Dreaded_X/flux-infra
1
0
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases Wiki Activity

Restructured infra
All checks were successful
kustomization/cert-manager/3a682516 reconciliation succeeded
kustomization/akri/3a682516 reconciliation succeeded
kustomization/kyverno/3a682516 reconciliation succeeded
kustomization/node-feature-discovery/3a682516 reconciliation succeeded
kustomization/node-feature-discovery-rules/3a682516 reconciliation succeeded
kustomization/velero/3a682516 reconciliation succeeded
kustomization/flux-system/3a682516 reconciliation succeeded
kustomization/letsencrypt/3a682516 reconciliation succeeded
kustomization/topolvm/3a682516 reconciliation succeeded
kustomization/kyverno-policies/3a682516 reconciliation succeeded
kustomization/kube-vip/3a682516 reconciliation succeeded
kustomization/traefik/3a682516 reconciliation succeeded
kustomization/cnpg/3a682516 reconciliation succeeded
kustomization/traefik-middleware/3a682516 reconciliation succeeded
kustomization/lldap/3a682516 reconciliation succeeded
kustomization/authelia/3a682516 reconciliation succeeded
kustomization/apps/3a682516 reconciliation succeeded
kustomization/rook-ceph/3a682516 reconciliation succeeded
kustomization/rook-ceph-cluster/3a682516 reconciliation succeeded

Browse Source
This commit is contained in:
Dreaded_X
2025-04-24 11:38:30 +02:00
parent 6cbd2fca75
commit 5a027ea7e0
118 changed files with 226 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
infra/cert-manager/cert-manager.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cert-manager
namespace: flux-system
labels:
alert: flux-infra
spec:
interval: 15m
path: ./infra/cert-manager/cert-manager
prune: true
timeout: 2m
sourceRef:
kind: GitRepository
name: flux-system
wait: true

0
infra/cert-manager/helm-release.yaml → infra/cert-manager/cert-manager/helm-release.yaml
View File

0
infra/cert-manager/helm-repository.yaml → infra/cert-manager/cert-manager/helm-repository.yaml
View File

15
infra/cert-manager/cert-manager/kustomization.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cert-manager
resources:
- ./namespace.yaml
- ./helm-repository.yaml
- ./helm-release.yaml
configurations:
- ../../../common/name-reference/helm-release.yaml
configMapGenerator:
- name: cert-manager-values
files:
- ./values.yaml

0
infra/cert-manager/namespace.yaml → infra/cert-manager/cert-manager/namespace.yaml
View File

0
infra/cert-manager/values.yaml → infra/cert-manager/cert-manager/values.yaml
View File

14
infra/cert-manager/kustomization.yaml
View File

@@ -1,15 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cert-manager
resources:
- ./namespace.yaml
- ./helm-repository.yaml
- ./helm-release.yaml
configurations:
- ../../common/name-reference/helm-release.yaml
configMapGenerator:
- name: cert-manager-values
files:
- ./values.yaml
- ./cert-manager.yaml
- ./letsencrypt.yaml

22
infra/cert-manager/letsencrypt.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: letsencrypt
namespace: flux-system
labels:
alert: flux-infra
spec:
interval: 15m
path: ./infra/cert-manager/letsencrypt
dependsOn:
- name: cert-manager
prune: true
timeout: 10m
sourceRef:
kind: GitRepository
name: flux-system
wait: true
decryption:
provider: sops
secretRef:
name: sops-gpg

14
infra/cert-manager/letsencrypt/certificate-huizinga-dev.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: huizinga-dev
namespace: letsencrypt
spec:
secretName: huizinga-dev-tls
issuerRef:
name: letsencrypt
kind: ClusterIssuer
commonName: "huizinga.dev"
dnsNames:
- "huizinga.dev"
- "*.huizinga.dev"

14
infra/cert-manager/letsencrypt/certificate-staging-huizinga-dev.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: staging-huizinga-dev
namespace: letsencrypt
spec:
secretName: staging-huizinga-dev-tls
issuerRef:
name: letsencrypt
kind: ClusterIssuer
commonName: "staging.huizinga.dev"
dnsNames:
- "staging.huizinga.dev"
- "*.staging.huizinga.dev"

17
infra/cert-manager/letsencrypt/cluster-issuer.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: tim.huizinga@gmail.com
privateKeySecretRef:
name: letsencrypt
solvers:
- dns01:
cloudflare:
email: tim.huizinga@gmail.com
apiTokenSecretRef:
name: cloudflare-token
key: token

8
infra/cert-manager/letsencrypt/kustomization.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
- ./secret-cloudflare-token.yaml
- ./cluster-issuer.yaml
- ./certificate-staging-huizinga-dev.yaml
- ./certificate-huizinga-dev.yaml

4
infra/cert-manager/letsencrypt/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: letsencrypt

60
infra/cert-manager/letsencrypt/secret-cloudflare-token.yaml Normal file
View File

