diff --git a/.github/workflows/test-catalogs.yaml b/.github/workflows/test-catalogs.yaml new file mode 100644 index 00000000..588a29e4 --- /dev/null +++ b/.github/workflows/test-catalogs.yaml @@ -0,0 +1,23 @@ +name: Test Catalogs + +on: + pull_request: + branches: + - main + +jobs: + test-pras: + name: test pras + runs-on: ubuntu-latest + permissions: + contents: 'read' + steps: + - uses: actions/checkout@v2 + name: checkout repo + + - uses: extractions/setup-just@v2 + - uses: pluralsh/setup-plural@master + with: + vsn: 0.9.24 + + - run: just test diff --git a/Justfile b/Justfile new file mode 100644 index 00000000..3df1132f --- /dev/null +++ b/Justfile @@ -0,0 +1,2 @@ +test: + plural pr contracts --file test/contracts.yaml --validate \ No newline at end of file diff --git a/addons/cert-manager/.helmignore b/addons/cert-manager/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/addons/cert-manager/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/cert-manager/Chart.lock b/addons/cert-manager/Chart.lock deleted file mode 100644 index 9a337f81..00000000 --- a/addons/cert-manager/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: cert-manager - repository: https://charts.jetstack.io - version: v1.13.2 -digest: sha256:860d8ae85675519d4006829bbbaf3be6ff06912a563b5520aa87300d8aef293c -generated: "2023-11-08T11:41:30.981413-05:00" diff --git a/addons/cert-manager/Chart.yaml b/addons/cert-manager/Chart.yaml deleted file mode 100644 index 440b3905..00000000 --- a/addons/cert-manager/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -name: cert-manager -description: A Helm chart for Kubernetes -type: application -version: 0.1.0 -appVersion: "1.13.2" -dependencies: -- name: cert-manager - repository: https://charts.jetstack.io - version: v1.13.2 diff --git a/addons/cert-manager/addon.yaml b/addons/cert-manager/addon.yaml deleted file mode 100644 index 5e13534e..00000000 --- a/addons/cert-manager/addon.yaml +++ /dev/null @@ -1,8 +0,0 @@ -name: cert-manager -description: "automate the provisioning of certificates using lets encrypt throughout your k8s cluster" -global: true -icon: https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png -configuration: -- name: ownerEmail - type: string - documentation: the email cert issuance/expiry notifications are sent to \ No newline at end of file diff --git a/addons/cert-manager/charts/cert-manager-v1.13.2.tgz b/addons/cert-manager/charts/cert-manager-v1.13.2.tgz deleted file mode 100644 index d9ecd409..00000000 Binary files a/addons/cert-manager/charts/cert-manager-v1.13.2.tgz and /dev/null differ diff --git a/addons/cert-manager/templates/_helpers.tpl b/addons/cert-manager/templates/_helpers.tpl deleted file mode 100644 index aaa06284..00000000 --- a/addons/cert-manager/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "cert-manager-addon.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "cert-manager-addon.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "cert-manager-addon.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "cert-manager-addon.labels" -}} -helm.sh/chart: {{ include "cert-manager-addon.chart" . }} -{{ include "cert-manager-addon.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "cert-manager-addon.selectorLabels" -}} -app.kubernetes.io/name: {{ include "cert-manager-addon.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "cert-manager-addon.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "cert-manager-addon.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/addons/cert-manager/templates/issuers.yaml b/addons/cert-manager/templates/issuers.yaml deleted file mode 100644 index a27ee8f0..00000000 --- a/addons/cert-manager/templates/issuers.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-prod -spec: - acme: - email: {{ .Values.ownerEmail }} - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - # Secret resource that will be used to store the account's private key. - name: cert-manager-prod-key - solvers: - - http01: - ingress: - class: {{ .Values.ingressClass }} ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging -spec: - acme: - email: {{ .Values.ownerEmail }} - server: https://acme-staging-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: cert-manager-staging-key - solvers: - - http01: - ingress: - class: {{ .Values.ingressClass }} \ No newline at end of file diff --git a/addons/cert-manager/values.yaml b/addons/cert-manager/values.yaml deleted file mode 100644 index 339180df..00000000 --- a/addons/cert-manager/values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Default values for cert-manager. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -global: - leaderElection: - namespace: cert-manager - - podDnsPolicy: "None" - podDnsConfig: - nameservers: - - "1.1.1.1" - - "8.8.8.8" - -ownerEmail: someone@example.com -ingressClass: nginx - -cert-manager: - installCRDs: true diff --git a/addons/cert-manager/values.yaml.liquid b/addons/cert-manager/values.yaml.liquid deleted file mode 100644 index 42199fb8..00000000 --- a/addons/cert-manager/values.yaml.liquid +++ /dev/null @@ -1,5 +0,0 @@ -ownerEmail: {{ configuration.ownerEmail }} - -{% if configuration.ingressClass %} -ingresClass: {{ configuration.ingressClass }} -{% endif %} \ No newline at end of file diff --git a/addons/datadog/.helmignore b/addons/datadog/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/addons/datadog/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/datadog/Chart.lock b/addons/datadog/Chart.lock deleted file mode 100644 index e1680af2..00000000 --- a/addons/datadog/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: datadog - repository: https://helm.datadoghq.com - version: 3.40.1 -digest: sha256:69207ffc3bb0a8dea3553cbf57cf0ae7b3664f76eeb4ea8e5a8a7a8794955d72 -generated: "2023-10-27T16:36:26.38173-04:00" diff --git a/addons/datadog/Chart.yaml b/addons/datadog/Chart.yaml deleted file mode 100644 index 192f40ab..00000000 --- a/addons/datadog/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -name: datadog -description: A Helm chart for Kubernetes -type: application -version: 0.1.0 -appVersion: "1.16.0" -dependencies: -- name: datadog - version: 3.40.1 - repository: https://helm.datadoghq.com \ No newline at end of file diff --git a/addons/datadog/addon.yaml b/addons/datadog/addon.yaml deleted file mode 100644 index 22564962..00000000 --- a/addons/datadog/addon.yaml +++ /dev/null @@ -1,11 +0,0 @@ -name: datadog -description: "packaged datadog agent able to run in-cluster" -global: true -icon: https://github.com/pluralsh/plural-artifacts/blob/main/datadog/plural/icons/datadog.png?raw=true -configuration: -- name: apiKey - type: string - documentation: the api key for your datadog account -- name: appKey - type: string - documentation: the app key to use with this agent \ No newline at end of file diff --git a/addons/datadog/charts/datadog-3.40.1.tgz b/addons/datadog/charts/datadog-3.40.1.tgz deleted file mode 100644 index 77fd393b..00000000 Binary files a/addons/datadog/charts/datadog-3.40.1.tgz and /dev/null differ diff --git a/addons/datadog/templates/_helpers.tpl b/addons/datadog/templates/_helpers.tpl deleted file mode 100644 index 62278679..00000000 --- a/addons/datadog/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "datadog-addon.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "datadog-addon.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "datadog-addon.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "datadog-addon.labels" -}} -helm.sh/chart: {{ include "datadog-addon.chart" . }} -{{ include "datadog-addon.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "datadog-addon.selectorLabels" -}} -app.kubernetes.io/name: {{ include "datadog-addon.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "datadog-addon.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "datadog-addon.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/addons/datadog/values.yaml b/addons/datadog/values.yaml deleted file mode 100644 index 9eb0ddf4..00000000 --- a/addons/datadog/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -datadog: - datadog: - logs: - enabled: true - containerCollectAll: true \ No newline at end of file diff --git a/addons/datadog/values.yaml.liquid b/addons/datadog/values.yaml.liquid deleted file mode 100644 index edd4eb7d..00000000 --- a/addons/datadog/values.yaml.liquid +++ /dev/null @@ -1,12 +0,0 @@ -datadog: - datadog: - apiKey: {{ configuration.apiKey }} - appKey: {{ configuration.appKey }} - -{% if cluster.provider %} -{% if cluster.provider.cloud == "azure" %} - providers: - aks: - enabled: true -{% endif %} -{% endif %} \ No newline at end of file diff --git a/addons/externaldns/.helmignore b/addons/externaldns/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/addons/externaldns/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/externaldns/Chart.lock b/addons/externaldns/Chart.lock deleted file mode 100644 index 183cf205..00000000 --- a/addons/externaldns/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: external-dns - repository: https://kubernetes-sigs.github.io/external-dns/ - version: 1.13.1 -digest: sha256:2d685b6ca4603b95413252dc992c83a00bc27487a1a9ee3c77dcc2d1051a73c4 -generated: "2023-11-08T00:02:32.832094-05:00" diff --git a/addons/externaldns/Chart.yaml b/addons/externaldns/Chart.yaml deleted file mode 100644 index 6a7b0dec..00000000 --- a/addons/externaldns/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -name: externaldns -description: A Helm chart for Kubernetes -type: application -version: 0.1.0 -appVersion: "0.13.6" -dependencies: - - name: external-dns - repository: https://kubernetes-sigs.github.io/external-dns/ - version: 1.13.1 \ No newline at end of file diff --git a/addons/externaldns/addon.yaml b/addons/externaldns/addon.yaml deleted file mode 100644 index 62a3ec40..00000000 --- a/addons/externaldns/addon.yaml +++ /dev/null @@ -1,94 +0,0 @@ -name: externaldns -description: "automate creating DNS records in common DNS services like route53, cloudflare and others" -global: false -icon: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/img/external-dns.png?raw=true -configuration: -- name: provider - type: select - values: - - aws - - google - - azure - - cloudflare - documentation: the dns provider you wish to configure -- name: domains - type: string - documentation: a comma separated list of domains you'll want to register DNS entries for -- name: awsAccessKeyId - type: string - documentation: aws access key id (should have permissions to read and write from Route54) - condition: - field: provider - value: aws - operation: eq -- name: awsSecretAccessKey - type: string - documentation: aws secret access key (should have permissions to read and write from Route54) - condition: - field: provider - value: aws - operation: eq -- name: tenantId - type: string - documentation: the Azure Active Directory tenant id used to authenticate - condition: - field: provider - value: azure - operation: eq -- name: subscriptionId - type: string - documentation: the azure subscription id the dns zone lives within - condition: - field: provider - value: azure - operation: eq -- name: resourceGroup - type: string - documentation: the resource group in the subscription of the dns zone - condition: - field: provider - value: azure - operation: eq -- name: clientId - type: string - documentation: active directory client id of the service principal w/ dns read/write access - condition: - field: provider - value: azure - operation: eq -- name: clientSecret - type: string - documentation: active directory client secrt of the service principal w/ dns read/write access - condition: - field: provider - value: azure - operation: eq -- name: googleApplicationCredentials - type: string - documentation: GCP service account json key file with read/write access to Cloud dns - condition: - field: provider - value: google - operation: eq -- name: gcpProject - type: string - documentation: GCP service account json key file with read/write access to Cloud dns - condition: - field: provider - value: google - operation: eq -- name: cloudflareKey - type: string - documentation: Cloudflare api key - condition: - field: provider - value: cloudflare - operation: eq -- name: cloudflareEmail - type: string - documentation: Cloudflare email - condition: - field: provider - value: cloudflare - operation: eq - \ No newline at end of file diff --git a/addons/externaldns/charts/external-dns-1.13.1.tgz b/addons/externaldns/charts/external-dns-1.13.1.tgz deleted file mode 100644 index fdef6e43..00000000 Binary files a/addons/externaldns/charts/external-dns-1.13.1.tgz and /dev/null differ diff --git a/addons/externaldns/templates/_helpers.tpl b/addons/externaldns/templates/_helpers.tpl deleted file mode 100644 index c42c2011..00000000 --- a/addons/externaldns/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "externaldns-addon.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "externaldns-addon.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "externaldns-addon.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "externaldns-addon.labels" -}} -helm.sh/chart: {{ include "externaldns-addon.chart" . }} -{{ include "externaldns-addon.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "externaldns-addon.selectorLabels" -}} -app.kubernetes.io/name: {{ include "externaldns-addon.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "externaldns-addon.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "externaldns-addon.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/addons/externaldns/templates/secrets.yaml b/addons/externaldns/templates/secrets.yaml deleted file mode 100644 index ee593abf..00000000 --- a/addons/externaldns/templates/secrets.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{ if .Values.cloudflare }} -apiVersion: v1 -kind: Secret -metadata: - name: cloudflare-key - labels: -{{ include "externaldns-addon.labels" . | indent 4 }} -type: Opaque -stringData: - api-key: {{ .Values.cloudflare.key | quote }} - email: {{ .Values.cloudflare.email | quote }} -{{ end }} \ No newline at end of file diff --git a/addons/externaldns/values.yaml b/addons/externaldns/values.yaml deleted file mode 100644 index a7e1007a..00000000 --- a/addons/externaldns/values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# Default values for externaldns. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -aws: - -gcp: - -azure: - -cloudflare: \ No newline at end of file diff --git a/addons/externaldns/values.yaml.liquid b/addons/externaldns/values.yaml.liquid deleted file mode 100644 index 5ff7133a..00000000 --- a/addons/externaldns/values.yaml.liquid +++ /dev/null @@ -1,67 +0,0 @@ -{% assign domains = configuration.domains | split: "," %} - -external-dns: - provider: {{ configuration.provider }} - domainFilter: - {% for d in domains %} - - {{ d }} - {% endfor %} - txtOwnerId: {{ cluster.Name }} - - {% if configuration.awsAccessKeyId %} - env: - - name: AWS_SHARED_CREDENTIALS_FILE - value: /.aws/credentials - secretConfiguration: - enabled: true - mountPath: /.aws - data: - credentials: | - [default] - aws_access_key_id = {{ configuration.awsAccessKeyId }} - aws_secret_access_key_id = {{ configuration.awsSecretAccessKey }} - {% endif %} - - {% if configuration.googleApplicationCredentials %} - {% if configuration.gcpProject %} - extraArgs: - - --google-project={{ configuration.gcpProject }} - {% endif %} - env: - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /.google/credentials.json - secretConfiguration: - enabled: true - mountPath: /.google - data: - credentials.json: | - {{ configuration.googleApplicationCredentials }} - {% endif %} - - {% if configuration.provider == "azure" %} - secretConfiguration: - enabled: true - mountPath: /etc/kubernetes - data: - azure.json: | - { - "tenantId": "{{ configuration.tenantId }}" - "subscriptionId": "{{ configuration.subscriptionId }}" - "resourceGroup": "{{ configuration.resourceGroup }}" - "aadClientId": "{{ configuration.clientId }}" - "aadClientSecret": "{{ configuration.clientSecret }}" - } - {% endif %} - - {% if configuration.cloudflareKey %} - env: - - name: CF_API_EMAIL - value: "{{ configuration.cloudflareEmail }}" - - name: CF_API_KEY - valueFrom: - secretKeyRef: - name: cloudflare-secret - key: api-key -cloudflare: - key: {{ configuration.cloudflareKey }} - {% endif %} \ No newline at end of file diff --git a/addons/flux-source-controller/.helmignore b/addons/flux-source-controller/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/addons/flux-source-controller/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/flux-source-controller/Chart.lock b/addons/flux-source-controller/Chart.lock deleted file mode 100644 index cfc7f48b..00000000 --- a/addons/flux-source-controller/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: flux2 - repository: https://fluxcd-community.github.io/helm-charts - version: 2.11.1 -digest: sha256:46c717ce2091e4b85903613bdd60ad6322d68acf26bed90e44652149acfaa76b -generated: "2023-11-22T14:06:55.564319-05:00" diff --git a/addons/flux-source-controller/Chart.yaml b/addons/flux-source-controller/Chart.yaml deleted file mode 100644 index 713da1b1..00000000 --- a/addons/flux-source-controller/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -name: flux-source-controller -description: Flux Source Controller -type: application -version: 0.1.0 -appVersion: "1.16.0" -dependencies: -- name: flux2 - repository: https://fluxcd-community.github.io/helm-charts - version: 2.11.1 \ No newline at end of file diff --git a/addons/flux-source-controller/addon.yaml b/addons/flux-source-controller/addon.yaml deleted file mode 100644 index 548dfa77..00000000 --- a/addons/flux-source-controller/addon.yaml +++ /dev/null @@ -1,4 +0,0 @@ -name: flux-source-controller -description: "provides access to Helm repositories and OCI sources for deployments" -icon: https://avatars.githubusercontent.com/u/52158677?s=200&v=4 -configuration: [] \ No newline at end of file diff --git a/addons/flux-source-controller/charts/flux2-2.11.1.tgz b/addons/flux-source-controller/charts/flux2-2.11.1.tgz deleted file mode 100644 index e6f7412c..00000000 Binary files a/addons/flux-source-controller/charts/flux2-2.11.1.tgz and /dev/null differ diff --git a/addons/flux-source-controller/docs/gke-workload-identity.md b/addons/flux-source-controller/docs/gke-workload-identity.md deleted file mode 100644 index 0fe2dc66..00000000 --- a/addons/flux-source-controller/docs/gke-workload-identity.md +++ /dev/null @@ -1,7 +0,0 @@ -## Set Up GKE Workload Identity for OCI Repositories - -Frequently people will want to use their own OCI repositories in artifact registry instead of the ones provided by third parties. Flux supports this natively, in to enable it you'll want to set up an IAM identity binding for the `source-controller` kubernetes service account (living in the `flux-source-controller` namespace), then add the following secret to your deployment: - -```yaml -gcpServiceAccount: -``` diff --git a/addons/flux-source-controller/templates/_helpers.tpl b/addons/flux-source-controller/templates/_helpers.tpl deleted file mode 100644 index 750c7793..00000000 --- a/addons/flux-source-controller/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "flux-source-controller.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "flux-source-controller.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "flux-source-controller.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "flux-source-controller.labels" -}} -helm.sh/chart: {{ include "flux-source-controller.chart" . }} -{{ include "flux-source-controller.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "flux-source-controller.selectorLabels" -}} -app.kubernetes.io/name: {{ include "flux-source-controller.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "flux-source-controller.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "flux-source-controller.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/addons/flux-source-controller/templates/helmrepositories.yaml b/addons/flux-source-controller/templates/helmrepositories.yaml deleted file mode 100644 index b7852b74..00000000 --- a/addons/flux-source-controller/templates/helmrepositories.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: bitnami -spec: - interval: 5m0s - type: oci - url: oci://registry-1.docker.io/bitnamicharts ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: flagger -spec: - interval: 5m0s - url: https://flagger.app ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: console -spec: - interval: 5m0s - url: https://pluralsh.github.io/console \ No newline at end of file diff --git a/addons/flux-source-controller/values.yaml b/addons/flux-source-controller/values.yaml deleted file mode 100644 index fac2f511..00000000 --- a/addons/flux-source-controller/values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Default values for .. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -flux2: - helmController: - create: false - imageAutomationController: - create: false - imageReflectionController: - create: false - kustomizeController: - create: false - notificationController: - create: false - sourceController: - create: true - policies: - create: false \ No newline at end of file diff --git a/addons/flux-source-controller/values.yaml.liquid b/addons/flux-source-controller/values.yaml.liquid deleted file mode 100644 index 710bc538..00000000 --- a/addons/flux-source-controller/values.yaml.liquid +++ /dev/null @@ -1,7 +0,0 @@ -{% if configuration.gcpServiceAccount %} -flux2: - sourceController: - serviceAccount: - annotations: - iam.gke.io/gcp-service-account: {{ configuration.gcpServiceAccount }} -{% endif %} \ No newline at end of file diff --git a/addons/github-actions-controller/.helmignore b/addons/github-actions-controller/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/addons/github-actions-controller/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/github-actions-controller/Chart.lock b/addons/github-actions-controller/Chart.lock deleted file mode 100644 index ef142a1f..00000000 --- a/addons/github-actions-controller/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: gha-runner-scale-set-controller - repository: oci://ghcr.io/actions/actions-runner-controller-charts - version: 0.6.1 -digest: sha256:b763847a3dc145c8f70d605df42adb654f5051d02d354df15fad0e618a5d5198 -generated: "2023-11-14T11:24:43.547571-05:00" diff --git a/addons/github-actions-controller/Chart.yaml b/addons/github-actions-controller/Chart.yaml deleted file mode 100644 index 9e059376..00000000 --- a/addons/github-actions-controller/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -name: github-actions-controller -description: A Helm chart for Kubernetes -type: application -version: 0.1.0 -appVersion: "1.16.0" -dependencies: -- name: gha-runner-scale-set-controller - repository: oci://ghcr.io/actions/actions-runner-controller-charts - version: '>= 0.0.0' \ No newline at end of file diff --git a/addons/github-actions-controller/addon.yaml b/addons/github-actions-controller/addon.yaml deleted file mode 100644 index e806cb18..00000000 --- a/addons/github-actions-controller/addon.yaml +++ /dev/null @@ -1,5 +0,0 @@ -name: github-actions-controller -description: kubernetes operator to provision github actions -global: false -icon: https://static-00.iconduck.com/assets.00/github-icon-2048x1988-jzvzcf2t.png -configuration: [] \ No newline at end of file diff --git a/addons/github-actions-controller/charts/gha-runner-scale-set-controller-0.6.1.tgz b/addons/github-actions-controller/charts/gha-runner-scale-set-controller-0.6.1.tgz deleted file mode 100644 index 8ae84f00..00000000 Binary files a/addons/github-actions-controller/charts/gha-runner-scale-set-controller-0.6.1.tgz and /dev/null differ diff --git a/addons/github-actions-controller/templates/_helpers.tpl b/addons/github-actions-controller/templates/_helpers.tpl deleted file mode 100644 index b0022038..00000000 --- a/addons/github-actions-controller/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "github-actions-controller.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "github-actions-controller.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "github-actions-controller.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "github-actions-controller.labels" -}} -helm.sh/chart: {{ include "github-actions-controller.chart" . }} -{{ include "github-actions-controller.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "github-actions-controller.selectorLabels" -}} -app.kubernetes.io/name: {{ include "github-actions-controller.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "github-actions-controller.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "github-actions-controller.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/addons/github-actions-controller/values.yaml b/addons/github-actions-controller/values.yaml deleted file mode 100644 index 2c94587a..00000000 --- a/addons/github-actions-controller/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -# Default values for github-actions-controller. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -{} \ No newline at end of file diff --git a/addons/grafana-agent/.helmignore b/addons/grafana-agent/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/addons/grafana-agent/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/grafana-agent/Chart.lock b/addons/grafana-agent/Chart.lock deleted file mode 100644 index 95008e76..00000000 --- a/addons/grafana-agent/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: k8s-monitoring - repository: https://grafana.github.io/helm-charts - version: 0.4.2 -digest: sha256:8c6c6940a2fea187192b6d90f61c017e4079b4116fcf42e4fb92b8ae29135115 -generated: "2023-11-15T20:42:21.185602-05:00" diff --git a/addons/grafana-agent/Chart.yaml b/addons/grafana-agent/Chart.yaml deleted file mode 100644 index 542238be..00000000 --- a/addons/grafana-agent/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -name: grafana-agent -description: A Helm chart for Kubernetes -type: application -version: 0.1.0 -appVersion: "1.16.0" -dependencies: -- name: k8s-monitoring - repository: https://grafana.github.io/helm-charts - version: 0.4.2 \ No newline at end of file diff --git a/addons/grafana-agent/addon.yaml b/addons/grafana-agent/addon.yaml deleted file mode 100644 index 44a5a113..00000000 --- a/addons/grafana-agent/addon.yaml +++ /dev/null @@ -1,23 +0,0 @@ -name: grafana-agent -description: set up the grafana agent for shipping metrics to remote prometheus or loki instances -global: true -icon: https://github.com/pluralsh/plural-artifacts/blob/main/grafana/plural/icons/grafana.png?raw=true -configuration: -- name: prometheusHost - type: string - documentation: the hostname for your prometheus instance, if you used Plural to provision it, it'll be in context.yaml in configuration.mimir.hostname -- name: prometheusUser - type: string - documentation: username for prometheus basic auth -- name: prometheusPassword - type: string - documentation: password for prometheus basic auth -- name: lokiHost - type: string - documentation: the hostname for your loki instance, if you used Plural to provision it, it'll be in context.yaml in configuration.loki.hostname -- name: lokiUser - type: string - documentation: username for loki basic auth -- name: lokiPassword - type: string - documentation: password for loki basic auth \ No newline at end of file diff --git a/addons/grafana-agent/charts/k8s-monitoring-0.4.2.tgz b/addons/grafana-agent/charts/k8s-monitoring-0.4.2.tgz deleted file mode 100644 index c839ed82..00000000 Binary files a/addons/grafana-agent/charts/k8s-monitoring-0.4.2.tgz and /dev/null differ diff --git a/addons/grafana-agent/templates/_helpers.tpl b/addons/grafana-agent/templates/_helpers.tpl deleted file mode 100644 index fbfb850c..00000000 --- a/addons/grafana-agent/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana-agent.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "grafana-agent.labels" -}} -helm.sh/chart: {{ include "grafana-agent.chart" . }} -{{ include "grafana-agent.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "grafana-agent.selectorLabels" -}} -app.kubernetes.io/name: {{ include "grafana-agent.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "grafana-agent.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "grafana-agent.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/addons/grafana-agent/values.yaml b/addons/grafana-agent/values.yaml deleted file mode 100644 index e1885dcf..00000000 --- a/addons/grafana-agent/values.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Default values for grafana-agent. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -k8s-monitoring: - opencost: - enabled: false - - cluster: - name: CHANGEME - - externalServices: - cost: - enabled: false - prometheus: - host: CHANGEME - writeEndpoint: /api/v1/push - loki: - host: CHANGEME \ No newline at end of file diff --git a/addons/grafana-agent/values.yaml.liquid b/addons/grafana-agent/values.yaml.liquid deleted file mode 100644 index 1531e023..00000000 --- a/addons/grafana-agent/values.yaml.liquid +++ /dev/null @@ -1,20 +0,0 @@ -k8s-monitoring: - {% if configuration.nodeExporter == "false" %} - prometheus-node-exporter: - enabled: false - {% endif %} - - cluster: - name: {{ cluster.Handle }} - - externalServices: - prometheus: - host: {{ configuration.prometheusHost }} - basicAuth: - username: {{ configuration.prometheusUser }} - password: {{ configuration.prometheusPassword }} - loki: - host: {{ configuration.lokiHost }} - basicAuth: - username: {{ configuration.lokiUser }} - password: {{ configuration.lokiPassword }} \ No newline at end of file diff --git a/addons/ingress-nginx/.helmignore b/addons/ingress-nginx/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/addons/ingress-nginx/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/ingress-nginx/Chart.lock b/addons/ingress-nginx/Chart.lock deleted file mode 100644 index de7238e5..00000000 --- a/addons/ingress-nginx/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: ingress-nginx - repository: https://kubernetes.github.io/ingress-nginx - version: 4.8.3 -digest: sha256:78b30c184180089f1f40ccca8953ff9b03b838f9622a892d6bf06bc1d902a94e -generated: "2023-11-08T19:30:33.75897-05:00" diff --git a/addons/ingress-nginx/Chart.yaml b/addons/ingress-nginx/Chart.yaml deleted file mode 100644 index 2c950393..00000000 --- a/addons/ingress-nginx/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -name: ingress-nginx -description: wrapper chart for the ingress nginx controller -type: application -version: 0.1.0 -appVersion: "1.9.4" -dependencies: -- name: ingress-nginx - version: 4.8.3 - repository: https://kubernetes.github.io/ingress-nginx \ No newline at end of file diff --git a/addons/ingress-nginx/addon.yaml b/addons/ingress-nginx/addon.yaml deleted file mode 100644 index f64c45f0..00000000 --- a/addons/ingress-nginx/addon.yaml +++ /dev/null @@ -1,8 +0,0 @@ -name: ingress-nginx -description: "automate the provisioning of certificates using lets encrypt throughout your k8s cluster" -global: true -icon: https://github.com/pluralsh/plural-artifacts/blob/main/ingress-nginx/plural/icons/nginx.png?raw=true -configuration: -- name: aws - type: bool - documentation: whether you're running on aws, we'll reconfigure ssl proxy protocol and other details for you \ No newline at end of file diff --git a/addons/ingress-nginx/charts/ingress-nginx-4.8.3.tgz b/addons/ingress-nginx/charts/ingress-nginx-4.8.3.tgz deleted file mode 100644 index f2e3f3a0..00000000 Binary files a/addons/ingress-nginx/charts/ingress-nginx-4.8.3.tgz and /dev/null differ diff --git a/addons/ingress-nginx/templates/_helpers.tpl b/addons/ingress-nginx/templates/_helpers.tpl deleted file mode 100644 index 9f1dceb0..00000000 --- a/addons/ingress-nginx/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "ingress-nginx-addon.