From a51edaec63f27cf7d0c66d82af8a709a7d61288a Mon Sep 17 00:00:00 2001 From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com> Date: Tue, 11 Jul 2023 06:58:10 +0000 Subject: [PATCH] Latest --- .../run_before_01-system-homebrew.sh.tmpl | 2 +- home/dot_config/Code/User/extensions.json | 1 - home/dot_config/helm/helmfile.yml | 305 ++++++++++++++++++ home/dot_local/bin/executable_install-program | 4 +- software.yml | 8 + 5 files changed, 316 insertions(+), 4 deletions(-) create mode 100644 home/dot_config/helm/helmfile.yml diff --git a/home/.chezmoiscripts/universal/run_before_01-system-homebrew.sh.tmpl b/home/.chezmoiscripts/universal/run_before_01-system-homebrew.sh.tmpl index e7453f25..88da0a13 100644 --- a/home/.chezmoiscripts/universal/run_before_01-system-homebrew.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_before_01-system-homebrew.sh.tmpl @@ -62,6 +62,6 @@ ensurePackageManagerHomebrew # @description Enable auto-update service if brew autoupdate status | grep 'Autoupdate is not configured.' > /dev/null; then logg info 'Enabling Homebrew auto-update service (every 24 hours)' - brew autoupdate start --cleanup --upgrade + brew autoupdate start --cleanup --greedy --upgrade fi {{ end -}} diff --git a/home/dot_config/Code/User/extensions.json b/home/dot_config/Code/User/extensions.json index 351dc34b..fe4f2560 100644 --- a/home/dot_config/Code/User/extensions.json +++ b/home/dot_config/Code/User/extensions.json @@ -78,7 +78,6 @@ "johnpapa.vscode-peacock", "jsonhero.jsonhero-vscode", "justbrenny.hero-heroku", - "karigari.chat", "kelvin.vscode-sshfs", "kevinchatham.openwithcode", "kisstkondoros.vscode-codemetrics", diff --git a/home/dot_config/helm/helmfile.yml b/home/dot_config/helm/helmfile.yml new file mode 100644 index 00000000..ec2b3313 --- /dev/null +++ b/home/dot_config/helm/helmfile.yml @@ -0,0 +1,305 @@ +# Chart repositories used from within this state file +# +# Use `helm-s3` and `helm-git` and whatever Helm Downloader plugins +# to use repositories other than the official repository or one backend by chartmuseum. +repositories: +# To use official "stable" charts a.k.a https://github.com/helm/charts/tree/master/stable +- name: stable + url: https://charts.helm.sh/stable +# To use official "incubator" charts a.k.a https://github.com/helm/charts/tree/master/incubator +- name: incubator + url: https://charts.helm.sh/incubator +# helm-git powered repository: You can treat any Git repository as a charts repository +- name: polaris + url: git+https://github.com/reactiveops/polaris@deploy/helm?ref=master +# Advanced configuration: You can setup basic or tls auth and optionally enable helm OCI integration +- name: roboll + url: roboll.io/charts + certFile: optional_client_cert + keyFile: optional_client_key + # username is retrieve from the environment with the format _USERNAME for CI usage, here ROBOLL_USERNAME + username: optional_username + # username is retrieve from the environment with the format _PASSWORD for CI usage, here ROBOLL_PASSWORD + password: optional_password + oci: true + passCredentials: true +# Advanced configuration: You can use a ca bundle to use an https repo +# with a self-signed certificate +- name: insecure + url: https://charts.my-insecure-domain.com + caFile: optional_ca_crt +# Advanced configuration: You can skip the verification of TLS for an https repo +- name: skipTLS + url: https://ss.my-insecure-domain.com + skipTLSVerify: true + +# context: kube-context # this directive is deprecated, please consider using helmDefaults.kubeContext + +# Path to alternative helm binary (--helm-binary) +# helmBinary: path/to/helm3 + +# Path to alternative lock file. The default is .lock, i.e for helmfile.yaml it's helmfile.lock. +# lockFilePath: path/to/lock.file + +# Default values to set for args along with dedicated keys that can be set by contributors, cli args take precedence over these. +# In other words, unset values results in no flags passed to helm. +# See the helm usage (helm SUBCOMMAND -h) for more info on default values when those flags aren't provided. +helmDefaults: + kubeContext: kube-context #dedicated default key for kube-context (--kube-context) + cleanupOnFail: false #dedicated default key for helm flag --cleanup-on-fail + # additional and global args passed to helm (default "") + args: + - "--set k=v" + # verify the chart before upgrading (only works with packaged charts not directories) (default false) + verify: true + # wait for k8s resources via --wait. (default false) + wait: true + # if set and --wait enabled, will wait until all Jobs have been completed before marking the release as successful. It will wait for as long as --timeout (default false, Implemented in Helm3.5) + waitForJobs: true + # time in seconds to wait for any individual