Initial commit: Turbo Mothership bare metal management cluster

- k0s bootstrap with Cilium and OpenEBS - ArgoCD apps for infra, CAPI, Tinkerbell, and Netris - Ansible playbooks for virtual baremetal lab and Netris switches - CAPI provider manifests for k0smotron and Tinkerbell
2025-12-15 19:59:58 +01:00
commit df9937f0c3
39 changed files with 1961 additions and 0 deletions
--- a/bootstrap/charts/turbo-mothership-bootstrap/values.yaml
+++ b/bootstrap/charts/turbo-mothership-bootstrap/values.yaml
@@ -0,0 +1,87 @@
+# Bootstrap umbrella chart values
+# Each subchart is configured under its own key
+# NOTE: Cilium CNI is installed via k0s config (k0s.yaml)
+
+# ------------------------------------------------------------------------------
+# Ingress NGINX (ingress-nginx)
+# ------------------------------------------------------------------------------
+ingress-nginx:
+  enabled: true
+  fullnameOverride: turbo-ingress
+  namespaceOverride: ingress-nginx
+  controller:
+    admissionWebhooks:
+      enabled: false
+    service:
+      externalIPs:
+        - 65.109.94.180
+      type: ClusterIP
+
+# ------------------------------------------------------------------------------
+# Cert Manager (cert-manager)
+# ------------------------------------------------------------------------------
+cert-manager:
+  enabled: true
+  fullnameOverride: turbo-certmgr
+  namespace: cert-manager
+  crds:
+    enabled: true
+  ingressShim:
+    defaultIssuerName: letsencrypt-prod
+    defaultIssuerKind: ClusterIssuer
+    defaultIssuerGroup: cert-manager.io
+
+# ------------------------------------------------------------------------------
+# Sealed Secrets (kube-system)
+# ------------------------------------------------------------------------------
+sealed-secrets:
+  enabled: true
+  fullnameOverride: turbo-sealedsecrets
+
+# ------------------------------------------------------------------------------
+# Argo CD (argocd)
+# ------------------------------------------------------------------------------
+argo-cd:
+  enabled: true
+  fullnameOverride: turbo-argocd
+  global:
+    domain: argo.turbo.weystrom.dev
+  namespaceOverride: argocd
+  configs:
+    params:
+      server.insecure: true
+    cm:
+      admin.enabled: true
+  server:
+    ingress:
+      enabled: true
+      ingressClassName: nginx
+      annotations:
+        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+        nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+        cert-manager.io/cluster-issuer: "letsencrypt-prod"
+      extraTls:
+        - hosts:
+            - argo.turbo.weystrom.dev
+          secretName: argocd-ingress-http
+    ingressGrpc:
+      enabled: true
+      ingressClassName: nginx
+      hostname: argo-grpc.turbo.weystrom.dev
+      annotations:
+        nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
+        cert-manager.io/cluster-issuer: "letsencrypt-prod"
+      extraTls:
+        - hosts:
+            - argo-grpc.turbo.weystrom.dev
+          secretName: argocd-ingress-grpc
+
+# ------------------------------------------------------------------------------
+# Raw manifests configuration
+# ------------------------------------------------------------------------------
+# NOTE: OpenEBS is installed via k0s config (k0s.yaml)
+clusterIssuer:
+  enabled: true
+  name: letsencrypt-prod
+  email: mail@weystrom.dev
+  server: https://acme-v02.api.letsencrypt.org/directory