charts: install helm releases in main namespace
diff --git a/core/installer/values-tmpl/certificate-issuer.yaml b/core/installer/values-tmpl/certificate-issuer.yaml
index 61134eb..06729ff 100644
--- a/core/installer/values-tmpl/certificate-issuer.yaml
+++ b/core/installer/values-tmpl/certificate-issuer.yaml
@@ -2,11 +2,12 @@
kind: HelmRelease
metadata:
name: certificate-issuer
- namespace: {{ .Global.NamespacePrefix }}ingress-private
+ namespace: {{ .Global.Id }}
spec:
+ targetNamespace: {{ .Global.NamespacePrefix }}ingress-private
dependsOn:
- name: ingress-private
- namespace: {{ .Global.NamespacePrefix }}ingress-private
+ namespace: {{ .Global.Id }}
chart:
spec:
chart: charts/certificate-issuer
diff --git a/core/installer/values-tmpl/core-auth-storage.yaml b/core/installer/values-tmpl/core-auth-storage.yaml
index a29d269..77aaa7e 100644
--- a/core/installer/values-tmpl/core-auth-storage.yaml
+++ b/core/installer/values-tmpl/core-auth-storage.yaml
@@ -22,8 +22,9 @@
kind: HelmRelease
metadata:
name: core-auth-storage
- namespace: {{ .Global.NamespacePrefix }}core-auth
+ namespace: {{ .Global.Id }}
spec:
+ targetNamespace: {{ .Global.NamespacePrefix }}core-auth
dependsOn:
- name: namespaces-core-auth
namespace: {{ .Global.Id }}
diff --git a/core/installer/values-tmpl/core-auth.yaml b/core/installer/values-tmpl/core-auth.yaml
index 1dcdef7..53c8ca9 100644
--- a/core/installer/values-tmpl/core-auth.yaml
+++ b/core/installer/values-tmpl/core-auth.yaml
@@ -2,8 +2,12 @@
kind: HelmRelease
metadata:
name: core-auth
- namespace: {{ .Global.NamespacePrefix }}core-auth
+ namespace: {{ .Global.Id }}
spec:
+ targetNamespace: {{ .Global.NamespacePrefix }}core-auth
+ dependsOn:
+ - name: core-auth-storage
+ namespace: {{ .Global.Id }}
chart:
spec:
chart: charts/auth
@@ -11,9 +15,6 @@
kind: GitRepository
name: pcloud
namespace: {{ .Global.Id }}
- dependsOn:
- - name: core-auth-storage
- namespace: {{ .Global.NamespacePrefix }}core-auth
interval: 1m0s
values:
kratos:
diff --git a/core/installer/values-tmpl/headscale.yaml b/core/installer/values-tmpl/headscale.yaml
index 5c8a333..cecd068 100644
--- a/core/installer/values-tmpl/headscale.yaml
+++ b/core/installer/values-tmpl/headscale.yaml
@@ -22,10 +22,9 @@
kind: HelmRelease
metadata:
name: headscale
- namespace: {{ .Global.NamespacePrefix }}app-headscale
- annotations:
- version: 2-with-oidc-hydra-admin
+ namespace: {{ .Global.Id }}
spec:
+ targetNamespace: {{ .Global.NamespacePrefix }}app-headscale
dependsOn:
- name: namespaces-headscale
namespace: {{ .Global.Id }}
diff --git a/core/installer/values-tmpl/ingress-private.jsonschema b/core/installer/values-tmpl/ingress-private.jsonschema
index c89f310..46ae9c3 100644
--- a/core/installer/values-tmpl/ingress-private.jsonschema
+++ b/core/installer/values-tmpl/ingress-private.jsonschema
@@ -2,7 +2,6 @@
"type": "object",
"properties": {
"GandiAPIToken": { "type": "string" },
- "TailscaleAuthKey": { "type": "string" }
},
"additionalProperties": false
}
diff --git a/core/installer/values-tmpl/ingress-private.yaml b/core/installer/values-tmpl/ingress-private.yaml
index e0fd9af..55405ac 100644
--- a/core/installer/values-tmpl/ingress-private.yaml
+++ b/core/installer/values-tmpl/ingress-private.yaml
@@ -21,14 +21,37 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
- name: ingress-private
- namespace: {{ .Global.NamespacePrefix }}ingress-private
+ name: volumes-ingress-private
+ namespace: {{ .Global.Id }}
spec:
+ targetNamespace: {{ .Global.NamespacePrefix }}ingress-private
dependsOn:
- name: namespaces-ingress-private
namespace: {{ .Global.Id }}
chart:
spec:
+ chart: charts/volumes
+ sourceRef:
+ kind: GitRepository
+ name: pcloud
+ namespace: {{ .Global.Id }}
+ interval: 1m0s
+ values:
+ name: tailscale
+ size: 1Gi
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: ingress-private
+ namespace: {{ .Global.Id }}
+spec:
+ targetNamespace: {{ .Global.NamespacePrefix }}ingress-private
+ dependsOn:
+ - name: volumes-ingress-private
+ namespace: {{ .Global.Id }}
+ chart:
+ spec:
chart: charts/ingress-nginx
sourceRef:
kind: GitRepository
@@ -49,6 +72,13 @@
controllerValue: k8s.io/{{ .Global.Id }}-ingress-private
extraArgs:
default-ssl-certificate: "{{ .Global.Id }}-ingress-private/cert-wildcard.p.{{ .Global.Domain }}"
+ extraVolumes:
+ - name: tailscale
+ persistentVolumeClaim:
+ claimName: tailscale
+ extraVolumeMounts:
+ - name: tailscale
+ mountPath: /tailscale-state
extraContainers:
- name: tailscale
image: tailscale/tailscale:v1.42.0
@@ -59,5 +89,9 @@
add:
- NET_ADMIN
env:
+ - name: TS_KUBE_SECRET
+ value: ""
+ - name: TS_STATE_DIR
+ value: /tailscale-state
- name: TS_EXTRA_ARGS
value: --hostname={{ .Global.PCloudEnvName }}-ingress --login-server=headscale.{{ .Global.Domain }} # TODO(gio): take headscale subdomain from configuration
diff --git a/core/installer/values-tmpl/ingress-public.yaml b/core/installer/values-tmpl/ingress-public.yaml
index 010bed9..43ae8bc 100644
--- a/core/installer/values-tmpl/ingress-public.yaml
+++ b/core/installer/values-tmpl/ingress-public.yaml
@@ -22,8 +22,9 @@
kind: HelmRelease
metadata:
name: ingress-public
- namespace: {{ .Values.NamespacePrefix }}ingress-public
+ namespace: {{ .Global.Id }}
spec:
+ targetNamespace: {{ .Values.NamespacePrefix }}ingress-public
dependsOn:
- name: namespaces-ingress-public
namespace: {{ .Global.Id }}
diff --git a/core/installer/values-tmpl/jellyfin.yaml b/core/installer/values-tmpl/jellyfin.yaml
index 9743bff..2ef63ee 100644
--- a/core/installer/values-tmpl/jellyfin.yaml
+++ b/core/installer/values-tmpl/jellyfin.yaml
@@ -22,8 +22,9 @@
kind: HelmRelease
metadata:
name: jellyfin
- namespace: {{ .Global.NamespacePrefix }}app-jellyfin
+ namespace: {{ .Global.Id }}
spec:
+ targetNamespace: {{ .Global.NamespacePrefix }}app-jellyfin
dependsOn:
- name: namespaces-jellyfin
namespace: {{ .Global.Id }}
diff --git a/core/installer/values-tmpl/maddy.yaml b/core/installer/values-tmpl/maddy.yaml
index 73ad395..c7d8dd7 100644
--- a/core/installer/values-tmpl/maddy.yaml
+++ b/core/installer/values-tmpl/maddy.yaml
@@ -22,8 +22,9 @@
kind: HelmRelease
metadata:
name: maddy
- namespace: {{ .Values.NamespacePrefix }}app-maddy
+ namespace: {{ .Global.Id }}
spec:
+ targetNamespace: {{ .Global.NamespacePrefix }}app-maddy
dependsOn:
- name: namespaces-maddy
namespace: {{ .Global.Id }}
diff --git a/core/installer/values-tmpl/matrix-storage.yaml b/core/installer/values-tmpl/matrix-storage.yaml
index 0684427..87f1657 100644
--- a/core/installer/values-tmpl/matrix-storage.yaml
+++ b/core/installer/values-tmpl/matrix-storage.yaml
@@ -22,8 +22,9 @@
kind: HelmRelease
metadata:
name: matrix-storage
- namespace: {{ .Values.NamespacePrefix }}app-matrix
+ namespace: {{ .Global.Id }}
spec:
+ targetNamespace: {{ .Global.NamespacePrefix }}app-matrix
dependsOn:
- name: namespaces-matrix
namespace: {{ .Global.Id }}
diff --git a/core/installer/values-tmpl/matrix.yaml b/core/installer/values-tmpl/matrix.yaml
