App/chartmuseum (#950)

* update ingress for chartmuseum * update ingress for chartmuseum * update chartmuseum using helm chart
2024-09-06 18:09:12 +10:00
parent b56063b06e
commit 3a9f5cb46c
9 changed files with 108 additions and 108 deletions
--- a/apps/chartmuseum/base/deployment.yaml
+++ b/apps/chartmuseum/base/deployment.yaml
@@ -1,45 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: chartmuseum
-  namespace: chartmuseum
-  labels:
-    app.kubernetes.io/name: chartmuseum
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: chartmuseum
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: chartmuseum
-    spec:
-      securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-      containers:
-        - name: homer
-          image: ghcr.io/helm/chartmuseum:v0.16.2
-          securityContext:
-            allowPrivilegeEscalation: false
-          env:
-            - name: DEBUG
-              value: "1"
-            - name: STORAGE
-              value: "local"
-            - name: STORAGE_LOCAL_ROOTDIR
-              value: "/charts"
-          ports:
-            - protocol: TCP
-              containerPort: 8080
-              name: http
-          volumeMounts:
-            - name: charts
-              mountPath: /charts
-      volumes:
-        - name: charts
-          hostPath:
-            path: /mnt/nfs/AppData/chartmuseum/charts
-            type: Directory
-      nodeSelector:
-        kubernetes.io/os: linux
--- a/apps/chartmuseum/base/kustomization.yaml
+++ b/apps/chartmuseum/base/kustomization.yaml
@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./deployment.yaml
-  - ./service.yaml
--- a/apps/chartmuseum/base/service.yaml
+++ b/apps/chartmuseum/base/service.yaml
@@ -1,20 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: chartmuseum
-  namespace: chartmuseum
-  annotations:
-    metallb.universe.tf/address-pool: k3s-cluster-ip-pool
-    metallb.universe.tf/allow-shared-ip: k3s-cluster
-  labels:
-    app.kubernetes.io/name: chartmuseum
-spec:
-  selector:
-    app.kubernetes.io/name: chartmuseum
-  type: LoadBalancer
-  internalTrafficPolicy: Cluster
-  ports:
-    - protocol: TCP
-      port: 8899
-      targetPort: 8080
-      name: http
--- a/apps/chartmuseum/env/k3s-cluster/ingress.yaml
+++ b/apps/chartmuseum/env/k3s-cluster/ingress.yaml
@@ -1,35 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: chartmuseum-ingress
-  namespace: chartmuseum
-  annotations:
-    nginx.ingress.kubernetes.io/ssl-redirect: "false"
-    nginx.ingress.kubernetes.io/use-regex: "true"
-spec:
-  ingressClassName: nginx
-  tls:
-    - hosts:
-        - "chartmuseum.cluster.edward.sydney"
-      secretName: "chartmuseum-tls"
-  rules:
-    - host: "chartmuseum.cluster.edward.sydney"
-      http:
-        paths:
-          - pathType: Prefix