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "ingress-nginx-addon.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "ingress-nginx-addon.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "ingress-nginx-addon.labels" -}} -helm.sh/chart: {{ include "ingress-nginx-addon.chart" . }} -{{ include "ingress-nginx-addon.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "ingress-nginx-addon.selectorLabels" -}} -app.kubernetes.io/name: {{ include "ingress-nginx-addon.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "ingress-nginx-addon.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "ingress-nginx-addon.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/addons/ingress-nginx/values.yaml b/addons/ingress-nginx/values.yaml deleted file mode 100644 index 334bbc25..00000000 --- a/addons/ingress-nginx/values.yaml +++ /dev/null @@ -1,74 +0,0 @@ -# Default values for ingress-nginx. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -ingress-nginx: - controller: - image: - digest: null - digestChroot: null - admissionWebhooks: - enabled: false - config: - worker-shutdown-timeout: 240s - proxy-body-size: '0' - proxy-read-timeout: '3600' - proxy-send-timeout: '3600' - log-format-escape-json: "true" - log-format-upstream: '{"msec":"$msec","connection":"$connection","connection_requests":"$connection_requests","pid":"$pid","request_id":"$request_id","request_length":"$request_length","remote_addr":"$remote_addr","remote_user":"$remote_user","remote_port":"$remote_port","time_local":"$time_local","time_iso8601":"$time_iso8601","request":"$request","request_uri":"$request_uri","args":"$args","status":"$status","body_bytes_sent":"$body_bytes_sent","bytes_sent":"$bytes_sent","http_referer":"$http_referer","http_user_agent":"$http_user_agent","http_x_forwarded_for":"$http_x_forwarded_for","http_host":"$http_host","server_name":"$server_name","request_time":"$request_time","upstream":"$upstream_addr","upstream_connect_time":"$upstream_connect_time","upstream_header_time":"$upstream_header_time","upstream_response_time":"$upstream_response_time","upstream_response_length":"$upstream_response_length","upstream_cache_status":"$upstream_cache_status","ssl_protocol":"$ssl_protocol","ssl_cipher":"$ssl_cipher","scheme":"$scheme","request_method":"$request_method","server_protocol":"$server_protocol","pipe":"$pipe","gzip_ratio":"$gzip_ratio","http_cf_ray":"$http_cf_ray","geoip_country_code":"$geoip_country_code"}' - proxySetHeaders: - GeoIP-Country-Code: "$geoip_country_code" - GeoIP-Country-Name: "$geoip_country_name" - GeoIP-Continent-Code: "$geoip_city_continent_code" - GeoIP-Region-Name: "$geoip_region_name" - GeoIP-Region: "$geoip_region" - GeoIP-City: "$geoip_city" - GeoIP-Metro-Code: "$geoip_dma_code" - GeoIP-Area-Code: "$geoip_area_code" - GeoIP-Latitude: "$geoip_latitude" - GeoIP-Longitude: "$geoip_longitude" - GeoIP-Postal-Code: "$geoip_postal_code" - GeoIP-Isp: "$geoip_org" - GeoIP-Organization: "$geoip_org" - resources: - requests: - cpu: 100m - memory: 250Mi - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - labelSelector: - matchLabels: - app.kubernetes.io/instance: ingress-nginx - autoscaling: - enabled: true - minReplicas: 2 - maxReplicas: 11 - targetCPUUtilizationPercentage: "" - targetMemoryUtilizationPercentage: 95 - behavior: - scaleDown: - stabilizationWindowSeconds: 300 - policies: - - type: Pods - value: 1 - periodSeconds: 180 - scaleUp: - stabilizationWindowSeconds: 300 - policies: - - type: Pods - value: 2 - periodSeconds: 60 - metrics: - enabled: false - service: - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "10254" - prometheus.io/path: "/metrics" - prometheus.io/scheme: http - serviceMonitor: - enabled: false - prometheusRule: - enabled: false \ No newline at end of file diff --git a/addons/ingress-nginx/values.yaml.liquid b/addons/ingress-nginx/values.yaml.liquid deleted file mode 100644 index 3b0b327c..00000000 --- a/addons/ingress-nginx/values.yaml.liquid +++ /dev/null @@ -1,17 +0,0 @@ -{% if configuration.aws == "true" %} -ingress-nginx: - controller: - annotations: - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' - service.beta.kubernetes.io/aws-load-balancer-type: external - service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip - service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600' - config: - compute-full-forwarded-for: 'true' - use-forwarded-headers: 'true' - use-proxy-protocol: 'true' -{% endif %} - \ No newline at end of file diff --git a/addons/kubecost-cloud/.helmignore b/addons/kubecost-cloud/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/addons/kubecost-cloud/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/kubecost-cloud/Chart.lock b/addons/kubecost-cloud/Chart.lock deleted file mode 100644 index f2d6d931..00000000 --- a/addons/kubecost-cloud/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: kubecost-cloud-agent - repository: https://kubecost.github.io/kubecost-cloud-agent/ - version: 1.0.0 -digest: sha256:ca82e1c341b2266187b2157a70a8f65e88570b69eba27c01dc90a965920482b0 -generated: "2023-11-09T11:41:49.339155-05:00" diff --git a/addons/kubecost-cloud/Chart.yaml b/addons/kubecost-cloud/Chart.yaml deleted file mode 100644 index f82dfbbf..00000000 --- a/addons/kubecost-cloud/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -name: kubecost-cloud -description: Simple add-on to install kubecost agent in a tenant cluster -type: application -version: 0.1.0 -appVersion: "1.0.0" -dependencies: - - name: kubecost-cloud-agent - repository: https://kubecost.github.io/kubecost-cloud-agent/ - version: 1.0.0 \ No newline at end of file diff --git a/addons/kubecost-cloud/addon.yaml b/addons/kubecost-cloud/addon.yaml deleted file mode 100644 index 51996827..00000000 --- a/addons/kubecost-cloud/addon.yaml +++ /dev/null @@ -1,8 +0,0 @@ -name: kubecost-cloud -description: "ship cost information to kubecost cloud" -global: true -icon: https://github.com/pluralsh/plural-artifacts/blob/main/kubecost/plural/icons/kubecost.png?raw=true -configuration: -- name: agentToken - type: string - documentation: your kubecost cloud license token \ No newline at end of file diff --git a/addons/kubecost-cloud/charts/kubecost-cloud-agent-1.0.0.tgz b/addons/kubecost-cloud/charts/kubecost-cloud-agent-1.0.0.tgz deleted file mode 100644 index 67a916e3..00000000 Binary files a/addons/kubecost-cloud/charts/kubecost-cloud-agent-1.0.0.tgz and /dev/null differ diff --git a/addons/kubecost-cloud/templates/_helpers.tpl b/addons/kubecost-cloud/templates/_helpers.tpl deleted file mode 100644 index aa4cd08c..00000000 --- a/addons/kubecost-cloud/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "kubecost-addon.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kubecost-addon.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kubecost-addon.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "kubecost-addon.labels" -}} -helm.sh/chart: {{ include "kubecost-addon.chart" . }} -{{ include "kubecost-addon.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "kubecost-addon.selectorLabels" -}} -app.kubernetes.io/name: {{ include "kubecost-addon.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "kubecost-addon.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "kubecost-addon.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/addons/kubecost-cloud/values.yaml b/addons/kubecost-cloud/values.yaml deleted file mode 100644 index 7c7d39cf..00000000 --- a/addons/kubecost-cloud/values.yaml +++ /dev/null @@ -1,69 +0,0 @@ -# Default values for kubecost. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -global: - thanos: - enabled: false - grafana: - enabled: false - proxy: false - -kubecost-cloud-agent: - cloudAgent: true - cloudAgentTLSFileName: "files/prod-cloud-cert.pem" - cloudAgentTLSCertName: "agent-tls-public-key" - imageVersion: lunar-sandwich.v0.1.2 - cloudReportingServer: collector.app.kubecost.com:31357 - networkCosts: - enabled: true - - podSecurityPolicy: - enabled: false - - prometheus: - podSecurityPolicy: - enabled: false - nodeExporter: - enabled: false - kube-state-metrics: - enabled: false - disabled: true - extraScrapeConfigs: | - - job_name: kubecost-cloud-agent - honor_labels: true - scrape_interval: 1m - scrape_timeout: 60s - metrics_path: /metrics - scheme: http - dns_sd_configs: - - names: - - {{ .Release.Name }}-cloud-agent - type: 'A' - port: 9005 - - job_name: kubecost-networking - kubernetes_sd_configs: - - role: pod - relabel_configs: - # Scrape only the the targets matching the following metadata - - source_labels: [__meta_kubernetes_pod_label_app] - action: keep - regex: {{ template "cost-analyzer.networkCostsName" . }} - - - kubecostMetrics: - exporter: - enabled: true - exportClusterInfo: false - exportClusterCache: false - - grafana: - sidecar: - dashboards: - enabled: false - datasources: - defaultDatasourceEnabled: false - - kubecostFrontend: - enabled: false - kubecostToken: CHANGEME \ No newline at end of file diff --git a/addons/kubecost-cloud/values.yaml.liquid b/addons/kubecost-cloud/values.yaml.liquid deleted file mode 100644 index e3590a90..00000000 --- a/addons/kubecost-cloud/values.yaml.liquid +++ /dev/null @@ -1,3 +0,0 @@ -kubecost-cloud-agent: - cloudAgentKey: {{ configuration.agentToken }} - cloudAgentClusterId: {{ cluster.Name }} \ No newline at end of file diff --git a/addons/metrics-server/.helmignore b/addons/metrics-server/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/addons/metrics-server/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/metrics-server/Chart.lock b/addons/metrics-server/Chart.lock deleted file mode 100644 index 0a65d9a1..00000000 --- a/addons/metrics-server/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: metrics-server - repository: https://kubernetes-sigs.github.io/metrics-server/ - version: 3.11.0 -digest: sha256:e323372fef5182b36f4d4ec61f210b9e2c2629d322c0147a73f587ee3ad097e2 -generated: "2023-11-01T20:01:09.78771-04:00" diff --git a/addons/metrics-server/Chart.yaml b/addons/metrics-server/Chart.yaml deleted file mode 100644 index c1a5b6a0..00000000 --- a/addons/metrics-server/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -name: metrics-server -description: A Helm chart for Kubernetes -type: application -version: 0.1.0 -appVersion: "0.6.4" -dependencies: -- name: metrics-server - repository: https://kubernetes-sigs.github.io/metrics-server/ - version: 3.11.0 \ No newline at end of file diff --git a/addons/metrics-server/addon.yaml b/addons/metrics-server/addon.yaml deleted file mode 100644 index 08d3786a..00000000 --- a/addons/metrics-server/addon.yaml +++ /dev/null @@ -1,5 +0,0 @@ -name: metrics-server -description: "adds basic node/pod utilization information used in most kubernetes dashboards" -global: true -icon: /chart.png -configuration: [] \ No newline at end of file diff --git a/addons/metrics-server/charts/metrics-server-3.11.0.tgz b/addons/metrics-server/charts/metrics-server-3.11.0.tgz deleted file mode 100644 index 8860457e..00000000 Binary files a/addons/metrics-server/charts/metrics-server-3.11.0.tgz and /dev/null differ diff --git a/addons/metrics-server/templates/_helpers.tpl b/addons/metrics-server/templates/_helpers.tpl deleted file mode 100644 index b3d45a92..00000000 --- a/addons/metrics-server/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "metrics-server-addon.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "metrics-server-addon.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "metrics-server-addon.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "metrics-server-addon.labels" -}} -helm.sh/chart: {{ include "metrics-server-addon.chart" . }} -{{ include "metrics-server-addon.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "metrics-server-addon.selectorLabels" -}} -app.kubernetes.io/name: {{ include "metrics-server-addon.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "metrics-server-addon.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "metrics-server-addon.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/addons/metrics-server/values.yaml b/addons/metrics-server/values.yaml deleted file mode 100644 index 49adb90d..00000000 --- a/addons/metrics-server/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# Default values for metrics-server. -metrics-server: - test: true \ No newline at end of file diff --git a/addons/metrics-server/values.yaml.liquid b/addons/metrics-server/values.yaml.liquid deleted file mode 100644 index 605006d4..00000000 --- a/addons/metrics-server/values.yaml.liquid +++ /dev/null @@ -1,5 +0,0 @@ -{% if configuration.insecure %} -metrics-server: - args: - - --kubelet-insecure-tls -{% endif %} \ No newline at end of file diff --git a/addons/plrl-github-actions-runner/.helmignore b/addons/plrl-github-actions-runner/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/addons/plrl-github-actions-runner/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/plrl-github-actions-runner/Chart.lock b/addons/plrl-github-actions-runner/Chart.lock deleted file mode 100644 index 3096f536..00000000 --- a/addons/plrl-github-actions-runner/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: gha-runner-scale-set - repository: oci://ghcr.io/actions/actions-runner-controller-charts - version: 0.6.1 -digest: sha256:311cb71d497e15c06b6775b7d31a668e4b18c38616304b6e5a338d600473fc09 -generated: "2023-11-14T11:33:12.144476-05:00" diff --git a/addons/plrl-github-actions-runner/Chart.yaml b/addons/plrl-github-actions-runner/Chart.yaml deleted file mode 100644 index aa65f4c6..00000000 --- a/addons/plrl-github-actions-runner/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -name: plrl-github-actions-runner -description: a wrapper chart to deploy a github actions runner set -type: application -version: 0.1.0 -appVersion: "1.16.0" -dependencies: -- name: gha-runner-scale-set - repository: oci://ghcr.io/actions/actions-runner-controller-charts - version: '>= 0.0.0' \ No newline at end of file diff --git a/addons/plrl-github-actions-runner/addon.yaml b/addons/plrl-github-actions-runner/addon.yaml deleted file mode 100644 index e6571fc7..00000000 --- a/addons/plrl-github-actions-runner/addon.yaml +++ /dev/null @@ -1,11 +0,0 @@ -name: plrl-github-actions-runner -description: kubernetes operator to provision github actions -global: false -icon: https://static-00.iconduck.com/assets.00/github-icon-2048x1988-jzvzcf2t.png -configuration: -- name: githubConfigUrl - type: string - documentation: the url of the resource that will own your runner, eg https://github.com/ -- name: githubPat - type: string - documentation: a legacy Github personal access token the runner will authenticate as \ No newline at end of file diff --git a/addons/plrl-github-actions-runner/charts/gha-runner-scale-set-0.6.1.tgz b/addons/plrl-github-actions-runner/charts/gha-runner-scale-set-0.6.1.tgz deleted file mode 100644 index 8cd9519c..00000000 Binary files a/addons/plrl-github-actions-runner/charts/gha-runner-scale-set-0.6.1.tgz and /dev/null differ diff --git a/addons/plrl-github-actions-runner/templates/_helpers.tpl b/addons/plrl-github-actions-runner/templates/_helpers.tpl deleted file mode 100644 index 283b174c..00000000 --- a/addons/plrl-github-actions-runner/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "github-actions-runner.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "github-actions-runner.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "github-actions-runner.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "github-actions-runner.labels" -}} -helm.sh/chart: {{ include "github-actions-runner.chart" . }} -{{ include "github-actions-runner.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "github-actions-runner.selectorLabels" -}} -app.kubernetes.io/name: {{ include "github-actions-runner.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "github-actions-runner.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "github-actions-runner.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/addons/plrl-github-actions-runner/values.yaml b/addons/plrl-github-actions-runner/values.yaml deleted file mode 100644 index 2392492f..00000000 --- a/addons/plrl-github-actions-runner/values.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Default values for github-actions-runner. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -gha-runner-scale-set: - controllerServiceAccount: - name: github-actions-controller-gha-rs-controller - namespace: github-actions-controller - template: - spec: - securityContext: - fsGroup: 1001 - containers: - - name: runner - image: ghcr.io/actions/actions-runner:latest - imagePullPolicy: Always - command: ["/home/runner/run.sh"] - env: - - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER - value: "false" - containerMode: - type: kubernetes - kubernetesModeWorkVolumeClaim: - accessModes: ["ReadWriteOnce"] - # For local testing, use https://github.com/openebs/dynamic-localpv-provisioner/blob/develop/docs/quickstart.md to provide dynamic provision volume with storageClassName: openebs-hostpath - resources: - requests: - storage: 1Gi \ No newline at end of file diff --git a/addons/plrl-github-actions-runner/values.yaml.liquid b/addons/plrl-github-actions-runner/values.yaml.liquid deleted file mode 100644 index f8b98226..00000000 --- a/addons/plrl-github-actions-runner/values.yaml.liquid +++ /dev/null @@ -1,4 +0,0 @@ -gha-runner-scale-set: - githubConfigUrl: {{ configuration.githubConfigUrl }} - githubConfigSecret: - github_token: {{ configuration.githubPat }} \ No newline at end of file diff --git a/addons/plural-renovate/.helmignore b/addons/plural-renovate/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/addons/plural-renovate/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/addons/plural-renovate/Chart.lock b/addons/plural-renovate/Chart.lock deleted file mode 100644 index 91ec8a24..00000000 --- a/addons/plural-renovate/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: plural-renovate - repository: oci://ghcr.io/pluralsh - version: 1.0.6-helm -digest: sha256:dcbfb44884b31bacefe6487d83f58cb1d1c6bb03779bd358596fc341b06abfba -generated: "2024-02-14T17:18:10.145464798+01:00" diff --git a/addons/plural-renovate/Chart.yaml b/addons/plural-renovate/Chart.yaml deleted file mode 100644 index 9f72f46c..00000000 --- a/addons/plural-renovate/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -name: plural-renovate -description: a wrapper chart for the plural renovate dependency tracker -type: application -version: 1.0.0 -appVersion: "1.0.6" -dependencies: -- name: plural-renovate - repository: oci://ghcr.io/pluralsh - version: '1.0.6-helm' diff --git a/addons/plural-renovate/addon.yaml b/addons/plural-renovate/addon.yaml deleted file mode 100644 index d4deda62..00000000 --- a/addons/plural-renovate/addon.yaml +++ /dev/null @@ -1,31 +0,0 @@ -name: plural-renovate -description: A Plural dependency tracker based on renovate -global: false -icon: https://raw.githubusercontent.com/pluralsh/design-system/main/public/logos/plural-logomark-only-black.svg -version: 1.0.0 -configuration: -- name: renovateToken - type: string - documentation: "Access token to repositories on the platform (default: github)" -- name: consoleUrl - type: string - documentation: "Plural Console API url, i.e. https://console.mytest.onplural.sh/gql" -- name: consoleToken - type: string - documentation: "Access token for the Plural Console" -- name: repositories - type: string - documentation: "Comma delimited list of repositories that should be watched for automated dependency updates, i.e. 'pluralsh/bootstrap,pluralsh/renovate'" -- name: platform - type: select - documentation: "Platform to use." - values: - - github - - gitlab -- name: endpoint - type: string - documentation: "Custom platform endpoint to use." - condition: - field: platform - value: gitlab - operation: eq diff --git a/addons/plural-renovate/charts/plural-renovate-1.0.6-helm.tgz b/addons/plural-renovate/charts/plural-renovate-1.0.6-helm.tgz deleted file mode 100644 index 95374ee2..00000000 Binary files a/addons/plural-renovate/charts/plural-renovate-1.0.6-helm.tgz and /dev/null differ diff --git a/addons/plural-renovate/values.yaml b/addons/plural-renovate/values.yaml deleted file mode 100644 index b6a2a43f..00000000 --- a/addons/plural-renovate/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# Default values for plural-renovate. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. diff --git a/addons/plural-renovate/values.yaml.liquid b/addons/plural-renovate/values.yaml.liquid deleted file mode 100644 index 95808f79..00000000 --- a/addons/plural-renovate/values.yaml.liquid +++ /dev/null @@ -1,19 +0,0 @@ -{% assign repositories = configuration.repositories | split: ',' %} - -plural-renovate: - config: - renovate: - repositories: - {% for repository in repositories %} - - "{{ repository }}" - {% endfor %} - token: {{ configuration.renovateToken }} - apiUrl: {{ configuration.consoleUrl }} - {% if configuration.platform %} - platform: {{ configuration.platform }} - {% endif %} - {% if configuration.endpoint %} - endpoint: {{ configuration.endpoint }} - {% endif %} - plural: - token: {{ configuration.consoleToken }} diff --git a/catalogs/setup/data.yaml b/setup/data.yaml similarity index 100% rename from catalogs/setup/data.yaml rename to setup/data.yaml diff --git a/catalogs/setup/data/airbyte.yaml b/setup/data/airbyte.yaml similarity index 100% rename from catalogs/setup/data/airbyte.yaml rename to setup/data/airbyte.yaml diff --git a/test/contexts/airbyte.yaml b/test/contexts/airbyte.yaml new file mode 100644 index 00000000..e018c9d9 --- /dev/null +++ b/test/contexts/airbyte.yaml @@ -0,0 +1,5 @@ +cluster: mgmt +cloud: aws +bucket: plrl-airbyte-logs +hostname: airbyte.plural.sh +region: us-east-2 \ No newline at end of file diff --git a/test/contracts.yaml b/test/contracts.yaml new file mode 100644 index 00000000..b808a887 --- /dev/null +++ b/test/contracts.yaml @@ -0,0 +1,12 @@ +apiVersion: platform.plural.sh/v1alpha1 +kind: PrContracts +metadata: + name: workspaces +spec: + workdir: test/outputs + templates: + from: catalogs + to: test/outputs/catalogs + automations: + - file: ../../setup/data/airbyte.yaml + context: ../contexts/airbyte.yaml \ No newline at end of file diff --git a/test/outputs/bootstrap/apps/airbyte/mgmt/servicedeployment.yaml b/test/outputs/bootstrap/apps/airbyte/mgmt/servicedeployment.yaml new file mode 100644 index 00000000..ea6e8cae --- /dev/null +++ b/test/outputs/bootstrap/apps/airbyte/mgmt/servicedeployment.yaml @@ -0,0 +1,28 @@ +apiVersion: deployments.plural.sh/v1alpha1 +kind: ServiceDeployment +metadata: + name: airbyte-mgmt + namespace: infra +spec: + namespace: airbyte + git: + folder: helm/airbyte + ref: main + repositoryRef: + kind: GitRepository + name: infra + namespace: infra + helm: + version: "x.x.x" + chart: airbyte + url: https://app.plural.sh/cm/airbyte + valuesFiles: + - mgmt.yaml.liquid + imports: + - stackRef: + name: airbyte-mgmt + namespace: infra + clusterRef: + kind: Cluster + name: mgmt + namespace: infra diff --git a/test/outputs/bootstrap/apps/airbyte/mgmt/stack.yaml b/test/outputs/bootstrap/apps/airbyte/mgmt/stack.yaml new file mode 100644 index 00000000..d54970cf --- /dev/null +++ b/test/outputs/bootstrap/apps/airbyte/mgmt/stack.yaml @@ -0,0 +1,21 @@ +apiVersion: deployments.plural.sh/v1alpha1 +kind: InfrastructureStack +metadata: + name: airbyte-mgmt +spec: + detach: false + type: TERRAFORM + approval: true + manageState: true + actor: console@plural.sh + configuration: + version: '1.8' + repositoryRef: + name: infra + namespace: infra + clusterRef: + name: mgmt + namespace: infra + git: + ref: main + folder: terraform/apps/airbyte/aws \ No newline at end of file diff --git a/test/outputs/catalogs/data/airbyte/README.md b/test/outputs/catalogs/data/airbyte/README.md new file mode 100644 index 00000000..41dbfc5e --- /dev/null +++ b/test/outputs/catalogs/data/airbyte/README.md @@ -0,0 +1,83 @@ +# Plural Airbyte + +This is a baseline, prod ready airbyte installation using Plural. It includes a few main components: + +* S3/GCS/etc to handle blob storage. Airbyte uses this to manage sync job logs among a few other things +* RDS/Google Cloud Sql, Azure Flexible Server to handle postgres. This gives you a robust RDBMS service to hold airbyte's core transactional data. +* Plural OIDC to handle authentication to Airbyte. Airbyte does not support this natively, and so we use oauth-proxy as a middleware to handle authentication. + +In addtion, there are a few common customizations you might want to do. + +## Configure Basic Auth + +Basic auth allows you to set fixed usernames and passwords to pass to oauth-proxy for authentication. + +## Configuring Basic Auth + +Airbyte's api and web interface is not authenticated by default. We provide an oauth proxy by default to grant some security to your airbyte install, but in order to integrate with tools like airflow, you'll likely want a means to authenticate with static creds. That's where basic auth can be very useful. The process is very simple. + +First, you'll want to generate a random password, you can use the `plural` cli for this: + +```sh +plural crypto random +``` + +Then you will create a `basicAuth` secret in the Plural UI for the airbyte service that was created (will be something like `airbyte-{cluster}`). It will need to be a JSON-encoded map like: + +```json +{"": "","": ""} +``` + +Your airbyte installation has already been configured to be able to read that secret and configure basic auth via helm. + +Once you've completed the steps above to configure basic auth, you should be able to make api requests to your Airbyte +instance accordingly: + +```python + # python + + import base64 + import requests + + user = "" # configured in previous step + password = "" # configured in previous step + base_url = "" # can be found in your project's context.yaml (spec.configuration.airbyte.hostname) + credentials = f"{user}:{password}" + credentials_base64 = base64.b64encode(credentials.encode("utf-8")).decode("utf-8") + response = requests.post( + url=f"https://{base_url}/api/v1/workspaces/list", + headers={ + "accept": "application/json", + "authorization": f"Basic {credentials_base64}" + } + ) + print(response.json()) +``` + +```bash + user="" # configured in previous step + password="" # configured in previous step + + # Your base URL (can be found in your project's context.yaml - spec.configuration.airbyte.hostname) + base_url="" + + # Combine the username and password with a colon (required for Basic Authentication) + credentials="${user}:${password}" + + # Encode the credentials in base64 + credentials_base64=$(echo -n "$credentials" | base64) + + # Make an HTTP POST request using curl + curl -X POST "https://${base_url}/api/v1/workspaces/list" \ + -H "accept: application/json" \ + -H "authorization: Basic $credentials_base64" +``` + +It's also worth noting that the [Airbyte Public API Docs](https://airbyte-public-api-docs.s3.us-east-2.amazonaws.com/) +will serve as a more accurate reference than the [Airbyte Reference API Docs](https://reference.airbyte.com/reference/start) +when building your application. + + +## Contributing + +If there are any features or documentation you'd like to add to this setup, please feel free to contribute back at https://github.com/pluralsh/scaffolds \ No newline at end of file diff --git a/test/outputs/catalogs/data/airbyte/helm/values.yaml.liquid b/test/outputs/catalogs/data/airbyte/helm/values.yaml.liquid new file mode 100644 index 00000000..12263d0d --- /dev/null +++ b/test/outputs/catalogs/data/airbyte/helm/values.yaml.liquid @@ -0,0 +1,89 @@ +{% raw %} +global: + deploymentMode: "oss" + application: + links: + - description: airbyte web ui + url: {{ context.hostname }} + logs: + accessKey: + existingSecret: airbyte-airbyte-secrets + existingSecretKey: AWS_ACCESS_KEY_ID + password: {{ imports["airbyte-{{ context.cluster }}"].access_key_id }} + s3: + bucket: plrl-leadstreams-plrl-mgmt-airbyte + bucketRegion: us-east-2 + enabled: true + secretKey: + existingSecret: airbyte-airbyte-secrets + existingSecretKey: AWS_SECRET_ACCESS_KEY + password: {{ imports["airbyte-{{ context.cluster }}"].secret_access_key }} + storage: + type: S3 + state: + storage: + type: S3 + + database: + secretName: airbyte-airbyte-secrets + secretValue: DATABASE_PASSWORD + host: {{ imports["airbyte-{{ context.cluster }}"].postgres_host }} + +airbyte: + externalDatabase: + database: airbyte + host: {{ imports["airbyte-{{ context.cluster }}"].postgres_host }} + user: airbyte + existingSecret: ~ + password: {{ imports["airbyte-{{ context.cluster }}"].postgres_password }} + port: 5432 + webapp: + ingress: + hosts: + - host: {{ context.hostname }} + paths: + - path: /.* + pathType: ImplementationSpecific + tls: + - hosts: + - {{ context.hostname }} + secretName: airbyte-tls + podAnnotations: + security.plural.sh/oauth-env-secret: airbyte-proxy-config + {% if configuration["basicAuth"] %} + security.plural.sh/htpasswd-secret: httpaswd-users + {% endif %} + podLabels: + security.plural.sh/inject-oauth-sidecar: "true" +oidc-config: + enabled: true + secret: + clientID: {{ imports["airbyte-{{ context.cluster }}"].oidc_client_id }} + clientSecret: {{ imports["airbyte-{{ context.cluster }}"].oidc_client_secret }} + cookieSecret: {{ imports["airbyte-{{ context.cluster }}"].oidc_cookie_secret }} + issuer: https://oidc.plural.sh/ + name: airbyte-proxy-config + +{% if configuration["basicAuth"] %} +{% assign basicAuth = configuration["basicAuth"] | from_json %} + users: + {% for user in basicAuth %} + {{ user[0] }}: {{ user[1] }} + {% endfor %} +{% endif %} + +postgres: + enabled: false +private: + ingress: + enabled: true + hosts: + - host: {{ context.apiHostname }} + paths: + - path: /.