public/geek-cookbook
1
0
Fork 0
mirror of https://github.com/funkypenguin/geek-cookbook/ synced 2025-12-13 01:36:23 +00:00
Code Issues Releases Wiki Activity

Add WIP docs on how to ansiblize recipes for premix

Browse Source 
Signed-off-by: David Young <davidy@funkypenguin.co.nz>
This commit is contained in:
David Young
2022-09-02 13:13:22 +12:00
parent 9326ca6140
commit 9d6139a9fb
18 changed files with 211 additions and 947 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
_snippets/recipe-footer.md
View File

@@ -4,7 +4,7 @@
### Tip your waiter (sponsor) 👏
Did you receive excellent service? Want to compliment the chef? (_..and support development of current and future recipes!_) Sponsor me on [Github][github_sponsor] / [Patreon][patreon], or see the [contribute](/community/contribute/) page for more (_free or paid)_ ways to say thank you! 👏
Did you receive excellent service? Want to compliment the chef? (_..and support development of current and future recipes!_) Share a [review](https://fnky.nz/testimonial), sponsor me on [Github][github_sponsor] / [Patreon][patreon], or see the [contribute](/community/contribute/) page for more (_free or paid)_ ways to say thank you! 👏
### Employ your chef (engage) 🤝

1
docs/community/contribute.md
View File

@@ -12,6 +12,7 @@ Got nothing to contribute, but want to give back to the community? Here are some
1. Star :star: the [repo](https://github.com/geek-cookbook/geek-cookbook/)
2. Tweet :bird: the [meat](https://ctt.ac/Vl6mc)!
3. Send a [testimonial](https://fnky.nz/testimonial)
## Contributing moneyz 💰

4
docs/index.md
View File

@@ -81,6 +81,10 @@ So if you're familiar enough with the concepts above, and you've done self-hosti
-- John McDowall, Founder, [kiso.io](https://kiso.io)
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/iframeResizer.min.js"></script>
<iframe id="p-436b4c83-aaea-41ff-889a-2f8e279ff369" src="https://www.bonjoro.com/pe/436b4c83-aaea-41ff-889a-2f8e279ff369" frameborder="0" scrolling="no" width="100%"></iframe>
<script type="text/javascript">iFrameResize({ warningTimeout:30000, log: false,}, "#p-436b4c83-aaea-41ff-889a-2f8e279ff369");</script>
## Who made this?
### 👋 Hi, I'm David

