Add 'flux/' from commit '57e0c3e15534303076055628a469603c385f383a'
git-subtree-dir: flux git-subtree-mainline:4d0b7496d6
git-subtree-split:57e0c3e155
This commit is contained in:
commit
eda5075f08
49 changed files with 7057 additions and 0 deletions
20
flux/README.md
Normal file
20
flux/README.md
Normal file
|
@ -0,0 +1,20 @@
|
|||
# Kubernetes Cluster
|
||||
This is my personal Kubernetes Cluster. [Flux] watches this git repo and reconciles and changes made to the cluster.
|
||||
|
||||
## Directory structure
|
||||
The main directory is `cluster`, it contains the following subdirectories in the order that flux will apply them:
|
||||
* **base**: the entrypoint for Flux
|
||||
* **crds**: contains the CRDs that are needed for anything running in the cluster, these get applied earlier to make sure they exist
|
||||
* **core**: important core infrastructure applications, grouped by namespace, that should never be pruned
|
||||
* **apps**: common applications that are allowed to be pruned by flux
|
||||
|
||||
## Bootstrap
|
||||
The cluster was bootstrapped using the following command:
|
||||
```
|
||||
flux bootstrap git --url=ssh://git@git.xirion.net:2222/olympus/flux.git --branch=main --path=cluster/base/ --ssh-key-algorithm=ed25519 --components-extra=image-reflector-controller,image-automation-controller
|
||||
```
|
||||
|
||||
## References
|
||||
Heavily inspired by: [onedr0p's cluster](https://github.com/onedr0p/home-cluster)
|
||||
|
||||
[Flux]: https://github.com/fluxcd/flux2
|
2
flux/bootstrap.sh
Executable file
2
flux/bootstrap.sh
Executable file
|
@ -0,0 +1,2 @@
|
|||
#!/bin/sh
|
||||
flux bootstrap git --url=ssh://git@git.xirion.net:2222/olympus/flux.git --branch=main --path=cluster/base/ --ssh-key-algorithm=ed25519 --components-extra=image-reflector-controller,image-automation-controller
|
5
flux/cluster/apps/kustomization.yaml
Normal file
5
flux/cluster/apps/kustomization.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- networking
|
||||
- presidential-paradise
|
4
flux/cluster/apps/networking/kustomization.yaml
Normal file
4
flux/cluster/apps/networking/kustomization.yaml
Normal file
|
@ -0,0 +1,4 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- traefik
|
67
flux/cluster/apps/networking/traefik/helm-release.yaml
Normal file
67
flux/cluster/apps/networking/traefik/helm-release.yaml
Normal file
|
@ -0,0 +1,67 @@
|
|||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: traefik
|
||||
namespace: networking
|
||||
spec:
|
||||
interval: 5m
|
||||
chart:
|
||||
spec:
|
||||
# renovate: registryUrl=https://helm.traefik.io/traefik
|
||||
chart: traefik
|
||||
version: 10.6.2
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: traefik-charts
|
||||
namespace: flux-system
|
||||
interval: 5m
|
||||
values:
|
||||
image:
|
||||
name: traefik
|
||||
deployment:
|
||||
kind: Deployment
|
||||
replicas: 2
|
||||
service:
|
||||
enabled: true
|
||||
type: LoadBalancer
|
||||
spec:
|
||||
externalIPs:
|
||||
- 10.42.42.150
|
||||
externalTrafficPolicy: Local
|
||||
logs:
|
||||
general:
|
||||
level: WARN
|
||||
ingressClass:
|
||||
enabled: true
|
||||
isDefaultClass: true
|
||||
fallbackApiVersion: v1
|
||||
globalArguments:
|
||||
- "--providers.kubernetesingress.ingressclass=traefik"
|
||||
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=10.42.42.0/23"
|
||||
additionalArguments:
|
||||
- "--providers.kubernetesingress.ingressendpoint.ip=10.42.42.150"
|
||||
ports:
|
||||
traefik:
|
||||
port: 9000
|
||||
expose: true
|
||||
web:
|
||||
port: 8000
|
||||
exposedPort: 8000
|
||||
expose: true
|
||||
websecure:
|
||||
port: 8443
|
||||
exposedPort: 8443
|
||||
expose: true
|
||||
pilot:
|
||||
enabled: false
|
||||
experimental:
|
||||
plugins:
|
||||
