diff --git a/clusters/titan.lan.huizinga.dev/.sops.yaml b/.sops.yaml similarity index 100% rename from clusters/titan.lan.huizinga.dev/.sops.yaml rename to .sops.yaml diff --git a/clusters/titan.lan.huizinga.dev/cert-manager/certificates/kustomization.yaml b/apps/kustomization.yaml similarity index 59% rename from clusters/titan.lan.huizinga.dev/cert-manager/certificates/kustomization.yaml rename to apps/kustomization.yaml index 82101ec..a4d0690 100644 --- a/clusters/titan.lan.huizinga.dev/cert-manager/certificates/kustomization.yaml +++ b/apps/kustomization.yaml @@ -1,5 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - huizinga-dev-staging.yaml - - huizinga-dev.yaml + - ./traefik-dashboard + - ./whoami.yaml diff --git a/clusters/titan.lan.huizinga.dev/traefik/dashboard/ingress.yaml b/apps/traefik-dashboard/ingress.yaml similarity index 100% rename from clusters/titan.lan.huizinga.dev/traefik/dashboard/ingress.yaml rename to apps/traefik-dashboard/ingress.yaml diff --git a/clusters/titan.lan.huizinga.dev/traefik/dashboard/kustomization.yaml b/apps/traefik-dashboard/kustomization.yaml similarity index 100% rename from clusters/titan.lan.huizinga.dev/traefik/dashboard/kustomization.yaml rename to apps/traefik-dashboard/kustomization.yaml diff --git a/clusters/titan.lan.huizinga.dev/traefik/dashboard/middleware.yaml b/apps/traefik-dashboard/middleware.yaml similarity index 100% rename from clusters/titan.lan.huizinga.dev/traefik/dashboard/middleware.yaml rename to apps/traefik-dashboard/middleware.yaml diff --git a/clusters/titan.lan.huizinga.dev/traefik/dashboard/secret.yaml b/apps/traefik-dashboard/secret.yaml similarity index 100% rename from clusters/titan.lan.huizinga.dev/traefik/dashboard/secret.yaml rename to apps/traefik-dashboard/secret.yaml diff --git a/clusters/titan.lan.huizinga.dev/whoami/whoami.yaml b/apps/whoami.yaml similarity index 97% rename from clusters/titan.lan.huizinga.dev/whoami/whoami.yaml rename to apps/whoami.yaml index bc72ac3..7ddee90 100644 --- a/clusters/titan.lan.huizinga.dev/whoami/whoami.yaml +++ b/apps/whoami.yaml @@ -41,7 +41,7 @@ spec: apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: - name: whoami-dashboard + name: whoami namespace: default annotations: kubernetes.io/ingress.class: traefik-external diff --git a/clusters/titan.lan.huizinga.dev/akri/helmrepo.yaml b/clusters/titan.lan.huizinga.dev/akri/helmrepo.yaml deleted file mode 100644 index 3ef2114..0000000 --- a/clusters/titan.lan.huizinga.dev/akri/helmrepo.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: akri - namespace: akri -spec: - interval: 1m0s - url: https://project-akri.github.io/akri/ diff --git a/clusters/titan.lan.huizinga.dev/akri/namespace.yaml b/clusters/titan.lan.huizinga.dev/akri/namespace.yaml deleted file mode 100644 index 32abcbf..0000000 --- a/clusters/titan.lan.huizinga.dev/akri/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: akri diff --git a/clusters/titan.lan.huizinga.dev/apps.yaml b/clusters/titan.lan.huizinga.dev/apps.yaml new file mode 100644 index 0000000..17b1803 --- /dev/null +++ b/clusters/titan.lan.huizinga.dev/apps.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: apps + namespace: flux-system +spec: + dependsOn: + - name: infra-configs + decryption: + provider: sops + secretRef: + name: sops-gpg + interval: 10m + timeout: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./apps + prune: true + wait: true diff --git a/clusters/titan.lan.huizinga.dev/cert-manager/certificates/huizinga-dev-staging.yaml b/clusters/titan.lan.huizinga.dev/cert-manager/certificates/huizinga-dev-staging.yaml deleted file mode 100644 index 40ac49b..0000000 --- a/clusters/titan.lan.huizinga.dev/cert-manager/certificates/huizinga-dev-staging.