Dreaded_X/flux-infra
1
0
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases Wiki Activity

Reorganized repository

Browse Source
This commit is contained in:
Dreaded_X 2024-10-02 23:44:59 +02:00
parent 851223d86d
commit 8d8d52aeba
Signed by: Dreaded_X
GPG Key ID: FA5F485356B0D2D4
35 changed files with 133 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
clusters/titan.lan.huizinga.dev/.sops.yaml → .sops.yaml
View File

4
clusters/titan.lan.huizinga.dev/cert-manager/certificates/kustomization.yaml → apps/kustomization.yaml
View File

@ -1,5 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- huizinga-dev-staging.yaml - ./traefik-dashboard
- huizinga-dev.yaml - ./whoami.yaml

0
clusters/titan.lan.huizinga.dev/traefik/dashboard/ingress.yaml → apps/traefik-dashboard/ingress.yaml
View File

0
clusters/titan.lan.huizinga.dev/traefik/dashboard/kustomization.yaml → apps/traefik-dashboard/kustomization.yaml
View File

0
clusters/titan.lan.huizinga.dev/traefik/dashboard/middleware.yaml → apps/traefik-dashboard/middleware.yaml
View File

0
clusters/titan.lan.huizinga.dev/traefik/dashboard/secret.yaml → apps/traefik-dashboard/secret.yaml
View File

2
clusters/titan.lan.huizinga.dev/whoami/whoami.yaml → apps/whoami.yaml
View File

@ -41,7 +41,7 @@ spec:
apiVersion: traefik.io/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: IngressRoute kind: IngressRoute
metadata: metadata:
name: whoami-dashboard name: whoami
namespace: default namespace: default
annotations: annotations:
kubernetes.io/ingress.class: traefik-external kubernetes.io/ingress.class: traefik-external

8
clusters/titan.lan.huizinga.dev/akri/helmrepo.yaml
View File

@ -1,8 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: akri
namespace: akri
spec:
interval: 1m0s
url: https://project-akri.github.io/akri/

4
clusters/titan.lan.huizinga.dev/akri/namespace.yaml
View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: akri

20
clusters/titan.lan.huizinga.dev/apps.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: apps
namespace: flux-system
spec:
dependsOn:
- name: infra-configs
decryption:
provider: sops
secretRef:
name: sops-gpg
interval: 10m
timeout: 5m
sourceRef:
kind: GitRepository
name: flux-system
path: ./apps
prune: true
wait: true

14
clusters/titan.lan.huizinga.dev/cert-manager/certificates/huizinga-dev-staging.yaml
View File

@ -1,14 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: huizinga-dev-staging
namespace: default
spec:
secretName: huizinga-dev-staging-tls
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
commonName: "*.huizinga.dev"
dnsNames:
- "huizinga.dev"
- "*.huizinga.dev"

8
clusters/titan.lan.huizinga.dev/cert-manager/helmrepo.yaml
View File

@ -1,8 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: jetstack
namespace: cert-manager
spec:
interval: 1m0s
url: https://charts.jetstack.io

6
clusters/titan.lan.huizinga.dev/cert-manager/issuers/kustomization.yaml
View File

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- secret.yaml
- letsencrypt-staging.yaml
- letsencrypt-production.yaml

17
clusters/titan.lan.huizinga.dev/cert-manager/issuers/letsencrypt-staging.yaml
View File

@ -1,17 +0,0 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: tim.huizinga@gmail.com
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- dns01:
cloudflare:
email: tim.huizinga@gmail.com
apiTokenSecretRef:
name: cloudflare-token-secret
key: cloudflare-token

8
clusters/titan.lan.huizinga.dev/cert-manager/kustomization.yaml
View File

@ -1,8 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- helmrepo.yaml
- cert-manager.yaml
- issuers
- certificates

4
clusters/titan.lan.huizinga.dev/cert-manager/namespace.yaml
View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager

48
clusters/titan.lan.huizinga.dev/infrastructure.yaml Normal file
View File

@ -0,0 +1,48 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: infra-controllers
namespace: flux-system
spec:
interval: 1h
retryInterval: 1m
timeout: 5m
sourceRef:
kind: GitRepository
name: flux-system
path: ./infrastructure/controllers
prune: true
wait: true
patches:
- patch: |
- op: add
path: /spec/values
value:
service:
spec:
loadBalancerIP: 10.0.0.210
target:
kind: HelmRelease
name: traefik
namespace: traefik
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: infra-configs
namespace: flux-system
spec:
dependsOn:
- name: infra-controllers
decryption:
provider: sops
secretRef:
name: sops-gpg
interval: 1h
retryInterval: 1m
timeout: 5m
sourceRef:
kind: GitRepository
name: flux-system
path: ./infrastructure/configs
prune: true

0
clusters/titan.lan.huizinga.dev/kube-system/kube-vip.app.yaml → clusters/titan.lan.huizinga.dev/kube-vip/kube-vip.app.yaml
View File

0
clusters/titan.lan.huizinga.dev/kube-system/kube-vip.config.yaml → clusters/titan.lan.huizinga.dev/kube-vip/kube-vip.config.yaml
View File

0
clusters/titan.lan.huizinga.dev/kube-system/kube-vip.rbac.yaml → clusters/titan.lan.huizinga.dev/kube-vip/kube-vip.rbac.yaml
View File

0
clusters/titan.lan.huizinga.dev/kube-system/kustomization.yaml → clusters/titan.lan.huizinga.dev/kube-vip/kustomization.yaml
View File

8
clusters/titan.lan.huizinga.dev/traefik/helmrepo.yaml
View File

@ -1,8 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: traefik
namespace: traefik
spec:
interval: 1m0s
url: https://traefik.github.io/charts

