Skip to content

refactor(kustomize): Leverage post build values for parameterization #750

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rmvangun merged 5 commits into from
Aug 4, 2025
Merged

refactor(kustomize): Leverage post build values for parameterization #750

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
21c1f48
Remove workstation config from root windsor.yaml
rmvangun Aug 2, 2025
384e9ea
Git ignore all contexts other than _template
rmvangun Aug 2, 2025
1918687
refactor(kustomize): Leverage post build values for parameterization
rmvangun Aug 2, 2025
44a7f5f
Remove empty values from template output
rmvangun Aug 3, 2025
0b5e85a
Merge branch 'main' into refactor/kustomize-templates-2
rmvangun Aug 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion contexts/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# Ignore all directories in contexts/
*/
# But allow _template directory
# But allow _template directory and all its contents
!/_template/
!/_template/**
346 changes: 183 additions & 163 deletions contexts/_template/blueprint.jsonnet
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ local vmDriver = hlp.getString(context, "vm.driver", "");
local blueprintName = hlp.getString(context, "name", "template");
local repositoryUrl = if rawProvider == "local" then "http://git.test/git/" + hlp.getString(context, "projectName", "core") else "";

// Helper to concatenate arrays (std.flattenArrays expects array of arrays)
local concat(arrays) = std.foldl(function(x, y) x + y, arrays, []);

