feat(flux): big brain operator #3275
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bot-blake
bot
added
area/kubernetes
--- kubernetes/apps/flux-system/flux/app Kustomization: flux-system/flux HelmRelease: flux-system/flux
+++ kubernetes/apps/flux-system/flux/app Kustomization: flux-system/flux HelmRelease: flux-system/flux
@@ -1,32 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- labels:
- app.kubernetes.io/name: flux
- kustomize.toolkit.fluxcd.io/name: flux
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: flux
- namespace: flux-system
-spec:
- chart:
- spec:
- chart: flux2
- sourceRef:
- kind: HelmRepository
- name: fluxcd-community
- namespace: flux-system
- version: 2.14.1
- install:
- remediation:
- retries: 3
- interval: 30m
- upgrade:
- cleanupOnFail: true
- remediation:
- retries: 3
- strategy: rollback
- valuesFrom:
- - kind: ConfigMap
- name: flux-helm-values
-
--- kubernetes/apps/flux-system/flux/app Kustomization: flux-system/flux ConfigMap: flux-system/flux-helm-values
+++ kubernetes/apps/flux-system/flux/app Kustomization: flux-system/flux ConfigMap: flux-system/flux-helm-values
@@ -1,70 +0,0 @@
----
-apiVersion: v1
-data:
- values.yaml: |
- ---
- crds:
- annotations:
- helm.sh/resource-policy: keep
- helmController:
- container:
- additionalArgs:
- # Increase the number of workers and limits
- # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits
- - --concurrent=10
- - --requeue-dependency=5s
- # Flux near OOM detection for Helm
- # Ref: https://fluxcd.io/flux/installation/configuration/helm-oom-detection/
- - --feature-gates=OOMWatch=true
- - --oom-watch-memory-threshold=95
- - --oom-watch-interval=500ms
- resources: &resources
- requests:
- cpu: 100m
- limits:
- memory: 2Gi
- imageAutomationController:
- create: false
- imageReflectionController:
- create: false
- kustomizeController:
- container:
- additionalArgs:
- # Increase the number of workers and limits
- # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits
- - --concurrent=10
- - --requeue-dependency=5s
- resources: *resources
- notificationController:
- resources:
- requests:
- cpu: 100m
- limits:
- memory: 2Gi
- sourceController:
- container:
- additionalArgs:
- # Enable Helm repositories caching
- # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-helm-repositories-caching
- - --helm-cache-max-size=10
- - --helm-cache-ttl=60m
- - --helm-cache-purge-interval=5m
- # Increase the number of workers and limits
- # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits
- - --concurrent=10
- - --requeue-dependency=5s
- resources: *resources
- policies:
- create: false
- prometheus:
- podMonitor:
- create: true
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: flux
- kustomize.toolkit.fluxcd.io/name: flux
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: flux-helm-values
- namespace: flux-system
-
--- kubernetes/flux Kustomization: flux-system/cluster GitRepository: flux-system/k8s-gitops
+++ kubernetes/flux Kustomization: flux-system/cluster GitRepository: flux-system/k8s-gitops
@@ -1,22 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: k8s-gitops
- namespace: flux-system
-spec:
- ignore: |
- # exclude all
- /*
- # include kubernetes directory
- !/kubernetes
- interval: 30m
- ref:
- branch: master
- secretRef:
- name: github-deploy-key
- url: ssh://git@github.com/buroa/k8s-gitops
-
--- kubernetes/flux Kustomization: flux-system/cluster HelmRepository: flux-system/fluxcd-community
+++ kubernetes/flux Kustomization: flux-system/cluster HelmRepository: flux-system/fluxcd-community
@@ -1,14 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: fluxcd-community
- namespace: flux-system
-spec:
- interval: 5m
- type: oci
- url: oci://ghcr.io/fluxcd-community/charts
-
--- kubernetes/flux Kustomization: flux-system/cluster HelmRepository: flux-system/controlplaneio
+++ kubernetes/flux Kustomization: flux-system/cluster HelmRepository: flux-system/controlplaneio
@@ -0,0 +1,14 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: controlplaneio
+ namespace: flux-system
+spec:
+ interval: 5m
+ type: oci
+ url: oci://ghcr.io/controlplaneio-fluxcd/charts
+
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux
@@ -1,36 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster-apps
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: flux
- namespace: flux-system
-spec:
- commonMetadata:
- labels:
- app.kubernetes.io/name: flux
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- interval: 30m
- path: ./kubernetes/apps/flux-system/flux/app
- postBuild:
- substituteFrom:
- - kind: ConfigMap
- name: cluster-settings
- optional: false
- - kind: Secret
- name: cluster-secrets
- optional: true
- prune: true
- retryInterval: 1m
- sourceRef:
- kind: GitRepository
- name: k8s-gitops
- targetNamespace: flux-system
- timeout: 5m
- wait: true
-
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-config
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-config
@@ -1,38 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster-apps
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: flux-config
- namespace: flux-system
-spec:
- commonMetadata:
- labels:
- app.kubernetes.io/name: flux-config
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- dependsOn:
- - name: flux
- interval: 30m
- path: ./kubernetes/apps/flux-system/flux/config
- postBuild:
- substituteFrom:
- - kind: ConfigMap
- name: cluster-settings
- optional: false
- - kind: Secret
