diff --git a/charts/subcharts/Chart.yaml b/charts/subcharts/Chart.yaml index 8c79440..5bd7f27 100644 --- a/charts/subcharts/Chart.yaml +++ b/charts/subcharts/Chart.yaml @@ -2,12 +2,6 @@ apiVersion: v2 name: home-server-subcharts version: 0.1.0 dependencies: - - name: mariadb-operator-crds - version: 0.38.1 - repository: https://helm.mariadb.com/mariadb-operator - - name: mariadb-operator - version: 0.38.1 - repository: https://helm.mariadb.com/mariadb-operator - name: cert-manager version: v1.18.2 repository: https://charts.jetstack.io diff --git a/charts/subcharts/templates/cert-manager.yaml b/charts/subcharts/templates/cert-manager.yaml index febb491..ebe0c26 100644 --- a/charts/subcharts/templates/cert-manager.yaml +++ b/charts/subcharts/templates/cert-manager.yaml @@ -22,10 +22,10 @@ spec: apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: wildcard-{{ .Values.global.domain | replace "." "-" }} + name: {{ .Values.global.ssl_secret_name }} namespace: {{ .Values.global.namespace }} spec: - secretName: wildcard-{{ .Values.global.domain | replace "." "-" }} + secretName: {{ .Values.global.ssl_secret_name }} secretTemplate: annotations: replicator.v1.mittwald.de/replication-allowed: "true" diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml index 78a6183..9b9016c 100644 --- a/deployments/kustomization.yaml +++ b/deployments/kustomization.yaml @@ -4,4 +4,6 @@ kind: Kustomization resources: - manifests/00-namespaces.yaml - manifests/10-repo-prod.yaml - - manifests/20-hrel-prod.yaml + - manifests/20-hrel-mariadb.yaml + - manifests/20-hrel-replicator.yaml + - manifests/30-hrel-prod.yaml diff --git a/deployments/manifests/20-hrel-mariadb.yaml b/deployments/manifests/20-hrel-mariadb.yaml new file mode 100644 index 0000000..26f7f39 --- /dev/null +++ b/deployments/manifests/20-hrel-mariadb.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: mariadb-system +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: mariadb-operator + namespace: flux-system +spec: + url: https://helm.mariadb.com/mariadb-operator + interval: 1h +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mariadb-operator-crds + namespace: mariadb-system +spec: + interval: 30m + chart: + spec: + chart: mariadb-operator-crds + version: 0.38.1 + sourceRef: + kind: HelmRepository + name: mariadb-operator + namespace: flux-system + install: + createNamespace: true + upgrade: + disableWait: true + timeout: 5m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mariadb-operator + namespace: mariadb-system +spec: + interval: 30m + chart: + spec: + chart: mariadb-operator + version: 0.38.1 + sourceRef: + kind: HelmRepository + name: mariadb-operator + namespace: flux-system + install: + createNamespace: true + dependsOn: + - name: mariadb-operator-crds + namespace: mariadb-system diff --git a/deployments/manifests/20-hrel-replicator.yaml b/deployments/manifests/20-hrel-replicator.yaml new file mode 100644 index 0000000..13d4606 --- /dev/null +++ b/deployments/manifests/20-hrel-replicator.yaml @@ -0,0 +1,99 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubernetes-replicator + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubernetes-replicator +rules: + - apiGroups: ["", "apps", "extensions"] + resources: + - secrets + - configmaps + - roles + - rolebindings + - cronjobs + - deployments + - events + - ingresses + - jobs + - pods + - pods/attach + - pods/exec + - pods/log + - pods/portforward + - services + - namespaces + - serviceaccounts + verbs: ["*"] + - apiGroups: ["batch"] + resources: + - configmaps + - cronjobs + - deployments + - events + - ingresses + - jobs + - pods + - pods/attach + - pods/exec + - pods/log + - pods/portforward + - services + verbs: ["*"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: + - roles + - rolebindings + - clusterrolebindings + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubernetes-replicator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubernetes-replicator +subjects: + - kind: ServiceAccount + name: kubernetes-replicator + namespace: kube-system +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: mittwald + namespace: flux-system +spec: + url: https://helm.mittwald.de + interval: 1h +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: kubernetes-replicator + namespace: kube-system +spec: + interval: 5m + chart: + spec: + chart: kubernetes-replicator + sourceRef: + kind: HelmRepository + name: mittwald + namespace: flux-system + install: + createNamespace: false + upgrade: + disableWait: false + values: + serviceAccount: + create: false + name: kubernetes-replicator + diff --git a/deployments/manifests/20-hrel-dev.yaml b/deployments/manifests/30-hrel-dev.yaml similarity index 100% rename from deployments/manifests/20-hrel-dev.yaml rename to deployments/manifests/30-hrel-dev.yaml diff --git a/deployments/manifests/20-hrel-prod.yaml b/deployments/manifests/30-hrel-prod.yaml similarity index 100% rename from deployments/manifests/20-hrel-prod.yaml rename to deployments/manifests/30-hrel-prod.yaml diff --git a/values.yaml b/values.yaml index 6f807c6..c51a95c 100644 --- a/values.yaml +++ b/values.yaml @@ -1,5 +1,6 @@ global: domain: hxme.net + ssl_secret_name: wildcard-hxme-net namespace: cert-manager issuerName: letsencrypt-rfc2136 email: admin@hxme.net