enabled: false
|
||||
affinity: {}
|
||||
resources:
|
||||
requests:
|
||||
memory: 100Mi
|
||||
cpu: 500m
|
||||
limits:
|
||||
memory: 500Mi
|
4
flux/cluster/apps/networking/traefik/kustomization.yaml
Normal file
4
flux/cluster/apps/networking/traefik/kustomization.yaml
Normal file
|
@ -0,0 +1,4 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- helm-release.yaml
|
55
flux/cluster/apps/presidential-paradise/0x76dev/0x76.yaml
Normal file
55
flux/cluster/apps/presidential-paradise/0x76dev/0x76.yaml
Normal file
|
@ -0,0 +1,55 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: x76dev
|
||||
namespace: presidential-paradise
|
||||
labels:
|
||||
app: x76dev
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: x76dev
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: x76dev
|
||||
spec:
|
||||
containers:
|
||||
- name: x76dev
|
||||
image: registry.xirion.net/library/0x76.dev
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
imagePullSecrets:
|
||||
- name: xirion-registry-creds
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: x76dev-service
|
||||
namespace: presidential-paradise
|
||||
spec:
|
||||
selector:
|
||||
app: x76dev
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 8080
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: x76dev-ingress
|
||||
namespace: presidential-paradise
|
||||
spec:
|
||||
ingressClassName: "traefik"
|
||||
rules:
|
||||
- host: "0x76.dev"
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: x76dev-service
|
||||
port:
|
||||
number: 8080
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- 0x76.yaml
|
|
@ -0,0 +1,7 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- xirion-registry-creds.yaml
|
||||
- 0x76dev
|
||||
- wooloofanclub
|
||||
- zookeeper
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- wooloo.yaml
|
|
@ -0,0 +1,98 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: wooloofan-club
|
||||
namespace: presidential-paradise
|
||||
labels:
|
||||
app: wooloofan-club
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: wooloofan-club
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: wooloofan-club
|
||||
spec:
|
||||
containers:
|
||||
- name: wooloofan-club
|
||||
image: 0x76/wooloofan.club
|
||||
ports:
|
||||
- containerPort: 80
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: wooloofan-club-whoami
|
||||
namespace: presidential-paradise
|
||||
labels:
|
||||
app: wooloofan-club-whoami
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: wooloofan-club-whoami
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: wooloofan-club-whoami
|
||||
spec:
|
||||
containers:
|
||||
- name: wooloofan-club-whoami
|
||||
image: containous/whoami
|
||||
ports:
|
||||
- containerPort: 80
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: wooloofan-club-service
|
||||
namespace: presidential-paradise
|
||||
spec:
|
||||
selector:
|
||||
app: wooloofan-club
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: wooloofan-club-whoami-service
|
||||
namespace: presidential-paradise
|
||||
spec:
|
||||
selector:
|
||||
app: wooloofan-club-whoami
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: wooloofan-club-ingress
|
||||
namespace: presidential-paradise
|
||||
spec:
|
||||
ingressClassName: "traefik"
|
||||
rules:
|
||||
- host: "wooloofan.club"
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: wooloofan-club-service
|
||||
port:
|
||||
number: 80
|
||||
- host: "whoami.wooloofan.club"
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: wooloofan-club-whoami-service
|
||||
port:
|
||||
number: 80
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: external-secrets.io/v1alpha1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: xirion-registry-creds
|
||||
namespace: presidential-paradise
