├── .devcontainer ├── Dockerfile ├── argocd-nodeport.yaml ├── backstage-nodeport.yaml ├── cleanup.sh ├── delivery │ ├── devcontainer.json │ └── welcome.txt ├── falco-nodeport.yaml ├── grafana-nodeport.yaml ├── install-platform-devcontainer.sh ├── kargo-nodeport.yaml ├── keycloak-codespaces.yaml ├── keycloak-nodeport.yaml ├── kind-config.yaml ├── observability │ ├── devcontainer.json │ └── welcome.txt ├── portal │ ├── devcontainer.json │ └── welcome.txt └── security │ ├── devcontainer.json │ └── welcome.txt ├── .github ├── create-image-list.sh ├── create-pr-comment-file.sh ├── create-trivy-scan-diff.sh ├── create-trivy-scan-report.sh ├── kind-config.yaml ├── pr-diff-template.txt ├── trivy-scan-markdown.tpl └── workflows │ ├── cluster-test.yml │ ├── gitops-diff.yaml │ ├── list-images.yaml │ ├── release.yaml │ ├── sync-release-tag.yaml │ ├── sync-upstream.yaml │ ├── trivy-scan-diff.yml │ ├── trivy-scan-table.yaml │ └── trivy-scans.yaml ├── .gitignore ├── .secrets ├── .envoss.yaml └── createsecret.sh ├── CHANGELOG.md ├── CONTRIBUTING.md ├── METALSTACK-README.md ├── README.md ├── aws-resources └── route53-iam-policy.json ├── backstage-resources ├── adr │ ├── 0000-use-madr.md │ ├── 0001-gitops-onboarding-teams.md │ ├── 0002-gitops-onboarding-apps.md │ ├── README.md │ ├── template.md │ └── test.md ├── docs │ ├── application-migration │ │ ├── learning-path.md │ │ └── migration-process.md │ ├── cloudnativepg.md │ ├── grc │ │ ├── backstage_auth.md │ │ ├── backuprecovery.md │ │ ├── iam.md │ │ ├── rbac-oidc.md │ │ └── rbacportal.md │ ├── hub-and-spoke │ │ ├── application-deployment.md │ │ └── hub-and-spoke-basics.md │ ├── img │ │ ├── alerting_data_flow.png │ │ ├── app-changing-and-promoting-app-1.png │ │ ├── app-changing-and-promoting-app-2.png │ │ ├── app-changing-and-promoting-app-3.png │ │ ├── app-changing-and-promoting-app-4.png │ │ ├── app-changing-and-promoting-app-5.png │ │ ├── app-changing-and-promoting-app-6.png │ │ ├── app-onboarding-1.png │ │ ├── app-onboarding-10.png │ │ ├── app-onboarding-11.png │ │ ├── app-onboarding-12.png │ │ ├── app-onboarding-2.png │ │ ├── app-onboarding-3.png │ │ ├── app-onboarding-4.png │ │ ├── app-onboarding-5.png │ │ ├── app-onboarding-6.png │ │ ├── app-onboarding-7.png │ │ ├── app-onboarding-8.png │ │ ├── app-onboarding-9.png │ │ ├── hub-and-spoke-topology-1.png │ │ ├── hub-and-spoke-topology-2.png │ │ ├── kubrix-observe-topology.png │ │ ├── onboarding-teams-with-appofapps.png │ │ ├── onboarding-teams-with-appset.png │ │ ├── team-onboarding-1.png │ │ ├── team-onboarding-2.png │ │ ├── team-onboarding-3.png │ │ ├── team-onboarding-4.png │ │ └── team-onboarding-5.png │ ├── index.md │ ├── observability │ │ ├── alerting.md │ │ └── overview.md │ ├── onboarding │ │ ├── additional-infos.md │ │ ├── onboarding-apps.md │ │ ├── onboarding-teams.md │ │ └── promoting-changes.md │ ├── platform-building-blocks.md │ ├── platform-testing.md │ ├── runbooks │ │ ├── loki.md │ │ └── mimir.md │ └── tools.md ├── entities │ ├── all.yaml │ ├── demo.yaml │ ├── demo │ │ ├── argocd-info.yaml │ │ ├── backstage-info.yaml │ │ ├── k8s-monitoring.yaml │ │ ├── keycloak-info.yaml │ │ ├── kubecost-info.yaml │ │ ├── kubevirt-manager-info.yaml │ │ └── user-info.yaml │ ├── generic │ │ ├── cert-manager-info.yaml │ │ ├── kubevirt-info.yaml │ │ ├── kyverno-info.yaml │ │ ├── loki-info.yaml │ │ └── tempo-info.yaml │ ├── k3d.yaml │ ├── k3d │ │ ├── argocd-info.yaml │ │ ├── backstage-info.yaml │ │ ├── k8s-monitoring.yaml │ │ ├── keycloak-info.yaml │ │ ├── kubecost-info.yaml │ │ └── kubevirt-manager-info.yaml │ ├── metalstack.yaml │ └── metalstack │ │ ├── argocd-info.yaml │ │ ├── backstage-info.yaml │ │ ├── k8s-monitoring.yaml │ │ ├── kubecost-info.yaml │ │ ├── kubevirt-manager-info.yaml │ │ └── metalstack-info.yaml ├── mkdocs.yaml └── templates │ ├── LICENSE │ ├── README.md │ ├── scaffolder-templates-demo │ ├── docs-template │ │ ├── skeleton │ │ │ ├── catalog-info.yaml │ │ │ ├── docs │ │ │ │ └── index.md │ │ │ └── mkdocs.yml │ │ └── template.yaml │ ├── sx-kargo-demo-app │ │ ├── kargo-gitops │ │ │ ├── .github │ │ │ │ └── workflows │ │ │ │ │ └── branch.yaml │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── README.md │ │ │ ├── app-stages.yaml │ │ │ ├── catalog-info.yaml │ │ │ ├── docs │ │ │ │ └── index.md │ │ │ ├── mkdocs.yaml │ │ │ ├── renovate.json │ │ │ ├── templates │ │ │ │ ├── NOTES.txt │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── configmap-discovery.yaml │ │ │ │ ├── deployment-entry.yaml │ │ │ │ ├── deployment-hat.yaml │ │ │ │ ├── deployment-left-arm.yaml │ │ │ │ ├── deployment-left-leg.yaml │ │ │ │ ├── deployment-right-arm.yaml │ │ │ │ ├── deployment-right-leg.yaml │ │ │ │ ├── hpa.yaml │ │ │ │ ├── ingress.yaml │ │ │ │ ├── service-entry.yaml │ │ │ │ ├── service-hat.yaml │ │ │ │ ├── service-left-arm.yaml │ │ │ │ ├── service-left-leg.yaml │ │ │ │ ├── service-right-arm.yaml │ │ │ │ ├── service-right-leg.yaml │ │ │ │ ├── serviceaccount.yaml │ │ │ │ └── tests │ │ │ │ │ └── test-connection.yaml │ │ │ ├── values-prod.yaml │ │ │ ├── values-qa.yaml │ │ │ ├── values-test.yaml │ │ │ └── values.yaml │ │ └── template.yaml │ ├── sx-notification │ │ └── template.yaml │ ├── sx-template-metalstack │ │ ├── metalstack-gitops │ │ │ ├── README.md │ │ │ ├── catalog-info.yaml │ │ │ ├── docs │ │ │ │ └── index.md │ │ │ ├── helm │ │ │ │ ├── .helmignore │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── templates │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ └── metalstack.yaml │ │ │ │ └── values.yaml │ │ │ ├── mkdocs.yaml │ │ │ └── system-info.yaml │ │ ├── skeleton │ │ │ └── applicationsetup │ │ │ │ └── ${{values.argocdtarget}} │ │ │ │ └── ${{values.cluster_id}}-argoapp.yaml │ │ └── template.yaml │ ├── sx-template-onboarding │ │ ├── .DS_Store │ │ ├── skeleton │ │ │ ├── README.md │ │ │ └── demo-apps │ │ │ │ └── README.md │ │ └── template.yaml │ └── sx-virt-template │ │ ├── kubevirt-gitops │ │ ├── .github │ │ │ └── workflows │ │ │ │ └── branch.yaml │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── app-stages.yaml │ │ ├── catalog-info.yaml │ │ ├── docs │ │ │ └── index.md │ │ ├── mkdocs.yaml │ │ ├── templates │ │ │ ├── VirtualMachine.yaml │ │ │ ├── _helpers.tpl │ │ │ └── service.yaml │ │ ├── values-prod.yaml │ │ ├── values-test.yaml │ │ └── values.yaml │ │ └── template.yaml │ ├── scaffolder-templates │ ├── docs-template │ │ ├── skeleton │ │ │ ├── catalog-info.yaml │ │ │ ├── docs │ │ │ │ └── index.md │ │ │ └── mkdocs.yml │ │ └── template.yaml │ ├── sx-kargo-demo-app │ │ ├── kargo-gitops │ │ │ ├── .github │ │ │ │ └── workflows │ │ │ │ │ └── branch.yaml │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── README.md │ │ │ ├── app-stages.yaml │ │ │ ├── catalog-info.yaml │ │ │ ├── docs │ │ │ │ └── index.md │ │ │ ├── mkdocs.yaml │ │ │ ├── renovate.json │ │ │ ├── templates │ │ │ │ ├── NOTES.txt │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── configmap-discovery.yaml │ │ │ │ ├── deployment-entry.yaml │ │ │ │ ├── deployment-hat.yaml │ │ │ │ ├── deployment-left-arm.yaml │ │ │ │ ├── deployment-left-leg.yaml │ │ │ │ ├── deployment-right-arm.yaml │ │ │ │ ├── deployment-right-leg.yaml │ │ │ │ ├── hpa.yaml │ │ │ │ ├── ingress.yaml │ │ │ │ ├── service-entry.yaml │ │ │ │ ├── service-hat.yaml │ │ │ │ ├── service-left-arm.yaml │ │ │ │ ├── service-left-leg.yaml │ │ │ │ ├── service-right-arm.yaml │ │ │ │ ├── service-right-leg.yaml │ │ │ │ ├── serviceaccount.yaml │ │ │ │ └── tests │ │ │ │ │ └── test-connection.yaml │ │ │ ├── values-prod.yaml │ │ │ ├── values-qa.yaml │ │ │ ├── values-test.yaml │ │ │ └── values.yaml │ │ └── template.yaml │ ├── sx-template-metalstack │ │ ├── metalstack-gitops │ │ │ ├── README.md │ │ │ ├── catalog-info.yaml │ │ │ ├── docs │ │ │ │ └── index.md │ │ │ ├── helm │ │ │ │ ├── .helmignore │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── templates │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ └── metalstack.yaml │ │ │ │ └── values.yaml │ │ │ ├── mkdocs.yaml │ │ │ └── system-info.yaml │ │ ├── skeleton │ │ │ └── applicationsetup │ │ │ │ └── ${{values.argocdtarget}} │ │ │ │ └── ${{values.cluster_id}}-argoapp.yaml │ │ └── template.yaml │ └── sx-template-onboarding │ │ ├── .DS_Store │ │ ├── skeleton │ │ └── README.md │ │ └── template.yaml │ ├── showcase-templates-demo.yaml │ └── showcase-templates.yaml ├── bootstrap-app-demo-metalstack.yaml ├── bootstrap-app-kind-base.yaml ├── bootstrap-app-kind-delivery.yaml ├── bootstrap-app-kind-observability.yaml ├── bootstrap-app-kind-portal.yaml ├── bootstrap-app-kind-security.yaml ├── bootstrap-app-kind.yaml ├── bootstrap-app-metalstack.yaml ├── bootstrap-argocd-values.yaml ├── install-platform.sh ├── kubrix-local-installation.md ├── kubrix-playground-github-codespaces.md ├── metalstack-resources └── tf-project │ ├── .terraform.lock.hcl │ ├── README.md │ ├── main.tf │ └── resource.tf ├── platform-apps ├── charts │ ├── argo-rollouts │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── values-k3d.yaml │ │ └── values.yaml │ ├── argocd │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── dashboard-files │ │ │ ├── argocd-dashboard-169.json │ │ │ ├── argocd-dashboard-19974.json │ │ │ ├── argocd-dashboard-19975.json │ │ │ └── argocd-dashboard-19993.json │ │ ├── manual-secret │ │ │ └── argocd-secret.yaml │ │ ├── templates │ │ │ ├── argocd-dashboard-169.yaml │ │ │ ├── argocd-dashboard-19974.yaml │ │ │ ├── argocd-dashboard-19975.yaml │ │ │ └── argocd-dashboard-19993.yaml │ │ ├── values-demo-metalstack.yaml │ │ ├── values-k3d.yaml │ │ ├── values-metalstack.yaml │ │ └── values.yaml │ ├── backstage │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── backstage-locator-cr.yaml │ │ │ ├── backstage-locator-crb.yaml │ │ │ ├── backstage-locator-sa.yaml │ │ │ ├── backstage-locator-secret.yaml │ │ │ ├── es-backstage-secret.yaml │ │ │ ├── es.yaml │ │ │ └── policy-cm.yaml │ │ ├── values-demo-metalstack.yaml │ │ ├── values-k3d.yaml │ │ └── values-metalstack.yaml │ ├── cert-manager │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── clusterissuer-mkcert.yaml │ │ │ ├── clusterissuer-prod.yaml │ │ │ └── clusterissuer-staging.yaml │ │ ├── values-demo-metalstack.yaml │ │ ├── values-k3d.yaml │ │ ├── values-metalstack.yaml │ │ └── values.yaml │ ├── cnpg │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── dashboard-files │ │ │ └── cnpg-dashboard.json │ │ ├── templates │ │ │ ├── cnpg-dashboard.yaml │ │ │ ├── pgadmin-secret.yaml │ │ │ └── pgadminconfiglocal.yaml │ │ └── values-demo-metalstack.yaml │ ├── crossplane │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── values-k3d.yaml │ │ └── values.yaml │ ├── external-dns │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── values-demo-metalstack.yaml │ │ └── values-metalstack.yaml │ ├── external-secrets │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ └── values-k3d.yaml │ ├── falco │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── values-demo-metalstack.yaml │ │ └── values-k3d.yaml │ ├── grafana │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── alerting-rules │ │ │ └── kubernetes-alerts.yaml │ │ ├── dashboard-files │ │ │ ├── kubernetes-modern │ │ │ │ ├── k8s-system-api-server.json │ │ │ │ ├── k8s-system-coredns.json │ │ │ │ ├── k8s-views-global.json │ │ │ │ ├── k8s-views-namespaces.json │ │ │ │ ├── k8s-views-nodes.json │ │ │ │ └── k8s-views-pods.json │ │ │ └── metalstack │ │ │ │ ├── gardener-usage-overview.json │ │ │ │ ├── machine-capacity.json │ │ │ │ ├── metal-api.json │ │ │ │ ├── rethinkdb.json │ │ │ │ └── shoot-states-overview.json │ │ ├── templates │ │ │ ├── alerts │ │ │ │ └── kubernetes-alerts.yaml │ │ │ ├── contact-point-platform-team.yaml │ │ │ └── dashboards │ │ │ │ ├── kubernetes-modern │ │ │ │ └── dashboards.yaml │ │ │ │ └── metalstack │ │ │ │ └── dashboards.yaml │ │ ├── values-demo-metalstack.yaml │ │ ├── values-k3d.yaml │ │ ├── values-metalstack.yaml │ │ └── values.yaml │ ├── image-list.json │ ├── image-list.md │ ├── ingress-nginx │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ └── values-k3d.yaml │ ├── k8s-monitoring │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── values-demo-metalstack.yaml │ │ ├── values-k3d.yaml │ │ └── values-metalstack.yaml │ ├── kargo │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── values-demo-metalstack.yaml │ │ ├── values-k3d.yaml │ │ ├── values-metalstack.yaml │ │ └── values.yaml │ ├── keycloak │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── 2faflow.yaml │ │ │ ├── comp.yaml │ │ │ ├── cp-authbackend-oidc.yaml │ │ │ ├── cp-keycloak-admin-secret-es.yaml │ │ │ ├── cp-keycloak-backstage-client.yaml │ │ │ ├── cp-keycloak-client-secret-es.yaml │ │ │ ├── cp-keycloak-clientscope.yaml │ │ │ ├── cp-keycloak-default-clientscopes-backstage.yaml │ │ │ ├── cp-keycloak-default-clientscopes-vault.yaml │ │ │ ├── cp-keycloak-externaldb-secret.yaml │ │ │ ├── cp-keycloak-group-roles.yaml │ │ │ ├── cp-keycloak-member.yaml │ │ │ ├── cp-keycloak-protocolmapper.yaml │ │ │ ├── cp-keycloak-realm.yaml │ │ │ ├── cp-keycloak-secret-es-xr.yaml │ │ │ ├── cp-keycloak-secret-es.yaml │ │ │ ├── cp-keycloak-users-secret-es.yaml │ │ │ ├── cp-keycloak-users.yaml │ │ │ ├── cp-keycloak-vault-client.yaml │ │ │ ├── cp-provider.yaml │ │ │ ├── cp-providerconfig.yaml │ │ │ ├── func.yaml │ │ │ ├── oss │ │ │ │ └── cp-keycloak-groups.yaml │ │ │ ├── xr.yaml │ │ │ └── xrd.yaml │ │ ├── values-demo-metalstack.yaml │ │ └── values-k3d.yaml │ ├── komoplane │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ └── values-k3d.yaml │ ├── kubecost │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── templates │ │ │ └── sx-cnp-oss.yaml │ │ ├── values-k3d.yaml │ │ └── values-metalstack.yaml │ ├── kubevirt-manager │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── bundled.yaml │ │ │ ├── certificate.yaml │ │ │ └── ingress.yaml │ │ ├── values-demo-metalstack.yaml │ │ ├── values-k3d.yaml │ │ └── values-metalstack.yaml │ ├── kubevirt │ │ ├── Chart.yaml │ │ ├── dashboard-files │ │ │ └── kubevirt-dashboard.json │ │ ├── templates │ │ │ ├── cdi-cr.yaml │ │ │ ├── cdi-operator.yaml │ │ │ ├── cdi-proxy.yaml │ │ │ ├── dashboard.yaml │ │ │ ├── datavolumes.yaml │ │ │ ├── datavolumes_roles.yaml │ │ │ ├── kubevirt-cr.yaml │ │ │ └── kubevirt-operator.yaml │ │ ├── values-demo-metalstack.yaml │ │ └── values-metalstack.yaml │ ├── kyverno │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── dashboard-files │ │ │ └── kyverno-dashboard.json │ │ ├── templates │ │ │ ├── crb-kubevirt-rolebinding.yaml │ │ │ ├── kyverno-dashboard.yaml │ │ │ ├── policy-add-deny-all-allow-coredns-nw-policy.yaml │ │ │ ├── policy-add-label-velero.yaml │ │ │ ├── policy-add-ns-quota.yaml │ │ │ ├── policy-kargo-project-name-validation-apps-in-any-ns.yaml │ │ │ └── policy-kubevirt-rolebinding.yaml │ │ ├── values-demo-metalstack.yaml │ │ ├── values-metalstack.yaml │ │ └── values.yaml │ ├── loki │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── es-loki.yaml │ │ │ ├── es-na-cert.yaml │ │ │ ├── loki-datasource.yaml │ │ │ ├── loki-kubernetes-logs-dashboard.yaml │ │ │ ├── monitoring.grafana.com_grafanaagents.yaml │ │ │ ├── monitoring.grafana.com_integrations.yaml │ │ │ ├── monitoring.grafana.com_logsinstances.yaml │ │ │ ├── monitoring.grafana.com_metricsinstances.yaml │ │ │ └── monitoring.grafana.com_podlogs.yaml │ │ ├── values-demo-metalstack.yaml │ │ ├── values-k3d.yaml │ │ ├── values-metalstack.yaml │ │ └── values.yaml │ ├── mimir │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── recording-rules │ │ │ └── kubernetes-recording-rules.yaml │ │ ├── templates │ │ │ ├── es-mimir.yaml │ │ │ ├── es-na-cert.yaml │ │ │ ├── kubernetes-recording-rules.yaml │ │ │ ├── metamonitoring-datasource.yaml │ │ │ └── mimir-datasource.yaml │ │ ├── values-demo-metalstack.yaml │ │ ├── values-k3d.yaml │ │ ├── values-metalstack.yaml │ │ └── values.yaml │ ├── minio │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── dashboard-files │ │ │ ├── minio-dashboard-13502.json │ │ │ └── minio-dashboard-15306.json │ │ ├── templates │ │ │ ├── external_secret_minio.yaml │ │ │ ├── minio-dashboard-13502.yaml │ │ │ ├── minio-dashboard-15306.yaml │ │ │ ├── sm.yaml │ │ │ ├── sm2.yaml │ │ │ └── sm3.yaml │ │ ├── values-demo-metalstack.yaml │ │ └── values-k3d.yaml │ ├── team-onboarding │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── alerting-contact-points.yaml │ │ │ ├── alerting-notification-policy.yaml │ │ │ ├── app-definition-ns.yaml │ │ │ ├── app-of-apps.yaml │ │ │ ├── appset-scm-multi-stage-kargo-es.yaml │ │ │ ├── appset-scm-multi-stage-kargo.yaml │ │ │ ├── argocd-credential-template-es.yaml │ │ │ ├── grafana-alerting-secrets.yaml │ │ │ ├── kc_member.yaml │ │ │ └── oss │ │ │ │ └── app-project.yaml │ │ ├── values-demo-metalstack.yaml │ │ ├── values-k3d.yaml │ │ ├── values-metalstack.yaml │ │ └── values.yaml │ ├── tempo │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── demo.yaml │ │ │ └── tempo-datasource.yaml │ │ ├── values-k3d.yaml │ │ └── values.yaml │ ├── trivy │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── dashboard-files │ │ │ └── trivy-dashboard.json │ │ ├── templates │ │ │ └── trivy-dashboard.yaml │ │ ├── values-k3d.yaml │ │ └── values-metalstackyaml │ ├── vault │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── dashboard-files │ │ │ └── vault-dashboard.json │ │ ├── templates │ │ │ ├── binding.yaml │ │ │ ├── crossplane │ │ │ │ ├── cp-audit.yaml │ │ │ │ ├── cp-authbackendrole.yaml │ │ │ │ ├── cp-group-sx-cnp-oss.yaml │ │ │ │ ├── cp-pol-sx-cnp-oss.yaml │ │ │ │ ├── cp-provider.yaml │ │ │ │ ├── cp-providerconfig.yaml │ │ │ │ └── cp-secret-kv2.yaml │ │ │ ├── env-vars-secret.yaml │ │ │ ├── eso │ │ │ │ └── clustersecretstore.yaml │ │ │ ├── role.yaml │ │ │ └── vault-dashboard.yaml │ │ ├── values-demo-metalstack.yaml │ │ └── values-k3d.yaml │ ├── velero-ui │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── templates │ │ │ └── external-secret.yaml │ │ ├── values-demo-metalstack.yaml │ │ └── values-k3d.yaml │ └── velero │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ ├── dashboard-files │ │ └── velero-dashboard-16829.json │ │ ├── templates │ │ ├── external_secret_velero.yaml │ │ └── velero-dashboard-16829.yaml │ │ ├── values-demo-metalstack.yaml │ │ ├── values-k3d.yaml │ │ └── values.yaml ├── platform-apps.md └── target-chart │ ├── Chart.yaml │ ├── templates │ └── application.yaml │ ├── values-demo-metalstack.yaml │ ├── values-kind-base.yaml │ ├── values-kind-delivery.yaml │ ├── values-kind-observability.yaml │ ├── values-kind-portal.yaml │ ├── values-kind-security.yaml │ ├── values-kind.yaml │ ├── values-metalstack.yaml │ └── values.yaml ├── renovate.json ├── team-apps └── onboarding-apps-charts │ └── multi-stage-app-with-kargo-pipeline │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── applicationSet-example.yaml │ ├── templates │ ├── NOTES.txt │ ├── applications.yaml │ ├── git-creds-eso.yaml │ ├── kargo-project.yaml │ ├── kargo-stages.yaml │ └── kargo-warehouse.yaml │ ├── values-example.yaml │ └── values.yaml ├── trivy-reports ├── report-argocd_dex_v2.42.1.md ├── report-k8s-monitoring_alloy_v1.8.1.md ├── report-k8s-monitoring_k8s-monitoring-test_1.6.33.md ├── report-k8s-monitoring_node-exporter_v1.9.1.md ├── report-k8s-monitoring_prometheus-config-reloader_v0.81.0.md ├── report-kubecost_cost-model_prod-2.7.1.md └── report-kubecost_frontend_prod-2.7.1.md └── trivy-scan-reports ├── argo-rollouts_scan_summary_report.md ├── argocd_scan_summary_report.md ├── backstage_scan_summary_report.md ├── cert-manager_scan_summary_report.md ├── cnpg_scan_summary_report.md ├── crossplane_scan_summary_report.md ├── external-dns_scan_summary_report.md ├── external-secrets_scan_summary_report.md ├── falco_scan_summary_report.md ├── grafana_scan_summary_report.md ├── ingress-nginx_scan_summary_report.md ├── k8s-monitoring_scan_summary_report.md ├── kargo_scan_summary_report.md ├── keycloak_scan_summary_report.md ├── komoplane_scan_summary_report.md ├── kubecost_scan_summary_report.md ├── kubevirt-manager_scan_summary_report.md ├── kubevirt_scan_summary_report.md ├── kyverno_scan_summary_report.md ├── loki_scan_summary_report.md ├── mimir_scan_summary_report.md ├── minio_scan_summary_report.md ├── team-onboarding_scan_summary_report.md ├── tempo_scan_summary_report.md ├── trivy_scan_summary_report.md ├── vault_scan_summary_report.md ├── velero-ui_scan_summary_report.md └── velero_scan_summary_report.md /.devcontainer/Dockerfile: -------------------------------------------------------------------------------- 1 | # See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.245.2/containers/ubuntu/.devcontainer/base.Dockerfile 2 | FROM quay.io/akuity/argo-cd-learning-assets/akuity-devcontainer:0.2.5 -------------------------------------------------------------------------------- /.devcontainer/argocd-nodeport.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: devcontainer-nodeport 5 | namespace: argocd 6 | spec: 7 | type: NodePort 8 | ports: 9 | - name: http 10 | port: 8080 11 | protocol: TCP 12 | targetPort: 8080 13 | nodePort: 30688 14 | selector: 15 | app.kubernetes.io/instance: sx-argocd 16 | app.kubernetes.io/name: argocd-server 17 | sessionAffinity: None 18 | -------------------------------------------------------------------------------- /.devcontainer/backstage-nodeport.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: devcontainer-nodeport 5 | namespace: backstage 6 | spec: 7 | type: NodePort 8 | ports: 9 | - name: http-backend 10 | port: 7007 11 | targetPort: backend 12 | protocol: TCP 13 | nodePort: 30691 14 | selector: 15 | app.kubernetes.io/name: backstage 16 | app.kubernetes.io/instance: sx-backstage 17 | app.kubernetes.io/component: backstage 18 | sessionAffinity: None 19 | -------------------------------------------------------------------------------- /.devcontainer/cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e # Exit on non-zero exit code from commands 3 | 4 | # Clean up k3d clusters 5 | k3d cluster delete cnp-local-demo -------------------------------------------------------------------------------- /.devcontainer/delivery/welcome.txt: -------------------------------------------------------------------------------- 1 | Hello to the kubriX codespace! 2 | 3 | The kubriX delivery platform-stack will get installed now. 4 | This can take up to 20 minutes - please be patient ;) 5 | 6 | -------------------------------------------------------------------------------- /.devcontainer/falco-nodeport.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: devcontainer-nodeport 5 | namespace: falco 6 | spec: 7 | type: NodePort 8 | ports: 9 | - port: 2802 10 | targetPort: 2802 11 | protocol: TCP 12 | name: http 13 | nodePort: 30693 14 | selector: 15 | app.kubernetes.io/name: falcosidekick 16 | app.kubernetes.io/instance: sx-falco 17 | app.kubernetes.io/component: ui 18 | sessionAffinity: None 19 | -------------------------------------------------------------------------------- /.devcontainer/grafana-nodeport.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: devcontainer-nodeport 5 | namespace: grafana 6 | spec: 7 | type: NodePort 8 | ports: 9 | - name: service 10 | port: 80 11 | protocol: TCP 12 | targetPort: 3000 13 | nodePort: 30690 14 | selector: 15 | app.kubernetes.io/name: grafana 16 | app.kubernetes.io/instance: sx-grafana 17 | sessionAffinity: None 18 | -------------------------------------------------------------------------------- /.devcontainer/kargo-nodeport.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: devcontainer-nodeport 5 | namespace: kargo 6 | spec: 7 | type: NodePort 8 | ports: 9 | - name: http 10 | port: 80 11 | protocol: TCP 12 | targetPort: 8080 13 | nodePort: 30689 14 | selector: 15 | app.kubernetes.io/component: api 16 | app.kubernetes.io/instance: sx-kargo 17 | app.kubernetes.io/name: kargo 18 | sessionAffinity: None 19 | -------------------------------------------------------------------------------- /.devcontainer/keycloak-nodeport.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: devcontainer-nodeport 5 | namespace: keycloak 6 | spec: 7 | type: NodePort 8 | ports: 9 | - name: "keycloak-service" 10 | port: 8080 11 | nodePort: 30692 12 | selector: 13 | app: "keycloak-service" 14 | sessionAffinity: None 15 | -------------------------------------------------------------------------------- /.devcontainer/kind-config.yaml: -------------------------------------------------------------------------------- 1 | kind: Cluster 2 | apiVersion: kind.x-k8s.io/v1alpha4 3 | nodes: 4 | - role: control-plane 5 | kubeadmConfigPatches: 6 | - | 7 | kind: InitConfiguration 8 | nodeRegistration: 9 | kubeletExtraArgs: 10 | node-labels: "ingress-ready=true" 11 | extraPortMappings: 12 | - containerPort: 80 13 | hostPort: 80 14 | protocol: TCP 15 | - containerPort: 443 16 | hostPort: 443 17 | protocol: TCP 18 | - containerPort: 30688 19 | hostPort: 6688 20 | - containerPort: 30689 21 | hostPort: 6689 22 | - containerPort: 30690 23 | hostPort: 6690 24 | - containerPort: 30691 25 | hostPort: 6691 26 | - containerPort: 30692 27 | hostPort: 6692 28 | - containerPort: 30693 29 | hostPort: 6693 30 | -------------------------------------------------------------------------------- /.devcontainer/observability/welcome.txt: -------------------------------------------------------------------------------- 1 | Hello to the kubriX codespace! 2 | 3 | The kubriX observability platform-stack will get installed now. 4 | This can take up to 20 minutes - please be patient ;) 5 | 6 | -------------------------------------------------------------------------------- /.devcontainer/portal/welcome.txt: -------------------------------------------------------------------------------- 1 | Hello to the kubriX codespace! 2 | 3 | The kubriX portal platform-stack will get installed now. 4 | This can take up to 20 minutes - please be patient ;) 5 | 6 | -------------------------------------------------------------------------------- /.devcontainer/security/welcome.txt: -------------------------------------------------------------------------------- 1 | Hello to the kubriX codespace! 2 | 3 | The kubriX security platform-stack will get installed now. 4 | This can take up to 20 minutes - please be patient ;) 5 | 6 | -------------------------------------------------------------------------------- /.github/kind-config.yaml: -------------------------------------------------------------------------------- 1 | kind: Cluster 2 | apiVersion: kind.x-k8s.io/v1alpha4 3 | nodes: 4 | - role: control-plane 5 | kubeadmConfigPatches: 6 | - | 7 | kind: InitConfiguration 8 | nodeRegistration: 9 | kubeletExtraArgs: 10 | node-labels: "ingress-ready=true" 11 | extraPortMappings: 12 | - containerPort: 80 13 | hostPort: 80 14 | protocol: TCP 15 | - containerPort: 443 16 | hostPort: 443 17 | protocol: TCP 18 | -------------------------------------------------------------------------------- /.github/pr-diff-template.txt: -------------------------------------------------------------------------------- 1 |
DESCRIPTION_HERE 2 | 3 | ```diff 4 | DIFF_HERE 5 | ``` 6 |
