Add cc-gardener helm chart

sapcc · Oct 15, 2024 · f8e92c5 · f8e92c5
1 parent 9dbd69b
commit f8e92c5
Show file tree

Hide file tree

Showing 5 changed files with 151 additions and 0 deletions.
diff --git a/global/cc-gardener/Chart.lock b/global/cc-gardener/Chart.lock
@@ -0,0 +1,9 @@
+dependencies:
+- name: operator
+  repository: oci://europe-docker.pkg.dev/gardener-project/releases/charts/gardener
+  version: v1.99.4
+- name: owner-info
+  repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
+  version: 0.2.0
+digest: sha256:ab0b68fb46dc9da8b2c7b8a0e329cf195ac71859dc780f29fc20e6a88d8b32a3
+generated: "2024-10-14T15:23:22.778504+02:00"
diff --git a/global/cc-gardener/Chart.yaml b/global/cc-gardener/Chart.yaml
@@ -0,0 +1,14 @@
+apiVersion: v2
+name: gardener
+description: Converged Cloud Gardener setup based on gardener-operator
+type: application
+version: 0.1.0
+appVersion: "v1.99.4"
+home: https://github.com/gardener/gardener
+dependencies:
+- name: operator
+  repository: oci://europe-docker.pkg.dev/gardener-project/releases/charts/gardener
+  version: v1.99.4
+- name: owner-info
+  repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
+  version: 0.2.0
diff --git a/global/cc-gardener/ci/test-values.yaml b/global/cc-gardener/ci/test-values.yaml
@@ -0,0 +1,18 @@
+garden:
+  name: garden
+  region: "qa-de-1"
+  backup:
+    accessKeyID: "access"
+    secretAccessKey: "bla"
+    region: "blup"
+    bucket: "boom"
+  runtimeCluster:
+    zones: ["qa-de-1a"]
+    networking:
+      nodes: 10.41.0.0/16
+      pods: 10.42.0.0/16
+      services: 10.43.0.0/16
+  virtualCluster:
+    version: "1.29.6"
+    oidcConfig:
+      a: b
diff --git a/global/cc-gardener/templates/garden.yaml b/global/cc-gardener/templates/garden.yaml
@@ -0,0 +1,70 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: virtual-garden-etcd-main-backup-s3
+  namespace: garden
+type: Opaque
+data:
+{{- with .Values.garden.backup }}
+  accessKeyID: {{ required "backup.accessKeyID missing" .accessKeyID | b64enc }}
+  secretAccessKey: {{ required "backup.secretAccessKey missing" .secretAccessKey | b64enc }}
+  region: {{ required "backup.region missing" .region | b64enc }}
+{{- end }}
+---
+apiVersion: operator.gardener.cloud/v1alpha1
+kind: Garden
+metadata:
+  name: {{ .Values.garden.name }}
+spec:
+  runtimeCluster:
+    ingress:
+      domains:
+      - runtime-garden.{{ required ".Values.garden.region missing" .Values.garden.region }}.cloud.sap
+      controller:
+        kind: nginx
+    networking:
+      {{- toYaml .Values.garden.runtimeCluster.networking | nindent 6 }}
+    provider:
+      zones:
+      {{- toYaml .Values.garden.runtimeCluster.zones | nindent 6 }}
+    settings:
+      verticalPodAutoscaler:
+        enabled: false
+      topologyAwareRouting:
+        enabled: false
+  virtualCluster:
+    dns:
+      domains:
+      - virtual-garden.{{ required ".Values.garden.region missing" .Values.garden.region }}.cloud.sap
+    etcd:
+      main:
+        backup:
+          provider: S3
+          bucketName: {{ required ".buckup.bucket missing" .Values.garden.backup.bucket | quote }}
+          secretRef:
+            name: virtual-garden-etcd-main-backup-s3
+        storage:
+          capacity: 10Gi
+      events:
+        storage:
+          capacity: 10Gi
+    kubernetes:
+      version: {{ .Values.garden.virtualCluster.version | quote}}
+      kubeAPIServer:
+        enableAnonymousAuthentication: true # cluster registry version check
+        oidcConfig:
+          {{- toYaml .Values.garden.virtualCluster.oidcConfig | nindent 10 }}
+    gardener:
+      clusterIdentity: local
+      gardenerAPIServer:
+        admissionPlugins:
+        - name: ShootVPAEnabledByDefault
+      gardenerDashboard: {}
+      gardenerDiscoveryServer: {}
+    maintenance:
+      timeWindow:
+        begin: 140000+0100
+        end: 150000+0100
+    networking:
+      {{- toYaml .Values.garden.virtualCluster.networking | nindent 6 }}
diff --git a/global/cc-gardener/values.yaml b/global/cc-gardener/values.yaml
@@ -0,0 +1,40 @@
+operator:
+  image:
+    repository: keppel.global.cloud.sap/europe-docker-pkg-dev-mirror/gardener-project/releases/gardener/operator
+    tag: v1.99.4 # also the gardener version, which will be used
+  config:
+    featureGates:
+      HVPA: false
+garden:
+  name: garden
+  # region: ""
+  backup:
+  # accessKeyID: ""
+  # secretAccessKey: ""
+  # region: ""
+  # bucket: ""
+  runtimeCluster:
+    zones: []
+    # - "eu-de-1a"
+    # Those CIDRs have been chosen to match with the runtime cluster configuration (see example/gardener-local/kind/cluster/values.yaml).
+    # Generally, they have to match the CIDRs of the runtime cluster.
+    networking:
+    # nodes: 
+      pods: 10.42.0.0/16
+      services: 10.43.0.0/16
+  virtualCluster:
+    version: "1.29.6"
+    # oidcConfig:
+    networking:
+      services: 100.64.0.0/13
+owner-info:
+  support-group: containers
+  helm-chart-url: https://github.com/sapcc/helm-charts/tree/master/global/cc-gardener
+  service: cc-gardener
+  maintainers:
+  - Alexandru Mihai
+  - Dmitri Fedotov
+  - Erik Schubert
+  - Göran Gudat
+  - Jan Knipper
+  - Marian Schwarz