|
||||
spec:
|
||||
refreshInterval: "5m"
|
||||
secretStoreRef:
|
||||
name: vault
|
||||
kind: ClusterSecretStore
|
||||
target:
|
||||
name: xirion-registry-creds
|
||||
template:
|
||||
type: kubernetes.io/dockerconfigjson
|
||||
data:
|
||||
- secretKey: .dockerconfigjson
|
||||
remoteRef:
|
||||
key: xirion-registry-creds
|
||||
property: dockerconfigjson
|
|
@ -0,0 +1,53 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: zookeeper
|
||||
namespace: presidential-paradise
|
||||
labels:
|
||||
app: zookeeper
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: zookeeper
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxSurge: 34%
|
||||
maxUnavailable: 34%
|
||||
template:
|
||||
metadata:
|
||||
name: zookeeper
|
||||
labels:
|
||||
app: zookeeper
|
||||
spec:
|
||||
imagePullSecrets:
|
||||
- name: xirion-registry-creds
|
||||
containers:
|
||||
- name: zookeeper
|
||||
image: registry.xirion.net/library/zookeeper:0.3.1 # {"$imagepolicy": "flux-system:zookeeper"}
|
||||
ports:
|
||||
- name: web
|
||||
containerPort: 8085
|
||||
- name: epmd
|
||||
containerPort: 4369
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: zookeeper
|
||||
env:
|
||||
- name: LANG
|
||||
value: C.UTF-8
|
||||
- name: HOSTNAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: SERVICE_NAME
|
||||
value: zookeeper-private.presidential-paradise.svc.cluster.local
|
||||
resources: {}
|
||||
securityContext:
|
||||
privileged: false
|
||||
procMount: Default
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
dnsPolicy: ClusterFirst
|
||||
terminationGracePeriodSeconds: 30
|
|
@ -0,0 +1,33 @@
|
|||
apiVersion: external-secrets.io/v1alpha1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: zookeeper
|
||||
namespace: presidential-paradise
|
||||
spec:
|
||||
refreshInterval: "5m"
|
||||
secretStoreRef:
|
||||
name: vault
|
||||
kind: ClusterSecretStore
|
||||
target:
|
||||
name: zookeeper
|
||||
data:
|
||||
- secretKey: DISCORD_APP_ID
|
||||
remoteRef:
|
||||
key: presidential-paradise/zookeeper
|
||||
property: discord_app_id
|
||||
- secretKey: DISCORD_PUBLIC_KEY
|
||||
remoteRef:
|
||||
key: presidential-paradise/zookeeper
|
||||
property: discord_public_key
|
||||
- secretKey: DISCORD_TOKEN
|
||||
remoteRef:
|
||||
key: presidential-paradise/zookeeper
|
||||
property: discord_token
|
||||
- secretKey: TWITTER_TOKEN
|
||||
remoteRef:
|
||||
key: presidential-paradise/zookeeper
|
||||
property: twitter_token
|
||||
- secretKey: RELEASE_COOKIE
|
||||
remoteRef:
|
||||
key: presidential-paradise/zookeeper
|
||||
property: erlang_cookie
|
|
@ -0,0 +1,18 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: zookeeper
|
||||
namespace: presidential-paradise
|
||||
spec:
|
||||
rules:
|
||||
- host: "zookeeper.0x76.dev"
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: zookeeper
|
||||
port:
|
||||
number: 8085
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- external-secret.yaml
|
||||
- deployment.yaml
|
||||
- svc.yaml
|
||||
- ingress.yaml
|
27
flux/cluster/apps/presidential-paradise/zookeeper/svc.yaml
Normal file
27
flux/cluster/apps/presidential-paradise/zookeeper/svc.yaml
Normal file
|
@ -0,0 +1,27 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: zookeeper-private
|
||||
namespace: presidential-paradise
|
||||
spec:
|
||||
clusterIP: None
|
||||
ports:
|
||||
- name: epmd
|
||||
port: 4369
|
||||
targetPort: epmd
|
||||
protocol: TCP
|
||||
selector:
|
||||
app: zookeeper
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: zookeeper
|
||||
namespace: presidential-paradise
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
targetPort: web
|
||||
port: 8085
|
||||
selector:
|
||||
app: zookeeper
|
15
flux/cluster/base/apps.yaml
Normal file
15
