From e3bf953cf7772c8c8262ccb3559aaba9dfd07ca7 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Fri, 8 Nov 2024 12:34:10 +0100 Subject: [PATCH] big update for kubernetes and helm templates --- .../cert-manager}/values.yaml | 2 + helm/longhorn/values.yaml | 53 ++++++++++++++++++ helm/portainer/values.yaml | 27 ++++++++++ helm/traefik/values.yaml | 19 +++++++ .../certificate.yaml.example | 0 .../clusterissuer-secret.yaml} | 0 .../clusterissuer.yaml} | 6 +-- .../certmanager/examples/issuer.yaml.example | 18 ------- kubernetes/examples/example-configmap.yaml | 0 kubernetes/examples/example-deployment.yaml | 22 -------- kubernetes/examples/example-ingress.yaml | 0 kubernetes/examples/example-namespace.yaml | 0 .../examples/example-peristentvolume.yaml | 0 .../example-persistentvolumeclaim.yaml | 0 kubernetes/examples/example-secret.yaml | 0 kubernetes/examples/example-service.yaml | 12 ----- kubernetes/longhorn/certificate.yaml | 13 +++++ kubernetes/longhorn/ingressroute.yaml | 17 ++++++ kubernetes/portainer/certificate.yaml | 13 +++++ kubernetes/portainer/ingressroute.yaml | 17 ++++++ kubernetes/portainer/values.yml | 29 ---------- .../examples/example-ingressroute.yaml | 20 ------- .../examples/example-ingressroutetcp.yml | 21 -------- kubernetes/traefik/ingressroute.yaml.example | 19 +++++++ .../traefik/ingressroutetcp.yaml.example | 19 +++++++ kubernetes/traefik/values.yml | 54 ------------------- renovate.json | 23 ++++++++ 27 files changed, 225 insertions(+), 179 deletions(-) rename {kubernetes/certmanager => helm/cert-manager}/values.yaml (99%) create mode 100644 helm/longhorn/values.yaml create mode 100644 helm/portainer/values.yaml create mode 100644 helm/traefik/values.yaml rename kubernetes/{certmanager/examples => cert-manager}/certificate.yaml.example (100%) rename kubernetes/{certmanager/examples/issuer-secret.yaml.example => cert-manager/clusterissuer-secret.yaml} (100%) rename kubernetes/{certmanager/examples/clusterissuer.yaml.example => cert-manager/clusterissuer.yaml} (59%) delete mode 100644 kubernetes/certmanager/examples/issuer.yaml.example delete mode 100644 kubernetes/examples/example-configmap.yaml delete mode 100644 kubernetes/examples/example-deployment.yaml delete mode 100644 kubernetes/examples/example-ingress.yaml delete mode 100644 kubernetes/examples/example-namespace.yaml delete mode 100644 kubernetes/examples/example-peristentvolume.yaml delete mode 100644 kubernetes/examples/example-persistentvolumeclaim.yaml delete mode 100644 kubernetes/examples/example-secret.yaml delete mode 100644 kubernetes/examples/example-service.yaml create mode 100644 kubernetes/longhorn/certificate.yaml create mode 100644 kubernetes/longhorn/ingressroute.yaml create mode 100644 kubernetes/portainer/certificate.yaml create mode 100644 kubernetes/portainer/ingressroute.yaml delete mode 100644 kubernetes/portainer/values.yml delete mode 100644 kubernetes/traefik/examples/example-ingressroute.yaml delete mode 100644 kubernetes/traefik/examples/example-ingressroutetcp.yml create mode 100644 kubernetes/traefik/ingressroute.yaml.example create mode 100644 kubernetes/traefik/ingressroutetcp.yaml.example delete mode 100644 kubernetes/traefik/values.yml diff --git a/kubernetes/certmanager/values.yaml b/helm/cert-manager/values.yaml similarity index 99% rename from kubernetes/certmanager/values.yaml rename to helm/cert-manager/values.yaml index 750e019..dbf3773 100644 --- a/kubernetes/certmanager/values.yaml +++ b/helm/cert-manager/values.yaml @@ -10,8 +10,10 @@ cainjector: image: repository: quay.io/jetstack/cert-manager-cainjector tag: v1.16.0 + crds: enabled: true + extraArgs: - --dns01-recursive-nameservers-only - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53 diff --git a/helm/longhorn/values.yaml b/helm/longhorn/values.yaml new file mode 100644 index 0000000..934f16c --- /dev/null +++ b/helm/longhorn/values.yaml @@ -0,0 +1,53 @@ +--- +image: + longhorn: + engine: + repository: "longhornio/longhorn-engine" + tag: "v1.7.2" + manager: + repository: "longhornio/longhorn-manager" + tag: "v1.7.2" + ui: + repository: "longhornio/longhorn-ui" + tag: "v1.7.2" + instanceManager: + repository: "longhornio/longhorn-instance-manager" + tag: "v1.7.2" + shareManager: + repository: "longhornio/longhorn-share-manager" + tag: "v1.7.2" + backingImageManager: + repository: "longhornio/backing-image-manager" + tag: "v1.7.2" + supportBundleKit: + repository: "longhornio/support-bundle-kit" + tag: "v0.0.45" + csi: + attacher: + repository: "longhornio/csi-attacher" + tag: "v4.7.0" + provisioner: + repository: "longhornio/csi-provisioner" + tag: "v5.1.0" + nodeDriverRegistrar: + repository: "longhornio/csi-node-driver-registrar" + tag: "v2.12.0" + resizer: + repository: "longhornio/csi-resizer" + tag: "v1.12.0" + snapshotter: + repository: "longhornio/csi-snapshotter" + tag: "v8.1.0" + livenessProbe: + repository: "longhornio/livenessprobe" + tag: "v2.14.0" + +# --> (Optional) Reduce the number of replicas of Longhorn UI +# longhornUI: +# replicas: 1 +# <-- + +# --> (Optional) Change the default settings, like Backup Target here... +# defaultSettings: +# backupTarget: "your-backup-target" # <-- Replace with your backup target +# <-- diff --git a/helm/portainer/values.yaml b/helm/portainer/values.yaml new file mode 100644 index 0000000..ec1a4f4 --- /dev/null +++ b/helm/portainer/values.yaml @@ -0,0 +1,27 @@ +--- +image: + repository: portainer/portainer-ce + tag: 2.22.0 + pullPolicy: IfNotPresent + +service: + type: ClusterIP + +# --> (Optional) When you want to automatically create an Ingress +# ingress: +# enabled: true +# hosts: +# - host: "your-fqdn" # <-- Replace with your FQDN +# paths: +# - path: / +# port: "9000" +# tls: +# - secretName: portainer-certificate-secret +# hosts: +# - "your-fqdn" # <-- Replace with your FQDN +# <-- + +# --> (Optional) When using an existing PVC +# persistence: +# existingClaim: "portainer" +# <-- diff --git a/helm/traefik/values.yaml b/helm/traefik/values.yaml new file mode 100644 index 0000000..ddf4d28 --- /dev/null +++ b/helm/traefik/values.yaml @@ -0,0 +1,19 @@ +image: + repository: traefik + version: v3.1.4 + pullPolicy: IfNotPresent + +# --> (Optional) Change log settings here... +# logs: +# general: +# level: ERROR +# access: +# enabled: false +# <-- + +# --> (Optional) Redirect HTTP to HTTPs by default +# ports: +# web: +# redirectTo: +# port: websecure +# <-- diff --git a/kubernetes/certmanager/examples/certificate.yaml.example b/kubernetes/cert-manager/certificate.yaml.example similarity index 100% rename from kubernetes/certmanager/examples/certificate.yaml.example rename to kubernetes/cert-manager/certificate.yaml.example diff --git a/kubernetes/certmanager/examples/issuer-secret.yaml.example b/kubernetes/cert-manager/clusterissuer-secret.yaml similarity index 100% rename from kubernetes/certmanager/examples/issuer-secret.yaml.example rename to kubernetes/cert-manager/clusterissuer-secret.yaml diff --git a/kubernetes/certmanager/examples/clusterissuer.yaml.example b/kubernetes/cert-manager/clusterissuer.yaml similarity index 59% rename from kubernetes/certmanager/examples/clusterissuer.yaml.example rename to kubernetes/cert-manager/clusterissuer.yaml index 29f1b2a..f1b25af 100644 --- a/kubernetes/certmanager/examples/clusterissuer.yaml.example +++ b/kubernetes/cert-manager/clusterissuer.yaml @@ -2,16 +2,16 @@ apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: - name: clusterissuer # <-- Replace with your clsuterissuer name + name: cloudflare-clusterissuer spec: acme: email: your-email@address # <-- Replace with your email address server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: - name: example-clusterissuer-account-key # <-- Replace with your secret name + name: cloudflare-clusterissuer-account-key solvers: - dns01: cloudflare: apiTokenSecretRef: - name: cloudflare-api-token-secret # <-- Replace with your secret name + name: cloudflare-api-token-secret key: api-token diff --git a/kubernetes/certmanager/examples/issuer.yaml.example b/kubernetes/certmanager/examples/issuer.yaml.example deleted file mode 100644 index e7129a4..0000000 --- a/kubernetes/certmanager/examples/issuer.yaml.example +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: issuer # <-- Replace with your issuer name - namespace: your-namespace # <-- Replace with your namespace -spec: - acme: - email: your-email@address # <-- Replace with your email address - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: example-issuer-account-key # <-- Replace with your secret name - solvers: - - dns01: - cloudflare: - apiTokenSecretRef: - name: cloudflare-api-token-secret # <-- Replace with your secret name - key: api-token diff --git a/kubernetes/examples/example-configmap.yaml b/kubernetes/examples/example-configmap.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/kubernetes/examples/example-deployment.yaml b/kubernetes/examples/example-deployment.yaml deleted file mode 100644 index b7d6417..0000000 --- a/kubernetes/examples/example-deployment.