* + pathType: ImplementationSpecific + tls: + - hosts: + - {{ context.apiHostname }} + secretName: airbyte-private-tls +{% endraw %} \ No newline at end of file diff --git a/test/outputs/catalogs/data/airbyte/servicedeployment.yaml.liquid b/test/outputs/catalogs/data/airbyte/servicedeployment.yaml.liquid new file mode 100644 index 00000000..020d16e8 --- /dev/null +++ b/test/outputs/catalogs/data/airbyte/servicedeployment.yaml.liquid @@ -0,0 +1,28 @@ +apiVersion: deployments.plural.sh/v1alpha1 +kind: ServiceDeployment +metadata: + name: airbyte-{{ context.cluster }} + namespace: infra +spec: + namespace: airbyte + git: + folder: helm/airbyte + ref: main + repositoryRef: + kind: GitRepository + name: infra + namespace: infra + helm: + version: "x.x.x" + chart: airbyte + url: https://app.plural.sh/cm/airbyte + valuesFiles: + - {{ context.cluster }}.yaml.liquid + imports: + - stackRef: + name: airbyte-{{ context.cluster }} + namespace: infra + clusterRef: + kind: Cluster + name: {{ context.cluster }} + namespace: infra diff --git a/test/outputs/catalogs/data/airbyte/stack.yaml.liquid b/test/outputs/catalogs/data/airbyte/stack.yaml.liquid new file mode 100644 index 00000000..94c96633 --- /dev/null +++ b/test/outputs/catalogs/data/airbyte/stack.yaml.liquid @@ -0,0 +1,21 @@ +apiVersion: deployments.plural.sh/v1alpha1 +kind: InfrastructureStack +metadata: + name: airbyte-{{ context.cluster }} +spec: + detach: false + type: TERRAFORM + approval: true + manageState: true + actor: console@plural.sh + configuration: + version: '1.8' + repositoryRef: + name: infra + namespace: infra + clusterRef: + name: mgmt + namespace: infra + git: + ref: main + folder: terraform/apps/airbyte/{{ context.cloud }} \ No newline at end of file diff --git a/test/outputs/catalogs/data/airbyte/terraform/aws/iam.tf b/test/outputs/catalogs/data/airbyte/terraform/aws/iam.tf new file mode 100644 index 00000000..5f199f73 --- /dev/null +++ b/test/outputs/catalogs/data/airbyte/terraform/aws/iam.tf @@ -0,0 +1,33 @@ + +resource "aws_iam_policy" "airbyte" { + name_prefix = "airbyte" + description = "policy for the plural admin airbyte" + policy = data.aws_iam_policy_document.airbyte.json +} + +resource "aws_iam_user" "airbyte" { + name = "${var.cluster_name}-airbyte" +} + +resource "aws_iam_access_key" "airbyte" { + user = aws_iam_user.airbyte.name +} + +data "aws_iam_policy_document" "airbyte" { + statement { + sid = "admin" + effect = "Allow" + actions = ["s3:*"] + + resources = [ + "arn:aws:s3:::${var.airbyte_bucket}", + "arn:aws:s3:::${var.airbyte_bucket}/*", + ] + } +} + +resource "aws_iam_policy_attachment" "airbyte-user" { + name = "${var.cluster_name}-airbyte-policy" + users = [aws_iam_user.airbyte.name] + policy_arn = aws_iam_policy.airbyte.arn +} diff --git a/test/outputs/catalogs/data/airbyte/terraform/aws/oidc.tf b/test/outputs/catalogs/data/airbyte/terraform/aws/oidc.tf new file mode 100644 index 00000000..ca2084d8 --- /dev/null +++ b/test/outputs/catalogs/data/airbyte/terraform/aws/oidc.tf @@ -0,0 +1,15 @@ +resource "random_password" "oidc_cookie" { + length = 20 + min_lower = 1 + min_numeric = 1 + min_upper = 1 + special = false +} + +resource "plural_oidc_provider" "airbyte" { + name = "airbyte-{{ context.cluster }}" + auth_method = "BASIC" + type = "PLURAL" + description = "OIDC provider for airbyte deployed to the {{ context.cluster }} cluster" + redirect_uris = ["https://{{ context.hostname }}/oauth2/callback"] +} \ No newline at end of file diff --git a/test/outputs/catalogs/data/airbyte/terraform/aws/outputs.tf b/test/outputs/catalogs/data/airbyte/terraform/aws/outputs.tf new file mode 100644 index 00000000..9e83e5c1 --- /dev/null +++ b/test/outputs/catalogs/data/airbyte/terraform/aws/outputs.tf @@ -0,0 +1,31 @@ +output "access_key_id" { + value = aws_iam_access_key.airbyte.id +} + +output "secret_access_key" { + value = aws_iam_access_key.airbyte.secret +} + +output "postgres_host" { + value = try(module.db.db_instance_address, "") +} + +output "postgres_password" { + value = random_password.password.result + sensitive = true +} + +output "oidc_cookie_secret" { + value = random_password.oidc_cookie.result + sensitive = true +} + +output "oidc_client_id" { + value = plural_oidc_provider.airbyte.client_id + sensitive = true +} + +output "oidc_client_secret" { + value = plural_oidc_provider.airbyte.client_secret + sensitive = true +} \ No newline at end of file diff --git a/test/outputs/catalogs/data/airbyte/terraform/aws/postgres.tf b/test/outputs/catalogs/data/airbyte/terraform/aws/postgres.tf new file mode 100644 index 00000000..6099d659 --- /dev/null +++ b/test/outputs/catalogs/data/airbyte/terraform/aws/postgres.tf @@ -0,0 +1,85 @@ +resource "random_password" "password" { + length = 20 + min_lower = 1 + min_numeric = 1 + min_upper = 1 + special = false +} + +data "aws_eks_cluster" "mgmt" { + name = var.cluster_name +} + +data "aws_vpc" "mgmt" { + id = one(data.aws_eks_cluster.mgmt.vpc_config).vpc_id +} + +module "db" { + source = "terraform-aws-modules/rds/aws" + version = "~> 6.3" + + identifier = var.db_name + + engine = "postgres" + engine_version = var.postgres_vsn + family = "postgres14" + major_engine_version = var.postgres_vsn + instance_class = var.db_instance_class + allocated_storage = var.db_storage + + db_name = "airbyte" + username = "airbyte" + password = random_password.password.result + manage_master_user_password = false + + maintenance_window = "Mon:00:00-Mon:03:00" + backup_window = "03:00-06:00" + backup_retention_period = var.backup_retention_period + + monitoring_interval = "30" + monitoring_role_name = "${var.db_name}-PluralRDSMonitoringRole" + create_monitoring_role = true + apply_immediately = true + + multi_az = true + + create_db_subnet_group = true + subnet_ids = one(data.aws_eks_cluster.mgmt.vpc_config).subnet_ids + vpc_security_group_ids = [module.security_group.security_group_id] + + create_cloudwatch_log_group = true + enabled_cloudwatch_logs_exports = ["postgresql"] + + parameters = [ + { + name = "autovacuum" + value = 1 + }, + { + name = "client_encoding" + value = "utf8" + } + ] + + # Database Deletion Protection + deletion_protection = var.deletion_protection +} + +module "security_group" { + source = "terraform-aws-modules/security-group/aws" + version = "~> 5.0" + + name = "${var.db_name}-db-security-group" + description = "security group for your plural console db" + vpc_id = data.aws_vpc.mgmt.id + + ingress_with_cidr_blocks = [ + { + from_port = 5432 + to_port = 5432 + protocol = "tcp" + description = "PostgreSQL access from within VPC" + cidr_blocks = data.aws_vpc.mgmt.cidr_block + }, + ] +} diff --git a/test/outputs/catalogs/data/airbyte/terraform/aws/s3.tf b/test/outputs/catalogs/data/airbyte/terraform/aws/s3.tf new file mode 100644 index 00000000..5f6d8fc8 --- /dev/null +++ b/test/outputs/catalogs/data/airbyte/terraform/aws/s3.tf @@ -0,0 +1,18 @@ +resource "aws_s3_bucket" "airbyte" { + bucket = var.airbyte_bucket + force_destroy = var.force_destroy_bucket +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "airbyte" { + bucket = aws_s3_bucket.airbyte.id + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} + +data "aws_iam_role" "postgres" { + name = "${var.cluster_name}-postgres" +} diff --git a/test/outputs/catalogs/data/airbyte/terraform/aws/variables.tf b/test/outputs/catalogs/data/airbyte/terraform/aws/variables.tf new file mode 100644 index 00000000..487c7364 --- /dev/null +++ b/test/outputs/catalogs/data/airbyte/terraform/aws/variables.tf @@ -0,0 +1,41 @@ +variable "cluster_name" { + type = string + default = "{{ context.cluster }}" +} + +variable "airbyte_bucket" { + type = string + default = "{{ context.bucket }}" +} + +variable "force_destroy_bucket" { + type = bool + default = true + description = "If true, the bucket will be deleted even if it contains objects." +} + +variable "db_name" { + default = "plrl-{{ context.cluster }}-airbyte" +} + +variable "postgres_vsn" { + default = "14" +} + +variable "db_storage" { + default = 20 +} + +variable "deletion_protection" { + type = bool + default = true +} + +variable "backup_retention_period" { + type = number + default = 7 +} + +variable "db_instance_class" { + default = "db.t4g.large" +} \ No newline at end of file diff --git a/test/outputs/catalogs/data/airbyte/terraform/aws/versions.tf b/test/outputs/catalogs/data/airbyte/terraform/aws/versions.tf new file mode 100644 index 00000000..54f47de0 --- /dev/null +++ b/test/outputs/catalogs/data/airbyte/terraform/aws/versions.tf @@ -0,0 +1,19 @@ + +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.57" + } + plural = { + source = "pluralsh/plural" + version = ">= 0.2.1" + } + } +} + +provider "plural" {} + +provider "aws" { + region = "{{ context.region }}" +} \ No newline at end of file diff --git a/test/outputs/documentation/airbyte/README.md b/test/outputs/documentation/airbyte/README.md new file mode 100644 index 00000000..41dbfc5e --- /dev/null +++ b/test/outputs/documentation/airbyte/README.md @@ -0,0 +1,83 @@ +# Plural Airbyte + +This is a baseline, prod ready airbyte installation using Plural. It includes a few main components: + +* S3/GCS/etc to handle blob storage. Airbyte uses this to manage sync job logs among a few other things +* RDS/Google Cloud Sql, Azure Flexible Server to handle postgres. This gives you a robust RDBMS service to hold airbyte's core transactional data. +* Plural OIDC to handle authentication to Airbyte. Airbyte does not support this natively, and so we use oauth-proxy as a middleware to handle authentication. + +In addtion, there are a few common customizations you might want to do. + +## Configure Basic Auth + +Basic auth allows you to set fixed usernames and passwords to pass to oauth-proxy for authentication. + +## Configuring Basic Auth + +Airbyte's api and web interface is not authenticated by default. We provide an oauth proxy by default to grant some security to your airbyte install, but in order to integrate with tools like airflow, you'll likely want a means to authenticate with static creds. That's where basic auth can be very useful. The process is very simple. + +First, you'll want to generate a random password, you can use the `plural` cli for this: + +```sh +plural crypto random +``` + +Then you will create a `basicAuth` secret in the Plural UI for the airbyte service that was created (will be something like `airbyte-{cluster}`). It will need to be a JSON-encoded map like: + +```json +{"": "","": ""} +``` + +Your airbyte installation has already been configured to be able to read that secret and configure basic auth via helm. + +Once you've completed the steps above to configure basic auth, you should be able to make api requests to your Airbyte +instance accordingly: + +```python + # python + + import base64 + import requests + + user = "" # configured in previous step + password = "" # configured in previous step + base_url = "" # can be found in your project's context.yaml (spec.configuration.airbyte.hostname) + credentials = f"{user}:{password}" + credentials_base64 = base64.b64encode(credentials.encode("utf-8")).decode("utf-8") + response = requests.post( + url=f"https://{base_url}/api/v1/workspaces/list", + headers={ + "accept": "application/json", + "authorization": f"Basic {credentials_base64}" + } + ) + print(response.json()) +``` + +```bash + user="" # configured in previous step + password="" # configured in previous step + + # Your base URL (can be found in your project's context.yaml - spec.configuration.airbyte.hostname) + base_url="" + + # Combine the username and password with a colon (required for Basic Authentication) + credentials="${user}:${password}" + + # Encode the credentials in base64 + credentials_base64=$(echo -n "$credentials" | base64) + + # Make an HTTP POST request using curl + curl -X POST "https://${base_url}/api/v1/workspaces/list" \ + -H "accept: application/json" \ + -H "authorization: Basic $credentials_base64" +``` + +It's also worth noting that the [Airbyte Public API Docs](https://airbyte-public-api-docs.s3.us-east-2.amazonaws.com/) +will serve as a more accurate reference than the [Airbyte Reference API Docs](https://reference.airbyte.com/reference/start) +when building your application. + + +## Contributing + +If there are any features or documentation you'd like to add to this setup, please feel free to contribute back at https://github.com/pluralsh/scaffolds \ No newline at end of file diff --git a/test/outputs/helm/airbyte/mgmt.yaml.liquid b/test/outputs/helm/airbyte/mgmt.yaml.liquid new file mode 100644 index 00000000..b2a3dbe0 --- /dev/null +++ b/test/outputs/helm/airbyte/mgmt.yaml.liquid @@ -0,0 +1,88 @@ + +global: + deploymentMode: "oss" + application: + links: + - description: airbyte web ui + url: {{ context.hostname }} + logs: + accessKey: + existingSecret: airbyte-airbyte-secrets + existingSecretKey: AWS_ACCESS_KEY_ID + password: {{ imports["airbyte-{{ context.cluster }}"].access_key_id }} + s3: + bucket: plrl-leadstreams-plrl-mgmt-airbyte + bucketRegion: us-east-2 + enabled: true + secretKey: + existingSecret: airbyte-airbyte-secrets + existingSecretKey: AWS_SECRET_ACCESS_KEY + password: {{ imports["airbyte-{{ context.cluster }}"].secret_access_key }} + storage: + type: S3 + state: + storage: + type: S3 + + database: + secretName: airbyte-airbyte-secrets + secretValue: DATABASE_PASSWORD + host: {{ imports["airbyte-{{ context.cluster }}"].postgres_host }} + +airbyte: + externalDatabase: + database: airbyte + host: {{ imports["airbyte-{{ context.cluster }}"].postgres_host }} + user: airbyte + existingSecret: ~ + password: {{ imports["airbyte-{{ context.cluster }}"].postgres_password }} + port: 5432 + webapp: + ingress: + hosts: + - host: {{ context.hostname }} + paths: + - path: /.* + pathType: ImplementationSpecific + tls: + - hosts: + - {{ context.hostname }} + secretName: airbyte-tls + podAnnotations: + security.plural.sh/oauth-env-secret: airbyte-proxy-config + {% if configuration["basicAuth"] %} + security.plural.sh/htpasswd-secret: httpaswd-users + {% endif %} + podLabels: + security.plural.sh/inject-oauth-sidecar: "true" +oidc-config: + enabled: true + secret: + clientID: {{ imports["airbyte-{{ context.cluster }}"].oidc_client_id }} + clientSecret: {{ imports["airbyte-{{ context.cluster }}"].oidc_client_secret }} + cookieSecret: {{ imports["airbyte-{{ context.cluster }}"].oidc_cookie_secret }} + issuer: https://oidc.plural.sh/ + name: airbyte-proxy-config + +{% if configuration["basicAuth"] %} +{% assign basicAuth = configuration["basicAuth"] | from_json %} + users: + {% for user in basicAuth %} + {{ user[0] }}: {{ user[1] }} + {% endfor %} +{% endif %} + +postgres: + enabled: false +private: + ingress: + enabled: true + hosts: + - host: {{ context.apiHostname }} + paths: + - path: /.* + pathType: ImplementationSpecific + tls: + - hosts: + - {{ context.apiHostname }} + secretName: airbyte-private-tls diff --git a/test/outputs/terraform/apps/airbyte/aws/iam.tf b/test/outputs/terraform/apps/airbyte/aws/iam.tf new file mode 100644 index 00000000..5f199f73 --- /dev/null +++ b/test/outputs/terraform/apps/airbyte/aws/iam.tf @@ -0,0 +1,33 @@ + +resource "aws_iam_policy" "airbyte" { + name_prefix = "airbyte" + description = "policy for the plural admin airbyte" + policy = data.aws_iam_policy_document.airbyte.json +} + +resource "aws_iam_user" "airbyte" { + name = "${var.cluster_name}-airbyte" +} + +resource "aws_iam_access_key" "airbyte" { + user = aws_iam_user.airbyte.name +} + +data "aws_iam_policy_document" "airbyte" { + statement { + sid = "admin" + effect = "Allow" + actions = ["s3:*"] + + resources = [ + "arn:aws:s3:::${var.airbyte_bucket}", + "arn:aws:s3:::${var.airbyte_bucket}/*", + ] + } +} + +resource "aws_iam_policy_attachment" "airbyte-user" { + name = "${var.cluster_name}-airbyte-policy" + users = [aws_iam_user.airbyte.name] + policy_arn = aws_iam_policy.airbyte.arn +} diff --git a/test/outputs/terraform/apps/airbyte/aws/oidc.tf b/test/outputs/terraform/apps/airbyte/aws/oidc.tf new file mode 100644 index 00000000..eaecbdca --- /dev/null +++ b/test/outputs/terraform/apps/airbyte/aws/oidc.tf @@ -0,0 +1,15 @@ +resource "random_password" "oidc_cookie" { + length = 20 + min_lower = 1 + min_numeric = 1 + min_upper = 1 + special = false +} + +resource "plural_oidc_provider" "airbyte" { + name = "airbyte-mgmt" + auth_method = "BASIC" + type = "PLURAL" + description = "OIDC provider for airbyte deployed to the mgmt cluster" + redirect_uris = ["https://airbyte.plural.sh/oauth2/callback"] +} \ No newline at end of file diff --git a/test/outputs/terraform/apps/airbyte/aws/outputs.tf b/test/outputs/terraform/apps/airbyte/aws/outputs.tf new file mode 100644 index 00000000..9e83e5c1 --- /dev/null +++ b/test/outputs/terraform/apps/airbyte/aws/outputs.tf @@ -0,0 +1,31 @@ +output "access_key_id" { + value = aws_iam_access_key.airbyte.id +} + +output "secret_access_key" { + value = aws_iam_access_key.airbyte.secret +} + +output "postgres_host" { + value = try(module.db.db_instance_address, "") +} + +output "postgres_password" { + value = random_password.password.result + sensitive = true +} + +output "oidc_cookie_secret" { + value = random_password.oidc_cookie.result + sensitive = true +} + +output "oidc_client_id" { + value = plural_oidc_provider.airbyte.client_id + sensitive = true +} + +output "oidc_client_secret" { + value = plural_oidc_provider.airbyte.client_secret + sensitive = true +} \ No newline at end of file diff --git a/test/outputs/terraform/apps/airbyte/aws/postgres.tf b/test/outputs/terraform/apps/airbyte/aws/postgres.tf new file mode 100644 index 00000000..6099d659 --- /dev/null +++ b/test/outputs/terraform/apps/airbyte/aws/postgres.tf @@ -0,0 +1,85 @@ +resource "random_password" "password" { + length = 20 + min_lower = 1 + min_numeric = 1 + min_upper = 1 + special = false +} + +data "aws_eks_cluster" "mgmt" { + name = var.cluster_name +} + +data "aws_vpc" "mgmt" { + id = one(data.aws_eks_cluster.mgmt.vpc_config).vpc_id +} + +module "db" { + source = "terraform-aws-modules/rds/aws" + version = "~> 6.3" + + identifier = var.db_name + + engine = "postgres" + engine_version = var.postgres_vsn + family = "postgres14" + major_engine_version = var.postgres_vsn + instance_class = var.db_instance_class + allocated_storage = var.db_storage + + db_name = "airbyte" + username = "airbyte" + password = random_password.password.result + manage_master_user_password = false + + maintenance_window = "Mon:00:00-Mon:03:00" + backup_window = "03:00-06:00" + backup_retention_period = var.backup_retention_period + + monitoring_interval = "30" + monitoring_role_name = "${var.db_name}-PluralRDSMonitoringRole" + create_monitoring_role = true + apply_immediately = true + + multi_az = true + + create_db_subnet_group = true + subnet_ids = one(data.aws_eks_cluster.mgmt.vpc_config).subnet_ids + vpc_security_group_ids = [module.security_group.security_group_id] + + create_cloudwatch_log_group = true + enabled_cloudwatch_logs_exports = ["postgresql"] + + parameters = [ + { + name = "autovacuum" + value = 1 + }, + { + name = "client_encoding" + value = "utf8" + } + ] + + # Database Deletion Protection + deletion_protection = var.deletion_protection +} + +module "security_group" { + source = "terraform-aws-modules/security-group/aws" + version = "~> 5.0" + + name = "${var.db_name}-db-security-group" + description = "security group for your plural console db" + vpc_id = data.aws_vpc.mgmt.id + + ingress_with_cidr_blocks = [ + { + from_port = 5432 + to_port = 5432 + protocol = "tcp" + description = "PostgreSQL access from within VPC" + cidr_blocks = data.aws_vpc.mgmt.cidr_block + }, + ] +} diff --git a/test/outputs/terraform/apps/airbyte/aws/s3.tf b/test/outputs/terraform/apps/airbyte/aws/s3.tf new file mode 100644 index 00000000..5f6d8fc8 --- /dev/null +++ b/test/outputs/terraform/apps/airbyte/aws/s3.tf @@ -0,0 +1,18 @@ +resource "aws_s3_bucket" "airbyte" { + bucket = var.airbyte_bucket + force_destroy = var.force_destroy_bucket +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "airbyte" { + bucket = aws_s3_bucket.airbyte.id + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} + +data "aws_iam_role" "postgres" { + name = "${var.cluster_name}-postgres" +} diff --git a/test/outputs/terraform/apps/airbyte/aws/variables.tf b/test/outputs/terraform/apps/airbyte/aws/variables.tf new file mode 100644 index 00000000..976a00ca --- /dev/null +++ b/test/outputs/terraform/apps/airbyte/aws/variables.tf @@ -0,0 +1,41 @@ +variable "cluster_name" { + type = string + default = "mgmt" +} + +variable "airbyte_bucket" { + type = string + default = "plrl-airbyte-logs" +} + +variable "force_destroy_bucket" { + type = bool + default = true + description = "If true, the bucket will be deleted even if it contains objects." +} + +variable "db_name" { + default = "plrl-mgmt-airbyte" +} + +variable "postgres_vsn" { + default = "14" +} + +variable "db_storage" { + default = 20 +} + +variable "deletion_protection" { + type = bool + default = true +} + +variable "backup_retention_period" { + type = number + default = 7 +} + +variable "db_instance_class" { + default = "db.t4g.large" +} \ No newline at end of file diff --git a/test/outputs/terraform/apps/airbyte/aws/versions.tf b/test/outputs/terraform/apps/airbyte/aws/versions.tf new file mode 100644 index 00000000..4d560d4c --- /dev/null +++ b/test/outputs/terraform/apps/airbyte/aws/versions.tf @@ -0,0 +1,19 @@ + +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.57" + } + plural = { + source = "pluralsh/plural" + version = ">= 0.2.1" + } + } +} + +provider "plural" {} + +provider "aws" { + region = "us-east-2" +} \ No newline at end of file