diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index a465449024..3d07f11ba6 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -52,7 +52,7 @@ jobs: --strip-attrs "helm.sh/chart,checksum/config,app.kubernetes.io/version,chart" --limit-bytes 10000 --all-namespaces - --sources "k8s-gitops" + --sources "flux-system" --output-file diff.patch - name: Generate Diff diff --git a/.taskfiles/bootstrap/Taskfile.yaml b/.taskfiles/bootstrap/Taskfile.yaml index ba92b7ec40..0a7a51aed1 100644 --- a/.taskfiles/bootstrap/Taskfile.yaml +++ b/.taskfiles/bootstrap/Taskfile.yaml @@ -1,20 +1,15 @@ --- version: '3' -vars: - BOOTSTRAP_RESOURCES_DIR: '{{.ROOT_DIR}}/.taskfiles/bootstrap/resources' - tasks: kubernetes: - desc: Bootstrap a Talos Kubernetes cluster backed by flux, sops, and rook - prompt: Bootstrap a Talos Kubernetes cluster ... continue? + desc: Bootstrap Talos + prompt: Bootstrap Talos Cluster? cmds: - task: etcd - task: kubeconfig - task: apps - - task: rook - - task: flux preconditions: - talosctl config info >/dev/null 2>&1 - test -f {{.TALOS_DIR}}/clusterconfig/talosconfig @@ -28,43 +23,19 @@ tasks: cmd: talosctl kubeconfig --nodes {{.TALOS_CONTROLLER}} --force {{.KUBERNETES_DIR}} apps: - internal: true + desc: Bootstrap Apps + prompt: Bootstrap apps into the Talos cluster? cmds: - - until kubectl wait --for=condition=Ready=False nodes --all --timeout=10m; do sleep 10; done + - until kubectl wait nodes --for=condition=Ready=False --all --timeout=10m; do sleep 5; done + - op run --env-file {{.KUBERNETES_DIR}}/bootstrap/bootstrap.env --no-masking -- minijinja-cli {{.KUBERNETES_DIR}}/bootstrap/apps/templates/resources.yaml.j2 | kubectl apply --server-side --filename - - helmfile --quiet --file {{.KUBERNETES_DIR}}/bootstrap/apps/helmfile.yaml apply --skip-diff-on-install --suppress-diff - - until kubectl wait --for=condition=Ready nodes --all --timeout=10m; do sleep 10; done - env: - KUBERNETES_DIR: '{{.KUBERNETES_DIR}}' - preconditions: - - test -f {{.KUBERNETES_DIR}}/bootstrap/apps/helmfile.yaml - - rook: - internal: true - cmds: - - minijinja-cli {{.BOOTSTRAP_RESOURCES_DIR}}/wipe-rook.yaml.j2 | kubectl apply --server-side --filename - - - until kubectl --namespace default get job/wipe-rook &>/dev/null; do sleep 5; done - - kubectl --namespace default wait job/wipe-rook --for=condition=complete --timeout=5m - - stern --namespace default job/wipe-rook --no-follow - - kubectl --namespace default delete job wipe-rook + - helmfile --quiet --file {{.KUBERNETES_DIR}}/bootstrap/apps/helmfile.yaml destroy --selector release=wipe-rook env: + FLUX_GITHUB_PUBLIC_KEYS: + sh: curl -fsSL https://api.github.com/meta | jq --raw-output '"github.com "+.ssh_keys[]' MODEL: SAMSUNG_MZQL23T8HCLS-00A07 NODE_COUNT: sh: talosctl config info --output json | jq --raw-output '.nodes | length' - preconditions: - - test -f {{.BOOTSTRAP_RESOURCES_DIR}}/wipe-rook.yaml.j2 - - flux: - internal: true - cmds: - - for: { var: TEMPLATES } - cmd: op run --env-file {{.KUBERNETES_DIR}}/bootstrap/bootstrap.env --no-masking -- minijinja-cli {{.ITEM}} | kubectl apply --server-side --filename - - - kubectl apply --server-side --kustomize {{.KUBERNETES_DIR}}/flux/config - vars: - TEMPLATES: - sh: ls {{.KUBERNETES_DIR}}/bootstrap/apps/*.j2 - env: VAULT: K8s - FLUX_GITHUB_PUBLIC_KEYS: - sh: curl -fsSL https://api.github.com/meta | jq --raw-output '"github.com "+.ssh_keys[]' preconditions: - op user get --me diff --git a/.taskfiles/bootstrap/resources/wipe-rook.yaml.j2 b/.taskfiles/bootstrap/resources/wipe-rook.yaml.j2 deleted file mode 100644 index 0689f4629f..0000000000 --- a/.taskfiles/bootstrap/resources/wipe-rook.yaml.j2 +++ /dev/null @@ -1,59 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: &app wipe-rook - namespace: default - labels: - app.kubernetes.io/name: *app -spec: - parallelism: {{ ENV.NODE_COUNT }} - template: - metadata: - labels: - app.kubernetes.io/name: *app - spec: - restartPolicy: Never - initContainers: - - name: data - image: docker.io/library/alpine:latest - command: ["/bin/sh", "-c"] - args: ["rm -rf /mnt/host_var/lib/rook"] - volumeMounts: - - mountPath: /mnt/host_var - name: host-var - securityContext: - privileged: true - resources: {} - containers: - - name: disk - image: docker.io/library/alpine:latest - command: ["/bin/sh", "-c"] - args: - - | - apk add --no-cache findutils nvme-cli; - DISK=$(find /dev/disk/by-id/ -iname "*{{ ENV.MODEL }}*" -not -name "*_[0-9]"); - echo "=== Wiping $DISK ==="; - nvme format --lbaf=1 $DISK --force; - nvme format --block-size=4096 $DISK --force; - securityContext: - privileged: true - volumeMounts: - - name: host-dev - mountPath: /dev/disk/by-id - resources: {} - volumes: - - name: host-var - hostPath: - path: /var - - name: host-dev - hostPath: - path: /dev/disk/by-id - type: Directory - topologySpreadConstraints: - - maxSkew: 1 - labelSelector: - matchLabels: - app.kubernetes.io/name: *app - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule diff --git a/kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/ks.yaml b/kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/ks.yaml index 528359fd01..786591915a 100644 --- a/kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/ks.yaml +++ b/kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/ks.yaml @@ -15,7 +15,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/actions-runner-system/gha-runner-scale-set/ks.yaml b/kubernetes/apps/actions-runner-system/gha-runner-scale-set/ks.yaml index 66d094c63d..562b58da25 100644 --- a/kubernetes/apps/actions-runner-system/gha-runner-scale-set/ks.yaml +++ b/kubernetes/apps/actions-runner-system/gha-runner-scale-set/ks.yaml @@ -16,7 +16,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/cert-manager/cert-manager/ks.yaml b/kubernetes/apps/cert-manager/cert-manager/ks.yaml index 6b9597a943..afa933f8bb 100644 --- a/kubernetes/apps/cert-manager/cert-manager/ks.yaml +++ b/kubernetes/apps/cert-manager/cert-manager/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -36,7 +36,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/databases/cloudnative-pg/ks.yaml b/kubernetes/apps/databases/cloudnative-pg/ks.yaml index 2dc919d02f..bda8e23661 100644 --- a/kubernetes/apps/databases/cloudnative-pg/ks.yaml +++ b/kubernetes/apps/databases/cloudnative-pg/ks.yaml @@ -15,7 +15,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -38,7 +38,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/databases/emqx/ks.yaml b/kubernetes/apps/databases/emqx/ks.yaml index d896ead179..05b4a02722 100644 --- a/kubernetes/apps/databases/emqx/ks.yaml +++ b/kubernetes/apps/databases/emqx/ks.yaml @@ -16,7 +16,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -38,7 +38,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/external-secrets/external-secrets/ks.yaml b/kubernetes/apps/external-secrets/external-secrets/ks.yaml index 25189dd5a9..1dc4039604 100644 --- a/kubernetes/apps/external-secrets/external-secrets/ks.yaml +++ b/kubernetes/apps/external-secrets/external-secrets/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -35,7 +35,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/external-secrets/onepassword-connect/ks.yaml b/kubernetes/apps/external-secrets/onepassword-connect/ks.yaml index dd19be1804..bf44298583 100644 --- a/kubernetes/apps/external-secrets/onepassword-connect/ks.yaml +++ b/kubernetes/apps/external-secrets/onepassword-connect/ks.yaml @@ -15,7 +15,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/flux-system/flux/app/helmrelease.yaml b/kubernetes/apps/flux-system/flux-operator/app/helmrelease.yaml similarity index 72% rename from kubernetes/apps/flux-system/flux/app/helmrelease.yaml rename to kubernetes/apps/flux-system/flux-operator/app/helmrelease.yaml index 901eee01e5..8bb225f475 100644 --- a/kubernetes/apps/flux-system/flux/app/helmrelease.yaml +++ b/kubernetes/apps/flux-system/flux-operator/app/helmrelease.yaml @@ -2,16 +2,16 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: - name: flux + name: flux-operator spec: interval: 30m chart: spec: - chart: flux2 - version: 2.14.1 + chart: flux-operator + version: 0.12.0 sourceRef: kind: HelmRepository - name: fluxcd-community + name: controlplaneio namespace: flux-system install: remediation: @@ -23,4 +23,4 @@ spec: retries: 3 valuesFrom: - kind: ConfigMap - name: flux-helm-values + name: flux-operator-helm-values diff --git a/kubernetes/apps/flux-system/flux/app/kustomization.yaml b/kubernetes/apps/flux-system/flux-operator/app/kustomization.yaml similarity index 85% rename from kubernetes/apps/flux-system/flux/app/kustomization.yaml rename to kubernetes/apps/flux-system/flux-operator/app/kustomization.yaml index 7a3555472a..1527a2e8ca 100644 --- a/kubernetes/apps/flux-system/flux/app/kustomization.yaml +++ b/kubernetes/apps/flux-system/flux-operator/app/kustomization.yaml @@ -4,7 +4,7 @@ kind: Kustomization resources: - ./helmrelease.yaml configMapGenerator: - - name: flux-helm-values + - name: flux-operator-helm-values files: - ./resources/values.yaml generatorOptions: diff --git a/kubernetes/apps/flux-system/flux-operator/app/resources/values.yaml b/kubernetes/apps/flux-system/flux-operator/app/resources/values.yaml new file mode 100644 index 0000000000..8c63a5456d --- /dev/null +++ b/kubernetes/apps/flux-system/flux-operator/app/resources/values.yaml @@ -0,0 +1,3 @@ +--- +serviceMonitor: + create: true diff --git a/kubernetes/apps/flux-system/flux-operator/instance/helmrelease.yaml b/kubernetes/apps/flux-system/flux-operator/instance/helmrelease.yaml new file mode 100644 index 0000000000..2c543dbe7a --- /dev/null +++ b/kubernetes/apps/flux-system/flux-operator/instance/helmrelease.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: flux-instance +spec: + interval: 30m + chart: + spec: + chart: flux-instance + version: 0.12.0 + sourceRef: + kind: HelmRepository + name: controlplaneio + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + valuesFrom: + - kind: ConfigMap + name: flux-instance-helm-values diff --git a/kubernetes/apps/flux-system/flux-operator/instance/kustomization.yaml b/kubernetes/apps/flux-system/flux-operator/instance/kustomization.yaml new file mode 100644 index 0000000000..e5770f203e --- /dev/null +++ b/kubernetes/apps/flux-system/flux-operator/instance/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml + - ./prometheusrule.yaml +configMapGenerator: + - name: flux-instance-helm-values + files: + - ./resources/values.yaml +generatorOptions: + disableNameSuffixHash: true diff --git a/kubernetes/apps/flux-system/flux-operator/instance/prometheusrule.yaml b/kubernetes/apps/flux-system/flux-operator/instance/prometheusrule.yaml new file mode 100644 index 0000000000..dfa1cb4dd4 --- /dev/null +++ b/kubernetes/apps/flux-system/flux-operator/instance/prometheusrule.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: flux-instance-rules +spec: + groups: + - name: flux-instance.rules + rules: + - alert: FluxInstanceAbsent + expr: absent(flux_instance_info{exported_namespace="flux-system", name="flux"}) + for: 15m + annotations: + summary: Flux instance metric is missing + description: | + The flux_instance_info metric for the Flux instance in namespace {{ $labels.exported_namespace }} is not available. + labels: + severity: critical + - alert: FluxInstanceNotReady + expr: flux_instance_info{exported_namespace="flux-system", name="flux", ready!