Skip to content

brainfood / k8s-helmfiles

Go to a project
Toggle navigation
Toggle navigation pinning
477934f6 by Adam Heath
Options

First pass of new set of helmfiles for composable installs.

1 parent ff4bd467
Inline Side-by-side
Showing 20 changed files with 568 additions and 0 deletions
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./restore-from-empty.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: mariadb-restore-from-empty
spec:
#replicas: 1
#progressDeadlineSeconds: 600
template:
spec:
restartPolicy: OnFailure
securityContext:
runAsUser: 0
runAsGroup: 0
volumes:
- name: mariadb-entrypoint-initdb
persistentVolumeClaim:
claimName: mariadb-entrypoint-initdb
- name: mariadb-scripts
configMap:
name: mariadb-scripts
defaultMode: 0755
containers:
- name: restore-from-empty
image: debian
command: ["/scripts/restore-from-empty"]
volumeMounts:
- name: mariadb-entrypoint-initdb
mountPath: /docker-entrypoint-initdb.d
- name: mariadb-scripts
mountPath: /scripts
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mariadb-config
data:
MARIADB_DATABASE: ""
MARIADB_USER: ""
---
apiVersion: v1
kind: Secret
metadata:
name: mariadb-secret
stringData:
MARIADB_PASSWORD: "CHANGEME"
MARIADB_ROOT_PASSWORD: "CHANGEME"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mariadb-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mariadb-entrypoint-initdb
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
environments:
default:
values:
- namespace: mariadb
namePrefix: "test-"
restoreFromEmpty:
enabled: true
mariadbServer:
jsonPatches: []
strategicMergePatches: []
rootPassword: CHANGEME
password: CHANGEME
database: CHANGEME
user: CHANGEME
images:
debian: "debian:bullseye-20211220"
mariadb: "mariadb"
---
releases:
- name: {{ .Values.namePrefix }}mariadb-restore-from-empty
namespace: {{ .Values.namespace }}
chart: charts/restore-from-empty
condition: restoreFromEmpty.enabled
values:
- set-common-values.yaml.gotmpl
strategicMergePatches:
- apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Values.namePrefix }}mariadb-restore-from-empty
namespace: {{ .Values.namespace }}
spec:
template:
spec:
volumes:
- name: mariadb-entrypoint-initdb
persistentVolumeClaim:
claimName: {{ .Values.namePrefix }}mariadb-entrypoint-initdb
- name: mariadb-scripts
configMap:
name: {{ .Values.namePrefix }}mariadb-scripts
- name: {{ .Values.namePrefix }}mariadb-server
namespace: {{ .Values.namespace }}
chart: .
values:
- set-common-values.yaml.gotmpl
jsonPatches:
{{- if not (empty (.Values.mariadbServer.jsonPatches)) }}
{{- .Values.mariadbServer.jsonPatches | toYaml | indent 6 }}
{{- end }}
strategicMergePatches:
- apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.namePrefix }}mariadb-server
namespace: {{ .Values.namespace }}
spec:
selector:
matchLabels:
app: {{ .Values.namePrefix }}mariadb-server
template:
metadata:
labels:
app: {{ .Values.namePrefix }}mariadb-server
spec:
volumes:
- name: mariadb-data
persistentVolumeClaim:
claimName: {{ .Values.namePrefix }}mariadb-data
- name: mariadb-config
configMap:
name: {{ .Values.namePrefix }}mariadb-config
- name: mariadb-scripts
configMap:
name: {{ .Values.namePrefix }}mariadb-scripts
- name: mariadb-secret
secret:
secretName: {{ .Values.namePrefix }}mariadb-secret
- apiVersion: v1
kind: Service
metadata:
name: {{ .Values.namePrefix }}mariadb
namespace: {{ .Values.namespace }}
spec:
selector:
app: {{ .Values.namePrefix }}mariadb-server
{{- if not (empty (.Values.mariadbServer.strategicMergePatches)) }}
{{- .Values.mariadbServer.strategicMergePatches | toYaml | indent 6 }}
{{- end }}
- apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.namePrefix }}mariadb-config
