diff --git a/apps/README.md b/apps/README.md index 7a09da93..123207ef 100644 --- a/apps/README.md +++ b/apps/README.md @@ -13,9 +13,10 @@ App Helmfile templates. export RANCHER_PASSWORD= helmfile apply -f \ -git::https://github.com/stuttgart-things/helm.git@apps/apps/homerun-base-stack.yaml.gotmpl \ +git::https://github.com/stuttgart-things/helm.git@apps/apps/rancher.yaml.gotmpl \ --state-values-set issuerName=cluster-issuer-approle \ ---state-values-set domain=demo-infra.sthings-vsphere.labul.sva.de \ --state-values-set bootstrapPassword={{ env "RANCHER_PASSWORD" | default "hall01234R@ncher" }} \ +--state-values-set domain=demo-infra.sthings-vsphere.labul.sva.de \ +--state-values-set bootstrapPassword={{ env "RANCHER_PASSWORD" | default "hall01234R@ncher" }} \ --state-values-set cacerts=LS0tLS1CRUdJTiBDRV#.. ``` diff --git a/apps/rancher.yaml.gotmpl b/apps/rancher.yaml.gotmpl index 8cab1550..a20ac047 100644 --- a/apps/rancher.yaml.gotmpl +++ b/apps/rancher.yaml.gotmpl @@ -9,7 +9,7 @@ environments: - issuerKind: ClusterIssuer - issuerName: vault-approle - cacerts: "" - - bootstrapPassword: "Adminpassword!123" + - bootstrapPassword: "Adminpassword!123" # pragma: allowlist secret - ingressClass: nginx - privateCA: true --- diff --git a/infra/README.md b/infra/README.md index 0f2d7f6f..1947c8d3 100644 --- a/infra/README.md +++ b/infra/README.md @@ -70,6 +70,12 @@ EOF ### w/ SELF-SIGNED +```bash +kubectl apply -k https://github.com/stuttgart-things/helm/infra/crds/cert-manager + +helmfile apply -f git::https://github.com/stuttgart-things/helm.git@infra/cert-manager.yaml.gotmpl --state-values-set installCrds=false +``` + ```bash cat < cert-manager-selfsigned.yaml --- diff --git a/infra/cert-manager.yaml.gotmpl b/infra/cert-manager.yaml.gotmpl index cb440250..1cbbdc7e 100644 --- a/infra/cert-manager.yaml.gotmpl +++ b/infra/cert-manager.yaml.gotmpl @@ -3,7 +3,7 @@ environments: default: values: - namespace: cert-manager - - version: v1.19.1 + - version: v1.19.2 - config: selfsigned - installCrds: true --- diff --git a/infra/ingress-nginx.yaml.gotmpl b/infra/ingress-nginx.yaml.gotmpl index 012bb10b..81ecff36 100644 --- a/infra/ingress-nginx.yaml.gotmpl +++ b/infra/ingress-nginx.yaml.gotmpl @@ -3,8 +3,9 @@ environments: default: values: - namespace: ingress-nginx - - version: 4.13.0 - - enableHostPort: false + - version: 4.14.1 + - enableKindHostPort: false + - enableNodePort: false --- releases: - name: ingress-nginx diff --git a/infra/values/ingress-nginx.values.yaml.gotmpl b/infra/values/ingress-nginx.values.yaml.gotmpl index cbadfc83..82cbefed 100644 --- a/infra/values/ingress-nginx.values.yaml.gotmpl +++ b/infra/values/ingress-nginx.values.yaml.gotmpl @@ -1,4 +1,4 @@ -{{- if .Values.enableHostPort }} +{{- if .Values.enableKindHostPort }} --- controller: nodeSelector: @@ -16,3 +16,22 @@ controller: hostPort: enabled: true # Enables direct binding to host ports {{- end }} + + +{{- if .Values.enableNodePort }} +--- +controller: + nodeSelector: + ingress-ready: "true" + node-role.kubernetes.io/control-plane: "true" # Matches real node + tolerations: + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" + service: + type: NodePort + admissionWebhooks: + enabled: false + hostPort: + enabled: true +{{- end }}