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: example-deployment - namespace: your-namespace - labels: - app: example-app -spec: - replicas: 3 # how many pods? - selector: - matchLabels: - app: example-app - template: - metadata: - labels: - app: example-app - spec: - containers: - - name: nginx - image: nginx:latest - ports: - - containerPort: 80 diff --git a/kubernetes/examples/example-ingress.yaml b/kubernetes/examples/example-ingress.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/kubernetes/examples/example-namespace.yaml b/kubernetes/examples/example-namespace.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/kubernetes/examples/example-peristentvolume.yaml b/kubernetes/examples/example-peristentvolume.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/kubernetes/examples/example-persistentvolumeclaim.yaml b/kubernetes/examples/example-persistentvolumeclaim.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/kubernetes/examples/example-secret.yaml b/kubernetes/examples/example-secret.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/kubernetes/examples/example-service.yaml b/kubernetes/examples/example-service.yaml deleted file mode 100644 index dece911..0000000 --- a/kubernetes/examples/example-service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: example-service - namespace: your-namespace -spec: - selector: - app.kubernetes.io/name: MyApp - ports: - - protocol: TCP - port: 80 - targetPort: 9376 diff --git a/kubernetes/longhorn/certificate.yaml b/kubernetes/longhorn/certificate.yaml new file mode 100644 index 0000000..0efedb7 --- /dev/null +++ b/kubernetes/longhorn/certificate.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: longhorn-certificate + namespace: longhorn-system +spec: + secretName: longhorn-certificate-secret + dnsNames: + - your-fqdn # <-- Replace with your FQDN + issuerRef: + name: cloudflare-clusterissuer + kind: ClusterIssuer diff --git a/kubernetes/longhorn/ingressroute.yaml b/kubernetes/longhorn/ingressroute.yaml new file mode 100644 index 0000000..e530a02 --- /dev/null +++ b/kubernetes/longhorn/ingressroute.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: longhorn-ingressroute + namespace: longhorn-system +spec: + entryPoints: + - websecure + routes: + - match: Host(`your-fqdn`) # <-- Replace with your FQDN + kind: Rule + services: + - name: longhorn-frontend + port: 80 + tls: + secretName: longhorn-certificate-secret diff --git a/kubernetes/portainer/certificate.yaml b/kubernetes/portainer/certificate.yaml new file mode 100644 index 0000000..85e23f3 --- /dev/null +++ b/kubernetes/portainer/certificate.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: portainer-ingressroute-certificate + namespace: portainer +spec: + secretName: portainer-certificate-secret + issuerRef: + name: cloudflare-clusterissuer + kind: ClusterIssuer + dnsNames: + - your-fqdn # <-- Replace with your FQDN diff --git a/kubernetes/portainer/ingressroute.yaml b/kubernetes/portainer/ingressroute.yaml new file mode 100644 index 0000000..757128b --- /dev/null +++ b/kubernetes/portainer/ingressroute.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: portainer-ingressroute + namespace: portainer +spec: + entryPoints: + - websecure + routes: + - match: Host(`your-fqdn`) # <-- Replace with your FQDN + kind: Rule + services: + - name: portainer + port: 9000 + tls: + secretName: portainer-certificate-secret diff --git a/kubernetes/portainer/values.yml b/kubernetes/portainer/values.yml deleted file mode 100644 index bf758e1..0000000 --- a/kubernetes/portainer/values.yml +++ /dev/null @@ -1,29 +0,0 @@ -# Portainer Helm Chart Values Template -# --- -image: - repository: portainer/portainer-ce - tag: 2.22.0 - pullPolicy: IfNotPresent - -replicas: 1 # Number of replicas - -# (Choice) LoadBalancer or ClusterIP with optional Ingress -service: - type: LoadBalancer - # -- or -- - # type: ClusterIP - -# (Optional) Add Ingress, when using ClusterIP -ingress: - enabled: true - hosts: - - host: "portainer-test-1.kube-prod-2.home.clcreative.de" - paths: - - path: "/" - port: "9000" -# -- end - -persistence: - enabled: true - # (Optional) Use an existing PVC - # existingClaim: portainer diff --git a/kubernetes/traefik/examples/example-ingressroute.yaml b/kubernetes/traefik/examples/example-ingressroute.yaml deleted file mode 100644 index 4825788..0000000 --- a/kubernetes/traefik/examples/example-ingressroute.