-            path: "/"
-            backend:
-              service:
-                name: chartmuseum
-                port:
-                  number: 8899
-    - host: "chartmuseum.cluster.local"
-      http:
-        paths:
-          - pathType: Prefix
-            path: "/"
-            backend:
-              service:
-                name: chartmuseum
-                port:
-                  number: 8899
--- a/apps/chartmuseum/env/k3s-cluster/kustomization.yaml
+++ b/apps/chartmuseum/env/k3s-cluster/kustomization.yaml
@@ -1,5 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-resources:
-  - ../../base
-  - ./ingress.yaml
+helmCharts:
+  - name: chartmuseum
+    repo: https://chartmuseum.github.io/charts
+    version: 3.10.3
+    releaseName: chartmuseum
+    valuesFile: values.yaml
--- a/apps/chartmuseum/env/k3s-cluster/values.yaml
+++ b/apps/chartmuseum/env/k3s-cluster/values.yaml
@@ -0,0 +1,25 @@
+env:
+  open:
+    AUTH_ANONYMOUS_GET: true
+    CACHE: redis
+    CACHE_REDIS_ADDR: redis-master.redis.svc.cluster.local:6379
+    CACHE_REDIS_DB: chartmuseum
+  existingSecret: chartmuseum-secrets
+  existingSecretMappings:
+    BASIC_AUTH_USER: auth-user
+    BASIC_AUTH_PASS: auth-password
+    CACHE_REDIS_PASSWORD: redis-password
+deployment:
+service:
+  type: LoadBalancer
+  externalPort: 8899
+persistent:
+  enabled: true
+  existingClaim: chartmuseum-pvc
+ingress:
+  enabled: true
+  hosts:
+    - name: chartmuseum.cluster.edward.sydney
+      tls: true
+      tlsSecret: chartmuseum-tls
+  ingressClassName: nginx
--- a/resources/app-secrets/env/k3s-cluster/templates/chartmuseum-secrets.yaml
+++ b/resources/app-secrets/env/k3s-cluster/templates/chartmuseum-secrets.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  annotations:
+    sealedsecrets.bitnami.com/cluster-wide: "true"
+  creationTimestamp: null
+  name: chartmuseum-secrets
+  namespace: chartmuseum
+spec:
+  encryptedData:
+    auth-password: AgB4Pi+VpFytFfMCAed5SqLwFPvpAPPH2lznhPWtTfBgwUZwe2c14OeBTYeJp+u1dyOmkR751MH5czKHAkHrFbkFOATpTZoJpoUeS9LhTQ60d3yeQHHJEJRPR6d0Z5qsRa3julOxhGbZhxQQcG40bAD1n3c8UYWzrv0ct2YsYHQu6uQCkc6TR94kqsZfHiH40DMRVKMyJumWnpvxwAy5JH02p4C3l7sF204IVapkWFnA6Nv7HNZRBgmKoSU9whl9dnwPvgkHiLgS6RZysXSQ3Q/xIj28cs4WvBltoD5XBW0/9RPUMdM+tsBv5r2Vj99dhEXDLV9dDLYcxqc3G9D3iey4/106nro7P+WCAXKdW5EJ2DIHDmlqFwoMRM8Te97WZnnyYmdsxxpPff/tF62FjPSIxes/o/M6iSWiU0uWNTJPe0InrEhtyHMY0focbK6FN/t9O05VuRumWC8i3S1GS1dIgWsR8B2+9e6Pmf8jRGArYuuKMh6wQ1KqcuadYCP56GQNA9KgVamSxs6FxDOBeWLPcGQ2eVp81dBlDAKfVPPGOBXQqlkgh22Vcg3kSdMsbDmC3Ow+FPoXcUDr3hUt8H79P5CweXrJjn4aRtMah1J/j2CxqUO+fUTKTwDlHPX7th2lTL8Xw6c1BECuz9aDOhnR/sO6Gp7eWLdVIzr+yjv8q4rDH60hQ61LjS2R3697Kpm2zAauX/PQOrapCapwWxTNyWWF4ayuEck=
