diff --git a/Makefile b/Makefile index 2fe9e7d..5438c65 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ lint: repos repos: @helmfile -e $(HELMFILE_ENVIRONMENT) repos template: - @helmfile -e $(HELMFILE_ENVIRONMENT) template + @helmfile -e $(HELMFILE_ENVIRONMENT) template --include-crds --include-needs --include-transitive-needs -q diff: @helmfile -e $(HELMFILE_ENVIRONMENT) diff sync: diff --git a/README.md b/README.md index 5c0dcf2..9c0d04a 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,10 @@ A top-level helmfile directory, contains dependencies release files and director All the yaml files under the specified directory are processed in the alphabetical order. Each files defines an ordered list of releases to deploy. -- 01-core-apps.yaml: for core applications (example ingress, observability, cert-manager...) +- 01-core-apps.yaml: for core applications (example ingress,cert-manager, argocd...) +- 01-loki.yaml: logs aggregator +- 01-prometheus-stack.yaml: observability (grafana,prometheus) +- 01-promtail.yaml: logs shipping - 02-sample-apps.yaml: other applications #### bases diff --git a/charts/raw/.helmignore b/charts/raw/.helmignore new file mode 100755 index 0000000..f0c1319 --- /dev/null +++ b/charts/raw/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/raw/Chart.yaml b/charts/raw/Chart.yaml new file mode 100644 index 0000000..f2960eb --- /dev/null +++ b/charts/raw/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +appVersion: 0.2.3 +name: raw +home: https://github.com/helm/charts/blob/master/incubator/raw +description: A place for all the Kubernetes resources which don't already have a home. +version: 0.3.0 diff --git a/charts/raw/OWNERS b/charts/raw/OWNERS new file mode 100755 index 0000000..db15b51 --- /dev/null +++ b/charts/raw/OWNERS @@ -0,0 +1,6 @@ +approvers: +- josdotso +- mumoshu +reviewers: +- josdotso +- mumoshu diff --git a/charts/raw/README.md b/charts/raw/README.md new file mode 100755 index 0000000..b691aea --- /dev/null +++ b/charts/raw/README.md @@ -0,0 +1,129 @@ +# incubator/raw + +The `incubator/raw` chart takes a list of Kubernetes resources and +merges each resource with a default `metadata.labels` map and installs +the result. + +The Kubernetes resources can be "raw" ones defined under the `resources` key, or "templated" ones defined under the `templates` key. + +Some use cases for this chart include Helm-based installation and +maintenance of resources of kinds: +- LimitRange +- PriorityClass +- Secret + +## Usage + +### Raw resources + +#### STEP 1: Create a yaml file containing your raw resources. + +``` +# raw-priority-classes.yaml + +resources: + + - apiVersion: scheduling.k8s.io/v1beta1 + kind: PriorityClass + metadata: + name: common-critical + value: 100000000 + globalDefault: false + description: "This priority class should only be used for critical priority common pods." + + - apiVersion: scheduling.k8s.io/v1beta1 + kind: PriorityClass + metadata: + name: common-high + value: 90000000 + globalDefault: false + description: "This priority class should only be used for high priority common pods." + + - apiVersion: scheduling.k8s.io/v1beta1 + kind: PriorityClass + metadata: + name: common-medium + value: 80000000 + globalDefault: false + description: "This priority class should only be used for medium priority common pods." + + - apiVersion: scheduling.k8s.io/v1beta1 + kind: PriorityClass + metadata: + name: common-low + value: 70000000 + globalDefault: false + description: "This priority class should only be used for low priority common pods." + + - apiVersion: scheduling.k8s.io/v1beta1 + kind: PriorityClass + metadata: + name: app-critical + value: 100000 + globalDefault: false + description: "This priority class should only be used for critical priority app pods." + + - apiVersion: scheduling.k8s.io/v1beta1 + kind: PriorityClass + metadata: + name: app-high + value: 90000 + globalDefault: false + description: "This priority class should only be used for high priority app pods." + + - apiVersion: scheduling.k8s.io/v1beta1 + kind: PriorityClass + metadata: + name: app-medium + value: 80000 + globalDefault: true + description: "This priority class should only be used for medium priority app pods." + + - apiVersion: scheduling.k8s.io/v1beta1 + kind: PriorityClass + metadata: + name: app-low + value: 70000 + globalDefault: false + description: "This priority class should only be used for low priority app pods." +``` + +#### STEP 2: Install your raw resources. + +``` +helm install --name raw-priority-classes incubator/raw -f raw-priority-classes.yaml +``` + +### Templated resources + +#### STEP 1: Create a yaml file containing your templated resources. + +``` +# values.yaml + +templates: +- | + apiVersion: v1 + kind: Secret + metadata: + name: common-secret + stringData: + mykey: {{ .Values.mysecret }} +``` + +The yaml file containing `mysecret` should be encrypted with a tool like [helm-secrets](https://github.com/futuresimple/helm-secrets) + +``` +# secrets.yaml +mysecret: abc123 +``` + +``` +$ helm secrets enc secrets.yaml +``` + +#### STEP 2: Install your templated resources. + +``` +helm secrets install --name mysecret incubator/raw -f values.yaml -f secrets.yaml +``` diff --git a/charts/raw/ci/resources-values.yaml b/charts/raw/ci/resources-values.yaml new file mode 100644 index 0000000..1028ae5 --- /dev/null +++ b/charts/raw/ci/resources-values.yaml @@ -0,0 +1,8 @@ +resources: +- apiVersion: scheduling.k8s.io/v1beta1 + kind: PriorityClass + metadata: + name: common-critical + value: 100000000 + globalDefault: false + description: "This priority class should only be used for critical priority common pods." diff --git a/charts/raw/ci/templates-values.yaml b/charts/raw/ci/templates-values.yaml new file mode 100644 index 0000000..600f40e --- /dev/null +++ b/charts/raw/ci/templates-values.yaml @@ -0,0 +1,6 @@ +templates: +- | + apiVersion: v1 + kind: ConfigMap + metadata: + name: raw diff --git a/charts/raw/ci/values.yaml b/charts/raw/ci/values.yaml new file mode 100644 index 0000000..876494a --- /dev/null +++ b/charts/raw/ci/values.yaml @@ -0,0 +1,18 @@ +resources: +- apiVersion: v1 + kind: Secret + metadata: + name: common + stringData: + foo: bar + +mysecret: abc134 + +templates: +- | + apiVersion: v1 + kind: Secret + metadata: + name: common-secret + stringData: + mykey: "{{ .Values.mysecret }}" diff --git a/charts/raw/templates/NOTES.txt b/charts/raw/templates/NOTES.txt new file mode 100755 index 0000000..e69de29 diff --git a/charts/raw/templates/_helpers.tpl b/charts/raw/templates/_helpers.tpl new file mode 100755 index 0000000..f916d27 --- /dev/null +++ b/charts/raw/templates/_helpers.tpl @@ -0,0 +1,45 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "raw.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "raw.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "raw.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +raw.resource will create a resource template that can be +merged with each item in `.Values.resources`. +*/}} +{{- define "raw.resource" -}} +metadata: + labels: + app: {{ template "raw.name" . }} + chart: {{ template "raw.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end }} diff --git a/charts/raw/templates/resources.yaml b/charts/raw/templates/resources.yaml new file mode 100755 index 0000000..83c900d --- /dev/null +++ b/charts/raw/templates/resources.yaml @@ -0,0 +1,9 @@ +{{- $template := fromYaml (include "raw.resource" .) -}} +{{- range .Values.resources }} +--- +{{ toYaml (merge . $template) -}} +{{- end }} +{{- range $i, $t := .Values.templates }} +--- +{{ toYaml (merge (tpl $t $ | fromYaml) $template) -}} +{{- end }} diff --git a/charts/raw/values.yaml b/charts/raw/values.yaml new file mode 100755 index 0000000..4305a27 --- /dev/null +++ b/charts/raw/values.yaml @@ -0,0 +1,80 @@ +resources: [] +# +# - apiVersion: scheduling.k8s.io/v1beta1 +# kind: PriorityClass +# metadata: +# name: common-critical +# value: 100000000 +# globalDefault: false +# description: "This priority class should only be used for critical priority common pods." +# +# - apiVersion: scheduling.k8s.io/v1beta1 +# kind: PriorityClass +# metadata: +# name: common-high +# value: 90000000 +# globalDefault: false +# description: "This priority class should only be used for high priority common pods." +# +# - apiVersion: scheduling.k8s.io/v1beta1 +# kind: PriorityClass +# metadata: +# name: common-medium +# value: 80000000 +# globalDefault: false +# description: "This priority class should only be used for medium priority common pods." +# +# - apiVersion: scheduling.k8s.io/v1beta1 +# kind: PriorityClass +# metadata: +# name: common-low +# value: 70000000 +# globalDefault: false +# description: "This priority class should only be used for low priority common pods." +# +# - apiVersion: scheduling.k8s.io/v1beta1 +# kind: PriorityClass +# metadata: +# name: app-critical +# value: 100000 +# globalDefault: false +# description: "This priority class should only be used for critical priority app pods." +# +# - apiVersion: scheduling.k8s.io/v1beta1 +# kind: PriorityClass +# metadata: +# name: app-high +# value: 90000 +# globalDefault: false +# description: "This priority class should only be used for high priority app pods." +# +# - apiVersion: scheduling.k8s.io/v1beta1 +# kind: PriorityClass +# metadata: +# name: app-medium +# value: 80000 +# globalDefault: true +# description: "This priority class should only be used for medium priority app pods." +# +# - apiVersion: scheduling.k8s.io/v1beta1 +# kind: PriorityClass +# metadata: +# name: app-low +# value: 70000 +# globalDefault: false +# description: "This priority class should only be used for low priority app pods." + +templates: [] +# - | +# apiVersion: v1 +# kind: ConfigMap +# metadata: +# name: raw +# +# - | +# apiVersion: v1 +# kind: Secret +# metadata: +# name: common-secret +# stringData: +# mykey: {{ .Values.mysecret }} diff --git a/helmfile.d/01-loki.yaml b/helmfile.d/01-loki.yaml new file mode 100644 index 0000000..b3c711f --- /dev/null +++ b/helmfile.d/01-loki.yaml @@ -0,0 +1,11 @@ +--- +bases: + - bases/helmDefaults.yaml + - bases/environments.yaml + +helmfiles: +- path: releases/loki/helmfile.yaml + values: + - {{ toYaml .Values | nindent 4 }} + +missingFileHandler: Warn diff --git a/helmfile.d/01-prometheus-stack.yaml b/helmfile.d/01-prometheus-stack.yaml new file mode 100644 index 0000000..0861631 --- /dev/null +++ b/helmfile.d/01-prometheus-stack.yaml @@ -0,0 +1,11 @@ +--- +bases: + - bases/helmDefaults.yaml + - bases/environments.yaml + +helmfiles: +- path: releases/prometheus-stack/helmfile.yaml + values: + - {{ toYaml .Values | nindent 4 }} + +missingFileHandler: Warn diff --git a/helmfile.d/01-promtail.yaml b/helmfile.d/01-promtail.yaml new file mode 100644 index 0000000..b8f12a3 --- /dev/null +++ b/helmfile.d/01-promtail.yaml @@ -0,0 +1,11 @@ +--- +bases: + - bases/helmDefaults.yaml + - bases/environments.yaml + +helmfiles: +- path: releases/promtail/helmfile.yaml + values: + - {{ toYaml .Values | nindent 4 }} + +missingFileHandler: Warn diff --git a/helmfile.d/bases/helmDefaults.yaml b/helmfile.d/bases/helmDefaults.yaml index 2a2077a..18c20b3 100644 --- a/helmfile.d/bases/helmDefaults.yaml +++ b/helmfile.d/bases/helmDefaults.yaml @@ -2,4 +2,5 @@ helmDefaults: atomic: true wait: true + waitForJobs: true verify: false diff --git a/helmfile.d/environments/common.yaml b/helmfile.d/environments/common.yaml index e8e92a6..eb1f38f 100644 --- a/helmfile.d/environments/common.yaml +++ b/helmfile.d/environments/common.yaml @@ -1,4 +1,15 @@ --- +core_namespaces: + installed: false # true + namespaces: +# cert-manager: {} +# ingress-nginx: {} +# argocd: {} + loki: {} +# monitoring: {} +# promtail: {} + whoami: {} + ingress_nginx: installed: false # true chart_version: v4.9.1 @@ -32,9 +43,13 @@ cert_manager_issuer: loki: installed: false # true - chart_version: 5.43.3 + chart_version: 5.47.1 namespace: "loki" +prometheus_operator_crds: + installed: false # true + namespace: "monitoring" + prometheus: installed: false # true chart_version: 57.1.1 diff --git a/helmfile.d/environments/local.yaml b/helmfile.d/environments/local.yaml index 1f927c3..c366cb2 100644 --- a/helmfile.d/environments/local.yaml +++ b/helmfile.d/environments/local.yaml @@ -1,4 +1,7 @@ --- +core_namespaces: + installed: true + ingress_nginx: installed: true # for local development cluster: Deployment is enough @@ -20,6 +23,9 @@ loki: promtail: installed: true +prometheus_operator_crds: + installed: false + prometheus: installed: true grafana_hostname: grafana.127.0.0.1.nip.io diff --git a/helmfile.d/releases/01-core/argocd-values.yaml.gotmpl b/helmfile.d/releases/01-core/argocd-values.yaml.gotmpl index b951400..5addff3 100644 --- a/helmfile.d/releases/01-core/argocd-values.yaml.gotmpl +++ b/helmfile.d/releases/01-core/argocd-values.yaml.gotmpl @@ -10,31 +10,37 @@ configs: helmfile: version: v1.0 allowConcurrency: true + lockRepo: false init: - command: [sh] + command: [bash,-c] args: - - "-c" - 'echo "Initializing..."' generate: command: [bash,-c] args: - | - HELMFILE_ARGS="" + echoerr() { printf "%s\n" "$*" >&2; } + echoerr "starting generate" + HELMFILE_ARGS="--no-color --allow-no-matching-release " if [[ -v ARGOCD_APP_NAMESPACE ]]; then - HELMFILE_ARGS=" -n $ARGOCD_APP_NAMESPACE " + HELMFILE_ARGS="${HELMFILE_ARGS} -n ${ARGOCD_APP_NAMESPACE} " fi if [[ -v ENV_NAME ]]; then - HELMFILE_ARGS="$HELMFILE_ARGS -e $ENV_NAME " + HELMFILE_ARGS="${HELMFILE_ARGS} -e ${ENV_NAME} " elif [[ -v ARGOCD_ENV_ENV_NAME ]]; then - HELMFILE_ARGS="$HELMFILE_ARGS -e $ARGOCD_ENV_ENV_NAME " + HELMFILE_ARGS="${HELMFILE_ARGS} -e ${ARGOCD_ENV_ENV_NAME} " fi - helmfile $HELMFILE_ARGS template --include-crds -q . - lockRepo: false + if [[ -v ARGOCD_ENV_HELMFILE_FILE ]]; then + HELMFILE_ARGS="${HELMFILE_ARGS} -f ${ARGOCD_ENV_HELMFILE_FILE} " + else + HELMFILE_ARGS="${HELMFILE_ARGS} -f ${ARGOCD_ENV_HELMFILE_FILE}.failed " + fi + helmfile ${HELMFILE_ARGS} template --include-crds --include-needs -q repoServer: extraContainers: - name: helmfile # use image from https://github.com/helmfile/helmfile - image: ghcr.io/helmfile/helmfile:latest + image: ghcr.io/helmfile/helmfile-debian-stable-slim:v0.162.0 # Entrypoint should be Argo CD lightweight CMP server i.e. argocd-cmp-server command: ["/var/run/argocd/argocd-cmp-server"] env: diff --git a/helmfile.d/releases/01-core/helmfile.yaml b/helmfile.d/releases/01-core/helmfile.yaml index 41601b2..608227d 100644 --- a/helmfile.d/releases/01-core/helmfile.yaml +++ b/helmfile.d/releases/01-core/helmfile.yaml @@ -9,15 +9,24 @@ repositories: url: https://kubernetes.github.io/ingress-nginx - name: jetstack url: https://charts.jetstack.io -- name: prometheus-community - url: https://prometheus-community.github.io/helm-charts -- name: grafana - url: https://grafana.github.io/helm-charts - name: argo url: https://argoproj.github.io/argo-helm releases: # +# namespaces +# +- name: namespaces + chart: ../../../charts/raw + version: {{ .Values.core_namespaces | get "chart_version" nil | quote }} + namespace: kube-system + createNamespace: true + verify: false + missingFileHandler: Warn + installed: {{ .Values.core_namespaces.installed }} + values: + - "{{`{{ .Release.Name }}`}}-values.yaml.gotmpl" +# # ingress-nginx for public apps # - name: {{ .Values.ingress_nginx.name | quote }} @@ -62,6 +71,7 @@ releases: version: {{ .Values.cert_manager_issuer | get "chart_version" nil | quote }} namespace: {{ .Values.cert_manager_issuer.namespace }} createNamespace: true + verify: false missingFileHandler: Warn installed: {{ .Values.cert_manager_issuer.installed }} needs: @@ -70,51 +80,6 @@ releases: - "{{`{{ .Release.Name }}`}}-values.yaml.gotmpl" - "env/{{ .Environment.Name }}/{{`{{ .Release.Name }}`}}-values.yaml.gotmpl" -- name: loki - chart: grafana/loki - version: {{ .Values.loki | get "chart_version" nil | quote }} - namespace: {{ .Values.loki.namespace }} - createNamespace: true - missingFileHandler: Warn - installed: {{ .Values.loki.installed }} - needs: - - "{{ .Values.prometheus.ingress_namespace }}/{{ .Values.prometheus.ingress_name }}" - values: - - "{{`{{ .Release.Name }}`}}-values.yaml.gotmpl" - - "env/{{ .Environment.Name }}/{{`{{ .Release.Name }}`}}-values.yaml.gotmpl" - -- name: prometheus - chart: prometheus-community/kube-prometheus-stack - version: {{ .Values.prometheus | get "chart_version" nil | quote }} - namespace: {{ .Values.prometheus.namespace }} - createNamespace: true - installed: {{ .Values.prometheus.installed }} - missingFileHandler: Warn - needs: - - "{{ .Values.loki.namespace }}/loki" - - "{{ .Values.prometheus.ingress_namespace }}/{{ .Values.prometheus.ingress_name }}" - values: - - "{{`{{ .Release.Name }}`}}-values.yaml.gotmpl" - - "env/{{ .Environment.Name }}/{{`{{ .Release.Name }}`}}-values.yaml.gotmpl" -# -# Uncomment to enable secrets values -# - secrets: - - "../../../secrets/env/{{ .Environment.Name }}/grafana-secrets.yaml.enc" - -- name: promtail - chart: grafana/promtail - version: {{ .Values.promtail | get "chart_version" nil | quote }} - namespace: {{ .Values.promtail.namespace }} - createNamespace: true - missingFileHandler: Warn - installed: {{ .Values.promtail.installed }} - needs: - - "{{ .Values.loki.namespace }}/loki" - values: - - "{{`{{ .Release.Name }}`}}-values.yaml.gotmpl" - - "env/{{ .Environment.Name }}/{{`{{ .Release.Name }}`}}-values.yaml.gotmpl" - - name: argocd chart: argo/argo-cd version: {{ .Values.argocd | get "chart_version" nil | quote }} @@ -123,6 +88,7 @@ releases: missingFileHandler: Warn installed: {{ .Values.argocd.installed }} needs: + # - kube-system/namespaces - "{{ .Values.argocd.ingress_namespace }}/{{ .Values.argocd.ingress_name }}" - "{{ .Values.cert_manager.namespace }}/cert-manager-issuers" values: diff --git a/helmfile.d/releases/01-core/loki-values.yaml.gotmpl b/helmfile.d/releases/01-core/loki-values.yaml.gotmpl index 4ee2f04..86e88e3 100644 --- a/helmfile.d/releases/01-core/loki-values.yaml.gotmpl +++ b/helmfile.d/releases/01-core/loki-values.yaml.gotmpl @@ -17,3 +17,20 @@ loki: reporting_enabled: false singleBinary: replicas: 1 + +monitoring: + selfMonitoring: + grafanaAgent: + annotations: + argocd.argoproj.io/hook: PreSync + +{{- /* +test: + enabled: false +monitoring: + selfMonitoring: + enabled: false + grafanaAgent: + installOperator: false + +*/ -}} diff --git a/helmfile.d/releases/01-core/namespaces-values.yaml.gotmpl b/helmfile.d/releases/01-core/namespaces-values.yaml.gotmpl new file mode 100644 index 0000000..5083030 --- /dev/null +++ b/helmfile.d/releases/01-core/namespaces-values.yaml.gotmpl @@ -0,0 +1,24 @@ +--- +templates: +{{- range $namespace, $values := .Environment.Values.core_namespaces.namespaces }} + {{/* Don't mess with Kubernetes builtin namespaces while still allow to deploy to it */}} + {{ $isBuiltinNamespace := or (eq (hasPrefix "kube-" $namespace) true) (eq $namespace "default") }} + {{/* All builtin namespaces are system namespaces */}} + {{ $isSystemNamespace := $values | get "systemNamespace" $isBuiltinNamespace }} + {{- if eq $isBuiltinNamespace false }} + - | + apiVersion: v1 + kind: Namespace + metadata: + name: {{ $namespace }} + {{- $labels := $values | get "labels" dict }} + {{- $labels := mergeOverwrite $labels (dict "kubernetes.io/metadata.name" $namespace) }} + {{- with $labels }} + labels: + name: {{ $namespace }} + {{- range $k, $v := . }} + {{ $k }}: {{ $v | quote }} + {{- end }} + {{- end }} + {{- end }} +{{- end }}{{- /* end range namespaces */}} diff --git a/helmfile.d/releases/01-core/prometheus-values.yaml.gotmpl b/helmfile.d/releases/01-core/prometheus-values.yaml.gotmpl index dd3b6ba..8904a6d 100644 --- a/helmfile.d/releases/01-core/prometheus-values.yaml.gotmpl +++ b/helmfile.d/releases/01-core/prometheus-values.yaml.gotmpl @@ -4,6 +4,9 @@ */ -}} +crds: + enabled: false + prometheusOperator: {{- if hasKey .Values.prometheus "node_selector" }} nodeSelector: {{ toYaml ((.Values).prometheus).node_selector | nindent 4 }} diff --git a/helmfile.d/releases/10-sample-whoami/helmfile.yaml b/helmfile.d/releases/10-sample-whoami/helmfile.yaml index 6716b77..acab3d2 100644 --- a/helmfile.d/releases/10-sample-whoami/helmfile.yaml +++ b/helmfile.d/releases/10-sample-whoami/helmfile.yaml @@ -7,6 +7,7 @@ bases: releases: - name: whoami chart: ../../../charts/whoami + namespace: whoami createNamespace: true missingFileHandler: Warn installed: {{ .Values | get "whoami.installed" "false" }} diff --git a/helmfile.d/releases/loki/README.md b/helmfile.d/releases/loki/README.md new file mode 100644 index 0000000..48a2f7d --- /dev/null +++ b/helmfile.d/releases/loki/README.md @@ -0,0 +1,4 @@ +# Configurations + +Helms releases included: +- loki diff --git a/helmfile.d/releases/loki/env/README.md b/helmfile.d/releases/loki/env/README.md new file mode 100644 index 0000000..840595d --- /dev/null +++ b/helmfile.d/releases/loki/env/README.md @@ -0,0 +1,4 @@ +# override values per environment-release + +env/${ENV}/${RELEASE}-values.yaml +env/${ENV}/${RELEASE}-values.yaml.gotmpl diff --git a/helmfile.d/releases/loki/helmfile.yaml b/helmfile.d/releases/loki/helmfile.yaml new file mode 100644 index 0000000..0e727de --- /dev/null +++ b/helmfile.d/releases/loki/helmfile.yaml @@ -0,0 +1,24 @@ +--- +bases: + - ../../bases/helmDefaults.yaml + - ../../bases/environments.yaml + +--- +repositories: +- name: grafana + url: https://grafana.github.io/helm-charts + +releases: +- name: loki + chart: grafana/loki + version: {{ .Values.loki | get "chart_version" nil | quote }} + namespace: {{ .Values.loki.namespace }} + createNamespace: true + missingFileHandler: Warn + installed: {{ .Values.loki.installed }} + needs: + # - kube-system/namespaces + # - "{{ .Values.prometheus.ingress_namespace }}/{{ .Values.prometheus.ingress_name }}" + values: + - "{{`{{ .Release.Name }}`}}-values.yaml.gotmpl" + - "env/{{ .Environment.Name }}/{{`{{ .Release.Name }}`}}-values.yaml.gotmpl" diff --git a/helmfile.d/releases/loki/loki-values.yaml.gotmpl b/helmfile.d/releases/loki/loki-values.yaml.gotmpl new file mode 100644 index 0000000..86e88e3 --- /dev/null +++ b/helmfile.d/releases/loki/loki-values.yaml.gotmpl @@ -0,0 +1,36 @@ +{{- /* + + See: https://github.com/grafana/loki/blob/main/production/helm/loki/values.yaml + +*/ -}} + +loki: + auth_enabled: false + commonConfig: + replication_factor: 1 + storage: + type: 'filesystem' +{{- if hasKey .Values.loki "node_selector" }} + nodeSelector: {{ toYaml ((.Values).loki).node_selector | nindent 4 }} +{{- end }} + analytics: + reporting_enabled: false +singleBinary: + replicas: 1 + +monitoring: + selfMonitoring: + grafanaAgent: + annotations: + argocd.argoproj.io/hook: PreSync + +{{- /* +test: + enabled: false +monitoring: + selfMonitoring: + enabled: false + grafanaAgent: + installOperator: false + +*/ -}} diff --git a/helmfile.d/releases/prometheus-stack/README.md b/helmfile.d/releases/prometheus-stack/README.md new file mode 100644 index 0000000..68a2b86 --- /dev/null +++ b/helmfile.d/releases/prometheus-stack/README.md @@ -0,0 +1,57 @@ +# Configurations + +Helms releases included: +- ingress-nginx +- cert-manager +- cert-manager-issuers +- loki +- promtail +- prometheus, grafana, alertmanager + +Needs Dependencies: +- loki need ingress +- promtail need loki +- prometheus/grafana needs ingress, and loki + + +Environment Values Specifications: + - common: + - all default values for all releases + + - default: + - the default environment when helmfile cli is launched without arguments + - all releases are disabled. Nothing deployed + + - local: + - local environment used with KinD: configuration with ingress-nginx out of the box. + - One default ingress-nginx, hosted on ctrl plane and local port exposed on 80/443 + + - dev: (example) + - dev environment used with KinD + - no workload on ctrl plane + - public ingress on one worker node (label: ingress-app): local port exposed on 80/443 + - private ingress on another worker node (label: ingress-admin): local port exposed on 81/444 + - all core workloads are hosted on admin worker node only + +## Directory Structure +helmfile.yaml define: +- repositories +- releases values +- release dependencies order (needs) + +Values releases can be defined as: +- raw values file : myrelease-values.yaml +- gotmpl template values: + - myrelease-values.yaml.gotmpl : contains default values for helm charts + - env/{{ environment }-myrelease-values.gotmpl: contains environments values for helmcharts + +All environement values are defined in WORKDIR/helmfile.d/environments/ directory + +## ingress-nginx specifications +- local