index 8cdefad..ecc36fe 100644
--- a/core/installer/values-tmpl/matrix.yaml
+++ b/core/installer/values-tmpl/matrix.yaml
@@ -2,24 +2,25 @@
kind: HelmRelease
metadata:
name: matrix
- namespace: {{ .Values.NamespacePrefix }}app-matrix
+ namespace: {{ .Global.Id }}
spec:
+ targetNamespace: {{ .Global.NamespacePrefix }}app-matrix
+ dependsOn:
+ - name: matrix-storage
+ namespace: {{ .Global.Id }}
chart:
spec:
chart: charts/matrix
sourceRef:
kind: GitRepository
name: pcloud
- namespace: {{ .Values.Id }}
- dependsOn:
- - name: matrix-storage
- namespace: {{ .Values.NamespacePrefix }}app-matrix
+ namespace: {{ .Global.Id }}
interval: 1m0s
values:
- domain: {{ .Values.Domain }}
+ domain: {{ .Global.Domain }}
oauth2:
- hydraAdmin: http://hydra-admin.{{ .Values.NamespacePrefix}}core-auth.svc.cluster.local
- hydraPublic: https://hydra.{{ .Values.Domain }}
+ hydraAdmin: http://hydra-admin.{{ .Global.NamespacePrefix }}core-auth.svc.cluster.local
+ hydraPublic: https://hydra.{{ .Global.Domain }}
clientId: matrix
clientSecret: {{ .Values.MatrixOAuth2ClientSecret }}
secretName: oauth2-client
@@ -29,8 +30,8 @@
database: matrix
user: postgres
password: psswd
- certificateIssuer: {{ .Values.Id }}-public
- ingressClassName: {{ .Values.PCloudEnvName }}-ingress-public
+ certificateIssuer: {{ .Global.Id }}-public
+ ingressClassName: {{ .Global.PCloudEnvName }}-ingress-public
configMerge:
configName: config-to-merge
fileName: to-merge.yaml
diff --git a/core/installer/values-tmpl/pihole.yaml b/core/installer/values-tmpl/pihole.yaml
index ad34321..16e7abf 100644
--- a/core/installer/values-tmpl/pihole.yaml
+++ b/core/installer/values-tmpl/pihole.yaml
@@ -22,8 +22,9 @@
kind: HelmRelease
metadata:
name: pihole
- namespace: {{ .Global.NamespacePrefix }}app-pihole
+ namespace: {{ .Global.Id }}
spec:
+ targetNamespace: {{ .Global.NamespacePrefix }}
dependsOn:
- name: namespaces-pihole
namespace: {{ .Global.Id }}
diff --git a/core/installer/values-tmpl/qbittorrent.yaml b/core/installer/values-tmpl/qbittorrent.yaml
index 57b6e12..346a933 100644
--- a/core/installer/values-tmpl/qbittorrent.yaml
+++ b/core/installer/values-tmpl/qbittorrent.yaml
@@ -22,8 +22,9 @@
kind: HelmRelease
metadata:
name: qbittorrent
- namespace: {{ .Global.NamespacePrefix }}app-qbittorrent
+ namespace: {{ .Global.Id }}
spec:
+ namespace: {{ .Global.NamespacePrefix }}app-qbittorrent
dependsOn:
- name: namespaces-qbittorrent
namespace: {{ .Global.Id }}
diff --git a/core/installer/values-tmpl/rpuppy.yaml b/core/installer/values-tmpl/rpuppy.yaml
index 4c2efda..69d1dad 100644
--- a/core/installer/values-tmpl/rpuppy.yaml
+++ b/core/installer/values-tmpl/rpuppy.yaml
@@ -22,8 +22,9 @@
kind: HelmRelease
metadata:
name: rpuppy
- namespace: {{ .Global.NamespacePrefix }}app-rpuppy
+ namespace: {{ .Global.Id }}
spec:
+ targetNamespace: {{ .Global.NamespacePrefix }}app-rpuppy
dependsOn:
- name: namespaces-rpuppy
namespace: {{ .Global.Id }}
diff --git a/core/installer/values-tmpl/vaultwarden.yaml b/core/installer/values-tmpl/vaultwarden.yaml
index 301b122..71046d4 100644
--- a/core/installer/values-tmpl/vaultwarden.yaml
+++ b/core/installer/values-tmpl/vaultwarden.yaml
@@ -22,8 +22,9 @@
kind: HelmRelease
metadata:
name: vaultwarden
- namespace: {{ .Global.NamespacePrefix }}app-vaultwarden
+ namespace: {{ .Global.Id }}
spec:
+ targetNamespace: {{ .Global.NamespacePrefix }}app-vaultwarden
dependsOn:
- name: namespaces-vaultwarden
namespace: {{ .Global.Id }}