diff --git a/valkey/README.md b/valkey/README.md index 515a0a32b..f3fe7d610 100644 --- a/valkey/README.md +++ b/valkey/README.md @@ -2,4 +2,9 @@ [Valkey](https://valkey.io) is an open source (BSD) high-performance key/value datastore that supports a variety workloads such as caching, message queues, and can act as a primary database. -This directory contains both an Application for deploying the [bitnami valkey helm chart](https://github.com/bitnami/charts/tree/main/bitnami/valkey), as well a separate directory, [`valkey_cluster`](./valkey_cluster), containing an ApplicationSet for deploying the [bitnami valkey-cluster helm chart](https://github.com/bitnami/charts/tree/main/bitnami/valkey-cluster). +This directory contains both an Application for deploying the [Bitnami Valkey helm chart](https://github.com/bitnami/charts/tree/main/bitnami/valkey). + +## Sync Waves + +1. External Secret for Valkey Admin Credentials from Bitwarden +2. Valkey Application - the helm chart application diff --git a/valkey/external_secrets/Chart.yaml b/valkey/external_secrets/Chart.yaml index c44d0a8e0..b190f377f 100644 --- a/valkey/external_secrets/Chart.yaml +++ b/valkey/external_secrets/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: eso-bitwarden-chart +name: external-secrets-valkey-chart description: A Helm chart for External Secrets using the Bitwarden ESO provider on Kubernetes # A chart can be either an 'application' or a 'library' chart. diff --git a/valkey/external_secrets/README.md b/valkey/external_secrets/README.md index e6a6587b2..8f3eec146 100644 --- a/valkey/external_secrets/README.md +++ b/valkey/external_secrets/README.md @@ -1,25 +1,15 @@ -# nextcloud-eso-bitwarden-chart +# external-secrets-valkey-chart ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) -A Helm chart for Nextcloud External Secrets using the Bitwarden ESO provider on Kubernetes +A Helm chart for External Secrets using the Bitwarden ESO provider on Kubernetes ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| adminCredentialsBitwardenID | string | `""` | nextcloud admin Credentials | -| oidcCredentialsBitwardenID | string | `""` | nextcloud OIDC Credentials | -| postgresqlBitwardenID | string | `""` | nextcloud postgres Credentials | | provider | string | `""` | if this is not set to "bitwarden", we will not actually deploy any templates we may support other secret providers in the future | -| redisBitwardenID | string | `""` | nextcloud redis Credentials | -| s3AdminCredentialsBitwardenID | string | `""` | existing kubernetes secret with s3 admin credentials | -| s3BackupCredentialsBitwardenID | string | `""` | existing kubernetes secret with s3 credentials for the remote backups | -| s3NextcloudCredentialsBitwardenID | string | `""` | existing kubernetes secret with s3 nextcloud credentials | -| s3PostgresCredentialsBitwardenID | string | `""` | existing kubernetes secret with s3 postgres credentials | -| s3_provider | string | `"seaweedfs"` | if set to seaweedfs we deploy a policy secret. can also be minio | -| serverInfoTokenBitwardenID | string | `""` | nextcloud server info token for metrics | -| smtpCredentialsBitwardenID | string | `""` | nextcloud smtp Credentials | +| valkeyBitwardenID | string | `""` | nextcloud redis (actually for valkey) Credentials | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/valkey/external_secrets/templates/bitwarden/valkey_credentials.yaml b/valkey/external_secrets/templates/bitwarden/valkey_credentials.yaml index ce0bc83fe..d7db6ad08 100644 --- a/valkey/external_secrets/templates/bitwarden/valkey_credentials.yaml +++ b/valkey/external_secrets/templates/bitwarden/valkey_credentials.yaml @@ -22,6 +22,6 @@ spec: name: bitwarden-login kind: ClusterSecretStore remoteRef: - key: {{ .Values.redisBitwardenID }} + key: {{ .Values.valkeyCredentialsBitwardenID }} property: password {{- end }} diff --git a/valkey/external_secrets/values.yaml b/valkey/external_secrets/values.yaml index fa0b616ce..a0fae4d03 100644 --- a/valkey/external_secrets/values.yaml +++ b/valkey/external_secrets/values.yaml @@ -2,6 +2,6 @@ # we may support other secret providers in the future provider: "" -# -- nextcloud redis Credentials -valkeyBitwardenID: "" +# -- valkey Credentials +valkeyCredentialsBitwardenID: "" diff --git a/valkey/external_secrets_argocd_appset.yaml b/valkey/external_secrets_argocd_appset.yaml new file mode 100644 index 000000000..7c7ca807c --- /dev/null +++ b/valkey/external_secrets_argocd_appset.