Dreaded_X/flux-infra
1
0
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases Wiki Activity

Reorganized repository

Browse Source
This commit is contained in:
Dreaded_X
2024-10-02 23:44:59 +02:00
parent 851223d86d
commit 8d8d52aeba
35 changed files with 133 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
infrastructure/configs/akri-devices.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: akri.sh/v0
kind: Configuration
metadata:
name: pico-debugger
namespace: akri
spec:
capacity: 1
discoveryHandler:
discoveryDetails: |
groupRecursive: true # Recommended unless using very exact udev rules
udevRules:
- ATTRS{idVendor}=="2e8a", ATTRS{idProduct}=="000c"
name: udev

14
infrastructure/configs/certificates.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: huizinga-dev
namespace: default
spec:
secretName: huizinga-dev-tls
issuerRef:
name: letsencrypt
kind: ClusterIssuer
commonName: "*.huizinga.dev"
dnsNames:
- "huizinga.dev"
- "*.huizinga.dev"

17
infrastructure/configs/cluster-issuers.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: tim.huizinga@gmail.com
privateKeySecretRef:
name: letsencrypt
solvers:
- dns01:
cloudflare:
email: tim.huizinga@gmail.com
apiTokenSecretRef:
name: cloudflare-token-secret
key: cloudflare-token

9
infrastructure/configs/kustomization.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./secrets/
- ./cluster-issuers.yaml
- ./certificates.yaml
- ./middleware.yaml
- ./akri-devices.yaml

16
infrastructure/configs/middleware.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: default-headers
namespace: default
spec:
headers:
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https

60
infrastructure/configs/secrets/cloudflare-token.yaml Normal file
View File

@@ -0,0 +1,60 @@
apiVersion: v1
kind: Secret
metadata:
name: cloudflare-token-secret
namespace: cert-manager
type: Opaque
stringData:
cloudflare-token: ENC[AES256_GCM,data:21v9+OcFvGMoIy+AxWVW55/iTC6akzvlFlH4SMCHNu60EVjomVoDFQ==,iv:zFDOQjEgTdwWT4ybapBq52kkYZCT01ANaZHrbwpcb+Y=,tag:7ZeBtDcFZKccpdS90EgARA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-10-02T22:31:45Z"
mac: ENC[AES256_GCM,data:ZCA+9P4ZPYKw2lN8fELxxPUqa+Q/8Jpsk4meU5hSi2i2mEZwOKRy/OPaNzp3cBxRoAqRoDA7ciLRWL4u19ENmM1C6raNqocfjx/4rEBmVQqfJukoRh8dJbnBbG8ljCuNNClSILQli4bMOul0jvMX8IGoaz6+tluuiMfx4hZ7+2s=,iv:iiHW7igx8vhWeVGgv1CP42nqOKu8hO4BrKgw6ybJsmI=,tag:DyTt6c8fGP/1Nd6DkhL2hA==,type:str]
pgp:
- created_at: "2024-09-26T22:20:01Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA7pKPTYH5bqOARAAl2y4yZJGsWORJ5jd2CopSW6yx8IsHqLKq3khYxHkPamu
gjItOM/Gqep1QCJr4kxTkO7P0MaYi7ZGinuhishYu4xy1mom8WzJs/rA2cjW1UbF
m8GoUGypaPtSsR1nQufgrO6JbIch3Tr498wBD7SvXIWTFpooalcERvVB3F4T4CeT
gXIk+vSjvXkCmx4jgAVhpj249HQOk9nyX35UzcjaSOzYm9/vfs3vFRq8FXNRkGff
+Ui/os4xTB4GiLgnvQ7t8FYTqvDfMVwgKI6VkOplpnP50mmTdKYRVe79Awvq1+/V
UkkSHxmw5Zqj7nv8MoKIlYk2g+14NLz57i4zs2vK3cNqDAqezub7r/LRDcm5Haqp
ZmI8B6VUNhveI7hKjm8ssMlOz6x3s7hvex6e+AWRqvbknusXXCiI9dhL73TXXmeZ
yceIlg5T67PY2ysbpfuToyg6ihbkMo0bM1m/lQpA94yRx6EKO75AHvBaGxgDggSr
Q8/DM3J729yqjHvXLL+2YGXVlRSpMlWb+AYi4YLmB/rsT2wBlPWE7m0c3/xQA3ld
5b/CW/2JOfXlwnooXEMFICr9ExFeiOv4RTnNahOTVscnIsi5jSlYPkhWwKm6ughy
oahJRi6wb6sJrleoPKRea+Pwh2qdEaQE/nFeBZeMMZxyLySQmkWoXJET7HQR3szU
aAEJAhBFZF84NkBuqmo+A7z055hz1tEJSnjO6eZ/+jvX9pPkrAv/CqW9C8UeG3vt
a6/XjnRVr38ZKAtNt3ebFwjzKZDLVyrANycnEp1PV7Pc8QvltJ88VS/wmWSP9Hj0
BA11vpb7XvkU
=XmSy
-----END PGP MESSAGE-----
fp: 1E0CF38FF7C9ADAED58B436ABA4A3D3607E5BA8E
- created_at: "2024-09-26T22:20:01Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA51kG++kLewoAQ/+M1BLbAVU8kVgx/atZnWwjZtjukEc8vOFw4n9tscq0Dm3
UzoOpbM1kaq5Hq8+e1mVFXMWLYgHnKjeSwBSiRCmZgFfvzPK63E5c6ZorKniTneZ
T7BJwxmtEF8JG+N9O2SHmto4cWZcrHvmWS5jJ5ybUFlMiFp6z7fPBuOzhKvTMBsc
IFHBBF0eMANUGwlpXuYJMTUECnFjvIxu/UXPMVBZ1HWHbIewYTRWXPQXeDxlJyk6
YgtGChBZ8KRYNqX1kBi5AyIdjWA9+wrMtTVTghC+1eBTOm8TsmN280KBmB512li1
HgexbmQkgItlJwyOV/7MTo19yzve72yYlqoIv3BSrwYfr0NDaQM0mhLAwcHC2R1R
IAOzajlHtgbr3XBW0BxWMC4Ch23CatZE4WJlu/CJ07+aMCsSV4L+da7wopt0A9dx
og0aPjUGq3MFmSet0kJKLJHS1JBSjf0LVnQjB5A451Wmndpoc2gZSpNtM4I2e2+7
xe6RUB6oYjRyB0t771UMQ3sQrSN3cn2c8yuijLep837yvNqpRBR4bbc2XJdZIOMw
sKEGIAMyJjCagQJa4c2YY0fksVSnhnYzjklfsx+PAvsW9EiWo26Vldp4zHYsVALD
7yKAWGupRTTB2mTXg9wvoKRkOY8A3Lb9aG+xnrf967nJt9nCV9hPXs959dVw9+jS
XgFCzdWtznuFA5wPJA3ko6lqLnE1HCIdgAo5ovQ4y3K9jkoVJsS2ADAnEy9Ac2uk
uds32S29PQ9o+ReAIQKvTzFNmKSLbcsK/z6rGLh0WdqmqWg6kVidWvktDQHY86E=
=cW8j
-----END PGP MESSAGE-----
fp: 49F10679C425233EFB4B1B6F9D641BEFA42DEC28
encrypted_regex: ^(data|stringData)$
version: 3.9.0