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: huizinga-dev-staging - namespace: default -spec: - secretName: huizinga-dev-staging-tls - issuerRef: - name: letsencrypt-staging - kind: ClusterIssuer - commonName: "*.huizinga.dev" - dnsNames: - - "huizinga.dev" - - "*.huizinga.dev" diff --git a/clusters/titan.lan.huizinga.dev/cert-manager/helmrepo.yaml b/clusters/titan.lan.huizinga.dev/cert-manager/helmrepo.yaml deleted file mode 100644 index 8be1e6f..0000000 --- a/clusters/titan.lan.huizinga.dev/cert-manager/helmrepo.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: jetstack - namespace: cert-manager -spec: - interval: 1m0s - url: https://charts.jetstack.io diff --git a/clusters/titan.lan.huizinga.dev/cert-manager/issuers/kustomization.yaml b/clusters/titan.lan.huizinga.dev/cert-manager/issuers/kustomization.yaml deleted file mode 100644 index d25b32d..0000000 --- a/clusters/titan.lan.huizinga.dev/cert-manager/issuers/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - secret.yaml - - letsencrypt-staging.yaml - - letsencrypt-production.yaml diff --git a/clusters/titan.lan.huizinga.dev/cert-manager/issuers/letsencrypt-staging.yaml b/clusters/titan.lan.huizinga.dev/cert-manager/issuers/letsencrypt-staging.yaml deleted file mode 100644 index 1aa0d05..0000000 --- a/clusters/titan.lan.huizinga.dev/cert-manager/issuers/letsencrypt-staging.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: tim.huizinga@gmail.com - privateKeySecretRef: - name: letsencrypt-staging - solvers: - - dns01: - cloudflare: - email: tim.huizinga@gmail.com - apiTokenSecretRef: - name: cloudflare-token-secret - key: cloudflare-token diff --git a/clusters/titan.lan.huizinga.dev/cert-manager/kustomization.yaml b/clusters/titan.lan.huizinga.dev/cert-manager/kustomization.yaml deleted file mode 100644 index 9169de6..0000000 --- a/clusters/titan.lan.huizinga.dev/cert-manager/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - namespace.yaml - - helmrepo.yaml - - cert-manager.yaml - - issuers - - certificates diff --git a/clusters/titan.lan.huizinga.dev/cert-manager/namespace.yaml b/clusters/titan.lan.huizinga.dev/cert-manager/namespace.yaml deleted file mode 100644 index c90416f..0000000 --- a/clusters/titan.lan.huizinga.dev/cert-manager/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cert-manager diff --git a/clusters/titan.lan.huizinga.dev/infrastructure.yaml b/clusters/titan.lan.huizinga.dev/infrastructure.yaml new file mode 100644 index 0000000..c010256 --- /dev/null +++ b/clusters/titan.lan.huizinga.dev/infrastructure.yaml @@ -0,0 +1,48 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: infra-controllers + namespace: flux-system +spec: + interval: 1h + retryInterval: 1m + timeout: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./infrastructure/controllers + prune: true + wait: true + patches: + - patch: | + - op: add + path: /spec/values + value: + service: + spec: + loadBalancerIP: 10.0.0.210 + target: + kind: HelmRelease + name: traefik + namespace: traefik +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: infra-configs + namespace: flux-system +spec: + dependsOn: + - name: infra-controllers + decryption: + provider: sops + secretRef: + name: sops-gpg + interval: 1h + retryInterval: 1m + timeout: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./infrastructure/configs + prune: true diff --git a/clusters/titan.lan.huizinga.dev/kube-system/kube-vip.app.yaml b/clusters/titan.lan.huizinga.dev/kube-vip/kube-vip.app.yaml similarity index 100% rename from clusters/titan.lan.huizinga.dev/kube-system/kube-vip.app.yaml rename to clusters/titan.lan.huizinga.dev/kube-vip/kube-vip.app.yaml diff --git a/clusters/titan.lan.huizinga.dev/kube-system/kube-vip.config.yaml b/clusters/titan.lan.huizinga.dev/kube-vip/kube-vip.config.yaml similarity index 100% rename from clusters/titan.lan.huizinga.dev/kube-system/kube-vip.config.yaml rename to clusters/titan.lan.huizinga.dev/kube-vip/kube-vip.config.yaml diff --git a/clusters/titan.lan.huizinga.dev/kube-system/kube-vip.rbac.yaml b/clusters/titan.lan.huizinga.dev/kube-vip/kube-vip.rbac.yaml similarity index 