- name: cluster-secrets
- optional: true
- prune: true
- retryInterval: 1m
- sourceRef:
- kind: GitRepository
- name: k8s-gitops
- targetNamespace: flux-system
- timeout: 5m
- wait: true
-
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-operator
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-operator
@@ -0,0 +1,36 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-operator
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: flux-operator
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ interval: 30m
+ path: ./kubernetes/apps/flux-system/flux-operator/app
+ postBuild:
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ optional: false
+ - kind: Secret
+ name: cluster-secrets
+ optional: true
+ prune: true
+ retryInterval: 1m
+ sourceRef:
+ kind: GitRepository
+ name: k8s-gitops
+ targetNamespace: flux-system
+ timeout: 5m
+ wait: true
+
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-instance
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-instance
@@ -0,0 +1,38 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-instance
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: flux-instance
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ dependsOn:
+ - name: flux-operator
+ interval: 30m
+ path: ./kubernetes/apps/flux-system/flux-operator/instance
+ postBuild:
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ optional: false
+ - kind: Secret
+ name: cluster-secrets
+ optional: true
+ prune: true
+ retryInterval: 1m
+ sourceRef:
+ kind: GitRepository
+ name: k8s-gitops
+ targetNamespace: flux-system
+ timeout: 5m
+ wait: true
+
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-github
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-github
@@ -0,0 +1,36 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-github
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ interval: 30m
+ path: ./kubernetes/apps/flux-system/github/app
+ postBuild:
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ optional: false
+ - kind: Secret
+ name: cluster-secrets
+ optional: true
+ prune: true
+ retryInterval: 1m
+ sourceRef:
+ kind: GitRepository
+ name: k8s-gitops
+ targetNamespace: flux-system
+ timeout: 5m
+ wait: true
+
--- kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config PrometheusRule: flux-system/flux
+++ kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config PrometheusRule: flux-system/flux
@@ -1,35 +0,0 @@
----
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
- labels:
- app.kubernetes.io/name: flux-config
- kustomize.toolkit.fluxcd.io/name: flux-config
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: flux
- namespace: flux-system
-spec:
- groups:
- - name: flux.rules
- rules:
- - alert: FluxComponentAbsent
- annotations:
- summary: Flux component has disappeared from Prometheus target discovery.
- expr: |
- absent(up{job=~".*flux-system.*"} == 1)
- for: 15m
- labels:
- severity: critical
- - alert: FluxReconciliationFailure
- annotations:
- summary: '{{ $labels.kind }} {{ $labels.namespace }}/{{ $labels.name }} reconciliation
- has been failing for more than 15 minutes.'
- expr: |
- max(gotk_reconcile_condition{status="False",type="Ready"}) by (namespace, name, kind)
- +
- on(namespace, name, kind) (max(gotk_reconcile_condition{status="Deleted"})
- by (namespace, name, kind)) * 2 == 1
- for: 15m
- labels:
- severity: critical
-
--- kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config Alert: flux-system/alertmanager
+++ kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config Alert: flux-system/alertmanager
@@ -1,32 +0,0 @@
----
-apiVersion: notification.toolkit.fluxcd.io/v1beta3
-kind: Alert
-metadata:
- labels:
- app.kubernetes.io/name: flux-config
- kustomize.toolkit.fluxcd.io/name: flux-config
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: alertmanager
- namespace: flux-system
-spec:
- eventSeverity: error
- eventSources:
- - kind: GitRepository
- name: '*'
- - kind: HelmRelease
- name: '*'
- - kind: HelmRepository
- name: '*'
- - kind: Kustomization
- name: '*'
- - kind: OCIRepository
- name: '*'
- exclusionList:
- - error.*lookup github\\.com
- - error.*lookup raw\\.githubusercontent\\.com
- - dial.*tcp.*timeout
- - waiting.*socket
- providerRef:
- name: alertmanager
- suspend: false
-
--- kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config Provider: flux-system/alertmanager
+++ kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config Provider: flux-system/alertmanager
@@ -1,14 +0,0 @@
----
-apiVersion: notification.toolkit.fluxcd.io/v1beta3
-kind: Provider
-metadata:
- labels:
- app.kubernetes.io/name: flux-config
- kustomize.toolkit.fluxcd.io/name: flux-config
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: alertmanager
- namespace: flux-system
-spec:
- address: http://alertmanager-operated.monitoring.svc.cluster.local:9093/api/v2/alerts/
- type: alertmanager
-
--- kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config Alert: flux-system/github
+++ kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config Alert: flux-system/github
@@ -1,20 +0,0 @@
----
-apiVersion: notification.toolkit.fluxcd.io/v1beta3
-kind: Alert
-metadata:
- labels:
- app.kubernetes.io/name: flux-config
- kustomize.toolkit.fluxcd.io/name: flux-config
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: github
- namespace: flux-system
-spec:
- eventSeverity: info
- eventSources:
- - kind: Kustomization
- name: '*'
- - kind: HelmRelease