@@ -0,0 +1,60 @@
apiVersion: v1
kind: Secret
metadata:
name: cloudflare-token
namespace: cert-manager
type: Opaque
stringData:
token: ENC[AES256_GCM,data:1QSjQJrky3AOQv9Bf8ifvfgeYCh3DvPtCWNLKEY/eEpzPsJKD7MYwQ==,iv:MbWKNj13K25TiP1MPfJMaM1P3Qpy3TE+dWnbF5Gpr3Y=,tag:IMRRhh2nwT40rjVDAgBhrw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2025-02-15T21:32:18Z"
mac: ENC[AES256_GCM,data:hYqyrhnrwpvEcJGMIfjSpbIvQ3NHukCDhRB2Zf7vifKYqQyd0hSmh6aeDPdARwdoiybQIuW6pa3SXOY4V1LgOYx6U36HOsDBe5ENQyXV0z5RID+H/nfZmcqj2pfRE8zpfAUhpcilCT8TMJpJSlaAh5kFl/6Z1feekVJLkxPYg30=,iv:FpZ8rDrvNACc+mgR6JNXmTNFXJt6es896n4xkLKzN/s=,tag:JW/OZHNBD+MEiRnhih1/fg==,type:str]
pgp:
- created_at: "2024-09-26T22:20:01Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA7pKPTYH5bqOARAAl2y4yZJGsWORJ5jd2CopSW6yx8IsHqLKq3khYxHkPamu
gjItOM/Gqep1QCJr4kxTkO7P0MaYi7ZGinuhishYu4xy1mom8WzJs/rA2cjW1UbF
m8GoUGypaPtSsR1nQufgrO6JbIch3Tr498wBD7SvXIWTFpooalcERvVB3F4T4CeT
gXIk+vSjvXkCmx4jgAVhpj249HQOk9nyX35UzcjaSOzYm9/vfs3vFRq8FXNRkGff
+Ui/os4xTB4GiLgnvQ7t8FYTqvDfMVwgKI6VkOplpnP50mmTdKYRVe79Awvq1+/V
UkkSHxmw5Zqj7nv8MoKIlYk2g+14NLz57i4zs2vK3cNqDAqezub7r/LRDcm5Haqp
ZmI8B6VUNhveI7hKjm8ssMlOz6x3s7hvex6e+AWRqvbknusXXCiI9dhL73TXXmeZ
yceIlg5T67PY2ysbpfuToyg6ihbkMo0bM1m/lQpA94yRx6EKO75AHvBaGxgDggSr
Q8/DM3J729yqjHvXLL+2YGXVlRSpMlWb+AYi4YLmB/rsT2wBlPWE7m0c3/xQA3ld
5b/CW/2JOfXlwnooXEMFICr9ExFeiOv4RTnNahOTVscnIsi5jSlYPkhWwKm6ughy
oahJRi6wb6sJrleoPKRea+Pwh2qdEaQE/nFeBZeMMZxyLySQmkWoXJET7HQR3szU
aAEJAhBFZF84NkBuqmo+A7z055hz1tEJSnjO6eZ/+jvX9pPkrAv/CqW9C8UeG3vt
a6/XjnRVr38ZKAtNt3ebFwjzKZDLVyrANycnEp1PV7Pc8QvltJ88VS/wmWSP9Hj0
BA11vpb7XvkU
=XmSy
-----END PGP MESSAGE-----
fp: 1E0CF38FF7C9ADAED58B436ABA4A3D3607E5BA8E
- created_at: "2024-09-26T22:20:01Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA51kG++kLewoAQ/+M1BLbAVU8kVgx/atZnWwjZtjukEc8vOFw4n9tscq0Dm3
UzoOpbM1kaq5Hq8+e1mVFXMWLYgHnKjeSwBSiRCmZgFfvzPK63E5c6ZorKniTneZ
T7BJwxmtEF8JG+N9O2SHmto4cWZcrHvmWS5jJ5ybUFlMiFp6z7fPBuOzhKvTMBsc
IFHBBF0eMANUGwlpXuYJMTUECnFjvIxu/UXPMVBZ1HWHbIewYTRWXPQXeDxlJyk6
YgtGChBZ8KRYNqX1kBi5AyIdjWA9+wrMtTVTghC+1eBTOm8TsmN280KBmB512li1
HgexbmQkgItlJwyOV/7MTo19yzve72yYlqoIv3BSrwYfr0NDaQM0mhLAwcHC2R1R
IAOzajlHtgbr3XBW0BxWMC4Ch23CatZE4WJlu/CJ07+aMCsSV4L+da7wopt0A9dx
og0aPjUGq3MFmSet0kJKLJHS1JBSjf0LVnQjB5A451Wmndpoc2gZSpNtM4I2e2+7
xe6RUB6oYjRyB0t771UMQ3sQrSN3cn2c8yuijLep837yvNqpRBR4bbc2XJdZIOMw
sKEGIAMyJjCagQJa4c2YY0fksVSnhnYzjklfsx+PAvsW9EiWo26Vldp4zHYsVALD
7yKAWGupRTTB2mTXg9wvoKRkOY8A3Lb9aG+xnrf967nJt9nCV9hPXs959dVw9+jS
XgFCzdWtznuFA5wPJA3ko6lqLnE1HCIdgAo5ovQ4y3K9jkoVJsS2ADAnEy9Ac2uk
uds32S29PQ9o+ReAIQKvTzFNmKSLbcsK/z6rGLh0WdqmqWg6kVidWvktDQHY86E=
=cW8j
-----END PGP MESSAGE-----
fp: 49F10679C425233EFB4B1B6F9D641BEFA42DEC28
encrypted_regex: ^(data|stringData)$
version: 3.9.1