="True"} + for: 15m + annotations: + summary: Flux instance {{ $labels.name }} is not ready + description: | + The Flux instance in namespace {{ $labels.exported_namespace }} is not ready. + Reason: {{ $labels.reason }} + labels: + severity: critical diff --git a/kubernetes/apps/flux-system/flux-operator/instance/resources/values.yaml b/kubernetes/apps/flux-system/flux-operator/instance/resources/values.yaml new file mode 100644 index 0000000000..4841a88e23 --- /dev/null +++ b/kubernetes/apps/flux-system/flux-operator/instance/resources/values.yaml @@ -0,0 +1,90 @@ +--- +instance: + cluster: + networkPolicy: false + components: + - source-controller + - kustomize-controller + - helm-controller + - notification-controller + sync: + kind: GitRepository + url: ssh://git@github.com/buroa/k8s-gitops + ref: refs/heads/master + path: kubernetes/flux + pullSecret: github-deploy-key + kustomize: + patches: + # Increase the number of workers and limits + # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits + - patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --concurrent=10 + - op: add + path: /spec/template/spec/containers/0/args/- + value: --requeue-dependency=5s + target: + kind: Deployment + name: (kustomize-controller|helm-controller|source-controller) + - patch: | + apiVersion: apps/v1 + kind: Deployment + metadata: + name: all + spec: + template: + spec: + containers: + - name: manager + resources: + limits: + memory: 2Gi + target: + kind: Deployment + name: (kustomize-controller|helm-controller|source-controller) + # Enable in-memory kustomize builds + # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-in-memory-kustomize-builds + - patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --concurrent=20 + - op: replace + path: /spec/template/spec/volumes/0 + value: + name: temp + emptyDir: + medium: Memory + target: + kind: Deployment + name: kustomize-controller + # Enable Helm repositories caching + # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-helm-repositories-caching + - patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --helm-cache-max-size=10 + - op: add + path: /spec/template/spec/containers/0/args/- + value: --helm-cache-ttl=60m + - op: add + path: /spec/template/spec/containers/0/args/- + value: --helm-cache-purge-interval=5m + target: + kind: Deployment + name: source-controller + # Flux near OOM detection for Helm + # Ref: https://fluxcd.io/flux/installation/configuration/helm-oom-detection/ + - patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --feature-gates=OOMWatch=true + - op: add + path: /spec/template/spec/containers/0/args/- + value: --oom-watch-memory-threshold=95 + - op: add + path: /spec/template/spec/containers/0/args/- + value: --oom-watch-interval=500ms + target: + kind: Deployment + name: helm-controller diff --git a/kubernetes/apps/flux-system/flux/ks.yaml b/kubernetes/apps/flux-system/flux-operator/ks.yaml similarity index 69% rename from kubernetes/apps/flux-system/flux/ks.yaml rename to kubernetes/apps/flux-system/flux-operator/ks.yaml index ff08bc0d10..31d6d4a9d7 100644 --- a/kubernetes/apps/flux-system/flux/ks.yaml +++ b/kubernetes/apps/flux-system/flux-operator/ks.yaml @@ -2,18 +2,18 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app flux + name: &app flux-operator namespace: flux-system spec: targetNamespace: flux-system commonMetadata: labels: app.kubernetes.io/name: *app - path: ./kubernetes/apps/flux-system/flux/app - prune: false # revert to true + path: ./kubernetes/apps/flux-system/flux-operator/app + prune: true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -22,7 +22,7 @@ spec: apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: &app flux-config + name: &app flux-instance namespace: flux-system spec: targetNamespace: flux-system @@ -30,12 +30,12 @@ spec: labels: app.kubernetes.io/name: *app dependsOn: - - name: flux - path: ./kubernetes/apps/flux-system/flux/config - prune: false # revert to true + - name: flux-operator + path: ./kubernetes/apps/flux-system/flux-operator/instance + prune: true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/flux-system/flux/app/resources/values.yaml b/kubernetes/apps/flux-system/flux/app/resources/values.yaml deleted file mode 100644 index 0d0bed2018..0000000000 --- a/kubernetes/apps/flux-system/flux/app/resources/values.yaml +++ /dev/null @@ -1,57 +0,0 @@ ---- -crds: - annotations: - helm.sh/resource-policy: keep -helmController: - container: - additionalArgs: - # Increase the number of workers and limits - # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits - - --concurrent=10 - - --requeue-dependency=5s - # Flux near OOM detection for Helm - # Ref: https://fluxcd.io/flux/installation/configuration/helm-oom-detection/ - - --feature-gates=OOMWatch=true - - --oom-watch-memory-threshold=95 - - --oom-watch-interval=500ms - resources: &resources - requests: - cpu: 100m - limits: - memory: 2Gi -imageAutomationController: - create: false -imageReflectionController: - create: false -kustomizeController: - container: - additionalArgs: - # Increase the number of workers and limits - # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits - - --concurrent=10 - - --requeue-dependency=5s - resources: *resources -notificationController: - resources: - requests: - cpu: 100m - limits: - memory: 2Gi -sourceController: - container: - additionalArgs: - # Enable Helm repositories caching - # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-helm-repositories-caching - - --helm-cache-max-size=10 - - --helm-cache-ttl=60m - - --helm-cache-purge-interval=5m - # Increase the number of workers and limits - # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits - - --concurrent=10 - - --requeue-dependency=5s - resources: *resources -policies: - create: false -prometheus: - podMonitor: - create: true diff --git a/kubernetes/apps/flux-system/flux/config/monitoring/kustomization.yaml b/kubernetes/apps/flux-system/flux/config/monitoring/kustomization.yaml deleted file mode 100644 index 7b83cfdecc..0000000000 --- a/kubernetes/apps/flux-system/flux/config/monitoring/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./prometheusrule.yaml diff --git a/kubernetes/apps/flux-system/flux/config/monitoring/prometheusrule.yaml b/kubernetes/apps/flux-system/flux/config/monitoring/prometheusrule.yaml deleted file mode 100644 index 27a97cb1d5..0000000000 --- a/kubernetes/apps/flux-system/flux/config/monitoring/prometheusrule.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: flux -spec: - groups: - - name: flux.rules - rules: - - alert: FluxComponentAbsent - annotations: - summary: Flux component has disappeared from Prometheus target discovery. - expr: | - absent(up{job=~".*flux-system.