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: valkey-external-secrets-app-set + namespace: argocd +spec: + goTemplate: true + # generator allows us to source specific values from an external k8s secret + generators: + - plugin: + configMapRef: + name: secret-var-plugin-generator + input: + parameters: + secret_vars: + - valkey_credentials_bitwarden_id + - global_external_secrets + template: + metadata: + name: valkey-external-secrets + annotations: + argocd.argoproj.io/sync-wave: "1" + spec: + project: valkey + destination: + server: https://kubernetes.default.svc + namespace: valkey + syncPolicy: + syncOptions: + - ApplyOutOfSyncOnly=true + automated: + prune: true + selfHeal: true + source: + repoURL: 'https://github.com/small-hack/argocd-apps.git' + path: valkey/external_secrets/ + targetRevision: main + helm: + valuesObject: + provider: '{{ .global_external_secrets }}' + valkeyCredentialsBitwardenID: '{{ .valkey_credentials_bitwarden_id }}' diff --git a/valkey/valkey_argocd_app.yaml b/valkey/valkey_argocd_app.yaml deleted file mode 100644 index 2f918d82d..000000000 --- a/valkey/valkey_argocd_app.yaml +++ /dev/null @@ -1,68 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: valkey-app - namespace: argocd - # optional, but you probably want this to run after your PVCs are created - # and your secrets are populated - # annotations: - # argocd.argoproj.io/sync-wave: "2" -spec: - project: valkey - - destination: - server: https://kubernetes.default.svc - namespace: valkey - - syncPolicy: - syncOptions: - - CreateNamespace=true - - ApplyOutOfSyncOnly=true - automated: - prune: true - selfHeal: true - - source: - repoURL: 'registry-1.docker.io' - chart: bitnamicharts/valkey - targetRevision: 2.0.0 - helm: - valuesObject: - fullnameOverride: "valkey" - - global: - storageClass: "local-path" - - auth: - enabled: true - existingSecret: "valkey-credentials" - existingSecretPasswordKey: "valkey-password" - - tls: - enabled: false - authClients: true - autoGenerated: false - - primary: - persistence: - enabled: true - existingClaim: "valkey-primary" - - replica: - persistence: - enabled: true - existingClaim: "valkey-replica" - - persistentVolumeClaimRetentionPolicy: - enabled: true - whenScaled: Retain - whenDeleted: Retain - - metrics: - # we use a grafana exporter that logs into valkey directly - enabled: false - - # default: nano Options: nano, micro, small, medium, large, xlarge, 2xlarge - # definitions: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - resourcesPreset: "small" diff --git a/valkey/valkey_argocd_appset.yaml b/valkey/valkey_argocd_appset.yaml new file mode 100644 index 000000000..1c49c7022 --- /dev/null +++ b/valkey/valkey_argocd_appset.yaml @@ -0,0 +1,94 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: valkey-app-set + namespace: argocd + annotations: + # wait till after secrets are populated in sync wave 1 + argocd.argoproj.io/sync-wave: "2" +spec: + goTemplate: true + # generator allows us to source specific values from an external k8s secret + generators: + - plugin: + configMapRef: + name: secret-var-plugin-generator + input: + parameters: + secret_vars: + - global_storage_class + template: + metadata: + name: valkey-app + annotations: + argocd.argoproj.io/sync-wave: "2" + spec: + project: valkey + + # the sync policy for this Argo CD Application + syncPolicy: + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + automated: + prune: true + selfHeal: true + + # where this Argo CD Application should be deployed + destination: + server: https://kubernetes.default.svc + namespace: valkey + + # where we should get the source of this Argo CD Application + source: + repoURL: 'registry-1.docker.io' + chart: bitnamicharts/valkey + targetRevision: 2.0.0 + helm: + # helm parameter overrides + valuesObject: + fullnameOverride: "valkey" + + global: + storageClass: "{{ .global_storage_class }}" + + # for auth, we get the valkey credentials from an ExternalSecret + auth: + enabled: true + existingSecret: "valkey-credentials" + existingSecretPasswordKey: "password" + + # TLS settings + tls: + enabled: false + authClients: true + autoGenerated: false + + # primary (control plane) configuration + primary: + persistence: + enabled: true + existingClaim: "valkey-primary" + + # valkey replica configuration + replica: + persistence: + enabled: true + existingClaim: "valkey-replica" + + + # persistnent volume retention policy for the StatefulSet + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Retain + whenDeleted: Retain + + metrics: + # we use a grafana exporter that logs into valkey directly + enabled: false + + # definitions: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + # Options: nano, micro, small, medium, large, xlarge, 2xlarge + # default: nano + resourcesPreset: "small" diff --git a/valkey/valkey_cluster/valkey_cluster_argocd_app.yaml b/valkey/valkey_cluster/valkey_cluster_argocd_app.yaml