tasks/main.yml
View file

@ -1,9 +0,0 @@
- include_tasks: ./prepare-host.yml
- include_tasks: ./install-k3s.yml
# TODO: rpi4 loadbalancer? haproxy? metallb?
# TODO: generate secret
# TODO: start first control node
# TODO: start remaining control nodes
# TODO: start agent nodes

23
ansible/k3s-node/tasks/prepare-host.yml
View file

@ -1,23 +0,0 @@
# arch linux
- include_tasks: ./create-aur-builder-user.yml
when: ansible_facts.os_family == 'Archlinux'
- include_tasks: ./install-aur-helper.yml
when: ansible_facts.os_family == 'Archlinux'
vars:
aur_helper_pkg: paru-bin
- include_tasks: ./upgrade-all-packages.yml
vars:
aur_helper_command: paru
# TODO: is per-node host-level time sync necessary?
- name: install necessary utilities for longhorn
when: ansible_facts.os_family == 'Archlinux'
community.general.pacman:
executable: 'paru'
name:
- nfs-utils
- open-iscsi
state: present

8
ansible/k3s-node/tasks/upgrade-all-packages.yml
View file

@ -1,8 +0,0 @@
- name: upgrade all packages
when: ansible_facts.os_family == 'Archlinux'
community.general.pacman:
executable: '{{ aur_helper_command }}'
force: yes
state: latest
update_cache: yes
upgrade: yes

30
ansible/nuke-k3s-cluster.yml
View file

@ -1,30 +0,0 @@
- name: purge k3s from k3s-nodes
hosts:
- k3s-nodes
- k3s-control-nodes
- k3s-agent-nodes
become: true
gather_facts: no
any_errors_fatal: true
tasks:
- name: Kill k3s
ansible.builtin.command: /usr/local/bin/k3s-killall.sh
- name: Uninstall k3s
ansible.builtin.command:
cmd: /usr/local/bin/k3s-uninstall.sh
removes: /usr/local/bin/k3s-uninstall.sh
- name: Uninstall k3s agent
ansible.builtin.command:
cmd: /usr/local/bin/k3s-agent-uninstall.sh
removes: /usr/local/bin/k3s-agent-uninstall.sh
- name: Gather list of CNI files to delete
find:
paths: /etc/cni/net.d
patterns: "*"
register: files_to_delete
- name: Delete CNI files
ansible.builtin.file:
path: "{{ item.path }}"
state: absent
loop: "{{ files_to_delete.files }}"

7
ansible/requirements.yml
View file

@ -1,7 +0,0 @@
collections:
- name: community.general
version: 4.4.0
- name: community.sops
version: 1.2.0
- name: ansible.posix
version: 1.3.0

1
ansible/templates/k3s-initial-server-config.yaml
View file

@ -1 +0,0 @@
cluster-init: true

32
cluster/base/cluster-secrets.sops.yml
View file

@ -1,32 +0,0 @@
hello: ENC[AES256_GCM,data:WRa2G/VPbEab7pAWaJe58iMxMQ3k0pW671e73eaY5MdAUxJDRmijcIi267IDGg==,iv:LGpJ15ogFuvGJBwh3cfHGThct/DKiiUfGi8Kn4biV+M=,tag:LpuYBCVw7ht39qEgcgfJqw==,type:str]
example_key: ENC[AES256_GCM,data:3cOB2ySdABOvn3yhkg==,iv:bMTUp1WXDHuLDqrAbR5NIzVHHUw746OMeXoEZ6aWAow=,tag:sRA2h8aRJNwNXFrMdanGzw==,type:str]
#ENC[AES256_GCM,data:dP+/OZYhivb7M7v7tBGC7g==,iv:epJJoKQ8Xv4g5Aa4jYXvMuYtiNhXBg/XIBD35ut+AKY=,tag:+fjSkV3k+Fv89v++wnG2kw==,type:comment]
example_array:
- ENC[AES256_GCM,data:v+Eim64hePvfKUR29Yk=,iv:l/do6zgAy8MIc7x7lyb9kj/29V0V4yFDA0vWsYG16tM=,tag:pKrUwUPDM3/xzzKT+pThMg==,type:str]
- ENC[AES256_GCM,data:jfgUnbtQEyYb1kJSLbE=,iv:ELDLS+72aIZuSwHnfD697bP6N7mHJ3iaLRWj+6FSSQw=,tag:ZHxguigP5FWPOEzUcKtHaQ==,type:str]
example_number: ENC[AES256_GCM,data:H37w/XGwzcdSHQ==,iv:z74bRD6gmVJr9NAcPRmjjPmZ7X1WEpBSAV/gzWesBgg=,tag:Nrk9CwNQXEPvaoK6lC3DJg==,type:float]
example_booleans:
- ENC[AES256_GCM,data:8xXjdA==,iv:n0vwMOb2Eu8dE6ca1ycdgrML1UKOY9Gl1RTgIJ+bfGw=,tag:Rgit1wPAQ+YSQmffEn7/sw==,type:bool]
- ENC[AES256_GCM,data:JBUqSeg=,iv:VM4SqHzVUlW93aEebiaLIzr1loJV6uFELoPGAZyNiBY=,tag:U/JIvS+gwb8HjfeenajCMw==,type:bool]
- ENC[AES256_GCM,data:cPLgZDwCKwrGJKFSFELcqeg5BQWz2g==,iv:JlWnjRLm971L8IUg71yr2HOJzV6V0xz6oPe6sScGchk=,tag:r+AgykXqD9nNwaOl+NlQfA==,type:str]
example_name: ENC[AES256_GCM,data:9EQWrTyojQ==,iv:/tgGPH/v49bHW3Vh4qwr2OARBiJTyxNJ//rs9l8p83E=,tag:qqyZ9cP3a/1pko9DoWZyRQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1a8v4ac7l20vly3838el7f4m7t9nt56tlxznzv084ulpltw6k7vyq9gh49q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBERGxGRXF5OVJLV0RKTDZF
UGw0UTBJWWFmVlkraEQyZDZEaXlqdmhUUFZFCjBvSDJWWEhyZEdWR3lLYzQvQ013
TzJVVWhQVkYxYUxqOWNxTWRZeHJZN00KLS0tIGhzblZkRmtBeDNJYldKZVBUQTU3
Mi9lVkRDNFBrNDNISFIwckFXLzBaQ0UKCjkMUhXLn6IO5aC6At37a+TmVFt09sXa
g4hod4hBGGtgEbPi/uCgCMme/E59eLvs6xyhXvJY12PYYdC+xlTu0A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-02-08T03:51:26Z"
mac: ENC[AES256_GCM,data:bNXbabUuJD/l6Ab+pjDNZzBU45I1vB9CYhrq6NQ5x6RIjw6gwpSNAjQHFiNwWq9BvRXhuSfbqlNw3F8QjOXO5EOyOwh6BZMvGBEZPB6MQXvhjqmOiBWjuvpmDIIBqj2qPldReQHhyoQ7HLN4LRjNd1vw34GCgcgvjv1Df21eOuQ=,iv:gL7Yt9a5f9ChUFPR1qjmKk25Re02kbxdTEK2qmxYZ0s=,tag:K7MjVm4BWEfOQdi7TV7psg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.1