+    auth-user: AgCXfcKXd6TLL62lg/3/xCFOXnPsl6kAt48tTpBAxW4YjylpSM2IPTyalP5T0+ZdxemHe1z5Sa5pTFzIWp5p/qcovXBTTzdPNvQ0k10DSq8bCOfNVfGnbFn9wx/y8sWKQeAhZ4iPQyaWeQBXVd9eVn7oVfiVkG88wBE+gO7m2lPwYyFqksJHbbO3MH5pNHmx+ko/PrjY3KtE5zUcmDdsKzN2A+H3rx0a1LulGnWhPAV5vrI6z3/JUPB3CunglncKO1ywC8Sq8XPpnhK8MJxqOej/5oS7J1HbBnpY5DCIb2Jo3Mxc8ThLslVZaxO7GwWNdn1mvO2RtmGsCYCgr/wdP9/r2hDLEIg6VeaufsKTi3dYhyFHXTHN9SD7sPid0rUbF2NRgsgS0LzwIIAA1NgQ+ze4ho7MPI4XtSViL/+dpeVL0WtMWdXxSGEzbRikCS90s6M7UzTAbKEEDWUaIjsPXtJaU14kWQZ1K0ZrEQnMU0dPraAn0GHUOiz7h0n6WX2+hcsopPGodoSeSxnkrAsQJQXlRtjZy6Ic2GXBEaMGZCRo78vjy1HK6Tug4drVEOw5BhIJ6BJVCCnUrVk9tZoWO5lZK6qcSNPMsIuieWwoRi0R1SPSjYcvlDPjfiCuw5cl0EUImZ0j8O9tmfl51riilkZgXYUHCHBYsws7awXU6x5xW3u+NC9yJxOBoDMtdDviOX6uYcxbLUiQSRFUow==
+    redis-password: AgBfpHaVOpvERYuiWG5IPvjijdrOBjKwJmQRTSblWVz+pDQRS5OKBpjAvUH350y+CEuqoMx7jfD5OJrUhx/W9nkAT+Kmbp2txhEr7vhJ+kNbRBwyA34vdCYPwilCqRQmhDk6SVj0sBHx/gLoAFYYuy+RoT1Qc0g+I4nbqiQcAs9GaAbmiJbiv0fsL3hXRcxz5DUWwHlqIwMcVhkPyAt71Z/PWHRG/SFYoRXoKajb4+/k+U3Xz13n29KVQmU71zh5kHoN1npBlKO/lEvXXVRv9AaOy00k9GpDpjxdrqLevov++NlvvLWH+s4tKiNtkUQltnSCvCmFan5Ym93TC3D4QCJMUGn/GtEHlG05fCoJ4iTm2l/urZKCk8JLMbegOXDBPvdbbUh13BUwBcQgk+huztdjIUEJLTZH3xoVxKLmp1hPXsHqyMuvC9xe1dTgTNbciJeOKCWRJ2gpBC0HR0pikOvkVWWOIjhUYV+M1LN/gXa30FkUtMvnJ9QVC3gS6g+4iVAkFDQVHfsTLH3OeICucBilTUFXcan8Lt11u6NxNnt8MkMDWIgK7dRJ9UAnR7YRrHOBO4wTRd3XzkQH1Wa+JySrx/EvYmK73iPVbBb3/3ifGL9dcU/KJxzqkMuGRgCrKnds0rP7IiD0g6hRwPGKkFvqw7IQPnTV5AZYkhVytfUaxPCqcooQl5oTeDP1yiAW4BHmDnkZ2mPXN2Yhe42FtsMY1/nvIg==
+  template:
+    metadata:
+      annotations:
+        argocd.argoproj.io/sync-options: Prune=false
+        sealedsecrets.bitnami.com/cluster-wide: "true"
+        sealedsecrets.bitnami.com/managed: "true"
+      creationTimestamp: null
+      name: chartmuseum-secrets
+      namespace: chartmuseum
+    type: Opaque
--- a/resources/app-volumes/env/k3s-cluster/templates/chartmuseum-pv.yaml
+++ b/resources/app-volumes/env/k3s-cluster/templates/chartmuseum-pv.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: chartmuseum-pv
+  namespace: chartmuseum
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 256Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/chartmuseum/charts"
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: chartmuseum-pvc
+    namespace: chartmuseum
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/arch
+              operator: In
+              values:
+                - amd64
+            - key: kubernetes.io/os
+              operator: In
+              values:
+                - linux
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - k3s-cluster-node-y
--- a/resources/app-volumes/env/k3s-cluster/templates/chartmuseum-pvc.yaml
+++ b/resources/app-volumes/env/k3s-cluster/templates/chartmuseum-pvc.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: chartmuseum-pvc
+  namespace: chartmuseum
+  labels:
+    name: chartmuseum-pvc
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 256Gi