7 | -------------------------------------------------------------------------------- /.github/workflows/list-images.yaml: -------------------------------------------------------------------------------- 1 | on: 2 | workflow_dispatch: 3 | 4 | name: create image list 5 | 6 | jobs: 7 | evaluate: 8 | runs-on: ubuntu-latest 9 | permissions: 10 | contents: write 11 | steps: 12 | - name: Checkout code 13 | uses: actions/checkout@v4 14 | 15 | - name: create image lists 16 | shell: bash 17 | run: | 18 | .github/create-image-list.sh 19 | 20 | - name: commit image list 21 | shell: bash 22 | run: | 23 | git config user.name "github-actions[bot]" 24 | git config user.email "41898282+github-actions[bot]@users.noreply.github.com" 25 | git status 26 | git add image-list 27 | git status 28 | echo "check diff and commit" 29 | git diff --cached --exit-code || git commit -m "update image list" 30 | git push 31 | -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- 1 | on: 2 | push: 3 | branches: 4 | - main 5 | 6 | permissions: 7 | contents: write 8 | pull-requests: write 9 | 10 | name: release-please 11 | 12 | jobs: 13 | release-please: 14 | runs-on: ubuntu-latest 15 | if: ${{ vars.RELEASE_PLEASE == 'true' }} 16 | steps: 17 | - uses: googleapis/release-please-action@v4 18 | with: 19 | # this assumes that you have created a personal access token 20 | # (PAT) and configured it as a GitHub action secret named 21 | # `MY_RELEASE_PLEASE_TOKEN` (this secret name is not important). 22 | # token: ${{ secrets.MY_RELEASE_PLEASE_TOKEN }} 23 | # this is a built-in strategy in release-please, see "Action Inputs" 24 | # for more options 25 | release-type: simple 26 | -------------------------------------------------------------------------------- /.github/workflows/trivy-scan-diff.yml: -------------------------------------------------------------------------------- 1 | 2 | on: 3 | pull_request: 4 | types: [opened, synchronize] 5 | paths: 6 | - '.github/workflows/trivy-scan-diff.yaml' 7 | - '.github/create-trivy-scan-diff.sh' 8 | - 'platform-apps/charts/**' 9 | 10 | permissions: 11 | contents: read 12 | pull-requests: write 13 | 14 | name: trivy scan diff 15 | 16 | jobs: 17 | diff: 18 | runs-on: ubuntu-latest 19 | steps: 20 | - name: Checkout PR 21 | uses: actions/checkout@v4 22 | with: 23 | path: pr 24 | fetch-depth: 0 25 | - name: Checkout Target of PR 26 | uses: actions/checkout@v4 27 | with: 28 | path: target 29 | fetch-depth: 0 30 | ref: ${{ github.event.pull_request.base.ref }} 31 | 32 | - name: create trivy scan diff 33 | id: scan-diff 34 | shell: bash 35 | run: | 36 | bash pr/.github/create-trivy-scan-diff.sh 37 | 38 | - name: PR comment default values with file 39 | if: env.CHANGES == 'true' 40 | uses: thollander/actions-comment-pull-request@v3 41 | env: 42 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 43 | with: 44 | file-path: out/comment-diff-trivy-scan-result.txt -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Chart dependencies 2 | **/charts/*.tgz 3 | 4 | # Local .terraform directories 5 | **/.terraform/* 6 | 7 | # .tfstate files 8 | *.tfstate 9 | *.tfstate.* 10 | 11 | # Crash log files 12 | crash.log 13 | crash.*.log 14 | 15 | # Exclude all .tfvars files, which are likely to contain sensitive data, such as 16 | # password, private keys, and other secrets. These should not be part of version 17 | # control as they are data points which are potentially sensitive and subject 18 | # to change depending on the environment. 19 | *.tfvars 20 | *.tfvars.json 21 | 22 | # Ignore override files as they are usually used to override resources locally and so 23 | # are not checked in 24 | override.tf 25 | override.tf.json 26 | *_override.tf 27 | *_override.tf.json 28 | 29 | # Ignore transient lock info files created by terraform apply 30 | .terraform.tfstate.lock.info 31 | 32 | # Include override files you do wish to add to version control using negated pattern 33 | # !example_override.tf 34 | 35 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 36 | # example: *tfplan* 37 | 38 | # Ignore CLI configuration files 39 | .terraformrc 40 | terraform.rc 41 | 42 | # ignore trivy cache 43 | .cache/trivy/** 44 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Build suXess backstage container image and push it to our registry 2 | 3 | This documents are just for internal use for the moment. 4 | 5 | ## automatically with Github Actions 6 | 7 | Workflow-File: https://github.com/suxess-it/sx-backstage/blob/feat/cnp-local-demo-jokl/.github/workflows/ci.yaml 8 | 9 | ## manually on local machine 10 | dual arch build, x86 and arm64, arm64 build could take up to 50 minutes 11 | ``` 12 | git clone https://github.com/suxess-it/sx-backstage.git 13 | cd sx-backstage 14 | git switch feat/cnp-local-demo-jokl 15 | # modify code, test, commit 16 | docker build -t sx-backstage:latest . 17 | docker tag sx-backstage:latest ghcr.io/suxess-it/sx-backstage:latest 18 | docker push ghcr.io/suxess-it/sx-backstage:latest 19 | kubectl rollout restart deploy/sx-backstage -n backstage 20 | ``` 21 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | # What is kubriX? 4 | 5 | kubriX is a curated, opinionated, yet highly flexible IDP distribution, build from predefined bricks for kubernetes. 6 | 7 | More informations on https://kubriX.io. 8 | 9 | If you have ideas / questions, please [join our slack](https://join.slack.com/t/kubrix-platform/shared_invite/zt-2rc1yty2f-VTT3GOzUvo_k5hrgKbppKQ) or raise an issue. 10 | 11 | Eager to see kubriX in action? Have a look at our [kubriX playground with Github Codespaces](kubrix-playground-github-codespaces.md)! 12 | 13 | Want to install kubriX on your local machine? Follow [local installation guide](kubrix-local-installation.md)! 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /aws-resources/route53-iam-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "route53:ChangeResourceRecordSets" 8 | ], 9 | "Resource": [ 10 | "arn:aws:route53:::hostedzone/*" 11 | ] 12 | }, 13 | { 14 | "Effect": "Allow", 15 | "Action": [ 16 | "route53:ListHostedZones", 17 | "route53:ListResourceRecordSets", 18 | "route53:ListTagsForResource" 19 | ], 20 | "Resource": [ 21 | "*" 22 | ] 23 | } 24 | ] 25 | } -------------------------------------------------------------------------------- /backstage-resources/adr/test.md: -------------------------------------------------------------------------------- 1 | Think about Clustering Techstack Applications: 2 | - Developer Control Plane 3 | -- Backstage 4 | 5 | - Continuous Delivery Plane 6 | -- argocd (managed by argocd) 7 | -- argo-rollouts 8 | -- kargo 9 | 10 | - Observability Plane 11 | -- prometheus 12 | -- grafana 13 | -- promtail 14 | -- loki 15 | -- tempo 16 | 17 | - Security Plane 18 | -- kyverno 19 | -- falco 20 | -- trivy 21 | -- k8sgpt 22 | -- Vault 23 | (-- Istio/Cilium) 24 | 25 | - Resource Management Plane 26 | -- kubecost 27 | -- crossplane 28 | -- cert-manager 29 | -- kubevirt 30 | -- kubevirt-manager 31 | -- external Secret Operator 32 | -- Keycloak 33 | -- External DNS 34 | -- Kasten K10 / Velero 35 | -- Minio 36 | -------------------------------------------------------------------------------- /backstage-resources/docs/application-migration/learning-path.md: -------------------------------------------------------------------------------- 1 | ## Learning Path for Developers 2 | 3 | Learning Path for Developers 4 | 5 | ... your text here -------------------------------------------------------------------------------- /backstage-resources/docs/application-migration/migration-process.md: -------------------------------------------------------------------------------- 1 | # Migration Process Overview 2 | 3 | your text here ... 4 | -------------------------------------------------------------------------------- /backstage-resources/docs/cloudnativepg.md: -------------------------------------------------------------------------------- 1 | # CloudNativePG 2 | 3 | Overview how CloudNativePG works in our platform, at first, how initial setup will work: 4 | 5 | ## High-Level Overview 6 | 7 | cnppg and pgadmin are beeing installed via Helm Charts. 8 | User and Credentials Configuration are currently served via Helm values including ESO integration [see default values files](https://github.com/suxess-it/kubriX/tree/main/platform-apps/charts/cnpg): 9 | 10 | Admin user is pgadmin4@kubrix.io, pwd see vault. 11 | Predefined ServerDefinition is currently only valid for pgadmin4@kubrix.io user. 12 | 13 | you can also login with predefined keycloak users. 14 | - demoadmin 15 | - demouser 16 | 17 | ## Customizing 18 | tbd -------------------------------------------------------------------------------- /backstage-resources/docs/img/alerting_data_flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/alerting_data_flow.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-changing-and-promoting-app-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-changing-and-promoting-app-1.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-changing-and-promoting-app-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-changing-and-promoting-app-2.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-changing-and-promoting-app-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-changing-and-promoting-app-3.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-changing-and-promoting-app-4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-changing-and-promoting-app-4.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-changing-and-promoting-app-5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-changing-and-promoting-app-5.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-changing-and-promoting-app-6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-changing-and-promoting-app-6.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-onboarding-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-onboarding-1.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-onboarding-10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-onboarding-10.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-onboarding-11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-onboarding-11.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-onboarding-12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-onboarding-12.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-onboarding-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-onboarding-2.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-onboarding-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-onboarding-3.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-onboarding-4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-onboarding-4.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-onboarding-5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-onboarding-5.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-onboarding-6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-onboarding-6.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-onboarding-7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-onboarding-7.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-onboarding-8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-onboarding-8.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/app-onboarding-9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/app-onboarding-9.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/hub-and-spoke-topology-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/hub-and-spoke-topology-1.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/hub-and-spoke-topology-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/hub-and-spoke-topology-2.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/kubrix-observe-topology.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/kubrix-observe-topology.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/onboarding-teams-with-appofapps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/onboarding-teams-with-appofapps.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/onboarding-teams-with-appset.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/onboarding-teams-with-appset.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/team-onboarding-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/team-onboarding-1.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/team-onboarding-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/team-onboarding-2.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/team-onboarding-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/team-onboarding-3.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/team-onboarding-4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/team-onboarding-4.png -------------------------------------------------------------------------------- /backstage-resources/docs/img/team-onboarding-5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/docs/img/team-onboarding-5.png -------------------------------------------------------------------------------- /backstage-resources/docs/index.md: -------------------------------------------------------------------------------- 1 | # kubriX platform showcase documentation 2 | 3 | Guide to get idea how this will work! 4 | 5 | ongoing improvement! Have FUN! 6 | -------------------------------------------------------------------------------- /backstage-resources/docs/platform-building-blocks.md: -------------------------------------------------------------------------------- 1 | # Platform building blocks and cluster flavors 2 | 3 | This document explains how to add new platform building blocks (helm charts) and how to compose them to a cluster flavor (target-chart). 4 | This document is primarly for platform engineers. It is still a draft and should include implementations of https://github.com/suxess-it/kubriX/issues/157 and how the 5 | 6 | - charts in https://github.com/suxess-it/kubriX/tree/main/platform-apps/charts 7 | - this target-chart (naming??) https://github.com/suxess-it/kubriX/tree/main/platform-apps/target-chart 8 | - the bootstrap-app like https://github.com/suxess-it/kubriX/blob/main/bootstrap-app-kind.yaml 9 | - and https://github.com/suxess-it/kubriX/blob/main/install-platform.sh 10 | 11 | fit together. 12 | 13 | # Adding new building-blocks to the platform 14 | 15 | tdb 16 | 17 | 18 | # Creating new cluster flavors 19 | 20 | tbd 21 | 22 | -------------------------------------------------------------------------------- /backstage-resources/docs/platform-testing.md: -------------------------------------------------------------------------------- 1 | # Test for the platform 2 | 3 | This document should describe which automatic tests are implemented, how changes walk through our platform-pipeline and how we want to ensure quality in our platform stack. 4 | Still tbd and should reflect things of https://github.com/suxess-it/kubriX/issues/232 and https://github.com/suxess-it/kubriX/issues/231 5 | 6 | Also, how you can test and develop the platform in a new feature branch. 7 | -------------------------------------------------------------------------------- /backstage-resources/docs/tools.md: -------------------------------------------------------------------------------- 1 | # Tools in our platform 2 | 3 | If you want to access the tools of our kubriX platform directly, just browse [here](https://backstage.demo.kubrix.cloud/explore) -------------------------------------------------------------------------------- /backstage-resources/entities/demo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # locations 3 | apiVersion: backstage.io/v1alpha1 4 | kind: Location 5 | metadata: 6 | name: demo-location 7 | description: A collection of all Backstage entities for official kubriX demo 8 | spec: 9 | targets: 10 | - ./demo/argocd-info.yaml 11 | - ./demo/backstage-info.yaml 12 | - ./demo/keycloak-info.yaml 13 | - ./demo/k8s-monitoring.yaml 14 | - ./demo/kubecost-info.yaml 15 | - ./demo/kubevirt-manager-info.yaml 16 | - ./demo/user-info.yaml -------------------------------------------------------------------------------- /backstage-resources/entities/demo/argocd-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: argocd 5 | title: ArgoCD 6 | description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. We use ArgoCD for ... 7 | links: 8 | - url: https://argocd.demo.kubrix.cloud 9 | title: Instance of ArgoCD 10 | icon: web 11 | - url: https://argo-cd.readthedocs.io/en/stable/ 12 | title: Documentation 13 | icon: web 14 | spec: 15 | type: cd-provider 16 | lifecycle: production 17 | owner: kubrix 18 | system: kubrix 19 | -------------------------------------------------------------------------------- /backstage-resources/entities/demo/k8s-monitoring.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: k8s-monitoring 5 | title: k8s-monitoring 6 | description: Helm-Chart with integrated Alloy to scrape metrics, logs and traces for Mimir, Loki and Tempo 7 | links: 8 | - url: https://grafana.demo.kubrix.cloud 9 | title: Grafana Instance for kubriX 10 | icon: web 11 | - url: https://github.com/grafana/k8s-monitoring-helm 12 | title: Official Documentation 13 | icon: web 14 | spec: 15 | type: observability 16 | lifecycle: production 17 | owner: kubrix 18 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/entities/demo/keycloak-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: keycloak 5 | title: KeyCloak 6 | description: Keycloak is an open source software product to allow single sign-on with identity and access management aimed at modern applications and services. We use keycloack in this showcase. 7 | links: 8 | - url: https://keycloak.demo.kubrix.cloud 9 | title: kubriX Keycloak 10 | icon: web 11 | - url: https://www.keycloak.org/documentation 12 | title: Documentation 13 | icon: web 14 | spec: 15 | type: identity-provider 16 | lifecycle: production 17 | owner: kubrix 18 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/entities/demo/kubecost-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: kubecost 5 | title: Kubecost 6 | description: Kubecost 7 | links: 8 | - url: https://kubecost.demo.kubrix.cloud 9 | title: Kubecost Instance of kubriX 10 | icon: web 11 | - url: https://docs.kubecost.com 12 | title: Official Documentation 13 | icon: web 14 | spec: 15 | type: cost-provider 16 | lifecycle: production 17 | owner: kubrix 18 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/entities/demo/kubevirt-manager-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: kubevirt-manager 5 | title: kubevirt-manager 6 | description: kubevirt Manager UI 7 | links: 8 | - url: https://kubevirt-manager.demo.kubrix.cloud 9 | title: kubevirt-manager Instance of kubrix 10 | icon: web 11 | - url: https://kubevirt-manager.io/ 12 | title: Official Documentation 13 | icon: web 14 | spec: 15 | type: virtualization 16 | lifecycle: production 17 | owner: kubrix 18 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/entities/demo/user-info.yaml: -------------------------------------------------------------------------------- 1 | # required user for demo environment https://github.com/suxess-it/kubriX/issues/87 2 | # until user management set up properly 3 | --- -------------------------------------------------------------------------------- /backstage-resources/entities/generic/cert-manager-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: cert-manager 5 | title: cert-manager 6 | description: cert-manager Instance for kubriX 7 | links: 8 | - url: https://cert-manager.io 9 | title: Official Documentation 10 | icon: web 11 | spec: 12 | type: cert-manager 13 | lifecycle: production 14 | owner: kubrix 15 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/entities/generic/kubevirt-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: kubevirt 5 | title: kubevirt 6 | description: kubevirt Instance for kubriX 7 | links: 8 | - url: https://kubevirt.io/ 9 | title: Official Documentation 10 | icon: web 11 | spec: 12 | type: virtualization 13 | lifecycle: production 14 | owner: kubrix 15 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/entities/generic/kyverno-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: kyverno 5 | title: kyverno 6 | description: kyverno Instance for kubrix 7 | links: 8 | - url: https://kyverno.io/ 9 | title: Official Documentation 10 | icon: web 11 | spec: 12 | type: policy-management 13 | lifecycle: production 14 | owner: kubrix 15 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/entities/generic/loki-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: loki 5 | title: loki 6 | description: loki Instance for kubriX 7 | links: 8 | - url: https://grafana.com/docs/loki/latest/ 9 | title: Official Documentation 10 | icon: web 11 | spec: 12 | type: observability 13 | lifecycle: production 14 | owner: kubrix 15 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/entities/generic/tempo-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: tempo 5 | title: tempo 6 | description: tempo Instance for kubriX 7 | links: 8 | - url: https://grafana.com/docs/tempo/latest/ 9 | title: Official Documentation 10 | icon: web 11 | spec: 12 | type: observability 13 | lifecycle: production 14 | owner: kubrix 15 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/entities/k3d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # locations 3 | apiVersion: backstage.io/v1alpha1 4 | kind: Location 5 | metadata: 6 | name: k3d-location 7 | description: A collection of all Backstage entities for k3d clusters 8 | spec: 9 | targets: 10 | - ./k3d/argocd-info.yaml 11 | - ./k3d/backstage-info.yaml 12 | - ./k3d/keycloak-info.yaml 13 | - ./k3d/k8s-monitoring.yaml 14 | - ./k3d/kubecost-info.yaml 15 | - ./k3d/kubevirt-manager-info.yaml 16 | 17 | -------------------------------------------------------------------------------- /backstage-resources/entities/k3d/argocd-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: argocd 5 | title: ArgoCD 6 | description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. We use ArgoCD for ... 7 | links: 8 | - url: https://argocd-127-0-0-1.nip.io 9 | title: Instance of namespaced ArgoCD 10 | icon: web 11 | - url: https://argo-cd.readthedocs.io/en/stable/ 12 | title: Documentation 13 | icon: web 14 | spec: 15 | type: cd-provider 16 | lifecycle: production 17 | owner: kubrix 18 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/entities/k3d/k8s-monitoring.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: k8s-monitoring 5 | title: k8s-monitoring 6 | description: Helm-Chart with integrated Alloy to scrape metrics, logs and traces for Mimir, Loki and Tempo 7 | links: 8 | - url: https://grafana-127-0-0-1.nip.io 9 | title: Grafana Instance for kubriX 10 | icon: web 11 | - url: https://github.com/grafana/k8s-monitoring-helm 12 | title: Official Documentation 13 | icon: web 14 | spec: 15 | type: observability 16 | lifecycle: production 17 | owner: kubrix 18 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/entities/k3d/keycloak-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: keycloak 5 | title: KeyCloak 6 | description: Keycloak is an open source software product to allow single sign-on with identity and access management aimed at modern applications and services. We use keycloack in this showcase. 7 | links: 8 | - url: https://keycloak-127-0-0-1.nip.io 9 | title: Keycloak Instance for kubrix 10 | icon: web 11 | - url: https://www.keycloak.org/documentation 12 | title: Documentation 13 | icon: web 14 | spec: 15 | type: identity-provider 16 | lifecycle: production 17 | owner: kubrix 18 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/entities/k3d/kubecost-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: kubecost 5 | title: Kubecost 6 | description: Kubecost 7 | links: 8 | - url: https://kubecost-127-0-0-1.nip.io 9 | title: Kubecost Instance for kubriX 10 | icon: web 11 | - url: https://docs.kubecost.com 12 | title: Official Documentation 13 | icon: web 14 | spec: 15 | type: cost-provider 16 | lifecycle: production 17 | owner: kubrix 18 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/entities/k3d/kubevirt-manager-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: kubevirt-manager 5 | title: kubevirt-manager 6 | description: kubevirt Manager UI 7 | links: 8 | - url: https://kubevirt-manager-127-0-0-1.nip.io 9 | title: ubevirt-manager Instance for kubriX 10 | icon: web 11 | - url: https://kubevirt-manager.io/ 12 | title: Official Documentation 13 | icon: web 14 | spec: 15 | type: virtualization 16 | lifecycle: production 17 | owner: kubrix 18 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/entities/metalstack.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # locations 3 | apiVersion: backstage.io/v1alpha1 4 | kind: Location 5 | metadata: 6 | name: metalstack-location 7 | description: A collection of all Backstage entities for metalstack clusters 8 | spec: 9 | targets: 10 | - ./metalstack/argocd-info.yaml 11 | - ./metalstack/backstage-info.yaml 12 | - ./metalstack/k8s-monitoring.yaml 13 | - ./metalstack/kubecost-info.yaml 14 | - ./metalstack/kubevirt-manager-info.yaml 15 | - ./metalstack/metalstack-info.yaml 16 | 17 | -------------------------------------------------------------------------------- /backstage-resources/entities/metalstack/argocd-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: argocd 5 | title: ArgoCD 6 | description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. We use ArgoCD for ... 7 | links: 8 | - url: https://argocd-metalstack.platform-engineer.cloud 9 | title: Instance of namespaced ArgoCD 10 | icon: web 11 | - url: https://argo-cd.readthedocs.io/en/stable/ 12 | title: Documentation 13 | icon: web 14 | spec: 15 | type: cd-provider 16 | lifecycle: production 17 | owner: kubrix 18 | system: kubrix 19 | -------------------------------------------------------------------------------- /backstage-resources/entities/metalstack/k8s-monitoring.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: k8s-monitoring 5 | title: k8s-monitoring 6 | description: Helm-Chart with integrated Alloy to scrape metrics, logs and traces for Mimir, Loki and Tempo 7 | links: 8 | - url: https://grafana-metalstack.platform-engineer.cloud 9 | title: Grafana Instance for kubriX 10 | icon: web 11 | - url: https://github.com/grafana/k8s-monitoring-helm 12 | title: Official Documentation 13 | icon: web 14 | spec: 15 | type: observability 16 | lifecycle: production 17 | owner: kubrix 18 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/entities/metalstack/kubecost-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: kubecost 5 | title: Kubecost 6 | description: Kubecost 7 | links: 8 | - url: https://kubecost-metalstack.platform-engineer.cloud 9 | title: Kubecost Instance for kubriX 10 | icon: web 11 | - url: https://docs.kubecost.com 12 | title: Official Documentation 13 | icon: web 14 | spec: 15 | type: cost-provider 16 | lifecycle: production 17 | owner: kubrix 18 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/entities/metalstack/kubevirt-manager-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: kubevirt-manager 5 | title: kubevirt-manager 6 | description: kubevirt Manager UI 7 | links: 8 | - url: https://kubevirt-manager-metalstack.platform-engineer.cloud 9 | title: kubevirt-manager Instance for kubriX 10 | icon: web 11 | - url: https://kubevirt-manager.io/ 12 | title: Official Documentation 13 | icon: web 14 | spec: 15 | type: virtualization 16 | lifecycle: production 17 | owner: kubrix 18 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/entities/metalstack/metalstack-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Resource 3 | metadata: 4 | name: metalstack-cloud 5 | title: metalstack cloud 6 | description: Managed Kubernetes auf Bare Metal 7 | links: 8 | - url: https://kubevirt-manager.io/ 9 | title: Official Documentation 10 | icon: web 11 | spec: 12 | type: Infrastructure 13 | lifecycle: production 14 | owner: kubrix 15 | system: kubrix -------------------------------------------------------------------------------- /backstage-resources/templates/README.md: -------------------------------------------------------------------------------- 1 | # software-templates 2 | 3 | This repository is a collection of software and documentation templates for the Backstage community. The templates are organized into two folders: `scaffolder-templates` for Backstage Software Templates and `documentation-templates` for general documentation templates. Contributions are welcome for new and existing templates! 