flux/cluster/base/apps.yaml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: apps
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 10m0s
|
||||
dependsOn:
|
||||
- name: core
|
||||
path: ./cluster/apps
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: flux-system
|
15
flux/cluster/base/core.yaml
Normal file
15
flux/cluster/base/core.yaml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: core
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 10m0s
|
||||
dependsOn:
|
||||
- name: crds
|
||||
path: ./cluster/core
|
||||
prune: false
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: flux-system
|
13
flux/cluster/base/crds.yaml
Normal file
13
flux/cluster/base/crds.yaml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: crds
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 10m0s
|
||||
path: ./cluster/crds
|
||||
prune: false
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: flux-system
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: external-secrets-charts
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 15m0s
|
||||
url: https://charts.external-secrets.io
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- metallb-charts.yaml
|
||||
- traefik-charts.yaml
|
||||
- external-secrets-charts.yaml
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: metallb-charts
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 15m0s
|
||||
url: https://metallb.github.io/metallb
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: traefik-charts
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 15m
|
||||
url: https://helm.traefik.io/traefik
|
||||
timeout: 3m
|
5
flux/cluster/base/flux-system/charts/kustomization.yaml
Normal file
5
flux/cluster/base/flux-system/charts/kustomization.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- helm
|
||||
|
6234
flux/cluster/base/flux-system/gotk-components.yaml
Normal file
6234
flux/cluster/base/flux-system/gotk-components.yaml
Normal file
File diff suppressed because it is too large
Load diff
27
flux/cluster/base/flux-system/gotk-sync.yaml
Normal file
27
flux/cluster/base/flux-system/gotk-sync.yaml
Normal file
|
@ -0,0 +1,27 @@
|
|||
# This manifest was generated by flux. DO NOT EDIT.
|
||||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: flux-system
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 1m0s
|
||||
ref:
|
||||
branch: main
|
||||
secretRef:
|
||||
name: flux-system
|
||||
url: ssh://git@git.xirion.net:2222/olympus/flux.git
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: flux-system
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 10m0s
|
||||
path: ./cluster/base
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: flux-system
|
|
@ -0,0 +1,24 @@
|
|||
apiVersion: image.toolkit.fluxcd.io/v1beta1
|
||||
kind: ImageUpdateAutomation
|
||||
metadata:
|
||||
name: flux-system
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 1m0s
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: flux-system
|
||||
git:
|
||||
checkout:
|
||||
ref:
|
||||
branch: main
|
||||
commit:
|
||||
author:
|
||||
email: fluxcdbot@users.noreply.github.com
|
||||
name: fluxcdbot
|
||||
messageTemplate: '{{range .Updated.Images}}{{println .}}{{end}}'
|
||||
push:
|
||||
branch: main
|
||||
update:
|
||||
path: ./cluster/
|
||||
strategy: Setters
|
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- image-update-automation.yaml
|
||||
- zookeeper.yaml
|
|
@ -0,0 +1,22 @@
|
|||
apiVersion: image.toolkit.fluxcd.io/v1beta1
|
||||
kind: ImageRepository
|
||||
metadata:
|
||||
name: zookeeper
|
||||
namespace: flux-system
|
||||
spec:
|
||||
image: registry.xirion.net/library/zookeeper
|
||||
interval: 1m0s
|
||||
secretRef:
|
||||
name: xirion-registry-creds
|
||||
---
|
||||