908
docs/kubernetes/external-dns.md
View File

@@ -16,9 +16,9 @@ ExternalDNS is a controller for Kubernetes which watches the objects you create
### Namespace
We need a namespace to deploy our HelmRelease and associated ConfigMaps into. Per the [flux design](/kubernetes/deployment/flux/), I create this example yaml in my flux repo at `bootstrap/namespaces/namespace-external-dns.yaml`:
We need a namespace to deploy our HelmRelease and associated ConfigMaps into. Per the [flux design](/kubernetes/deployment/flux/), I create this example yaml in my flux repo:
```yaml
```yaml title="/bootstrap/namespaces/namespace-external-dns.yaml"
apiVersion: v1
kind: Namespace
metadata:
@@ -27,32 +27,30 @@ metadata:
### HelmRepository
Next, we need to define a HelmRepository (*a repository of helm charts*), to which we'll refer when we create the HelmRelease. We only need to do this once per-repository. In this case, we're using the (*prolific*) [bitnami chart repository](https://github.com/bitnami/charts/tree/master/bitnami), so per the [flux design](/kubernetes/deployment/flux/), I create this example yaml in my flux repo at `bootstrap/helmrepositories/helmrepository-external-dns.yaml`:
Next, we need to define a HelmRepository (*a repository of helm charts*), to which we'll refer when we create the HelmRelease. We only need to do this once per-repository. In this case, we're using the (*prolific*) [bitnami chart repository](https://github.com/bitnami/charts/tree/master/bitnami), so per the [flux design](/kubernetes/deployment/flux/), I create this example yaml in my flux repo:
??? example "Example HelmRepository (click to expand)"
```yaml
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
```yaml title="/bootstrap/helmrepositories/helmrepository-bitnami.yaml"
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: bitnami
namespace: flux-system
spec:
spec:
interval: 15m
url: https://charts.bitnami.com/bitnami
```
```
### Kustomization
Now that the "global" elements of this deployment (*just the HelmRepository in this case*z*) have been defined, we do some "flux-ception", and go one layer deeper, adding another Kustomization, telling flux to deploy any YAMLs found in the repo at `/external-dns`. I create this example Kustomization in my flux repo at `bootstrap/kustomizations/kustomization-external-dns.yaml`:
Now that the "global" elements of this deployment (*just the HelmRepository in this case*z*) have been defined, we do some "flux-ception", and go one layer deeper, adding another Kustomization, telling flux to deploy any YAMLs found in the repo at `/external-dns`. I create this example Kustomization in my flux repo:
??? example "Example Kustomization (click to expand)"
```yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
```yaml title="/bootstrap/kustomizations/kustomization-external-dns.yaml"
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
name: external-dns
namespace: flux-system
spec:
spec:
interval: 15m
path: ./external-dns
prune: true # remove any elements later removed from the above path
@@ -66,864 +64,24 @@ Now that the "global" elements of this deployment (*just the HelmRepository in t
kind: Deployment
name: external-dns
namespace: external-dns
```
```
### ConfigMap
Now we're into the external-dns-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami/charts/blob/master/bitnami/external-dns/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `external-dns/configmap-external-dns-helm-chart-value-overrides.yaml`:
Now we're into the external-dns-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami/charts/blob/master/bitnami/external-dns/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
??? example "Example ConfigMap (click to expand)"
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: external-dns-helm-chart-value-overrides
namespace: external-dns
data:
```yaml title="/external-dns/configmap-external-dns-helm-chart-value-overrides.yaml"
apiVersion: v1
kind: ConfigMap
metadata:
creationTimestamp: null
name: traefik-helm-chart-value-overrides
namespace: traefik
data:
values.yaml: |-
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
# <upstream values go here>
```
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
## @section Common parameters
## @param nameOverride String to partially override external-dns.fullname template (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override external-dns.fullname template
##
fullnameOverride: ""
## @param clusterDomain Kubernetes Cluster Domain
##
clusterDomain: cluster.local
## @section external-dns parameters
## Bitnami external-dns image version
## ref: https://hub.docker.com/r/bitnami/external-dns/tags/
## @param image.registry ExternalDNS image registry
## @param image.repository ExternalDNS image repository
## @param image.tag ExternalDNS Image tag (immutable tags are recommended)
## @param image.pullPolicy ExternalDNS image pull policy
## @param image.pullSecrets ExternalDNS image pull secrets
##
image:
registry: docker.io
repository: bitnami/external-dns
tag: 0.10.1-debian-10-r5
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param hostAliases Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param sources [array] K8s resources type to be observed for new DNS entries by ExternalDNS
##
sources:
# - crd
- service
- ingress
# - contour-httpproxy
## @param provider DNS provider where the DNS records will be created.
## Available providers are:
## - alibabacloud, aws, azure, azure-private-dns, cloudflare, coredns, designate, digitalocean, google, hetzner, infoblox, linode, rfc2136, transip
##
provider: aws
## Flags related to processing sources
## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/pkg/apis/externaldns/types.go#L272
## @param namespace Limit sources of endpoints to a specific namespace (default: all namespaces)
##
namespace: ""
## @param fqdnTemplates Templated strings that are used to generate DNS names from sources that don't define a hostname themselves
##
fqdnTemplates: []
## @param combineFQDNAnnotation Combine FQDN template and annotations instead of overwriting
##
combineFQDNAnnotation: false
## @param ignoreHostnameAnnotation Ignore hostname annotation when generating DNS names, valid only when fqdn-template is set
##
ignoreHostnameAnnotation: false
## @param publishInternalServices Allow external-dns to publish DNS records for ClusterIP services
##
publishInternalServices: false
## @param publishHostIP Allow external-dns to publish host-ip for headless services
##
publishHostIP: false
## @param serviceTypeFilter The service types to take care about (default: all, options: ClusterIP, NodePort, LoadBalancer, ExternalName)
##
serviceTypeFilter: []
## Alibaba cloud configuration to be set via arguments/env. variables
## These will be added to /etc/kubernetes/alibaba-cloud.json via secret
##
alibabacloud:
## @param alibabacloud.accessKeyId When using the Alibaba Cloud provider, set `accessKeyId` in the Alibaba Cloud configuration file (optional)
##
accessKeyId: ""
## @param alibabacloud.accessKeySecret When using the Alibaba Cloud provider, set `accessKeySecret` in the Alibaba Cloud configuration file (optional)
##
accessKeySecret: ""
## @param alibabacloud.regionId When using the Alibaba Cloud provider, set `regionId` in the Alibaba Cloud configuration file (optional)
##
regionId: ""
## @param alibabacloud.vpcId Alibaba Cloud VPC Id
##
vpcId: ""
## @param alibabacloud.secretName Use an existing secret with key "alibaba-cloud.json" defined.
## This ignores alibabacloud.accessKeyId, and alibabacloud.accessKeySecret
##
secretName: ""
