helmfile/infra/helmfile.yaml - pcloud - Gitiles

 repositories:
 - name: appscode
   url: https://charts.appscode.com/stable/
 - name: ingress-nginx
   url: https://kubernetes.github.io/ingress-nginx
 - name: jetstack
   url: https://charts.jetstack.io
 - name: bwolf
   url: https://bwolf.github.io/cert-manager-webhook-gandi
 - name: metallb
   url: https://metallb.github.io/metallb
 - name: longhorn
   url: https://charts.longhorn.io
 - name: ory
   url: https://k8s.ory.sh/helm/charts
 - name: csi-driver-smb
   url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts

 helmDefaults:
   tillerless: true
   waitForJobs: false
   createNamespace: true

 releases:
 - name: metallb
   chart: metallb/metallb
   version: 0.11.0
   namespace: {{ .Values.name }}-networking-metallb
   values:
   - fullnameOverride: {{ .Values.name }}-metallb
   - configInline:
       address-pools:
       - name: default
         protocol: layer2
         addresses:
         - {{ .Values.loadBalancerIPRange }}
   - controller:
       image:
         repository: quay.io/metallb/controller
         tag: v0.11
         pullPolicy: IfNotPresent
   - speaker:
       image:
         repository: quay.io/metallb/speaker
         tag: v0.11
         pullPolicy: IfNotPresent
 - name: ingress-public
   chart: ingress-nginx/ingress-nginx
   version: 4.0.3
   namespace: {{ .Values.name }}-ingress-public
   values:
   - fullnameOverride: {{ .Values.name }}-ingress-public
   - controller:
       service:
         type: LoadBalancer
       ingressClassByName: true
       ingressClassResource:
         name: {{ .Values.name }}-ingress-public
         enabled: true
         default: false
         controllerValue: k8s.io/{{ .Values.name }}-ingress-public
       config:
         proxy-body-size: 100M
   - udp:
       6881: "lekva-app-torrent:torrent:6881" # TODO(giolekva): namespace
   - tcp:
       25: {{ .Values.name }}-mail-gateway/maddy:25
       6881: "lekva-app-torrent:torrent:6881" # TODO(giolekva): namespace
 - name: kubed
   chart: appscode/kubed
   version: v0.12.0
   namespace: {{ .Values.name }}-kubed
   values:
   - enableAnalytics: false
   - fullnameOverride: {{ .Values.name }}-kubed
   - operator:
       registry: appscode
       repository: kubed
       tag: v0.12.0
   - criticalAddon: true
   - config:
       clusterName: {{ .Values.name }}
 - name: cert-manager
   chart: jetstack/cert-manager
   version: v1.6
   namespace: {{ .Values.name }}-cert-manager
   values:
   - installCRDs: true
   - fullnameOverride: {{ .Values.name}}-cert-manager
   - image:
       tag: v1.6.1
       pullPolicy: IfNotPresent
   - resources:
       requests:
         cpu: "100m"
         memory: "50M"
       limits:
         cpu: "250m"
         memory: "150M"
   - tolerations:
     - key: "pcloud"
       operator: "Equal"
       value: "role"
       effect: "NoSchedule"
   - cainjector:
       resources:
         requests:
           cpu: "100m"
           memory: "50M"
         limits:
           cpu: "250m"
           memory: "150M"
       tolerations:
       - key: "pcloud"
         operator: "Equal"
         value: "role"
         effect: "NoSchedule"
   - webhook:
       resources:
         requests:
           cpu: "100m"
           memory: "50M"
         limits:
           cpu: "250m"
           memory: "150M"
       tolerations:
       - key: "pcloud"
         operator: "Equal"
         value: "role"
         effect: "NoSchedule"
 - name: cert-manager-gandi
   chart: bwolf/cert-manager-webhook-gandi
   version: v0.2.0
   namespace: {{ .Values.name }}-cert-manager
   values:
   - certManager:
       namespace: {{ .Values.name }}-cert-manager
       serviceAccountName: {{ .Values.name }}-cert-manager
   - fullnameOverride: {{ .Values.name }}-cert-manager-webhook-gandi
   - image:
       repository: giolekva/cert-manager-webhook-gandi
       tag: v0.2.0
       pullPolicy: IfNotPresent
   - logLevel: 2
   - resources:
       requests:
         cpu: "100m"
         memory: "50M"
       limits:
         cpu: "250m"
         memory: "150M"
   - tolerations:
     - key: "pcloud"
       operator: "Equal"
       value: "role"
       effect: "NoSchedule"
 - name: longhorn
   chart: longhorn/longhorn
   version: v1.1.2
   # TODO(giolekva): pcloud-storage-longhorn ? https://github.com/longhorn/longhorn/issues/2034
   namespace: longhorn-system
   values:
   - defaultSettings:
       defaultDataPath: {{ .Values.storageDir }}
   - persistence:
       defaultClassReplicaCount: 2
   - service:
       ui:
         type: LoadBalancer
   - ingress:
       # TODO(giolekva): maybe run separate Nebula network for pcloud infrastructure services?
       enabled: false
 - name: mail-gateway
   chart: ../../charts/mail-gateway
   namespace: {{ .Values.name }}-mail-gateway
   values:
   - domains:
       primary:
         name: lekva.me
         namespace: lekva-app-maddy
         mx: mail.lekva.me
         certificateIssuer: lekva-public
       others:
       - name: shve.li
         namespace: shveli-app-maddy
   - persistence:
       size: 100Gi
 - name: oauth2-manager
   chart: ory/hydra-maester
   version: v0.20.1
   namespace: {{ .Values.name }}-oauth2-manager
   values:
   - fullnameOverride: {{ .Values.name }}-hydra-maester
   - image:
       repository: giolekva/ory-hydra-maester
       tag: latest
       pullPolicy: IfNotPresent
   - adminService:
       name: hydra # IGNORED
       port: 80
 - name: nebula-controller
   chart: ../../charts/nebula
   namespace: {{ .Values.name }}-nebula-controller
   values:
   - controller:
       image:
         repository: giolekva/nebula-controller
         tag: latest
         pullPolicy: Always
   - manage:
       image:
         repository: giolekva/nebula-web
         tag: latest
         pullPolicy: Always
 - name: csi-driver-smb
   chart: csi-driver-smb/csi-driver-smb
   version: v1.5.0
   namespace: pcloud-csi-driver-smb

