core-installer: bootstrap logic
Installs soft-serve git server and fluxcd.
Fluxcd stores all system resource configurations on soft-serve.
diff --git a/charts/flux-bootstrap/.helmignore b/charts/flux-bootstrap/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/flux-bootstrap/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/flux-bootstrap/Chart.yaml b/charts/flux-bootstrap/Chart.yaml
new file mode 100644
index 0000000..26b3ff3
--- /dev/null
+++ b/charts/flux-bootstrap/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: flux-bootstrap
+description: A Helm chart to bootstrap Fluxcd on PCloud
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
diff --git a/charts/flux-bootstrap/templates/access-keys.yaml b/charts/flux-bootstrap/templates/access-keys.yaml
new file mode 100644
index 0000000..3a1a7f5
--- /dev/null
+++ b/charts/flux-bootstrap/templates/access-keys.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: access-keys
+ namespace: {{ .Release.Namespace }}
+data:
+ private.key: {{ toYaml .Values.privateKey | indent 2 }}
diff --git a/charts/flux-bootstrap/templates/fluxcd.yaml b/charts/flux-bootstrap/templates/fluxcd.yaml
new file mode 100644
index 0000000..dfbc851
--- /dev/null
+++ b/charts/flux-bootstrap/templates/fluxcd.yaml
@@ -0,0 +1,36 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: fluxcd-bootstrap
+ namespace: {{ .Release.Namespace }}
+spec:
+ template:
+ spec:
+ volumes:
+ - name: access-keys
+ configMap:
+ name: access-keys
+ - name: known-hosts
+ configMap:
+ name: known-hosts
+ containers:
+ - name: fluxcd
+ image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ volumeMounts:
+ - name: access-keys
+ mountPath: /access-keys
+ - name: known-hosts
+ mountPath: /.ssh
+ env:
+ - name: SSH_KNOWN_HOSTS
+ value: /.ssh/known_hosts
+ command: ["./flux", "bootstrap", "git",
+ "--namespace={{ .Values.installationNamespace}}",
+ "--url={{ .Values.repositoryAddress }}",
+ "--branch={{ .Values.repository.branch }}",
+ "--path={{ .Values.repository.path }}",
+ "--private-key-file=/access-keys/private.key",
+ "--ssh-key-algorithm=ed25519",
+ "--verbose"]
+ restartPolicy: Never
diff --git a/charts/flux-bootstrap/templates/known-hosts.yaml b/charts/flux-bootstrap/templates/known-hosts.yaml
new file mode 100644
index 0000000..dc40b39
--- /dev/null
+++ b/charts/flux-bootstrap/templates/known-hosts.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: known-hosts
+ namespace: {{ .Release.Namespace }}
+data:
+ known_hosts: {{ printf "%s %s" .Values.repositoryHost .Values.repositoryHostPublicKey | toYaml | indent 2 }}
diff --git a/charts/flux-bootstrap/templates/service-account.yaml b/charts/flux-bootstrap/templates/service-account.yaml
new file mode 100644
index 0000000..2092b3c
--- /dev/null
+++ b/charts/flux-bootstrap/templates/service-account.yaml
@@ -0,0 +1,56 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: patch-customresourcedefinitions
+ namespace: {{ .Release.Namespace }}
+rules:
+ - apiGroups: ["apiextensions.k8s.io"]
+ resources: ["customresourcedefinitions"]
+ verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: flux-patch-customresourcedefinitions
+ namespace: {{ .Release.Namespace }}
+subjects:
+ - kind: ServiceAccount
+ name: default
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: patch-customresourcedefinitions
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: create-flux-resources
+ namespace: {{ .Release.Namespace }}
+rules:
+ - apiGroups: [""]
+ resources: ["*"]
+ verbs: ["*"]
+ - apiGroups: ["rbac.authorization.k8s.io"]
+ resources: ["*"]
+ verbs: ["*"]
+ - apiGroups: ["apps"]
+ resources: ["*"]
+ verbs: ["*"]
+ - apiGroups: ["networking.k8s.io"]
+ resources: ["*"]
+ verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: flux-create-flux-resources
+ namespace: {{ .Release.Namespace }}
+subjects:
+ - kind: ServiceAccount