## @param alibabacloud.zoneType Zone Filter. Available values are: public, private, or no value for both
##
zoneType: ""
## AWS configuration to be set via arguments/env. variables
##
aws:
## AWS credentials
## @param aws.credentials.secretKey When using the AWS provider, set `aws_secret_access_key` in the AWS credentials (optional)
## @param aws.credentials.accessKey When using the AWS provider, set `aws_access_key_id` in the AWS credentials (optional)
## @param aws.credentials.mountPath When using the AWS provider, determine `mountPath` for `credentials` secret
##
credentials:
secretKey: ""
accessKey: ""
## Before external-dns 0.5.9 home dir should be `/root/.aws`
##
mountPath: "/.aws"
## @param aws.credentials.secretName Use an existing secret with key "credentials" defined.
## This ignores aws.credentials.secretKey, and aws.credentials.accessKey
##
secretName: ""
## @param aws.region When using the AWS provider, `AWS_DEFAULT_REGION` to set in the environment (optional)
##
region: "us-east-1"
## @param aws.zoneType When using the AWS provider, filter for zones of this type (optional, options: public, private)
##
zoneType: ""
## @param aws.assumeRoleArn When using the AWS provider, assume role by specifying --aws-assume-role to the external-dns daemon
##
assumeRoleArn: ""
## @param aws.apiRetries Maximum number of retries for AWS API calls before giving up
##
apiRetries: 3
## @param aws.batchChangeSize When using the AWS provider, set the maximum number of changes that will be applied in each batch
##
batchChangeSize: 1000
## @param aws.zoneTags When using the AWS provider, filter for zones with these tags
##
zoneTags: []
## @param aws.preferCNAME When using the AWS provider, replaces Alias records with CNAME (options: true, false)
##
preferCNAME: ""
## @param aws.evaluateTargetHealth When using the AWS provider, sets the evaluate target health flag (options: true, false)
##
evaluateTargetHealth: ""
## Azure configuration to be set via arguments/env. variables
##
azure:
## When a secret to load azure.json is not specified, the host's /etc/kubernetes/azure.json will be used
## @param azure.secretName When using the Azure provider, set the secret containing the `azure.json` file
##
secretName: ""
## @param azure.cloud When using the Azure provider, set the Azure Cloud
##
cloud: ""
## @param azure.resourceGroup When using the Azure provider, set the Azure Resource Group
##
resourceGroup: ""
## @param azure.tenantId When using the Azure provider, set the Azure Tenant ID
##
tenantId: ""
## @param azure.subscriptionId When using the Azure provider, set the Azure Subscription ID
##
subscriptionId: ""
## @param azure.aadClientId When using the Azure provider, set the Azure AAD Client ID
##
aadClientId: ""
## @param azure.aadClientSecret When using the Azure provider, set the Azure AAD Client Secret
##
aadClientSecret: ""
## @param azure.useManagedIdentityExtension When using the Azure provider, set if you use Azure MSI
##
useManagedIdentityExtension: false
## @param azure.userAssignedIdentityID When using the Azure provider with Azure MSI, set Client ID of Azure user-assigned managed identity (optional, otherwise system-assigned managed identity is used)
##
userAssignedIdentityID: ""
## Cloudflare configuration to be set via arguments/env. variables
##
cloudflare:
## @param cloudflare.apiToken When using the Cloudflare provider, `CF_API_TOKEN` to set (optional)
##
apiToken: ""
## @param cloudflare.apiKey When using the Cloudflare provider, `CF_API_KEY` to set (optional)
##
apiKey: ""
## @param cloudflare.secretName When using the Cloudflare provider, it's the name of the secret containing cloudflare_api_token or cloudflare_api_key.
## This ignores cloudflare.apiToken, and cloudflare.apiKey
##
secretName: ""
## @param cloudflare.email When using the Cloudflare provider, `CF_API_EMAIL` to set (optional). Needed when using CF_API_KEY
##
email: ""
## @param cloudflare.proxied When using the Cloudflare provider, enable the proxy feature (DDOS protection, CDN...) (optional)
##
proxied: true
## CoreDNS configuration to be set via arguments/env variables
##
coredns:
## @param coredns.etcdEndpoints When using the CoreDNS provider, set etcd backend endpoints (comma-separated list)
## Secure (https) endpoints can be used as well, in that case `etcdTLS` section
## should be filled in accordingly
##
etcdEndpoints: "http://etcd-extdns:2379"
## Configuration of the secure communication and client authentication to the etcd cluster
## If enabled all the values under this key must hold a valid data
##
etcdTLS:
## @param coredns.etcdTLS.enabled When using the CoreDNS provider, enable secure communication with etcd
##
enabled: false
## @param coredns.etcdTLS.autoGenerated Generate automatically self-signed TLS certificates
##
autoGenerated: false
## @param coredns.etcdTLS.secretName When using the CoreDNS provider, specify a name of existing Secret with etcd certs and keys
## ref: https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/security.md
## ref (secret creation):
## https://github.com/bitnami/charts/tree/master/bitnami/etcd#configure-certificates-for-client-communication
##
secretName: "etcd-client-certs"
## @param coredns.etcdTLS.mountPath When using the CoreDNS provider, set destination dir to mount data from `coredns.etcdTLS.secretName` to
##
mountPath: "/etc/coredns/tls/etcd"
## @param coredns.etcdTLS.caFilename When using the CoreDNS provider, specify CA PEM file name from the `coredns.etcdTLS.secretName`
##
caFilename: "ca.crt"
## @param coredns.etcdTLS.certFilename When using the CoreDNS provider, specify cert PEM file name from the `coredns.etcdTLS.secretName`
## Will be used by external-dns to authenticate against etcd
##
certFilename: "cert.pem"
## @param coredns.etcdTLS.keyFilename When using the CoreDNS provider, specify private key PEM file name from the `coredns.etcdTLS.secretName`
## Will be used by external-dns to authenticate against etcd
##
keyFilename: "key.pem"
## OpenStack Designate provider configuration to be set via arguments/env. variables
##
designate:
## Set Openstack environment variables (optional). Username and password will be saved in a kubernetes secret
## The alternative to this is to export the necessary Openstack environment variables in the extraEnv argument
## @param designate.username When using the Designate provider, specify the OpenStack authentication username. (optional)
## @param designate.password When using the Designate provider, specify the OpenStack authentication password. (optional)
## @param designate.authUrl When using the Designate provider, specify the OpenStack authentication Url. (optional)
## @param designate.regionName When using the Designate provider, specify the OpenStack region name. (optional)
## @param designate.userDomainName When using the Designate provider, specify the OpenStack user domain name. (optional)
## @param designate.projectName When using the Designate provider, specify the OpenStack project name. (optional)
## @param designate.username When using the Designate provider, specify the OpenStack authentication username. (optional)
## e.g:
## username: "someuser"
## password: "p@55w0rd"
## authUrl: "https://mykeystone.example.net:5000/v3/"
## regionName: "dev"
## userDomainName: "development"
## projectName: "myteamname"
##
username: ""
password: ""
authUrl: ""
regionName: ""
userDomainName: ""
projectName: ""