environement: Values to work on local KinD configuration: https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/manifest-templates/provider/kind/values.yaml + In case, of default configuration local forwarded port hosted on ctrl plane (tolerations, and nodeSelector/labels must be provided) + Ref: https://github.com/kubernetes-sigs/kind/issues/1693#issuecomment-1768116494 + +- Other configurations supported: + - multiple separated ingress (example: public and private): + specify ingressClass per ingress diff --git a/helmfile.d/releases/prometheus-stack/env/README.md b/helmfile.d/releases/prometheus-stack/env/README.md new file mode 100644 index 0000000..840595d --- /dev/null +++ b/helmfile.d/releases/prometheus-stack/env/README.md @@ -0,0 +1,4 @@ +# override values per environment-release + +env/${ENV}/${RELEASE}-values.yaml +env/${ENV}/${RELEASE}-values.yaml.gotmpl diff --git a/helmfile.d/releases/prometheus-stack/helmfile.yaml b/helmfile.d/releases/prometheus-stack/helmfile.yaml new file mode 100644 index 0000000..c77decb --- /dev/null +++ b/helmfile.d/releases/prometheus-stack/helmfile.yaml @@ -0,0 +1,38 @@ +--- +bases: + - ../../bases/helmDefaults.yaml + - ../../bases/environments.yaml + +--- +repositories: +- name: prometheus-community + url: https://prometheus-community.github.io/helm-charts + +releases: +- name: prometheus-operator-crds + chart: prometheus-community/prometheus-operator-crds + version: {{ .Values.prometheus_operator_crds | get "chart_version" nil | quote }} + namespace: {{ .Values.prometheus_operator_crds.namespace }} + createNamespace: true + installed: {{ .Values.prometheus_operator_crds.installed }} + +- name: prometheus + chart: prometheus-community/kube-prometheus-stack + version: {{ .Values.prometheus | get "chart_version" nil | quote }} + namespace: {{ .Values.prometheus.namespace }} + createNamespace: true + installed: {{ .Values.prometheus.installed }} + missingFileHandler: Warn +# needs: +# # - kube-system/namespaces +# - "{{ .Values.prometheus_operator_crds.namespace }}/prometheus-operator-crds" +# - "{{ .Values.loki.namespace }}/loki" +# #- "{{ .Values.prometheus.ingress_namespace }}/{{ .Values.prometheus.ingress_name }}" + values: + - "{{`{{ .Release.Name }}`}}-values.yaml.gotmpl" + - "env/{{ .Environment.Name }}/{{`{{ .Release.Name }}`}}-values.yaml.gotmpl" +# +# Uncomment to enable secrets values +# + secrets: + - "../../../secrets/env/{{ .Environment.Name }}/grafana-secrets.yaml.enc" diff --git a/helmfile.d/releases/prometheus-stack/prometheus-values.yaml.gotmpl b/helmfile.d/releases/prometheus-stack/prometheus-values.yaml.gotmpl new file mode 100644 index 0000000..b37051f --- /dev/null +++ b/helmfile.d/releases/prometheus-stack/prometheus-values.yaml.gotmpl @@ -0,0 +1,120 @@ +{{- /* + + See: https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml + +*/ -}} + +crds: + enabled: true + +prometheusOperator: +{{- if hasKey .Values.prometheus "node_selector" }} + nodeSelector: {{ toYaml ((.Values).prometheus).node_selector | nindent 4 }} +{{- else }} + nodeSelector: {} +{{- end }} +{{- if hasKey .Values.prometheus "tolerations" }} + tolerations: {{ toYaml ((.Values).prometheus).tolerations | nindent 4 }} +{{- end }} + +kube-state-metrics: +{{- if hasKey .Values.prometheus "node_selector" }} + nodeSelector: {{ toYaml ((.Values).prometheus).node_selector | nindent 4 }} +{{- else }} + nodeSelector: {} +{{- end }} +{{- if hasKey .Values.prometheus "tolerations" }} + tolerations: {{ toYaml ((.Values).prometheus).tolerations | nindent 4 }} +{{- end }} + +prometheus: + enabled: true + ingress: + enabled: true + ingressClassName: {{ .Values.prometheus.ingress_class | quote }} + annotations: + kubernetes.io/ingress.class: {{ .Values.prometheus.ingress_class | quote }} + nginx.ingress.kubernetes.io/ssl-redirect: "false" +{{- if hasKey .Values.prometheus "prometheus" }} +{{- if hasKey .Values.prometheus.prometheus "annotations" }} + {{ toYaml ((.Values).prometheus).prometheus.annotations | nindent 6 }} +{{- end }} +{{- if hasKey .Values.prometheus.prometheus "tls" }} + tls: {{ toYaml ((.Values).prometheus.prometheus).tls | nindent 6 }} +{{- end }} +{{- if hasKey .Values.prometheus.prometheus "hosts" }} + hosts: {{ toYaml ((.Values).prometheus.prometheus).hosts | nindent 6 }} +{{- end }} +{{- end }} + paths: ['/'] + + prometheusSpec: + externalUrl: "http://{{ .Values.prometheus.prometheus_hostname }}" + routePrefix: / + +{{- if hasKey .Values.prometheus "node_selector" }} + nodeSelector: {{ toYaml ((.Values).prometheus).node_selector | nindent 6 }} +{{- end }} +{{- if hasKey .Values.prometheus "tolerations" }} + tolerations: {{ toYaml ((.Values).prometheus).tolerations | nindent 6 }} +{{- end }} + +alertmanager: + ingress: + enabled: true + ingressClassName: {{ .Values.prometheus.ingress_class | quote }} + annotations: + kubernetes.io/ingress.class: {{ .Values.prometheus.ingress_class | quote }} + nginx.ingress.kubernetes.io/ssl-redirect: "false" +{{- if hasKey .Values.prometheus "alertmanager" }} +{{- if hasKey .Values.prometheus.alertmanager "annotations" }} + {{ toYaml ((.Values).prometheus).alertmanager.annotations | nindent 6 }} +{{- end }} +{{- if hasKey .Values.prometheus.alertmanager "tls" }} + tls: {{ toYaml ((.Values).prometheus.alertmanager).tls | nindent 6 }} +{{- end }} +{{- if hasKey .Values.prometheus.alertmanager "hosts" }} + hosts: {{ toYaml ((.Values).prometheus.alertmanager).hosts | nindent 6 }} +{{- end }} +{{- end }} + alertmanagerSpec: + externalUrl: "http://{{ .Values.prometheus.alertmanager_hostname }}" + + routePrefix: / +{{- if hasKey .Values.prometheus "node_selector" }} + nodeSelector: {{ toYaml ((.Values).prometheus).node_selector | nindent 6 }} +{{- end }} +{{- if hasKey .Values.prometheus "tolerations" }} + tolerations: {{ toYaml ((.Values).prometheus).tolerations | nindent 6 }} +{{- end }} + +grafana: + ingress: + enabled: true + ingressClassName: {{ .Values.prometheus.ingress_class | quote }} + annotations: + kubernetes.io/ingress.class: {{ .Values.prometheus.ingress_class | quote }} + nginx.ingress.kubernetes.io/ssl-redirect: "false" +{{- if hasKey .Values.prometheus "grafana" }} +{{- if hasKey .Values.prometheus.grafana "annotations" }} + {{ toYaml ((.Values).prometheus).grafana.annotations | nindent 6 }} +{{- end }} +{{- if hasKey .Values.prometheus.grafana "tls" }} + tls: {{ toYaml ((.Values).prometheus.grafana).tls | nindent 6 }} +{{- end }} +{{- if hasKey .Values.prometheus.grafana "hosts" }} + hosts: {{ toYaml ((.Values).prometheus.grafana).hosts | nindent 6 }} +{{- end }} +{{- end }} +{{- if hasKey .Values.prometheus "node_selector" }} + nodeSelector: {{ toYaml ((.Values).prometheus).node_selector | nindent 4 }} +{{- end }} +{{- if hasKey .Values.prometheus "tolerations" }} + tolerations: {{ toYaml ((.Values).prometheus).tolerations | nindent 4 }} +{{- end }} + + additionalDataSources: + - name: loki + type: loki + access: proxy + url: "http://loki.{{ .Values.loki | get "namespace" "default" }}.svc:3100" diff --git a/helmfile.d/releases/prometheus-stack/prometheus-values.yaml.gotmpl.orig b/helmfile.d/releases/prometheus-stack/prometheus-values.yaml.gotmpl.orig new file mode 100644 index 0000000..56ef5d9 --- /dev/null +++ b/helmfile.d/releases/prometheus-stack/prometheus-values.yaml.gotmpl.orig @@ -0,0 +1,99 @@ +{{- /* + + See: https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml + +*/ -}} + +prometheusOperator: +{{- if hasKey .Values.prometheus "node_selector" }} + nodeSelector: {{ toYaml ((.Values).prometheus).node_selector | nindent 4 }} +{{- else }} + nodeSelector: {} +{{- end }} +{{- if hasKey .Values.prometheus "tolerations" }} + tolerations: {{ toYaml ((.Values).prometheus).tolerations | nindent 4 }} +{{- end }} + +kube-state-metrics: +{{- if hasKey .Values.prometheus "node_selector" }} + nodeSelector: {{ toYaml ((.Values).prometheus).node_selector | nindent 4 }} +{{- else }} + nodeSelector: {} +{{- end }} +{{- if hasKey .Values.prometheus "tolerations" }} + tolerations: {{ toYaml ((.Values).prometheus).tolerations | nindent 4 }} +{{- end }} + +prometheus: + enabled: true + ingress: + enabled: true + ingressClassName: {{ .Values.prometheus.ingress_class | quote }} + annotations: + kubernetes.io/ingress.class: {{ .Values.prometheus.ingress_class | quote }} + nginx.ingress.kubernetes.io/ssl-redirect: "false" + hosts: + - {{ .Values.prometheus.prometheus_hostname | quote }} + paths: ['/prometheus'] # does not need regex capture like others + + prometheusSpec: + externalUrl: "http://{{ .Values.prometheus.prometheus_hostname }}/prometheus" + routePrefix: /prometheus + +{{- if hasKey .Values.prometheus "node_selector" }} + nodeSelector: {{ toYaml ((.Values).prometheus).node_selector | nindent 6 }} +{{- end }} +{{- if hasKey .Values.prometheus "tolerations" }} + tolerations: {{ toYaml ((.Values).prometheus).tolerations | nindent 6 }} +{{- end }} + +alertmanager: + ingress: + enabled: true + ingressClassName: {{ .Values.prometheus.ingress_class | quote }} + annotations: + kubernetes.io/ingress.class: {{ .Values.prometheus.ingress_class | quote }} + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + paths: ['/alertmanager(/|$)(.*)'] + + hosts: + - {{ .Values.prometheus.alertmanager_hostname | quote }} + alertmanagerSpec: + externalUrl: "http://{{ .Values.prometheus.alertmanager_hostname }}/alertmanager" + + routePrefix: / +{{- if hasKey .Values.prometheus "node_selector" }} + nodeSelector: {{ toYaml ((.Values).prometheus).node_selector | nindent 6 }} +{{- end }} +{{- if hasKey .Values.prometheus "tolerations" }} + tolerations: {{ toYaml ((.Values).prometheus).tolerations | nindent 6 }} +{{- end }} + +grafana: + ingress: + enabled: true + ingressClassName: {{ .Values.prometheus.ingress_class | quote }} + annotations: + kubernetes.io/ingress.class: {{ .Values.prometheus.ingress_class | quote }} + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "false" + hosts: + - {{ .Values.prometheus.grafana_hostname | quote }} + path: "/grafana(/|$)(.