- name: '*'
- providerRef:
- name: github
-
--- kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config ExternalSecret: flux-system/github-token
+++ kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config ExternalSecret: flux-system/github-token
@@ -1,25 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- app.kubernetes.io/name: flux-config
- kustomize.toolkit.fluxcd.io/name: flux-config
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: github-token
- namespace: flux-system
-spec:
- dataFrom:
- - extract:
- key: flux
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: github-token-secret
- template:
- data:
- token: '{{ .FLUX_GITHUB_TOKEN }}'
- engineVersion: v2
-
--- kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config Provider: flux-system/github
+++ kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config Provider: flux-system/github
@@ -1,16 +0,0 @@
----
-apiVersion: notification.toolkit.fluxcd.io/v1beta3
-kind: Provider
-metadata:
- labels:
- app.kubernetes.io/name: flux-config
- kustomize.toolkit.fluxcd.io/name: flux-config
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: github
- namespace: flux-system
-spec:
- address: https://github.com/buroa/k8s-gitops
- secretRef:
- name: github-token-secret
- type: github
-
--- kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config ExternalSecret: flux-system/github-webhook-token
+++ kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config ExternalSecret: flux-system/github-webhook-token
@@ -1,25 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- app.kubernetes.io/name: flux-config
- kustomize.toolkit.fluxcd.io/name: flux-config
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: github-webhook-token
- namespace: flux-system
-spec:
- dataFrom:
- - extract:
- key: flux
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: github-webhook-token-secret
- template:
- data:
- token: '{{ .FLUX_GITHUB_WEBHOOK_TOKEN }}'
- engineVersion: v2
-
--- kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config Ingress: flux-system/flux-webhook
+++ kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config Ingress: flux-system/flux-webhook
@@ -1,26 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- annotations:
- gatus.io/status-code: '404'
- labels:
- app.kubernetes.io/name: flux-config
- kustomize.toolkit.fluxcd.io/name: flux-config
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: flux-webhook
- namespace: flux-system
-spec:
- ingressClassName: external
- rules:
- - host: flux-webhook.ktwo.io
- http:
- paths:
- - backend:
- service:
- name: webhook-receiver
- port:
- number: 80
- path: /hook/
- pathType: Prefix
-
--- kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config Receiver: flux-system/k8s-gitops
+++ kubernetes/apps/flux-system/flux/config Kustomization: flux-system/flux-config Receiver: flux-system/k8s-gitops
@@ -1,31 +0,0 @@
----
-apiVersion: notification.toolkit.fluxcd.io/v1
-kind: Receiver
-metadata:
- labels:
- app.kubernetes.io/name: flux-config
- kustomize.toolkit.fluxcd.io/name: flux-config
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: k8s-gitops
- namespace: flux-system
-spec:
- events:
- - ping
- - push
- resources:
- - apiVersion: source.toolkit.fluxcd.io/v1
- kind: GitRepository
- name: k8s-gitops
- namespace: flux-system
- - apiVersion: kustomize.toolkit.fluxcd.io/v1
- kind: Kustomization
- name: cluster
- namespace: flux-system
- - apiVersion: kustomize.toolkit.fluxcd.io/v1
- kind: Kustomization
- name: cluster-apps
- namespace: flux-system
- secretRef:
- name: github-webhook-token-secret
- type: github
-
--- kubernetes/apps/flux-system/flux-operator/app Kustomization: flux-system/flux-operator HelmRelease: flux-system/flux-operator
+++ kubernetes/apps/flux-system/flux-operator/app Kustomization: flux-system/flux-operator HelmRelease: flux-system/flux-operator
@@ -0,0 +1,32 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-operator
+ kustomize.toolkit.fluxcd.io/name: flux-operator
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-operator
+ namespace: flux-system
+spec:
+ chart:
+ spec:
+ chart: flux-operator
+ sourceRef:
+ kind: HelmRepository
+ name: controlplaneio
+ namespace: flux-system
+ version: 0.12.0
+ install:
+ remediation:
+ retries: 3
+ interval: 30m
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ strategy: rollback
+ valuesFrom:
+ - kind: ConfigMap
+ name: flux-operator-helm-values
+
--- kubernetes/apps/flux-system/flux-operator/app Kustomization: flux-system/flux-operator ConfigMap: flux-system/flux-operator-helm-values
+++ kubernetes/apps/flux-system/flux-operator/app Kustomization: flux-system/flux-operator ConfigMap: flux-system/flux-operator-helm-values
@@ -0,0 +1,16 @@
+---
+apiVersion: v1
+data:
+ values.yaml: |
+ ---
+ serviceMonitor:
+ create: true
+kind: ConfigMap
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-operator
+ kustomize.toolkit.fluxcd.io/name: flux-operator
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-operator-helm-values
+ namespace: flux-system
+
--- kubernetes/apps/flux-system/github/app Kustomization: flux-system/flux-github Alert: flux-system/alertmanager
+++ kubernetes/apps/flux-system/github/app Kustomization: flux-system/flux-github Alert: flux-system/alertmanager
@@ -0,0 +1,32 @@
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Alert
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: alertmanager
+ namespace: flux-system
