- Infrastructure Charts
- cluster
cluster
Deploys cluster with Cluster API and Kubevirt, including addons.
Deploys a Kubernetes cluster with Cluster API and KubeVirt.
Includes the following addons:
- Calico
- KubeVirt Cloud Controller Manager for exposing LoadBalancer type services.
- Traefik
- OpenEBS
- Cert Manager
- External DNS
- External Secrets
- OpenTelemetry Collector
- Velero
Prerequisites
The chart requires the following addons to be installed on the host cluster:
- Argo CD
- KubeVirt
- Cluster API with Cluster API Provider KubeVirt
- External Secrets
- Kyverno with policies for generating Argo CD cluster secrets and External Secrets SecretStores
Make sure to specify the namespace Argo CD is watching resources in using the argocdNamespace values option.
The chart requires a virtual machine image built from the
Kubernetes image builder project
available for download over HTTP(S).
Make sure to set config.image to the url of the virtual machine image.
Secrets containing Cloudflare token, DNS API credentials, and MinIO bucket credentials on the host cluster are required.
Make sure to create the secrets, specify the namespace of the secrets in
config.externalSecrets.remoteNamespace, and authorize access to the secrets via config.rbac.
Install
To install the chart:
helm install my-release oci://ghcr.io/sneakybugs/cluster --version 2.2.0 --values values.yaml
Assuming you have a values.yaml with your values overrides:
Upgrade
To upgrade the chart:
helm upgrade my-release oci://ghcr.io/sneakybugs/cluster --version 2.2.0 --values values.yaml
Assuming you have a values.yaml with your values overrides:
Uninstall
To uninstall the chart:
helm uninstall my-release
Configuration
| Parameter | Description | Default |
|---|---|---|
nameOverride | Override chart name. | "" |
fullnameOverride | Override full release name. | "" |
argocdNamespace | Namespace to deploy Argo CD resources to. | ”argocd” |
versions.calico | Calico version to deploy. | ”v3.30.1” |
versions.certManager | Cert Manager version to deploy. | ”v1.15.0” |
versions.components | cluster-components chart version to deploy. | ”5.1.0” |
versions.telemetryExporterComponents | telemetry-exporter-components chart version to deploy. | ”2.0.0” |
versions.externalDNS | ExternalDNS version to deploy. | ”1.14.5” |
versions.externalSecrets | External Secrets version to deploy. | ”0.12.1” |
versions.openEBS | OpenEBS version to deploy. | ”4.0.1” |
versions.traefik | Traefik version to deploy. | ”28.1.0” |
versions.kubeStateMetrics | Kube State Metrics chart version to deploy. | ”5.20.0” |
versions.openTelemetryOperator | OpenTelemetry Operator chart version to deploy. | ”0.90.3” |
versions.prometheusNodeExporter | Node exporter chart version to deploy. | ”4.36.0” |
versions.prometheusOperatorCRDs | Prometheus Operator CRDs chart version to deploy. | ”12.0.0” |
versions.velero | Velero chart version to deploy. | ”8.3.0” |
versions.veleroPluginForAWS | Velero AWS plugin version to deploy. | ”1.11.1” |
versions.kro | Kro version to deploy. | ”0.3.0” |
features.backups | Enable Velero backups when true. | true |
features.telemetryExporter | Enable OpenTelemetry exporter when true. | true |
features.kro | Enable Kro when true. | true |
config.podSubnet | Pod subnet to use. | ”10.243.0.0/16” |
config.serviceSubnet | Service subnet to use. | ”10.95.0.0/16” |
config.image | Node image to use. | ”https://vmi.infra.sneakybugs.com/images/rocky-10.0-k8s-1.33-4632336-20250615.qcow2” |
config.version | Kubernetes version of the node image. | ”1.33.0” |
config.imageRegistries | [{“prefix”: “docker.io”, “location”: “oci.infra.sneakybugs.com/docker”}, {“prefix”: “quay.io”, “location”: “oci.infra.sneakybugs.com/quay”}, {“prefix”: “ghcr.io”, “location”: “oci.infra.sneakybugs.com/ghcr”}, {“prefix”: “registry.k8s.io”, “location”: “oci.infra.sneakybugs.com/k8s”}, {“prefix”: “oci.external-secrets.io”, “location”: “oci.infra.sneakybugs.com/external-secrets”}] | |
config.traefik.ingressHostname | Hostname to set for the ingress service with ExternalDNS. | ”ingress.services.infra.sneakybugs.com” |
config.otlpExporter.endpoint | Centralized OpenTelemetry Collector endpoint to export telemetry to. | ”otel.infra.sneakybugs.com:4317” |
config.externalSecrets.remoteNamespace | ”tenant-secrets” | |
config.externalDNSWebhook.repository | ”docker.houseofkummer.com/lior/home-dns/external-dns-provider” | |
config.externalDNSWebhook.tag | ”2.1.0” | |
config.certManager | Values for cluster-components chart certManager field. | {} |
config.velero.storage.s3Url | S3 endpoint URL for backup storage. | ”https://vmi.infra.sneakybugs.com” |
config.velero.storage.bucket | Bucket name for backup storage. | ”backups” |
config.velero.storage.prefix | Prefix to store backups in the S3 bucket, defaults to | "" |
config.velero.storage.accessMode | Backup location access mode, ReadWrite or ReadOnly. | ”ReadWrite” |
config.velero.backup.schedule | Cron schedule to perform backups at. | ”0 4 * * *“ |
config.velero.backup.ttl | Time to keep backups. | ”720h” |
config.velero.externalSecret | External secret used by Velero for S3 credentials. | {} |
config.rbac.namespace | Namespace for role in the management cluster. | ”tenant-secrets” |
config.rbac.rules | Role rules for the namespace in the management cluster. | [{“apiGroups”: [""], “resources”: [“secrets”], “verbs”: [“get”, “list”, “watch”], “resourceNames”: [“cert-manager”, “external-dns”, “backup”]}, {“apiGroups”: [“authorization.k8s.io”], “resources”: [“selfsubjectrulesreviews”], “verbs”: [“create”]}] |
nodes.controlPlane.replicas | Control plane node count. | 1 |
nodes.controlPlane.resources.storage | Control plane node disk size. | ”16Gi” |
nodes.controlPlane.resources.cores | Control plane node core count. | 2 |
nodes.controlPlane.resources.memory | Control plane node RAM size. | ”4Gi” |
nodes.worker.replicas | Worker node count. | 1 |
nodes.worker.resources.storage | Worker node disk size. | ”32Gi” |
nodes.worker.resources.cores | Worker node core count. | 4 |
nodes.worker.resources.memory | Worker node RAM size. | ”8Gi” |