4 | 5 | ## scaffolder-templates 6 | 7 | [Backstage Software Templates](https://backstage.io/docs/features/software-templates/) are used to create new software components through Backstage. These templates are intended as a starting point to build on for different use cases. You may also use them as provided, but we recommend pointing your Backstage app to a forked copy because the templates aren't versioned at this time, and as such breaking changes can happen without warning. 8 | 9 | ## documentation-templates 10 | 11 | The documentation templates provide recommended structure and content for different types of documentation, for example system architecture documents or runbooks. 12 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/docs-template/skeleton/catalog-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Component 3 | metadata: 4 | name: ${{values.name | dump}} 5 | description: ${{values.description | dump}} 6 | annotations: 7 | github.com/project-slug: ${{values.destination.owner + "/" + values.destination.repo}} 8 | backstage.io/techdocs-ref: dir:. 9 | spec: 10 | type: documentation 11 | lifecycle: experimental 12 | owner: ${{values.owner | dump}} 13 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/docs-template/skeleton/docs/index.md: -------------------------------------------------------------------------------- 1 | ## ${{ values.name }} 2 | 3 | ${{ values.description }} 4 | 5 | ## Getting started 6 | 7 | Start write your documentation by adding more markdown (.md) files to this folder (/docs) or replace the content in this file. 8 | 9 | ## Table of Contents 10 | 11 | The Table of Contents on the right is generated automatically based on the hierarchy 12 | of headings. Only use one H1 (`#` in Markdown) per file. 13 | 14 | ## Site navigation 15 | 16 | For new pages to appear in the left hand navigation you need edit the `mkdocs.yml` 17 | file in root of your repo. The navigation can also link out to other sites. 18 | 19 | Alternatively, if there is no `nav` section in `mkdocs.yml`, a navigation section 20 | will be created for you. However, you will not be able to use alternate titles for 21 | pages, or include links to other sites. 22 | 23 | Note that MkDocs uses `mkdocs.yml`, not `mkdocs.yaml`, although both appear to work. 24 | See also . 25 | 26 | ## Support 27 | 28 | That's it. If you need support, reach out in [#docs-like-code](https://discord.com/channels/687207715902193673/714754240933003266) on Discord. 29 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/docs-template/skeleton/mkdocs.yml: -------------------------------------------------------------------------------- 1 | site_name: ${{values.name | dump}} 2 | site_description: ${{values.description | dump}} 3 | 4 | nav: 5 | - Introduction: index.md 6 | 7 | plugins: 8 | - techdocs-core 9 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/.github/workflows/branch.yaml: -------------------------------------------------------------------------------- 1 | name: Create branches for kargo 2 | 3 | on: 4 | push: 5 | branches: 6 | - 'main' 7 | 8 | jobs: 9 | create_a_branch: 10 | runs-on: ubuntu-latest 11 | permissions: 12 | actions: write 13 | contents: write 14 | steps: 15 | - name: checkout 16 | uses: actions/checkout@v4 17 | - name: Create stages/qa branch 18 | uses: peterjgrainger/action-create-branch@v3.0.0 19 | env: 20 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 21 | with: 22 | branch: 'stages/qa' 23 | - name: Create stages/test branch 24 | uses: peterjgrainger/action-create-branch@v3.0.0 25 | env: 26 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 27 | with: 28 | branch: 'stages/test' 29 | - name: Create stages/prod branch 30 | uses: peterjgrainger/action-create-branch@v3.0.0 31 | env: 32 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 33 | with: 34 | branch: 'stages/prod' 35 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: podtato-head 3 | description: Deploys the podtato-head app 4 | version: 0.2.7 5 | appVersion: 0.2.7 6 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/app-stages.yaml: -------------------------------------------------------------------------------- 1 | teamName: ${{values.team}} 2 | appName: ${{values.application_id}} 3 | repoUrl: https://github.com/kubriX-demo/${{values.team}}-${{values.application_id}} 4 | createAppNamespace: true 5 | stages: 6 | - name: "test" 7 | requestedFreight: 8 | - origin: 9 | kind: Warehouse 10 | name: warehouse-{{ .Values.appName }} 11 | sources: 12 | direct: true 13 | - name: "qa" 14 | requestedFreight: 15 | - origin: 16 | kind: Warehouse 17 | name: warehouse-{{ .Values.appName }} 18 | sources: 19 | stages: 20 | - test 21 | - name: "prod" 22 | requestedFreight: 23 | - origin: 24 | kind: Warehouse 25 | name: warehouse-{{ .Values.appName }} 26 | sources: 27 | stages: 28 | - qa 29 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/docs/index.md: -------------------------------------------------------------------------------- 1 | ## Info 2 | 3 | Kargo Demo App ${{values.application_id}} 4 | 5 | ## Getting started 6 | 7 | Start write your documentation by adding more markdown (.md) files to this folder (/docs) or replace the content in this file. 8 | 9 | ## Table of Contents 10 | 11 | The Table of Contents on the right is generated automatically based on the hierarchy 12 | of headings. Only use one H1 (`#` in Markdown) per file. 13 | 14 | ## Site navigation 15 | 16 | For new pages to appear in the left hand navigation you need edit the `mkdocs.yml` 17 | file in root of your repo. The navigation can also link out to other sites. 18 | 19 | Alternatively, if there is no `nav` section in `mkdocs.yml`, a navigation section 20 | will be created for you. However, you will not be able to use alternate titles for 21 | pages, or include links to other sites. 22 | 23 | Note that MkDocs uses `mkdocs.yml`, not `mkdocs.yaml`, although both appear to work. 24 | See also . 25 | 26 | ## Support 27 | 28 | That's it. If you need support, reach out in [#docs-like-code](https://discord.com/channels/687207715902193673/714754240933003266) on Discord. 29 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/mkdocs.yaml: -------------------------------------------------------------------------------- 1 | site_name: "${{values.application_id}}" 2 | site_description: "Documentation for ${{values.application_id}}" 3 | 4 | nav: 5 | - Introduction: index.md 6 | 7 | plugins: 8 | - techdocs-core -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": [ 4 | "config:base" 5 | ], 6 | "kubernetes": { 7 | "fileMatch": [".*\\.yaml$"] 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/templates/configmap-discovery.yaml: -------------------------------------------------------------------------------- 1 | {{ $componentName := "service-discovery" }} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 7 | labels: 8 | {{- include "podtato-head.labels" . | nindent 4 }} 9 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 10 | data: 11 | servicesConfig.yaml: | 12 | hat: "http://{{- include "podtato-head.fullname" . -}}-hat:{{ .Values.hat.servicePort }}" 13 | left-leg: "http://{{- include "podtato-head.fullname" . -}}-left-leg:{{ .Values.leftLeg.servicePort }}" 14 | left-arm: "http://{{- include "podtato-head.fullname" . -}}-left-arm:{{ .Values.leftArm.servicePort }}" 15 | right-leg: "http://{{- include "podtato-head.fullname" . -}}-right-leg:{{ .Values.rightLeg.servicePort }}" 16 | right-arm: "http://{{- include "podtato-head.fullname" . -}}-right-arm:{{ .Values.rightArm.servicePort }}" 17 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "podtato-head.fullname" . }} 6 | labels: 7 | {{- include "podtato-head.labels" . | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ include "podtato-head.fullname" . }} 13 | minReplicas: {{ .Values.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.autoscaling.maxReplicas }} 15 | metrics: 16 | {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} 21 | {{- end }} 22 | {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} 23 | - type: Resource 24 | resource: 25 | name: memory 26 | targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/templates/service-entry.yaml: -------------------------------------------------------------------------------- 1 | {{ $componentName := "entry" }} 2 | {{ $serviceType := .Values.entry.serviceType }} 3 | {{ $servicePort := .Values.entry.servicePort }} 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 9 | labels: 10 | {{- include "podtato-head.labels" . | nindent 4 }} 11 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 12 | spec: 13 | type: {{ default "ClusterIP" $serviceType }} 14 | ports: 15 | - port: {{ $servicePort }} 16 | targetPort: http 17 | protocol: TCP 18 | name: http 19 | selector: 20 | {{- include "podtato-head.selectorLabels" . | nindent 4 }} 21 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/templates/service-hat.yaml: -------------------------------------------------------------------------------- 1 | {{ $componentName := "hat" }} 2 | {{ $serviceType := .Values.hat.serviceType }} 3 | {{ $servicePort := .Values.hat.servicePort }} 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 9 | labels: 10 | {{- include "podtato-head.labels" . | nindent 4 }} 11 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 12 | spec: 13 | type: {{ default "ClusterIP" $serviceType }} 14 | ports: 15 | - port: {{ $servicePort }} 16 | targetPort: http 17 | protocol: TCP 18 | name: http 19 | selector: 20 | {{- include "podtato-head.selectorLabels" . | nindent 4 }} 21 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/templates/service-left-arm.yaml: -------------------------------------------------------------------------------- 1 | {{ $componentName := "left-arm" }} 2 | {{ $serviceType := .Values.leftArm.serviceType }} 3 | {{ $servicePort := .Values.leftArm.servicePort }} 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 9 | labels: 10 | {{- include "podtato-head.labels" . | nindent 4 }} 11 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 12 | spec: 13 | type: {{ default "ClusterIP" $serviceType }} 14 | ports: 15 | - port: {{ $servicePort }} 16 | targetPort: http 17 | protocol: TCP 18 | name: http 19 | selector: 20 | {{- include "podtato-head.selectorLabels" . | nindent 4 }} 21 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/templates/service-left-leg.yaml: -------------------------------------------------------------------------------- 1 | {{ $componentName := "left-leg" }} 2 | {{ $serviceType := .Values.leftLeg.serviceType }} 3 | {{ $servicePort := .Values.leftLeg.servicePort }} 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 9 | labels: 10 | {{- include "podtato-head.labels" . | nindent 4 }} 11 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 12 | spec: 13 | type: {{ default "ClusterIP" $serviceType }} 14 | ports: 15 | - port: {{ $servicePort }} 16 | targetPort: http 17 | protocol: TCP 18 | name: http 19 | selector: 20 | {{- include "podtato-head.selectorLabels" . | nindent 4 }} 21 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/templates/service-right-arm.yaml: -------------------------------------------------------------------------------- 1 | {{ $componentName := "right-arm" }} 2 | {{ $serviceType := .Values.rightArm.serviceType }} 3 | {{ $servicePort := .Values.rightArm.servicePort }} 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 9 | labels: 10 | {{- include "podtato-head.labels" . | nindent 4 }} 11 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 12 | spec: 13 | type: {{ default "ClusterIP" $serviceType }} 14 | ports: 15 | - port: {{ $servicePort }} 16 | targetPort: http 17 | protocol: TCP 18 | name: http 19 | selector: 20 | {{- include "podtato-head.selectorLabels" . | nindent 4 }} 21 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/templates/service-right-leg.yaml: -------------------------------------------------------------------------------- 1 | {{ $componentName := "right-leg" }} 2 | {{ $serviceType := .Values.rightLeg.serviceType }} 3 | {{ $servicePort := .Values.rightLeg.servicePort }} 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 9 | labels: 10 | {{- include "podtato-head.labels" . | nindent 4 }} 11 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 12 | spec: 13 | type: {{ default "ClusterIP" $serviceType }} 14 | ports: 15 | - port: {{ $servicePort }} 16 | targetPort: http 17 | protocol: TCP 18 | name: http 19 | selector: 20 | {{- include "podtato-head.selectorLabels" . | nindent 4 }} 21 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "podtato-head.serviceAccountName" . }} 6 | labels: 7 | {{- include "podtato-head.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | imagePullSecrets: 13 | - name: ghcr 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "podtato-head.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "podtato-head.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['podtato-entry:{{ .Values.entry.servicePort }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/values-prod.yaml: -------------------------------------------------------------------------------- 1 | # applies to podtato-head-entry deployment only 2 | ingress: 3 | className: nginx 4 | annotations: 5 | dns.gardener.cloud/class: garden 6 | dns.gardener.cloud/dnsnames: ${{values.team}}-${{values.application_id}}-prod.${{values.fqdn}} 7 | dns.gardener.cloud/ttl: "180" 8 | hosts: 9 | - host: ${{values.team}}-${{values.application_id}}-prod.${{values.fqdn}} 10 | paths: 11 | - path: / 12 | pathType: ImplementationSpecific 13 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/values-qa.yaml: -------------------------------------------------------------------------------- 1 | # applies to podtato-head-entry deployment only 2 | ingress: 3 | className: nginx 4 | annotations: 5 | dns.gardener.cloud/class: garden 6 | dns.gardener.cloud/dnsnames: ${{values.team}}-${{values.application_id}}-qa.${{values.fqdn}} 7 | dns.gardener.cloud/ttl: "180" 8 | hosts: 9 | - host: ${{values.team}}-${{values.application_id}}-qa.${{values.fqdn}} 10 | paths: 11 | - path: / 12 | pathType: ImplementationSpecific 13 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/kargo-gitops/values-test.yaml: -------------------------------------------------------------------------------- 1 | # applies to podtato-head-entry deployment only 2 | ingress: 3 | className: nginx 4 | annotations: 5 | dns.gardener.cloud/class: garden 6 | dns.gardener.cloud/dnsnames: ${{values.team}}-${{values.application_id}}-test.${{values.fqdn}} 7 | dns.gardener.cloud/ttl: "180" 8 | hosts: 9 | - host: ${{values.team}}-${{values.application_id}}-test.${{values.fqdn}} 10 | paths: 11 | - path: / 12 | pathType: ImplementationSpecific 13 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-template-metalstack/metalstack-gitops/README.md: -------------------------------------------------------------------------------- 1 | # Backstage Demo Template 2 | 3 | Bring metalstack cluster into ${{values.environments}} Stage 4 | 5 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-template-metalstack/metalstack-gitops/catalog-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Component 3 | metadata: 4 | name: "${{values.cluster_id}}" 5 | description: "${{values.cluster_id}} metalstack.cloud" 6 | tags: 7 | - kubrix 8 | - template 9 | - metalstack 10 | links: 11 | - url: https://grafana-metalstack.platform-engineer.cloud/ 12 | title: Grafana SRE Metrics 13 | icon: web 14 | annotations: 15 | github.com/project-slug: ${{values.repoUrlowner}}/${{values.repoUrlRepo}} 16 | backstage.io/kubernetes-id: ${{values.cluster_id}} 17 | argocd/app-name: ${{values.cluster_id}}-${{values.environments}} 18 | backstage.io/kubernetes-namespace: default 19 | # backstage.io/kubernetes-namespace: ${{values.environments}}-metalstack 20 | 21 | backstage.io/techdocs-ref: dir:. 22 | spec: 23 | type: service 24 | lifecycle: ${{values.environments}} 25 | owner: "${{values.owner}}" 26 | system: ${{values.cluster_id}} 27 | dependsOn: 28 | - resource:argocd 29 | - resource:metalstack 30 | - resource:loki 31 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-template-metalstack/metalstack-gitops/helm/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-template-metalstack/metalstack-gitops/helm/README.md: -------------------------------------------------------------------------------- 1 | 2 | # Gitops 3 | {{values.environments}} 4 | 5 | K8s yamls for metalstack deployment with crossplane 6 | 7 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-template-metalstack/metalstack-gitops/helm/values.yaml: -------------------------------------------------------------------------------- 1 | description: ${{values.description}} 2 | cluster_id: ${{values.cluster_id}} 3 | type: ${{values.type}} 4 | instances: ${{values.instances}} 5 | # optional 6 | environments: ${{values.environments}} -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-template-metalstack/metalstack-gitops/mkdocs.yaml: -------------------------------------------------------------------------------- 1 | site_name: "${{values.cluster_id}}" 2 | site_description: "Documentation for ${{values.cluster_id}}" 3 | 4 | nav: 5 | - Introduction: index.md 6 | 7 | plugins: 8 | - techdocs-core 9 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-template-metalstack/metalstack-gitops/system-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: System 3 | metadata: 4 | name: ${{values.cluster_id}} 5 | title: metalstack.cloud cluster 6 | description: ${{values.description}} - metalstack.cloud 7 | spec: 8 | owner: ${{values.owner}} 9 | lifecycle: ${{values.environments}} 10 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-template-onboarding/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/templates/scaffolder-templates-demo/sx-template-onboarding/.DS_Store -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-template-onboarding/skeleton/README.md: -------------------------------------------------------------------------------- 1 | # ${{values.team}}-apps 2 | 3 | Home of ${{values.team}} Team Applications 4 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-template-onboarding/skeleton/demo-apps/README.md: -------------------------------------------------------------------------------- 1 | # demo apps 2 | 3 | Home of app-of-apps argo applications 4 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-virt-template/kubevirt-gitops/.github/workflows/branch.yaml: -------------------------------------------------------------------------------- 1 | name: Create branches for kargo 2 | 3 | on: 4 | push: 5 | branches: 6 | - 'main' 7 | 8 | jobs: 9 | create_a_branch: 10 | runs-on: ubuntu-latest 11 | permissions: 12 | actions: write 13 | contents: write 14 | steps: 15 | - name: checkout 16 | uses: actions/checkout@v4 17 | - name: Create stages/test branch 18 | uses: peterjgrainger/action-create-branch@v3.0.0 19 | env: 20 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 21 | with: 22 | branch: 'stages/test' 23 | - name: Create stages/prod branch 24 | uses: peterjgrainger/action-create-branch@v3.0.0 25 | env: 26 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 27 | with: 28 | branch: 'stages/prod' 29 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-virt-template/kubevirt-gitops/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-virt-template/kubevirt-gitops/README.md: -------------------------------------------------------------------------------- 1 | 2 | # Gitops 3 | 4 | K8s yamls for VM deployment 5 | 6 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-virt-template/kubevirt-gitops/app-stages.yaml: -------------------------------------------------------------------------------- 1 | teamName: ${{values.team}} 2 | appName: ${{values.application_id}} 3 | repoUrl: https://github.com/kubriX-demo/${{values.team}}-${{values.application_id}} 4 | appNamespace: 5 | create: true 6 | labels: 7 | kubrix.io/kyverno: kubevirt-rolebinding 8 | stages: 9 | - name: "test" 10 | requestedFreight: 11 | - origin: 12 | kind: Warehouse 13 | name: warehouse-{{ .Values.appName }} 14 | sources: 15 | direct: true 16 | - name: "prod" 17 | requestedFreight: 18 | - origin: 19 | kind: Warehouse 20 | name: warehouse-{{ .Values.appName }} 21 | sources: 22 | stages: 23 | - test 24 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-virt-template/kubevirt-gitops/mkdocs.yaml: -------------------------------------------------------------------------------- 1 | site_name: "${{values.application_id}}" 2 | site_description: "Documentation for ${{values.application_id}}" 3 | 4 | nav: 5 | - Introduction: index.md 6 | 7 | plugins: 8 | - techdocs-core -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-virt-template/kubevirt-gitops/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ .Values.application_id }} 5 | labels: 6 | vm: {{ .Values.application_id }} 7 | spec: 8 | ports: 9 | - port: 8080 10 | targetPort: 8080 11 | protocol: TCP 12 | selector: 13 | vm: {{ .Values.application_id }} -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-virt-template/kubevirt-gitops/values-prod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/templates/scaffolder-templates-demo/sx-virt-template/kubevirt-gitops/values-prod.yaml -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-virt-template/kubevirt-gitops/values-test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/templates/scaffolder-templates-demo/sx-virt-template/kubevirt-gitops/values-test.yaml -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates-demo/sx-virt-template/kubevirt-gitops/values.yaml: -------------------------------------------------------------------------------- 1 | # dummy 2 | description: ${{values.description}} 3 | os: ${{values.os}} 4 | disk: ${{values.disk}} 5 | cores: ${{values.cores}} 6 | memory: ${{values.memory}} 7 | initpwd: ${{values.initpwd}} 8 | application_id: ${{values.application_id}} 9 | team: ${{values.team}} 10 | # running: ${{values.running}} -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/docs-template/skeleton/catalog-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Component 3 | metadata: 4 | name: ${{values.name | dump}} 5 | description: ${{values.description | dump}} 6 | annotations: 7 | github.com/project-slug: ${{values.destination.owner + "/" + values.destination.repo}} 8 | backstage.io/techdocs-ref: dir:. 9 | spec: 10 | type: documentation 11 | lifecycle: experimental 12 | owner: ${{values.owner | dump}} 13 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/docs-template/skeleton/docs/index.md: -------------------------------------------------------------------------------- 1 | ## ${{ values.name }} 2 | 3 | ${{ values.description }} 4 | 5 | ## Getting started 6 | 7 | Start write your documentation by adding more markdown (.md) files to this folder (/docs) or replace the content in this file. 8 | 9 | ## Table of Contents 10 | 11 | The Table of Contents on the right is generated automatically based on the hierarchy 12 | of headings. Only use one H1 (`#` in Markdown) per file. 13 | 14 | ## Site navigation 15 | 16 | For new pages to appear in the left hand navigation you need edit the `mkdocs.yml` 17 | file in root of your repo. The navigation can also link out to other sites. 18 | 19 | Alternatively, if there is no `nav` section in `mkdocs.yml`, a navigation section 20 | will be created for you. However, you will not be able to use alternate titles for 21 | pages, or include links to other sites. 22 | 23 | Note that MkDocs uses `mkdocs.yml`, not `mkdocs.yaml`, although both appear to work. 24 | See also . 25 | 26 | ## Support 27 | 28 | That's it. If you need support, reach out in [#docs-like-code](https://discord.com/channels/687207715902193673/714754240933003266) on Discord. 29 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/docs-template/skeleton/mkdocs.yml: -------------------------------------------------------------------------------- 1 | site_name: ${{values.name | dump}} 2 | site_description: ${{values.description | dump}} 3 | 4 | nav: 5 | - Introduction: index.md 6 | 7 | plugins: 8 | - techdocs-core 9 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/.github/workflows/branch.yaml: -------------------------------------------------------------------------------- 1 | name: Create branches for kargo 2 | 3 | on: 4 | push: 5 | branches: 6 | - 'main' 7 | 8 | jobs: 9 | create_a_branch: 10 | runs-on: ubuntu-latest 11 | permissions: 12 | actions: write 13 | contents: write 14 | steps: 15 | - name: checkout 16 | uses: actions/checkout@v4 17 | - name: Create stages/qa branch 18 | uses: peterjgrainger/action-create-branch@v3.0.0 19 | env: 20 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 21 | with: 22 | branch: 'stages/qa' 23 | - name: Create stages/test branch 24 | uses: peterjgrainger/action-create-branch@v3.0.0 25 | env: 26 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 27 | with: 28 | branch: 'stages/test' 29 | - name: Create stages/prod branch 30 | uses: peterjgrainger/action-create-branch@v3.0.0 31 | env: 32 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 33 | with: 34 | branch: 'stages/prod' 35 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: podtato-head 3 | description: Deploys the podtato-head app 4 | version: 0.2.7 5 | appVersion: 0.2.7 6 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/app-stages.yaml: -------------------------------------------------------------------------------- 1 | teamName: ${{values.team}} 2 | appName: ${{values.application_id}} 3 | repoUrl: https://github.com/suxess-it/${{values.team}}-${{values.application_id}} 4 | createAppNamespace: true 5 | stages: 6 | - name: "test" 7 | requestedFreight: 8 | - origin: 9 | kind: Warehouse 10 | name: warehouse-{{ .Values.appName }} 11 | sources: 12 | direct: true 13 | - name: "qa" 14 | requestedFreight: 15 | - origin: 16 | kind: Warehouse 17 | name: warehouse-{{ .Values.appName }} 18 | sources: 19 | stages: 20 | - test 21 | - name: "prod" 22 | requestedFreight: 23 | - origin: 24 | kind: Warehouse 25 | name: warehouse-{{ .Values.appName }} 26 | sources: 27 | stages: 28 | - qa 29 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/docs/index.md: -------------------------------------------------------------------------------- 1 | ## Info 2 | 3 | Kargo Demo App ${{values.application_id}} 4 | 5 | ## Getting started 6 | 7 | Start write your documentation by adding more markdown (.md) files to this folder (/docs) or replace the content in this file. 8 | 9 | ## Table of Contents 10 | 11 | The Table of Contents on the right is generated automatically based on the hierarchy 12 | of headings. Only use one H1 (`#` in Markdown) per file. 13 | 14 | ## Site navigation 15 | 16 | For new pages to appear in the left hand navigation you need edit the `mkdocs.yml` 17 | file in root of your repo. The navigation can also link out to other sites. 18 | 19 | Alternatively, if there is no `nav` section in `mkdocs.yml`, a navigation section 20 | will be created for you. However, you will not be able to use alternate titles for 21 | pages, or include links to other sites. 22 | 23 | Note that MkDocs uses `mkdocs.yml`, not `mkdocs.yaml`, although both appear to work. 24 | See also . 25 | 26 | ## Support 27 | 28 | That's it. If you need support, reach out in [#docs-like-code](https://discord.com/channels/687207715902193673/714754240933003266) on Discord. 29 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/mkdocs.yaml: -------------------------------------------------------------------------------- 1 | site_name: "${{values.application_id}}" 2 | site_description: "Documentation for ${{values.application_id}}" 3 | 4 | nav: 5 | - Introduction: index.md 6 | 7 | plugins: 8 | - techdocs-core -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": [ 4 | "config:base" 5 | ], 6 | "kubernetes": { 7 | "fileMatch": [".