namespace: {{ .Values.namespace }}
data:
MARIADB_DATABASE: {{ .Values.mariadbServer.database }}
MARIADB_USER: {{ .Values.mariadbServer.user }}
- apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.namePrefix }}mariadb-secret
namespace: {{ .Values.namespace }}
stringData:
MARIADB_PASSWORD: {{ .Values.mariadbServer.password }}
MARIADB_ROOT_PASSWORD: {{ .Values.mariadbServer.rootPassword }}
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./config.yaml
- ./mariadb-server.yaml
generatorOptions:
disableNameSuffixHash: true
configMapGenerator:
- name: mariadb-scripts
files:
- ./scripts/wait-for-file
- ./scripts/mariadb-is-ready
- ./scripts/restore-from-empty
---
apiVersion: v1
kind: Service
metadata:
name: mariadb
spec:
selector:
app: mariadb-server
ports:
- name: mysql
protocol: TCP
port: 3306
targetPort: 3306
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mariadb-server
labels:
app: mariadb-server
spec:
replicas: 1
progressDeadlineSeconds: 600
selector:
matchLabels:
app: mariadb-server
template:
metadata:
labels:
app: mariadb-server
spec:
restartPolicy: Always
securityContext:
runAsUser: 0
runAsGroup: 0
volumes:
- name: mariadb-data
persistentVolumeClaim:
claimName: mariadb-data
- name: mariadb-entrypoint-initdb
persistentVolumeClaim:
claimName: mariadb-entrypoint-initdb
- name: mariadb-scripts
configMap:
name: mariadb-scripts
defaultMode: 0755
- name: mariadb-config
configMap:
name: mariadb-config
- name: mariadb-secret
secret:
secretName: mariadb-secret
- name: database-restore
emptyDir: {}
initContainers:
- name: wait-for-file
image: debian
command: ["/scripts/wait-for-file"]
volumeMounts:
- name: mariadb-entrypoint-initdb
mountPath: /docker-entrypoint-initdb.d
- name: mariadb-scripts
mountPath: /scripts
env:
- name: WAIT_FOR_FILE
value: /docker-entrypoint-initdb.d/.restored
containers:
- name: mariadb
image: mariadb
volumeMounts:
- name: mariadb-data
mountPath: /var/lib/mysql
- name: mariadb-config
mountPath: /var/mariadb-config
- name: mariadb-secret
mountPath: /var/mariadb-secret
- name: mariadb-entrypoint-initdb
mountPath: /docker-entrypoint-initdb.d
env:
- name: MARIADB_DATABASE_FILE
value: /var/mariadb-config/MARIADB_DATABASE
- name: MARIADB_USER_FILE
value: /var/mariadb-config/MARIADB_USER
- name: MARIADB_PASSWORD_FILE
value: /var/mariadb-secret/MARIADB_PASSWORD
- name: MARIADB_ROOT_PASSWORD_FILE
value: /var/mariadb-secret/MARIADB_ROOT_PASSWORD
#!/bin/sh
set -e
trap 'exit' TERM
check_mysqldb() {
mysql --connect-timeout=1 --host="${MYSQL_HOST}" --user="${MYSQL_USER}" --password="${MYSQL_PASSWORD}" --port="${MYSQL_PORT:-3306}" -e "SELECT 'Ok' AS 'Healthy'"
}
while ! check_mysqldb; do
echo "Waiting for database" 1>&2
sleep 1
count=5
while [ $count -gt 0 ] && ! check_mysqldb; do
count=$(($count - 1))
sleep 1
done
done
#!/bin/sh
set -e
touch /docker-entrypoint-initdb.d/.restored
#!/bin/sh
set -ex
trap 'exit' TERM
while ! [ -e $WAIT_FOR_FILE ]; do
echo "Waiting for file: $WAIT_FOR_FILE" 1>&2
sleep 1
count=5
while ! [ -e $WAIT_FOR_FILE && $count -gt 0 ]; do
count=$(($count - 1))
sleep 1
done
done
namePrefix: {{ .Values.namePrefix }}
namespace: {{ .Values.namespace }}
images:
- name: debian
newName: {{ .Values.images.debian }}
- name: mariadb
newName: {{ .Values.images.mariadb }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nfs-config
data:
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
environments:
default:
values:
- namespace: nfs-server
namePrefix: "test-"
images:
debian: "debian:bullseye-20211220"
volume-nfs: k8s.gcr.io/volume-nfs:0.8
---
releases:
- name: {{ .Values.namePrefix }}nfs-server
namespace: {{ .Values.namespace }}
chart: .