*"} == 1) - for: 15m - labels: - severity: critical - - alert: FluxReconciliationFailure - annotations: - summary: >- - {{ $labels.kind }} {{ $labels.namespace }}/{{ $labels.name }} reconciliation - has been failing for more than 15 minutes. - expr: | - max(gotk_reconcile_condition{status="False",type="Ready"}) by (namespace, name, kind) - + - on(namespace, name, kind) (max(gotk_reconcile_condition{status="Deleted"}) - by (namespace, name, kind)) * 2 == 1 - for: 15m - labels: - severity: critical diff --git a/kubernetes/apps/flux-system/flux/config/kustomization.yaml b/kubernetes/apps/flux-system/github/app/kustomization.yaml similarity index 87% rename from kubernetes/apps/flux-system/flux/config/kustomization.yaml rename to kubernetes/apps/flux-system/github/app/kustomization.yaml index 1ed13e4e94..5b34a3ea3a 100644 --- a/kubernetes/apps/flux-system/flux/config/kustomization.yaml +++ b/kubernetes/apps/flux-system/github/app/kustomization.yaml @@ -2,6 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./monitoring - ./notifications - ./webhooks diff --git a/kubernetes/apps/flux-system/flux/config/notifications/alertmanager/alert.yaml b/kubernetes/apps/flux-system/github/app/notifications/alertmanager/alert.yaml similarity index 100% rename from kubernetes/apps/flux-system/flux/config/notifications/alertmanager/alert.yaml rename to kubernetes/apps/flux-system/github/app/notifications/alertmanager/alert.yaml diff --git a/kubernetes/apps/flux-system/flux/config/notifications/alertmanager/kustomization.yaml b/kubernetes/apps/flux-system/github/app/notifications/alertmanager/kustomization.yaml similarity index 100% rename from kubernetes/apps/flux-system/flux/config/notifications/alertmanager/kustomization.yaml rename to kubernetes/apps/flux-system/github/app/notifications/alertmanager/kustomization.yaml diff --git a/kubernetes/apps/flux-system/flux/config/notifications/alertmanager/provider.yaml b/kubernetes/apps/flux-system/github/app/notifications/alertmanager/provider.yaml similarity index 100% rename from kubernetes/apps/flux-system/flux/config/notifications/alertmanager/provider.yaml rename to kubernetes/apps/flux-system/github/app/notifications/alertmanager/provider.yaml diff --git a/kubernetes/apps/flux-system/flux/config/notifications/github/alert.yaml b/kubernetes/apps/flux-system/github/app/notifications/github/alert.yaml similarity index 100% rename from kubernetes/apps/flux-system/flux/config/notifications/github/alert.yaml rename to kubernetes/apps/flux-system/github/app/notifications/github/alert.yaml diff --git a/kubernetes/apps/flux-system/flux/config/notifications/github/externalsecret.yaml b/kubernetes/apps/flux-system/github/app/notifications/github/externalsecret.yaml similarity index 100% rename from kubernetes/apps/flux-system/flux/config/notifications/github/externalsecret.yaml rename to kubernetes/apps/flux-system/github/app/notifications/github/externalsecret.yaml diff --git a/kubernetes/apps/flux-system/flux/config/notifications/github/kustomization.yaml b/kubernetes/apps/flux-system/github/app/notifications/github/kustomization.yaml similarity index 100% rename from kubernetes/apps/flux-system/flux/config/notifications/github/kustomization.yaml rename to kubernetes/apps/flux-system/github/app/notifications/github/kustomization.yaml diff --git a/kubernetes/apps/flux-system/flux/config/notifications/github/provider.yaml b/kubernetes/apps/flux-system/github/app/notifications/github/provider.yaml similarity index 100% rename from kubernetes/apps/flux-system/flux/config/notifications/github/provider.yaml rename to kubernetes/apps/flux-system/github/app/notifications/github/provider.yaml diff --git a/kubernetes/apps/flux-system/flux/config/notifications/kustomization.yaml b/kubernetes/apps/flux-system/github/app/notifications/kustomization.yaml similarity index 100% rename from kubernetes/apps/flux-system/flux/config/notifications/kustomization.yaml rename to kubernetes/apps/flux-system/github/app/notifications/kustomization.yaml diff --git a/kubernetes/apps/flux-system/flux/config/webhooks/github/externalsecret.yaml b/kubernetes/apps/flux-system/github/app/webhooks/github/externalsecret.yaml similarity index 100% rename from kubernetes/apps/flux-system/flux/config/webhooks/github/externalsecret.yaml rename to kubernetes/apps/flux-system/github/app/webhooks/github/externalsecret.yaml diff --git a/kubernetes/apps/flux-system/flux/config/webhooks/github/ingress.yaml b/kubernetes/apps/flux-system/github/app/webhooks/github/ingress.yaml similarity index 100% rename from kubernetes/apps/flux-system/flux/config/webhooks/github/ingress.yaml rename to kubernetes/apps/flux-system/github/app/webhooks/github/ingress.yaml diff --git a/kubernetes/apps/flux-system/flux/config/webhooks/github/kustomization.yaml b/kubernetes/apps/flux-system/github/app/webhooks/github/kustomization.yaml similarity index 100% rename from kubernetes/apps/flux-system/flux/config/webhooks/github/kustomization.yaml rename to kubernetes/apps/flux-system/github/app/webhooks/github/kustomization.yaml diff --git a/kubernetes/apps/flux-system/flux/config/webhooks/github/receiver.yaml b/kubernetes/apps/flux-system/github/app/webhooks/github/receiver.yaml similarity index 95% rename from kubernetes/apps/flux-system/flux/config/webhooks/github/receiver.yaml rename to kubernetes/apps/flux-system/github/app/webhooks/github/receiver.yaml index 7a57104a39..567f657687 100644 --- a/kubernetes/apps/flux-system/flux/config/webhooks/github/receiver.yaml +++ b/kubernetes/apps/flux-system/github/app/webhooks/github/receiver.yaml @@ -13,7 +13,7 @@ spec: resources: - apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository - name: k8s-gitops + name: flux-system namespace: flux-system - apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization diff --git a/kubernetes/apps/flux-system/flux/config/webhooks/kustomization.yaml b/kubernetes/apps/flux-system/github/app/webhooks/kustomization.yaml similarity index 100% rename from kubernetes/apps/flux-system/flux/config/webhooks/kustomization.yaml rename to kubernetes/apps/flux-system/github/app/webhooks/kustomization.yaml diff --git a/kubernetes/apps/flux-system/github/ks.yaml b/kubernetes/apps/flux-system/github/ks.yaml new file mode 100644 index 0000000000..35b4cd4839 --- /dev/null +++ b/kubernetes/apps/flux-system/github/ks.