*\\.yaml$"] 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/templates/configmap-discovery.yaml: -------------------------------------------------------------------------------- 1 | {{ $componentName := "service-discovery" }} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 7 | labels: 8 | {{- include "podtato-head.labels" . | nindent 4 }} 9 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 10 | data: 11 | servicesConfig.yaml: | 12 | hat: "http://{{- include "podtato-head.fullname" . -}}-hat:{{ .Values.hat.servicePort }}" 13 | left-leg: "http://{{- include "podtato-head.fullname" . -}}-left-leg:{{ .Values.leftLeg.servicePort }}" 14 | left-arm: "http://{{- include "podtato-head.fullname" . -}}-left-arm:{{ .Values.leftArm.servicePort }}" 15 | right-leg: "http://{{- include "podtato-head.fullname" . -}}-right-leg:{{ .Values.rightLeg.servicePort }}" 16 | right-arm: "http://{{- include "podtato-head.fullname" . -}}-right-arm:{{ .Values.rightArm.servicePort }}" 17 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "podtato-head.fullname" . }} 6 | labels: 7 | {{- include "podtato-head.labels" . | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ include "podtato-head.fullname" . }} 13 | minReplicas: {{ .Values.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.autoscaling.maxReplicas }} 15 | metrics: 16 | {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} 17 | - type: Resource 18 | resource: 19 | name: cpu 20 | targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} 21 | {{- end }} 22 | {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} 23 | - type: Resource 24 | resource: 25 | name: memory 26 | targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/templates/service-entry.yaml: -------------------------------------------------------------------------------- 1 | {{ $componentName := "entry" }} 2 | {{ $serviceType := .Values.entry.serviceType }} 3 | {{ $servicePort := .Values.entry.servicePort }} 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 9 | labels: 10 | {{- include "podtato-head.labels" . | nindent 4 }} 11 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 12 | spec: 13 | type: {{ default "ClusterIP" $serviceType }} 14 | ports: 15 | - port: {{ $servicePort }} 16 | targetPort: http 17 | protocol: TCP 18 | name: http 19 | selector: 20 | {{- include "podtato-head.selectorLabels" . | nindent 4 }} 21 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/templates/service-hat.yaml: -------------------------------------------------------------------------------- 1 | {{ $componentName := "hat" }} 2 | {{ $serviceType := .Values.hat.serviceType }} 3 | {{ $servicePort := .Values.hat.servicePort }} 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 9 | labels: 10 | {{- include "podtato-head.labels" . | nindent 4 }} 11 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 12 | spec: 13 | type: {{ default "ClusterIP" $serviceType }} 14 | ports: 15 | - port: {{ $servicePort }} 16 | targetPort: http 17 | protocol: TCP 18 | name: http 19 | selector: 20 | {{- include "podtato-head.selectorLabels" . | nindent 4 }} 21 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/templates/service-left-arm.yaml: -------------------------------------------------------------------------------- 1 | {{ $componentName := "left-arm" }} 2 | {{ $serviceType := .Values.leftArm.serviceType }} 3 | {{ $servicePort := .Values.leftArm.servicePort }} 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 9 | labels: 10 | {{- include "podtato-head.labels" . | nindent 4 }} 11 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 12 | spec: 13 | type: {{ default "ClusterIP" $serviceType }} 14 | ports: 15 | - port: {{ $servicePort }} 16 | targetPort: http 17 | protocol: TCP 18 | name: http 19 | selector: 20 | {{- include "podtato-head.selectorLabels" . | nindent 4 }} 21 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/templates/service-left-leg.yaml: -------------------------------------------------------------------------------- 1 | {{ $componentName := "left-leg" }} 2 | {{ $serviceType := .Values.leftLeg.serviceType }} 3 | {{ $servicePort := .Values.leftLeg.servicePort }} 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 9 | labels: 10 | {{- include "podtato-head.labels" . | nindent 4 }} 11 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 12 | spec: 13 | type: {{ default "ClusterIP" $serviceType }} 14 | ports: 15 | - port: {{ $servicePort }} 16 | targetPort: http 17 | protocol: TCP 18 | name: http 19 | selector: 20 | {{- include "podtato-head.selectorLabels" . | nindent 4 }} 21 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/templates/service-right-arm.yaml: -------------------------------------------------------------------------------- 1 | {{ $componentName := "right-arm" }} 2 | {{ $serviceType := .Values.rightArm.serviceType }} 3 | {{ $servicePort := .Values.rightArm.servicePort }} 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 9 | labels: 10 | {{- include "podtato-head.labels" . | nindent 4 }} 11 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 12 | spec: 13 | type: {{ default "ClusterIP" $serviceType }} 14 | ports: 15 | - port: {{ $servicePort }} 16 | targetPort: http 17 | protocol: TCP 18 | name: http 19 | selector: 20 | {{- include "podtato-head.selectorLabels" . | nindent 4 }} 21 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/templates/service-right-leg.yaml: -------------------------------------------------------------------------------- 1 | {{ $componentName := "right-leg" }} 2 | {{ $serviceType := .Values.rightLeg.serviceType }} 3 | {{ $servicePort := .Values.rightLeg.servicePort }} 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 9 | labels: 10 | {{- include "podtato-head.labels" . | nindent 4 }} 11 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} 12 | spec: 13 | type: {{ default "ClusterIP" $serviceType }} 14 | ports: 15 | - port: {{ $servicePort }} 16 | targetPort: http 17 | protocol: TCP 18 | name: http 19 | selector: 20 | {{- include "podtato-head.selectorLabels" . | nindent 4 }} 21 | app.kubernetes.io/component: {{ printf "%s-%s" (include "podtato-head.fullname" .) $componentName }} -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "podtato-head.serviceAccountName" . }} 6 | labels: 7 | {{- include "podtato-head.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | imagePullSecrets: 13 | - name: ghcr 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "podtato-head.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "podtato-head.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['podtato-entry:{{ .Values.entry.servicePort }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/values-prod.yaml: -------------------------------------------------------------------------------- 1 | # applies to podtato-head-entry deployment only 2 | ingress: 3 | className: nginx 4 | annotations: 5 | dns.gardener.cloud/class: garden 6 | dns.gardener.cloud/dnsnames: ${{values.team}}-${{values.application_id}}-prod.${{values.fqdn}} 7 | dns.gardener.cloud/ttl: "180" 8 | hosts: 9 | - host: ${{values.team}}-${{values.application_id}}-prod.${{values.fqdn}} 10 | paths: 11 | - path: / 12 | pathType: ImplementationSpecific 13 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/values-qa.yaml: -------------------------------------------------------------------------------- 1 | # applies to podtato-head-entry deployment only 2 | ingress: 3 | className: nginx 4 | annotations: 5 | dns.gardener.cloud/class: garden 6 | dns.gardener.cloud/dnsnames: ${{values.team}}-${{values.application_id}}-qa.${{values.fqdn}} 7 | dns.gardener.cloud/ttl: "180" 8 | hosts: 9 | - host: ${{values.team}}-${{values.application_id}}-qa.${{values.fqdn}} 10 | paths: 11 | - path: / 12 | pathType: ImplementationSpecific 13 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/kargo-gitops/values-test.yaml: -------------------------------------------------------------------------------- 1 | # applies to podtato-head-entry deployment only 2 | ingress: 3 | className: nginx 4 | annotations: 5 | dns.gardener.cloud/class: garden 6 | dns.gardener.cloud/dnsnames: ${{values.team}}-${{values.application_id}}-test.${{values.fqdn}} 7 | dns.gardener.cloud/ttl: "180" 8 | hosts: 9 | - host: ${{values.team}}-${{values.application_id}}-test.${{values.fqdn}} 10 | paths: 11 | - path: / 12 | pathType: ImplementationSpecific 13 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-template-metalstack/metalstack-gitops/README.md: -------------------------------------------------------------------------------- 1 | # Backstage Demo Template 2 | 3 | Bring metalstack cluster into ${{values.environments}} Stage 4 | 5 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-template-metalstack/metalstack-gitops/catalog-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Component 3 | metadata: 4 | name: "${{values.cluster_id}}" 5 | description: "${{values.cluster_id}} metalstack.cloud" 6 | tags: 7 | - kubrix 8 | - template 9 | - metalstack 10 | links: 11 | - url: https://grafana-metalstack.platform-engineer.cloud/ 12 | title: Grafana SRE Metrics 13 | icon: web 14 | annotations: 15 | github.com/project-slug: ${{values.repoUrlowner}}/${{values.repoUrlRepo}} 16 | backstage.io/kubernetes-id: ${{values.cluster_id}} 17 | argocd/app-name: ${{values.cluster_id}}-${{values.environments}} 18 | backstage.io/kubernetes-namespace: default 19 | # backstage.io/kubernetes-namespace: ${{values.environments}}-metalstack 20 | 21 | backstage.io/techdocs-ref: dir:. 22 | spec: 23 | type: service 24 | lifecycle: ${{values.environments}} 25 | owner: "${{values.owner}}" 26 | system: ${{values.cluster_id}} 27 | dependsOn: 28 | - resource:argocd 29 | - resource:metalstack 30 | - resource:loki 31 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-template-metalstack/metalstack-gitops/helm/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-template-metalstack/metalstack-gitops/helm/README.md: -------------------------------------------------------------------------------- 1 | 2 | # Gitops 3 | {{values.environments}} 4 | 5 | K8s yamls for metalstack deployment with crossplane 6 | 7 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-template-metalstack/metalstack-gitops/helm/values.yaml: -------------------------------------------------------------------------------- 1 | description: ${{values.description}} 2 | cluster_id: ${{values.cluster_id}} 3 | type: ${{values.type}} 4 | instances: ${{values.instances}} 5 | # optional 6 | environments: ${{values.environments}} -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-template-metalstack/metalstack-gitops/mkdocs.yaml: -------------------------------------------------------------------------------- 1 | site_name: "${{values.cluster_id}}" 2 | site_description: "Documentation for ${{values.cluster_id}}" 3 | 4 | nav: 5 | - Introduction: index.md 6 | 7 | plugins: 8 | - techdocs-core 9 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-template-metalstack/metalstack-gitops/system-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: System 3 | metadata: 4 | name: ${{values.cluster_id}} 5 | title: metalstack.cloud cluster 6 | description: ${{values.description}} - metalstack.cloud 7 | spec: 8 | owner: ${{values.owner}} 9 | lifecycle: ${{values.environments}} 10 | -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-template-onboarding/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/backstage-resources/templates/scaffolder-templates/sx-template-onboarding/.DS_Store -------------------------------------------------------------------------------- /backstage-resources/templates/scaffolder-templates/sx-template-onboarding/skeleton/README.md: -------------------------------------------------------------------------------- 1 | # ${{values.team}}-apps 2 | 3 | Home of ${{values.team}} Team Applications 4 | -------------------------------------------------------------------------------- /backstage-resources/templates/showcase-templates-demo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Location 3 | metadata: 4 | name: software-templates-demo 5 | description: A collection of Backstage templates for kubriX 6 | spec: 7 | type: url 8 | targets: 9 | - https://github.com/kubriX-demo/kubriX-demo-oss/blob/main/backstage-resources/templates/scaffolder-templates-demo/docs-template/template.yaml 10 | - https://github.com/kubriX-demo/kubriX-demo-oss/blob/main/backstage-resources/templates/scaffolder-templates-demo/sx-kargo-demo-app/template.yaml 11 | - https://github.com/kubriX-demo/kubriX-demo-oss/blob/main/backstage-resources/templates/scaffolder-templates-demo/sx-template-metalstack/template.yaml 12 | - https://github.com/kubriX-demo/kubriX-demo-oss/blob/main/backstage-resources/templates/scaffolder-templates-demo/sx-template-onboarding/template.yaml 13 | - https://github.com/kubriX-demo/kubriX-demo-oss/blob/main/backstage-resources/templates/scaffolder-templates-demo/sx-virt-template/template.yaml -------------------------------------------------------------------------------- /backstage-resources/templates/showcase-templates.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Location 3 | metadata: 4 | name: software-templates 5 | description: A collection of Backstage templates for kubriX 6 | spec: 7 | type: url 8 | targets: 9 | - https://github.com/suxess-it/kubriX/blob/main/backstage-resources/templates/scaffolder-templates/docs-template/template.yaml 10 | - https://github.com/suxess-it/kubriX/blob/main/backstage-resources/templates/scaffolder-templates/sx-kargo-demo-app/template.yaml 11 | - https://github.com/suxess-it/kubriX/blob/main/backstage-resources/templates/scaffolder-templates/sx-template-metalstack/template.yaml 12 | - https://github.com/suxess-it/kubriX/blob/main/backstage-resources/templates/scaffolder-templates/sx-template-onboarding/template.yaml -------------------------------------------------------------------------------- /bootstrap-app-demo-metalstack.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: sx-bootstrap-app 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/kubriX-demo/kubriX-demo 12 | targetRevision: main 13 | path: platform-apps/target-chart 14 | helm: 15 | valueFiles: 16 | - values-demo-metalstack.yaml 17 | parameters: 18 | - name: default.repoURL 19 | value: $ARGOCD_APP_SOURCE_REPO_URL 20 | - name: default.targetRevision 21 | value: $ARGOCD_APP_SOURCE_TARGET_REVISION 22 | destination: 23 | namespace: argocd 24 | server: 'https://kubernetes.default.svc' 25 | syncPolicy: 26 | automated: 27 | prune: true 28 | selfHeal: true -------------------------------------------------------------------------------- /bootstrap-app-kind-base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: sx-bootstrap-app 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/suxess-it/kubriX 12 | targetRevision: main 13 | path: platform-apps/target-chart 14 | helm: 15 | valueFiles: 16 | # use k3d value files 17 | - values-kind-base.yaml 18 | parameters: 19 | - name: default.repoURL 20 | value: $ARGOCD_APP_SOURCE_REPO_URL 21 | - name: default.targetRevision 22 | value: $ARGOCD_APP_SOURCE_TARGET_REVISION 23 | destination: 24 | namespace: argocd 25 | server: 'https://kubernetes.default.svc' 26 | syncPolicy: 27 | automated: 28 | prune: true 29 | selfHeal: true 30 | -------------------------------------------------------------------------------- /bootstrap-app-kind-delivery.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: sx-bootstrap-app 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/suxess-it/kubriX 12 | targetRevision: main 13 | path: platform-apps/target-chart 14 | helm: 15 | valueFiles: 16 | - values-kind-delivery.yaml 17 | parameters: 18 | - name: default.repoURL 19 | value: $ARGOCD_APP_SOURCE_REPO_URL 20 | - name: default.targetRevision 21 | value: $ARGOCD_APP_SOURCE_TARGET_REVISION 22 | destination: 23 | namespace: argocd 24 | server: 'https://kubernetes.default.svc' 25 | syncPolicy: 26 | automated: 27 | prune: true 28 | selfHeal: true -------------------------------------------------------------------------------- /bootstrap-app-kind-observability.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: sx-bootstrap-app 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/suxess-it/kubriX 12 | targetRevision: main 13 | path: platform-apps/target-chart 14 | helm: 15 | valueFiles: 16 | - values-kind-observability.yaml 17 | parameters: 18 | - name: default.repoURL 19 | value: $ARGOCD_APP_SOURCE_REPO_URL 20 | - name: default.targetRevision 21 | value: $ARGOCD_APP_SOURCE_TARGET_REVISION 22 | destination: 23 | namespace: argocd 24 | server: 'https://kubernetes.default.svc' 25 | syncPolicy: 26 | automated: 27 | prune: true 28 | selfHeal: true -------------------------------------------------------------------------------- /bootstrap-app-kind-portal.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: sx-bootstrap-app 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/suxess-it/kubriX 12 | targetRevision: main 13 | path: platform-apps/target-chart 14 | helm: 15 | valueFiles: 16 | - values-kind-portal.yaml 17 | parameters: 18 | - name: default.repoURL 19 | value: $ARGOCD_APP_SOURCE_REPO_URL 20 | - name: default.targetRevision 21 | value: $ARGOCD_APP_SOURCE_TARGET_REVISION 22 | destination: 23 | namespace: argocd 24 | server: 'https://kubernetes.default.svc' 25 | syncPolicy: 26 | automated: 27 | prune: true 28 | selfHeal: true -------------------------------------------------------------------------------- /bootstrap-app-kind-security.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: sx-bootstrap-app 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/suxess-it/kubriX 12 | targetRevision: main 13 | path: platform-apps/target-chart 14 | helm: 15 | valueFiles: 16 | - values-kind-security.yaml 17 | parameters: 18 | - name: default.repoURL 19 | value: $ARGOCD_APP_SOURCE_REPO_URL 20 | - name: default.targetRevision 21 | value: $ARGOCD_APP_SOURCE_TARGET_REVISION 22 | destination: 23 | namespace: argocd 24 | server: 'https://kubernetes.default.svc' 25 | syncPolicy: 26 | automated: 27 | prune: true 28 | selfHeal: true -------------------------------------------------------------------------------- /bootstrap-app-kind.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: sx-bootstrap-app 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/suxess-it/kubriX 12 | targetRevision: main 13 | path: platform-apps/target-chart 14 | helm: 15 | valueFiles: 16 | - values-kind.yaml 17 | parameters: 18 | - name: default.repoURL 19 | value: $ARGOCD_APP_SOURCE_REPO_URL 20 | - name: default.targetRevision 21 | value: $ARGOCD_APP_SOURCE_TARGET_REVISION 22 | destination: 23 | namespace: argocd 24 | server: 'https://kubernetes.default.svc' 25 | syncPolicy: 26 | automated: 27 | prune: true 28 | selfHeal: true -------------------------------------------------------------------------------- /bootstrap-app-metalstack.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: sx-bootstrap-app 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/suxess-it/kubriX 12 | targetRevision: main 13 | path: platform-apps/target-chart 14 | helm: 15 | valueFiles: 16 | - values-metalstack.yaml 17 | parameters: 18 | - name: default.repoURL 19 | value: $ARGOCD_APP_SOURCE_REPO_URL 20 | - name: default.targetRevision 21 | value: $ARGOCD_APP_SOURCE_TARGET_REVISION 22 | destination: 23 | namespace: argocd 24 | server: 'https://kubernetes.default.svc' 25 | syncPolicy: 26 | automated: 27 | prune: true 28 | selfHeal: true -------------------------------------------------------------------------------- /metalstack-resources/tf-project/README.md: -------------------------------------------------------------------------------- 1 | # create metalstack cluster via terraform 2 | 3 | # prereq 4 | 5 | install terraform 6 | 7 | ``` 8 | curl -L -O https://releases.hashicorp.com/terraform/1.8.5/terraform_1.8.5_linux_amd64.zip 9 | unzip terraform_1.8.5_linux_amd64.zip 10 | mv terraform ~/bin 11 | ``` 12 | 13 | # create access token 14 | 15 | create api token in console https://console.metalstack.cloud/ 16 | 17 | ![screenshot_metalstack](https://github.com/suxess-it/kubriX/assets/11465610/a1ef3f11-6b03-4faf-90ab-6c16bb6b6fdd) 18 | 19 | ``` 20 | export METAL_STACK_CLOUD_API_TOKEN= 21 | ``` 22 | 23 | execute terraform script 24 | 25 | ``` 26 | terraform plan 27 | terraform apply 28 | ``` 29 | -------------------------------------------------------------------------------- /metalstack-resources/tf-project/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | metal = { 4 | source = "metal-stack-cloud/metal" 5 | } 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /metalstack-resources/tf-project/resource.tf: -------------------------------------------------------------------------------- 1 | resource "metal_cluster" "sx-cluster" { 2 | name = "sx-cluster" 3 | kubernetes = "1.28.10" 4 | partition = "eqx-mu4" 5 | workers = [ 6 | { 7 | name = "default" 8 | machine_type = "n1-medium-x86" 9 | min_size = 1 10 | max_size = 3 11 | } 12 | ] 13 | maintenance = { 14 | time_window = { 15 | begin = { 16 | hour = 18 17 | minute = 30 18 | } 19 | duration = 2 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /platform-apps/charts/argo-rollouts/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: argo-rollouts 3 | repository: https://argoproj.github.io/argo-helm 4 | version: 2.39.5 5 | digest: sha256:200ab394b16168faddbc91ca2318c96e3799e449949cc66e64d753dfc85666dd 6 | generated: "2025-04-10T16:30:29.034811193Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/argo-rollouts/values-k3d.yaml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /platform-apps/charts/argo-rollouts/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/platform-apps/charts/argo-rollouts/values.yaml -------------------------------------------------------------------------------- /platform-apps/charts/argocd/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: argo-cd 3 | repository: https://argoproj.github.io/argo-helm 4 | version: 8.0.14 5 | digest: sha256:9b91d51b7fed16f7fb2634ee4c032c07d43499d2bc6fdaef1455306eff6281a4 6 | generated: "2025-05-30T23:09:24.787539036Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/argocd/manual-secret/argocd-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | server.secretkey: MGczWjBiM2xybTdGYkYwTm5ubTdKTnQvbkpFaEx3Y0FEL1V6bytQakRETT0= 4 | kind: Secret 5 | metadata: 6 | labels: 7 | app.kubernetes.io/name: argocd-secret 8 | app.kubernetes.io/part-of: argocd 9 | name: argocd-secret 10 | namespace: argocd 11 | type: Opaque 12 | -------------------------------------------------------------------------------- /platform-apps/charts/argocd/templates/argocd-dashboard-169.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | grafana_dashboard: "1" 6 | name: argocd-dashboard-169 7 | data: 8 | argocd-dashboard-169.json: |- 9 | {{ .Files.Get "dashboard-files/argocd-dashboard-169.json" | indent 4 }} 10 | -------------------------------------------------------------------------------- /platform-apps/charts/argocd/templates/argocd-dashboard-19974.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | grafana_dashboard: "1" 6 | name: argocd-dashboard-19974 7 | data: 8 | argocd-dashboard-19974.json: |- 9 | {{ .Files.Get "dashboard-files/argocd-dashboard-19974.json" | indent 4 }} 10 | -------------------------------------------------------------------------------- /platform-apps/charts/argocd/templates/argocd-dashboard-19975.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | grafana_dashboard: "1" 6 | name: argocd-dashboard-19975 7 | data: 8 | argocd-dashboard-19975.json: |- 9 | {{ .Files.Get "dashboard-files/argocd-dashboard-19975.json" | indent 4 }} 10 | -------------------------------------------------------------------------------- /platform-apps/charts/argocd/templates/argocd-dashboard-19993.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | grafana_dashboard: "1" 6 | name: argocd-dashboard-19993 7 | data: 8 | argocd-dashboard-19993.json: |- 9 | {{ .Files.Get "dashboard-files/argocd-dashboard-19993.json" | indent 4 }} 10 | -------------------------------------------------------------------------------- /platform-apps/charts/argocd/values.yaml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /platform-apps/charts/backstage/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: backstage 3 | repository: https://backstage.github.io/charts 4 | version: 2.5.2 5 | - name: cluster 6 | repository: https://cloudnative-pg.github.io/charts 7 | version: 0.3.1 8 | digest: sha256:043218649751e36768d92a869602ecc8d9e89c9f46d6f10ad56e859088593776 9 | generated: "2025-06-04T14:44:01.283535434Z" 10 | -------------------------------------------------------------------------------- /platform-apps/charts/backstage/templates/backstage-locator-crb.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: backstage-locator 5 | subjects: 6 | - kind: ServiceAccount 7 | name: backstage-locator 8 | namespace: {{.Release.Namespace}} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: backstage-locator 13 | -------------------------------------------------------------------------------- /platform-apps/charts/backstage/templates/backstage-locator-sa.yaml: -------------------------------------------------------------------------------- 1 | kind: ServiceAccount 2 | apiVersion: v1 3 | metadata: 4 | name: backstage-locator -------------------------------------------------------------------------------- /platform-apps/charts/backstage/templates/backstage-locator-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: backstage-locator 5 | annotations: 6 | kubernetes.io/service-account.name: backstage-locator 7 | type: kubernetes.io/service-account-token -------------------------------------------------------------------------------- /platform-apps/charts/cert-manager/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: cert-manager 3 | repository: https://charts.jetstack.io 4 | version: v1.17.2 5 | digest: sha256:4da3f18041cd7af19d045d2d2d07afcfb285be8844283562f62329760adf31bd 6 | generated: "2025-04-29T17:32:29.587024858Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/cert-manager/templates/clusterissuer-mkcert.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.createmkcertClusterIssuer }} 2 | apiVersion: cert-manager.io/v1 3 | kind: ClusterIssuer 4 | metadata: 5 | name: mkcert-issuer 6 | namespace: cert-manager 7 | spec: 8 | ca: 9 | secretName: mkcert-ca-key-pair 10 | {{ end }} 11 | -------------------------------------------------------------------------------- /platform-apps/charts/cert-manager/templates/clusterissuer-prod.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.createLetsEncryptProdClusterIssuer }} 2 | apiVersion: cert-manager.io/v1 3 | kind: ClusterIssuer 4 | metadata: 5 | name: letsencrypt-prod 6 | spec: 7 | acme: 8 | email: support@suxess-it.com 9 | preferredChain: '' 10 | privateKeySecretRef: 11 | name: letsencrypt-prod 12 | server: 'https://acme-v02.api.letsencrypt.org/directory' 13 | solvers: 14 | - http01: 15 | ingress: 16 | ingressClassName: nginx 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /platform-apps/charts/cert-manager/templates/clusterissuer-staging.