+spec:
+ eventSeverity: error
+ eventSources:
+ - kind: GitRepository
+ name: '*'
+ - kind: HelmRelease
+ name: '*'
+ - kind: HelmRepository
+ name: '*'
+ - kind: Kustomization
+ name: '*'
+ - kind: OCIRepository
+ name: '*'
+ exclusionList:
+ - error.*lookup github\\.com
+ - error.*lookup raw\\.githubusercontent\\.com
+ - dial.*tcp.*timeout
+ - waiting.*socket
+ providerRef:
+ name: alertmanager
+ suspend: false
+
--- kubernetes/apps/flux-system/github/app Kustomization: flux-system/flux-github Provider: flux-system/alertmanager
+++ kubernetes/apps/flux-system/github/app Kustomization: flux-system/flux-github Provider: flux-system/alertmanager
@@ -0,0 +1,14 @@
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Provider
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: alertmanager
+ namespace: flux-system
+spec:
+ address: http://alertmanager-operated.monitoring.svc.cluster.local:9093/api/v2/alerts/
+ type: alertmanager
+
--- kubernetes/apps/flux-system/github/app Kustomization: flux-system/flux-github Alert: flux-system/github
+++ kubernetes/apps/flux-system/github/app Kustomization: flux-system/flux-github Alert: flux-system/github
@@ -0,0 +1,20 @@
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Alert
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: github
+ namespace: flux-system
+spec:
+ eventSeverity: info
+ eventSources:
+ - kind: Kustomization
+ name: '*'
+ - kind: HelmRelease
+ name: '*'
+ providerRef:
+ name: github
+
--- kubernetes/apps/flux-system/github/app Kustomization: flux-system/flux-github ExternalSecret: flux-system/github-token
+++ kubernetes/apps/flux-system/github/app Kustomization: flux-system/flux-github ExternalSecret: flux-system/github-token
@@ -0,0 +1,25 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: github-token
+ namespace: flux-system
+spec:
+ dataFrom:
+ - extract:
+ key: flux
+ secretStoreRef:
+ kind: ClusterSecretStore
+ name: onepassword-connect
+ target:
+ creationPolicy: Owner
+ name: github-token-secret
+ template:
+ data:
+ token: '{{ .FLUX_GITHUB_TOKEN }}'
+ engineVersion: v2
+
--- kubernetes/apps/flux-system/github/app Kustomization: flux-system/flux-github Provider: flux-system/github
+++ kubernetes/apps/flux-system/github/app Kustomization: flux-system/flux-github Provider: flux-system/github
@@ -0,0 +1,16 @@
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Provider
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: github
+ namespace: flux-system
+spec:
+ address: https://github.com/buroa/k8s-gitops
+ secretRef:
+ name: github-token-secret
+ type: github
+
--- kubernetes/apps/flux-system/github/app Kustomization: flux-system/flux-github ExternalSecret: flux-system/github-webhook-token
+++ kubernetes/apps/flux-system/github/app Kustomization: flux-system/flux-github ExternalSecret: flux-system/github-webhook-token
@@ -0,0 +1,25 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: github-webhook-token
+ namespace: flux-system
+spec:
+ dataFrom:
+ - extract:
+ key: flux
+ secretStoreRef:
+ kind: ClusterSecretStore
+ name: onepassword-connect
+ target:
+ creationPolicy: Owner
+ name: github-webhook-token-secret
+ template:
+ data:
+ token: '{{ .FLUX_GITHUB_WEBHOOK_TOKEN }}'
+ engineVersion: v2
+
--- kubernetes/apps/flux-system/github/app Kustomization: flux-system/flux-github Ingress: flux-system/flux-webhook
+++ kubernetes/apps/flux-system/github/app Kustomization: flux-system/flux-github Ingress: flux-system/flux-webhook
@@ -0,0 +1,26 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ annotations:
+ gatus.io/status-code: '404'
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-webhook
+ namespace: flux-system
+spec:
+ ingressClassName: external
+ rules:
+ - host: flux-webhook.ktwo.io
+ http:
+ paths:
+ - backend:
+ service:
+ name: webhook-receiver
+ port:
+ number: 80
+ path: /hook/
+ pathType: Prefix
+
--- kubernetes/apps/flux-system/github/app Kustomization: flux-system/flux-github Receiver: flux-system/k8s-gitops
+++ kubernetes/apps/flux-system/github/app Kustomization: flux-system/flux-github Receiver: flux-system/k8s-gitops
@@ -0,0 +1,31 @@
+---
+apiVersion: notification.toolkit.fluxcd.io/v1
+kind: Receiver
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: k8s-gitops
+ namespace: flux-system
+spec:
+ events:
+ - ping
+ - push
+ resources:
+ - apiVersion: source.toolkit.fluxcd.io/v1
+ kind: GitRepository
+ name: k8s-gitops
+ namespace: flux-system
+ - apiVersion: kustomize.toolkit.fluxcd.io/v1
+ kind: Kustomization
+ name: cluster
+ namespace: flux-system
+ - apiVersion: kustomize.toolkit.fluxcd.io/v1
+ kind: Kustomization
+ name: cluster-apps
+ namespace: flux-system
+ secretRef:
+ name: github-webhook-token-secret
+ type: github
+
--- kubernetes/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance HelmRelease: flux-system/flux-instance
+++ kubernetes/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance HelmRelease: flux-system/flux-instance
@@ -0,0 +1,32 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-instance
+ kustomize.toolkit.fluxcd.io/name: flux-instance
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-instance
+ namespace: flux-system
+spec:
+ chart:
+ spec:
+ chart: flux-instance
+ sourceRef:
+ kind: HelmRepository
+ name: controlplaneio
+ namespace: flux-system
+ version: 0.12.0
+ install:
+ remediation:
+ retries: 3
+ interval: 30m
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ strategy: rollback
+ valuesFrom:
+ - kind: ConfigMap
+ name: flux-instance-helm-values
+
--- kubernetes/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance PrometheusRule: flux-system/flux
+++ kubernetes/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance PrometheusRule: flux-system/flux
@@ -0,0 +1,35 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-instance
+ kustomize.toolkit.fluxcd.io/name: flux-instance
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux
+ namespace: flux-system
+spec:
+ groups:
+ - name: flux.rules
+ rules:
+ - alert: FluxComponentAbsent
+ annotations:
+ summary: Flux component has disappeared from Prometheus target discovery.
+ expr: |
+ absent(up{job=~".*flux-system.*"} == 1)
+ for: 15m
+ labels:
+ severity: critical
+ - alert: FluxReconciliationFailure
+ annotations:
+ summary: '{{ $labels.kind }} {{ $labels.namespace }}/{{ $labels.name }} reconciliation
+ has been failing for more than 15 minutes.'
+ expr: |
+ max(gotk_reconcile_condition{status="False",type="Ready"}) by (namespace, name, kind)
+ +
+ on(namespace, name, kind) (max(gotk_reconcile_condition{status="Deleted"})
+ by (namespace, name, kind)) * 2 == 1
+ for: 15m
+ labels:
+ severity: critical
+
--- kubernetes/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance ConfigMap: flux-system/flux-instance-helm-values
+++ kubernetes/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance ConfigMap: flux-system/flux-instance-helm-values
@@ -0,0 +1,104 @@
+---
+apiVersion: v1
+data:
+ values.yaml: |
+ ---
+ instance:
+ cluster:
+ networkPolicy: false
+ components:
+ - source-controller
+ - kustomize-controller
+ - helm-controller
+ - notification-controller
+ sync:
+ kind: GitRepository
+ name: k8s-gitops
+ url: ssh://git@github.com/buroa/k8s-gitops
+ ref: refs/heads/master
+ path: kubernetes/flux
+ pullSecret: github-deploy-key
+ kustomize:
+ patches:
+ # Increase the number of workers and limits
+ # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --concurrent=10
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --requeue-dependency=5s
+ target:
+ kind: Deployment
+ name: (kustomize-controller|helm-controller|source-controller)
+ - patch: |
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ name: all
+ spec:
+ template:
+ spec:
+ containers:
+ - name: manager
+ resources:
+ limits:
+ memory: 2Gi
+ target:
+ kind: Deployment
+ name: (kustomize-controller|helm-controller|source-controller)
+ # Enable in-memory kustomize builds
+ # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-in-memory-kustomize-builds
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --concurrent=20
+ - op: replace
+ path: /spec/template/spec/volumes/0
+ value:
+ name: temp
+ emptyDir:
+ medium: Memory
+ target:
+ kind: Deployment
+ name: kustomize-controller
+ # Enable Helm repositories caching
+ # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-helm-repositories-caching
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --helm-cache-max-size=10
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --helm-cache-ttl=60m
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --helm-cache-purge-interval=5m
+ target:
+ kind: Deployment
+ name: source-controller
+ # Flux near OOM detection for Helm
+ # Ref: https://fluxcd.io/flux/installation/configuration/helm-oom-detection/
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --feature-gates=OOMWatch=true
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --oom-watch-memory-threshold=95
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --oom-watch-interval=500ms
+ target:
+ kind: Deployment
+ name: helm-controller
+kind: ConfigMap
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-instance
+ kustomize.toolkit.fluxcd.io/name: flux-instance
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-instance-helm-values
+ namespace: flux-system
+ |
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/helm-controller
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/helm-controller
@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/component: helm-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- name: helm-controller
-
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/kustomize-controller
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/kustomize-controller
@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/component: kustomize-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- name: kustomize-controller
-
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/notification-controller
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/notification-controller
@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/component: notification-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- name: notification-controller
-
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/source-controller
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/source-controller
@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/component: source-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- name: source-controller
-
--- HelmRelease: flux-system/flux ClusterRole: flux-system/flux-edit
+++ HelmRelease: flux-system/flux ClusterRole: flux-system/flux-edit
@@ -1,24 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: flux-edit
- labels:
- rbac.authorization.k8s.io/aggregate-to-edit: 'true'
- rbac.authorization.k8s.io/aggregate-to-admin: 'true'
-rules:
-- apiGroups:
- - notification.toolkit.fluxcd.io