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app flux-github + namespace: flux-system +spec: + targetNamespace: flux-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: flux-instance + path: ./kubernetes/apps/flux-system/github/app + prune: true + sourceRef: + kind: GitRepository + name: flux-system + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/flux-system/kustomization.yaml b/kubernetes/apps/flux-system/kustomization.yaml index 1a87c65513..e8660b9699 100644 --- a/kubernetes/apps/flux-system/kustomization.yaml +++ b/kubernetes/apps/flux-system/kustomization.yaml @@ -3,4 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./namespace.yaml - - ./flux/ks.yaml + - ./flux-operator/ks.yaml + - ./github/ks.yaml diff --git a/kubernetes/apps/home/atuin/ks.yaml b/kubernetes/apps/home/atuin/ks.yaml index a55c4bae58..56be3dd3d1 100644 --- a/kubernetes/apps/home/atuin/ks.yaml +++ b/kubernetes/apps/home/atuin/ks.yaml @@ -16,7 +16,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/home/go2rtc/ks.yaml b/kubernetes/apps/home/go2rtc/ks.yaml index 4ea655e7a7..3b9354992f 100644 --- a/kubernetes/apps/home/go2rtc/ks.yaml +++ b/kubernetes/apps/home/go2rtc/ks.yaml @@ -17,7 +17,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/home/home-assistant/ks.yaml b/kubernetes/apps/home/home-assistant/ks.yaml index a6d1bacfc4..f89fd3565a 100644 --- a/kubernetes/apps/home/home-assistant/ks.yaml +++ b/kubernetes/apps/home/home-assistant/ks.yaml @@ -19,7 +19,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/home/zigbee2mqtt/ks.yaml b/kubernetes/apps/home/zigbee2mqtt/ks.yaml index 13708c4dd8..1c6ab9ef19 100644 --- a/kubernetes/apps/home/zigbee2mqtt/ks.yaml +++ b/kubernetes/apps/home/zigbee2mqtt/ks.yaml @@ -18,7 +18,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/kube-system/cilium/ks.yaml b/kubernetes/apps/kube-system/cilium/ks.yaml index d28ef88525..d886d139c0 100644 --- a/kubernetes/apps/kube-system/cilium/ks.yaml +++ b/kubernetes/apps/kube-system/cilium/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # never should be deleted sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -35,7 +35,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/kube-system/coredns/ks.yaml b/kubernetes/apps/kube-system/coredns/ks.yaml index e95c24dc0f..0fd418571c 100644 --- a/kubernetes/apps/kube-system/coredns/ks.yaml +++ b/kubernetes/apps/kube-system/coredns/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # never should be deleted sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/kube-system/descheduler/ks.yaml b/kubernetes/apps/kube-system/descheduler/ks.yaml index 54c71742ca..c3f706a7f5 100644 --- a/kubernetes/apps/kube-system/descheduler/ks.yaml +++ b/kubernetes/apps/kube-system/descheduler/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/kube-system/fstrim/ks.yaml b/kubernetes/apps/kube-system/fstrim/ks.yaml index 9b99ab6e9d..ae3f89c042 100644 --- a/kubernetes/apps/kube-system/fstrim/ks.yaml +++ b/kubernetes/apps/kube-system/fstrim/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/kube-system/generic-device-plugin/ks.yaml b/kubernetes/apps/kube-system/generic-device-plugin/ks.yaml index 190e23b490..b8f632553b 100644 --- a/kubernetes/apps/kube-system/generic-device-plugin/ks.yaml +++ b/kubernetes/apps/kube-system/generic-device-plugin/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/kube-system/intel-device-plugin/ks.yaml b/kubernetes/apps/kube-system/intel-device-plugin/ks.yaml index e385ebed3c..096e1f1418 100644 --- a/kubernetes/apps/kube-system/intel-device-plugin/ks.yaml +++ b/kubernetes/apps/kube-system/intel-device-plugin/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -36,7 +36,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/kube-system/irqbalance/ks.yaml b/kubernetes/apps/kube-system/irqbalance/ks.yaml index 470527e0ef..67e97c5103 100644 --- a/kubernetes/apps/kube-system/irqbalance/ks.yaml +++ b/kubernetes/apps/kube-system/irqbalance/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/kube-system/metrics-server/ks.yaml b/kubernetes/apps/kube-system/metrics-server/ks.yaml index 08e684b541..1b082b4cfa 100644 --- a/kubernetes/apps/kube-system/metrics-server/ks.yaml +++ b/kubernetes/apps/kube-system/metrics-server/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/kube-system/node-feature-discovery/ks.yaml b/kubernetes/apps/kube-system/node-feature-discovery/ks.yaml index a9d7b85ac0..aec4ec9e4f 100644 --- a/kubernetes/apps/kube-system/node-feature-discovery/ks.yaml +++ b/kubernetes/apps/kube-system/node-feature-discovery/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -35,7 +35,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system interval: 30m retryInterval: 1m timeout: 5m diff --git a/kubernetes/apps/kube-system/reloader/ks.yaml b/kubernetes/apps/kube-system/reloader/ks.yaml index c55dc097e4..92e8e8f905 100644 --- a/kubernetes/apps/kube-system/reloader/ks.yaml +++ b/kubernetes/apps/kube-system/reloader/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/kube-system/spegel/ks.yaml b/kubernetes/apps/kube-system/spegel/ks.yaml index 65648ae48b..a3a2b723d9 100644 --- a/kubernetes/apps/kube-system/spegel/ks.yaml +++ b/kubernetes/apps/kube-system/spegel/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/kyverno/kyverno/ks.yaml b/kubernetes/apps/kyverno/kyverno/ks.yaml index d6537829a4..b746d70dd5 100644 --- a/kubernetes/apps/kyverno/kyverno/ks.yaml +++ b/kubernetes/apps/kyverno/kyverno/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -35,7 +35,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/media/autobrr/ks.yaml b/kubernetes/apps/media/autobrr/ks.yaml index 13b6507dc5..8485f6fa75 100644 --- a/kubernetes/apps/media/autobrr/ks.yaml +++ b/kubernetes/apps/media/autobrr/ks.yaml @@ -16,7 +16,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/media/bazarr/ks.yaml b/kubernetes/apps/media/bazarr/ks.yaml index d17cbb5dfb..363a44ca22 100644 --- a/kubernetes/apps/media/bazarr/ks.yaml +++ b/kubernetes/apps/media/bazarr/ks.yaml @@ -17,7 +17,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/media/cross-seed/ks.yaml b/kubernetes/apps/media/cross-seed/ks.yaml index bd7557a80b..7c4bdfb83c 100644 --- a/kubernetes/apps/media/cross-seed/ks.yaml +++ b/kubernetes/apps/media/cross-seed/ks.yaml @@ -16,7 +16,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/media/overseerr/ks.yaml b/kubernetes/apps/media/overseerr/ks.yaml index 636da4c6ae..8a7427f3ef 100644 --- a/kubernetes/apps/media/overseerr/ks.yaml +++ b/kubernetes/apps/media/overseerr/ks.yaml @@ -16,7 +16,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/media/plex/ks.yaml b/kubernetes/apps/media/plex/ks.yaml index dcc97d3ad4..f6a348f9e5 100644 --- a/kubernetes/apps/media/plex/ks.yaml +++ b/kubernetes/apps/media/plex/ks.yaml @@ -17,7 +17,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/media/prowlarr/ks.yaml b/kubernetes/apps/media/prowlarr/ks.yaml index 682953a85f..3837fcc846 100644 --- a/kubernetes/apps/media/prowlarr/ks.yaml +++ b/kubernetes/apps/media/prowlarr/ks.yaml @@ -16,7 +16,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/media/qbittorrent/ks.yaml b/kubernetes/apps/media/qbittorrent/ks.yaml index c3e48938bc..13a0b7e8c7 100644 --- a/kubernetes/apps/media/qbittorrent/ks.yaml +++ b/kubernetes/apps/media/qbittorrent/ks.yaml @@ -16,7 +16,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -39,7 +39,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/media/radarr/ks.yaml b/kubernetes/apps/media/radarr/ks.yaml index 68016d1eeb..5dd1c5fee8 100644 --- a/kubernetes/apps/media/radarr/ks.yaml +++ b/kubernetes/apps/media/radarr/ks.yaml @@ -17,7 +17,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/media/recyclarr/ks.yaml b/kubernetes/apps/media/recyclarr/ks.yaml index c2fbc1b030..eb4a351e90 100644 --- a/kubernetes/apps/media/recyclarr/ks.yaml +++ b/kubernetes/apps/media/recyclarr/ks.yaml @@ -17,7 +17,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/media/sabnzbd/ks.yaml b/kubernetes/apps/media/sabnzbd/ks.yaml index 193c291074..080f15116e 100644 --- a/kubernetes/apps/media/sabnzbd/ks.yaml +++ b/kubernetes/apps/media/sabnzbd/ks.yaml @@ -17,7 +17,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/media/sonarr/ks.yaml b/kubernetes/apps/media/sonarr/ks.yaml index f22e03fe4a..654c91fbee 100644 --- a/kubernetes/apps/media/sonarr/ks.yaml +++ b/kubernetes/apps/media/sonarr/ks.yaml @@ -17,7 +17,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/media/tautulli/ks.yaml b/kubernetes/apps/media/tautulli/ks.yaml index a8daf02d83..13c5a24850 100644 --- a/kubernetes/apps/media/tautulli/ks.yaml +++ b/kubernetes/apps/media/tautulli/ks.yaml @@ -16,7 +16,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/media/unpackerr/ks.yaml b/kubernetes/apps/media/unpackerr/ks.yaml index fc58fc9c38..4b658b5f38 100644 --- a/kubernetes/apps/media/unpackerr/ks.yaml +++ b/kubernetes/apps/media/unpackerr/ks.yaml @@ -15,7 +15,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/monitoring/exporters/blackbox-exporter/ks.yaml b/kubernetes/apps/monitoring/exporters/blackbox-exporter/ks.yaml index c99874caff..fa947e3d83 100644 --- a/kubernetes/apps/monitoring/exporters/blackbox-exporter/ks.yaml +++ b/kubernetes/apps/monitoring/exporters/blackbox-exporter/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -35,7 +35,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system interval: 30m retryInterval: 1m timeout: 5m diff --git a/kubernetes/apps/monitoring/exporters/mqtt-exporter/ks.yaml b/kubernetes/apps/monitoring/exporters/mqtt-exporter/ks.yaml index 0e6a1fc0af..917578daf7 100644 --- a/kubernetes/apps/monitoring/exporters/mqtt-exporter/ks.yaml +++ b/kubernetes/apps/monitoring/exporters/mqtt-exporter/ks.yaml @@ -16,7 +16,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/monitoring/exporters/smartctl-exporter/ks.yaml b/kubernetes/apps/monitoring/exporters/smartctl-exporter/ks.yaml index 0b54ca0a8c..4ba3ace64d 100644 --- a/kubernetes/apps/monitoring/exporters/smartctl-exporter/ks.yaml +++ b/kubernetes/apps/monitoring/exporters/smartctl-exporter/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/monitoring/exporters/snmp-exporter/ks.yaml b/kubernetes/apps/monitoring/exporters/snmp-exporter/ks.yaml index 7355ea0aaf..6bf6da4a89 100644 --- a/kubernetes/apps/monitoring/exporters/snmp-exporter/ks.yaml +++ b/kubernetes/apps/monitoring/exporters/snmp-exporter/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/monitoring/exporters/speedtest-exporter/ks.yaml b/kubernetes/apps/monitoring/exporters/speedtest-exporter/ks.yaml index e3a76a97fe..f017413cbc 100644 --- a/kubernetes/apps/monitoring/exporters/speedtest-exporter/ks.yaml +++ b/kubernetes/apps/monitoring/exporters/speedtest-exporter/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/monitoring/gatus/ks.yaml b/kubernetes/apps/monitoring/gatus/ks.yaml index 0f197641d4..44c10b50f3 100644 --- a/kubernetes/apps/monitoring/gatus/ks.yaml +++ b/kubernetes/apps/monitoring/gatus/ks.yaml @@ -16,7 +16,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/monitoring/grafana/ks.yaml b/kubernetes/apps/monitoring/grafana/ks.yaml index 1139fb891b..35c4fd7701 100644 --- a/kubernetes/apps/monitoring/grafana/ks.yaml +++ b/kubernetes/apps/monitoring/grafana/ks.yaml @@ -15,7 +15,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/monitoring/karma/ks.yaml b/kubernetes/apps/monitoring/karma/ks.yaml index 6fe42e6aa7..b285b329d2 100644 --- a/kubernetes/apps/monitoring/karma/ks.yaml +++ b/kubernetes/apps/monitoring/karma/ks.yaml @@ -15,7 +15,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/monitoring/kromgo/ks.yaml b/kubernetes/apps/monitoring/kromgo/ks.yaml index 42013d68c4..4628a5d901 100644 --- a/kubernetes/apps/monitoring/kromgo/ks.yaml +++ b/kubernetes/apps/monitoring/kromgo/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/ks.