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.createLetsEncrypStagingClusterIssuer }} 2 | apiVersion: cert-manager.io/v1 3 | kind: ClusterIssuer 4 | metadata: 5 | name: letsencrypt-staging 6 | spec: 7 | acme: 8 | email: support@suxess-it.com 9 | preferredChain: '' 10 | privateKeySecretRef: 11 | name: letsencrypt-staging 12 | server: 'https://acme-staging-v02.api.letsencrypt.org/directory' 13 | solvers: 14 | - http01: 15 | ingress: 16 | ingressClassName: nginx 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /platform-apps/charts/cert-manager/values-demo-metalstack.yaml: -------------------------------------------------------------------------------- 1 | createLetsEncryptProdClusterIssuer: true 2 | -------------------------------------------------------------------------------- /platform-apps/charts/cert-manager/values-k3d.yaml: -------------------------------------------------------------------------------- 1 | createmkcertClusterIssuer: true 2 | -------------------------------------------------------------------------------- /platform-apps/charts/cert-manager/values-metalstack.yaml: -------------------------------------------------------------------------------- 1 | createLetsEncrypStagingClusterIssuer: true 2 | -------------------------------------------------------------------------------- /platform-apps/charts/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | cert-manager: 2 | installCRDs: true 3 | 4 | -------------------------------------------------------------------------------- /platform-apps/charts/cnpg/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: cloudnative-pg 3 | repository: https://cloudnative-pg.github.io/charts 4 | version: 0.24.0 5 | - name: pgadmin4 6 | repository: https://helm.runix.net 7 | version: 1.47.0 8 | digest: sha256:9ccd79e713b7cfd772aac9d59a9a03d56a234e9a650986917299f8653a47f50b 9 | generated: "2025-06-04T18:56:57.854230688Z" 10 | -------------------------------------------------------------------------------- /platform-apps/charts/cnpg/templates/cnpg-dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | grafana_dashboard: "1" 6 | name: cnpg-dashboard 7 | data: 8 | cnpg-dashboard.json: |- 9 | {{ .Files.Get "dashboard-files/cnpg-dashboard.json" | indent 4 }} 10 | -------------------------------------------------------------------------------- /platform-apps/charts/cnpg/templates/pgadmin-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: external-secrets.io/v1beta1 2 | kind: ExternalSecret 3 | metadata: 4 | name: pgadmin-secret 5 | namespace: cnpg 6 | annotations: 7 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 8 | spec: 9 | refreshInterval: "15s" 10 | secretStoreRef: 11 | name: vault-backend 12 | kind: ClusterSecretStore 13 | target: 14 | name: pgadmin-secret 15 | template: 16 | type: kubernetes.io/basic-auth 17 | data: 18 | password: "{{ `{{ .pgadminsecret }}` }}" 19 | pgadminclientid: "{{ `{{ .pgadminclientid }}` }}" 20 | pgadminclientsecret: "{{ `{{ .pgadminclientsecret }}` }}" 21 | data: 22 | - secretKey: pgadminsecret 23 | remoteRef: 24 | key: kubrix-kv/data/cnpg/base 25 | property: pgadminsecret 26 | - secretKey: pgadminclientid 27 | remoteRef: 28 | key: kubrix-kv/data/cnpg/base 29 | property: pgadminclientid 30 | - secretKey: pgadminclientsecret 31 | remoteRef: 32 | key: kubrix-kv/data/cnpg/base 33 | property: pgadminclientsecret -------------------------------------------------------------------------------- /platform-apps/charts/crossplane/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: crossplane 3 | repository: https://charts.crossplane.io/stable 4 | version: 1.19.1 5 | digest: sha256:5ae76139de7e8349539f96901310956a9d84bccae29b21c459904994260727a7 6 | generated: "2025-04-10T21:37:05.489102433Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/crossplane/values-k3d.yaml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /platform-apps/charts/crossplane/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/platform-apps/charts/crossplane/values.yaml -------------------------------------------------------------------------------- /platform-apps/charts/external-dns/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: external-dns 3 | repository: https://kubernetes-sigs.github.io/external-dns/ 4 | version: 1.16.1 5 | digest: sha256:5f5f1581ecc99216ea3aae95529801bf9cfb592d518609604cd0139890d576db 6 | generated: "2025-04-15T18:46:25.604784757Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/external-dns/README.md: -------------------------------------------------------------------------------- 1 | see https://kubernetes-sigs.github.io/external-dns/v0.14.1/tutorials/aws/#iam-policy 2 | and https://kubernetes-sigs.github.io/external-dns/v0.14.1/tutorials/aws/#static-credentials 3 | what you need to do in AWS to get the required policy and user/passwort for static credentials. 4 | That is only used when deploying the platform-stack outside of AWS. 5 | Otherwise you can set IAM roles on serviceaccounts. 6 | 7 | In https://kubernetes-sigs.github.io/external-dns/v0.14.1/tutorials/aws/#manifest-for-clusters-without-rbac-enabled 8 | is documented how the deployment.yaml should get modified (hopefully via helm chart values) 9 | 10 | -------------------------------------------------------------------------------- /platform-apps/charts/external-dns/values-metalstack.yaml: -------------------------------------------------------------------------------- 1 | external-dns: 2 | env: 3 | - name: AWS_SHARED_CREDENTIALS_FILE 4 | value: /.aws/credentials 5 | 6 | extraVolumeMounts: 7 | - name: aws-credentials 8 | mountPath: /.aws 9 | readOnly: true 10 | 11 | extraVolumes: 12 | - name: aws-credentials 13 | secret: 14 | secretName: sx-external-dns 15 | 16 | -------------------------------------------------------------------------------- /platform-apps/charts/external-secrets/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: external-secrets 3 | repository: https://charts.external-secrets.io 4 | version: 0.16.2 5 | digest: sha256:f0e2d39bb741dcd2b43ce8f9e1576d1a2b1b7d4c06a454882b0f8bc4150a3fd4 6 | generated: "2025-05-14T18:25:09.319470109Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/external-secrets/values-k3d.yaml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /platform-apps/charts/falco/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: falco 3 | repository: https://falcosecurity.github.io/charts 4 | version: 4.21.3 5 | - name: falco-exporter 6 | repository: https://falcosecurity.github.io/charts 7 | version: 0.12.2 8 | - name: k8s-metacollector 9 | repository: https://falcosecurity.github.io/charts 10 | version: 0.1.10 11 | digest: sha256:5939ba0df0ab60d53eae6e87d87560565a36597480b1957fe8c446a8f69d240c 12 | generated: "2025-04-10T20:00:05.722070174Z" 13 | -------------------------------------------------------------------------------- /platform-apps/charts/grafana/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: grafana 3 | repository: https://grafana.github.io/helm-charts 4 | version: 9.2.2 5 | digest: sha256:151f657ee8103ddebf74bd93b3129e6d25787907cc42544ceb24a48bcc9c8ded 6 | generated: "2025-06-04T12:43:20.264705969Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/grafana/templates/alerts/kubernetes-alerts.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.kubernetesAlerts.enabled -}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | labels: 6 | grafana_alert: "1" 7 | name: kubernetes-alerts 8 | data: 9 | {{ (.Files.Glob "alerting-rules/*").AsConfig | indent 2 }} 10 | --- 11 | {{ end -}} -------------------------------------------------------------------------------- /platform-apps/charts/grafana/templates/contact-point-platform-team.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | grafana_alert: "1" 6 | name: alerting-contact-point-platform-team 7 | data: 8 | contact-points-platform-team.yaml: |- 9 | apiVersion: 1 10 | contactPoints: 11 | {{- if .Values.kubernetesAlerts }} 12 | - orgId: 1 13 | name: platform-team-default 14 | {{ toYaml .Values.kubernetesAlerts.platformTeamContactPoint | indent 10 }} 15 | {{ end -}} -------------------------------------------------------------------------------- /platform-apps/charts/grafana/templates/dashboards/kubernetes-modern/dashboards.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.kubernetesModernDashboards.enabled -}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | labels: 6 | grafana_dashboard: "1" 7 | name: kubernetes-modern-dashboards 8 | data: 9 | {{ (.Files.Glob "dashboard-files/kubernetes-modern/*").AsConfig | indent 2 }} 10 | --- 11 | {{ end -}} -------------------------------------------------------------------------------- /platform-apps/charts/grafana/templates/dashboards/metalstack/dashboards.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metalstackDashboards.enabled -}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | labels: 6 | grafana_dashboard: "1" 7 | name: metalstack-dashboards 8 | data: 9 | {{ (.Files.Glob "dashboard-files/metalstack/*").AsConfig | indent 2 }} 10 | --- 11 | {{ end -}} -------------------------------------------------------------------------------- /platform-apps/charts/grafana/values.yaml: -------------------------------------------------------------------------------- 1 | metalstackDashboards: 2 | enabled: false 3 | 4 | kubernetesModernDashboards: 5 | enabled: false 6 | 7 | kubernetesAlerts: 8 | enabled: false -------------------------------------------------------------------------------- /platform-apps/charts/ingress-nginx/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: ingress-nginx 3 | repository: https://kubernetes.github.io/ingress-nginx 4 | version: 4.12.2 5 | digest: sha256:e91b17b274081cc28e5a2dbc5abcbb3a92a7170bd78756a4293191c7029161a2 6 | generated: "2025-05-01T05:19:02.250790394Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/ingress-nginx/values-k3d.yaml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /platform-apps/charts/k8s-monitoring/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: k8s-monitoring 3 | repository: https://grafana.github.io/helm-charts 4 | version: 1.6.36 5 | digest: sha256:2af81605ba5ef8689b8caabe229de1fe033b96259a215e63d18023e8976458e7 6 | generated: "2025-05-14T20:08:20.947242519Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/kargo/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: kargo 3 | repository: oci://ghcr.io/akuity/kargo-charts 4 | version: 1.5.1 5 | digest: sha256:87e42ae21e2bd6e31e72e8e9cda3baca7b4b3e3d59368508777a6ef096671386 6 | generated: "2025-06-04T14:41:06.335368261Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/kargo/values.yaml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: keycloak 3 | repository: https://charts.bitnami.com/bitnami 4 | version: 24.7.3 5 | - name: postgresql 6 | repository: https://charts.bitnami.com/bitnami 7 | version: 16.7.9 8 | - name: cluster 9 | repository: https://cloudnative-pg.github.io/charts 10 | version: 0.3.1 11 | digest: sha256:d982256ad4fcd6aa3d405a4ed4564fdaaed7a6e9a56333d162310be4710e6ba2 12 | generated: "2025-06-04T15:57:06.792737738Z" 13 | -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/comp.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.crossplane.io/v1 2 | kind: Composition 3 | metadata: 4 | name: keycloak-builtin-objects 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "1" 7 | spec: 8 | compositeTypeRef: 9 | apiVersion: keycloak.crossplane.io/v1alpha1 10 | kind: XBuiltinObjects 11 | mode: Pipeline 12 | pipeline: 13 | - step: pull-provider-configs 14 | functionRef: 15 | name: function-extra-resources 16 | input: 17 | apiVersion: extra-resources.fn.crossplane.io/v1beta1 18 | kind: Input 19 | spec: 20 | extraResources: 21 | - kind: Secret 22 | into: secrets 23 | apiVersion: v1 24 | type: Selector 25 | selector: 26 | minMatch: 1 27 | maxMatch: 100 28 | matchLabels: 29 | - key: type 30 | type: Value 31 | value: provider-credentials 32 | - step: keycloak-builtin-objects 33 | functionRef: 34 | name: function-keycloak-builtin-objects 35 | - step: automatically-detect-ready-composed-resources 36 | functionRef: 37 | name: function-auto-ready 38 | 39 | -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/cp-keycloak-admin-secret-es.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: external-secrets.io/v1beta1 2 | kind: ExternalSecret 3 | metadata: 4 | name: keycloak-admin 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "-9" 7 | spec: 8 | refreshInterval: 1m 9 | secretStoreRef: 10 | name: vault-backend 11 | kind: ClusterSecretStore 12 | target: 13 | name: keycloak-admin 14 | creationPolicy: Owner 15 | template: 16 | type: Opaque 17 | engineVersion: v2 18 | data: 19 | admin-password: "{{ `{{ .password }}` }}" 20 | metadata: 21 | annotations: 22 | argocd.argoproj.io/sync-wave: "-9" 23 | data: 24 | - secretKey: password 25 | remoteRef: 26 | key: kubrix-kv/data/keycloak/base 27 | property: password -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/cp-keycloak-backstage-client.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 3 | kind: Client 4 | metadata: 5 | name: backstage 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "5" 8 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 9 | spec: 10 | deletionPolicy: Delete 11 | forProvider: 12 | accessType: CONFIDENTIAL 13 | clientId: backstage 14 | name: backstage 15 | realmId: {{ .Values.kubrix.keycloak.realm.realmid }} 16 | directAccessGrantsEnabled: false 17 | standardFlowEnabled: true 18 | serviceAccountsEnabled: true 19 | # managementPolicies: ["Observe"] 20 | validRedirectUris: 21 | - "http://localhost:7007/api/auth/oidc/handler/frame" 22 | - "https://backstage{{ .Values.kubrix.keycloak.fqdn }}/api/auth/oidc/handler/frame" 23 | clientSecretSecretRef: 24 | key: backstage 25 | name: keycloak-client-credentials 26 | namespace: {{ .Release.Namespace }} 27 | loginTheme: keycloak.v2 28 | providerConfigRef: 29 | name: "{{ .Release.Name }}-config" 30 | -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/cp-keycloak-client-secret-es.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: external-secrets.io/v1beta1 2 | kind: ExternalSecret 3 | metadata: 4 | name: keycloak-client-credentials 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "-9" 7 | spec: 8 | refreshInterval: 1m 9 | secretStoreRef: 10 | name: vault-backend 11 | kind: ClusterSecretStore 12 | target: 13 | name: keycloak-client-credentials 14 | creationPolicy: Owner 15 | template: 16 | type: Opaque 17 | engineVersion: v2 18 | data: 19 | backstage: "{{ `{{ .backstage }}` }}" 20 | vault: "{{ `{{ .vault }}` }}" 21 | metadata: 22 | annotations: 23 | argocd.argoproj.io/sync-wave: "-9" 24 | kubrix.io/install: "false" 25 | data: 26 | - secretKey: backstage 27 | remoteRef: 28 | key: kubrix-kv/data/keycloak/oidc 29 | property: backstage 30 | - secretKey: vault 31 | remoteRef: 32 | key: kubrix-kv/data/keycloak/oidc 33 | property: vault -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 2 | kind: ClientDefaultScopes 3 | metadata: 4 | annotations: 5 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 6 | argocd.argoproj.io/sync-wave: "6" 7 | name: client-default-scopes 8 | spec: 9 | forProvider: 10 | clientIdRef: 11 | name: backstage 12 | defaultScopes: 13 | - profile 14 | - email 15 | - roles 16 | - web-origins 17 | - groups 18 | - acr 19 | realmIdRef: 20 | name: {{ $.Values.kubrix.keycloak.realm.realmid }} 21 | providerConfigRef: 22 | name: "{{ .Release.Name }}-config" 23 | -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 2 | kind: ClientDefaultScopes 3 | metadata: 4 | annotations: 5 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 6 | argocd.argoproj.io/sync-wave: "6" 7 | name: client-default-scopes-vault 8 | spec: 9 | forProvider: 10 | clientIdRef: 11 | name: vault 12 | defaultScopes: 13 | - profile 14 | - email 15 | - roles 16 | - web-origins 17 | - groups 18 | - acr 19 | - openid 20 | realmIdRef: 21 | name: {{ $.Values.kubrix.keycloak.realm.realmid }} 22 | providerConfigRef: 23 | name: "{{ .Release.Name }}-config" 24 | -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/cp-keycloak-externaldb-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq (default false .Values.postgresql.enabled) true }} 2 | # use only when cnpg not used 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: cp-keycloak-externaldb-secret 8 | annotations: 9 | argocd.argoproj.io/sync-wave: "-9" 10 | labels: 11 | type: externaldb-credentials 12 | type: Opaque 13 | stringData: 14 | HOST: "{{ .Release.Name }}-postgresql-hl.{{ .Release.Namespace }}.svc.cluster.local" 15 | PORT: "5432" 16 | POSTGRES_USER: "keycloak" 17 | POSTGRES_DATABASE: "postgres" 18 | POSTGRES_PASSWORD: "keycloak" 19 | POSTGRES_ADMIN: "keycloak" 20 | {{- end }} -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/cp-keycloak-group-roles.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: group.keycloak.crossplane.io/v1alpha1 2 | kind: Roles 3 | metadata: 4 | name: backstage-default-group-roles 5 | annotations: 6 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 7 | argocd.argoproj.io/sync-wave: "4" 8 | spec: 9 | deletionPolicy: Delete 10 | forProvider: 11 | exhaustive: false 12 | groupIdRef: 13 | name: backstage-admin 14 | realmIdRef: 15 | name: {{ .Values.kubrix.keycloak.realm.realmid }} 16 | roleIdsRefs: 17 | - name: builtin-{{ .Values.kubrix.keycloak.realm.realmid }}-realm-management-view-users 18 | - name: builtin-{{ .Values.kubrix.keycloak.realm.realmid }}-realm-management-query-groups 19 | - name: builtin-{{ .Values.kubrix.keycloak.realm.realmid }}-realm-management-query-users 20 | roleIdsSelector: 21 | matchLabels: 22 | defaultRole: 'true' 23 | realmName: {{ .Values.kubrix.keycloak.realm.realmid }} 24 | initProvider: {} 25 | managementPolicies: 26 | - '*' 27 | providerConfigRef: 28 | name: sx-keycloak-config 29 | -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/cp-keycloak-protocolmapper.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: client.keycloak.crossplane.io/v1alpha1 2 | kind: ProtocolMapper 3 | metadata: 4 | name: openid-user-attribute-mapper 5 | annotations: 6 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 7 | argocd.argoproj.io/sync-wave: "3" 8 | spec: 9 | forProvider: 10 | clientScopeIdSelector: 11 | matchLabels: 12 | kubrix.io/clientscope: groups 13 | realmIdRef: 14 | name: {{ $.Values.kubrix.keycloak.realm.realmid }} 15 | protocol: openid-connect 16 | protocolMapper: oidc-group-membership-mapper 17 | name: groups 18 | config: 19 | "claim.name": "groups" 20 | "userinfo.token.claim": "true" 21 | "access.token.claim": "true" 22 | "id.token.claim": "true" 23 | "full.path": "false" 24 | "introspection.token.claim": "true" 25 | "lightweight.claim": "false" 26 | # managementPolicies: ["Observe"] 27 | providerConfigRef: 28 | name: "{{ .Release.Name }}-config" 29 | -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/cp-keycloak-realm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: realm.keycloak.crossplane.io/v1alpha1 3 | kind: Realm 4 | metadata: 5 | name: {{ .Values.kubrix.keycloak.realm.realmid }} 6 | labels: 7 | kubrix.io/realm: {{ .Values.kubrix.keycloak.realm.realmid }} 8 | annotations: 9 | link.argocd.argoproj.io/external-link: https://keycloak{{ .Values.kubrix.keycloak.fqdn }}/admin/master/console/#/{{ .Values.kubrix.keycloak.realm.realmid }} 10 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 11 | argocd.argoproj.io/sync-wave: "1" 12 | spec: 13 | forProvider: 14 | realm: {{ .Values.kubrix.keycloak.realm.realmid }} 15 | displayName: {{ .Values.kubrix.keycloak.realm.realmid }} 16 | attributes: 17 | frontendUrl: https://keycloak{{ .Values.kubrix.keycloak.fqdn }} 18 | deletionPolicy: "Delete" 19 | providerConfigRef: 20 | name: "{{ .Release.Name }}-config" 21 | -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/cp-keycloak-secret-es.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: external-secrets.io/v1beta1 2 | kind: ExternalSecret 3 | metadata: 4 | name: keycloak-credentials 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "-9" 7 | labels: 8 | type: provider-credentials 9 | spec: 10 | refreshInterval: 1m 11 | secretStoreRef: 12 | name: vault-backend 13 | kind: ClusterSecretStore 14 | target: 15 | name: keycloak-credentials 16 | creationPolicy: Owner 17 | template: 18 | type: Opaque 19 | metadata: 20 | annotations: 21 | argocd.argoproj.io/sync-wave: "-9" 22 | kubrix.io/install: "false" 23 | labels: 24 | type: provider-credentials 25 | dataFrom: 26 | - extract: 27 | key: kubrix-kv/data/keycloak/base -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/cp-keycloak-users-secret-es.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: external-secrets.io/v1beta1 2 | kind: ExternalSecret 3 | metadata: 4 | name: cp-keycloak-users-secret 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "-9" 7 | labels: 8 | type: user-credentials 9 | spec: 10 | refreshInterval: 1h 11 | secretStoreRef: 12 | name: vault-backend # Adjust if your store has a different name 13 | kind: ClusterSecretStore 14 | target: 15 | name: cp-keycloak-users-secret 16 | creationPolicy: Owner 17 | template: 18 | type: Opaque 19 | metadata: 20 | annotations: 21 | argocd.argoproj.io/sync-wave: "-9" 22 | kubrix.io/install: "false" 23 | labels: 24 | type: user-credentials 25 | dataFrom: 26 | - extract: 27 | key: kubrix-kv/data/keycloak/users -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/cp-keycloak-users.yaml: -------------------------------------------------------------------------------- 1 | {{- range $user := .Values.kubrix.keycloak.realm.users }} 2 | --- 3 | apiVersion: user.keycloak.crossplane.io/v1alpha1 4 | kind: User 5 | metadata: 6 | name: {{ $user.name }} 7 | annotations: 8 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 9 | argocd.argoproj.io/sync-wave: "2" 10 | spec: 11 | forProvider: 12 | realmId: {{ $.Values.kubrix.keycloak.realm.realmid }} 13 | username: {{ $user.name }} 14 | enabled: true 15 | emailVerified: true 16 | firstName: {{ $user.firstName }} 17 | lastName: {{ $user.lastName }} 18 | email: {{ $user.email }} 19 | initialPassword: 20 | - valueSecretRef: 21 | name: "cp-keycloak-users-secret" 22 | key: {{ $user.name }} 23 | namespace: {{ $.Release.Namespace }} 24 | temporary: false # should be set to true in production 25 | deletionPolicy: "Delete" 26 | providerConfigRef: 27 | name: "{{ $.Release.Name }}-config" 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/cp-keycloak-vault-client.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 3 | kind: Client 4 | metadata: 5 | name: vault 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "5" 8 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 9 | spec: 10 | deletionPolicy: Delete 11 | forProvider: 12 | accessType: CONFIDENTIAL 13 | clientId: vault 14 | name: vault 15 | realmId: {{ .Values.kubrix.keycloak.realm.realmid }} 16 | adminUrl: "https://vault{{ .Values.kubrix.keycloak.fqdn }}" 17 | rootUrl: "https://vault{{ .Values.kubrix.keycloak.fqdn }}" 18 | directAccessGrantsEnabled: false 19 | standardFlowEnabled: true 20 | serviceAccountsEnabled: true 21 | # managementPolicies: ["Observe"] 22 | validRedirectUris: 23 | - "https://vault{{ .Values.kubrix.keycloak.fqdn }}/ui/vault/auth/oidc/oidc/callback" 24 | clientSecretSecretRef: 25 | key: vault 26 | name: keycloak-client-credentials 27 | namespace: {{ .Release.Namespace }} 28 | loginTheme: keycloak.v2 29 | providerConfigRef: 30 | name: "{{ .Release.Name }}-config" 31 | -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/cp-provider.yaml: -------------------------------------------------------------------------------- 1 | # should move to crossplane ns, maybe? 2 | apiVersion: pkg.crossplane.io/v1 3 | kind: Provider 4 | metadata: 5 | name: provider-keycloak 6 | annotations: 7 | argocd.argoproj.io/sync-wave: "-10" 8 | spec: 9 | package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v2.0.0 10 | -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/cp-providerconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: keycloak.crossplane.io/v1beta1 3 | kind: ProviderConfig 4 | metadata: 5 | name: "{{ .Release.Name }}-config" 6 | namespace: "{{ .Release.Namespace }}" 7 | annotations: 8 | argocd.argoproj.io/sync-wave: "-8" 9 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 10 | spec: 11 | credentials: 12 | source: Secret 13 | secretRef: 14 | name: keycloak-credentials 15 | key: credentials 16 | namespace: "{{ .Release.Namespace }}" 17 | -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/func.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: pkg.crossplane.io/v1beta1 3 | kind: Function 4 | metadata: 5 | name: function-extra-resources 6 | spec: 7 | package: xpkg.upbound.io/crossplane-contrib/function-extra-resources:v0.0.3 8 | --- 9 | apiVersion: pkg.crossplane.io/v1beta1 10 | kind: Function 11 | metadata: 12 | name: function-auto-ready 13 | spec: 14 | package: xpkg.upbound.io/crossplane-contrib/function-auto-ready:v0.2.1 15 | --- 16 | apiVersion: pkg.crossplane.io/v1beta1 17 | kind: Function 18 | metadata: 19 | name: function-keycloak-builtin-objects 20 | spec: 21 | package: registry.gitlab.com/corewire/images/crossplane/function-keycloak-builtin-objects:v1.0.0 22 | packagePullPolicy: Always 23 | -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/oss/cp-keycloak-groups.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.kubriXPlan "oss" }} 2 | {{- range $group := .Values.kubrix.keycloak.realm.groups }} 3 | --- 4 | apiVersion: group.keycloak.crossplane.io/v1alpha1 5 | kind: Group 6 | metadata: 7 | name: {{ $group.name }} 8 | annotations: 9 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 10 | argocd.argoproj.io/sync-wave: "3" 11 | spec: 12 | forProvider: 13 | realmId: {{ $.Values.kubrix.keycloak.realm.realmid }} 14 | name: {{ $group.name }} 15 | deletionPolicy: "Delete" 16 | providerConfigRef: 17 | name: "{{ $.Release.Name }}-config" 18 | {{- end }} 19 | {{- end }} -------------------------------------------------------------------------------- /platform-apps/charts/keycloak/templates/xr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: keycloak.crossplane.io/v1alpha1 2 | kind: XBuiltinObjects 3 | metadata: 4 | name: keycloak-builtin-objects-{{ .Values.kubrix.keycloak.realm.realmid }} 5 | annotations: 6 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 7 | argocd.argoproj.io/sync-wave: "2" 8 | spec: 9 | providerConfigName: sx-keycloak-config 10 | providerSecretName: keycloak-credentials-xr 11 | realm: {{ .Values.kubrix.keycloak.realm.realmid }} 12 | builtinClients: 13 | - account 14 | - account-console 15 | - admin-cli 16 | - broker 17 | - realm-management 18 | - security-admin-console 19 | builtinRealmRoles: 20 | - offline_access 21 | - uma_authorization 22 | 23 | -------------------------------------------------------------------------------- /platform-apps/charts/komoplane/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: komoplane 3 | repository: https://helm-charts.komodor.io 4 | version: 0.1.6 5 | digest: sha256:ec3040615dde94be483999b46fac592b60bab468b8f8ae878676ddd33d7a4946 6 | generated: "2025-01-21T12:59:15.3654371Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/kubecost/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: cost-analyzer 3 | repository: https://kubecost.github.io/cost-analyzer 4 | version: 2.7.2 5 | digest: sha256:059e29b95389788f9e73912dab439b94a27b95a70ace14a7c7502e32b2447849 6 | generated: "2025-05-07T17:24:14.433621449Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/kubecost/templates/sx-cnp-oss.yaml: -------------------------------------------------------------------------------- 1 | kind: ConfigMap 2 | apiVersion: v1 3 | metadata: 4 | name: kubrix 5 | namespace: kubecost 6 | data: 7 | CLUSTER_ID: kubrix 8 | -------------------------------------------------------------------------------- /platform-apps/charts/kubevirt-manager/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: sx-kubevirt-manager 3 | description: A Helm chart for kubevirt-manager 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "1.0.0" 25 | 26 | -------------------------------------------------------------------------------- /platform-apps/charts/kubevirt-manager/templates/certificate.