Initial commit: Turbo Mothership bare metal management cluster

- k0s bootstrap with Cilium and OpenEBS - ArgoCD apps for infra, CAPI, Tinkerbell, and Netris - Ansible playbooks for virtual baremetal lab and Netris switches - CAPI provider manifests for k0smotron and Tinkerbell
2025-12-15 19:59:58 +01:00
commit df9937f0c3
39 changed files with 1961 additions and 0 deletions
--- a/bootstrap/charts/turbo-mothership-bootstrap/.helmignore
+++ b/bootstrap/charts/turbo-mothership-bootstrap/.helmignore
@@ -0,0 +1,18 @@
+# Patterns to ignore when building packages.
+.DS_Store
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+.project
+.idea/
+*.tmproj
+.vscode/
--- a/bootstrap/charts/turbo-mothership-bootstrap/Chart.lock
+++ b/bootstrap/charts/turbo-mothership-bootstrap/Chart.lock
@@ -0,0 +1,15 @@
+dependencies:
+- name: ingress-nginx
+  repository: https://kubernetes.github.io/ingress-nginx
+  version: 4.14.1
+- name: cert-manager
+  repository: https://charts.jetstack.io
+  version: v1.19.2
+- name: sealed-secrets
+  repository: https://bitnami-labs.github.io/sealed-secrets
+  version: 2.17.9
+- name: argo-cd
+  repository: https://argoproj.github.io/argo-helm
+  version: 9.1.6
+digest: sha256:dae2d89a79210646255cfbd3d045717b9db40aaf0c9e180d64829b1306659cd0
+generated: "2025-12-15T17:29:55.279201521+01:00"
--- a/bootstrap/charts/turbo-mothership-bootstrap/Chart.yaml
+++ b/bootstrap/charts/turbo-mothership-bootstrap/Chart.yaml
@@ -0,0 +1,27 @@
+apiVersion: v2
+name: turbo-mothership-bootstrap
+description: Umbrella chart for cluster bootstrap components
+type: application
+version: 0.1.0
+appVersion: "1.0.0"
+
+dependencies:
+  - name: ingress-nginx
+    version: "4.14.1"
+    repository: https://kubernetes.github.io/ingress-nginx
+    condition: ingress-nginx.enabled
+
+  - name: cert-manager
+    version: "1.19.2"
+    repository: https://charts.jetstack.io
+    condition: cert-manager.enabled
+
+  - name: sealed-secrets
+    version: "2.17.9"
+    repository: https://bitnami-labs.github.io/sealed-secrets
+    condition: sealed-secrets.enabled
+
+  - name: argo-cd
+    version: "9.1.6"
+    repository: https://argoproj.github.io/argo-helm
+    condition: argo-cd.enabled
--- a/bootstrap/charts/turbo-mothership-bootstrap/templates/cluster-issuer.yaml
+++ b/bootstrap/charts/turbo-mothership-bootstrap/templates/cluster-issuer.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.clusterIssuer.enabled }}
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: {{ .Values.clusterIssuer.name }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-weight": "10"
+spec:
+  acme:
+    server: {{ .Values.clusterIssuer.server }}
+    email: {{ .Values.clusterIssuer.email }}
+    privateKeySecretRef:
+      name: {{ .Values.clusterIssuer.name }}
+    solvers:
+      - http01:
+          ingress:
+            ingressClassName: nginx
+{{- end }}
--- a/bootstrap/charts/turbo-mothership-bootstrap/templates/namespaces.yaml
+++ b/bootstrap/charts/turbo-mothership-bootstrap/templates/namespaces.yaml
@@ -0,0 +1,41 @@
+{{- if index .Values "ingress-nginx" "enabled" }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ index .Values "ingress-nginx" "namespaceOverride" | default "ingress-nginx" }}
+  labels:
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    meta.helm.sh/release-name: {{ .Release.Name }}
+    meta.helm.sh/release-namespace: {{ .Release.Namespace }}
+    "helm.sh/resource-policy": keep
+{{- end }}
+
+{{- if index .Values "cert-manager" "enabled" }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ index .Values "cert-manager" "namespace" | default "cert-manager" }}
+  labels:
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    meta.helm.sh/release-name: {{ .Release.Name }}
+    meta.helm.sh/release-namespace: {{ .Release.Namespace }}
+    "helm.sh/resource-policy": keep
+{{- end }}
+
+{{- if index .Values "argo-cd" "enabled" }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ index .Values "argo-cd" "namespaceOverride" | default "argocd" }}
+  labels:
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    meta.helm.sh/release-name: {{ .Release.Name }}
+    meta.helm.sh/release-namespace: {{ .Release.Namespace }}
+    "helm.sh/resource-policy": keep
+{{- end }}
--- a/bootstrap/charts/turbo-mothership-bootstrap/values.yaml
+++ b/bootstrap/charts/turbo-mothership-bootstrap/values.yaml
@@ -0,0 +1,87 @@
+# Bootstrap umbrella chart values
+# Each subchart is configured under its own key
+# NOTE: Cilium CNI is installed via k0s config (k0s.yaml)
+
+# ------------------------------------------------------------------------------
+# Ingress NGINX (ingress-nginx)
+# ------------------------------------------------------------------------------
+ingress-nginx:
+  enabled: true
+  fullnameOverride: turbo-ingress
+  namespaceOverride: ingress-nginx
+  controller:
+    admissionWebhooks:
+      enabled: false
+    service:
+      externalIPs:
+        - 65.109.94.180
+      type: ClusterIP
+
+# ------------------------------------------------------------------------------
+# Cert Manager (cert-manager)
+# ------------------------------------------------------------------------------
+cert-manager:
+  enabled: true
+  fullnameOverride: turbo-certmgr
+  namespace: cert-manager
+  crds:
+    enabled: true
+  ingressShim:
+    defaultIssuerName: letsencrypt-prod
+    defaultIssuerKind: ClusterIssuer
+    defaultIssuerGroup: cert-manager.io
+
+# ------------------------------------------------------------------------------
+# Sealed Secrets (kube-system)
+# ------------------------------------------------------------------------------
+sealed-secrets:
+  enabled: true
+  fullnameOverride: turbo-sealedsecrets
+
+# ------------------------------------------------------------------------------
+# Argo CD (argocd)
+# ------------------------------------------------------------------------------
+argo-cd:
+  enabled: true
+  fullnameOverride: turbo-argocd
+  global:
+    domain: argo.turbo.weystrom.dev
+  namespaceOverride: argocd
+  configs:
+    params:
+      server.insecure: true
+    cm:
+      admin.enabled: true
+  server:
+    ingress:
+      enabled: true
+      ingressClassName: nginx
+      annotations:
+        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+        nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+        cert-manager.io/cluster-issuer: "letsencrypt-prod"
+      extraTls:
+        - hosts:
+            - argo.turbo.weystrom.dev
+          secretName: argocd-ingress-http
+    ingressGrpc:
+      enabled: true
+      ingressClassName: nginx
+      hostname: argo-grpc.turbo.weystrom.dev
+      annotations:
+        nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
+        cert-manager.io/cluster-issuer: "letsencrypt-prod"
+      extraTls:
+        - hosts:
+            - argo-grpc.turbo.weystrom.dev
+          secretName: argocd-ingress-grpc
+
+# ------------------------------------------------------------------------------
+# Raw manifests configuration
+# ------------------------------------------------------------------------------
+# NOTE: OpenEBS is installed via k0s config (k0s.yaml)
+clusterIssuer:
+  enabled: true
+  name: letsencrypt-prod
+  email: mail@weystrom.dev
+  server: https://acme-v02.api.letsencrypt.org/directory