37
cluster/home/default/my-nginx.yml
View file

@ -1,37 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-nginx
namespace: default
spec:
selector:
matchLabels:
run: my-nginx
replicas: 2
template:
metadata:
labels:
run: my-nginx
spec:
containers:
- name: my-nginx
image: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-nginx
labels:
run: my-nginx
namespace: default
spec:
allocateLoadBalancerNodePorts: false
type: LoadBalancer
ports:
- port: 8000
targetPort: 80
protocol: TCP
selector:
run: my-nginx

4311
cluster/home/flux-system/gotk-components.yaml
View file

File diff suppressed because it is too large Load diff

27
cluster/home/flux-system/gotk-sync.yaml
View file

@ -1,27 +0,0 @@
# This manifest was generated by flux. DO NOT EDIT.
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 1m0s
ref:
branch: master
secretRef:
name: flux-system
url: ssh://git@git.lyte.dev:2222/lytedev/k8s-clusters.git
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 10m0s
path: ./cluster/home
prune: true
sourceRef:
kind: GitRepository
name: flux-system

5
cluster/home/flux-system/kustomization.yaml
View file

@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- gotk-components.yaml
- gotk-sync.yaml

6
cluster/home/longhorn-system/0namespace.yml
View file

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: longhorn-system
labels:
name: longhorn-system

32
cluster/home/longhorn-system/longhorn-helm.yml
View file

@ -1,32 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: longhorn
namespace: longhorn-system
spec:
interval: 20m
url: https://charts.longhorn.io/
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: longhorn
namespace: longhorn-system
spec:
interval: 20m
chart:
spec:
chart: longhorn
version: 1.2.3
sourceRef:
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
name: longhorn
namespace: longhorn-system
interval: 20m
install:
remediation:
retries: 5
upgrade:
remediation:
remediateLastFailure: false

23
helm-charts/chart/.helmignore
View file

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

24
helm-charts/chart/Chart.yaml
View file

@ -1,24 +0,0 @@
apiVersion: v2
name: chart
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

22
helm-charts/chart/templates/NOTES.txt
View file

@ -1,22 +0,0 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "chart.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "chart.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "chart.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "chart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}

62
helm-charts/chart/templates/_helpers.tpl
View file

@ -1,62 +0,0 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "chart.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "chart.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "chart.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "chart.labels" -}}
helm.sh/chart: {{ include "chart.chart" . }}
{{ include "chart.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "chart.selectorLabels" -}}
app.kubernetes.io/name: {{ include "chart.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "chart.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "chart.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

61
helm-charts/chart/templates/deployment.yaml
View file

@ -1,61 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "chart.fullname" . }}
labels:
{{- include "chart.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "chart.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "chart.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "chart.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

28
helm-charts/chart/templates/hpa.yaml
View file

@ -1,28 +0,0 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "chart.fullname" . }}
labels:
{{- include "chart.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "chart.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

61
helm-charts/chart/templates/ingress.yaml
View file

@ -1,61 +0,0 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "chart.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "chart.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

15
helm-charts/chart/templates/service.yaml
View file

@ -1,15 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "chart.fullname" . }}
labels:
{{- include "chart.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "chart.selectorLabels" . | nindent 4 }}

12
helm-charts/chart/templates/serviceaccount.yaml
View file

@ -1,12 +0,0 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "chart.serviceAccountName" . }}
labels:
{{- include "chart.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

15
helm-charts/chart/templates/tests/test-connection.yaml
View file

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "chart.fullname" . }}-test-connection"
labels:
{{- include "chart.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "chart.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

82
helm-charts/chart/values.yaml
View file

@ -1,82 +0,0 @@
# Default values for chart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: nginx
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}