// =============================================================================
// BLUEPRINT
// =============================================================================
Expand All @@ -35,34 +38,34 @@ local repositoryUrl = if rawProvider == "local" then "http://git.test/git/" + hl
sources: [],
terraform: if provider == "aws" then [
{
path: "network/aws-vpc"
path: "network/aws-vpc",
},
{
path: "cluster/aws-eks"
path: "cluster/aws-eks",
},
{
path: "cluster/aws-eks/additions",
destroy: false
destroy: false,
},
{
path: "gitops/flux",
destroy: false
}
destroy: false,
},
] else if provider == "azure" then [
{
path: "network/azure-vnet"
path: "network/azure-vnet",
},
{
path: "cluster/azure-aks"
path: "cluster/azure-aks",
},
{
path: "gitops/flux",
destroy: false
}
destroy: false,
},
] else [
{
path: "cluster/talos",
parallelism: 1
parallelism: 1,
},
{
path: "gitops/flux",
Expand All @@ -71,160 +74,177 @@ local repositoryUrl = if rawProvider == "local" then "http://git.test/git/" + hl
git_username: "local",
git_password: "local",
webhook_token: "abcdef123456",
} else {}
}
],
kustomize: [
{
name: "telemetry-base",
path: "telemetry/base",
components: [
"prometheus",
"prometheus/flux",
"fluentbit",
"fluentbit/prometheus"
]
} else {},
},
{
name: "telemetry-resources",
path: "telemetry/resources",
components: [
"metrics-server",
"prometheus",
"prometheus/flux",
"fluentbit",
"fluentbit/containerd",
"fluentbit/fluentd",
"fluentbit/kubernetes",
"fluentbit/systemd"
],
kustomize:
concat([
[
{
name: "telemetry-base",
path: "telemetry/base",
components: [
"prometheus",
"prometheus/flux",
"fluentbit",
"fluentbit/prometheus",
],
},
{
name: "telemetry-resources",
path: "telemetry/resources",
components: [
"metrics-server",
"prometheus",
"prometheus/flux",
"fluentbit",
"fluentbit/containerd",
"fluentbit/fluentd",
"fluentbit/kubernetes",
"fluentbit/systemd",
],
dependsOn: ["telemetry-base"],
},
{
name: "policy-base",
path: "policy/base",
components: ["kyverno"],
},
{
name: "policy-resources",
path: "policy/resources",
dependsOn: ["policy-base"],
},
{
name: "csi",
path: "csi",
components:
if provider == "aws" then ["aws-ebs"]
else if provider == "local" then [
"openebs",
"openebs/dynamic-localpv",
]
else [],
dependsOn: ["policy-resources"],
cleanup: ["pvcs"],
},
{
name: "pki-base",
path: "pki/base",
components: [
"cert-manager",
"trust-manager",
],
dependsOn: ["policy-resources"],
},
{
name: "pki-resources",
path: "pki/resources",
components: [
"private-issuer/ca",
"public-issuer/selfsigned",
],
dependsOn: ["pki-base"],
},
{
name: "ingress",
path: "ingress",
components:
if provider == "aws" then [
"nginx",
"nginx/flux-webhook",
"nginx/web",
] else
std.filter(
function(x) x != null,
[
"nginx",
if vmDriver == "docker-desktop" then "nginx/nodeport" else null,
"nginx/coredns",
"nginx/flux-webhook",
"nginx/web",
]
),
dependsOn: ["pki-resources"],
cleanup: ["loadbalancers", "ingresses"],
},
{
name: "dns",
path: "dns",
components:
if provider == "aws" then [
"external-dns",
"external-dns/route53",
]
else if vmDriver == "docker-desktop" then [
"coredns",
"coredns/etcd",
"external-dns",
"external-dns/localhost",
"external-dns/coredns",
"external-dns/ingress",
]
else [
"coredns",
"coredns/etcd",
"external-dns",
"external-dns/coredns",
"external-dns/ingress",
],
dependsOn: if provider == "aws" then [] else ["pki-base"],
},
{
name: "gitops",
path: "gitops/flux",
components: ["webhook"],
dependsOn: ["ingress"],
},
],
dependsOn: ["telemetry-base"]
},
{
name: "policy-base",
path: "policy/base",
components: ["kyverno"]
},
{
name: "policy-resources",
path: "policy/resources",
dependsOn: ["policy-base"]
},
{
name: "csi",
path: "csi",
components: if provider == "aws" then ["aws-ebs"] else if provider == "local" then [
"openebs",
"openebs/dynamic-localpv"
// Optionally add MetalLB for local non-docker-desktop
if provider == "local" && vmDriver != "docker-desktop" then [
{
name: "lb-base",
path: "lb/base",
components: ["metallb"],
dependsOn: ["policy-resources"],
},
{
name: "lb-resources",
path: "lb/resources",
components: ["metallb/layer2"],
dependsOn: ["lb-base"],
},
] else [],
dependsOn: ["policy-resources"],
cleanup: ["pvcs"]
},
{
name: "pki-base",
path: "pki/base",
components: [
"cert-manager",
"trust-manager"
[
{
name: "observability",
path: "observability",
components:
concat([
[
"fluentd",
"fluentd/filters/otel",
"fluentd/outputs/stdout",
],
if provider == "local" then [
"fluentd/outputs/quickwit",
"quickwit",
"quickwit/pvc",
] else [],
[
"grafana",
"grafana/ingress",
"grafana/prometheus",
"grafana/node",
"grafana/kubernetes",
"grafana/flux",
],
if provider == "local" then [
"grafana/quickwit",
] else [],
]),
dependsOn: ["csi", "ingress"],
},
],
dependsOn: ["policy-resources"]
},
{
name: "pki-resources",
path: "pki/resources",
components: [
"private-issuer/ca",
"public-issuer/selfsigned"
],
dependsOn: ["pki-base"]
},
{
name: "ingress",
path: "ingress",
components: if provider == "aws" then [
"nginx",
"nginx/flux-webhook",
"nginx/web"
] else if vmDriver == "docker-desktop" then [
"nginx",
"nginx/nodeport",
"nginx/coredns",
"nginx/flux-webhook",
"nginx/web"
] else [
"nginx",
"nginx/loadbalancer",
"nginx/coredns",
"nginx/flux-webhook",
"nginx/web"
],
dependsOn: ["pki-resources"],
cleanup: ["loadbalancers", "ingresses"]
},
{
name: "dns",
path: "dns",
components: if provider == "aws" then [
"external-dns",
"external-dns/route53"
] else if vmDriver == "docker-desktop" then [
"coredns",
"coredns/etcd",
"external-dns",
"external-dns/localhost",
"external-dns/coredns",
"external-dns/ingress"
] else [
"coredns",
"coredns/etcd",
"external-dns",
"external-dns/coredns",
"external-dns/ingress"
],
dependsOn: if provider == "aws" then [] else ["pki-base"]
},
{
name: "gitops",
path: "gitops/flux",
components: ["webhook"],
dependsOn: ["ingress"]
}
] + (if provider == "local" && vmDriver != "docker-desktop" then [
{
name: "lb-base",
path: "lb/base",
components: ["metallb"],
dependsOn: ["policy-resources"]
},
{
name: "lb-resources",
path: "lb/resources",
components: ["metallb/layer2"],
dependsOn: ["lb-base"]
}
] else []) + [
{
name: "observability",
path: "observability",
components: [
"fluentd",
"fluentd/filters/otel",
"fluentd/outputs/stdout"
] + (if provider == "local" then [
"fluentd/outputs/quickwit",
"quickwit",
"quickwit/pvc"
] else []) + [
"grafana",
"grafana/ingress",
"grafana/prometheus",
"grafana/node",
"grafana/kubernetes",
"grafana/flux"
] + (if provider == "local" then [
"grafana/quickwit"
] else []),
dependsOn: ["csi", "ingress"]
}
],
}
]),
}
Loading
Loading