diff --git a/.sops.yaml b/.sops.yaml deleted file mode 100644 index 34453b31..00000000 --- a/.sops.yaml +++ /dev/null @@ -1,4 +0,0 @@ -creation_rules: - # Andrei Kvapil - - pgp: >- - 3D76910F67FB6093C527A3936A895C2DB83B4289 diff --git a/TODO b/TODO index f72b3c78..5cb223a2 100644 --- a/TODO +++ b/TODO @@ -15,4 +15,3 @@ kubeapps patch helm chart to use custom images flux policies talos linux firmware replace reconcile.sh -remove hack/app-helm* and replace to helmwave diff --git a/clusters/pve/Makefile b/clusters/pve/Makefile deleted file mode 100644 index 4d6916ca..00000000 --- a/clusters/pve/Makefile +++ /dev/null @@ -1,7 +0,0 @@ -include ../../hack/app-talos.mk - -export SERVER = https://192.168.100.10:6443 -export ENDPOINT := 135.181.169.168 -export NODES_CONTROL = 192.168.100.11 192.168.100.12 192.168.100.13 -export NODES_WORKERS = -export NODE := $(NODES_CONTROL) $(NODES_WORKERS) diff --git a/clusters/pve/patch-control-plane.yaml b/clusters/pve/patch-control-plane.yaml deleted file mode 100644 index c63d5fb8..00000000 --- a/clusters/pve/patch-control-plane.yaml +++ /dev/null @@ -1,29 +0,0 @@ -machine: - network: - interfaces: - - interface: eth0 - vip: - ip: 192.168.100.10 - -cluster: - allowSchedulingOnControlPlanes: true - apiServer: - certSANs: - - 127.0.0.1 - - 192.168.100.10 - - 135.181.169.168 - controllerManager: - extraArgs: - bind-address: 0.0.0.0 - #secure-port: "10257" - scheduler: - extraArgs: - bind-address: 0.0.0.0 - #secure-port: "10251" - proxy: - disabled: true - discovery: - enabled: false - etcd: - advertisedSubnets: - - 192.168.100.0/24 diff --git a/clusters/pve/patch.yaml b/clusters/pve/patch.yaml deleted file mode 100644 index 128c728c..00000000 --- a/clusters/pve/patch.yaml +++ /dev/null @@ -1,31 +0,0 @@ -machine: - certSANs: - - 127.0.0.1 - - 135.181.169.168 - kubelet: - nodeIP: - validSubnets: - - 192.168.100.0/24 - kernel: - modules: - - name: drbd - parameters: - - usermode_helper=disabled - - name: openvswitch - - install: - disk: /dev/sda - image: ghcr.io/siderolabs/installer:v1.6.0-beta.1 - wipe: false - - extensions: - - image: ghcr.io/siderolabs/drbd:9.2.6-v1.6.0-beta.1 - -cluster: - network: - cni: - name: none - podSubnets: - - 10.244.0.0/16 - serviceSubnets: - - 10.96.0.0/16 diff --git a/clusters/pve/secrets.yaml b/clusters/pve/secrets.yaml deleted file mode 100644 index cf5ade06..00000000 --- a/clusters/pve/secrets.yaml +++ /dev/null @@ -1,52 +0,0 @@ -cluster: - id: ENC[AES256_GCM,data:rREX92fVRMSX23MSD/K0nZHPFwSVVW2KIXx2mzWczELR/9STcitfXuwxfMo=,iv:G4uV20cZIy4nkvnPiBW9vX6CbPkS8w0wO154cUk+UOA=,tag:kaVn6zsaktQ7PML+JATEgA==,type:str] - secret: ENC[AES256_GCM,data:GmcOA7NeJ+fJOZzjSHVlVHYc+et21gMmPLkZfTrt52Tez3/30eBaO0ib4pU=,iv:XqK0O87HF9pRGIOE9d2oI2wUGGcQbtmvG/T3ltgpjTQ=,tag:MlA+snQPrAas5gu808au3w==,type:str] -secrets: - bootstraptoken: ENC[AES256_GCM,data:KnZCgCvZFfZwwNX+U6PvEEu5ZnLnIgw=,iv:DapMkH4NSFsXiob7H/TdKbDU2CnHfV7XBiMt6rYGQRc=,tag:Urf0Ek8txaKpQvv96uTtMQ==,type:str] - secretboxencryptionsecret: ENC[AES256_GCM,data:rFtVYk6Croxhd0ggBjXOUUjU6hHHmU5Gc2VUIN95kauM5ZTJrkn2htH2a2g=,iv:vtSfE0J9nhKODrVF1pG+H5jTdmgoIF30Mr3SX5PnTLY=,tag:5+GOe3qJHTRz70nqqz6a1g==,type:str] -trustdinfo: - token: ENC[AES256_GCM,data:rle/nI1y0TAo0xqcWJYzl8NXLfmOU+E=,iv:L782BcUdWjG4DB12F8CSaYeaQ1mRINBxNsD/64FY9MU=,tag:ZELBSuTX5EGQapZG2y08IA==,type:str] -certs: - etcd: - crt: ENC[AES256_GCM,data:mSOVPtu1lqVrTFzvaiifQVhu1fPzSRIojQWM4bcAyrvDuep7vCIkuIsSO01O7L6SoCEekWkmjAKT5/kjWnptG09fgC/PCBdQrkw4n3hf3p3/eWRX3lA/Q9PJ0jxX7ODqM+RwQrHaNaVi8bXy59jfTJWslNDwGmQPd10+RjXVYbKyhFNH/16HNFqmUQwJJYFuZDFX/2xBVtqYnhvBzPIoxRB0PrIPH28f+fY00k98JZnHuAmoh3B+/DwHYwNcnm0jl7lDDYHBYjmKNZL0Yxql3d4rVIxIlQAkoQCeH0Qhtk1FxlvDe86UpUFFeGvu3nPgKANtL/CNBSIDy3fPfjtX0Innf3XPQJS7VWQL/TVGNDigw3P3v5UjFXwWLd0MWHHRPGdZXHC9bSDXga8vsyPugdvpNwLQ0WSqYpLs+3MUBXrjnvTa8b+E54LMO16yQsZKdi3gDY6pqXERJHH50aNEQrJk3o8CCQuaKdIv6vgR84bQfFlGErrIt41dUmDRf7C0Azwn49EZ6zUiVuOYkN/7ugoPRfORua3FCqYwtQLPux4W+4N6F/EOOwEAITBPlF3PhXBPij7dnjZQLo/hkbyzAfjvi4y2BuVH8UBGcGfGW8MiC29NIdw0qbKXzthyDRr1GpO27+W5OK49zUcO/eLSuM0KloWQeUjR10ash4y0w4pQbxiD/jJu7xKR/Epf+lvjfkY0OAPxYOw8zitAhr8C/r7r98XzYN/ek2cbaaT0MpTwsKmnIGaO2sCMoIEi5bE+5SMJS8Ke/Hq0SDLznW6z4vogM5/YYdccj1D8wy8gFUes6gKeOLP0pLM6K2s5UDMy13YRi3YMACGfGpNmRaidxlOzFQHsUQ4G7/fwP/WxnyJDlysF1u67WDFMp0uJqPFYEn8FDj0d1v+qfAi9u6EIXBP5PkLtSg/P4W7GXwsZa9cUfVjSLG98WZA0lHpRrs7wE636RC/xWr+AB+EynoVzCL/qK6HM+/yeoH0Z0b8Fk0A3t6dI0cFNWXli8VaxUCIX,iv:p+2RkOJqnLTTkhmApEDxwIv/97JiZ+YTQeVtHVaotyM=,tag:2w1Ix3ygx5U7TVO6Q6tBRw==,type:str] - key: ENC[AES256_GCM,data:irVagysT7HJ8G5Rs86cXYM4sKlxMqNL+5FB6xCvoA/CsZbS2X7DnjOEXDEMIWxhm2tI/qiFRFgjzQ4d9OAsr3lCyX1kD57BiDdMF7JR3CVAl+YBGXUe2fC+6Ku88+ts2u6R96PLILQopof+XiTltuLzAfFdHzu3fXrFtY3GFsDBurztjFq/NR7dtxrVVYpN9/E6vu0OyB3x8KMBBl8FP9Qpvd7+mhmZLQV52PX3qN7Y6dS09uo5PSRI5ZWk1RFcMkQQDTggMk5EkrqDjoTwnoZpzPWddjKb1nftlOsTOwxQzEIESQVKBlYgn2jh9UqVwszupVuVwc4P1upaO1+0cFk9W545hnOsFcUEa7x72wEaJRHG5BnHCHWdros9PU/wmDMPaLAoHM7ZIjfA5ycLR/w==,iv:CnjSXmbeD3xJPGowBSiXx9dyFHh+lTVIJEgknCavuRk=,tag:ZRgC9JoGwfXkG74IkYIBuQ==,type:str] - k8s: - crt: ENC[AES256_GCM,data:rTGdfsF7bngu6jsyCYu3KOq/SgZLCNS5ru3aCdvzNHsGTp07gCwsi9jucoxw79o7qY2t67TOShzA6egek66hqSHsFEr+ABXKhhmnOEfx0VMiAT0RGbuN2Otcme9TYFYRSX8zdyeUl043TIdvtKjk+XLdtHxRav5LnErfP33xNlfLGOY47DsSbCqVd2QlIwthD4yOjZp4oGG+sgZFSMN04niL94mA6KcAbBVQr+5xp65Ir9TPjgoSHH3bCEgpgjlYsvAKaAZqvoqo7FRFTBCwPR427w2aqhke/RffStDG4t0VktytXvWg6b9vrW4Ryd0agH16BK2UrSL7J/tqjPlEtCMx35EiCzTdGtXmo1UPAa3WS0KDfZ6tzLUMZMHe7dvE+eI+G/LxTBQL7mPsYCZTCg6eWQCk4CesFjiBBgHMi0vHeZ8dBi1WsbbsLKKlxddeKlVsS5pKbzO98uLzq1TkiphNLjI5RlFvw7PAm/nITdsIzbBvJyGRh552Zi+urjOLyjpUTUAYRjn/S1LUfzm9DL6Q5S490U1DQaZYzzOtV7Ub4SWk54maVaUPXflNwunghE5wk0uBe3331iGNl6bV7kUY4A3WPIVmHQE62vXPWnytEZbaEGyvzJFXOtG2AWpySSaspN3e4QWp3ztB4XGrRRia//kYp+1j+MBySEPbIA53o7BXLwbY9RBgXdrZzcqJmnOs3O5Bu+kVOzYkYBFUZW5LylUygtmyptmdrTC8QYSpaEumVH9Xgz5ODhz6t95K8TledYtbU3xw3N6xlna7mc3Gmjy9LsKLBoedeWDZHwoYIKs0FrIaDZY1X29B3uTlTaDAgARNg1+jfE+lqMircrCPz6xjLKSFttf+9xlL0Jyzi11oFzrKgoXrqYJBgLwupf9cYKPkdMnmwaGLFrlmjCWzRMaXJzU+p1dBdiNfJ6z6wHt01K9OxjlQy+umYAj/ecaxN+QBo12rdM+v85c29kOb024yRsqfCzyEPQemkZt70T+V+5++tJKAYD9Wz7DspsYV/t2rzo3hD1f1o13zWbDSkSM2zmkeDgZfKw==,iv:CHs1NEHT3fHNvYkS7rcUuZnqX79rnmEKXLGj1dnz8LQ=,tag:i0XbbkiBiONHaRmvWsMaMA==,type:str] - key: ENC[AES256_GCM,data:8pxW+rRhtD+VDwUz1JWDO1GzS1zMPGa9uubmFhHGZCh4dp7jg2TWLsh2k53allDXVPdUxkpPJ+S583YTYwp3+RO1skdtYeoIX+j/TMokdrTXBzDZHjB0EOHIQ2hllwM0W2HzVPieG5ghFujp7J3Ws61T1xFTV868OqmFBiFGA0lhZ2sAsFbaPOuCHCLvyGSy/onL9wO1BReK+1pnFFFCN4gVMWWlT5p4svZYRV3z1TecI8cTU4tnLfMYyD92KDapt5uUwm+9YY7abjAgCFJVbC5dvKNIQ/tUyGjL0w1or2iOzrcMMAmsNFup8EqQ9mNuV8ITfDGNfNZ5TnimwI5hnhKzq8qR2iJLAaVEtXLsCRlFXrvUEHGI4BkIOqCIZjgnywXirsFdIYL18eB9qjLiqA==,iv:qlleDnoUg5QmyFhaOpLXu96Rpppje0Sf/P29y3MPI0Y=,tag:3eb3uYJ6ljoxdczHBoG1KQ==,type:str] - k8saggregator: - crt: ENC[AES256_GCM,data:a00mEUt4ycTNzs3xNJlUJ1NmXMsDinrfgibF9TJccd+vgIvKfTobe7+xkha3ExAwRYbCjVuUxtGBBj+TtX6Fl0YU6e+ReESpekS6G5/6wAlXsbnxD9dURy4Ivo3lfv+eojmzkFhD85sWEHg27dPBd909g9X9lQneODQdxev0OQi9zhf/NDkU4ffs/1poARFL1FBCi5BIfYhmvGzUGRuPKadhjx7udwoIldc1Muu7zSlosQqamRsnuRwmmU4S9mQRZw5FZx3rxqzG/L4uAQsm8USQ+3WFuu13SCTo2K8/0ucEEKag0J3Gx+7ggGsXv/Liue8pLqHzRqx6NJiDDBuH+BQ4vFx+qXeZQ7C2g/E5U5lkytQxnmiRw3YXUXyBTcb6u6KjVnbTUGnBZ/jPYz8yR7OkRAiToJGQrnE7yPU++f74cC10Hxi3VqFFqB02IqHgrH32LNCtmsisaS09T3PywuKf9DlrbOBlNxagMit63ruv+c8nT0Pyzso3Ubz5x85+2WI/sycZxofi1JObmPY4WJOAHtSNaNoWBkxo+bRxsQ5tTjNza1peXr+hwRYnrHkqnItd629TsQylNgKlfvqfOwVDB37d1qiuh/c91mKMW+5kKDIcpSWSnGRV7XhtIbpQtUqOon0U5blhofGEgrA5OHIaWRxje5TY4C6RqF7XXw46IHCP+0WUOGPCf4hB7u2PRXfKI39Bu45ODFoLcXQVdbt9h7gib6tFnu4flLK/CFQp6S6vbYgneZ5It4F5mBSwdYLh97ekWmn/1RTyXlkfxhOoc6HGKYPjN5hvTLw99fZ3bLCco/vrSp6PTU77pQQJ46IMvtf+q0SpcVqTF7pXrD4hdNK+hpk53gOVCnaxEoWxHWjcCnsZA1i6dIT7onTN61FPuHE6Yi6M0QHJJtxzzMKsX2tEwsPKetEMYzC55HISAljENPE4ZLf5K+3tA8FJ,iv:9EamgLwLIjBOuZidYTm9zW7RIi6VhBA/0AJ8U/jMPbc=,tag:iiJyZMlUT8fRxpzlCqgwvA==,type:str] - key: ENC[AES256_GCM,data:dphIYRpqXCPNq9PlmejMmhnagAQFpF/0k2sAbBBMm/KEKLbTGs/BBx04kB5rqLd+0fb9x62xufYSdutZe/F1rzyp1OBoPhDB7aNMOYJhsMH76LqLmg/aUE2RU+OI3nxdPFBDMHvG0gvJ0b4M56rpO0nW6zQLrymwye6joAIxmIQLqG6zcBvG0S8mWE60KWaQG/RGcPf4WDjF7Udah8sR2SpPk28miQ5pRcA7GWd2qNsHjNlgklu/femSpigaglHRPnjgVGlTusg1Fx4yxMbMi8pS7VuXEFWE3xFIqt6zub0hAwBVp3kawDIKH6DCJd+e5PT2PTAgvd0zKObLPecYUfM+1maR80mYIFh5zjlFf6We9ZEzBq9Z+fDCnykAhHvU+BGeVmG3PGNxPRdM3Mjgzg==,iv:L7vo7C3iTawZSXXRoR8WDj3kMSAEtYfltOivzw/1wjI=,tag:vjW2evuBwk/zDkmnFxsLog==,type:str] - k8sserviceaccount: - key: ENC[AES256_GCM,data:5xt9xMzE76k/9R/SBdQzU7+ORjpp2zT8BeJwbi5+BoBRnnwb8zxdKv2kyTDgO8+y7R9bKaD4uk4Yit1WfYTwnyMnEvCwKjHTfaTUJFRuPw/4zBhfSmkhpecweG7VgP8C+cdIJ8stH5v0vyCXRW1vPLP1zpwtLctPwjZEtjXW43wVOaoWkJjIQuu+Dub8fGyUj278ZyL+3yrA7ifRyWT1Ox4yH5g5KnsebzZevi6/oTFl4UeFDk/QNy/UW1veMudnqnDRm4qk2JEN/Y1PJDE4J6eetNcvh2WR65CQzBw3EzqvMSo/qgq92BxMStNv+1hgAs04bcrZQT//D0oBfvF+EY1eeQJVO3j/YCevhPKnYtQWrvCoDsBtVWe7fZ9XJa4XG3okh05l6o9umVowMPHjdA==,iv:gk+IpQQy+E85iIJah4w5f5FbEB1mBb0TB1Du5UeeyLc=,tag:7vy0qcfPuinWGYPvBfu0iw==,type:str] - os: - crt: ENC[AES256_GCM,data:f/Ejncrv5EOz6C1ccBCaeMhyuonB8rn29f13FBlsH4LUvCGgSLPamSaIgq4LNN2ekEfUGUJ/RYDGAIyQeW1hOfkzLO/4kyLIwKOlWFSF+2dsPrzSVVnOLs5U8DeUf7FEhomOq5GGyPceMM5ys0nj4vSB+Q2ULI7URQwCqHQjXCaCS0ccIqCFXHO0V+ckhvdBHC0GzJYnJ6hGZHItt2yfaUvDBumBDucmbv8ncvwL3KlVH1DFzPQJjFOwE3K7gT8aGqnUT5dJS0ShTd2Ks0VbTdkNuCH4owCjzhU3dt8B0gBvChgTg74wQnpc2ZEUI32qfMSLjucRV3IEZT3pV/GBbLzdjsIDBecvz0MMjhRvOLynzm//TxzCclcwAQP2hpuKfrcF0l15bkSLDZeH6STFbNaSNepIsVgG9GhiyVoFVYM+PIn9FxmYU9D7mQNGNqhctaGthO4VwwhKg2346ZpPJnnTuet74ccr7ZoubBiHi/ClC1xhZsjDSvHUlFlls7+FlkVUwcTaYZ9uH7RGZxuPkdlLsD8lwv6qX2KDIC1XVqZ32g9hkzIdy4KYR1NNMKi8wlqSM8+b+uA/msOkTtTRZ0u/jTQOVZOP6um5WrtQpRikejy9D7VYDVPm79dP0jxI+t+3hxFFncovuNDRfZI+dZ6V0ieZ6nTIuvOvcK3WdVj18yzktL9a10Pic9hTMp2r6LENBPLo9gigw2NH7dbDrIKBTyBWidLfIxTWIXhoPDN7v2s1ZFZ7+6zd5D+8i1fmr0r+3/MTNBtbDJvif5QycL5a4SteBz40kNa8dLqwlfH51SpBq7CG0cZC4YPol26XyVVwBWxKdzok0KzNB7ypymxItySHYWMoiAB1gFWH8SuVsilJ,iv:HBT8v13oU4DmKkTKGXrpazLcRJIWC3AyHxSOm9gkc94=,tag:XN/0e2QDPJ1l//vn5uFShA==,type:str] - key: ENC[AES256_GCM,data:gF5RDJ8kPx/xaLitTvufL+y8zUrh+NPW13B2BNaEbylGY7VakC1sIvEf41TQeqI3bajt/3Nq7ftyi9xKtHAzGkp6qEbg4UnkL3QnoK9jHirV68G5beLk3MrbGLaAXdTDkb+ZOfzA9Q5rj67hofOvskkZw1YEo6HrV1VBs69Gz25siJ1KGmjmvRaJrKZS0Di63XGKdzU0VFOI3twUJVrPsMXqJ4ueGbGUnpCrLKQreX3vdjNU,iv:qrHb1e/fswuxHWb7FT6RYOJnY4cuLDDN6M3IGDrgvOI=,tag:Y/OUqoMVoCHmCKlwXwLSYA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-12-08T09:27:31Z" - mac: ENC[AES256_GCM,data:gtlCdy70N3N87o2h4OudXw36qrpHrkYNk53EMPe8TFUmR5LtFN9c2vaQI8vSfd+DwmDeK5vk9HLKzp8ovYxxo9otF/Im3+Hi4Tt0mXZ3ZLrNDCza35esjoXRvkXqIbPbzV8I8RV8VNqQTjgI41klPcn2whT5kbpQAeCrQQiWm5M=,iv:YNNOCmXKJ4MoFo9GrnLYIs/KKazuiXWe2qrGnLjAgpA=,tag:xKj9NhfFpR9BjbGp/HcymQ==,type:str] - pgp: - - created_at: "2023-12-08T09:27:31Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcDMA28W6DUHn5DiAQwAmFZuAd0j+aVPVu8Tkcd3aw1BJeKfprmRkF/O6O7/NCsI - pmeMaCTOOiJ4m44GyrTzVSaMRcPKP7TanpiquTefG85jUVfzYFS4c9lffuITd+5b - ht+kOI7dhphAQF/BfS+IcSY6sHRw4XGeGa2EjTE+edAL33AUMdUvPmdzOXttef7V - J9enfJAxRDLza8wMW26NBh7n5cv2mqE+utRW/PEkR95Rt7r1RdgG0daAhaFOyoCr - Jabl/1KXTfcvs1q+ymk8WXakM7lc1PQEJqgKuGW982NlVanfGiDf2qU0ag48grQd - 8hgvkXajLe74TD/O84MIeUCNbEPVBkGJzruzpH+g1CTKymfBo+cD39B1Jz6o5h2q - JdNvJuPGcD+nyEvb9N7UgzhQxti0512eQNQRN658zCi8LKn0zOYSJkwGinCZCYZP - cqsbmIWrS2gW5ip+UT9IXAMkFbiORKnxFY9lkmcA7m7Ar9liqtzh1aQ3LYUHU0GB - D4HkQXnNNJo4wBS/iqAZ0lEBOfQWZ73VY7hjQy0yZ+mkZSNuVrPYgqVXvlTR4qdH - fUvr17EX23oUXreRWEnyjHSnZH02TGXa7Rk4h0IiU1PJlxyuUl1WRQPq4qVkTMKE - FqM= - =93xL - -----END PGP MESSAGE----- - fp: 3D76910F67FB6093C527A3936A895C2DB83B4289 - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/hack/app-helm.mk b/hack/app-helm.mk deleted file mode 100644 index a2dbc171..00000000 --- a/hack/app-helm.mk +++ /dev/null @@ -1,25 +0,0 @@ -PUSH := 1 -LOAD := 0 - -.DEFAULT_GOAL=help -.PHONY=help show diff apply delete update image - -help: - @echo "USAGE\n" - @echo "Show app manifests:\n\ - make show ENV= INSTANCE=\n" - @echo "Diff app manifests:\n\ - make diff ENV= INSTANCE=\n" - @echo "Deploy app manifests:\n\ - make show ENV= INSTANCE=\n" - @echo "Delete app manifests:\n\ - make diff ENV= INSTANCE=\n" - @make -sq update 2>/dev/null || [ "$$?" != 1 ] \ - || echo "Download app manifests from upstream\n\ - make update\n" - @make -sq image 2>/dev/null || [ "$$?" != 1 ] \ - || echo "Build docker image\n\ - make image PUSH=<0|1> PULL=<0|1>\n" - -show diff apply delete: - @../../hack/app-helm.sh $@ diff --git a/hack/app-helm.sh b/hack/app-helm.sh deleted file mode 100755 index d0ce6064..00000000 --- a/hack/app-helm.sh +++ /dev/null @@ -1,74 +0,0 @@ -#!/bin/sh -set -e - -ensure_namespace() { - if ! nsSecLabel=$(kubectl get "namespace/$namespace" -o jsonpath="{ .metadata.labels['pod-security\.kubernetes\.io/enforce'] }"); then - if [ "$createNamespace" = true ]; then - (set -x; kubectl create namespace "$namespace") - fi - fi - if [ "$nsSecLabel" != privileged ] && [ "$privilegedNamespace" = true ]; then - (set -x; kubectl label namespace "$namespace" pod-security.kubernetes.io/enforce=privileged --overwrite) - fi - if [ "$nsSecLabel" = privileged ] && [ "$privilegedNamespace" != true ]; then - (set -x; kubectl label namespace "$namespace" pod-security.kubernetes.io/enforce- --overwrite) - fi -} - -ensure_crds() { - if [ "$crdsPolicy" != "CreateReplace" ]; then - return - fi - crds=$(mktemp) - "$0" show | yq e "select(.kind|downcase == \"customresourcedefinition\") - | .metadata.annotations.\"meta.helm.sh/release-name\"=\"$name\" - | .metadata.annotations.\"meta.helm.sh/release-namespace\"=\"$namespace\" - | .metadata.labels.\"app.kubernetes.io/managed-by\"=\"Helm\" - " > "$crds" - # We use kubectl create+replace instead of apply to avoid having last-applied configuration - if [ -s "$crds" ]; then - if [ "$crdsPolicy" = "CreateReplace" ]; then - (set -x; kubectl apply --server-side -f "$crds" --force-conflicts) - fi - fi - rm -f "$crds" -} - -name=$(yq eval-all '[._helm.name].0' values.yaml) -namespace=$(yq eval-all '[._helm.namespace].0' values.yaml) -createNamespace=$(yq eval-all '[._helm.createNamespace].0' values.yaml) -privilegedNamespace=$(yq eval-all '[._helm.privilegedNamespace].0' values.yaml) -crdsPolicy=$(yq eval-all '[._helm.crds].0' values.yaml) -case null in - $name|$namespace) - echo "$envFile has no '_helm.name' or '_helm.namespace' fields" >&2 - exit 1 - ;; -esac - -case "$1" in - show) - set -x - helm template "$name" -n "$namespace" . --include-crds - ;; - diff) - set -x - helm diff upgrade --allow-unreleased "$name" -n "$namespace" . --show-secrets - ;; - apply) - ensure_namespace - ensure_crds - crdflag= - if [ "$crdsPolicy" != "Create" ]; then - crdflag=--skip-crds - fi - (set -x; helm upgrade -i "$name" -n "$namespace" . $crdflag) - ;; - delete) - (set -x; helm uninstall "$name" -n "$namespace") - ;; - *) - echo "Command "$1" is not implented!" >&2 - exit 1 - ;; -esac diff --git a/hack/app-talos.mk b/hack/app-talos.mk deleted file mode 100644 index 3bfd1e3b..00000000 --- a/hack/app-talos.mk +++ /dev/null @@ -1,22 +0,0 @@ -.DEFAULT_GOAL=help -.PHONY=init gen clean members diff apply dashboard - -help: - @echo "USAGE\n" - @echo "Prepare secrets and basic files for new cluster:\n\ - make init\n" - @echo "Generate configuration files:\n\ - make gen\n" - @echo "Remove generated files:\n\ - make clean\n" - @echo "Show etcd members:\n\ - make members\n" - @echo "Diff currently generated configuration:\n\ - make diff\n" - @echo "Apply currently generated configuration to the cluster:\n\ - make apply\n" - @echo "Show dashboard:\n\ - make dashboard\n" - -init gen clean members diff apply dashboard: - @../../hack/app-talos.sh $@ diff --git a/hack/app-talos.sh b/hack/app-talos.sh deleted file mode 100755 index be13d4bb..00000000 --- a/hack/app-talos.sh +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/sh -set -e -export TALOSCONFIG=talosconfig - -usage() { - echo "Usage:" - echo " make SERVER=https://xxx:6443 [NODE=127.0.0.1]" - exit 1 -} - -if [ "$1" != clean ] && [ -z "$SERVER" ]; then - usage -fi - -patches="" -if [ -f patch.yaml ]; then - patches="$patches --config-patch=@patch.yaml" -fi -if [ -f patch-control-plane.yaml ]; then - patches="$patches --config-patch-control-plane=@patch-control-plane.yaml" -fi -if [ -f patch-worker.yaml ]; then - patches="$patches --config-patch-worker=@patch-worker.yaml" -fi - -nodes_control=$(echo $NODES_CONTROL | tr ' ' ,) -nodes_workers=$(echo $NODES_WORKERS | tr ' ' ,) - -case "$1" in - init) - set -x - talosctl gen secrets -o secrets.yaml - sops --encrypt -i secrets.yaml || rm -f secrets.yaml - ;; - gen) - name="$(basename "${PWD}")" - set -x - sops -d secrets.yaml | talosctl gen config "$name" "$SERVER" --with-secrets /dev/stdin --with-docs=false $patches --force - talosctl --talosconfig talosconfig config endpoint ${ENDPOINT:-127.0.0.1} - talosctl --talosconfig talosconfig config node $NODE - ;; - clean) - set -x - rm -f controlplane.yaml worker.yaml talosconfig kubeconfig - ;; - members) - nodes=$(echo $NODES_CONTROL | tr ' ' ,) - set -x - talosctl etcd members -n "$nodes" - ;; - diff) - if [ -n "$nodes_control" ]; then - (set -x; talosctl apply-config -n "$nodes_control" -f controlplane.yaml --dry-run) - fi - if [ -n "$nodes_workers" ]; then - (set -x; talosctl apply-config -n "$nodes_workers" -f worker.yaml --dry-run) - fi - ;; - apply) - nodes=$(echo $NODES_CONTROL | tr ' ' ,) - if [ -n "$nodes_control" ]; then - (set -x; talosctl apply-config -n "$nodes_control" -f controlplane.yaml) - fi - nodes=$(echo $NODES_WORKERS | tr ' ' ,) - if [ -n "$nodes_workers" ]; then - (set -x; talosctl apply-config -n "$nodes_workers" -f worker.yaml) - fi - ;; - dashboard) - (set -x; talosctl dashboard) - ;; - *) - usage - ;; -esac diff --git a/system/cert-manager-issuers/Makefile b/system/cert-manager-issuers/Makefile index f6bd5a15..e69de29b 100644 --- a/system/cert-manager-issuers/Makefile +++ b/system/cert-manager-issuers/Makefile @@ -1 +0,0 @@ -include ../../hack/app-helm.mk diff --git a/system/cert-manager/Makefile b/system/cert-manager/Makefile index 69eaf06c..8b96ab0d 100644 --- a/system/cert-manager/Makefile +++ b/system/cert-manager/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: rm -rf charts helm repo add jetstack https://charts.jetstack.io diff --git a/system/cilium/Makefile b/system/cilium/Makefile index abb2cec4..4bfd0703 100644 --- a/system/cilium/Makefile +++ b/system/cilium/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: rm -rf charts helm repo add cilium https://helm.cilium.io/ diff --git a/system/fluxcd/Makefile b/system/fluxcd/Makefile index 9d4281ad..657d5348 100644 --- a/system/fluxcd/Makefile +++ b/system/fluxcd/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: rm -rf charts helm pull oci://ghcr.io/fluxcd-community/charts/flux2 --untar --untardir charts diff --git a/system/grafana-operator/Makefile b/system/grafana-operator/Makefile index 10deb03d..d4721e21 100644 --- a/system/grafana-operator/Makefile +++ b/system/grafana-operator/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: rm -rf charts mkdir -p charts diff --git a/system/ingress-nginx/Makefile b/system/ingress-nginx/Makefile index 0998054b..ae9d34e4 100644 --- a/system/ingress-nginx/Makefile +++ b/system/ingress-nginx/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: rm -rf charts helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx diff --git a/system/kubeapps/Makefile b/system/kubeapps/Makefile index 6a743f52..d837e9ce 100644 --- a/system/kubeapps/Makefile +++ b/system/kubeapps/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: update-chart update-dockerfiles update-chart: diff --git a/system/kubeovn/Makefile b/system/kubeovn/Makefile index 14311eee..8392c92e 100644 --- a/system/kubeovn/Makefile +++ b/system/kubeovn/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: rm -rf charts && mkdir -p charts/kube-ovn tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/kubeovn/kube-ovn | awk -F'[/^]' 'END{print $$3}') && \ diff --git a/system/kubevirt-operator/Makefile b/system/kubevirt-operator/Makefile index 4f1583aa..7a6908a2 100644 --- a/system/kubevirt-operator/Makefile +++ b/system/kubevirt-operator/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: rm -rf templates mkdir templates diff --git a/system/kubevirt/Makefile b/system/kubevirt/Makefile index 07851c7a..ba453361 100644 --- a/system/kubevirt/Makefile +++ b/system/kubevirt/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: rm -rf templates mkdir templates diff --git a/system/linstor/Makefile b/system/linstor/Makefile index f6bd5a15..e69de29b 100644 --- a/system/linstor/Makefile +++ b/system/linstor/Makefile @@ -1 +0,0 @@ -include ../../hack/app-helm.mk diff --git a/system/mariadb-operator/Makefile b/system/mariadb-operator/Makefile index 8197f0ca..0875c03d 100644 --- a/system/mariadb-operator/Makefile +++ b/system/mariadb-operator/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: rm -rf charts helm repo add mariadb-operator https://mariadb-operator.github.io/mariadb-operator diff --git a/system/metallb-addresses/Makefile b/system/metallb-addresses/Makefile index f6bd5a15..e69de29b 100644 --- a/system/metallb-addresses/Makefile +++ b/system/metallb-addresses/Makefile @@ -1 +0,0 @@ -include ../../hack/app-helm.mk diff --git a/system/metallb/Makefile b/system/metallb/Makefile index 8fc72d4f..b189e4bf 100644 --- a/system/metallb/Makefile +++ b/system/metallb/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: rm -rf charts helm repo add metallb https://metallb.github.io/metallb diff --git a/system/monitoring/Makefile b/system/monitoring/Makefile index fa859fa1..0e1eb6d4 100644 --- a/system/monitoring/Makefile +++ b/system/monitoring/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: rm -rf charts helm repo add prometheus-community https://prometheus-community.github.io/helm-charts diff --git a/system/piraeus-operator/Makefile b/system/piraeus-operator/Makefile index 1979a2d7..df8558fd 100644 --- a/system/piraeus-operator/Makefile +++ b/system/piraeus-operator/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: rm -rf charts tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/piraeusdatastore/piraeus-operator | awk -F'[/^]' 'END{print $$3}') && \ diff --git a/system/postgres-operator/Makefile b/system/postgres-operator/Makefile index afdaedaa..4d1e778b 100644 --- a/system/postgres-operator/Makefile +++ b/system/postgres-operator/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: rm -rf charts helm repo add cnpg https://cloudnative-pg.github.io/charts diff --git a/system/rabbitmq-operator/Makefile b/system/rabbitmq-operator/Makefile index 8c58fa42..f9c9e017 100644 --- a/system/rabbitmq-operator/Makefile +++ b/system/rabbitmq-operator/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: rm -rf templates/cluster-operator.yml wget -O templates/cluster-operator.yml https://github.com/rabbitmq/cluster-operator/releases/latest/download/cluster-operator.yml diff --git a/system/redis-operator/Makefile b/system/redis-operator/Makefile index db0c5377..6f4961c3 100644 --- a/system/redis-operator/Makefile +++ b/system/redis-operator/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: rm -rf charts helm repo add redis-operator https://spotahome.github.io/redis-operator diff --git a/system/telepresence/Makefile b/system/telepresence/Makefile index 292ccc25..813c983e 100644 --- a/system/telepresence/Makefile +++ b/system/telepresence/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: rm -rf charts helm repo add datawire https://app.getambassador.io diff --git a/system/victoria-metrics-operator/Makefile b/system/victoria-metrics-operator/Makefile index 9022e568..8de0a122 100644 --- a/system/victoria-metrics-operator/Makefile +++ b/system/victoria-metrics-operator/Makefile @@ -1,5 +1,3 @@ -include ../../hack/app-helm.mk - update: rm -rf charts # VictoriaMetrics operator