## @param designate.customCAHostPath When using the Designate provider, use a CA file already on the host to validate Openstack APIs. This conflicts with `designate.customCA.enabled`
## This conflicts setting the above customCA to true and chart rendering will fail if you set customCA to true and specify customCAHostPath
##
customCAHostPath: ""
## Use a custom CA (optional)
## @param designate.customCA.enabled When using the Designate provider, enable a custom CA (optional)
## @param designate.customCA.content When using the Designate provider, set the content of the custom CA
## @param designate.customCA.mountPath When using the Designate provider, set the mountPath in which to mount the custom CA configuration
## @param designate.customCA.filename When using the Designate provider, set the custom CA configuration filename
##
customCA:
enabled: false
content: ""
mountPath: "/config/designate"
filename: "designate-ca.pem"
## DigitalOcean configuration to be set via arguments/env. variables
##
digitalocean:
## @param digitalocean.apiToken When using the DigitalOcean provider, `DO_TOKEN` to set (optional)
##
apiToken: ""
## @param digitalocean.secretName Use an existing secret with key "digitalocean_api_token" defined.
## This ignores digitalocean.apiToken
##
secretName: ""
## Google configuration to be set via arguments/env. variables
##
google:
## @param google.project When using the Google provider, specify the Google project (required when provider=google)
##
project: ""
## @param google.serviceAccountSecret When using the Google provider, specify the existing secret which contains credentials.json (optional)
##
serviceAccountSecret: ""
## @param google.serviceAccountSecretKey When using the Google provider with an existing secret, specify the key name (optional)
##
serviceAccountSecretKey: "credentials.json"
## @param google.serviceAccountKey When using the Google provider, specify the service account key JSON file. In this case a new secret will be created holding this service account (optional)
##
serviceAccountKey: ""
## Hetzner configuration to be set via arguments/env. variables
##
hetzner:
## @param hetzner.token When using the Hetzner provider, specify your token here. (required when `hetzner.secretName` is not provided. In this case a new secret will be created holding the token.)
## Mutually exclusive with `hetzner.secretName`.
##
token: ""
## @param hetzner.secretName When using the Hetzner provider, specify the existing secret which contains your token. Disables the usage of `hetzner.token` (optional)
##
secretName: ""
## @param hetzner.secretKey When using the Hetzner provider with an existing secret, specify the key name (optional)
##
secretKey: "hetzner_token"
## Infoblox configuration to be set via arguments/env. variables
##
infoblox:
## @param infoblox.wapiUsername When using the Infoblox provider, specify the Infoblox WAPI username
##
wapiUsername: "admin"
## @param infoblox.wapiPassword When using the Infoblox provider, specify the Infoblox WAPI password (required when provider=infoblox)
##
wapiPassword: ""
## @param infoblox.gridHost When using the Infoblox provider, specify the Infoblox Grid host (required when provider=infoblox)
##
gridHost: ""
## @param infoblox.view Infoblox view
##
view: ""
## Optional keys
##
## Existing secret name, when in place wapiUsername and wapiPassword are not required
## secretName: ""
##
## @param infoblox.domainFilter When using the Infoblox provider, specify the domain (optional)
##
domainFilter: ""
## @param infoblox.noSslVerify When using the Infoblox provider, disable SSL verification (optional)
##
noSslVerify: false
## @param infoblox.wapiPort When using the Infoblox provider, specify the Infoblox WAPI port (optional)
##
wapiPort: ""
## @param infoblox.wapiVersion When using the Infoblox provider, specify the Infoblox WAPI version (optional)
##
wapiVersion: ""
## @param infoblox.wapiConnectionPoolSize When using the Infoblox provider, specify the Infoblox WAPI request connection pool size (optional)
##
wapiConnectionPoolSize: ""
## @param infoblox.wapiHttpTimeout When using the Infoblox provider, specify the Infoblox WAPI request timeout in seconds (optional)
##
wapiHttpTimeout: ""
## @param infoblox.maxResults When using the Infoblox provider, specify the Infoblox Max Results (optional)
##
maxResults: ""
## Linode configuration to be set via arguments/env. variables
##
linode:
## @param linode.apiToken When using the Linode provider, `LINODE_TOKEN` to set (optional)
##
apiToken: ""
## @param linode.secretName Use an existing secret with key "linode_api_token" defined.
## This ignores linode.apiToken
##
secretName: ""
## NS1 configuration to be set via arguments/env. variables
## @param ns1.minTTL When using the ns1 provider, specify minimal TTL, as an integer, for records
##
ns1:
minTTL: 10
## OVH configuration to be set via arguments/env. variables
##
ovh:
## @param ovh.consumerKey When using the OVH provider, specify the existing consumer key. (required when provider=ovh and `ovh.secretName` is not provided.)
##
consumerKey: ""
## @param ovh.applicationKey When using the OVH provider with an existing application, specify the application key. (required when provider=ovh and `ovh.secretName` is not provided.)
##
applicationKey: ""
## @param ovh.applicationSecret When using the OVH provider with an existing application, specify the application secret. (required when provider=ovh and `ovh.secretName` is not provided.)
##
applicationSecret: ""
## @param ovh.secretName When using the OVH provider, it's the name of the secret containing `ovh_consumer_key`, `ovh_application_key` and `ovh_application_secret`. Disables usage of other `ovh`.
## with following keys:
## - ovh_consumer_key
## - ovh_application_key
## - ovh_application_secret
## This ignores consumerKey, applicationKey & applicationSecret
##
secretName: ""
## Scaleway configuration to be set via arguments/env. variables
##
scaleway:
## @param scaleway.scwAccessKey When using the Scaleway provider, specify an existing access key. (required when provider=scaleway)
##
scwAccessKey: ""
## @param scaleway.scwSecretKey When using the Scaleway provider, specify an existing secret key. (required when provider=scaleway)
##
scwSecretKey: ""
## @param scaleway.scwDefaultOrganizationId When using the Scaleway provider, specify the existing organization id. (required when provider=scaleway)
##
scwDefaultOrganizationId: ""
## RFC 2136 configuration to be set via arguments/env. variables
##
rfc2136:
## @param rfc2136.host When using the rfc2136 provider, specify the RFC2136 host (required when provider=rfc2136)
##
host: ""
## @param rfc2136.port When using the rfc2136 provider, specify the RFC2136 port (optional)
##
port: 53
## @param rfc2136.zone When using the rfc2136 provider, specify the zone (required when provider=rfc2136)
##
zone: ""
## @param rfc2136.tsigSecret When using the rfc2136 provider, specify the tsig secret to enable security. (do not specify if `rfc2136.secretName` is provided.) (optional)
##
tsigSecret: ""
## @param rfc2136.secretName When using the rfc2136 provider, specify the existing secret which contains your tsig secret. Disables the usage of `rfc2136.tsigSecret` (optional)
##
secretName: ""
## @param rfc2136.tsigSecretAlg When using the rfc2136 provider, specify the tsig secret to enable security (optional)
##
tsigSecretAlg: hmac-sha256
## @param rfc2136.tsigKeyname When using the rfc2136 provider, specify the tsig keyname to enable security (optional)
##
tsigKeyname: externaldns-key
