valkey_cluster is now it's own application

small-hack · Dec 20, 2024 · a9058fc · a9058fc
1 parent 49eb0f9
commit a9058fc
Show file tree

Hide file tree

Showing 17 changed files with 397 additions and 191 deletions.
diff --git a/valkey/README.md b/valkey/README.md
@@ -2,4 +2,9 @@
 
 [Valkey](https://valkey.io) is an open source (BSD) high-performance key/value datastore that supports a variety workloads such as caching, message queues, and can act as a primary database.
 
-This directory contains both an Application for deploying the [bitnami valkey helm chart](https://github.com/bitnami/charts/tree/main/bitnami/valkey), as well a separate directory, [`valkey_cluster`](./valkey_cluster), containing an ApplicationSet for deploying the [bitnami valkey-cluster helm chart](https://github.com/bitnami/charts/tree/main/bitnami/valkey-cluster).
+This directory contains both an Application for deploying the [Bitnami Valkey helm chart](https://github.com/bitnami/charts/tree/main/bitnami/valkey).
+
+## Sync Waves
+
+1. External Secret for Valkey Admin Credentials from Bitwarden
+2. Valkey Application - the helm chart application
diff --git a/valkey/external_secrets/Chart.yaml b/valkey/external_secrets/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-name: eso-bitwarden-chart
+name: external-secrets-valkey-chart
 description: A Helm chart for External Secrets using the Bitwarden ESO provider on Kubernetes
 
 # A chart can be either an 'application' or a 'library' chart.

diff --git a/valkey/external_secrets/README.md b/valkey/external_secrets/README.md
@@ -1,25 +1,15 @@
-# nextcloud-eso-bitwarden-chart
+# external-secrets-valkey-chart
 
 ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
 
-A Helm chart for Nextcloud External Secrets using the Bitwarden ESO provider on Kubernetes
+A Helm chart for External Secrets using the Bitwarden ESO provider on Kubernetes
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| adminCredentialsBitwardenID | string | `""` | nextcloud admin Credentials |
-| oidcCredentialsBitwardenID | string | `""` | nextcloud OIDC Credentials |
-| postgresqlBitwardenID | string | `""` | nextcloud postgres Credentials |
 | provider | string | `""` | if this is not set to "bitwarden", we will not actually deploy any templates we may support other secret providers in the future |
-| redisBitwardenID | string | `""` | nextcloud redis Credentials |
-| s3AdminCredentialsBitwardenID | string | `""` | existing kubernetes secret with s3 admin credentials |
-| s3BackupCredentialsBitwardenID | string | `""` | existing kubernetes secret with s3 credentials for the remote backups |
-| s3NextcloudCredentialsBitwardenID | string | `""` | existing kubernetes secret with s3 nextcloud credentials |
-| s3PostgresCredentialsBitwardenID | string | `""` | existing kubernetes secret with s3 postgres credentials |
-| s3_provider | string | `"seaweedfs"` | if set to seaweedfs we deploy a policy secret. can also be minio |
-| serverInfoTokenBitwardenID | string | `""` | nextcloud server info token for metrics |
-| smtpCredentialsBitwardenID | string | `""` | nextcloud smtp Credentials |
+| valkeyBitwardenID | string | `""` | nextcloud redis (actually for valkey) Credentials |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
diff --git a/valkey/external_secrets/templates/bitwarden/valkey_credentials.yaml b/valkey/external_secrets/templates/bitwarden/valkey_credentials.yaml
@@ -22,6 +22,6 @@ spec:
           name: bitwarden-login
           kind: ClusterSecretStore
       remoteRef:
-        key: {{ .Values.redisBitwardenID }}
+        key: {{ .Values.valkeyCredentialsBitwardenID }}
         property: password
 {{- end }}
diff --git a/valkey/external_secrets/values.yaml b/valkey/external_secrets/values.yaml
@@ -2,6 +2,6 @@
 # we may support other secret providers in the future
 provider: ""
 