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/ks.yaml index eb994e398c..3534a2157d 100644 --- a/kubernetes/apps/monitoring/kube-prometheus-stack/ks.yaml +++ b/kubernetes/apps/monitoring/kube-prometheus-stack/ks.yaml @@ -17,7 +17,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -39,7 +39,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/monitoring/loki/ks.yaml b/kubernetes/apps/monitoring/loki/ks.yaml index e6104050b5..35ed53dd1b 100644 --- a/kubernetes/apps/monitoring/loki/ks.yaml +++ b/kubernetes/apps/monitoring/loki/ks.yaml @@ -15,7 +15,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/monitoring/prometheus-operator-crds/ks.yaml b/kubernetes/apps/monitoring/prometheus-operator-crds/ks.yaml index 623fe5f0a2..13817cbbe5 100644 --- a/kubernetes/apps/monitoring/prometheus-operator-crds/ks.yaml +++ b/kubernetes/apps/monitoring/prometheus-operator-crds/ks.yaml @@ -15,7 +15,7 @@ spec: prune: false # never should be deleted sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/monitoring/promtail/ks.yaml b/kubernetes/apps/monitoring/promtail/ks.yaml index 5536f82caf..8232b3bf9a 100644 --- a/kubernetes/apps/monitoring/promtail/ks.yaml +++ b/kubernetes/apps/monitoring/promtail/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/monitoring/unpoller/ks.yaml b/kubernetes/apps/monitoring/unpoller/ks.yaml index e62892a8b1..91b376af8a 100644 --- a/kubernetes/apps/monitoring/unpoller/ks.yaml +++ b/kubernetes/apps/monitoring/unpoller/ks.yaml @@ -15,7 +15,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/networking/cloudflared/ks.yaml b/kubernetes/apps/networking/cloudflared/ks.yaml index 8151fcd645..14926c4784 100644 --- a/kubernetes/apps/networking/cloudflared/ks.yaml +++ b/kubernetes/apps/networking/cloudflared/ks.yaml @@ -15,7 +15,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/networking/echo-server/ks.yaml b/kubernetes/apps/networking/echo-server/ks.yaml index 21ec4721b1..b3c031b3d0 100644 --- a/kubernetes/apps/networking/echo-server/ks.yaml +++ b/kubernetes/apps/networking/echo-server/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/networking/external-dns/ks.yaml b/kubernetes/apps/networking/external-dns/ks.yaml index a6881a0e86..e390cc7fa1 100644 --- a/kubernetes/apps/networking/external-dns/ks.yaml +++ b/kubernetes/apps/networking/external-dns/ks.yaml @@ -15,7 +15,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -37,7 +37,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/networking/multus/ks.yaml b/kubernetes/apps/networking/multus/ks.yaml index 419e88c504..b6e4c66c88 100644 --- a/kubernetes/apps/networking/multus/ks.yaml +++ b/kubernetes/apps/networking/multus/ks.yaml @@ -15,7 +15,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -37,7 +37,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/networking/nginx/ks.yaml b/kubernetes/apps/networking/nginx/ks.yaml index ca169b0234..72172eb423 100644 --- a/kubernetes/apps/networking/nginx/ks.yaml +++ b/kubernetes/apps/networking/nginx/ks.yaml @@ -15,7 +15,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -37,7 +37,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -59,7 +59,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/networking/smtp-relay/ks.yaml b/kubernetes/apps/networking/smtp-relay/ks.yaml index ee742ca6c9..18c25d233b 100644 --- a/kubernetes/apps/networking/smtp-relay/ks.yaml +++ b/kubernetes/apps/networking/smtp-relay/ks.yaml @@ -15,7 +15,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/openebs-system/openebs/ks.yaml b/kubernetes/apps/openebs-system/openebs/ks.yaml index c3729adc94..785331b942 100644 --- a/kubernetes/apps/openebs-system/openebs/ks.yaml +++ b/kubernetes/apps/openebs-system/openebs/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml b/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml index f171078e4f..156dc90a11 100644 --- a/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml +++ b/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml @@ -15,7 +15,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -37,7 +37,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/system-upgrade/system-upgrade-controller/ks.yaml b/kubernetes/apps/system-upgrade/system-upgrade-controller/ks.yaml index 9c87593dfc..a4e700e347 100644 --- a/kubernetes/apps/system-upgrade/system-upgrade-controller/ks.yaml +++ b/kubernetes/apps/system-upgrade/system-upgrade-controller/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m @@ -36,7 +36,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/volsync-system/snapshot-controller/ks.yaml b/kubernetes/apps/volsync-system/snapshot-controller/ks.yaml index 9c2d071560..56a58e7767 100644 --- a/kubernetes/apps/volsync-system/snapshot-controller/ks.yaml +++ b/kubernetes/apps/volsync-system/snapshot-controller/ks.yaml @@ -13,7 +13,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/apps/volsync-system/volsync/ks.yaml b/kubernetes/apps/volsync-system/volsync/ks.yaml index 2579430cc9..023c4aafe3 100644 --- a/kubernetes/apps/volsync-system/volsync/ks.yaml +++ b/kubernetes/apps/volsync-system/volsync/ks.yaml @@ -15,7 +15,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system wait: true interval: 30m retryInterval: 1m diff --git a/kubernetes/bootstrap/apps/external-secrets.j2 b/kubernetes/bootstrap/apps/external-secrets.j2 deleted file mode 100644 index 85209cb370..0000000000 --- a/kubernetes/bootstrap/apps/external-secrets.j2 +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: external-secrets ---- -apiVersion: v1 -kind: Secret -metadata: - name: onepassword-connect-secret - namespace: external-secrets -stringData: - 1password-credentials.json: {{ ENV.ONEPASSWORD_CREDENTIALS }} - token: {{ ENV.ONEPASSWORD_CONNECT_TOKEN }} diff --git a/kubernetes/bootstrap/apps/helmfile.yaml b/kubernetes/bootstrap/apps/helmfile.yaml index 10ccd0e6cf..6d0acf97e9 100644 --- a/kubernetes/bootstrap/apps/helmfile.yaml +++ b/kubernetes/bootstrap/apps/helmfile.yaml @@ -1,10 +1,6 @@ --- -# renovate: depName=ghcr.io/siderolabs/kubelet