initial config based of jenkins-x/jenkins-x-boot-config with ref v1.0.82

systems/acme/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+appVersion: 1.0.82
+description: ACME Chart
+maintainers:
+- name: Team
+name: acme
+version: 1.0.82

systems/acme/templates/cert-manager-prod-certificate.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.certmanager.enabled }}
+{{- if eq .Values.certmanager.production "true" }}
+apiVersion: cert-manager.io/v1alpha2
+kind: Certificate
+metadata:
+  name: "tls-{{ .Values.cluster.domain | replace "." "-" }}-p"
+  labels:
+    jenkins.io/letsencrypt-service: production
+spec:
+  secretName: "tls-{{ .Values.cluster.domain | replace "." "-" }}-p"
+  issuerRef:
+    name: letsencrypt-prod
+  commonName: "*.{{ .Values.cluster.domain }}"
+  dnsNames:
+  - "*.{{ .Values.cluster.domain }}"
+{{- end }}
+{{- end }}

systems/acme/templates/cert-manager-prod-issuer.yaml

@@ -0,0 +1,35 @@
+{{- if .Values.certmanager.enabled }}
+{{- if eq .Values.certmanager.production "true" }}
+apiVersion: cert-manager.io/v1alpha2
+kind: Issuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: "{{ .Values.certmanager.email }}"
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+    - selector:
+        dnsNames:
+        - "*.{{ .Values.cluster.domain }}"
+        - "{{ .Values.cluster.domain }}"
+      # ACME DNS-01 provider configurations
+      dns01:
+{{- if eq .Values.cluster.provider "gke" }}
+        clouddns:
+          # The project in which to update the DNS zone
+          project: "{{ .Values.cluster.projectID }}"
+          # A secretKeyRef to a google cloud json service account
+          serviceAccountSecretRef:
+            name: external-dns-gcp-sa
+            key: credentials.json
+{{- end }}
+{{- if eq .Values.cluster.provider "eks" }}
+        route53:
+          region: {{ .Values.cluster.region }}
+{{- end }}
+{{- end }}
+{{- end }}

systems/acme/templates/cert-manager-staging-certificate.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.certmanager.enabled }}
+{{- if eq .Values.certmanager.production "false" }}
+apiVersion: cert-manager.io/v1alpha2
+kind: Certificate
+metadata:
+  name: "tls-{{ .Values.cluster.domain | replace "." "-" }}-s"
+  labels:
+    jenkins.io/letsencrypt-service: staging
+spec:
+  secretName: "tls-{{ .Values.cluster.domain | replace "." "-" }}-s"
+  issuerRef:
+    name: letsencrypt-staging
+  commonName: "*.{{ .Values.cluster.domain }}"
+  dnsNames:
+  - "*.{{ .Values.cluster.domain }}"
+{{- end }}
+{{- end }}

systems/acme/templates/cert-manager-staging-issuer.yaml

@@ -0,0 +1,35 @@
+{{- if .Values.certmanager.enabled }}
+{{- if eq .Values.certmanager.production "false" }}
+apiVersion: cert-manager.io/v1alpha2
+kind: Issuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: "{{ .Values.certmanager.email }}"
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    solvers:
+    - selector:
+        dnsNames:
+        - "*.{{ .Values.cluster.domain }}"
+        - "{{ .Values.cluster.domain }}"
+      # ACME DNS-01 provider configurations
+      dns01:
+{{- if eq .Values.cluster.provider "gke" }}
+        clouddns:
+          # The project in which to update the DNS zone
+          project: "{{ .Values.cluster.projectID }}"
+          # A secretKeyRef to a google cloud json service account
+          serviceAccountSecretRef:
+            name: external-dns-gcp-sa
+            key: credentials.json
+{{- end }}
+{{- if eq .Values.cluster.provider "eks" }}
+        route53:
+          region: {{ .Values.cluster.region }}
+{{- end }}
+{{- end }}
+{{- end }}