 environments:
   prod:
     values:
     - name: pcloud
     - loadBalancerIPRange: 192.168.0.200-192.168.0.250
     - storageDir: /pcloud-storage/longhorn
	repositories:
	- name: appscode
	url: https://charts.appscode.com/stable/
	- name: ingress-nginx
	url: https://kubernetes.github.io/ingress-nginx
	- name: jetstack
	url: https://charts.jetstack.io
	- name: bwolf
	url: https://bwolf.github.io/cert-manager-webhook-gandi
	- name: metallb
	url: https://metallb.github.io/metallb
	- name: longhorn
	url: https://charts.longhorn.io
	- name: ory
	url: https://k8s.ory.sh/helm/charts
	- name: csi-driver-smb
	url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts

	helmDefaults:
	tillerless: true
	waitForJobs: false
	createNamespace: true

	releases:
	- name: metallb
	chart: metallb/metallb
	version: 0.11.0
	namespace: {{ .Values.name }}-networking-metallb
	values:
	- fullnameOverride: {{ .Values.name }}-metallb
	- configInline:
	address-pools:
	- name: default
	protocol: layer2
	addresses:
	- {{ .Values.loadBalancerIPRange }}
	- controller:
	image:
	repository: quay.io/metallb/controller
	tag: v0.11
	pullPolicy: IfNotPresent
	- speaker:
	image:
	repository: quay.io/metallb/speaker
	tag: v0.11
	pullPolicy: IfNotPresent
	- name: ingress-public
	chart: ingress-nginx/ingress-nginx
	version: 4.0.3
	namespace: {{ .Values.name }}-ingress-public
	values:
	- fullnameOverride: {{ .Values.name }}-ingress-public
	- controller:
	service:
	type: LoadBalancer
	ingressClassByName: true
	ingressClassResource:
	name: {{ .Values.name }}-ingress-public
	enabled: true
	default: false
	controllerValue: k8s.io/{{ .Values.name }}-ingress-public
	config:
	proxy-body-size: 100M
	- udp:
	6881: "lekva-app-torrent:torrent:6881" # TODO(giolekva): namespace
	- tcp:
	25: {{ .Values.name }}-mail-gateway/maddy:25
	6881: "lekva-app-torrent:torrent:6881" # TODO(giolekva): namespace
	- name: kubed
	chart: appscode/kubed
	version: v0.12.0
	namespace: {{ .Values.name }}-kubed
	values:
	- enableAnalytics: false
	- fullnameOverride: {{ .Values.name }}-kubed
	- operator:
	registry: appscode
	repository: kubed
	tag: v0.12.0
	- criticalAddon: true
	- config:
	clusterName: {{ .Values.name }}
	- name: cert-manager
	chart: jetstack/cert-manager
	version: v1.6
	namespace: {{ .Values.name }}-cert-manager
	values:
	- installCRDs: true
	- fullnameOverride: {{ .Values.name}}-cert-manager
	- image:
	tag: v1.6.1
	pullPolicy: IfNotPresent
	- resources:
	requests:
	cpu: "100m"
	memory: "50M"
	limits:
	cpu: "250m"
	memory: "150M"
	- tolerations:
	- key: "pcloud"
	operator: "Equal"
	value: "role"
	effect: "NoSchedule"
