update
diff --git a/charts/flux-bootstrap/.helmignore b/charts/flux-bootstrap/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/flux-bootstrap/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/flux-bootstrap/Chart.yaml b/charts/flux-bootstrap/Chart.yaml
new file mode 100644
index 0000000..26b3ff3
--- /dev/null
+++ b/charts/flux-bootstrap/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: flux-bootstrap
+description: A Helm chart to bootstrap Fluxcd on PCloud
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
diff --git a/charts/flux-bootstrap/templates/access-keys.yaml b/charts/flux-bootstrap/templates/access-keys.yaml
new file mode 100644
index 0000000..3a1a7f5
--- /dev/null
+++ b/charts/flux-bootstrap/templates/access-keys.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: access-keys
+ namespace: {{ .Release.Namespace }}
+data:
+ private.key: {{ toYaml .Values.privateKey | indent 2 }}
diff --git a/charts/flux-bootstrap/templates/fluxcd.yaml b/charts/flux-bootstrap/templates/fluxcd.yaml
new file mode 100644
index 0000000..85c3a1a
--- /dev/null
+++ b/charts/flux-bootstrap/templates/fluxcd.yaml
@@ -0,0 +1,54 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: fluxcd-bootstrap
+ namespace: {{ .Release.Namespace }}
+spec:
+ template:
+ spec:
+ volumes:
+ - name: access-keys
+ configMap:
+ name: access-keys
+ - name: known-hosts
+ configMap:
+ name: known-hosts
+ containers:
+ - name: fluxcd
+ image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ volumeMounts:
+ - name: access-keys
+ mountPath: /access-keys
+ - name: known-hosts
+ mountPath: /.ssh
+ env:
+ - name: SSH_KNOWN_HOSTS
+ value: /.ssh/known_hosts
+ command:
+ - flux
+ - bootstrap
+ - git
+ - --namespace={{ .Values.installationNamespace }}
+ - --url={{ .Values.repositoryAddress }}
+ - --branch={{ .Values.repository.branch }}
+ - --path={{ .Values.repository.path }}
+ - --private-key-file=/access-keys/private.key
+ - --ssh-key-algorithm=ed25519
+ - --silent
+ - --watch-all-namespaces
+ - --verbose
+ # - name: dbg
+ # image: debian:12.2
+ # imagePullPolicy: IfNotPresent
+ # volumeMounts:
+ # - name: access-keys
+ # mountPath: /access-keys
+ # - name: known-hosts
+ # mountPath: /.ssh
+ # env:
+ # - name: SSH_KNOWN_HOSTS
+ # value: /.ssh/known_hosts
+ # command: [ "/bin/bash", "-c", "--" ]
+ # args: [ "while true; do sleep 30; done;" ]
+ restartPolicy: Never
diff --git a/charts/flux-bootstrap/templates/known-hosts.yaml b/charts/flux-bootstrap/templates/known-hosts.yaml
new file mode 100644
index 0000000..072c0d6
--- /dev/null
+++ b/charts/flux-bootstrap/templates/known-hosts.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: known-hosts
+ namespace: {{ .Release.Namespace }}
+binaryData:
+ known_hosts: {{ .Values.repositoryHostPublicKeys | b64enc }}
diff --git a/charts/flux-bootstrap/templates/service-account.yaml b/charts/flux-bootstrap/templates/service-account.yaml
new file mode 100644
index 0000000..a2168eb
--- /dev/null
+++ b/charts/flux-bootstrap/templates/service-account.yaml
@@ -0,0 +1,41 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: flux-bootstrap
+ namespace: {{ .Release.Namespace }}
+rules:
+ - apiGroups: ["apiextensions.k8s.io"]
+ resources: ["customresourcedefinitions"]
+ verbs: ["*"]
+ - apiGroups: [""]
+ resources: ["*"]
+ verbs: ["*"]
+ - apiGroups: ["rbac.authorization.k8s.io"]
+ resources: ["*"]
+ verbs: ["*"]
+ - apiGroups: ["apps"]
+ resources: ["*"]
+ verbs: ["*"]
+ - apiGroups: ["networking.k8s.io"]
+ resources: ["*"]
+ verbs: ["*"]
+ - apiGroups: ["kustomize.toolkit.fluxcd.io"]
+ resources: ["*"]
+ verbs: ["*"]
+ - apiGroups: ["source.toolkit.fluxcd.io"]
+ resources: ["*"]
+ verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: flux-bootstrap
+ namespace: {{ .Release.Namespace }}
+subjects:
+ - kind: ServiceAccount
+ name: default
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: flux-bootstrap
+ apiGroup: rbac.authorization.k8s.io
diff --git a/charts/flux-bootstrap/values.yaml b/charts/flux-bootstrap/values.yaml
new file mode 100644
index 0000000..8221196
--- /dev/null
+++ b/charts/flux-bootstrap/values.yaml
@@ -0,0 +1,13 @@
+image:
+ repository: giolekva/flux
+ tag: latest
+ pullPolicy: Always
+repositoryAddress: ""
+repositoryHost: ""
+positoryHostPublicKeys: []
+repository:
+ address: ssh://git@<host>/<org>/<repository>
+ branch: master
+ path: /
+privateKey: ""
+installationNamespace: pcloud-flux