## @param rfc2136.tsigAxfr When using the rfc2136 provider, enable AFXR to enable security (optional)
##
tsigAxfr: true
## @param rfc2136.minTTL When using the rfc2136 provider, specify minimal TTL (in duration format) for records[ns, us, ms, s, m, h], see more https://golang.org/pkg/time/#ParseDuration
##
minTTL: "0s"
## @param rfc2136.rfc3645Enabled When using the rfc2136 provider, extend using RFC3645 to support secure updates over Kerberos with GSS-TSIG
##
rfc3645Enabled: false
## @param rfc2136.kerberosConfig When using the rfc2136 provider with rfc3645Enabled, the contents of a configuration file for krb5 (optional)
##
kerberosConfig: ""
## @param rfc2136.kerberosUsername When using the rfc2136 provider with rfc3645Enabled, specify the username to authenticate with (optional)
##
kerberosUsername: ""
## @param rfc2136.kerberosPassword When using the rfc2136 provider with rfc3645Enabled, specify the password to authenticate with (optional)
##
kerberosPassword: ""
## @param rfc2136.kerberosRealm When using the rfc2136 provider with rfc3645Enabled, specify the realm to authenticate to (required when provider=rfc2136 and rfc2136.rfc3645Enabled=true)
##
kerberosRealm: ""
## PowerDNS configuration to be set via arguments/env. variables
##
pdns:
## @param pdns.apiUrl When using the PowerDNS provider, specify the API URL of the server.
##
apiUrl: ""
## @param pdns.apiPort When using the PowerDNS provider, specify the API port of the server.
##
apiPort: "8081"
## @param pdns.apiKey When using the PowerDNS provider, specify the API key of the server.
##
apiKey: ""
## @param pdns.secretName When using the PowerDNS provider, specify as secret name containing the API Key
##
secretName: ""
## TransIP configuration to be set via arguments/env. variables
##
transip:
## @param transip.account When using the TransIP provider, specify the account name.
##
account: ""
## @param transip.apiKey When using the TransIP provider, specify the API key to use.
##
apiKey: ""
## VinylDNS configuration to be set via arguments/env. variables
##
vinyldns:
## @param vinyldns.host When using the VinylDNS provider, specify the VinylDNS API host.
##
host: ""
## @param vinyldns.accessKey When using the VinylDNS provider, specify the Access Key to use.
##
accessKey: ""
## @param vinyldns.secretKey When using the VinylDNS provider, specify the Secret key to use.
##
secretKey: ""
## @param domainFilters Limit possible target zones by domain suffixes (optional)
##
domainFilters: []
## @param excludeDomains Exclude subdomains (optional)
##
excludeDomains: []
## @param regexDomainFilter Limit possible target zones by regex domain suffixes (optional)
## If regexDomainFilter is specified, domainFilters will be ignored
##
regexDomainFilter: ""
## @param regexDomainExclusion Exclude subdomains by using regex pattern (optional)
## If regexDomainFilter is specified, excludeDomains will be ignored and external-dns will use regexDomainExclusion even though regexDomainExclusion is empty
##
regexDomainExclusion: ""
## @param zoneNameFilters Filter target zones by zone domain (optional)
##
zoneNameFilters: []
## @param zoneIdFilters Limit possible target zones by zone id (optional)
##
zoneIdFilters: []
## @param annotationFilter Filter sources managed by external-dns via annotation using label selector (optional)
##
annotationFilter: ""
## @param dryRun When enabled, prints DNS record changes rather than actually performing them (optional)
##
dryRun: false
## @param triggerLoopOnEvent When enabled, triggers run loop on create/update/delete events in addition to regular interval (optional)
##
triggerLoopOnEvent: false
## @param interval Interval update period to use
##
interval: "1m"
## @param logLevel Verbosity of the logs (options: panic, debug, info, warning, error, fatal, trace)
##
logLevel: info
## @param logFormat Which format to output logs in (options: text, json)
##
logFormat: text
## @param policy Modify how DNS records are synchronized between sources and providers (options: sync, upsert-only )
##
policy: upsert-only
## @param registry Registry method to use (options: txt, aws-sd, noop)
## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/proposal/registry.md
##
registry: "txt"
## @param txtPrefix When using the TXT registry, a prefix for ownership records that avoids collision with CNAME entries (optional)<CNAME record> (Mutual exclusive with txt-suffix)
##
txtPrefix: ""
## @param txtSuffix When using the TXT registry, a suffix for ownership records that avoids collision with CNAME entries (optional)<CNAME record>.suffix (Mutual exclusive with txt-prefix)
##
txtSuffix: ""
## @param txtOwnerId A name that identifies this instance of ExternalDNS. Currently used by registry types: txt & aws-sd (optional)
## But other registry types might be added in the future.
##
txtOwnerId: ""
## @param forceTxtOwnerId (backward compatibility) When using the non-TXT registry, it will pass the value defined by `txtOwnerId` down to the application (optional)
## This setting added for backward compatibility for
## customers who already used bitnami/external-dns helm chart
## to privision 'aws-sd' registry type.
## Previously bitnami/external-dns helm chart did not pass
## txtOwnerId value down to the external-dns application
## so the app itself sets that value to be a string 'default'.
## If existing customers force the actual txtOwnerId value to be
## passed properly, their external-dns updates will stop working
## because the owner's value for exting DNS records in
## AWS Service Discovery would remain 'default'.
## NOTE: It is up to the end user to update AWS Service Discovery
## 'default' values in description fields to make it work with new
## value passed as txtOwnerId when forceTxtOwnerId=true
forceTxtOwnerId: false
## @param extraArgs Extra arguments to be passed to external-dns
##
extraArgs: {}
## @param extraEnv Extra environment variables to be passed to external-dns
##
## extraEnv:
## - name: VARNAME1
## value: value1
## - name: VARNAME2
## valueFrom:
## secretKeyRef:
## name: existing-secret
## key: varname2-key
##
extraEnv: []
## @param replicas Desired number of ExternalDNS replicas
##
replicas: 1
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param nodeSelector Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param tolerations Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param podAnnotations Additional annotations to apply to the pod.
##
podAnnotations: {}
## @param podLabels Additional labels to be added to pods
##
podLabels: {}
## @param priorityClassName priorityClassName
##
priorityClassName: ""
## @param secretAnnotations Additional annotations to apply to the secret
##
secretAnnotations: {}
## Options for the source type "crd"
##
crd:
## @param crd.create Install and use the integrated DNSEndpoint CRD
##
create: false
## @param crd.apiversion Sets the API version for the CRD to watch
##
apiversion: ""
## @param crd.kind Sets the kind for the CRD to watch
##
kind: ""
## Kubernetes svc configutarion
##
service:
## @param service.enabled Whether to create Service resource or not
##
enabled: true
## @param service.type Kubernetes Service type
##
type: ClusterIP
## @param service.port ExternalDNS client port
##
port: 7979
## @param service.nodePort Port to bind to for NodePort service type (client port)
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
nodePort: ""
## @param service.clusterIP IP address to assign to service
##
clusterIP: ""