systems/acme/values.tmpl.yaml

@@ -0,0 +1,20 @@
+cluster:
+  domain: {{ .Requirements.ingress.domain }}
+  provider: {{ .Requirements.cluster.provider }}
+{{- if hasKey .Requirements.cluster "project" }}
+  projectID: {{ .Requirements.cluster.project }}
+{{- else }}
+  projectID: ""
+{{- end }}
+{{- if hasKey .Requirements.cluster "region" }}
+  region: {{ .Requirements.cluster.region }}
+{{- else }}
+  region: ""
+{{- end }}
+
+ {{- if .Requirements.ingress.tls }}
+certmanager:
+  production: "{{ .Requirements.ingress.tls.production }}"
+  email:  "{{ .Requirements.ingress.tls.email }}"
+  enabled: {{ .Requirements.ingress.tls.enabled }}
+{{- end }}

systems/cm/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+description: Cert Manager Chart
+maintainers:
+- name: Team
+name: cm
+version: "1"

systems/cm/requirements.yaml

@@ -0,0 +1,5 @@
+dependencies:
+- alias: cert-manager
+  condition: cert-manager.enabled
+  name: cert-manager
+  repository: https://charts.jetstack.io

systems/cm/values.tmpl.yaml

@@ -0,0 +1,16 @@
+cert-manager:
+  enabled: {{ .Requirements.ingress.tls.enabled }}
+{{- if eq .Requirements.cluster.provider "eks" }}
+  extraArgs:
+    - --issuer-ambient-credentials
+  securityContext:
+    enabled: true
+    fsGroup: 1001
+{{- end }}
+  rbac:
+    create: true
+  webhook:
+    enabled: false
+    
+webhook:
+  enabled: false

systems/external-dns/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+description: External-DNS Chart
+maintainers:
+- name: Team
+name: external-dns
+version: "1"

systems/external-dns/requirements.yaml

@@ -0,0 +1,4 @@
+dependencies:
+- condition: external-dns.enabled
+  name: external-dns
+  repository: https://charts.bitnami.com/bitnami

systems/external-dns/values.tmpl.yaml

@@ -0,0 +1,27 @@
+external-dns:
+  enabled: {{ .Requirements.ingress.externalDNS }}
+  sources:
+  - ingress
+{{- if eq .Requirements.cluster.provider "eks"}}
+  provider: aws
+  aws:
+    region: {{ .Requirements.cluster.region}}
+  securityContext:
+    fsGroup: 65534
+{{- else if eq .Requirements.cluster.provider "gke"}}
+  provider: google
+  google:
+    serviceAccountSecret: external-dns-gcp-sa
+ {{- if hasKey .Requirements.cluster "project" }}
+    project: "{{ .Requirements.cluster.project }}"
+ {{ end }}
+{{- end}}
+
+  rbac:
+    create: true
+  domainFilters:
+{{- range .Requirements.environments }}
+ {{- if .ingress.domain }}
+  - "{{ .ingress.domain }}"
+  {{- end }}
+{{- end }}

systems/jx-auth/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+description: Jx Auth Chart
+maintainers:
+- name: Team
+name: jx-auth
+version: "1"

systems/jx-auth/jx-auth-configmap.tmpl.yaml

@@ -0,0 +1,24 @@
+{{- if eq .Requirements.secretStorage "vault" }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: jx-auth-config
+  labels:
+    jenkins.io/created-by: jx
+    jenkins.io/config-type: auth
+data:
+  gitAuth.yaml: |
+    currentserver: "{{ .Requirements.cluster.gitServer }}"
+    defaultusername: "{{ .Parameters.pipelineUser.username }}"
+    pipelineserver: "{{ .Requirements.cluster.gitServer }}"
+    pipelineusername: "{{ .Parameters.pipelineUser.username }}"
+    servers:
+    - currentuser: "{{ .Parameters.pipelineUser.username }}"
+      kind: "{{ .Requirements.cluster.gitKind }}"
+      name: "{{ .Requirements.cluster.gitName }}"
+      url: "{{ .Requirements.cluster.gitServer }}"
+      users:
+      - apitoken: "{{ .Parameters.pipelineUser.token }}"
+        bearertoken: ""
+        username: "{{ .Parameters.pipelineUser.username }}"
+{{- end }}

