add ingress-nginx

TODO

@@ -23,3 +23,4 @@ reconcile system helm releases
 remove cluster and other namespace resources from apps charts, eg extension-apiserver-authentication-reader
 nginx-ingress has no values
 update all applications to be managed by operators
+fullnameOverride kamaji-etcd

packages/apps/kubernetes/templates/cluster.yaml

@@ -72,22 +72,11 @@ spec:
   template:
     spec:
       joinConfiguration:
-        localAPIEndpoint:
-          advertiseAddress: {{ .Release.Name }}.{{ .Release.Namespace }}.svc
-          bindPort: 6443
         nodeRegistration:
           kubeletExtraArgs: {}
-        discovery:
-          bootstrapToken:
-            apiServerEndpoint: {{ .Release.Name }}.{{ .Release.Namespace }}.svc:6443
       initConfiguration:
         skipPhases:
         - addon/kube-proxy
-      users:
-      - name: test
-        sudo: ALL=(ALL) NOPASSWD:ALL
-        groups: users, admin
-        passwd: $6$tgqE6TLb2HVdRg0S$i8aPZ1LQQ/F.SMk1QiGua9SCpJKcccAFKLIKZUqkQUZS1ikaS0JJ/T0gM73coXuul/1khh/xQVQH.NOsHOWXr1
 ---
 apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
 kind: KubevirtMachineTemplate

packages/core/installer/images/installer.json

@@ -1,14 +1,14 @@
 {
-  "containerimage.config.digest": "sha256:1e74c5d6b48380c70b04b99ab91ef5a6ef6fde818298edacd9e3487f568d7cc2",
+  "containerimage.config.digest": "sha256:fa3eed4cd2f16714d9f5bd89ae1c9796d566396a718a0cdb81a296286cd33304",
   "containerimage.descriptor": {
     "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
-    "digest": "sha256:2a0c1e4c8cf19a74b08fb9de2f0cdc551f3bf54fd842e648f003f96784cb4d73",
+    "digest": "sha256:dd0524e0794343ce0e3cade6eab19fd69be9dffd08329bab769ce8b7e567fa14",
     "size": 2074,
     "platform": {
       "architecture": "amd64",
       "os": "linux"
     }
   },
-  "containerimage.digest": "sha256:2a0c1e4c8cf19a74b08fb9de2f0cdc551f3bf54fd842e648f003f96784cb4d73",
+  "containerimage.digest": "sha256:dd0524e0794343ce0e3cade6eab19fd69be9dffd08329bab769ce8b7e567fa14",
   "image.name": "ghcr.io/aenix-io/cozystack/installer:latest"
 }

packages/core/platform/values.yaml

@@ -7,7 +7,6 @@ namespaces:
   privileged: true
 - name: cozy-fluxcd
 - name: cozy-grafana-operator
-- name: cozy-ingress-nginx
 - name: cozy-kamaji
 - name: cozy-cluster-api
   privileged: true # for capk only

packages/extra/etcd/templates/check-release-name.yaml

@@ -0,0 +1,3 @@
+{{- if ne .Release.Name .Chart.Name }}
+{{- fail (printf "The name of the release MUST BE %s" .Chart.Name) }}
+{{- end -}}

packages/extra/etcd/templates/kamaji-etcd.yaml

@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: kamaji-etcd
+spec:
+  chart:
+    spec:
+      chart: cozy-kamaji-etcd
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+      version: '*'
+  interval: 1m0s
+  timeout: 5m0s
+  values:
+    fullnameOverride: etcd

packages/extra/ingress/templates/check-release-name.yaml

@@ -0,0 +1,3 @@
+{{- if ne .Release.Name .Chart.Name }}
+{{- fail (printf "The name of the release MUST BE %s" .Chart.Name) }}
+{{- end -}}

packages/extra/ingress/templates/nginx-ingress.yaml

@@ -0,0 +1,24 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: ingress-nginx
+spec:
+  chart:
+    spec:
+      chart: cozy-ingress-nginx
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+      version: '*'
+  interval: 1m0s
+  timeout: 5m0s
+  values:
+    ingress-nginx:
+      fullnameOverride: ingress-nginx
+      controller:
+        ingressClass: {{ .Release.Namespace }}
+        ingressClassResource:
+          name: {{ .Release.Namespace }}
+          controllerValue: k8s.io/ingress-nginx-{{ .Release.Namespace }}