Kubernetes operation (like Jobs for hooks, and waits on pod/pvc/svc/deployment readiness) (default 300) + timeout: 600 + # performs pods restart for the resource if applicable (default false) + recreatePods: true + # forces resource update through delete/recreate if needed (default false) + force: false + # limit the maximum number of revisions saved per release. Use 0 for no limit. (default 10) + historyMax: 10 + # when using helm 3.2+, automatically create release namespaces if they do not exist (default true) + createNamespace: true + # if used with charts museum allows to pull unstable charts for deployment, for example: if 1.2.3 and 1.2.4-dev versions exist and set to true, 1.2.4-dev will be pulled (default false) + devel: true + # When set to `true`, skips running `helm dep up` and `helm dep build` on this release's chart. + # Useful when the chart is broken, like seen in https://github.com/roboll/helmfile/issues/1547 + skipDeps: false + # If set to true, reuses the last release's values and merges them with ones provided in helmfile. + # This attribute, can be overriden in CLI with --reset/reuse-values flag of apply/sync/diff subcommands + reuseValues: false + # propagate `--post-renderer` to helmv3 template and helm install + postRenderer: "path/to/postRenderer" + # cascade `--cascade` to helmv3 delete, available values: background, foreground, or orphan, default: background + cascade: "background" + # insecureSkipTLSVerify is true if the TLS verification should be skipped when fetching remote chart + insecureSkipTLSVerify: false + +# these labels will be applied to all releases in a Helmfile. Useful in templating if you have a helmfile per environment or customer and don't want to copy the same label to each release +commonLabels: + hello: world + +# The desired states of Helm releases. +# +# Helmfile runs various helm commands to converge the current state in the live cluster to the desired state defined here. +releases: + # Published chart example + - name: vault # name of this release + namespace: vault # target namespace + createNamespace: true # helm 3.2+ automatically create release namespace (default true) + labels: # Arbitrary key value pairs for filtering releases + foo: bar + chart: roboll/vault-secret-manager # the chart being installed to create this release, referenced by `repository/chart` syntax + version: ~1.24.1 # the semver of the chart. range constraint is supported + condition: vault.enabled # The values lookup key for filtering releases. Corresponds to the boolean value of `vault.enabled`, where `vault` is an arbitrary value + missingFileHandler: Warn # set to either "Error" or "Warn". "Error" instructs helmfile to fail when unable to find a values or secrets file. When "Warn", it prints the file and continues. + missingFileHandlerConfig: + # Ignores missing git branch error so that the Debug/Info/Warn handler can treat a missing branch as non-error. + # See https://github.com/helmfile/helmfile/issues/392 + ignoreMissingGitBranch: true + # Values files used for rendering the chart + values: + # Value files passed via --values + - vault.yaml + # Inline values, passed via a temporary values file and --values, so that it doesn't suffer from type issues like --set + - address: https://vault.example.com + # Go template available in inline values and values files. + - image: + # The end result is more or less YAML. So do `quote` to prevent number-like strings from accidentally parsed into numbers! + # See https://github.com/roboll/helmfile/issues/608 + tag: {{ requiredEnv "IMAGE_TAG" | quote }} + # Otherwise: + # tag: "{{ requiredEnv "IMAGE_TAG" }}" + # tag: !!string {{ requiredEnv "IMAGE_TAG" }} + db: + username: {{ requiredEnv "DB_USERNAME" }} + # value taken from environment variable. Quotes are necessary. Will throw an error if the environment variable is not set. $DB_PASSWORD needs to be set in the calling environment ex: export DB_PASSWORD='password1' + password: {{ requiredEnv "DB_PASSWORD" }} + proxy: + # Interpolate environment variable with a fixed string + domain: {{ requiredEnv "PLATFORM_ID" }}.my-domain.com + scheme: {{ env "SCHEME" | default "https" }} + # Use `values` whenever possible! + # `set` translates to helm's `--set key=val`, that is known to suffer from type issues like https://github.com/roboll/helmfile/issues/608 + set: + # single value loaded from a local file, translates to --set-file foo.config=path/to/file + - name: foo.config + file: path/to/file + # set a single array value in an array, translates to --set bar[0]={1,2} + - name: bar[0] + values: + - 1 + - 2 + # set a templated value + - name: namespace + value: {{ .Namespace }} + # will attempt to decrypt it using helm-secrets plugin + secrets: + - vault_secret.yaml + # Override