## @param service.externalIPs Service external IP addresses
##
externalIPs: []
## @param service.loadBalancerIP IP address to assign to load balancer (if supported)
##
loadBalancerIP: ""
## @param service.loadBalancerSourceRanges List of IP CIDRs allowed access to load balancer (if supported)
##
loadBalancerSourceRanges: []
## @param service.annotations Annotations to add to service
## set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
## @param service.labels Provide any additional labels which may be required.
## This can be used to have external-dns show up in `kubectl cluster-info`
## kubernetes.io/cluster-service: "true"
## kubernetes.io/name: "external-dns"
##
labels: {}
## ServiceAccount parameters
## https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
## @param serviceAccount.create Determine whether a Service Account should be created or it should reuse a exiting one.
##
create: true
## @param serviceAccount.name ServiceAccount to use. A name is generated using the external-dns.fullname template if it is not set
##
name: ""
## @param serviceAccount.annotations Additional Service Account annotations
##
annotations: {}
## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
##
automountServiceAccountToken: true
## RBAC parameters
## https://kubernetes.io/docs/reference/access-authn-authz/rbac/
##
rbac:
## @param rbac.create Whether to create & use RBAC resources or not
##
create: true
## @param rbac.clusterRole Whether to create Cluster Role. When set to false creates a Role in `namespace`
##
clusterRole: true
## @param rbac.apiVersion Version of the RBAC API
##
apiVersion: v1
## @param rbac.pspEnabled Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
##
pspEnabled: false
## @param securityContext Security context for the container
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## Example:
## securityContext:
## allowPrivilegeEscalation: false
## readOnlyRootFilesystem: true
## capabilities:
## drop: ["ALL"]
##
securityContext: {}
## @param podSecurityContext.fsGroup Group ID for the container
## @param podSecurityContext.runAsUser User ID for the container
##
podSecurityContext:
fsGroup: 1001
runAsUser: 1001
## Container resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param resources.limits The resources limits for the container
## @param resources.requests The requested resources for the container
##
resources:
## Example:
## limits:
## cpu: 50m
## memory: 50Mi
limits: {}
## Examples:
## requests:
## cpu: 10m
## memory: 50Mi
requests: {}
## Configure extra options for liveness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe
## @param livenessProbe.httpGet.path Request path for livenessProbe
## @param livenessProbe.httpGet.port Port for livenessProbe
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
httpGet:
path: /healthz
port: http
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 2
successThreshold: 1
## Configure extra options for readiness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param readinessProbe.enabled Enable readinessProbe
## @param readinessProbe.httpGet.path Request path for readinessProbe
## @param readinessProbe.httpGet.port Port for readinessProbe
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
httpGet:
path: /healthz
port: http
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param extraVolumes A list of volumes to be added to the pod
##
extraVolumes: []
## @param extraVolumeMounts A list of volume mounts to be added to the pod
##
extraVolumeMounts: []
## @param podDisruptionBudget Configure PodDisruptionBudget
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
podDisruptionBudget: {}
## Prometheus Exporter / Metrics
##
metrics:
## @param metrics.enabled Enable prometheus to access external-dns metrics endpoint
##
enabled: false
## @param metrics.podAnnotations Annotations for enabling prometheus to access the metrics endpoint
##
podAnnotations: {}
## Prometheus Operator ServiceMonitor configuration
##
serviceMonitor:
## @param metrics.serviceMonitor.enabled Create ServiceMonitor object
##
enabled: false
## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
##
namespace: ""
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
interval: ""
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
scrapeTimeout: ""
## @param metrics.serviceMonitor.selector Additional labels for ServiceMonitor object
## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
## e.g:
## selector:
## prometheus: my-prometheus
##
selector: {}
```
--8<-- "kubernetes-why-full-values-in-configmap.md"
Then work your way through the values you pasted, and change any which are specific to your configuration.
@@ -958,8 +116,7 @@ To:
As you work your way through `values.yaml`, you'll notice that it contains specific placholders for credentials for various DNS providers.
Take for example, this config for cloudflare:
???+ example "Example snippet of CloudFlare config from ConfigMap"
```yaml
```yaml title="Example snippet of CloudFlare config from ConfigMap"
cloudflare:
## @param cloudflare.apiToken When using the Cloudflare provider, `CF_API_TOKEN` to set (optional)
##
@@ -977,7 +134,7 @@ Take for example, this config for cloudflare:
## @param cloudflare.proxied When using the Cloudflare provider, enable the proxy feature (DDOS protection, CDN...) (optional)
##
proxied: true
```
```
In the case of CloudFlare (*and this may differ per-provider*), you can either enter your credentials in cleartext (*baaad idea, since we intend to commit these files into a repo*), or you can reference a secret, which External DNS will expect to find in its namespace.
@@ -997,10 +154,9 @@ And your sealed secret would end up in `external-dns/sealedsecret-cloudflare-api
### HelmRelease
Lastly, having set the scene above, we define the HelmRelease which will actually deploy the external-dns controller into the cluster, with the config we defined above. I save this in my flux repo as `external-dns/helmrelease-external-dns.yaml`:
Lastly, having set the scene above, we define the HelmRelease which will actually deploy the external-dns controller into the cluster, with the config we defined above. I save this in my flux repo as:
??? example "Example HelmRelease (click to expand)"
```yaml
```yaml title="/external-dns/helmrelease-external-dns.yaml"
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
@@ -1022,7 +178,7 @@ Lastly, having set the scene above, we define the HelmRelease which will actuall
- kind: ConfigMap
name: external-dns-helm-chart-value-overrides
valuesKey: values.yaml # This is the default, but best to be explicit for clarity
```
```
--8<-- "kubernetes-why-not-config-in-helmrelease.md"

2
docs/kubernetes/ingress/nginx.md
View File

@@ -80,7 +80,7 @@ Now that the "global" elements of this deployment (*Namespace and HelmRepository
### ConfigMap
Now we're into the nginx-ingress-controller-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami/charts/blob/master/bitnami/nginx-ingress-controller/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `nginx-ingress-controller/configmap-nginx-ingress-controller-helm-chart-value-overrides.yaml`:
Now we're into the nginx-ingress-controller-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami/charts/blob/master/bitnami/nginx-ingress-controller/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `nginx-ingress-controller/configmap-nginx-ingress-controller-helm-chart-value-overrides.yaml`:
??? example "Example ConfigMap (click to expand)"
```yaml