	- cainjector:
	resources:
	requests:
	cpu: "100m"
	memory: "50M"
	limits:
	cpu: "250m"
	memory: "150M"
	tolerations:
	- key: "pcloud"
	operator: "Equal"
	value: "role"
	effect: "NoSchedule"
	- webhook:
	resources:
	requests:
	cpu: "100m"
	memory: "50M"
	limits:
	cpu: "250m"
	memory: "150M"
	tolerations:
	- key: "pcloud"
	operator: "Equal"
	value: "role"
	effect: "NoSchedule"
	- name: cert-manager-gandi
	chart: bwolf/cert-manager-webhook-gandi
	version: v0.2.0
	namespace: {{ .Values.name }}-cert-manager
	values:
	- certManager:
	namespace: {{ .Values.name }}-cert-manager
	serviceAccountName: {{ .Values.name }}-cert-manager
	- fullnameOverride: {{ .Values.name }}-cert-manager-webhook-gandi
	- image:
	repository: giolekva/cert-manager-webhook-gandi
	tag: v0.2.0
	pullPolicy: IfNotPresent
	- logLevel: 2
	- resources:
	requests:
	cpu: "100m"
	memory: "50M"
	limits:
	cpu: "250m"
	memory: "150M"
	- tolerations:
	- key: "pcloud"
	operator: "Equal"
	value: "role"
	effect: "NoSchedule"
	- name: longhorn
	chart: longhorn/longhorn
	version: v1.1.2
	# TODO(giolekva): pcloud-storage-longhorn ? https://github.com/longhorn/longhorn/issues/2034
	namespace: longhorn-system
	values:
	- defaultSettings:
	defaultDataPath: {{ .Values.storageDir }}
	- persistence:
	defaultClassReplicaCount: 2
	- service:
	ui:
	type: LoadBalancer
	- ingress:
	# TODO(giolekva): maybe run separate Nebula network for pcloud infrastructure services?
	enabled: false
	- name: mail-gateway
	chart: ../../charts/mail-gateway
	namespace: {{ .Values.name }}-mail-gateway
	values:
	- domains:
	primary:
	name: lekva.me
	namespace: lekva-app-maddy
	mx: mail.lekva.me
	certificateIssuer: lekva-public
	others:
	- name: shve.li
	namespace: shveli-app-maddy
	- persistence:
	size: 100Gi
	- name: oauth2-manager
	chart: ory/hydra-maester
	version: v0.20.1
	namespace: {{ .Values.name }}-oauth2-manager
	values:
	- fullnameOverride: {{ .Values.name }}-hydra-maester
	- image:
	repository: giolekva/ory-hydra-maester
	tag: latest
	pullPolicy: IfNotPresent
	- adminService:
	name: hydra # IGNORED
	port: 80
	- name: nebula-controller
	chart: ../../charts/nebula
	namespace: {{ .Values.name }}-nebula-controller
	values:
	- controller:
	image:
	repository: giolekva/nebula-controller
	tag: latest
	pullPolicy: Always
	- manage:
	image:
	repository: giolekva/nebula-web
	tag: latest
	pullPolicy: Always
	- name: csi-driver-smb
	chart: csi-driver-smb/csi-driver-smb
	version: v1.5.0
	namespace: pcloud-csi-driver-smb

	environments:
	prod:
	values:
	- name: pcloud
	- loadBalancerIPRange: 192.168.0.200-192.168.0.250
	- storageDir: /pcloud-storage/longhorn