squash commits

Author: nvanthao

applications/wg-easy/Taskfile.yaml

@@ -181,6 +181,36 @@ tasks:
     deps:
       - cluster-create
 
+  helm-preflight-dryrun:
+    desc: Verify the preflight specs that will be run
+    silent: false
+    cmds: 
+      - |
+        TEMP_FILE=$(mktemp)
+        
+        # Find all charts and append their templates to the temp file
+        for chart_dir in $(find charts/ -maxdepth 1 -mindepth 1 -type d); do
+          helm template "$chart_dir" >> "$TEMP_FILE"
+          echo "---" >> "$TEMP_FILE" # Add separator between charts
+        done
+        
+        # Run preflight once on the combined templates
+        echo "Running preflight checks on all templates"
+        cat "$TEMP_FILE" | kubectl preflight - --dry-run
+        
+        # Clean up
+        rm "$TEMP_FILE"
+
+  helm-preflight:
+    desc: Run preflight checks on Helm charts using preflight CLI
+    silent: false
+    cmds: 
+      - defer: rm -f preflightbundle-*.tar.gz
+      - helm template charts/wg-easy | kubectl preflight -
+      - helm template charts/cert-manager | kubectl preflight -
+    deps:
+      - setup-kubeconfig
+    
   helm-install:
     desc: Install all charts using helmfile
     silent: false
@@ -492,6 +522,7 @@ tasks:
       - task: setup-kubeconfig
       - task: cluster-ports-expose
       - task: dependencies-update
+      - task: helm-preflight
       - task: helm-install
       - task: test
       - task: cluster-delete

applications/wg-easy/charts/cert-manager/templates/secret-preflights.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cert-manager-preflights
+  labels:
+    troubleshoot.sh/kind: preflight
+type: Opaque
+stringData:
+  preflight.yaml: |
+    apiVersion: troubleshoot.sh/v1beta2
+    kind: Preflight
+    metadata:
+      name: cert-manager-preflights
+    spec:
+      analyzers:
+        # https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/README.template.md#prerequisites
+        - clusterVersion:
+            outcomes:
+              - fail:
+                  when: "< 1.22.0"
+                  message: The application requires at least Kubernetes 1.22.0, and recommends 1.25.0.
+                  uri: https://kubernetes.io
+              - warn:
+                  when: "< 1.25.0"
+                  message: Your cluster meets the minimum version of Kubernetes, but we recommend you update to 1.25.0 or later.
+                  uri: https://kubernetes.io
+              - pass:
+                  message: Your cluster meets the recommended and required versions of Kubernetes.

applications/wg-easy/charts/wg-easy/templates/secret-preflights.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wg-easy-preflights
+  labels:
+    troubleshoot.sh/kind: preflight
+type: Opaque
+stringData:
+  preflight.yaml: |
+    apiVersion: troubleshoot.sh/v1beta2
+    kind: Preflight
+    metadata:
+      name: wg-easy-preflights
+    spec:
+      collectors:
+        - sysctl:
+            image: debian:buster-slim
+      analyzers:
+        - sysctl:
+            checkName: IP forwarding enabled
+            outcomes:
+              - fail:
+                  when: 'net.ipv4.ip_forward == 0'
+                  message: "IP forwarding must be enabled. To enable it, edit /etc/sysctl.conf, add or uncomment the line 'net.ipv4.ip_forward=1', and run 'sudo sysctl -p'."
+              - pass:
+                  when: 'net.ipv4.ip_forward == 1'
+                  message: "IP forwarding is enabled."