systems/jx-auth/templates/jx-auth-configmap.yaml

@@ -0,0 +1 @@
+# This jx auth configmap will be generated from template

systems/jxing/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+description: Ingress Chart
+icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v1.5.5/deployments/helm-chart/chart-icon.png
+maintainers:
+- name: Team
+name: jxing
+version: "1"

systems/jxing/requirements.yaml

@@ -0,0 +1,4 @@
+dependencies:
+- alias: nginx-ingress
+  name: nginx-ingress
+  repository: https://kubernetes-charts.storage.googleapis.com

systems/jxing/values.tmpl.yaml

@@ -0,0 +1,16 @@
+nginx-ingress:
+  controller:
+    replicaCount: 3
+    extraArgs:
+      publish-service: kube-system/jxing-nginx-ingress-controller
+    service:
+      omitClusterIP: true
+{{- if eq .Requirements.cluster.provider "eks" }}
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: nlb
+{{- end }}
+  defaultBackend:
+    service:
+      omitClusterIP: true
+  rbac:
+    create: true

systems/vault/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+description: Vault Chart
+maintainers:
+- name: Team
+name: vault
+version: "1"

systems/vault/values.tmpl.yaml

@@ -0,0 +1,4 @@
+vault:
+  service:
+    annotations:
+      fabric8.io/exposeUrl: vault{{ .Requirements.ingress.namespaceSubDomain | default ".jx." }}{{ .Requirements.ingress.domain }}

systems/vault/vault-ing.tmpl.yaml

@@ -0,0 +1,25 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    helm.sh/hook: pre-install,pre-upgrade
+  name: {{ .Requirements.vault.name }}
+spec:
+  rules:
+  - host: vault{{ .Requirements.ingress.namespaceSubDomain | default ".jx." }}{{ .Requirements.ingress.domain }}
+    http:
+      paths:
+      - backend:
+          serviceName: {{ .Requirements.vault.name }}
+          servicePort: 8200
+{{- if .Requirements.ingress.tls.enabled }}
+  tls:
+  - hosts:
+    - vault{{ .Requirements.ingress.namespaceSubDomain | default ".jx." }}{{ .Requirements.ingress.domain }}
+{{- if .Requirements.ingress.tls.production }}
+    secretName: "tls-{{ .Requirements.ingress.domain | replace "." "-" }}-p"
+{{- else }}
+    secretName: "tls-{{ .Requirements.ingress.domain | replace "." "-" }}-s"
+{{- end }}
+{{- end }}

systems/velero-backups/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+description: Velero Backup Chart
+maintainers:
+- name: Team
+name: velero-backups
+version: "1"

systems/velero-backups/README.MD

@@ -0,0 +1,6 @@
+# velero
+
+|App Metadata||
+|---|---|
+| **Version** | 1.1.0 |
+| **Chart Repository** | https://kubernetes-charts.storage.googleapis.com |

systems/velero-backups/templates/default-backup.yaml

@@ -0,0 +1,21 @@
+{{- if .Values.velero.enabled }}
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+  name: default-backup
+spec:
+  schedule: {{ .Values.velero.schedule | quote }}
+  template:
+    excludedNamespaces: null
+    excludedResources: null
+    hooks:
+      resources: null
+    includeClusterResources: null
+    includedNamespaces:
+    - '*'
+    includedResources: null
+    labelSelector: null
+    storageLocation: ""
+    ttl: {{ .Values.velero.ttl }}
+    volumeSnapshotLocations: null
+{{- end }}