8
clusters/titan.lan.huizinga.dev/traefik/kustomization.yaml
View File

@ -1,8 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- helmrepo.yaml
- traefik.yaml
- default-headers.yaml
- dashboard

4
clusters/titan.lan.huizinga.dev/traefik/namespace.yaml
View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: traefik

0
clusters/titan.lan.huizinga.dev/akri/devices/pico-debugger.yaml → infrastructure/configs/akri-devices.yaml
View File

2
clusters/titan.lan.huizinga.dev/cert-manager/certificates/huizinga-dev.yaml → infrastructure/configs/certificates.yaml
View File

@ -6,7 +6,7 @@ metadata:
spec: spec:
secretName: huizinga-dev-tls secretName: huizinga-dev-tls
issuerRef: issuerRef:
name: letsencrypt-production name: letsencrypt
kind: ClusterIssuer kind: ClusterIssuer
commonName: "*.huizinga.dev" commonName: "*.huizinga.dev"
dnsNames: dnsNames:

4
clusters/titan.lan.huizinga.dev/cert-manager/issuers/letsencrypt-production.yaml → infrastructure/configs/cluster-issuers.yaml
View File

@ -1,13 +1,13 @@
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: ClusterIssuer kind: ClusterIssuer
metadata: metadata:
name: letsencrypt-production name: letsencrypt
spec: spec:
acme: acme:
server: https://acme-v02.api.letsencrypt.org/directory server: https://acme-v02.api.letsencrypt.org/directory
email: tim.huizinga@gmail.com email: tim.huizinga@gmail.com
privateKeySecretRef: privateKeySecretRef:
name: letsencrypt-production name: letsencrypt
solvers: solvers:
- dns01: - dns01:
cloudflare: cloudflare:

9
infrastructure/configs/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./secrets/
- ./cluster-issuers.yaml
- ./certificates.yaml
- ./middleware.yaml
- ./akri-devices.yaml

0
clusters/titan.lan.huizinga.dev/traefik/default-headers.yaml → infrastructure/configs/middleware.yaml
View File

4
clusters/titan.lan.huizinga.dev/cert-manager/issuers/secret.yaml → infrastructure/configs/secrets/cloudflare-token.yaml
View File

@ -12,8 +12,8 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2024-09-26T22:20:01Z" lastmodified: "2024-10-02T22:31:45Z"
mac: ENC[AES256_GCM,data:Xi30AdWVf8lNwJIMTir+ejR9qO8F1lFB8u99vd6NLWAq4twvoTRQi/Vfh61CsDuYLRBd9gC9hrCLiLz2AOTFlyTRUQpUxidFuD1tFmBUFNK1QXfpq+5HbLznBx4UHh5fIFnXq4+ZlHqKjHfMRrzcDT+L4DQb+gB+k8y8mcFru3E=,iv:19aCn3H0eWwJpMGC6+MbzELkpknGGzHAtaYOBySr/fE=,tag:VI2iqwfKOeSdI5U2L2uYWw==,type:str] mac: ENC[AES256_GCM,data:ZCA+9P4ZPYKw2lN8fELxxPUqa+Q/8Jpsk4meU5hSi2i2mEZwOKRy/OPaNzp3cBxRoAqRoDA7ciLRWL4u19ENmM1C6raNqocfjx/4rEBmVQqfJukoRh8dJbnBbG8ljCuNNClSILQli4bMOul0jvMX8IGoaz6+tluuiMfx4hZ7+2s=,iv:iiHW7igx8vhWeVGgv1CP42nqOKu8hO4BrKgw6ybJsmI=,tag:DyTt6c8fGP/1Nd6DkhL2hA==,type:str]
pgp: pgp:
- created_at: "2024-09-26T22:20:01Z" - created_at: "2024-09-26T22:20:01Z"
enc: |- enc: |-

4
infrastructure/configs/secrets/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cloudflare-token.yaml

14
clusters/titan.lan.huizinga.dev/akri/akri.yaml → infrastructure/controllers/akri.yaml
View File

@ -1,3 +1,17 @@
apiVersion: v1
kind: Namespace
metadata:
name: akri
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: akri
namespace: akri
spec:
interval: 1m0s
url: https://project-akri.github.io/akri/
---
apiVersion: helm.toolkit.fluxcd.io/v2 apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease kind: HelmRelease
metadata: metadata:

14
clusters/titan.lan.huizinga.dev/cert-manager/cert-manager.yaml → infrastructure/controllers/cert-manager.yaml
View File

@ -1,3 +1,17 @@
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: jetstack
namespace: cert-manager
spec:
interval: 1m0s
url: https://charts.jetstack.io
---
apiVersion: helm.toolkit.fluxcd.io/v2 apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease kind: HelmRelease
metadata: metadata:

4
clusters/titan.lan.huizinga.dev/akri/kustomization.yaml → infrastructure/controllers/kustomization.yaml
View File

@ -1,6 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- namespace.yaml
- helmrepo.yaml
- akri.yaml - akri.yaml
- cert-manager.yaml
- traefik.yaml

18
clusters/titan.lan.huizinga.dev/traefik/traefik.yaml → infrastructure/controllers/traefik.yaml
View File

@ -1,3 +1,17 @@
apiVersion: v1
kind: Namespace
metadata:
name: traefik
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: traefik
namespace: traefik
spec:
interval: 1m0s
url: https://traefik.github.io/charts
---
apiVersion: helm.toolkit.fluxcd.io/v2 apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease kind: HelmRelease
metadata: metadata:
@ -34,7 +48,3 @@ spec:
providers: providers:
kubernetesCRD: kubernetesCRD:
ingressClass: "traefik-external" ingressClass: "traefik-external"
service:
spec:
loadBalancerIP: 10.0.0.210