elastisys · OlleLarsson · Jan 9, 2024 · Nov 23, 2023
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
@@ -52,9 +52,6 @@ The configuration contains some `set-me`'s that must be configured manually.
 > [!important]
 > Setting up ingresses properly requires some additional steps documented later in this section.
 
-> [!important]
-> Namespaces are not yet managed by `helmfile` so you must first run `./bin/ck8s bootstrap sc|wc`.
-
 Manage apps by using `helmfile` directly and with needs it will pull in all required releases:
 
 ```sh

diff --git a/README.md b/README.md
@@ -394,7 +394,7 @@ Run the script to see what options are available.
 
 #### Examples
 
-- Bootstrap and deploy apps to the workload cluster:
+- Deploy apps to the workload cluster:
 
  ```bash
  ./bin/ck8s apply wc

diff --git a/bin/apps.bash b/bin/apps.bash
@@ -63,8 +63,7 @@ apps_sc() {
  #
  # The first few Charts install CRDs, which will make template validation
  # fail. CRDs are "changes" to the Kubernetes API, hence validation against
- # the Kubernetes API cannot be done. OTOH, manually adding the CRDs during
- # bootstrap is error-prone and adds maintenance burden.
+ # the Kubernetes API cannot be done.
  #
  # While it would be nice to have some template validation before `helmfile apply`,
  # at least Helmfile does "just in time" template validation. Not as nice,

diff --git a/bin/bootstrap.bash b/bin/bootstrap.bash
diff --git a/bin/ck8s b/bin/ck8s
@@ -11,9 +11,7 @@ source "${here}/common.bash"
 usage() {
  echo "COMMANDS:" 1>&2
  echo " init <wc|sc|both> [--generate-new-secrets] initialize the config path" 1>&2
- echo " bootstrap <wc|sc> bootstrap the cluster" 1>&2
- echo " apps <wc|sc> [--sync] [--skip-template-validate] [--concurrency=<num>] deploy the applications" 1>&2
- echo " apply <wc|sc> [--sync] [--skip-template-validate] [--concurrency=<num>] bootstrap and apps" 1>&2
+ echo " apply <wc|sc> [--sync] [--skip-template-validate] [--concurrency=<num>] deploy the apps" 1>&2
  echo " test <wc|sc> [--logging-enabled] test the applications" 1>&2
  echo " dry-run <wc|sc> [--kubectl] runs helmfile diff" 1>&2
  echo " fix-psp-violations <wc|sc> Checks and restarts pods that violates Pod Security Polices, applicable for new environments" 1>&2
@@ -65,20 +63,9 @@ case "${1}" in
  export CK8S_CLUSTER="${2}"
  "${here}/init.bash" "${GEN_NEW_SECRETS}"
  ;;
- bootstrap)
- [[ "${2}" =~ ^(wc|sc)$ ]] || usage
- check_tools
- "${here}/bootstrap.bash" "${2}"
- ;;
- apps)
- [[ "${2}" =~ ^(wc|sc)$ ]] || usage
- check_tools
- "${here}/apps.bash" "${2}" "${SKIP}" "${SYNC}" "${CONCURRENCY}"
- ;;
  apply)
  [[ "${2}" =~ ^(wc|sc)$ ]] || usage
  check_tools
- "${here}/bootstrap.bash" "${2}"
  "${here}/apps.bash" "${2}" "${SKIP}" "${SYNC}" "${CONCURRENCY}"
  ;;
  test)

diff --git a/bootstrap/bootstrap.sh b/bootstrap/bootstrap.sh
diff --git a/bootstrap/namespaces/bootstrap.sh b/bootstrap/namespaces/bootstrap.sh
diff --git a/bootstrap/namespaces/helmfile/helmfile.yaml b/bootstrap/namespaces/helmfile/helmfile.yaml
diff --git a/bootstrap/namespaces/helmfile/values/namespaces-sc.yaml.gotmpl b/bootstrap/namespaces/helmfile/values/namespaces-sc.yaml.gotmpl
diff --git a/bootstrap/namespaces/helmfile/values/namespaces-wc.yaml.gotmpl b/bootstrap/namespaces/helmfile/values/namespaces-wc.yaml.gotmpl
diff --git a/completion/bash b/completion/bash
@@ -2,8 +2,6 @@
 
 _ck8s_command_ck8s() {
  opts+=("init")
- opts+=("bootstrap")
- opts+=("apps")
  opts+=("apply")
  opts+=("test")
  opts+=("dry-run")
@@ -18,20 +16,6 @@ _ck8s_command_ck8s() {
  COMPREPLY=($(compgen -W "${opts[*]}" -- ${cur}))
 }
 
-_ck8s_command_ck8s_bootstrap() {
- local opts=()
- opts+=("sc")
- opts+=("wc")
- COMPREPLY=( $(compgen -W "${opts[*]}" -- ${cur}) )
-}
-
-_ck8s_command_ck8s_apps() {
- local opts=()
- opts+=("sc")
- opts+=("wc")
- COMPREPLY=( $(compgen -W "${opts[*]}" -- ${cur}) )
-}
-
 _ck8s_command_ck8s_apply() {
  local opts=()
  opts+=("sc")

diff --git a/...ces/helmfile/charts/namespaces/Chart.yaml → helmfile.d/charts/namespaces/Chart.yaml b/...ces/helmfile/charts/namespaces/Chart.yaml → helmfile.d/charts/namespaces/Chart.yaml
diff --git a/...harts/namespaces/templates/namespace.yaml → ...harts/namespaces/templates/namespace.yaml b/...harts/namespaces/templates/namespace.yaml → ...harts/namespaces/templates/namespace.yaml
diff --git a/...es/helmfile/charts/namespaces/values.yaml → helmfile.d/charts/namespaces/values.yaml b/...es/helmfile/charts/namespaces/values.yaml → helmfile.d/charts/namespaces/values.yaml
diff --git a/helmfile.d/stacks/falco.yaml b/helmfile.d/stacks/falco.yaml
@@ -13,6 +13,8 @@ templates:
  installed: {{ and (.Values | get "falco.enabled" false) (.Values | get "networkPolicies.falco.enabled" false) }}
  labels:
  netpol: falco
+ needs:
+ - kube-system/admin-namespaces
  values:
  - values/networkpolicies/common/common.yaml.gotmpl
  - values/networkpolicies/common/falco.yaml.gotmpl
@@ -23,6 +25,8 @@ templates:
  - template: podsecuritypolicies
  labels:
  psp: falco
+ needs:
+ - kube-system/admin-namespaces
  values:
  - values/podsecuritypolicies/common/falco.yaml.gotmpl
 

diff --git a/helmfile.d/stacks/harbor.yaml b/helmfile.d/stacks/harbor.yaml
@@ -13,6 +13,8 @@ templates:
  installed: {{ and (.Values | get "harbor.enabled" false) (.Values | get "networkPolicies.harbor.enabled" false) }}
  labels:
  netpol: harbor
+ needs:
+ - kube-system/admin-namespaces
  values:
  - values/networkpolicies/common/common.yaml.gotmpl
  - values/networkpolicies/service/harbor.yaml.gotmpl