packages/system/ingress-nginx/values.yaml

@@ -19,7 +19,7 @@ ingress-nginx:
       - --server.telemetry-address=0.0.0.0:9090
       - --server.exporter-address=0.0.0.0:9091
     service:
-      type: NodePort # ClusterIP
+      #type: NodePort # ClusterIP
       externalTrafficPolicy: "Local"
       #allocateLoadBalancerNodePorts: false
     config:

packages/system/kamaji-etcd/Makefile

@@ -4,3 +4,4 @@ update:
 	helm repo update clastix
 	helm pull clastix/kamaji-etcd --untar --untardir charts
 	sed -i 's/hook-failed/before-hook-creation,hook-failed/' `grep -rl hook-failed charts`
+	patch -p4 < patches/fix-svc.diff

packages/system/kamaji-etcd/charts/kamaji-etcd/templates/etcd_cm.yaml

@@ -57,6 +57,7 @@ data:
       "hosts": [
 {{- range $count := until (int $.Values.replicas) -}}
         {{ printf "\"%s-%d.%s.%s.svc.cluster.local\"," ( include "etcd.fullname" $outer ) $count (include "etcd.serviceName" $outer) $.Release.Namespace }}
+        {{ printf "\"%s-%d.%s.%s.svc\"," ( include "etcd.fullname" $outer ) $count (include "etcd.serviceName" $outer) $.Release.Namespace }}
 {{- end }}
         "etcd-server.{{ .Release.Namespace }}.svc.cluster.local",
         "etcd-server.{{ .Release.Namespace }}.svc",

packages/system/kamaji-etcd/patches/fix-svc.diff

@@ -0,0 +1,12 @@
+diff --git a/packages/system/kamaji-etcd/charts/kamaji-etcd/templates/etcd_cm.yaml b/packages/system/kamaji-etcd/charts/kamaji-etcd/templates/etcd_cm.yaml
+index 95a2671..bd8ddcb 100644
+--- a/packages/system/kamaji-etcd/charts/kamaji-etcd/templates/etcd_cm.yaml
++++ b/packages/system/kamaji-etcd/charts/kamaji-etcd/templates/etcd_cm.yaml
+@@ -57,6 +57,7 @@ data:
+       "hosts": [
+ {{- range $count := until (int $.Values.replicas) -}}
+         {{ printf "\"%s-%d.%s.%s.svc.cluster.local\"," ( include "etcd.fullname" $outer ) $count (include "etcd.serviceName" $outer) $.Release.Namespace }}
++        {{ printf "\"%s-%d.%s.%s.svc\"," ( include "etcd.fullname" $outer ) $count (include "etcd.serviceName" $outer) $.Release.Namespace }}
+ {{- end }}
+         "etcd-server.{{ .Release.Namespace }}.svc.cluster.local",
+         "etcd-server.{{ .Release.Namespace }}.svc",

packages/system/kamaji-etcd/templates/datastore.yaml

@@ -5,29 +5,29 @@ metadata:
 spec:
   driver: etcd
   endpoints:
-  - etcd-0.etcd.{{ .Release.Namespace }}.svc:2379
-  - etcd-1.etcd.{{ .Release.Namespace }}.svc:2379
-  - etcd-2.etcd.{{ .Release.Namespace }}.svc:2379
+  - {{ .Release.Name }}-0.{{ .Release.Name }}.{{ .Release.Namespace }}.svc:2379
+  - {{ .Release.Name }}-1.{{ .Release.Name }}.{{ .Release.Namespace }}.svc:2379
+  - {{ .Release.Name }}-2.{{ .Release.Name }}.{{ .Release.Namespace }}.svc:2379
   tlsConfig:
     certificateAuthority:
       certificate:
         secretReference:
           keyPath: ca.crt
-          name: etcd-certs
+          name: {{ .Release.Name }}-certs
           namespace: {{ .Release.Namespace }}
       privateKey:
         secretReference:
           keyPath: ca.key
-          name: etcd-certs
+          name: {{ .Release.Name }}-certs
           namespace: {{ .Release.Namespace }}
     clientCertificate:
       certificate:
         secretReference:
           keyPath: tls.crt
-          name: etcd-root-client-certs
+          name: {{ .Release.Name }}-root-client-certs
           namespace: {{ .Release.Namespace }}
       privateKey:
         secretReference:
           keyPath: tls.key
-          name: etcd-root-client-certs
+          name: {{ .Release.Name }}-root-client-certs
           namespace: {{ .Release.Namespace }}