4
infrastructure/configs/secrets/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cloudflare-token.yaml

33
infrastructure/controllers/akri.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: v1
kind: Namespace
metadata:
name: akri
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: akri
namespace: akri
spec:
interval: 1m0s
url: https://project-akri.github.io/akri/
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: akri
namespace: akri
spec:
chart:
spec:
chart: akri
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: akri
version: 0.12.20
interval: 1m0s
values:
udev:
discovery:
enabled: true

40
infrastructure/controllers/cert-manager.yaml Normal file
View File

@@ -0,0 +1,40 @@
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: jetstack
namespace: cert-manager
spec:
interval: 1m0s
url: https://charts.jetstack.io
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cert-manager
namespace: cert-manager
spec:
chart:
spec:
chart: cert-manager
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: jetstack
version: v1.15.3
interval: 1m0s
values:
installCRDs: true
replicaCount: 1
extraArgs:
- --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53
- --dns01-recursive-nameservers-only
podDnsPolicy: None
podDnsConfig:
nameservers:
- "1.1.1.1"
- "9.9.9.9"

6
infrastructure/controllers/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- akri.yaml
- cert-manager.yaml
- traefik.yaml

50
infrastructure/controllers/traefik.yaml Normal file
View File

@@ -0,0 +1,50 @@
apiVersion: v1
kind: Namespace
metadata:
name: traefik
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: traefik
namespace: traefik
spec:
interval: 1m0s
url: https://traefik.github.io/charts
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: traefik
namespace: traefik
spec:
chart:
spec:
chart: traefik
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: traefik
version: 31.1.1
interval: 1m0s
values:
deployment:
kind: DaemonSet
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/master
operator: Exists
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
ports:
web:
redirectTo:
port: websecure
providers:
kubernetesCRD:
ingressClass: "traefik-external"