100% rename from clusters/titan.lan.huizinga.dev/kube-system/kube-vip.rbac.yaml rename to clusters/titan.lan.huizinga.dev/kube-vip/kube-vip.rbac.yaml diff --git a/clusters/titan.lan.huizinga.dev/kube-system/kustomization.yaml b/clusters/titan.lan.huizinga.dev/kube-vip/kustomization.yaml similarity index 100% rename from clusters/titan.lan.huizinga.dev/kube-system/kustomization.yaml rename to clusters/titan.lan.huizinga.dev/kube-vip/kustomization.yaml diff --git a/clusters/titan.lan.huizinga.dev/traefik/helmrepo.yaml b/clusters/titan.lan.huizinga.dev/traefik/helmrepo.yaml deleted file mode 100644 index c292d22..0000000 --- a/clusters/titan.lan.huizinga.dev/traefik/helmrepo.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: traefik - namespace: traefik -spec: - interval: 1m0s - url: https://traefik.github.io/charts diff --git a/clusters/titan.lan.huizinga.dev/traefik/kustomization.yaml b/clusters/titan.lan.huizinga.dev/traefik/kustomization.yaml deleted file mode 100644 index a12dfb9..0000000 --- a/clusters/titan.lan.huizinga.dev/traefik/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - namespace.yaml - - helmrepo.yaml - - traefik.yaml - - default-headers.yaml - - dashboard diff --git a/clusters/titan.lan.huizinga.dev/traefik/namespace.yaml b/clusters/titan.lan.huizinga.dev/traefik/namespace.yaml deleted file mode 100644 index c088a91..0000000 --- a/clusters/titan.lan.huizinga.dev/traefik/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: traefik diff --git a/clusters/titan.lan.huizinga.dev/akri/devices/pico-debugger.yaml b/infrastructure/configs/akri-devices.yaml similarity index 100% rename from clusters/titan.lan.huizinga.dev/akri/devices/pico-debugger.yaml rename to infrastructure/configs/akri-devices.yaml diff --git a/clusters/titan.lan.huizinga.dev/cert-manager/certificates/huizinga-dev.yaml b/infrastructure/configs/certificates.yaml similarity index 88% rename from clusters/titan.lan.huizinga.dev/cert-manager/certificates/huizinga-dev.yaml rename to infrastructure/configs/certificates.yaml index 35f417d..df44ac1 100644 --- a/clusters/titan.lan.huizinga.dev/cert-manager/certificates/huizinga-dev.yaml +++ b/infrastructure/configs/certificates.yaml @@ -6,7 +6,7 @@ metadata: spec: secretName: huizinga-dev-tls issuerRef: - name: letsencrypt-production + name: letsencrypt kind: ClusterIssuer commonName: "*.huizinga.dev" dnsNames: diff --git a/clusters/titan.lan.huizinga.dev/cert-manager/issuers/letsencrypt-production.yaml b/infrastructure/configs/cluster-issuers.yaml similarity index 85% rename from clusters/titan.lan.huizinga.dev/cert-manager/issuers/letsencrypt-production.yaml rename to infrastructure/configs/cluster-issuers.yaml index d25dd75..63619cb 100644 --- a/clusters/titan.lan.huizinga.dev/cert-manager/issuers/letsencrypt-production.yaml +++ b/infrastructure/configs/cluster-issuers.yaml @@ -1,13 +1,13 @@ apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: - name: letsencrypt-production + name: letsencrypt spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: tim.huizinga@gmail.com privateKeySecretRef: - name: letsencrypt-production + name: letsencrypt solvers: - dns01: cloudflare: diff --git a/infrastructure/configs/kustomization.yaml b/infrastructure/configs/kustomization.yaml new file mode 100644 index 0000000..c83577e --- /dev/null +++ b/infrastructure/configs/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./secrets/ + - ./cluster-issuers.yaml + - ./certificates.yaml + - ./middleware.yaml + + - ./akri-devices.yaml diff --git a/clusters/titan.lan.huizinga.dev/traefik/default-headers.yaml b/infrastructure/configs/middleware.yaml similarity index 100% rename from clusters/titan.lan.huizinga.dev/traefik/default-headers.yaml rename to infrastructure/configs/middleware.yaml diff --git a/clusters/titan.lan.huizinga.dev/cert-manager/issuers/secret.yaml b/infrastructure/configs/secrets/cloudflare-token.yaml similarity index 89% rename