Add 'flux/' from commit '57e0c3e155'

git-subtree-dir: flux
git-subtree-mainline: 4d0b7496d6
git-subtree-split: 57e0c3e155

flux/cluster/apps/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - networking
+  - presidential-paradise

flux/cluster/apps/networking/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources: 
+  - traefik

flux/cluster/apps/networking/traefik/helm-release.yaml

@@ -0,0 +1,67 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: traefik
+  namespace: networking
+spec:
+  interval: 5m
+  chart:
+    spec:
+      # renovate: registryUrl=https://helm.traefik.io/traefik
+      chart: traefik
+      version: 10.6.2
+      sourceRef:
+        kind: HelmRepository
+        name: traefik-charts
+        namespace: flux-system
+      interval: 5m
+  values:
+    image:
+      name: traefik
+    deployment:
+      kind: Deployment
+      replicas: 2
+    service:
+      enabled: true
+      type: LoadBalancer
+      spec:
+        externalIPs:
+          - 10.42.42.150
+        externalTrafficPolicy: Local
+    logs:
+      general:
+        level: WARN
+    ingressClass:
+      enabled: true
+      isDefaultClass: true
+      fallbackApiVersion: v1
+    globalArguments:
+      - "--providers.kubernetesingress.ingressclass=traefik"
+      - "--entryPoints.websecure.forwardedHeaders.trustedIPs=10.42.42.0/23"
+    additionalArguments:
+      - "--providers.kubernetesingress.ingressendpoint.ip=10.42.42.150"
+    ports:
+      traefik:
+        port: 9000
+        expose: true
+      web:
+        port: 8000
+        exposedPort: 8000
+        expose: true
+      websecure:
+        port: 8443
+        exposedPort: 8443
+        expose: true
+    pilot:
+      enabled: false
+    experimental:
+      plugins:
+        enabled: false
+    affinity:  {}
+    resources:
+      requests:
+        memory: 100Mi
+        cpu: 500m
+      limits:
+        memory: 500Mi

flux/cluster/apps/networking/traefik/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm-release.yaml

flux/cluster/apps/presidential-paradise/0x76dev/0x76.yaml

@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: x76dev
+  namespace: presidential-paradise
+  labels:
+    app: x76dev
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: x76dev
+  template:
+    metadata:
+      labels:
+        app: x76dev
+    spec:
+      containers:
+        - name: x76dev
+          image: registry.xirion.net/library/0x76.dev
+          ports:
+            - containerPort: 8080
+      imagePullSecrets:
+        - name: xirion-registry-creds
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: x76dev-service
+  namespace: presidential-paradise
+spec:
+  selector:
+    app: x76dev
+  ports:
+    - protocol: TCP
+      port: 8080
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: x76dev-ingress
+  namespace: presidential-paradise
+spec:
+  ingressClassName: "traefik"
+  rules:
+    - host: "0x76.dev"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: x76dev-service
+                port:
+                  number: 8080

flux/cluster/apps/presidential-paradise/0x76dev/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - 0x76.yaml

flux/cluster/apps/presidential-paradise/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - xirion-registry-creds.yaml
+  - 0x76dev
+  - wooloofanclub
+  - zookeeper

flux/cluster/apps/presidential-paradise/wooloofanclub/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - wooloo.yaml

flux/cluster/apps/presidential-paradise/wooloofanclub/wooloo.yaml

@@ -0,0 +1,98 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wooloofan-club
+  namespace: presidential-paradise
+  labels:
+    app: wooloofan-club
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: wooloofan-club
+  template:
+    metadata:
+      labels:
+        app: wooloofan-club
+    spec:
+      containers:
+      - name: wooloofan-club
+        image: 0x76/wooloofan.club
+        ports:
+        - containerPort: 80
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wooloofan-club-whoami
+  namespace: presidential-paradise
+  labels:
+    app: wooloofan-club-whoami
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: wooloofan-club-whoami
+  template:
+    metadata:
+      labels:
+        app: wooloofan-club-whoami
+    spec:
+      containers:
+      - name: wooloofan-club-whoami
+        image: containous/whoami
+        ports:
+        - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wooloofan-club-service
+  namespace: presidential-paradise
+spec:
+  selector:
+    app: wooloofan-club
+  ports:
+    - protocol: TCP
+      port: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wooloofan-club-whoami-service
+  namespace: presidential-paradise
+spec:
+  selector:
+    app: wooloofan-club-whoami
+  ports:
+    - protocol: TCP
+      port: 80
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: wooloofan-club-ingress
+  namespace: presidential-paradise
+spec:
+  ingressClassName: "traefik"
+  rules:
+  - host: "wooloofan.club"
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: wooloofan-club-service
+            port:
+              number: 80
+  - host: "whoami.wooloofan.club"
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: wooloofan-club-whoami-service
+            port:
+              number: 80