- - source.toolkit.fluxcd.io
- - helm.toolkit.fluxcd.io
- - image.toolkit.fluxcd.io
- - kustomize.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - create
- - delete
- - deletecollection
- - patch
- - update
-
--- HelmRelease: flux-system/flux ClusterRole: flux-system/flux-view
+++ HelmRelease: flux-system/flux ClusterRole: flux-system/flux-view
@@ -1,23 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: flux-view
- labels:
- rbac.authorization.k8s.io/aggregate-to-admin: 'true'
- rbac.authorization.k8s.io/aggregate-to-edit: 'true'
- rbac.authorization.k8s.io/aggregate-to-view: 'true'
-rules:
-- apiGroups:
- - notification.toolkit.fluxcd.io
- - source.toolkit.fluxcd.io
- - helm.toolkit.fluxcd.io
- - image.toolkit.fluxcd.io
- - kustomize.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - get
- - list
- - watch
-
--- HelmRelease: flux-system/flux ClusterRole: flux-system/crd-controller
+++ HelmRelease: flux-system/flux ClusterRole: flux-system/crd-controller
@@ -1,91 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: crd-controller
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
-rules:
-- apiGroups:
- - source.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - kustomize.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - helm.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - notification.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - image.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - ''
- resources:
- - namespaces
- - secrets
- - configmaps
- - serviceaccounts
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ''
- resources:
- - events
- verbs:
- - create
- - patch
-- apiGroups:
- - ''
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - ''
- resources:
- - configmaps/status
- verbs:
- - get
- - update
- - patch
-- apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-
--- HelmRelease: flux-system/flux ClusterRoleBinding: flux-system/cluster-reconciler
+++ HelmRelease: flux-system/flux ClusterRoleBinding: flux-system/cluster-reconciler
@@ -1,21 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- name: cluster-reconciler
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
-- kind: ServiceAccount
- name: kustomize-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: helm-controller
- namespace: flux-system
-
--- HelmRelease: flux-system/flux ClusterRoleBinding: flux-system/crd-controller
+++ HelmRelease: flux-system/flux ClusterRoleBinding: flux-system/crd-controller
@@ -1,33 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: crd-controller
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: crd-controller
-subjects:
-- kind: ServiceAccount
- name: kustomize-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: helm-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: source-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: notification-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: image-reflector-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: image-automation-controller
- namespace: flux-system
-
--- HelmRelease: flux-system/flux Service: flux-system/notification-controller
+++ HelmRelease: flux-system/flux Service: flux-system/notification-controller
@@ -1,20 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- control-plane: controller
- name: notification-controller
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: notification-controller
- type: ClusterIP
-
--- HelmRelease: flux-system/flux Service: flux-system/webhook-receiver
+++ HelmRelease: flux-system/flux Service: flux-system/webhook-receiver
@@ -1,20 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- control-plane: controller
- name: webhook-receiver
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: 9292
- selector:
- app: notification-controller
- type: ClusterIP
-
--- HelmRelease: flux-system/flux Service: flux-system/source-controller
+++ HelmRelease: flux-system/flux Service: flux-system/source-controller
@@ -1,20 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- control-plane: controller
- name: source-controller
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: source-controller
- type: ClusterIP
-
--- HelmRelease: flux-system/flux Deployment: flux-system/helm-controller
+++ HelmRelease: flux-system/flux Deployment: flux-system/helm-controller
@@ -1,83 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/component: helm-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- control-plane: controller
- name: helm-controller
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: helm-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: '8080'
- prometheus.io/scrape: 'true'
- labels:
- app: helm-controller
- spec:
- automountServiceAccountToken: true
- containers:
- - args:
- - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- - --concurrent=10
- - --requeue-dependency=5s
- - --feature-gates=OOMWatch=true
- - --oom-watch-memory-threshold=95
- - --oom-watch-interval=500ms
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/helm-controller:v1.1.0
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- serviceAccountName: helm-controller
- terminationGracePeriodSeconds: 600
- volumes:
- - emptyDir: {}
- name: temp
-
--- HelmRelease: flux-system/flux Deployment: flux-system/kustomize-controller
+++ HelmRelease: flux-system/flux Deployment: flux-system/kustomize-controller
@@ -1,82 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/component: kustomize-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- control-plane: controller