-# -- nextcloud redis Credentials
-valkeyBitwardenID: ""
+# -- valkey Credentials
+valkeyCredentialsBitwardenID: ""
 
diff --git a/valkey/external_secrets_argocd_appset.yaml b/valkey/external_secrets_argocd_appset.yaml
@@ -0,0 +1,42 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: valkey-external-secrets-app-set
+  namespace: argocd
+spec:
+  goTemplate: true
+  # generator allows us to source specific values from an external k8s secret
+  generators:
+    - plugin:
+        configMapRef:
+          name: secret-var-plugin-generator
+        input:
+          parameters:
+            secret_vars:
+              - valkey_credentials_bitwarden_id
+              - global_external_secrets
+  template:
+    metadata:
+      name: valkey-external-secrets
+      annotations:
+        argocd.argoproj.io/sync-wave: "1"
+    spec:
+      project: valkey
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: valkey
+      syncPolicy:
+        syncOptions:
+          - ApplyOutOfSyncOnly=true
+        automated:
+          prune: true
+          selfHeal: true
+      source:
+        repoURL: 'https://github.com/small-hack/argocd-apps.git'
+        path: valkey/external_secrets/
+        targetRevision: main
+        helm:
+          valuesObject:
+            provider: '{{ .global_external_secrets }}'
+            valkeyCredentialsBitwardenID: '{{ .valkey_credentials_bitwarden_id }}'
diff --git a/valkey/valkey_argocd_app.yaml b/valkey/valkey_argocd_app.yaml
diff --git a/valkey/valkey_argocd_appset.yaml b/valkey/valkey_argocd_appset.yaml
@@ -0,0 +1,94 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: valkey-app-set
+  namespace: argocd
+  annotations:
+    # wait till after secrets are populated in sync wave 1
+    argocd.argoproj.io/sync-wave: "2"
+spec:
+  goTemplate: true
+  # generator allows us to source specific values from an external k8s secret
+  generators:
+    - plugin:
+        configMapRef:
+          name: secret-var-plugin-generator
+        input:
+          parameters:
+            secret_vars:
+              - global_storage_class
+  template:
+    metadata:
+      name: valkey-app
+      annotations:
+        argocd.argoproj.io/sync-wave: "2"
+    spec:
+      project: valkey
+
+      # the sync policy for this Argo CD Application
+      syncPolicy:
+        syncOptions:
+          - CreateNamespace=true
+          - ApplyOutOfSyncOnly=true
+        automated:
+          prune: true
+          selfHeal: true
+
+      # where this Argo CD Application should be deployed
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: valkey
+
+      # where we should get the source of this Argo CD Application
+      source:
+        repoURL: 'registry-1.docker.io'
+        chart: bitnamicharts/valkey
+        targetRevision: 2.0.0
+        helm:
+          # helm parameter overrides
+          valuesObject:
+            fullnameOverride: "valkey"
+
+            global:
+              storageClass: "{{ .global_storage_class }}"
+
+            # for auth, we get the valkey credentials from an ExternalSecret
+            auth:
+              enabled: true
+              existingSecret: "valkey-credentials"
+              existingSecretPasswordKey: "password"
+
+            # TLS settings
+            tls:
+              enabled: false
+              authClients: true
+              autoGenerated: false
+
+            # primary (control plane) configuration
+            primary:
+              persistence:
+                enabled: true
+                existingClaim: "valkey-primary"
+
+            # valkey replica configuration
+            replica:
+              persistence:
+                enabled: true
+                existingClaim: "valkey-replica"
+
+
+            # persistnent volume retention policy for the StatefulSet
+            persistentVolumeClaimRetentionPolicy:
+              enabled: true
+              whenScaled: Retain
+              whenDeleted: Retain
+
+            metrics:
+              # we use a grafana exporter that logs into valkey directly
+              enabled: false
+
+            # definitions: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+            # Options: nano, micro, small, medium, large, xlarge, 2xlarge
+            # default: nano
+            resourcesPreset: "small"
diff --git a/valkey/valkey_cluster/valkey_cluster_argocd_app.yaml b/valkey/valkey_cluster/valkey_cluster_argocd_app.yaml
diff --git a/valkey_cluster/README.md b/valkey_cluster/README.md
@@ -0,0 +1,10 @@
+# Valkey Argo CD Application and Valkey Cluster Argo CD ApplicationSet
+
+[Valkey Cluster](https://valkey.io) is an open source (BSD) high-performance key/value and scalable datastore that supports a variety workloads such as caching, message queues, and can act as a primary database.
+
+Deploys the [bitnami valkey-cluster helm chart](https://github.com/bitnami/charts/tree/main/bitnami/valkey-cluster).
+
+## Sync Waves
+
+1. External Secret for Valkey Admin Credentials from Bitwarden
+2. Valkey Cluster Application - the helm chart application