from clusters/titan.lan.huizinga.dev/cert-manager/issuers/secret.yaml rename to infrastructure/configs/secrets/cloudflare-token.yaml index 2beee27..e2243e6 100644 --- a/clusters/titan.lan.huizinga.dev/cert-manager/issuers/secret.yaml +++ b/infrastructure/configs/secrets/cloudflare-token.yaml @@ -12,8 +12,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-09-26T22:20:01Z" - mac: ENC[AES256_GCM,data:Xi30AdWVf8lNwJIMTir+ejR9qO8F1lFB8u99vd6NLWAq4twvoTRQi/Vfh61CsDuYLRBd9gC9hrCLiLz2AOTFlyTRUQpUxidFuD1tFmBUFNK1QXfpq+5HbLznBx4UHh5fIFnXq4+ZlHqKjHfMRrzcDT+L4DQb+gB+k8y8mcFru3E=,iv:19aCn3H0eWwJpMGC6+MbzELkpknGGzHAtaYOBySr/fE=,tag:VI2iqwfKOeSdI5U2L2uYWw==,type:str] + lastmodified: "2024-10-02T22:31:45Z" + mac: ENC[AES256_GCM,data:ZCA+9P4ZPYKw2lN8fELxxPUqa+Q/8Jpsk4meU5hSi2i2mEZwOKRy/OPaNzp3cBxRoAqRoDA7ciLRWL4u19ENmM1C6raNqocfjx/4rEBmVQqfJukoRh8dJbnBbG8ljCuNNClSILQli4bMOul0jvMX8IGoaz6+tluuiMfx4hZ7+2s=,iv:iiHW7igx8vhWeVGgv1CP42nqOKu8hO4BrKgw6ybJsmI=,tag:DyTt6c8fGP/1Nd6DkhL2hA==,type:str] pgp: - created_at: "2024-09-26T22:20:01Z" enc: |- diff --git a/infrastructure/configs/secrets/kustomization.yaml b/infrastructure/configs/secrets/kustomization.yaml new file mode 100644 index 0000000..f71aa8a --- /dev/null +++ b/infrastructure/configs/secrets/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - cloudflare-token.yaml diff --git a/clusters/titan.lan.huizinga.dev/akri/akri.yaml b/infrastructure/controllers/akri.yaml similarity index 59% rename from clusters/titan.lan.huizinga.dev/akri/akri.yaml rename to infrastructure/controllers/akri.yaml index 87316bf..ad85913 100644 --- a/clusters/titan.lan.huizinga.dev/akri/akri.yaml +++ b/infrastructure/controllers/akri.yaml @@ -1,3 +1,17 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: akri +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: akri + namespace: akri +spec: + interval: 1m0s + url: https://project-akri.github.io/akri/ +--- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: diff --git a/clusters/titan.lan.huizinga.dev/cert-manager/cert-manager.yaml b/infrastructure/controllers/cert-manager.yaml similarity index 70% rename from clusters/titan.lan.huizinga.dev/cert-manager/cert-manager.yaml rename to infrastructure/controllers/cert-manager.yaml index 8e34b2c..1843897 100644 --- a/clusters/titan.lan.huizinga.dev/cert-manager/cert-manager.yaml +++ b/infrastructure/controllers/cert-manager.yaml @@ -1,3 +1,17 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: jetstack + namespace: cert-manager +spec: + interval: 1m0s + url: https://charts.jetstack.io +--- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: diff --git a/clusters/titan.lan.huizinga.dev/akri/kustomization.yaml b/infrastructure/controllers/kustomization.yaml similarity index 69% rename from clusters/titan.lan.huizinga.dev/akri/kustomization.yaml rename to infrastructure/controllers/kustomization.yaml index 8c60a5a..7185ae5 100644 --- a/clusters/titan.lan.huizinga.dev/akri/kustomization.yaml +++ b/infrastructure/controllers/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - namespace.yaml - - helmrepo.yaml - akri.yaml + - cert-manager.yaml + - traefik.yaml diff --git a/clusters/titan.lan.huizinga.dev/traefik/traefik.yaml b/infrastructure/controllers/traefik.yaml similarity index 78% rename from clusters/titan.lan.huizinga.dev/traefik/traefik.yaml rename to infrastructure/controllers/traefik.yaml index 9257fed..5e7b2d7 100644 --- a/clusters/titan.lan.huizinga.dev/traefik/traefik.yaml +++ b/infrastructure/controllers/traefik.yaml @@ -1,3 +1,17 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: traefik +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: traefik + namespace: traefik +spec: + interval: 1m0s + url: https://traefik.github.io/charts +--- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: @@ -34,7 +48,3 @@ spec: providers: kubernetesCRD: ingressClass: "traefik-external" - - service: - spec: - loadBalancerIP: 10.0.0.210