apiVersion: image.toolkit.fluxcd.io/v1beta1
|
||||
kind: ImagePolicy
|
||||
metadata:
|
||||
name: zookeeper
|
||||
namespace: flux-system
|
||||
spec:
|
||||
imageRepositoryRef:
|
||||
name: zookeeper
|
||||
policy:
|
||||
semver:
|
||||
range: "*"
|
8
flux/cluster/base/flux-system/kustomization.yaml
Normal file
8
flux/cluster/base/flux-system/kustomization.yaml
Normal file
|
@ -0,0 +1,8 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- gotk-components.yaml
|
||||
- gotk-sync.yaml
|
||||
- xirion-registry-creds.yaml
|
||||
- image-update-automation
|
||||
- charts
|
19
flux/cluster/base/flux-system/xirion-registry-creds.yaml
Normal file
19
flux/cluster/base/flux-system/xirion-registry-creds.yaml
Normal file
|
@ -0,0 +1,19 @@
|
|||
apiVersion: external-secrets.io/v1alpha1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: xirion-registry-creds
|
||||
namespace: flux-system
|
||||
spec:
|
||||
refreshInterval: "5m"
|
||||
secretStoreRef:
|
||||
name: vault
|
||||
kind: ClusterSecretStore
|
||||
target:
|
||||
name: xirion-registry-creds
|
||||
template:
|
||||
type: kubernetes.io/dockerconfigjson
|
||||
data:
|
||||
- secretKey: .dockerconfigjson
|
||||
remoteRef:
|
||||
key: xirion-registry-creds
|
||||
property: dockerconfigjson
|
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: external-secrets
|
||||
namespace: external-secrets
|
||||
spec:
|
||||
interval: 5m
|
||||
chart:
|
||||
spec:
|
||||
# renovate: registryUrl=https://charts.external-secrets.io
|
||||
chart: external-secrets
|
||||
version: 0.3.7
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: external-secrets-charts
|
||||
namespace: flux-system
|
||||
interval: 5m
|
||||
values:
|
||||
installCRDs: false
|
||||
install:
|
||||
crds: Skip
|
||||
upgrade:
|
||||
crds: Skip
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- helm-release.yaml
|
||||
- vault-secret-store.yaml
|
|
@ -0,0 +1,26 @@
|
|||
apiVersion: external-secrets.io/v1alpha1
|
||||
kind: ClusterSecretStore
|
||||
metadata:
|
||||
name: vault
|
||||
namespace: external-secrets
|
||||
spec:
|
||||
provider:
|
||||
vault:
|
||||
server: "http://10.42.42.6:8200"
|
||||
path: "k8s"
|
||||
version: "v2"
|
||||
auth:
|
||||
# VaultAppRole authenticates with Vault using the
|
||||
# App Role auth mechanism
|
||||
# https://www.vaultproject.io/docs/auth/approle
|
||||
appRole:
|
||||
# Path where the App Role authentication backend is mounted
|
||||
path: "approle"
|
||||
# RoleID configured in the App Role authentication backend
|
||||
roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0"
|
||||
# Reference to a key in a K8 Secret that contains the App Role SecretId
|
||||
# (not commited in git)
|
||||
secretRef:
|
||||
name: "vault-secret-id"
|
||||
namespace: "external-secrets"
|
||||
key: "secret-id"
|
5
flux/cluster/core/external-secrets/kustomization.yaml
Normal file
5
flux/cluster/core/external-secrets/kustomization.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- external-secrets
|
7
flux/cluster/core/kustomization.yaml
Normal file
7
flux/cluster/core/kustomization.yaml
Normal file
|
@ -0,0 +1,7 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- namespaces
|
||||
- networking
|
||||
- external-secrets
|
||||
|
5
flux/cluster/core/namespaces/external-secrets.yaml
Normal file
5
flux/cluster/core/namespaces/external-secrets.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: external-secrets
|
7
flux/cluster/core/namespaces/kustomization.yaml
Normal file
7
flux/cluster/core/namespaces/kustomization.yaml
Normal file
|
@ -0,0 +1,7 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- presidential-paradise.yaml
|
||||
- networking.yaml
|
||||
- external-secrets.yaml
|
||||
|
5
flux/cluster/core/namespaces/networking.yaml
Normal file