systems/velero-backups/values.tmpl.yaml

@@ -0,0 +1,12 @@
+velero:
+{{- if and (hasKey .Requirements "velero") (hasKey .Requirements.velero "namespace") }}
+  {{- if .Requirements.velero.namespace }}
+  enabled: true
+  schedule: {{ .Requirements.velero.schedule | default "0 * * * *" | quote }}
+  ttl: {{ .Requirements.velero.ttl | default "720h0m0s" }}
+  {{- else }}
+  enabled: false
+  {{- end }}
+{{- else }}
+  enabled: false
+{{- end }}

systems/velero/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+description: Velero Chart
+maintainers:
+- name: Team
+name: velero
+version: "1"

systems/velero/README.MD

@@ -0,0 +1,6 @@
+# velero
+
+|App Metadata||
+|---|---|
+| **Version** | 1.1.0 |
+| **Chart Repository** | https://kubernetes-charts.storage.googleapis.com |

systems/velero/requirements.yaml

@@ -0,0 +1,5 @@
+dependencies:
+- condition: velero.enabled
+  alias: velero
+  name: velero
+  repository: https://kubernetes-charts.storage.googleapis.com

systems/velero/values.tmpl.yaml

@@ -0,0 +1,78 @@
+velero:
+{{- if and (hasKey .Requirements "velero") (hasKey .Requirements.velero "namespace") }}
+  {{- if .Requirements.velero.namespace }}
+  enabled: true
+  {{- else }}
+  enabled: false
+  {{- end }}
+{{- else }}
+  enabled: false
+{{- end }}
+  rbac:
+    create: true
+  credentials:
+    useSecret: true
+    existingSecret: velero-secret
+  snapshotsEnabled: false
+{{- if eq .Requirements.cluster.provider "gke" }}
+  initContainers:
+  - name: velero-plugin-for-gcp
+    image: velero/velero-plugin-for-gcp:v1.0.0
+    imagePullPolicy: IfNotPresent
+    volumeMounts:
+    - mountPath: /target
+      name: plugins
+  configuration:
+    provider: gcp
+    backupStorageLocation:
+      name: gcp
+      bucket: {{ .Requirements.storage.backup.url | removeScheme | quote }}
+{{- else if or (eq .Requirements.cluster.provider "aws") (eq .Requirements.cluster.provider "eks") }}
+  initContainers:
+  - name: velero-plugin-for-aws
+    image: velero/velero-plugin-for-aws:v1.0.0
+    imagePullPolicy: IfNotPresent
+    volumeMounts:
+    - mountPath: /target
+      name: plugins
+  configuration:
+    provider: aws
+    backupStorageLocation:
+      name: aws
+      bucket: {{ .Requirements.storage.backup.url | removeScheme | quote }}
+      config:
+        region: {{ .Requirements.cluster.region | quote }}
+{{- else if eq .Requirements.cluster.provider "azure" }}
+  initContainers:
+  - name: velero-plugin-for-azure
+    image: velero/velero-plugin-for-microsoft-azure:v1.0.0
+    imagePullPolicy: IfNotPresent
+    volumeMounts:
+    - mountPath: /target
+      name: plugins
+  configuration:
+    provider: azure
+    backupStorageLocation:
+      name: azure
+      bucket: {{ .Requirements.storage.backup.url | removeScheme | quote }}
+      config:
+        storageAccount: {{ .Requirements.velero.serviceAccount | quote }}
+{{- else if eq .Requirements.cluster.provider "iks" }}
+  initContainers:
+  - name: velero-plugin-for-aws
+    image: velero/velero-plugin-for-aws:v1.0.0
+    imagePullPolicy: IfNotPresent
+    volumeMounts:
+    - mountPath: /target
+      name: plugins
+  configuration:
+    provider: aws
+    backupStorageLocation:
+      name: aws
+      bucket: bucket-name
+      config:
+        region: {{ .Requirements.cluster.region | quote }}
+        s3ForcePathStyle: "true"
+        s3Url: {{ .Requirements.storage.backup.url | quote }}
+{{- end }}
+