- name: kustomize-controller
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: kustomize-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: '8080'
- prometheus.io/scrape: 'true'
- labels:
- app: kustomize-controller
- spec:
- automountServiceAccountToken: true
- containers:
- - args:
- - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- - --concurrent=10
- - --requeue-dependency=5s
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/kustomize-controller:v1.4.0
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- securityContext:
- fsGroup: 1337
- serviceAccountName: kustomize-controller
- terminationGracePeriodSeconds: 60
- volumes:
- - emptyDir: {}
- name: temp
-
--- HelmRelease: flux-system/flux Deployment: flux-system/notification-controller
+++ HelmRelease: flux-system/flux Deployment: flux-system/notification-controller
@@ -1,84 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/component: notification-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- control-plane: controller
- name: notification-controller
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: notification-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: '8080'
- prometheus.io/scrape: 'true'
- labels:
- app: notification-controller
- spec:
- automountServiceAccountToken: true
- containers:
- - args:
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/notification-controller:v1.4.0
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9090
- name: http
- protocol: TCP
- - containerPort: 9292
- name: http-webhook
- protocol: TCP
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- serviceAccountName: notification-controller
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: temp
-
--- HelmRelease: flux-system/flux Deployment: flux-system/source-controller
+++ HelmRelease: flux-system/flux Deployment: flux-system/source-controller
@@ -1,97 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/component: source-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- control-plane: controller
- name: source-controller
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: source-controller
- strategy:
- type: Recreate
- template:
- metadata:
- annotations:
- prometheus.io/port: '8080'
- prometheus.io/scrape: 'true'
- labels:
- app: source-controller
- spec:
- automountServiceAccountToken: true
- containers:
- - args:
- - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- - --storage-path=/data
- - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
- - --helm-cache-max-size=10
- - --helm-cache-ttl=60m
- - --helm-cache-purge-interval=5m
- - --concurrent=10
- - --requeue-dependency=5s
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/source-controller:v1.4.1
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9090
- name: http
- protocol: TCP
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /
- port: http
- resources:
- limits:
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /data
- name: data
- - mountPath: /tmp
- name: tmp
- securityContext:
- fsGroup: 1337
- serviceAccountName: source-controller
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: data
- - emptyDir: {}
- name: tmp
-
--- HelmRelease: flux-system/flux PodMonitor: flux-system/flux
+++ HelmRelease: flux-system/flux PodMonitor: flux-system/flux
@@ -1,32 +0,0 @@
----
-apiVersion: monitoring.coreos.com/v1
-kind: PodMonitor
-metadata:
- name: flux
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
-spec:
- namespaceSelector:
- matchNames:
- - flux-system
- selector:
- matchExpressions:
- - key: app
- operator: In
- values:
- - helm-controller
- - source-controller
- - kustomize-controller
- - notification-controller
- - image-automation-controller
- - image-reflector-controller
- podMetricsEndpoints:
- - port: http-prom
- relabelings:
- - action: keep
- regex: Running
- sourceLabels:
- - __meta_kubernetes_pod_phase
-
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/flux-flux-check
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/flux-flux-check
@@ -1,14 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- name: flux-flux-check
- annotations:
- helm.sh/hook: pre-install
- helm.sh/hook-weight: '-10'
- helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-
--- HelmRelease: flux-system/flux Job: flux-system/flux-flux-check
+++ HelmRelease: flux-system/flux Job: flux-system/flux-flux-check
@@ -1,45 +0,0 @@
----
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: flux-flux-check
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- annotations:
- helm.sh/hook: pre-install
- helm.sh/hook-weight: '-5'
- helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-spec:
- backoffLimit: 1
- template:
- metadata:
- name: flux
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- spec:
- restartPolicy: Never
- serviceAccountName: flux-flux-check
- automountServiceAccountToken: true
- containers:
- - name: flux-cli
- image: ghcr.io/fluxcd/flux-cli:v2.4.0
- command:
- - /usr/local/bin/flux
- - check
- - --pre
- - --namespace
- - flux-system
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
-
--- HelmRelease: flux-system/flux-instance FluxInstance: flux-system/flux
+++ HelmRelease: flux-system/flux-instance FluxInstance: flux-system/flux
@@ -0,0 +1,100 @@
+---
+apiVersion: fluxcd.controlplane.io/v1
+kind: FluxInstance
+metadata:
+ name: flux
+ namespace: flux-system
+ labels:
+ app.kubernetes.io/name: flux-instance
+ app.kubernetes.io/instance: flux-instance
+ app.kubernetes.io/managed-by: Helm
+spec:
+ distribution:
+ version: 2.x
+ registry: ghcr.io/fluxcd
+ artifact: oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests:latest
+ components:
+ - source-controller
+ - kustomize-controller
+ - helm-controller
+ - notification-controller
+ cluster:
+ domain: cluster.local
+ multitenant: false
+ networkPolicy: false
+ tenantDefaultServiceAccount: default
+ type: kubernetes
+ kustomize:
+ patches:
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --concurrent=10
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --requeue-dependency=5s
+ target:
+ kind: Deployment
+ name: (kustomize-controller|helm-controller|source-controller)
+ - patch: |
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ name: all
+ spec:
+ template:
+ spec:
+ containers:
+ - name: manager
+ resources:
+ limits:
+ memory: 2Gi
+ target:
+ kind: Deployment
+ name: (kustomize-controller|helm-controller|source-controller)
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --concurrent=20
+ - op: replace
+ path: /spec/template/spec/volumes/0
+ value:
+ name: temp
+ emptyDir:
+ medium: Memory
+ target:
+ kind: Deployment
+ name: kustomize-controller
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --helm-cache-max-size=10
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --helm-cache-ttl=60m
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --helm-cache-purge-interval=5m
+ target:
+ kind: Deployment
+ name: source-controller
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --feature-gates=OOMWatch=true
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --oom-watch-memory-threshold=95
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --oom-watch-interval=500ms
+ target:
+ kind: Deployment
+ name: helm-controller
+ sync:
+ kind: GitRepository
+ url: ssh://git@github.com/buroa/k8s-gitops
+ ref: refs/heads/master
+ path: kubernetes/flux
+ pullSecret: github-deploy-key
+
--- HelmRelease: flux-system/flux-operator ServiceAccount: flux-system/flux-operator
+++ HelmRelease: flux-system/flux-operator ServiceAccount: flux-system/flux-operator
@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: flux-operator
+ namespace: flux-system
+ labels:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+ app.kubernetes.io/managed-by: Helm
+automountServiceAccountToken: true
+
--- HelmRelease: flux-system/flux-operator ClusterRoleBinding: flux-system/flux-operator
+++ HelmRelease: flux-system/flux-operator ClusterRoleBinding: flux-system/flux-operator
@@ -0,0 +1,18 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: flux-operator
+ labels:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+ app.kubernetes.io/managed-by: Helm
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+- kind: ServiceAccount
+ name: flux-operator
+ namespace: flux-system
+
--- HelmRelease: flux-system/flux-operator Service: flux-system/flux-operator
+++ HelmRelease: flux-system/flux-operator Service: flux-system/flux-operator
@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: flux-operator
+ namespace: flux-system
+ labels:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+ app.kubernetes.io/managed-by: Helm
+spec:
+ ports:
+ - port: 8080
+ targetPort: http-metrics
+ protocol: TCP
+ name: http
+ selector:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+
--- HelmRelease: flux-system/flux-operator Deployment: flux-system/flux-operator
+++ HelmRelease: flux-system/flux-operator Deployment: flux-system/flux-operator
@@ -0,0 +1,89 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: flux-operator
+ namespace: flux-system
+ labels:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+ app.kubernetes.io/managed-by: Helm
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+ template:
+ metadata:
+ annotations:
+ prometheus.io/scrape: 'true'
+ prometheus.io/port: '8080'
+ prometheus.io/path: /metrics
+ labels:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+ app.kubernetes.io/managed-by: Helm
+ spec:
+ serviceAccountName: flux-operator
+ containers:
+ - name: manager
+ args:
+ - --log-level=info
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ image: ghcr.io/controlplaneio-fluxcd/flux-operator:v0.12.0
+ imagePullPolicy: IfNotPresent
+ ports:
+ - name: http-metrics
+ containerPort: 8080
+ protocol: TCP
+ - name: http
+ containerPort: 8081
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8081
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ volumeMounts:
+ - name: temp
+ mountPath: /tmp
+ volumes:
+ - name: temp
+ emptyDir: {}
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/os
+ operator: In
+ values:
+ - linux
+
--- HelmRelease: flux-system/flux-operator ServiceMonitor: flux-system/flux-operator
+++ HelmRelease: flux-system/flux-operator ServiceMonitor: flux-system/flux-operator
@@ -0,0 +1,24 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: flux-operator
+ namespace: flux-system
+ labels:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+ app.kubernetes.io/managed-by: Helm
+spec:
+ namespaceSelector:
+ matchNames:
+ - flux-system
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+ endpoints:
+ - targetPort: 8080
+ path: /metrics
+ interval: 60s
+ scrapeTimeout: 30s
+ |
buroa
force-pushed
the
buroa/flux-thic
branch
2 times, most recently
from
abe4bd3 to
50505b6
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.