*)" + env: + GF_SERVER_ROOT_URL: "http://localhost:3000/grafana/" + GF_SERVER_SERVE_FROM_SUB_PATH: "false" +{{- if hasKey .Values.prometheus "node_selector" }} + nodeSelector: {{ toYaml ((.Values).prometheus).node_selector | nindent 4 }} +{{- end }} +{{- if hasKey .Values.prometheus "tolerations" }} + tolerations: {{ toYaml ((.Values).prometheus).tolerations | nindent 4 }} +{{- end }} + + additionalDataSources: + - name: loki + type: loki + access: proxy + url: "http://loki.{{ .Values.loki | get "namespace" "default" }}.svc:3100" diff --git a/helmfile.d/releases/promtail/README.md b/helmfile.d/releases/promtail/README.md new file mode 100644 index 0000000..68a2b86 --- /dev/null +++ b/helmfile.d/releases/promtail/README.md @@ -0,0 +1,57 @@ +# Configurations + +Helms releases included: +- ingress-nginx +- cert-manager +- cert-manager-issuers +- loki +- promtail +- prometheus, grafana, alertmanager + +Needs Dependencies: +- loki need ingress +- promtail need loki +- prometheus/grafana needs ingress, and loki + + +Environment Values Specifications: + - common: + - all default values for all releases + + - default: + - the default environment when helmfile cli is launched without arguments + - all releases are disabled. Nothing deployed + + - local: + - local environment used with KinD: configuration with ingress-nginx out of the box. + - One default ingress-nginx, hosted on ctrl plane and local port exposed on 80/443 + + - dev: (example) + - dev environment used with KinD + - no workload on ctrl plane + - public ingress on one worker node (label: ingress-app): local port exposed on 80/443 + - private ingress on another worker node (label: ingress-admin): local port exposed on 81/444 + - all core workloads are hosted on admin worker node only + +## Directory Structure +helmfile.yaml define: +- repositories +- releases values +- release dependencies order (needs) + +Values releases can be defined as: +- raw values file : myrelease-values.yaml +- gotmpl template values: + - myrelease-values.yaml.gotmpl : contains default values for helm charts + - env/{{ environment }-myrelease-values.gotmpl: contains environments values for helmcharts + +All environement values are defined in WORKDIR/helmfile.d/environments/ directory + +## ingress-nginx specifications +- local environement: Values to work on local KinD configuration: https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/manifest-templates/provider/kind/values.yaml + In case, of default configuration local forwarded port hosted on ctrl plane (tolerations, and nodeSelector/labels must be provided) + Ref: https://github.com/kubernetes-sigs/kind/issues/1693#issuecomment-1768116494 + +- Other configurations supported: + - multiple separated ingress (example: public and private): + specify ingressClass per ingress diff --git a/helmfile.d/releases/promtail/env/README.md b/helmfile.d/releases/promtail/env/README.md new file mode 100644 index 0000000..840595d --- /dev/null +++ b/helmfile.d/releases/promtail/env/README.md @@ -0,0 +1,4 @@ +# override values per environment-release + +env/${ENV}/${RELEASE}-values.yaml +env/${ENV}/${RELEASE}-values.yaml.gotmpl diff --git a/helmfile.d/releases/promtail/helmfile.yaml b/helmfile.d/releases/promtail/helmfile.yaml new file mode 100644 index 0000000..47cb808 --- /dev/null +++ b/helmfile.d/releases/promtail/helmfile.yaml @@ -0,0 +1,21 @@ +--- +bases: + - ../../bases/helmDefaults.yaml + - ../../bases/environments.yaml + +--- +repositories: +- name: grafana + url: https://grafana.github.io/helm-charts + +releases: +- name: promtail + chart: grafana/promtail + version: {{ .Values.promtail | get "chart_version" nil | quote }} + namespace: {{ .Values.promtail.namespace }} + createNamespace: true + missingFileHandler: Warn + installed: {{ .Values.promtail.installed }} + values: + - "{{`{{ .Release.Name }}`}}-values.yaml.gotmpl" + - "env/{{ .Environment.Name }}/{{`{{ .Release.Name }}`}}-values.yaml.gotmpl" diff --git a/helmfile.d/releases/promtail/promtail-values.yaml.gotmpl b/helmfile.d/releases/promtail/promtail-values.yaml.gotmpl new file mode 100644 index 0000000..81e7f0d --- /dev/null +++ b/helmfile.d/releases/promtail/promtail-values.yaml.gotmpl @@ -0,0 +1,3 @@ +config: + clients: + - url: "http://loki.{{ .Values.loki | get "namespace" "default" }}.svc:3100/loki/api/v1/push" diff --git a/secrets/ca-issuer-key-pair.yaml.tmpl b/secrets/ca-issuer-key-pair.yaml.tmpl index 15306a2..4941460 100644 --- a/secrets/ca-issuer-key-pair.yaml.tmpl +++ b/secrets/ca-issuer-key-pair.yaml.tmpl @@ -3,6 +3,9 @@ apiVersion: v1 kind: Namespace metadata: name: $CERT_MANAGER_NAMESPACE + labels: + name: $CERT_MANAGER_NAMESPACE + kubernetes.io/metadata.name: $CERT_MANAGER_NAMESPACE --- apiVersion: v1 kind: Secret