2
docs/kubernetes/ingress/traefik/index.md
View File

@@ -82,7 +82,7 @@ spec:
### ConfigMap
Now we're into the traefik-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
Now we're into the traefik-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
```yaml title="/traefik/configmap-traefik-helm-chart-value-overrides.yaml"
apiVersion: v1

2
docs/kubernetes/loadbalancer/metallb/index.md
View File

@@ -93,7 +93,7 @@ Now that the "global" elements of this deployment (*Namespace and HelmRepository
### ConfigMap (for HelmRelease)
Now we're into the metallb-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami/charts/blob/master/bitnami/metallb/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `metallb-system/configmap-metallb-helm-chart-value-overrides.yaml`:
Now we're into the metallb-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami/charts/blob/master/bitnami/metallb/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `metallb-system/configmap-metallb-helm-chart-value-overrides.yaml`:
??? example "Example ConfigMap (click to expand)"
```yaml

2
docs/kubernetes/persistence/rook-ceph/cluster.md
View File

@@ -65,7 +65,7 @@ spec:
### ConfigMap
Now we're into the app-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/rook/rook/blob/master/deploy/charts/rook-ceph/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
Now we're into the app-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/rook/rook/blob/master/deploy/charts/rook-ceph/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
```yaml title="/rook-ceph-cluster/configmap-rook-ceph-cluster-helm-chart-value-overrides.yaml"
apiVersion: v1

2
docs/kubernetes/persistence/rook-ceph/operator.md
View File

@@ -77,7 +77,7 @@ spec:
### ConfigMap
Now we're into the app-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/rook/rook/blob/master/deploy/charts/rook-ceph/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
Now we're into the app-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/rook/rook/blob/master/deploy/charts/rook-ceph/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
```yaml title="rook-ceph/configmap-rook-ceph-helm-chart-value-overrides.yaml"
apiVersion: v1

2
docs/kubernetes/persistence/topolvm.md
View File

@@ -109,7 +109,7 @@ Now that the "global" elements of this deployment (*Namespace and HelmRepository
### ConfigMap
Now we're into the topolvm-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/topolvm/topolvm/blob/main/charts/topolvm/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `topolvm/configmap-topolvm-helm-chart-value-overrides.yaml`:
Now we're into the topolvm-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/topolvm/topolvm/blob/main/charts/topolvm/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `topolvm/configmap-topolvm-helm-chart-value-overrides.yaml`:
??? example "Example ConfigMap (click to expand)"
```yaml

2
docs/kubernetes/sealed-secrets.md
View File

@@ -107,7 +107,7 @@ Now that the "global" elements of this deployment (*just the HelmRepository in t
### ConfigMap
{% raw %}
Now we're into the sealed-secrets-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami-labs/sealed-secrets/blob/main/helm/sealed-secrets/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `sealed-secrets/configmap-sealed-secrets-helm-chart-value-overrides.yaml`:
Now we're into the sealed-secrets-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami-labs/sealed-secrets/blob/main/helm/sealed-secrets/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo at `sealed-secrets/configmap-sealed-secrets-helm-chart-value-overrides.yaml`:
??? example "Example ConfigMap (click to expand)"
```yaml

2
docs/kubernetes/ssl-certificates/cert-manager.md
View File

@@ -75,7 +75,7 @@ spec:
### ConfigMap
Now we're into the cert-manager-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami-labs/cert-manager/blob/main/helm/cert-manager/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
Now we're into the cert-manager-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami-labs/cert-manager/blob/main/helm/cert-manager/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
```yaml title="/cert-manager/configmap-cert-manager-helm-chart-value-overrides.yaml"
apiVersion: v1

2
docs/kubernetes/ssl-certificates/secret-replicator.md
View File

@@ -67,7 +67,7 @@ spec:
### ConfigMap
Now we're into the secret-replicator-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/kiwigrid/helm-charts/blob/master/charts/secret-replicator/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
Now we're into the secret-replicator-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/kiwigrid/helm-charts/blob/master/charts/secret-replicator/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
```yaml hl_lines="21 27" title="/secret-replicator/configmap-secret-replicator-helm-chart-value-overrides.yaml"
apiVersion: v1