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cert.enabled }} 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: kubevirt-certificate 6 | spec: 7 | secretName: {{ .Values.deployment.tls.name }} 8 | issuerRef: 9 | name: letsencrypt-prod 10 | kind: ClusterIssuer 11 | dnsNames: 12 | - {{ .Values.deployment.ingress.host }} 13 | {{- end }} -------------------------------------------------------------------------------- /platform-apps/charts/kubevirt-manager/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: "{{ .Values.deployment.service.name }}" 6 | {{- if .Values.gardenercert.enabled }} 7 | annotations: 8 | cert.gardener.cloud/purpose: managed 9 | dns.gardener.cloud/class: garden 10 | dns.gardener.cloud/dnsnames: {{ .Values.gardenercert.dnsnames }} 11 | dns.gardener.cloud/ttl: "180" 12 | {{- end }} 13 | spec: 14 | ingressClassName: nginx 15 | tls: 16 | - hosts: 17 | - "{{ .Values.deployment.ingress.host }}" 18 | secretName: "{{ .Values.deployment.tls.name }}" 19 | rules: 20 | - host: "{{ .Values.deployment.ingress.host }}" 21 | http: 22 | paths: 23 | - path: / 24 | pathType: Prefix 25 | backend: 26 | service: 27 | name: "{{ .Values.deployment.service.name }}" 28 | port: 29 | number: {{.Values.deployment.service.port}} 30 | -------------------------------------------------------------------------------- /platform-apps/charts/kubevirt-manager/values-demo-metalstack.yaml: -------------------------------------------------------------------------------- 1 | cert: 2 | enabled: true 3 | 4 | gardenercert: 5 | enabled: false 6 | 7 | deployment: 8 | version: 1.5.0 9 | tls: 10 | name: kubevirt-manager-server-tls 11 | ingress: 12 | host: kubevirt-manager.demo.kubrix.cloud 13 | service: 14 | name: kubevirt-manager 15 | port: 8080 16 | -------------------------------------------------------------------------------- /platform-apps/charts/kubevirt-manager/values-k3d.yaml: -------------------------------------------------------------------------------- 1 | cert: 2 | enabled: false 3 | 4 | gardenercert: 5 | enabled: false 6 | 7 | deployment: 8 | version: 1.3.3 9 | tls: 10 | name: kubevirt-manager-server-tls 11 | ingress: 12 | host: kubevirt-manager-127-0-0-1.nip.io 13 | service: 14 | name: kubevirt-manager 15 | port: 8080 16 | -------------------------------------------------------------------------------- /platform-apps/charts/kubevirt-manager/values-metalstack.yaml: -------------------------------------------------------------------------------- 1 | cert: 2 | enabled: true 3 | 4 | gardenercert: 5 | enabled: false 6 | 7 | deployment: 8 | version: 1.3.3 9 | tls: 10 | name: kubevirt-manager-server-tls 11 | ingress: 12 | host: kubevirt-manager-metalstack.platform-engineer.cloud 13 | service: 14 | name: kubevirt-manager 15 | port: 8080 16 | -------------------------------------------------------------------------------- /platform-apps/charts/kubevirt/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: sx-kubevirt 3 | description: A Helm chart for kubevirt and it's resources 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "1.0.0" 25 | 26 | -------------------------------------------------------------------------------- /platform-apps/charts/kubevirt/templates/cdi-cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cdi.kubevirt.io/v1beta1 2 | kind: CDI 3 | metadata: 4 | name: cdi 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "3" 7 | spec: 8 | config: 9 | featureGates: 10 | - HonorWaitForFirstConsumer 11 | imagePullPolicy: IfNotPresent 12 | infra: 13 | nodeSelector: 14 | kubernetes.io/os: linux 15 | tolerations: 16 | - key: CriticalAddonsOnly 17 | operator: Exists 18 | workload: 19 | nodeSelector: 20 | kubernetes.io/os: linux 21 | -------------------------------------------------------------------------------- /platform-apps/charts/kubevirt/templates/cdi-proxy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: cdi-uploadproxy-lb 5 | namespace: cdi 6 | labels: 7 | cdi.kubevirt.io: "cdi-uploadproxy" 8 | spec: 9 | type: LoadBalancer 10 | ports: 11 | - port: 443 12 | targetPort: 8443 13 | protocol: TCP 14 | selector: 15 | cdi.kubevirt.io: cdi-uploadproxy 16 | -------------------------------------------------------------------------------- /platform-apps/charts/kubevirt/templates/dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | grafana_dashboard: "1" 6 | name: kubevirt-grafana-dashboard 7 | namespace: kubevirt 8 | data: 9 | kubevirt-dashboard.json: |- 10 | {{ .Files.Get "dashboard-files/kubevirt-dashboard.json" | indent 4 }} 11 | -------------------------------------------------------------------------------- /platform-apps/charts/kubevirt/templates/datavolumes.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.datasources.enabled }} 2 | {{- range $sources := .Values.datasources.sources }} 3 | --- 4 | apiVersion: cdi.kubevirt.io/v1beta1 5 | kind: DataVolume 6 | metadata: 7 | name: {{ $sources.name }} 8 | namespace: kubevirt 9 | annotations: 10 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 11 | argocd.argoproj.io/sync-wave: "5" 12 | 13 | spec: 14 | source: 15 | http: 16 | url: "{{ $sources.url }}" 17 | pvc: 18 | accessModes: 19 | - ReadWriteOnce 20 | resources: 21 | requests: 22 | storage: {{ $sources.storage }} 23 | {{ end }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /platform-apps/charts/kubevirt/templates/datavolumes_roles.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.datasources.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: kubevirt-datavolume-permission 6 | rules: 7 | - apiGroups: ["cdi.kubevirt.io"] 8 | resources: ["datavolumes/source"] 9 | verbs: ["*"] 10 | - apiGroups: 11 | - rbac.authorization.k8s.io 12 | resources: 13 | - rolebindings 14 | verbs: 15 | - get 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /platform-apps/charts/kubevirt/templates/kubevirt-cr.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kubevirt.io/v1 3 | kind: KubeVirt 4 | metadata: 5 | name: kubevirt 6 | namespace: kubevirt 7 | annotations: 8 | argocd.argoproj.io/sync-wave: "1" 9 | spec: 10 | certificateRotateStrategy: {} 11 | configuration: 12 | developerConfiguration: 13 | featureGates: [] 14 | monitorNamespace: k8s-monitoring 15 | monitorAccount: sx-k8s-monitoring-alloy 16 | customizeComponents: {} 17 | imagePullPolicy: IfNotPresent 18 | workloadUpdateStrategy: {} 19 | # for demo purposes only 20 | infra: 21 | nodePlacement: 22 | nodeSelector: 23 | kubernetes.io/os: linux 24 | workloads: 25 | nodePlacement: 26 | nodeSelector: 27 | kubernetes.io/os: linux -------------------------------------------------------------------------------- /platform-apps/charts/kubevirt/values-demo-metalstack.yaml: -------------------------------------------------------------------------------- 1 | kubevirt: 2 | version: v1.5.0 3 | cdi: 4 | version: v1.62.0 5 | datasources: 6 | enabled: true 7 | sources: 8 | - name: ubuntu-jammy-server 9 | url: http://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img 10 | storage: 3G 11 | # description for backstage Software Catalog 12 | description: ubuntu 22.02 Base Image 13 | - name: fedora-cloud-base 14 | url: https://download.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/x86_64/images/Fedora-Cloud-Base-Generic.x86_64-40-1.14.qcow2 15 | storage: 10G 16 | description: fedoa cloud v40.1.14 Base Image 17 | -------------------------------------------------------------------------------- /platform-apps/charts/kubevirt/values-metalstack.yaml: -------------------------------------------------------------------------------- 1 | kubevirt: 2 | version: v1.2.0 3 | cdi: 4 | version: v1.59.0 5 | datasources: 6 | enabled: true 7 | sources: 8 | - name: ubuntu-jammy-server 9 | url: http://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img 10 | storage: 3G 11 | # description for backstage Software Catalog 12 | description: ubuntu 22.02 Base Image 13 | - name: fedora-cloud-base 14 | url: https://download.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/x86_64/images/Fedora-Cloud-Base-Generic.x86_64-40-1.14.qcow2 15 | storage: 10G 16 | description: fedoa cloud v40.1.14 Base Image 17 | -------------------------------------------------------------------------------- /platform-apps/charts/kyverno/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: kyverno 3 | repository: https://kyverno.github.io/kyverno/ 4 | version: 3.4.2 5 | digest: sha256:976c1c86c797d6487f57b3a01ee456381f9ff57f13491561b94c38f089016e18 6 | generated: "2025-06-04T13:43:07.655561532Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/kyverno/templates/crb-kubevirt-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.kyvernoPolicies.createKubevirtRolebinding.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: kyverno:background-controller:kubevirt 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: kubevirt-datavolume-permission 10 | subjects: 11 | - kind: ServiceAccount 12 | name: kyverno-background-controller 13 | namespace: kyverno 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /platform-apps/charts/kyverno/templates/kyverno-dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | grafana_dashboard: "1" 6 | name: kyverno-dashboard 7 | namespace: kyverno 8 | data: 9 | kyverno-dashboard.json: |- 10 | {{ .Files.Get "dashboard-files/kyverno-dashboard.json" | indent 4 }} 11 | -------------------------------------------------------------------------------- /platform-apps/charts/kyverno/templates/policy-add-label-velero.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.kyvernoPolicies.createExcludeFromBackupLabel.enabled }} 2 | apiVersion: kyverno.io/v1 3 | kind: ClusterPolicy 4 | metadata: 5 | name: add-labels-to-cm-velero 6 | annotations: 7 | policies.kyverno.io/title: Add Labels for velero exclude 8 | policies.kyverno.io/category: kubrix 9 | policies.kyverno.io/minversion: 1.6.0 10 | policies.kyverno.io/severity: low 11 | policies.kyverno.io/subject: ConfigMap 12 | policies.kyverno.io/description: >- 13 | add exclude label velero.io/exclude-from-backup so that restore works without problems 14 | spec: 15 | mutateExistingOnPolicyUpdate: true 16 | rules: 17 | - name: add-labels-to-cm-velero 18 | match: 19 | any: 20 | - resources: 21 | kinds: 22 | - ConfigMap 23 | names: 24 | - kube-root-ca.crt 25 | mutate: 26 | targets: 27 | - apiVersion: v1 28 | kind: ConfigMap 29 | name: kube-root-ca.crt 30 | patchStrategicMerge: 31 | metadata: 32 | labels: 33 | velero.io/exclude-from-backup: "true" 34 | skipBackgroundRequests: true 35 | {{- end }} 36 | -------------------------------------------------------------------------------- /platform-apps/charts/kyverno/values-demo-metalstack.yaml: -------------------------------------------------------------------------------- 1 | kyvernoPolicies: 2 | createKubevirtRolebinding: 3 | enabled: true 4 | 5 | kyverno: 6 | backgroundController: 7 | resources: 8 | limits: 9 | memory: 1Gi 10 | reportsController: 11 | resources: 12 | limits: 13 | memory: 1Gi -------------------------------------------------------------------------------- /platform-apps/charts/kyverno/values-metalstack.yaml: -------------------------------------------------------------------------------- 1 | kyverno: 2 | backgroundController: 3 | resources: 4 | limits: 5 | memory: 1Gi 6 | reportsController: 7 | resources: 8 | limits: 9 | memory: 1Gi -------------------------------------------------------------------------------- /platform-apps/charts/loki/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: loki 3 | repository: https://grafana.github.io/helm-charts 4 | version: 6.30.1 5 | digest: sha256:751d21531315066b8cdcb64e0b8450dd6303e126ef21c6cc938d7b7a7330af3d 6 | generated: "2025-06-04T16:03:25.569893736Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/loki/templates/es-loki.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.loki.minio.enabled }} 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: loki-external-secret 6 | namespace: loki 7 | annotations: 8 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 9 | spec: 10 | refreshInterval: "15s" 11 | secretStoreRef: 12 | name: vault-backend 13 | kind: ClusterSecretStore 14 | target: 15 | name: loki-s3-credentials 16 | template: 17 | data: 18 | SECRETACCESSKEY: "{{ `{{ .SECRETACCESSKEY }}` }}" 19 | ACCESSKEYID: "{{ `{{ .ACCESSKEYID }}` }}" 20 | ENDPOINT: "{{ `{{ .ENDPOINT }}` }}" 21 | BUCKETNAME: "{{ `{{ .BUCKETNAME }}` }}" 22 | data: 23 | - secretKey: ACCESSKEYID 24 | remoteRef: 25 | key: kubrix-kv/data/observability/s3 26 | property: ACCESSKEYID 27 | - secretKey: SECRETACCESSKEY 28 | remoteRef: 29 | key: kubrix-kv/data/observability/s3 30 | property: SECRETACCESSKEY 31 | - secretKey: ENDPOINT 32 | remoteRef: 33 | key: kubrix-kv/data/observability/s3 34 | property: ENDPOINT 35 | - secretKey: BUCKETNAME 36 | remoteRef: 37 | key: kubrix-kv/data/observability/s3 38 | property: BUCKETNAME 39 | {{- end }} -------------------------------------------------------------------------------- /platform-apps/charts/loki/templates/es-na-cert.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.loki.minio.enabled }} 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: loki-s3-cert 6 | namespace: loki 7 | annotations: 8 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 9 | spec: 10 | refreshInterval: "15s" 11 | secretStoreRef: 12 | name: vault-backend 13 | kind: ClusterSecretStore 14 | target: 15 | name: loki-s3-cert 16 | template: 17 | data: 18 | ca.crt: "{{ `{{ .S3CERT }}` }}" 19 | data: 20 | - secretKey: S3CERT 21 | remoteRef: 22 | key: kubrix-kv/data/observability/s3 23 | property: S3CERT 24 | {{- end }} -------------------------------------------------------------------------------- /platform-apps/charts/loki/templates/loki-datasource.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "loki.fullname" .Subcharts.loki }}-datasource 5 | labels: 6 | grafana_datasource: "1" 7 | data: 8 | loki-datasource.yaml: |- 9 | apiVersion: 1 10 | datasources: 11 | - name: loki 12 | type: loki 13 | uid: loki 14 | basicAuth: false 15 | url: http://{{ template "loki.fullname" .Subcharts.loki }}.{{ .Release.Namespace }}.svc:3100 16 | access: proxy 17 | isDefault: false 18 | jsonData: 19 | httpHeaderName1: "X-Scope-OrgID" 20 | derivedFields: 21 | - datasourceUid: tempo 22 | matcherRegex: "^.*?traceI[d|D]=(\\w+).*$" 23 | name: traceId 24 | url: '$${__value.raw}' 25 | -------------------------------------------------------------------------------- /platform-apps/charts/loki/values.yaml: -------------------------------------------------------------------------------- 1 | loki: 2 | loki: 3 | compactor: 4 | working_directory: /var/loki/compactor 5 | compaction_interval: 10m 6 | retention_enabled: true 7 | retention_delete_delay: 2h 8 | retention_delete_worker_count: 150 9 | delete_request_store: filesystem 10 | 11 | limits_config: 12 | retention_period: 30d 13 | -------------------------------------------------------------------------------- /platform-apps/charts/mimir/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: mimir-distributed 3 | repository: https://grafana.github.io/helm-charts 4 | version: 5.7.0 5 | digest: sha256:635a26ddf2a0105eea50e77ecd455843b9d2acc4d835ce684f2db351770b0ca6 6 | generated: "2025-04-10T20:37:04.026692989Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/mimir/templates/es-mimir.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.mimir.minio.enabled }} 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: mimir-external-secret 6 | namespace: mimir 7 | annotations: 8 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 9 | spec: 10 | refreshInterval: "15s" 11 | secretStoreRef: 12 | name: vault-backend 13 | kind: ClusterSecretStore 14 | target: 15 | name: mimir-s3-credentials 16 | template: 17 | data: 18 | SECRETACCESSKEY: "{{ `{{ .SECRETACCESSKEY }}` }}" 19 | ACCESSKEYID: "{{ `{{ .ACCESSKEYID }}` }}" 20 | ENDPOINT: "{{ `{{ .ENDPOINT }}` }}" 21 | BUCKETNAME: "{{ `{{ .BUCKETNAME }}` }}" 22 | data: 23 | - secretKey: ACCESSKEYID 24 | remoteRef: 25 | key: kubrix-kv/data/observability/s3 26 | property: ACCESSKEYID 27 | - secretKey: SECRETACCESSKEY 28 | remoteRef: 29 | key: kubrix-kv/data/observability/s3 30 | property: SECRETACCESSKEY 31 | - secretKey: ENDPOINT 32 | remoteRef: 33 | key: kubrix-kv/data/observability/s3 34 | property: ENDPOINT 35 | - secretKey: BUCKETNAME 36 | remoteRef: 37 | key: kubrix-kv/data/observability/s3 38 | property: BUCKETNAME 39 | {{- end }} 40 | -------------------------------------------------------------------------------- /platform-apps/charts/mimir/templates/es-na-cert.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.mimir.minio.enabled }} 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: mimir-s3-cert 6 | namespace: mimir 7 | annotations: 8 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 9 | spec: 10 | refreshInterval: "15s" 11 | secretStoreRef: 12 | name: vault-backend 13 | kind: ClusterSecretStore 14 | target: 15 | name: mimir-s3-cert 16 | template: 17 | data: 18 | ca.crt: "{{ `{{ .S3CERT }}` }}" 19 | data: 20 | - secretKey: S3CERT 21 | remoteRef: 22 | key: kubrix-kv/data/observability/s3 23 | property: S3CERT 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /platform-apps/charts/mimir/templates/kubernetes-recording-rules.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: PrometheusRule 3 | metadata: 4 | name: "kubernetes-recording-rules" 5 | spec: 6 | {{- $.Files.Get "recording-rules/kubernetes-recording-rules.yaml" | nindent 2 }} 7 | -------------------------------------------------------------------------------- /platform-apps/charts/mimir/templates/metamonitoring-datasource.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "mimir.fullname" .Subcharts.mimir }}-metamonitoring-datasource 5 | labels: 6 | grafana_datasource: "1" 7 | data: 8 | mimir-metamonitoring-datasource.yaml: |- 9 | apiVersion: 1 10 | datasources: 11 | - name: mimir-metamonitoring 12 | type: prometheus 13 | typeName: prometheus 14 | uid: mimir-metamonitoring 15 | basicAuth: false 16 | url: http://{{ template "mimir.fullname" .Subcharts.mimir }}-nginx.{{ .Release.Namespace }}.svc:80/prometheus 17 | access: proxy 18 | isDefault: false 19 | jsonData: 20 | httpHeaderName1: "X-Scope-OrgID" 21 | httpMethod: "POST" 22 | prometheusType: "Mimir" 23 | prometheusVersion: "2.9.1" 24 | secureJsonData: 25 | httpHeaderValue1: "metamonitoring" 26 | -------------------------------------------------------------------------------- /platform-apps/charts/mimir/templates/mimir-datasource.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "mimir.fullname" .Subcharts.mimir }}-datasource 5 | labels: 6 | grafana_datasource: "1" 7 | data: 8 | mimir-datasource.yaml: |- 9 | apiVersion: 1 10 | datasources: 11 | - name: mimir 12 | type: prometheus 13 | typeName: prometheus 14 | uid: mimir 15 | basicAuth: false 16 | url: http://{{ template "mimir.fullname" .Subcharts.mimir }}-nginx.{{ .Release.Namespace }}.svc:80/prometheus 17 | access: proxy 18 | isDefault: true 19 | jsonData: 20 | httpMethod: "POST" 21 | prometheusType: "Mimir" 22 | prometheusVersion: "2.9.1" 23 | -------------------------------------------------------------------------------- /platform-apps/charts/mimir/values-demo-metalstack.yaml: -------------------------------------------------------------------------------- 1 | mimir: 2 | nginx: 3 | ingress: 4 | enabled: true 5 | ingressClassName: nginx 6 | annotations: 7 | external-dns.alpha.kubernetes.io/ttl: "60" 8 | cert-manager.io/cluster-issuer: letsencrypt-prod 9 | hosts: 10 | - host: metrics-monitoring.demo.kubrix.cloud 11 | paths: 12 | - path: / 13 | pathType: Prefix 14 | tls: 15 | - secretName: mimir-nginx-tls 16 | hosts: 17 | - metrics-monitoring.demo.kubrix.cloud 18 | mimir: 19 | structuredConfig: 20 | limits: 21 | max_global_series_per_user: 500000 22 | distributor: 23 | resources: 24 | limits: 25 | cpu: 3.5 26 | memory: 6Gi 27 | ingester: 28 | resources: 29 | limits: 30 | cpu: 5 31 | memory: 6Gi 32 | persistentVolume: 33 | size: 5Gi 34 | 35 | 36 | minio: 37 | persistence: 38 | size: 10Gi 39 | -------------------------------------------------------------------------------- /platform-apps/charts/mimir/values-k3d.yaml: -------------------------------------------------------------------------------- 1 | mimir: 2 | nginx: 3 | ingress: 4 | enabled: true 5 | hosts: 6 | - host: metrics-monitoring-127-0-0-1.nip.io 7 | paths: 8 | - path: / 9 | pathType: Prefix 10 | tls: "" 11 | mimir: 12 | structuredConfig: 13 | limits: 14 | max_global_series_per_user: 300000 15 | distributor: 16 | resources: 17 | limits: 18 | cpu: 3.5 19 | memory: 6Gi 20 | ingester: 21 | resources: 22 | requests: 23 | cpu: 50m 24 | limits: 25 | cpu: 5 26 | memory: 12Gi 27 | store_gateway: 28 | resources: 29 | requests: 30 | cpu: 50m 31 | -------------------------------------------------------------------------------- /platform-apps/charts/mimir/values-metalstack.yaml: -------------------------------------------------------------------------------- 1 | mimir: 2 | nginx: 3 | ingress: 4 | enabled: true 5 | ingressClassName: nginx 6 | annotations: 7 | external-dns.alpha.kubernetes.io/ttl: "60" 8 | cert-manager.io/cluster-issuer: letsencrypt-staging 9 | hosts: 10 | - host: metrics-monitoring-metalstack.platform-engineer.cloud 11 | paths: 12 | - path: / 13 | pathType: Prefix 14 | tls: 15 | - secretName: mimir-nginx-tls 16 | hosts: 17 | - metrics-monitoring-metalstack.platform-engineer.cloud 18 | mimir: 19 | structuredConfig: 20 | limits: 21 | max_global_series_per_user: 500000 22 | distributor: 23 | resources: 24 | limits: 25 | cpu: 3.5 26 | memory: 6Gi 27 | ingester: 28 | resources: 29 | limits: 30 | cpu: 5 31 | memory: 6Gi 32 | persistentVolume: 33 | size: 5Gi 34 | 35 | 36 | minio: 37 | persistence: 38 | size: 10Gi 39 | -------------------------------------------------------------------------------- /platform-apps/charts/mimir/values.yaml: -------------------------------------------------------------------------------- 1 | mimir: 2 | metaMonitoring: 3 | dashboards: 4 | enabled: true 5 | annotations: 6 | argocd.argoproj.io/sync-options: ServerSideApply=true 7 | serviceMonitor: 8 | enabled: true 9 | grafanaAgent: 10 | enabled: true 11 | # installOperator: true 12 | 13 | mimir: 14 | structuredConfig: 15 | limits: 16 | compactor_blocks_retention_period: 30d 17 | -------------------------------------------------------------------------------- /platform-apps/charts/minio/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: minio 3 | repository: https://charts.min.io/ 4 | version: 5.4.0 5 | digest: sha256:ee9e86ef2cf45dc378ef9accc86bbd8d50257adad02269e46558c5aa7f03939e 6 | generated: "2025-01-10T15:29:07.066407295Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/minio/templates/external_secret_minio.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: external-secrets.io/v1beta1 2 | kind: ExternalSecret 3 | metadata: 4 | name: minio-admin-secret 5 | namespace: minio 6 | annotations: 7 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 8 | spec: 9 | refreshInterval: "15s" 10 | secretStoreRef: 11 | name: vault-backend 12 | kind: ClusterSecretStore 13 | target: 14 | name: minio-admin-secret 15 | template: 16 | data: 17 | rootPassword: "{{ `{{ .rootPassword }}` }}" 18 | rootUser: "{{ `{{ .rootUser }}` }}" 19 | secretKey: "{{ `{{ .password }}` }}" 20 | data: 21 | - secretKey: password 22 | remoteRef: 23 | key: kubrix-kv/data/minio/base 24 | property: password 25 | - secretKey: rootUser 26 | remoteRef: 27 | key: kubrix-kv/data/minio/base 28 | property: rootUser 29 | - secretKey: rootPassword 30 | remoteRef: 31 | key: kubrix-kv/data/minio/base 32 | property: rootPassword -------------------------------------------------------------------------------- /platform-apps/charts/minio/templates/minio-dashboard-13502.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | grafana_dashboard: "1" 6 | name: minio-dashboard-13502 7 | data: 8 | minio-dashboard-13502.json: |- 9 | {{ .Files.Get "dashboard-files/minio-dashboard-13502.json" | indent 4 }} 10 | -------------------------------------------------------------------------------- /platform-apps/charts/minio/templates/minio-dashboard-15306.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | grafana_dashboard: "1" 6 | name: minio-dashboard-15306 7 | data: 8 | minio-dashboard-15306.json: |- 9 | {{ .Files.Get "dashboard-files/minio-dashboard-15306.json" | indent 4 }} 10 | -------------------------------------------------------------------------------- /platform-apps/charts/minio/templates/sm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | generation: 1 5 | labels: 6 | app: minio 7 | name: sx-minio-cluster 8 | namespace: minio 9 | spec: 10 | endpoints: 11 | - path: /minio/v2/metrics/cluster 12 | port: https 13 | scheme: https 14 | tlsConfig: 15 | ca: 16 | secret: 17 | key: tls.crt 18 | name: minio-server-tls 19 | serverName: sx-minio 20 | insecureSkipVerify: true 21 | namespaceSelector: 22 | matchNames: 23 | - minio 24 | selector: 25 | matchLabels: 26 | app: minio 27 | monitoring: "true" 28 | release: sx-minio 29 | -------------------------------------------------------------------------------- /platform-apps/charts/minio/templates/sm2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | generation: 1 5 | labels: 6 | app: minio 7 | name: sx-minio-bucket 8 | namespace: minio 9 | spec: 10 | endpoints: 11 | - path: /minio/v2/metrics/bucket 12 | port: https 13 | scheme: https 14 | tlsConfig: 15 | ca: 16 | secret: 17 | key: tls.crt 18 | name: minio-server-tls 19 | serverName: sx-minio 20 | insecureSkipVerify: true 21 | namespaceSelector: 22 | matchNames: 23 | - minio 24 | selector: 25 | matchLabels: 26 | app: minio 27 | monitoring: "true" 28 | release: sx-minio 29 | -------------------------------------------------------------------------------- /platform-apps/charts/minio/templates/sm3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | generation: 1 5 | labels: 6 | app: minio 7 | name: sx-minio-resource 8 | namespace: minio 9 | spec: 10 | endpoints: 11 | - path: /minio/v2/metrics/resource 12 | port: https 13 | scheme: https 14 | tlsConfig: 15 | ca: 16 | secret: 17 | key: tls.crt 18 | name: minio-server-tls 19 | serverName: sx-minio 20 | insecureSkipVerify: true 21 | namespaceSelector: 22 | matchNames: 23 | - minio 24 | selector: 25 | matchLabels: 26 | app: minio 27 | monitoring: "true" 28 | release: sx-minio 29 | -------------------------------------------------------------------------------- /platform-apps/charts/team-onboarding/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: team-onboarding 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "1.0.0" 25 | -------------------------------------------------------------------------------- /platform-apps/charts/team-onboarding/templates/alerting-contact-points.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.teams }} 2 | {{- if .alerting }} 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | labels: 7 | grafana_alert: "1" 8 | name: alerting-contact-points 9 | data: 10 | contact-points-{{ .name }}.yaml: |- 11 | apiVersion: 1 12 | contactPoints: 13 | - orgId: 1 14 | name: {{ .name }} 15 | {{ toYaml .alerting.contactPoints | indent 10 }} 16 | {{ end -}} 17 | {{ end -}} -------------------------------------------------------------------------------- /platform-apps/charts/team-onboarding/templates/alerting-notification-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | grafana_alert: "1" 6 | name: alerting-notification-policy 7 | data: 8 | notification-policy.yaml: |- 9 | apiVersion: 1 10 | policies: 11 | - orgId: 1 12 | receiver: platform-team-default 13 | group_by: 14 | - grafana_folder 15 | - alertname 16 | {{- if gt (len .Values.teams) 0 }} 17 | routes: 18 | {{- range .Values.teams }} 19 | {{- if .alerting }} 20 | - receiver: {{ .name }} 21 | object_matchers: 22 | - - namespace 23 | - =~ 24 | - {{ .name }}-.* 25 | {{ end -}} 26 | {{ end -}} 27 | {{ end -}} -------------------------------------------------------------------------------- /platform-apps/charts/team-onboarding/templates/app-definition-ns.