values:
- set-common-values.yaml.gotmpl
strategicMergePatches:
- apiVersion: v1
kind: ReplicationController
metadata:
name: {{ .Values.namePrefix }}nfs-server
namespace: {{ .Values.namespace }}
spec:
template:
spec:
volumes:
- name: nfs-data
persistentVolumeClaim:
claimName: {{ .Values.namePrefix }}nfs-data
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./config.yaml
- ./nfs-server.yaml
generatorOptions:
disableNameSuffixHash: true
configMapGenerator:
- name: nfs-scripts
files:
- ./scripts/wait-for-file
---
apiVersion: v1
kind: Service
metadata:
name: nfs-server
spec:
selector:
app: nfs-server
ports:
- name: mountd
port: 20048
- name: nfs
port: 2049
- name: rpcbind
port: 111
---
apiVersion: v1
kind: ReplicationController
metadata:
name: nfs-server
spec:
replicas: 1
selector:
app: nfs-server
template:
metadata:
labels:
app: nfs-server
spec:
volumes:
- name: nfs-data
persistentVolumeClaim:
claimName: nfs-data
containers:
- name: nfs-server
image: k8s.gcr.io/volume-nfs:0.8
ports:
- name: nfs
containerPort: 2049
- name: mountd
containerPort: 20048
- name: rpcbind
containerPort: 111
securityContext:
privileged: true
volumeMounts:
- name: nfs-data
mountPath: /exports
---
#!/bin/sh
set -ex
trap 'exit' TERM
while ! [ -e $WAIT_FOR_FILE ]; do
echo "Waiting for file: $WAIT_FOR_FILE" 1>&2
sleep 1
count=5
while ! [ -e $WAIT_FOR_FILE && $count -gt 0 ]; do
count=$(($count - 1))
sleep 1
done
done
namePrefix: {{ .Values.namePrefix }}
namespace: {{ .Values.namespace }}
images:
- name: debian
newName: {{ .Values.images.debian }}
- name: k8s.gcr.io/volume-nfs:0.8
newName: {{ .Values.images | get "volume-nfs" }}
apiVersion: v1
kind: ConfigMap
metadata:
name: wordpress-config
data:
WORDPRESS_DB_HOST: mariadb
WORDPRESS_DB_NAME: wordpress
WORDPRESS_DB_USER: wordpress
---
apiVersion: v1
kind: Secret
metadata:
name: wordpress-secret
stringData:
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_TABLE_PREFIX: wp_
---
environments:
default:
values:
- namespace: wordpress
namePrefix: "test-"
wordpress:
jsonPatches: []
strategicMergePatches: []
database:
name: "wordpress"
user: "wordpress"
password: "wordpress"
prefix: "wp_"
mariadbServer:
rootPassword: "CHANGEME"
---
helmfiles:
- path: ../mariadb-server/helmfile.yaml
values:
- namespace: {{ .Values.namespace }}
namePrefix: {{ .Values.namePrefix }}wordpress-
- mariadbServer:
rootPassword: {{ .Values.mariadbServer.rootPassword }}
database: {{ .Values.wordpress.database.name }}
user: {{ .Values.wordpress.database.user }}
password: {{ .Values.wordpress.database.password }}
releases:
- name: {{ .Values.namePrefix }}wordpress
namespace: {{ .Values.namespace }}
chart: .
values:
- set-common-values.yaml.gotmpl
jsonPatches:
{{- if not (empty (.Values.wordpress.jsonPatches)) }}
{{- .Values.wordpress.jsonPatches | toYaml | indent 6 }}
{{- end }}
strategicMergePatches:
- apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.namePrefix }}wordpress-config
namespace: {{ .Values.namespace }}
data:
WORDPRESS_DB_HOST: {{ .Values.namePrefix }}wordpress-mariadb
WORDPRESS_DB_NAME: {{ .Values.wordpress.database.name }}
WORDPRESS_DB_USER: {{ .Values.wordpress.database.user }}
- apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.namePrefix }}wordpress-secret
namespace: {{ .Values.namespace }}
stringData:
WORDPRESS_DB_PASSWORD: {{ .Values.wordpress.database.password }}
WORDPRESS_TABLE_PREFIX: {{ .Values.wordpress.database.prefix }}
{{- if not (empty (.Values.wordpress.strategicMergePatches)) }}
{{- .Values.wordpress.strategicMergePatches | toYaml | indent 6 }}
{{- end }}
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./config.yaml
generatorOptions:
disableNameSuffixHash: true
configMapGenerator:
namePrefix: {{ .Values.namePrefix }}
namespace: {{ .Values.namespace }}