5
flux/cluster/core/namespaces/networking.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: networking
|
6
flux/cluster/core/namespaces/presidential-paradise.yaml
Normal file
6
flux/cluster/core/namespaces/presidential-paradise.yaml
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: presidential-paradise
|
||||
|
5
flux/cluster/core/networking/kustomization.yaml
Normal file
5
flux/cluster/core/networking/kustomization.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- metallb
|
31
flux/cluster/core/networking/metallb/helm-release.yaml
Normal file
31
flux/cluster/core/networking/metallb/helm-release.yaml
Normal file
|
@ -0,0 +1,31 @@
|
|||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: metallb
|
||||
namespace: networking
|
||||
spec:
|
||||
interval: 5m
|
||||
chart:
|
||||
spec:
|
||||
# renovate: registryUrl=https://metallb.github.io/metallb
|
||||
chart: metallb
|
||||
version: 0.10.3
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: metallb-charts
|
||||
namespace: flux-system
|
||||
interval: 5m
|
||||
values:
|
||||
configInline:
|
||||
address-pools:
|
||||
- name: default
|
||||
protocol: layer2
|
||||
addresses:
|
||||
- 10.42.42.150-192.168.42.200
|
||||
speaker:
|
||||
tolerations:
|
||||
- effect: "NoExecute"
|
||||
operator: "Exists"
|
||||
- effect: "NoSchedule"
|
||||
operator: "Exists"
|
5
flux/cluster/core/networking/metallb/kustomization.yaml
Normal file
5
flux/cluster/core/networking/metallb/kustomization.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- helm-release.yaml
|
31
flux/cluster/crds/external-secrets/crds.yaml
Normal file
31
flux/cluster/crds/external-secrets/crds.yaml
Normal file
|
@ -0,0 +1,31 @@
|
|||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: external-secrets-crd-source
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 30m
|
||||
url: https://github.com/external-secrets/external-secrets.git
|
||||
ref:
|
||||
# renovate: registryUrl=https://charts.external-secrets.io chart=external-secrets
|
||||
tag: v0.3.7
|
||||
ignore: |
|
||||
# exclude all
|
||||
/*
|
||||
# path to crds
|
||||
!/deploy/crds/
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: external-secrets-crds
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 15m
|
||||
prune: false
|
||||
wait: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: external-secrets-crd-source
|
||||
|
4
flux/cluster/crds/external-secrets/kustomization.yaml
Normal file
4
flux/cluster/crds/external-secrets/kustomization.yaml
Normal file
|
@ -0,0 +1,4 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- crds.yaml
|
5
flux/cluster/crds/kustomization.yaml
Normal file
5
flux/cluster/crds/kustomization.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- traefik
|
||||
- external-secrets
|
30
flux/cluster/crds/traefik/crds.yaml
Normal file
30
flux/cluster/crds/traefik/crds.yaml
Normal file
|
@ -0,0 +1,30 @@
|
|||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: traefik-crd-source
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 30m
|
||||
url: https://github.com/traefik/traefik-helm-chart.git
|
||||
ref:
|
||||
# renovate: registryUrl=https://helm.traefik.io/traefik chart=traefik
|
||||
tag: v10.6.2
|
||||
ignore: |
|
||||
# exclude all
|
||||
/*
|
||||
# path to crds
|
||||
!/traefik/crds/
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: traefik-crds
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 15m
|
||||
prune: false
|
||||
wait: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: traefik-crd-source
|
4
flux/cluster/crds/traefik/kustomization.yaml
Normal file
4
flux/cluster/crds/traefik/kustomization.yaml
Normal file
|
@ -0,0 +1,4 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- crds.yaml
|
Loading…
Reference in a new issue