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.teams }} 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: adn-{{ .name }} 6 | --- 7 | {{- end }} 8 | -------------------------------------------------------------------------------- /platform-apps/charts/team-onboarding/templates/app-of-apps.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.teams }} 2 | {{- if .appOfAppsRepo -}} 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: Application 5 | metadata: 6 | name: {{ .name }}-app-of-apps 7 | namespace: adn-{{ .name }} 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | spec: 11 | destination: 12 | namespace: adn-{{ .name }} 13 | name: "in-cluster" 14 | project: {{ .name }}-project 15 | source: 16 | path: {{ .appOfAppsRepo.path }} 17 | repoURL: {{ .appOfAppsRepo.repoURL }} 18 | targetRevision: {{ .appOfAppsRepo.revision }} 19 | directory: 20 | recurse: true 21 | syncPolicy: 22 | automated: 23 | prune: true 24 | selfHeal: true 25 | --- 26 | {{- end }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /platform-apps/charts/team-onboarding/templates/appset-scm-multi-stage-kargo-es.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.teams }} 2 | {{- if .multiStageKargoAppSet }} 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: {{ .name }}-secret 7 | namespace: adn-{{ .name }} 8 | annotations: 9 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 10 | spec: 11 | refreshInterval: "15s" 12 | secretStoreRef: 13 | name: vault-backend 14 | kind: ClusterSecretStore 15 | target: 16 | name: {{ .name }}-appset-github-token 17 | template: 18 | data: 19 | token: "{{ `{{ .KUBRIX_ARGOCD_APPSET_TOKEN }}` }}" 20 | data: 21 | - secretKey: KUBRIX_ARGOCD_APPSET_TOKEN 22 | remoteRef: 23 | key: kubrix-kv/data/{{ .name }}/delivery 24 | property: KUBRIX_ARGOCD_APPSET_TOKEN 25 | --- 26 | {{- end }} 27 | {{- end }} 28 | 29 | -------------------------------------------------------------------------------- /platform-apps/charts/team-onboarding/templates/grafana-alerting-secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if gt (len .Values.teams) 0 }} 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ExternalSecret 4 | metadata: 5 | name: team-onboarding-alerting-secret 6 | namespace: grafana 7 | annotations: 8 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 9 | spec: 10 | refreshInterval: "15s" 11 | secretStoreRef: 12 | name: vault-backend 13 | kind: ClusterSecretStore 14 | target: 15 | name: team-onboarding-alerting-secret 16 | dataFrom: 17 | {{- range .Values.teams }} 18 | - extract: 19 | key: {{ .name }}/observability 20 | rewrite: 21 | - regexp: 22 | source: "^(.*)$" 23 | target: "{{ .name | upper | replace "-" "_" }}_$1" 24 | {{- end }} 25 | {{- end }} 26 | 27 | -------------------------------------------------------------------------------- /platform-apps/charts/team-onboarding/templates/kc_member.yaml: -------------------------------------------------------------------------------- 1 | {{- range $group, $users := .Values.platformteam }} 2 | {{- if $users }} 3 | --- 4 | apiVersion: group.keycloak.crossplane.io/v1alpha1 5 | kind: Memberships 6 | metadata: 7 | name: kc-{{ $group }}-users-memberships 8 | annotations: 9 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 10 | argocd.argoproj.io/sync-wave: "4" 11 | spec: 12 | forProvider: 13 | groupIdRef: 14 | name: {{ $group }} 15 | members: 16 | {{- range $user := $users }} 17 | - {{ $user }} 18 | {{- end }} 19 | realmId: kubrix 20 | providerConfigRef: 21 | name: "sx-keycloak-config" 22 | {{- end }} 23 | {{- end }} -------------------------------------------------------------------------------- /platform-apps/charts/team-onboarding/values-demo-metalstack.yaml: -------------------------------------------------------------------------------- 1 | scmAppsetRequeueAfterSeconds: 30 2 | multiStageKargoAppSetHelmRepo: "https://github.com/kubriX-demo/kubriX-demo-oss" 3 | 4 | teams: [] 5 | -------------------------------------------------------------------------------- /platform-apps/charts/team-onboarding/values-k3d.yaml: -------------------------------------------------------------------------------- 1 | destinationClusters: 2 | - name: in-cluster 3 | allowedTeams: [".*"] 4 | 5 | teams: [] 6 | -------------------------------------------------------------------------------- /platform-apps/charts/team-onboarding/values-metalstack.yaml: -------------------------------------------------------------------------------- 1 | teams: 2 | - name: team1 3 | sourceRepos: 4 | - '*' 5 | clusterResourceWhitelist: 6 | - group: "" 7 | kind: Namespace 8 | # also allow kargo Project cluster resource, 9 | # all details why is documented currently in 10 | # https://github.com/akuity/kargo/issues/2058 11 | - group: kargo.akuity.io 12 | kind: Project 13 | appOfAppsRepo: 14 | repoURL: https://github.com/suxess-it/team1-apps 15 | path: metalstack-apps 16 | revision: main 17 | multiStageKargoAppSet: 18 | organization: suxess-it 19 | - name: team2 20 | sourceRepos: 21 | - '*' 22 | clusterResourceWhitelist: 23 | - group: "" 24 | kind: Namespace 25 | - group: kargo.akuity.io 26 | kind: Project 27 | appOfAppsRepo: 28 | repoURL: https://github.com/suxess-it/team2-apps 29 | path: metalstack-apps 30 | revision: main 31 | # in the future maybe also some attributes for an scm / git application-set instead of appOfApps possible 32 | scmAppSet: ~ 33 | gitAppSet: ~ 34 | -------------------------------------------------------------------------------- /platform-apps/charts/team-onboarding/values.yaml: -------------------------------------------------------------------------------- 1 | # destinationClusters list defines which team is allowed to deploy to which cluster 2 | # on single-node instances you should set 'allowedTeams: [".*"]' so every team is able to deploy application 3 | # this needs to get change on hub-and-spoke architectures 4 | # regexp for team names is possible 5 | destinationClusters: 6 | - name: in-cluster 7 | # allowedTeams: [".*"] 8 | # deniedTeams: [".*"] 9 | 10 | scmAppsetRequeueAfterSeconds: 1800 11 | multiStageKargoAppSetHelmRepo: ~ 12 | 13 | default: 14 | repoURL: https://github.com/suxess-it/kubriX 15 | targetRevision: main 16 | 17 | teams: [] -------------------------------------------------------------------------------- /platform-apps/charts/tempo/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: tempo 3 | repository: https://grafana.github.io/helm-charts 4 | version: 1.21.1 5 | digest: sha256:fdcff02f0ad28c27205f540544423aee7aef8aa022d5e8a10d1dde2cfdf83786 6 | generated: "2025-05-10T15:25:00.634922831Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/tempo/templates/demo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: xk6-tracing 5 | namespace: default 6 | spec: 7 | minReadySeconds: 10 8 | replicas: 1 9 | revisionHistoryLimit: 10 10 | selector: 11 | matchLabels: 12 | app: xk6-tracing 13 | name: xk6-tracing 14 | template: 15 | metadata: 16 | labels: 17 | app: xk6-tracing 18 | name: xk6-tracing 19 | spec: 20 | containers: 21 | - env: 22 | - name: ENDPOINT 23 | value: sx-tempo.monitoring:4317 24 | image: ghcr.io/grafana/xk6-client-tracing:v0.0.2 25 | imagePullPolicy: IfNotPresent 26 | name: xk6-tracing 27 | -------------------------------------------------------------------------------- /platform-apps/charts/tempo/values-k3d.yaml: -------------------------------------------------------------------------------- 1 | tempo: 2 | tempo: 3 | metricsGenerator: 4 | # -- If true, enables Tempo's metrics generator (https://grafana.com/docs/tempo/next/metrics-generator/) 5 | enabled: true 6 | serviceMonitor: 7 | enabled: true 8 | -------------------------------------------------------------------------------- /platform-apps/charts/tempo/values.yaml: -------------------------------------------------------------------------------- 1 | tempo: 2 | tempo: 3 | retention: 24h 4 | -------------------------------------------------------------------------------- /platform-apps/charts/trivy/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: trivy-operator 3 | repository: https://aquasecurity.github.io/helm-charts/ 4 | version: 0.28.1 5 | digest: sha256:497e0e1bd00e1d1b2f9fdf01b1651f86dec5fc03a2cff67ed9c0f75cbaf4af73 6 | generated: "2025-05-08T08:09:24.131659761Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/trivy/templates/trivy-dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | grafana_dashboard: "1" 6 | name: trivy-dashboard 7 | data: 8 | trivy-dashboard.json: |- 9 | {{ .Files.Get "dashboard-files/trivy-dashboard.json" | indent 4 }} 10 | -------------------------------------------------------------------------------- /platform-apps/charts/trivy/values-k3d.yaml: -------------------------------------------------------------------------------- 1 | trivy-operator: 2 | targetNamespaces: "" # scan all namespaces 3 | operator: 4 | metricsVulnIdEnabled: true 5 | serviceMonitor: 6 | enabled: true 7 | trivyOperator: 8 | reportResourceLabels: "backstage.io/kubernetes-id" 9 | trivy: 10 | ignoreUnfixed: true 11 | timeout: "10m0s" -------------------------------------------------------------------------------- /platform-apps/charts/trivy/values-metalstackyaml: -------------------------------------------------------------------------------- 1 | trivy-operator: 2 | targetNamespaces: "" # scan all namespaces 3 | operator: 4 | metricsVulnIdEnabled: true 5 | serviceMonitor: 6 | enabled: true 7 | trivyOperator: 8 | reportResourceLabels: "backstage.io/kubernetes-id" 9 | trivy: 10 | ignoreUnfixed: true 11 | timeout: "10m0s" -------------------------------------------------------------------------------- /platform-apps/charts/vault/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: vault 3 | repository: https://helm.releases.hashicorp.com 4 | version: 0.30.0 5 | digest: sha256:16f63974b4992ed4669fd2a5910db5c141f81edd1ae1f25f3d725411308d4ffa 6 | generated: "2025-06-04T12:43:34.674883411Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/vault/templates/binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: {{ .Release.Name }}-secret-edit 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: {{ .Release.Name }}-secret-edit 9 | subjects: 10 | - kind: ServiceAccount 11 | name: {{ .Release.Name }} 12 | namespace: {{ .Release.Namespace }} 13 | --- 14 | apiVersion: rbac.authorization.k8s.io/v1 15 | kind: RoleBinding 16 | metadata: 17 | name: {{ .Release.Name }}-configmap-edit 18 | roleRef: 19 | apiGroup: rbac.authorization.k8s.io 20 | kind: ClusterRole 21 | name: {{ .Release.Name }}-configmap-edit 22 | subjects: 23 | - kind: ServiceAccount 24 | name: {{ .Release.Name }} 25 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /platform-apps/charts/vault/templates/crossplane/cp-audit.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: vault.vault.upbound.io/v1alpha1 2 | kind: Audit 3 | metadata: 4 | name: audit 5 | annotations: 6 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 7 | argocd.argoproj.io/sync-wave: "1" 8 | spec: 9 | providerConfigRef: 10 | name: vault-crossplane-providerconfig 11 | forProvider: 12 | options: 13 | # file_path: /vault/audit/audit.log 14 | file_path: discard 15 | type: file -------------------------------------------------------------------------------- /platform-apps/charts/vault/templates/crossplane/cp-authbackendrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kubernetes.vault.upbound.io/v1alpha1 2 | kind: AuthBackendRole 3 | metadata: 4 | name: policy-admin 5 | annotations: 6 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 7 | argocd.argoproj.io/sync-wave: "1" 8 | spec: 9 | providerConfigRef: 10 | name: vault-crossplane-providerconfig 11 | forProvider: 12 | audience: vault 13 | backend: kubernetes 14 | boundServiceAccountNames: 15 | - default 16 | boundServiceAccountNamespaces: 17 | - vault 18 | roleName: policy-admin 19 | tokenPolicies: 20 | - kubrix-vault 21 | tokenTtl: 60 -------------------------------------------------------------------------------- /platform-apps/charts/vault/templates/crossplane/cp-provider.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pkg.crossplane.io/v1beta1 2 | kind: DeploymentRuntimeConfig 3 | metadata: 4 | name: vault-provider-config 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "-10" 7 | spec: 8 | deploymentTemplate: 9 | spec: 10 | selector: {} 11 | template: 12 | spec: 13 | containers: 14 | - name: package-runtime 15 | # args: 16 | # - --poll=1m 17 | # - --debug 18 | --- 19 | # should move to crossplane ns, maybe? 20 | apiVersion: pkg.crossplane.io/v1 21 | kind: Provider 22 | metadata: 23 | name: provider-vault 24 | annotations: 25 | argocd.argoproj.io/sync-wave: "-10" 26 | spec: 27 | package: xpkg.upbound.io/upbound/provider-vault:v2 28 | runtimeConfigRef: 29 | apiVersion: pkg.crossplane.io/v1beta1 30 | kind: DeploymentRuntimeConfig 31 | name: vault-provider-config 32 | -------------------------------------------------------------------------------- /platform-apps/charts/vault/templates/crossplane/cp-providerconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: vault.upbound.io/v1beta1 3 | kind: ProviderConfig 4 | metadata: 5 | name: "vault-crossplane-providerconfig" 6 | namespace: "{{ .Release.Namespace }}" 7 | annotations: 8 | argocd.argoproj.io/sync-wave: "-8" 9 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 10 | spec: 11 | address: "{{ .Values.eso.providerUrl }}" 12 | credentials: 13 | source: Secret 14 | secretRef: 15 | name: crossplane-init 16 | key: credentials 17 | namespace: "{{ .Release.Namespace }}" 18 | skip_child_token: true 19 | -------------------------------------------------------------------------------- /platform-apps/charts/vault/templates/crossplane/cp-secret-kv2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: vault.vault.upbound.io/v1alpha1 2 | kind: Mount 3 | metadata: 4 | name: kubrix-kv 5 | annotations: 6 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 7 | argocd.argoproj.io/sync-wave: "1" 8 | spec: 9 | providerConfigRef: 10 | name: vault-crossplane-providerconfig 11 | forProvider: 12 | description: kubriX Secret Store 13 | options: 14 | version: "2" 15 | path: kubrix-kv 16 | type: kv 17 | --- 18 | apiVersion: kv.vault.upbound.io/v1alpha1 19 | kind: SecretBackendV2 20 | metadata: 21 | name: example 22 | annotations: 23 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 24 | argocd.argoproj.io/sync-wave: "2" 25 | spec: 26 | providerConfigRef: 27 | name: vault-crossplane-providerconfig 28 | forProvider: 29 | casRequired: false # currently not working 30 | #deleteVersionAfter: 12600 31 | maxVersions: 5 32 | mount: kubrix-kv -------------------------------------------------------------------------------- /platform-apps/charts/vault/templates/env-vars-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ .Release.Name }}-env-vars 5 | type: Opaque 6 | stringData: 7 | {{- with (first .Values.vault.server.ingress.hosts) }} 8 | VAULT_TLS_SERVER_NAME: {{ .host }} 9 | VAULT_ADDR: http://127.0.0.1:8200 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /platform-apps/charts/vault/templates/eso/clustersecretstore.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.eso.providerUrl }} 2 | apiVersion: external-secrets.io/v1beta1 3 | kind: ClusterSecretStore 4 | metadata: 5 | name: vault-backend 6 | annotations: 7 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 8 | argocd.argoproj.io/sync-wave: "2" 9 | 10 | spec: 11 | provider: 12 | vault: 13 | server: "{{ .Values.eso.providerUrl }}" 14 | path: "{{ .Values.eso.secretStore }}" 15 | version: "v2" 16 | namespace: vault 17 | auth: 18 | tokenSecretRef: 19 | name: "vault-init" 20 | key: "root_token" 21 | namespace: vault 22 | {{ end }} -------------------------------------------------------------------------------- /platform-apps/charts/vault/templates/role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: {{ .Release.Name }}-secret-edit 5 | rules: 6 | - apiGroups: [""] 7 | resources: ["secrets"] 8 | verbs: ["get", "watch", "list","create"] 9 | --- 10 | apiVersion: rbac.authorization.k8s.io/v1 11 | kind: ClusterRole 12 | metadata: 13 | name: {{ .Release.Name }}-configmap-edit 14 | rules: 15 | - apiGroups: [""] 16 | resources: ["configmaps"] 17 | verbs: ["get", "patch", "create"] -------------------------------------------------------------------------------- /platform-apps/charts/vault/templates/vault-dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | grafana_dashboard: "1" 6 | name: vault-dashboard 7 | data: 8 | vault-dashboard.json: |- 9 | {{ .Files.Get "dashboard-files/vault-dashboard.json" | indent 4 }} 10 | -------------------------------------------------------------------------------- /platform-apps/charts/velero-ui/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: vui 3 | repository: https://seriohub.github.io/velero-helm/ 4 | version: 0.1.27 5 | digest: sha256:fd7b6f7de99c5ed74ec0129ffa87cb3a49f32afb65b6c7f162e67b6254f1b1da 6 | generated: "2025-04-04T20:41:09.022972909Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/velero-ui/values-demo-metalstack.yaml: -------------------------------------------------------------------------------- 1 | vui: 2 | global: 3 | veleroNamespace: velero 4 | kubernetesClusterDomain: cluster.local 5 | clusterName: "kubriX--demo" 6 | nextPublicLoggerEnabled: false 7 | 8 | apiConfig: 9 | apiEnableDocumentation: "1" 10 | k8SInClusterMode: "True" 11 | origins1: 'https://velero-ui.demo.kubrix.cloud' 12 | veleroCliVersion: v1.14.0 13 | existingSecret: velero-ui-credential 14 | 15 | uiIngress: 16 | enabled: true 17 | host: velero-ui.demo.kubrix.cloud 18 | ingressClassName: nginx 19 | metadata: 20 | annotations: 21 | external-dns.alpha.kubernetes.io/ttl: "60" 22 | cert-manager.io/cluster-issuer: letsencrypt-prod 23 | spec: 24 | tls: 25 | - secretName: velero-ui-tls 26 | hosts: 27 | - velero-ui.demo.kubrix.cloud 28 | 29 | uiNp: # NodePort 30 | enabled: false 31 | ip: "" 32 | apiPort: "30001" 33 | uiPort: "30002" 34 | 35 | -------------------------------------------------------------------------------- /platform-apps/charts/velero-ui/values-k3d.yaml: -------------------------------------------------------------------------------- 1 | vui: 2 | global: 3 | veleroNamespace: velero 4 | kubernetesClusterDomain: cluster.local 5 | clusterName: "localdemo" 6 | nextPublicLoggerEnabled: false 7 | 8 | apiConfig: 9 | apiEnableDocumentation: "1" 10 | k8SInClusterMode: "True" 11 | origins1: 'https://velero-ui-127-0-0-1.nip.io' 12 | veleroCliVersion: v1.14.0 13 | existingSecret: velero-ui-credential 14 | 15 | uiIngress: 16 | enabled: true 17 | host: velero-ui-127-0-0-1.nip.io 18 | ingressClassName: "" 19 | metadata: 20 | annotations: 21 | spec: 22 | tls: 23 | - secretName: velero-ui-server-tls 24 | hosts: 25 | - velero-ui-127-0-0-1.nip.io 26 | 27 | uiNp: # NodePort 28 | enabled: false 29 | ip: "" 30 | apiPort: "30001" 31 | uiPort: "30002" 32 | 33 | -------------------------------------------------------------------------------- /platform-apps/charts/velero/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: velero 3 | repository: https://vmware-tanzu.github.io/helm-charts 4 | version: 8.7.2 5 | digest: sha256:ea338dd737b7ea8db2c15bd18593a2184e6f4a6e17f9e40565c0c541cbbadee2 6 | generated: "2025-04-11T11:49:22.042097237Z" 7 | -------------------------------------------------------------------------------- /platform-apps/charts/velero/templates/external_secret_velero.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: external-secrets.io/v1beta1 2 | kind: ExternalSecret 3 | metadata: 4 | name: velero-cloud-credential 5 | namespace: velero 6 | annotations: 7 | argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true 8 | spec: 9 | refreshInterval: "15s" 10 | secretStoreRef: 11 | name: vault-backend 12 | kind: ClusterSecretStore 13 | target: 14 | name: velero-cloud-credential 15 | template: 16 | data: 17 | cloud: |- 18 | [default] 19 | aws_access_key_id: "{{ `{{ .aws_access_key_id }}` }}" 20 | aws_secret_access_key: "{{ `{{ .aws_secret_access_key }}` }}" 21 | data: 22 | - secretKey: aws_access_key_id 23 | remoteRef: 24 | key: kubrix-kv/data/minio/base 25 | property: username 26 | - secretKey: aws_secret_access_key 27 | remoteRef: 28 | key: kubrix-kv/data/minio/base 29 | property: password 30 | -------------------------------------------------------------------------------- /platform-apps/charts/velero/templates/velero-dashboard-16829.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | grafana_dashboard: "1" 6 | name: velero-dashboard-16829 7 | data: 8 | velero-dashboard-16829.json: |- 9 | {{ .Files.Get "dashboard-files/velero-dashboard-16829.json" | indent 4 }} 10 | -------------------------------------------------------------------------------- /platform-apps/charts/velero/values.yaml: -------------------------------------------------------------------------------- 1 | velero: 2 | kubectl: 3 | image: 4 | tag: 1.31 -------------------------------------------------------------------------------- /platform-apps/platform-apps.md: -------------------------------------------------------------------------------- 1 | # this is the place where we will put all platform app application definitions 2 | -------------------------------------------------------------------------------- /platform-apps/target-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: platform-apps-chart 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "1.0.0" 25 | -------------------------------------------------------------------------------- /platform-apps/target-chart/values-kind-base.yaml: -------------------------------------------------------------------------------- 1 | default: 2 | valueFiles: 3 | - values-k3d.yaml 4 | 5 | applications: 6 | 7 | - name: cert-manager 8 | annotations: 9 | argocd.argoproj.io/sync-wave: "-10" 10 | 11 | - name: crossplane 12 | annotations: 13 | argocd.argoproj.io/sync-wave: "-9" 14 | 15 | - name: argocd 16 | annotations: 17 | argocd.argoproj.io/sync-wave: "-9" 18 | 19 | - name: external-secrets 20 | annotations: 21 | argocd.argoproj.io/sync-wave: "-8" 22 | 23 | - name: k8s-monitoring 24 | annotations: 25 | argocd.argoproj.io/compare-options: ServerSideDiff=true 26 | argocd.argoproj.io/sync-wave: "-8" 27 | syncOptions: 28 | - ServerSideApply=true 29 | 30 | # - name: cnpg 31 | # annotations: 32 | # argocd.argoproj.io/compare-options: ServerSideDiff=true 33 | # argocd.argoproj.io/sync-wave: "-6" 34 | # syncOptions: 35 | # - ServerSideApply=true 36 | 37 | - name: vault 38 | annotations: 39 | argocd.argoproj.io/sync-wave: "-7" 40 | 41 | - name: keycloak 42 | annotations: 43 | argocd.argoproj.io/sync-wave: "-5" 44 | 45 | - name: backstage 46 | annotations: 47 | argocd.argoproj.io/sync-wave: "10" -------------------------------------------------------------------------------- /platform-apps/target-chart/values-kind-portal.yaml: -------------------------------------------------------------------------------- 1 | default: 2 | valueFiles: 3 | - values-k3d.yaml 4 | 5 | applications: 6 | 7 | - name: cert-manager 8 | annotations: 9 | argocd.argoproj.io/sync-wave: "-10" 10 | 11 | - name: crossplane 12 | annotations: 13 | argocd.argoproj.io/sync-wave: "-9" 14 | 15 | - name: argocd 16 | annotations: 17 | argocd.argoproj.io/sync-wave: "-9" 18 | 19 | - name: external-secrets 20 | annotations: 21 | argocd.argoproj.io/sync-wave: "-8" 22 | 23 | - name: k8s-monitoring 24 | annotations: 25 | argocd.argoproj.io/compare-options: ServerSideDiff=true 26 | argocd.argoproj.io/sync-wave: "-8" 27 | syncOptions: 28 | - ServerSideApply=true 29 | 30 | - name: vault 31 | annotations: 32 | argocd.argoproj.io/sync-wave: "-7" 33 | 34 | - name: keycloak 35 | annotations: 36 | argocd.argoproj.io/sync-wave: "-5" 37 | 38 | - name: backstage 39 | annotations: 40 | argocd.argoproj.io/sync-wave: "10" 41 | -------------------------------------------------------------------------------- /platform-apps/target-chart/values.yaml: -------------------------------------------------------------------------------- 1 | default: 2 | repoURL: https://github.com/suxess-it/kubriX 3 | targetRevision: main 4 | valueFiles: [] 5 | kubriXPlan: oss 6 | applications: ~ -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "configMigration": true, 3 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 4 | "extends": [ 5 | "config:recommended" 6 | ], 7 | "crossplane": { 8 | "managerFilePatterns": [ 9 | "/.+provider\\.yaml$/" 10 | ] 11 | }, 12 | "packageRules": [ 13 | { 14 | "matchDatasources": [ 15 | "helm", 16 | "docker" 17 | ], 18 | "major": { 19 | "semanticCommitType": "feat", 20 | "commitBody": "BREAKING CHANGE: new upstream major version" 21 | }, 22 | "minor": { 23 | "semanticCommitType": "feat" 24 | }, 25 | "patch": { 26 | "semanticCommitType": "fix" 27 | } 28 | } 29 | ] 30 | } 31 | -------------------------------------------------------------------------------- /team-apps/onboarding-apps-charts/multi-stage-app-with-kargo-pipeline/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /team-apps/onboarding-apps-charts/multi-stage-app-with-kargo-pipeline/templates/NOTES.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/team-apps/onboarding-apps-charts/multi-stage-app-with-kargo-pipeline/templates/NOTES.txt -------------------------------------------------------------------------------- /team-apps/onboarding-apps-charts/multi-stage-app-with-kargo-pipeline/templates/git-creds-eso.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: external-secrets.io/v1beta1 2 | kind: ExternalSecret 3 | metadata: 4 | labels: 5 | kargo.akuity.io/cred-type: git 6 | name: {{ .Values.appName }}-git-creds 7 | namespace: {{ tpl .Values.kargoProject . }} 8 | spec: 9 | data: 10 | - remoteRef: 11 | key: kubrix-kv/data/{{ .Values.teamName }}/delivery 12 | property: KUBRIX_KARGO_GIT_PASSWORD 13 | secretKey: KUBRIX_KARGO_GIT_PASSWORD 14 | refreshInterval: 15s 15 | secretStoreRef: 16 | kind: ClusterSecretStore 17 | name: vault-backend 18 | target: 19 | name: {{ .Values.appName }}-git-creds 20 | template: 21 | data: 22 | password: '{{`{{ .KUBRIX_KARGO_GIT_PASSWORD }}`}}' 23 | repoURL: '{{ .Values.repoUrl }}' 24 | repoURLIsRegex: 'false' 25 | username: 'dummy' 26 | metadata: 27 | labels: 28 | kargo.akuity.io/cred-type: git -------------------------------------------------------------------------------- /team-apps/onboarding-apps-charts/multi-stage-app-with-kargo-pipeline/templates/kargo-project.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kargo.akuity.io/v1alpha1 2 | kind: Project 3 | metadata: 4 | name: {{ tpl .Values.kargoProject . }} 5 | annotations: 6 | argocd.argoproj.io/sync-wave: "-1" -------------------------------------------------------------------------------- /team-apps/onboarding-apps-charts/multi-stage-app-with-kargo-pipeline/templates/kargo-warehouse.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kargo.akuity.io/v1alpha1 2 | kind: Warehouse 3 | metadata: 4 | name: warehouse-{{ .Values.appName }} 5 | namespace: {{ tpl .Values.kargoProject . }} 6 | spec: 7 | subscriptions: 8 | - git: 9 | repoURL: {{ .Values.repoUrl }} -------------------------------------------------------------------------------- /team-apps/onboarding-apps-charts/multi-stage-app-with-kargo-pipeline/values.yaml: -------------------------------------------------------------------------------- 1 | teamName: ~ 2 | appProject: "{{ .Values.teamName }}-project" 3 | appName: ~ 4 | repoUrl: ~ 5 | # maybe also the kargo project is something implicit which we don't need to specify here 6 | # it depends if some apps need to share a kargoProject or not, 7 | # but currently it seems to be a 1:1 relation between appName and kargoProject 8 | kargoProject: "{{ .Values.teamName }}-{{ .Values.appName }}-kargo-project" 9 | appNamespace: {} 10 | stages: [] -------------------------------------------------------------------------------- /trivy-reports/report-k8s-monitoring_alloy_v1.8.1.md: -------------------------------------------------------------------------------- 1 | 2 |