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: ingressroute - # (Optional) Namespace - # namespace: your-namespace - # --- -spec: - entryPoints: - - web - - websecure - routes: - - match: Host(`your-hostname`) - kind: Rule - services: - - name: your-service - port: 80 - # (Optional) TLS - # tls: - # secretName: your-tls-secret diff --git a/kubernetes/traefik/examples/example-ingressroutetcp.yml b/kubernetes/traefik/examples/example-ingressroutetcp.yml deleted file mode 100644 index 5bb0ab4..0000000 --- a/kubernetes/traefik/examples/example-ingressroutetcp.yml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRouteTCP -metadata: - name: ingressroutetcp - # (Optional) Namespace - # namespace: your-namespace - # --- -spec: - entryPoints: - - web - - websecure - routes: - - match: HostSNI(`your-hostname-sni`) - priority: 10 - services: - - name: your-service - port: 80 - # (Optional) TLS Passthrough - # tls: - # passthrough: true - # --- diff --git a/kubernetes/traefik/ingressroute.yaml.example b/kubernetes/traefik/ingressroute.yaml.example new file mode 100644 index 0000000..36f0da4 --- /dev/null +++ b/kubernetes/traefik/ingressroute.yaml.example @@ -0,0 +1,19 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: your-ingressroute # <-- Replace with your IngressRoute name + namespace: your-namespace # <-- Replace with your namespace +spec: + entryPoints: + - web + - websecure + routes: + - match: Host(`your-fqdn`) # <-- Replace with your FQDN + kind: Rule + services: + - name: your-service # <-- Replace with your service name + port: 80 + # --> (Optional) Add certificate secret + # tls: + # secretName: your-certificate-secret + # <-- diff --git a/kubernetes/traefik/ingressroutetcp.yaml.example b/kubernetes/traefik/ingressroutetcp.yaml.example new file mode 100644 index 0000000..55178e4 --- /dev/null +++ b/kubernetes/traefik/ingressroutetcp.yaml.example @@ -0,0 +1,19 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRouteTCP +metadata: + name: your-ingressroutetcp # <-- Replace with your IngressRouteTCP name + namespace: your-namespace # <-- Replace with your namespace +spec: + entryPoints: + - web + - websecure + routes: + - match: HostSNI(`your-sni`) # <-- Replace with your SNI + priority: 10 # <-- (Optional) change rule priority + services: + - name: your-service # <-- Replace with your service name + port: 80 + # --> (Optional) Enable TLS Passthrough + # tls: + # passthrough: true + # <-- diff --git a/kubernetes/traefik/values.yml b/kubernetes/traefik/values.yml deleted file mode 100644 index 24aebd1..0000000 --- a/kubernetes/traefik/values.yml +++ /dev/null @@ -1,54 +0,0 @@ -# Traefik Helm Chart Values Template -# --- -image: - repository: traefik - version: v3.1.4 - pullPolicy: IfNotPresent - -# (Optional) Log settings -# logs: -# general: -# level: ERROR -# access: -# enabled: false - -# (Optional) Change number of replicas -# deployment: -# replicas: 1 - -# (Optional) Enable Prometheus Metrics, requires metrics port to be exposed! -# metrics: -# prometheus: -# entryPoint: metrics - -# Configure EntryPoints -ports: - web: - # StandardHTTP - port: 8000 - exposed: true - exposedPort: 80 - # (Optional) Redirect HTTP to HTTPs by default - # redirectTo: - # port: websecure - websecure: - # Standard HTTPS - port: 8443 - exposed: true - exposedPort: 443 - tls: - enabled: true - # (Optional) Enable HTTP3 - # http3: - # enabled: false - # (Optional) When enabled Prometheus Metrics will be exposed on this port - # metrics: - # Prometheus Metrics - # port: 9100 - # exposed: false - # exposedPort: 9100 - -# Create a default IngressClass -ingressClass: - enabled: true - isDefaultClass: true diff --git a/renovate.json b/renovate.json index cadb229..1b1347e 100644 --- a/renovate.json +++ b/renovate.json @@ -110,6 +110,29 @@ "allowedVersions": "!/^v?2\\.19\\.10$/" } ], + "customManagers": [ + { + "customType": "regex", + "description": "Update Longhorn images in Helm", + "fileMatch": ["(^|/)helm/longhorn/.+\\.yaml$"], + "matchStrings": [ + "engine:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "manager:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "ui:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "instanceManager:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "shareManager:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "backingImageManager:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "supportBundleKit:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "attacher:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "provisioner:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "nodeDriverRegistrar:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "resizer:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "snapshotter:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "livenessProbe:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?" + ], + "datasourceTemplate": "docker" + } + ], "separateMinorPatch": true, "stopUpdatingLabel": "renovate/stop_updating" }