Merge pull request #53 from steled/v0.10

moving helm values files to separate folder

Author: steled

authentik.tf

@@ -12,6 +12,7 @@
 #   authentik_bootstrap_password = var.authentik_bootstrap_password
 #   authentik_bootstrap_token    = var.authentik_bootstrap_token
 #   authentik_bootstrap_email    = var.authentik_bootstrap_email
+#   values_yaml                  = "${path.root}/helm-values/authentik.yaml"
 
 #   depends_on = [module.cert_manager_cloudflare]
 # }

hashicorp-vault.tf

@@ -11,6 +11,7 @@
 #   hashicorp_vault_domain    = var.hashicorp_vault_domain
 #   environment               = var.hashicorp_vault_env
 #   ip_address                = var.hashicorp_vault_ip_address
+#   values_yaml                  = "${path.root}/helm-values/hashicorp-vault.yaml"
 
 #   depends_on = [module.cert_manager_cloudflare]
 # }

helm-values/authentik.yaml

@@ -0,0 +1,35 @@
+worker:
+  envFrom:
+    - secretRef:
+        name: authentik-secret
+
+authentik:
+  secret_key: "${authentik_secret_key}"
+
+  postgresql:
+    password: "${postgresql_password}"
+
+server:
+  ingress:
+    enabled: true
+    annotations:
+      cert-manager.io/cluster-issuer: cloudflare-letsencrypt-${environment}
+      ingress.cilium.io/loadbalancer-mode: shared
+    ingressClassName: cilium
+    hosts: ${authentik_domains}
+    tls:
+    - secretName: authentik-tls
+      hosts: ${authentik_domains}
+    https: false
+
+postgresql:
+  enabled: true
+  auth:
+    password: "${postgresql_password}"
+  primary:
+    persistence:
+      enabled: true
+      storageClass: longhorn
+
+redis:
+  enabled: true

helm-values/hasicorp-vault.yaml

@@ -0,0 +1,53 @@
+global:
+  tlsDisable: false
+
+server:
+  # extraEnvironmentVars:
+  #   VAULT_CACERT: /vault/userconfig/vault-server-tls/ca.crt
+  #   VAULT_ADDR: http://127.0.0.1:8200
+  # hostAliases:
+  #   - ip: 127.0.0.1
+  #     hostnames:
+  #       - ${hashicorp_vault_domain}
+  ingress:
+    enabled: true
+    activeService: false
+    annotations:
+      cert-manager.io/cluster-issuer: cloudflare-letsencrypt-${environment}
+      ingress.cilium.io/loadbalancer-mode: dedicated
+      lbipam.cilium.io/ips: ${ip_address}
+    hosts:
+      - host: ${hashicorp_vault_domain}
+        paths:
+          - /
+    ingressClassName: cilium
+    tls:
+      - secretName: hashicorp-vault-tls
+        hosts:
+          - ${hashicorp_vault_domain}
+  # standalone:
+  #   config: |-
+  #     ui = true
+  #     listener "tcp" {
+  #       address = "[::]:8200"
+  #       cluster_address = "[::]:8201"
+  #     }
+  #     storage "file" {
+  #       path = "/vault/data"
+  #     }
+  # volumes:
+  #   - name: userconfig-vault-server-tls
+  #     secret:
+  #       defaultMode: 420
+  #       secretName: hashicorp-vault-tls
+  #       # secretName: hashicorp-vault-server-tls
+  # volumeMounts:
+  #   - mountPath: /vault/userconfig/vault-server-tls
+  #     name: userconfig-vault-server-tls
+  #     readOnly: true
+
+ui:
+  enabled: true
+  # annotations:
+  #   "lbipam.cilium.io/ips": ${ip_address}
+  # serviceType: "LoadBalancer"

helm-values/longhorn.yaml

@@ -0,0 +1,27 @@
+persistence:
+  defaultClassReplicaCount: 1
+  migratable: true
+
+csi:
+  attacherReplicaCount: 1
+  provisionerReplicaCount: 1
+  resizerReplicaCount: 1
+  snapshotterReplicaCount: 1
+
+defaultSettings:
+  defaultReplicaCount: 1
+  orphanAutoDeletion: true
+
+longhornUI:
+  replicas: 1
+
+ingress:
+  enabled: true
+  ingressClassName: cilium
+  host: ${domain}
+  tls: true
+  tlsSecret: longhorn-tls
+  pathType: Prefix
+  annotations:
+    cert-manager.io/cluster-issuer: cloudflare-letsencrypt-${environment}
+    ingress.cilium.io/loadbalancer-mode: shared

helm-values/minio.yaml

@@ -0,0 +1,50 @@
+mode: standalone
+existingSecret: minio-secret
+replicas: 1
+
+tlsSecret:
+  enabled: true
+  certSecret: minio-tls
+  publicCrt: tls.crt
+  privateKey: tls.key
+
+persistence:
+  storageClass: longhorn
+  size: 50Gi
+
+ingress:
+  enabled: true
+  ingressClassName: cilium
+  annotations:
+    cert-manager.io/cluster-issuer: cloudflare-letsencrypt-${environment}
+    ingress.cilium.io/loadbalancer-mode: shared
+  hosts: ${ingress_domains}
+  tls:
+    - secretName: minio-tls
+      hosts:  ${ingress_domains}
+
+consoleIngress:
+  enabled: true
+  ingressClassName: cilium
+  annotations:
+    cert-manager.io/cluster-issuer: cloudflare-letsencrypt-${environment}
+  hosts: ${console_ingress_domains}
+  tls:
+    - secretName: minio-tls
+      hosts: ${console_ingress_domains}
+
+resources:
+  requests:
+    memory: 2Gi
+
+users:
+  - existingSecret: minio-secret
+    accessKey: ${user1_name}
+    existingSecretKey: user1_password
+    policy: ${user1_policy}
+
+svcaccts:
+  - existingSecret: minio-secret
+    user: ${user1_name}
+    accessKey: ${user1_accessKey}
+    existingSecretKey: user1_secretKey