Target docker.io/grafana/alloy:v1.8.1 (ubuntu 24.04)

3 |

No Vulnerabilities found

4 |

No Misconfigurations found

5 |

Target usr/bin/alloy

6 |

No Vulnerabilities found

7 |

No Misconfigurations found

8 | -------------------------------------------------------------------------------- /trivy-reports/report-k8s-monitoring_k8s-monitoring-test_1.6.33.md: -------------------------------------------------------------------------------- 1 | 2 |

Target usr/local/bin/profilecli

3 |

Vulnerabilities (3)

4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 |
PackageIDSeverityInstalled VersionFixed Version
github.com/golang-jwt/jwt/v5CVE-2025-30204HIGHv5.2.15.2.2
golang.org/x/cryptoCVE-2024-45337CRITICALv0.24.00.31.0
golang.org/x/cryptoCVE-2025-22869HIGHv0.24.00.35.0
34 |

No Misconfigurations found

35 | -------------------------------------------------------------------------------- /trivy-reports/report-k8s-monitoring_node-exporter_v1.9.1.md: -------------------------------------------------------------------------------- 1 | 2 |

Target bin/node_exporter

3 |

No Vulnerabilities found

4 |

No Misconfigurations found

5 | -------------------------------------------------------------------------------- /trivy-reports/report-k8s-monitoring_prometheus-config-reloader_v0.81.0.md: -------------------------------------------------------------------------------- 1 | 2 |

Target bin/prometheus-config-reloader

3 |

No Vulnerabilities found

4 |

No Misconfigurations found

5 | -------------------------------------------------------------------------------- /trivy-reports/report-kubecost_cost-model_prod-2.7.1.md: -------------------------------------------------------------------------------- 1 | 2 |

Target gcr.io/kubecost1/cost-model:prod-2.7.1 (redhat 9.5)

3 |

No Vulnerabilities found

4 |

No Misconfigurations found

5 |

Target go/bin/app

6 |

No Vulnerabilities found

7 |

No Misconfigurations found

8 | -------------------------------------------------------------------------------- /trivy-reports/report-kubecost_frontend_prod-2.7.1.md: -------------------------------------------------------------------------------- 1 | 2 |

Target gcr.io/kubecost1/frontend:prod-2.7.1 (redhat 9.5)

3 |

No Vulnerabilities found

4 |

No Misconfigurations found

5 | -------------------------------------------------------------------------------- /trivy-scan-reports/crossplane_scan_summary_report.md: -------------------------------------------------------------------------------- 1 | 2 |

Target xpkg.upbound.io/crossplane/crossplane:v1.19.1 (debian 12.8)

3 |

No Vulnerabilities found

4 |

No Misconfigurations found

5 |

Target usr/local/bin/crossplane

6 |

No Vulnerabilities found

7 |

No Misconfigurations found

8 | -------------------------------------------------------------------------------- /trivy-scan-reports/external-dns_scan_summary_report.md: -------------------------------------------------------------------------------- 1 | 2 |

Target ghcr.io/ionos-cloud/external-dns-ionos-webhook:v0.6.2 (debian 11.10)

3 |

No Vulnerabilities found

4 |

No Misconfigurations found

5 |

Target opt/external-dns-ionos-webhook/app

6 |

No Vulnerabilities found

7 |

No Misconfigurations found

8 | 9 |

Target registry.k8s.io/external-dns/external-dns:v0.15.1 (debian 12.8)

10 |

No Vulnerabilities found

11 |

No Misconfigurations found

12 |

Target ko-app/external-dns

13 |

Vulnerabilities (2)

14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 |
PackageIDSeverityInstalled VersionFixed Version
github.com/golang-jwt/jwt/v5CVE-2025-30204HIGHv5.2.15.2.2
golang.org/x/cryptoCVE-2025-22869HIGHv0.31.00.35.0
37 |

No Misconfigurations found

38 | -------------------------------------------------------------------------------- /trivy-scan-reports/external-secrets_scan_summary_report.md: -------------------------------------------------------------------------------- 1 | 2 |

Target oci.external-secrets.io/external-secrets/external-secrets:v0.15.1 (debian 12.10)

3 |

No Vulnerabilities found

4 |

No Misconfigurations found

5 |

Target bin/external-secrets

6 |

No Vulnerabilities found

7 |

No Misconfigurations found

8 | -------------------------------------------------------------------------------- /trivy-scan-reports/kargo_scan_summary_report.md: -------------------------------------------------------------------------------- 1 | 2 |

Target ghcr.io/akuity/kargo:v1.4.1 (wolfi 20230201)

3 |

No Vulnerabilities found

4 |

No Misconfigurations found

5 |

Target usr/local/bin/credential-helper

6 |

No Vulnerabilities found

7 |

No Misconfigurations found

8 |

Target usr/local/bin/grpc_health_probe

9 |

Vulnerabilities (1)

10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 |
PackageIDSeverityInstalled VersionFixed Version
golang.org/x/cryptoCVE-2025-22869HIGHv0.31.00.35.0
26 |

No Misconfigurations found

27 |

Target usr/local/bin/kargo

28 |

No Vulnerabilities found

29 |

No Misconfigurations found

30 | -------------------------------------------------------------------------------- /trivy-scan-reports/team-onboarding_scan_summary_report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/suxess-it/kubriX/df93fed9c65c4f64fbe6d021c3e1203910ea188d/trivy-scan-reports/team-onboarding_scan_summary_report.md -------------------------------------------------------------------------------- /trivy-scan-reports/trivy_scan_summary_report.md: -------------------------------------------------------------------------------- 1 | 2 |

Target mirror.gcr.io/aquasec/trivy-operator:0.25.0 (alpine 3.20.3)

3 |

No Vulnerabilities found

4 |

No Misconfigurations found

5 |

Target usr/local/bin/trivy-operator

6 |

Vulnerabilities (2)

7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 |
PackageIDSeverityInstalled VersionFixed Version
github.com/golang-jwt/jwt/v4CVE-2025-30204HIGHv4.5.14.5.2
github.com/golang-jwt/jwt/v5CVE-2025-30204HIGHv5.2.15.2.2
30 |

No Misconfigurations found

31 | --------------------------------------------------------------------------------