10
docs/premix/ansiblizing/index.md Normal file
View File

@@ -0,0 +1,10 @@
# Ansiblizing
!!! warning "This section is under construction :hammer:"
This section is a serious work-in-progress, and reflects the current development on the [sponsors](https://github.com/sponsors/funkypenguin)' "premix" repository
So... There may be errors and inaccuracies. Jump into [Discord](http://chat.funkypenguin.co.nz) in the #premium-support channel if you're encountering issues 😁
So you want to add a recipe to the the premix playbook which is not yet an Ansible role? Read on for details...
1. [Ansiblizing for Docker Swarm](/premix/ansiblizing/swarm/)
2. [Ansiblizing for Kubernetes (flux)](/premix/ansiblizing/kubernetes/)

41
docs/premix/ansiblizing/kubernetes.md Normal file
View File

@@ -0,0 +1,41 @@
# Ansiblizing a recipe for Kubernetes
!!! warning "This section is under construction :hammer:"
This section is a serious work-in-progress, and reflects the current development on the [sponsors](https://github.com/sponsors/funkypenguin)' "premix" repository
So... There may be errors and inaccuracies. Jump into [Discord](http://chat.funkypenguin.co.nz) in the #premium-support channel if you're encountering issues 😁
## Update deploy.yml
Edit `ansible/deploy.yml`, and find the kubernetes section, starting with:
```yaml
# Create flux manifests using localhost
- hosts: localhost
```
Add an `import_role` task like this (*alphabeticized*) at the bottom:
```yaml
# Traefik
- { import_role: { name: flux-repo }, vars: { recipe: traefik, config: traefik }, tags: [ traefik ], when: combined_config.traefik.enabled | bool }
```
## Update config
Edit `ansible/group_vars/all/main.yml`, and edit the `recipe_default_config` dictionary, adding the necessary values, like this:
```yaml
traefik:
enabled: true
helm_chart_namespace: traefik
helm_chart_name: traefik
helm_chart_repo: traefik
helm_chart_repo_url: https://helm.traefik.io/traefik
helm_chart_version: latest
```
## That's it!
What, that's all? So easy?
Yes, but remember all they playbook does in the case of a flux deployment is to create the necessary files for the user to customize themselves, since it's impractical to try to contain any chart config within our playbook!

44
docs/premix/ansiblizing/swarm.md Normal file
View File

@@ -0,0 +1,44 @@
# Ansiblizing a recipe for Swarm
!!! warning "This section is under construction :hammer:"
This section is a serious work-in-progress, and reflects the current development on the [sponsors](https://github.com/sponsors/funkypenguin)' "premix" repository
So... There may be errors and inaccuracies. Jump into [Discord](http://chat.funkypenguin.co.nz) in the #premium-support channel if you're encountering issues 😁
## Update deploy.yml
Edit `ansible/deploy.yml`, and find the swarm section, starting with:
```yaml
### non-critical swarm recipes start here, alphabeticized
```
Add an `import_role` task like this (*alphabeticized*) at the bottom:
```yaml
# Setup immich
- { import_role: { name: docker-stack }, vars: { recipe: immich }, tags: [ immich ], when: combined_config.immich.enabled | bool }
```
## Update config
Edit `ansible/group_vars/all/main.yml`, and edit the `recipe_default_config` dictionary, adding the necessary values, like this:
```yaml
immich:
enabled: false #(1)!
run_pre_deploy: | #(2)!
mkdir -p /var/data/immich/database-dump
mkdir -p /var/data/immich/upload
mkdir -p /var/data/runtime/immich/database
run_post_deploy: | #(3)!
echo "this is just an example to show that it's possible to run tasks post-deploy!"
```
1. We disable all non-essential services by default - that way, the user can opt into them in their own config, which is later merged with this master config.
2. Add as many pre-deploy commands as necessary - typically these will create the necessary data directories. `/var/data/config/<recipe>` will be created automatically.
3. Likewise, add any necessary post-deployment commands
## Ensure the recipe files are valid
The playbook assumes that `/<recipe-name>/<recipe-name>.yml` and `/<recipe-name>/<recipe-name>.env-sample` exist. Without these (*and any other supporting files, ending in `-sample`*), unpleasant things will happen!

2
docs/recipes/kubernetes/mastodon.md
View File

@@ -104,7 +104,7 @@ spec:
### ConfigMap
Now we're into the mastodon-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami-labs/mastodon/blob/main/helm/mastodon/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 tabs (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
Now we're into the mastodon-specific YAMLs. First, we create a ConfigMap, containing the entire contents of the helm chart's [values.yaml](https://github.com/bitnami-labs/mastodon/blob/main/helm/mastodon/values.yaml). Paste the values into a `values.yaml` key as illustrated below, indented 4 spaces (*since they're "encapsulated" within the ConfigMap YAML*). I create this example yaml in my flux repo:
```yaml title="mastodon/configmap-mastodon-helm-chart-value-overrides.yaml"
apiVersion: v1

14
mkdocs.yml
View File

@@ -273,10 +273,18 @@ nav:
# - Webook Receiver: kubernetes/wip.md
- 🚀 Get Premix!:
- premix/index.md
- Operation: premix/ansible/operation.md
- Get Started:
- Setup: premix/ansible/operation.md
- Deploy!:
- Swarm: premix/swarm.md
- Kubernetes: premix/kubernetes.md
- Contribute:
- Ansiblizing:
- premix/ansiblizing/index.md
- Swarm: premix/ansiblizing/swarm.md
- Kubernetes: premix/ansiblizing/kubernetes.md
- Reference:
- Design: premix/ansible/design.md
# - Swarm: premix/swarm.md
# - Kubernetes: premix/kubernetes.md
- ☑️ Reviews:
- review/index.md
- Immich: review/immich.md