datasource=docker -kubeVersion: v1.32.0 - helmDefaults: force: true - recreatePods: true timeout: 600 wait: true waitForJobs: true @@ -45,10 +41,27 @@ releases: - '{{ requiredEnv "KUBERNETES_DIR" }}/apps/kube-system/spegel/app/resources/values.yaml' needs: ["kube-system/coredns"] - - name: flux - namespace: flux-system - chart: oci://ghcr.io/fluxcd-community/charts/flux2 - version: 2.14.1 + - name: wipe-rook + namespace: kube-system + chart: oci://ghcr.io/bjw-s/helm/app-template + version: 3.6.0 values: - - '{{ requiredEnv "KUBERNETES_DIR" }}/apps/flux-system/flux/app/resources/values.yaml' + - ./templates/wipe-rook.yaml.gotmpl needs: ["kube-system/spegel"] + + - name: flux-operator + namespace: flux-system + chart: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator + version: 0.12.0 + values: + - '{{ requiredEnv "KUBERNETES_DIR" }}/apps/flux-system/flux-operator/app/resources/values.yaml' + needs: ["kube-system/wipe-rook"] + + - name: flux-instance + namespace: flux-system + chart: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-instance + version: 0.12.0 + wait: false + values: + - '{{ requiredEnv "KUBERNETES_DIR" }}/apps/flux-system/flux-operator/instance/resources/values.yaml' + needs: ["flux-system/flux-operator"] diff --git a/kubernetes/bootstrap/apps/flux-system.yaml.j2 b/kubernetes/bootstrap/templates/resources.yaml.j2 similarity index 60% rename from kubernetes/bootstrap/apps/flux-system.yaml.j2 rename to kubernetes/bootstrap/templates/resources.yaml.j2 index cd27db141a..60caa0eb50 100644 --- a/kubernetes/bootstrap/apps/flux-system.yaml.j2 +++ b/kubernetes/bootstrap/templates/resources.yaml.j2 @@ -1,6 +1,20 @@ --- apiVersion: v1 kind: Namespace +metadata: + name: external-secrets +--- +apiVersion: v1 +kind: Secret +metadata: + name: onepassword-connect-secret + namespace: external-secrets +stringData: + 1password-credentials.json: {{ ENV.ONEPASSWORD_CREDENTIALS }} + token: {{ ENV.ONEPASSWORD_CONNECT_TOKEN }} +--- +apiVersion: v1 +kind: Namespace metadata: name: flux-system --- diff --git a/kubernetes/bootstrap/templates/wipe-rook.yaml.gotmpl b/kubernetes/bootstrap/templates/wipe-rook.yaml.gotmpl new file mode 100644 index 0000000000..006e0fd253 --- /dev/null +++ b/kubernetes/bootstrap/templates/wipe-rook.yaml.gotmpl @@ -0,0 +1,65 @@ +controllers: + main: + type: job + annotations: + helm.sh/hook: "post-install,post-upgrade" + helm.sh/hook-delete-policy: "before-hook-creation" + job: + backoffLimit: 0 + parallelism: {{ requiredEnv "NODE_COUNT" }} + initContainers: + data: + image: + repository: docker.io/library/alpine + tag: latest + command: + - /bin/sh + - -c + args: + - rm -rf /mnt/host_var/lib/rook + securityContext: + privileged: true + containers: + disk: + image: + repository: docker.io/library/alpine + tag: latest + env: + MODEL: {{ requiredEnv "MODEL" | quote }} + command: + - /bin/sh + - -c + args: + - | + apk add --no-cache findutils nvme-cli; + DISK=$(find /dev/disk/by-id/ -iname "*$(MODEL)*" -not -name "*_[0-9]"); + echo "=== Wiping $DISK ==="; + nvme format --lbaf=1 $DISK --force; + nvme format --block-size=4096 $DISK --force; + securityContext: + privileged: true + pod: + restartPolicy: Never +defaultPodOptions: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: wipe-disk-job +persistence: + host-var: + type: hostPath + hostPath: /var + hostPathType: Directory + globalMounts: + - path: /mnt/host_var + readOnly: true + host-dev: + type: hostPath + hostPath: /dev/disk/by-id + hostPathType: Directory + globalMounts: + - path: /dev/disk/by-id + readOnly: true diff --git a/kubernetes/flux/apps.yaml b/kubernetes/flux/apps.yaml index ae2654e8d7..3612412089 100644 --- a/kubernetes/flux/apps.yaml +++ b/kubernetes/flux/apps.yaml @@ -10,7 +10,7 @@ spec: prune: false # revert to true sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system decryption: provider: sops secretRef: diff --git a/kubernetes/flux/config/cluster.yaml b/kubernetes/flux/config/cluster.yaml index d94f6adbd2..d2d9e1d813 100644 --- a/kubernetes/flux/config/cluster.yaml +++ b/kubernetes/flux/config/cluster.yaml @@ -1,22 +1,4 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: k8s-gitops - namespace: flux-system -spec: - interval: 30m - url: ssh://git@github.com/buroa/k8s-gitops - ref: - branch: master - secretRef: - name: github-deploy-key - ignore: | - # exclude all - /* - # include kubernetes directory - !/kubernetes ---- apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -29,7 +11,7 @@ spec: wait: false sourceRef: kind: GitRepository - name: k8s-gitops + name: flux-system decryption: provider: sops secretRef: diff --git a/kubernetes/flux/config/crds/.gitkeep b/kubernetes/flux/config/crds/.gitkeep deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/kubernetes/flux/repositories/helm/fluxcd-community.yaml b/kubernetes/flux/repositories/helm/controlplaneio.yaml similarity index 64% rename from kubernetes/flux/repositories/helm/fluxcd-community.yaml rename to kubernetes/flux/repositories/helm/controlplaneio.yaml index c102d0cba1..1c194790dc 100644 --- a/kubernetes/flux/repositories/helm/fluxcd-community.yaml +++ b/kubernetes/flux/repositories/helm/controlplaneio.yaml @@ -2,9 +2,9 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: - name: fluxcd-community + name: controlplaneio namespace: flux-system spec: type: oci interval: 5m - url: oci://ghcr.io/fluxcd-community/charts + url: oci://ghcr.io/controlplaneio-fluxcd/charts diff --git a/kubernetes/flux/repositories/helm/kustomization.yaml b/kubernetes/flux/repositories/helm/kustomization.yaml index 1b093b47d6..7375e71017 100644 --- a/kubernetes/flux/repositories/helm/kustomization.yaml +++ b/kubernetes/flux/repositories/helm/kustomization.yaml @@ -7,13 +7,13 @@ resources: - ./bjw-s.yaml - ./cilium.yaml - ./cloudnative-pg.yaml + - ./controlplaneio.yaml - ./coredns.yaml - ./deliveryhero.yaml - ./emqx.yaml - ./external-dns.yaml - ./external-secrets.yaml - ./fairwinds.yaml - - ./fluxcd-community.yaml - ./grafana.yaml - ./ingress-nginx.yaml - ./intel.yaml