helmDefaults options for verify, wait, waitForJobs, timeout, recreatePods and force. + verify: true + wait: true + waitForJobs: true + timeout: 60 + recreatePods: true + force: false + # set `false` to uninstall this release on sync. (default true) + installed: true + # restores previous state in case of failed release (default false) + atomic: true + # when true, cleans up any new resources created during a failed release (default false) + cleanupOnFail: false + # --kube-context to be passed to helm commands + # See https://github.com/roboll/helmfile/issues/642 + # (default "", which means the standard kubeconfig, either ~/kubeconfig or the file pointed by $KUBECONFIG environment variable) + kubeContext: kube-context + # passes --disable-validation to helm 3 diff plugin, this requires diff plugin >= 3.1.2 + # It may be helpful to deploy charts with helm api v1 CRDS + # https://github.com/roboll/helmfile/pull/1373 + disableValidation: false + # passes --disable-validation to helm 3 diff plugin, this requires diff plugin >= 3.1.2 + # It is useful when any release contains custom resources for CRDs that is not yet installed onto the cluster. + # https://github.com/roboll/helmfile/pull/1618 + disableValidationOnInstall: false + # passes --disable-openapi-validation to helm 3 diff plugin, this requires diff plugin >= 3.1.2 + # It may be helpful to deploy charts with helm api v1 CRDS + # https://github.com/roboll/helmfile/pull/1373 + disableOpenAPIValidation: false + # limit the maximum number of revisions saved per release. Use 0 for no limit (default 10) + historyMax: 10 + # When set to `true`, skips running `helm dep up` and `helm dep build` on this release's chart. + # Useful when the chart is broken, like seen in https://github.com/roboll/helmfile/issues/1547 + skipDeps: false + # propagate `--post-renderer` to helmv3 template and helm install + postRenderer: "path/to/postRenderer" + # cascade `--cascade` to helmv3 delete, available values: background, foreground, or orphan, default: background + cascade: "background" + # insecureSkipTLSVerify is true if the TLS verification should be skipped when fetching remote chart + insecureSkipTLSVerify: false + # suppressDiff skip the helm diff output. Useful for charts which produces large not helpful diff, default: false + suppressDiff: false + + + # Local chart example + - name: grafana # name of this release + namespace: another # target namespace + chart: ../my-charts/grafana # the chart being installed to create this release, referenced by relative path to local helmfile + values: + - "../../my-values/grafana/values.yaml" # Values file (relative path to manifest) + - ./values/{{ requiredEnv "PLATFORM_ENV" }}/config.yaml # Values file taken from path with environment variable. $PLATFORM_ENV must be set in the calling environment. + wait: true + +# +# Advanced Configuration: Nested States +# +helmfiles: +- # Path to the helmfile state file being processed BEFORE releases in this state file + path: path/to/subhelmfile.yaml + # Label selector used for filtering releases in the nested state. + # For example, `name=prometheus` in this context is equivalent to processing the nested state like + # helmfile -f path/to/subhelmfile.yaml -l name=prometheus sync + selectors: + - name=prometheus + # Override state values + values: + # Values files merged into the nested state's values + - additional.values.yaml + # One important aspect of using values here is that they first need to be defined in the values section + # of the origin helmfile, so in this example key1 needs to be in the values or environments.NAME.values of path/to/subhelmfile.yaml + # Inline state values merged into the nested state's values + - key1: val1 +- # All the nested state files under `helmfiles:` is processed in the order of definition. + # So it can be used for preparation for your main `releases`. An example would be creating CRDs required by `releases` in the parent state file. + path: path/to/mycrd.helmfile.yaml +- # Terraform-module-like URL for importing a remote directory and use a file in it as a nested-state file + # The nested-state file is locally checked-out along with the remote directory containing it. + # Therefore all the local paths in the file are resolved relative to the file + path: git::https://github.com/cloudposse/helmfiles.git@releases/kiam.yaml?ref=0.40.0 +# If set to "Error", return an error when a subhelmfile points to a +# non-existent path. The default behavior is to print a warning and continue. +missingFileHandler: Error + +# +# Advanced Configuration: Environments +# + +# The list of environments managed by helmfile. +# +# The default is `environments: {"default": {}}` which implies: +# +# - `{{ .Environment.Name }}` evaluates to "default" +# - `{{ .Values }}` being empty +environments: + # The "default" environment is available and used when `helmfile` is run without `--environment NAME`. + default: + # Everything from the values.yaml is available via `{{ .Values.KEY }}`. + # Suppose `{"foo": {"bar": 1}}` contained in the values.yaml below, + # `{{ .Values.foo.bar }}` is evaluated to `1`. + values: + - environments/default/values.yaml + # Each entry in values can be either a file path or inline values. + # The below is an example of inline values, which is merged to the `.Values` + - myChartVer: 1.0.0-dev + # Any environment other than `default` is used only when `helmfile` is run with `--environment NAME`. + # That is, the "production" env below is used when and only when it is run like `helmfile --environment production sync`. + production: + values: + - environments/production/values.yaml + - myChartVer: 1.0.0 + # disable vault release processing + - vault: + enabled: false + ## `secrets.yaml` is decrypted by `helm-secrets` and available via `{{ .Environment.Values.KEY }}` + secrets: + - environments/production/secrets.yaml + # Instructs helmfile to fail when unable to find a environment values file listed under `environments.NAME.values`. + # + # Possible values are "Error", "Warn", "Info", "Debug". The default is "Error". + # + # Use "Warn", "Info", or "Debug" if you want helmfile to not fail when a values file is missing, while just leaving + # a message about the missing file at the log-level. + missingFileHandler: Error + missingFileHandlerConfig: + # Ignores missing git branch error so that the Debug/Info/Warn handler can treat a missing branch as non-error. + # See https://github.com/helmfile/helmfile/issues/392 + ignoreMissingGitBranch: true + # kubeContext to use for this environment + kubeContext: kube-context + +# +# Advanced Configuration: Layering +# +# Helmfile merges all the "base" state files and this state file before processing. +# +# Assuming this state file is named `helmfile.yaml`, all the files are merged in the order of: +# environments.yaml <- defaults.yaml <- templates.yaml <- helmfile.yaml +bases: +- environments.yaml +- defaults.yaml +- templates.yaml + +# +# Advanced Configuration: API Capabilities +# +# 'helmfile template' renders releases locally without querying an actual cluster, +# and in this case `.Capabilities.APIVersions` cannot be populated. +# When a chart queries for a specific CRD or the Kubernetes version, this can lead to unexpected results. +# +# Note that `Capabilities.KubeVersion` is deprecated in Helm 3 and `helm template` won't populate it. +# All you can do is fix your chart to respect `.Capabilities.APIVersions` instead, rather than trying to figure out +# how to set `Capabilities.KubeVersion` in Helmfile. +# +# Configure a fixed list of API versions to pass to 'helm template' via the --api-versions flag with the below: +apiVersions: +- example/v1 + +# Set the kubeVersion to render the chart with your desired Kubernetes version. +# The flag --kube-version was deprecated in helm v3 but it was added again. +# For further information https://github.com/helm/helm/issues/7326 +kubeVersion: v1.21 \ No newline at end of file diff --git a/home/dot_local/bin/executable_install-program b/home/dot_local/bin/executable_install-program index 38aa47b5..158e3a2d 100644 --- a/home/dot_local/bin/executable_install-program +++ b/home/dot_local/bin/executable_install-program @@ -760,13 +760,13 @@ async function beforeInstall(packageManager) { if (!brewUpdated) { brewUpdated = true try { - runCommand('Running brew update / upgrade', `brew update && brew upgrade --cask --greedy && brew upgrade --force`) + runCommand('Running brew update / upgrade', `brew update && brew upgrade --cask && brew upgrade`) } catch (e) { console.log(e) log('error', 'Homebrew', 'Failed running brew update / upgrade') log('info', 'Homebrew', 'Running brew tap --repair and trying again') try { - runCommand('Repairing taps and retrying brew update / upgrade', 'brew tap --repair && brew update && brew upgrade --cask && brew upgrade') + runCommand('Repairing taps and retrying brew update / upgrade', 'brew tap --repair && brew update && brew upgrade --cask --greedy && brew upgrade --force --greedy') } catch (e) { console.log(e) log('error', 'Homebrew', 'Failed both attempts to run brew update / upgrade') diff --git a/software.yml b/software.yml index 7f0d365c..bce3468e 100644 --- a/software.yml +++ b/software.yml @@ -4690,6 +4690,14 @@ softwarePackages: choco: kubernetes-helm scoop: helm snap: helm + helmfile: + _bin: helmfile + _github: https://github.com/helmfile/helmfile + _name: Helmfile + brew: helmfile + pacman: helmfile + scoop: helmfile + zypper: helmfile kubernetes-kompose: _bin: kompose _desc: Go from Docker Compose to Kubernetes