deleted file mode 100644 index e29bc2953..000000000 --- a/valkey/valkey_cluster/valkey_cluster_argocd_app.yaml +++ /dev/null @@ -1,104 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: valkey-cluster-appset - namespace: argocd -spec: - goTemplate: true - template: - metadata: - name: valkey-cluster-app - annotations: - argocd.argoproj.io/sync-wave: "1" - spec: - project: redis - destination: - server: https://kubernetes.default.svc - namespace: valkey - syncPolicy: - syncOptions: - - CreateNamespace=true - - ApplyOutOfSyncOnly=true - automated: - prune: true - selfHeal: true - source: - repoURL: 'registry-1.docker.io' - chart: bitnamicharts/valkey-cluster - targetRevision: 2.1.0 - helm: - values: | - global: - storageClass: "local-path" - - fullnameOverride: "valkey" - - usePassword: false - password: "" - existingSecret: "valkey-credentials" - existingSecretPasswordKey: "valkey_password" - - tls: - enabled: false - authClients: true - autoGenerated: false - - service: - ports: - valkey: 6379 - type: ClusterIP - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalTrafficPolicy: Cluster - - persistence: - enabled: true - path: /bitnami/valkey/data - storageClass: "" - annotations: {} - accessModes: - - ReadWriteOnce - size: 8Gi - - persistentVolumeClaimRetentionPolicy: - enabled: false - whenScaled: Retain - whenDeleted: Retain - - valkey: - command: [] - args: [] - updateStrategy: - type: RollingUpdate - rollingUpdate: - partition: 0 - podManagementPolicy: Parallel - automountServiceAccountToken: false - hostNetwork: false - useAOFPersistence: "yes" - containerPorts: - valkey: 6379 - bus: 16379 - resourcesPreset: "nano" - resources: {} - - cluster: - init: true - nodes: 6 - replicas: 1 - externalAccess: - enabled: false - hostMode: false - service: - disableLoadBalancerIP: false - type: LoadBalancer - port: 6379 - loadBalancerIP: [] - loadBalancerSourceRanges: [] - - metrics: - enabled: false - resourcesPreset: "nano" - serviceMonitor: - enabled: false diff --git a/valkey_cluster/README.md b/valkey_cluster/README.md new file mode 100644 index 000000000..91cae1a95 --- /dev/null +++ b/valkey_cluster/README.md @@ -0,0 +1,10 @@ +# Valkey Argo CD Application and Valkey Cluster Argo CD ApplicationSet + +[Valkey Cluster](https://valkey.io) is an open source (BSD) high-performance key/value and scalable datastore that supports a variety workloads such as caching, message queues, and can act as a primary database. + +Deploys the [bitnami valkey-cluster helm chart](https://github.com/bitnami/charts/tree/main/bitnami/valkey-cluster). + +## Sync Waves + +1. External Secret for Valkey Admin Credentials from Bitwarden +2. Valkey Cluster Application - the helm chart application diff --git a/valkey_cluster/external_secrets/Chart.yaml b/valkey_cluster/external_secrets/Chart.yaml new file mode 100644 index 000000000..b190f377f --- /dev/null +++ b/valkey_cluster/external_secrets/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: external-secrets-valkey-chart +description: A Helm chart for External Secrets using the Bitwarden ESO provider on Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.0.0" diff --git a/valkey_cluster/external_secrets/README.md b/valkey_cluster/external_secrets/README.md new file mode 100644 index 000000000..8f3eec146 --- /dev/null +++ b/valkey_cluster/external_secrets/README.md @@ -0,0 +1,15 @@ +# external-secrets-valkey-chart + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) + +A Helm chart for External Secrets using the Bitwarden ESO provider on Kubernetes + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| provider | string | `""` | if this is not set to "bitwarden", we will not actually deploy any templates we may support other secret providers in the future | +| valkeyBitwardenID | string | `""` | nextcloud redis (actually for valkey) Credentials | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/valkey_cluster/external_secrets/templates/bitwarden/valkey_credentials.yaml b/valkey_cluster/external_secrets/templates/bitwarden/valkey_credentials.yaml new file mode 100644 index 000000000..d7db6ad08 --- /dev/null +++ b/valkey_cluster/external_secrets/templates/bitwarden/valkey_credentials.yaml @@ -0,0 +1,27 @@ +{{- if eq .Values.provider "bitwarden" }} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: valkey-credentials +spec: + target: + # Name for the secret to be created on the cluster + name: valkey-credentials + deletionPolicy: Delete + template: + type: Opaque + data: + valkey_password: |- + {{ `{{ .password }}` }} + data: + # Key given to the secret to be created on the cluster + - secretKey: password + sourceRef: + storeRef: + name: bitwarden-login + kind: ClusterSecretStore + remoteRef: + key: {{ .Values.valkeyCredentialsBitwardenID }} + property: password +{{- end }} diff --git a/valkey_cluster/external_secrets/values.yaml b/valkey_cluster/external_secrets/values.yaml new file mode 100644 index 000000000..a0fae4d03 --- /dev/null +++ b/valkey_cluster/external_secrets/values.yaml @@ -0,0 +1,7 @@ +# -- if this is not set to "bitwarden", we will not actually deploy any templates +# we may support other secret providers in the future +provider: "" + +# -- valkey Credentials +valkeyCredentialsBitwardenID: "" + diff --git a/valkey_cluster/external_secrets_argocd_appset.yaml b/valkey_cluster/external_secrets_argocd_appset.yaml new file mode 100644 index 000000000..7c7ca807c --- /dev/null +++ b/valkey_cluster/external_secrets_argocd_appset.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: valkey-external-secrets-app-set + namespace: argocd +spec: + goTemplate: true + # generator allows us to source specific values from an external k8s secret + generators: + - plugin: + configMapRef: + name: secret-var-plugin-generator + input: + parameters: + secret_vars: + - valkey_credentials_bitwarden_id + - global_external_secrets + template: + metadata: + name: valkey-external-secrets + annotations: + argocd.argoproj.io/sync-wave: "1" + spec: + project: valkey + destination: + server: https://kubernetes.default.svc + namespace: valkey + syncPolicy: + syncOptions: + - ApplyOutOfSyncOnly=true + automated: + prune: true + selfHeal: true + source: + repoURL: 'https://github.com/small-hack/argocd-apps.git' + path: valkey/external_secrets/ + targetRevision: main + helm: + valuesObject: + provider: '{{ .global_external_secrets }}' + valkeyCredentialsBitwardenID: '{{ .valkey_credentials_bitwarden_id }}' diff --git a/valkey_cluster/valkey_cluster_argocd_appset.yaml b/valkey_cluster/valkey_cluster_argocd_appset.yaml new file mode 100644 index 000000000..3cbc8c477 --- /dev/null +++ b/valkey_cluster/valkey_cluster_argocd_appset.yaml @@ -0,0 +1,122 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: valkey-cluster-app-set + namespace: argocd + annotations: + # wait till after secrets are populated in sync wave 1 + argocd.argoproj.io/sync-wave: "2" +spec: + goTemplate: true + # generator allows us to source specific values from an external k8s secret + generators: + - plugin: + configMapRef: + name: secret-var-plugin-generator + input: + parameters: + secret_vars: + - global_storage_class + template: + metadata: + name: valkey-cluster-app + annotations: + argocd.argoproj.io/sync-wave: "2" + spec: + project: valkey + + # the sync policy for this Argo CD Application + syncPolicy: + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + automated: + prune: true + selfHeal: true + + # where this Argo CD Application should be deployed + destination: + server: https://kubernetes.default.svc + namespace: valkey + + source: + repoURL: 'registry-1.docker.io' + chart: bitnamicharts/valkey-cluster + targetRevision: 2.1.0 + helm: + valuesObject: + global: + storageClass: "{{ .global_storage_class }}" + + fullnameOverride: "valkey" + + usePassword: true + existingSecret: "valkey-credentials" + existingSecretPasswordKey: "password" + + tls: + enabled: false + authClients: true + autoGenerated: false + + service: + ports: + valkey: 6379 + type: ClusterIP + loadBalancerIP: "" + loadBalancerSourceRanges: [] + externalTrafficPolicy: Cluster + + persistence: + enabled: true + path: /bitnami/valkey/data + annotations: {} + accessModes: + - ReadWriteOnce + size: 8Gi + + persistentVolumeClaimRetentionPolicy: + enabled: false + whenScaled: Retain + whenDeleted: Retain + + valkey: + updateStrategy: + type: RollingUpdate + rollingUpdate: + partition: 0 + + podManagementPolicy: Parallel + automountServiceAccountToken: false + hostNetwork: false + useAOFPersistence: "yes" + + containerPorts: + valkey: 6379 + bus: 16379 + + # definitions: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + # Options: nano, micro, small, medium, large, xlarge, 2xlarge + # default: nano + resourcesPreset: "micro" + + cluster: + init: true + nodes: 6 + replicas: 1 + externalAccess: + enabled: false + hostMode: false + service: + disableLoadBalancerIP: false + type: LoadBalancer + port: 6379 + loadBalancerIP: [] + loadBalancerSourceRanges: [] + + metrics: + enabled: false + resourcesPreset: "nano" + serviceMonitor: + enabled: false diff --git a/valkey/valkey_cluster/valkey_cluster_mastodon_example_argocd_appset.md b/valkey_cluster/valkey_cluster_mastodon_example_argocd_appset.md similarity index 100% rename from valkey/valkey_cluster/valkey_cluster_mastodon_example_argocd_appset.md rename to valkey_cluster/valkey_cluster_mastodon_example_argocd_appset.md