flux/cluster/apps/presidential-paradise/xirion-registry-creds.yaml

@@ -0,0 +1,19 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: ExternalSecret
+metadata:
+  name: xirion-registry-creds
+  namespace: presidential-paradise
+spec:
+  refreshInterval: "5m"
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: xirion-registry-creds
+    template:
+      type: kubernetes.io/dockerconfigjson
+  data:
+    - secretKey: .dockerconfigjson
+      remoteRef:
+        key: xirion-registry-creds
+        property: dockerconfigjson

flux/cluster/apps/presidential-paradise/zookeeper/deployment.yaml

@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: zookeeper
+  namespace: presidential-paradise
+  labels:
+    app: zookeeper
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: zookeeper
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 34%
+      maxUnavailable: 34%
+  template:
+    metadata:
+      name: zookeeper
+      labels:
+        app: zookeeper
+    spec:
+      imagePullSecrets:
+        - name: xirion-registry-creds
+      containers:
+        - name: zookeeper
+          image: registry.xirion.net/library/zookeeper:0.3.1 # {"$imagepolicy": "flux-system:zookeeper"}
+          ports:
+            - name: web
+              containerPort: 8085
+            - name: epmd
+              containerPort: 4369
+          envFrom:
+            - secretRef:
+                name: zookeeper
+          env:
+            - name: LANG
+              value: C.UTF-8
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: SERVICE_NAME
+              value: zookeeper-private.presidential-paradise.svc.cluster.local
+          resources: {}
+          securityContext:
+            privileged: false
+            procMount: Default
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+      dnsPolicy: ClusterFirst
+      terminationGracePeriodSeconds: 30

flux/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml

@@ -0,0 +1,33 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: ExternalSecret
+metadata:
+  name: zookeeper
+  namespace: presidential-paradise
+spec:
+  refreshInterval: "5m"
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: zookeeper
+  data:
+  - secretKey: DISCORD_APP_ID
+    remoteRef:
+      key: presidential-paradise/zookeeper
+      property: discord_app_id
+  - secretKey: DISCORD_PUBLIC_KEY
+    remoteRef:
+      key: presidential-paradise/zookeeper
+      property: discord_public_key
+  - secretKey: DISCORD_TOKEN
+    remoteRef:
+      key: presidential-paradise/zookeeper
+      property: discord_token
+  - secretKey: TWITTER_TOKEN
+    remoteRef:
+      key: presidential-paradise/zookeeper
+      property: twitter_token
+  - secretKey: RELEASE_COOKIE
+    remoteRef:
+      key: presidential-paradise/zookeeper
+      property: erlang_cookie

flux/cluster/apps/presidential-paradise/zookeeper/ingress.yaml

@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: zookeeper
+  namespace: presidential-paradise
+spec:
+  rules:
+  - host: "zookeeper.0x76.dev"
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: zookeeper
+            port:
+              number: 8085
+

flux/cluster/apps/presidential-paradise/zookeeper/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - external-secret.yaml
+  - deployment.yaml
+  - svc.yaml
+  - ingress.yaml

flux/cluster/apps/presidential-paradise/zookeeper/svc.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: zookeeper-private
+  namespace: presidential-paradise
+spec:
+  clusterIP: None
+  ports:
+  - name: epmd
+    port: 4369
+    targetPort: epmd
+    protocol: TCP
+  selector:
+    app: zookeeper
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: zookeeper
+  namespace: presidential-paradise
+spec:
+  ports:
+  - name: http
+    targetPort: web
+    port: 8085
+  selector:
+    app: zookeeper