+ name: default
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: create-flux-resources
+ apiGroup: rbac.authorization.k8s.io
diff --git a/charts/flux-bootstrap/values.yaml b/charts/flux-bootstrap/values.yaml
new file mode 100644
index 0000000..4b5fca1
--- /dev/null
+++ b/charts/flux-bootstrap/values.yaml
@@ -0,0 +1,13 @@
+image:
+ repository: giolekva/flux
+ tag: latest
+ pullPolicy: Always
+repositoryAddress: ""
+repositoryHost: ""
+positoryHostPublicKey: ""
+repository:
+ address: ssh://git@<host>/<org>/<repository>
+ branch: master
+ path: /
+privateKey: ""
+installationNamespace: pcloud-flux
diff --git a/charts/soft-serve/.helmignore b/charts/soft-serve/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/soft-serve/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/soft-serve/Chart.yaml b/charts/soft-serve/Chart.yaml
new file mode 100644
index 0000000..8afa8ca
--- /dev/null
+++ b/charts/soft-serve/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: soft-serve
+description: A Helm chart for git server to store PCloud configuration
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
diff --git a/charts/soft-serve/templates/keys.yaml b/charts/soft-serve/templates/keys.yaml
new file mode 100644
index 0000000..5a89250
--- /dev/null
+++ b/charts/soft-serve/templates/keys.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: keys
+ namespace: {{ .Release.Namespace }}
+data:
+ key: {{ toYaml .Values.privateKey | indent 2 }}
+ key.pub: {{ toYaml .Values.publicKey | indent 2 }}
diff --git a/charts/soft-serve/templates/service.yaml b/charts/soft-serve/templates/service.yaml
new file mode 100644
index 0000000..907d4af
--- /dev/null
+++ b/charts/soft-serve/templates/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: soft-serve
+ namespace: {{ .Release.Namespace }}
+spec:
+ type: LoadBalancer
+ selector:
+ app: soft-serve
+ ports:
+ - name: ssh
+ port: {{ .Values.port }}
+ protocol: TCP
diff --git a/charts/soft-serve/templates/stateful-set.yaml b/charts/soft-serve/templates/stateful-set.yaml
new file mode 100644
index 0000000..d66d232
--- /dev/null
+++ b/charts/soft-serve/templates/stateful-set.yaml
@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: soft-serve
+ namespace: {{ .Release.Namespace }}
+spec:
+ selector:
+ matchLabels:
+ app: soft-serve
+ serviceName: soft-serve
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: soft-serve
+ spec:
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: data
+ - name: keys
+ configMap:
+ name: keys
+ containers:
+ - name: soft-serve
+ image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+ imagePullPolicy: {{ .Values.image.pullPolicy}}
+ env:
+ - name: SOFT_SERVE_PORT
+ value: "{{ .Values.port }}"
+ - name: SOFT_SERVE_INITIAL_ADMIN_KEY
+ value: "{{ .Values.adminKey }}"
+ - name: SOFT_SERVE_KEY_PATH
+ value: /.ssh/key
+ - name: SOFT_SERVE_REPO_PATH
+ value: /var/lib/soft-serve/repos
+ ports:
+ - name: ssh
+ containerPort: {{ .Values.port }}
+ protocol: TCP
+ volumeMounts:
+ - name: data
+ mountPath: /var/lib/soft-serve
+ readOnly: false
+ - name: keys
+ mountPath: /.ssh
+ readOnly: true
diff --git a/charts/soft-serve/templates/volume.yaml b/charts/soft-serve/templates/volume.yaml
new file mode 100644
index 0000000..77f42c3
--- /dev/null
+++ b/charts/soft-serve/templates/volume.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: data
+ namespace: {{ .Release.Namespace }}
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: {{ .Values.storage.size }}
diff --git a/charts/soft-serve/values.yaml b/charts/soft-serve/values.yaml
new file mode 100644
index 0000000..ecac25a
--- /dev/null
+++ b/charts/soft-serve/values.yaml
@@ -0,0 +1,10 @@
+image:
+ repository: charmcli/soft-serve
+ tag: latest
+ pullPolicy: IfNotPresent
+storage:
+ size: 1Gi
+port: 22
+privateKey: ""
+publicKey: ""
+adminKey: ""