Merge pull request 'puppetserver linuxaid support' (#333) from linuxa…

…id_setup into master

Reviewed-on: https://gitea.obmondo.com/EnableIT/KubeAid/pulls/333

argocd-helm-charts/puppetserver/README.md

@@ -0,0 +1,22 @@
+# Puppet Server with Linuxaid
+
+## Eyaml secret
+
+* Secret name needs to be **eyaml-volume**
+
+## Secret setup to access puppet and hieradata git repo
+
+* Create hiera and puppet git repo secret
+* Create a Bot user on github/gitea
+* Create a PAT and give only **read** permission for the below two repo (on gitea there is no option to be repo specific)
+* Create a file based on the example [file](./examples/netrc)
+
+```sh
+kubectl create secret generic hiera-git-secret --dry-run=client --from-file=netrc=./netrc.enableit -o yaml | kubeseal --controller-namespace system --controller-name sealed-secrets --format yaml
+```
+
+* Create puppet repo secret
+
+```sh
+kubectl create secret generic puppet-git-secret --dry-run=client --from-file=netrc=./netrc.enableit -o yaml | kubeseal --controller-namespace system --controller-name sealed-secrets --format yaml
+```

argocd-helm-charts/puppetserver/examples/netrc

@@ -0,0 +1,3 @@
+machine github.com
+  login <paste-your-token>
+  password x-outh-basic

argocd-helm-charts/puppetserver/templates/ingressroutetcp.yaml

@@ -0,0 +1,18 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: puppetserver-{{ .Values.customerid }}
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: HostSNI(`{{ .Values.customerid }}.puppet.obmondo.com`)
+    priority: 10
+    services:
+    - name: puppetserver-{{ .Values.customerid }}-puppet
+      port: puppetserver
+      nativeLB: true
+  tls:
+    passthrough: true
+    domains:
+    - main: {{ .Values.customerid }}.puppet.obmondo.com

argocd-helm-charts/puppetserver/templates/postgresql.yaml

@@ -2,10 +2,11 @@ apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
   {{ if .Values.postgresql.recover }}
-  name: puppet-pgsql-recover
+  name: puppetserver-pgsql-recover
   {{ else }}
-  name: puppet-pgsql
+  name: puppetserver-pgsql
   {{ end }}
+  namespace: {{ .Release.Namespace }}
 spec:
   instances: {{ ((.Values.postgresql).instance) | default 1 }}
   {{ if .Values.postgresql.recover }}
@@ -33,7 +34,7 @@ spec:
     {{- end }}
   {{- if .Values.postgresql.recover }}
   externalClusters:
-    name: postgresql-pgsql
+    name: puppetserver-pgsql
     barmanObjectStore:
       destinationPath: {{ .Values.postgresql.backup.destinationPath }}
       endpointURL: {{ .Values.postgresql.backup.endpointURL }}

argocd-helm-charts/puppetserver/values.yaml

@@ -1,13 +1,19 @@
 puppetserver:
-  fullnameOverride: puppetstack
-  nameOverride: puppetstack
-
   puppetserver:
     name: puppetserver
     image: ghcr.io/voxpupuli/container-puppetserver
     tag: 7.13.0
-    ingress:
-      enabled: false
+    puppeturl: ""
+    masters:
+      ingress:
+        enabled: false
+
+  r10k:
+    asSidecar: false
+    code:
+      viaHttps:
+        credentials:
+          existingSecret: puppet-git-secret
 
   postgresql:
     enabled: false
@@ -18,18 +24,30 @@ puppetserver:
     image: ghcr.io/voxpupuli/container-puppetdb
     tag: 7.14.0
     extraEnv:
-      PUPPETDB_POSTGRES_HOSTNAME: puppet-pgsql-rw
+      PUPPETDB_POSTGRES_HOSTNAME: puppetserver-pgsql-rw
 
   puppetboard:
-    enabled: false
+    enabled: true
     name: puppetboard
     image: ghcr.io/voxpupuli/puppetboard
-    tag: 4.2.5
+    tag: 5.4.0
+
+  metrics:
+    prometheus:
+      disableAPICheck: true
+      puppetdb:
+        enabled: true
+      jmx:
+        enabled: false
+
+  hiera:
+    name: hiera
+    hieradataurl: ""
 
   global:
     postgresql:
       auth:
-        existingSecret: puppet-pgsql-app
+        existingSecret: puppetserver-pgsql-app
         secretKeys:
           usernameKey: username
           userPasswordKey: password