Setup flux-system gitea receiver

2025-04-23 18:44:46 +02:00 · 2025-04-23 18:44:46 +02:00 · bce1546502
commit bce1546502
parent 0c7dc1a3de
6 changed files with 115 additions and 3 deletions
--- a/clusters/titan.lan.huizinga.dev/flux-system/config-map-domain-vars.yaml
+++ b/clusters/titan.lan.huizinga.dev/flux-system/config-map-domain-vars.yaml
@ -0,0 +1,10 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: domain-vars
  namespace: flux-system
 data:
  domain: staging.huizinga.dev
  # Specifically for authelia
  subdomain: .staging
  topdomain: huizinga.dev
--- a/clusters/titan.lan.huizinga.dev/flux-system/ingress.yaml
+++ b/clusters/titan.lan.huizinga.dev/flux-system/ingress.yaml
@ -0,0 +1,24 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: flux-webhook
  namespace: flux-system
  annotations:
    traefik.ingress.kubernetes.io/router.entryPoints: websecure
    traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd
    traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
  ingressClassName: traefik
  rules:
    - host: flux.${domain}
      http:
        paths:
          - backend:
              service:
                name: webhook-receiver
                port:
                  number: 80
            path: /
            pathType: Prefix
  tls:
    - secretName: ${domain//./-}-tls
--- a/clusters/titan.lan.huizinga.dev/flux-system/kustomization.yaml
+++ b/clusters/titan.lan.huizinga.dev/flux-system/kustomization.yaml
@ -1,7 +1,11 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - gotk-components.yaml
+  - ./gotk-components.yaml
-  - gotk-sync.yaml
+  - ./gotk-sync.yaml
  - ./config-map-domain-vars.yaml
  # - ./ingress.yaml
  - ./secret-receiver.yaml
  - ./receiver.yaml
 patches:
-  - path: sops-overlay.yaml
+  - path: patches.yaml
--- a/clusters/titan.lan.huizinga.dev/flux-system/sops-overlay.yaml
+++ b/clusters/titan.lan.huizinga.dev/flux-system/sops-overlay.yaml
@ -10,3 +10,7 @@ spec:
    provider: sops
    secretRef:
      name: sops-gpg
  postBuild:
    substituteFrom:
      - kind: ConfigMap
        name: domain-vars
--- a/clusters/titan.lan.huizinga.dev/flux-system/receiver.yaml
+++ b/clusters/titan.lan.huizinga.dev/flux-system/receiver.yaml
@ -0,0 +1,16 @@
 apiVersion: notification.toolkit.fluxcd.io/v1
 kind: Receiver
 metadata:
  name: flux-infra-receiver
  namespace: flux-system
 spec:
  type: github
  events:
    - "ping"
    - "push"
  secretRef:
    name: receiver
  resources:
    - apiVersion: source.toolkit.fluxcd.io/v1
      kind: GitRepository
      name: flux-system
--- a/clusters/titan.lan.huizinga.dev/flux-system/secret-receiver.yaml
+++ b/clusters/titan.lan.huizinga.dev/flux-system/secret-receiver.yaml
@ -0,0 +1,54 @@
 apiVersion: v1
 data:
    token: ENC[AES256_GCM,data:Nd4t7LkkCe9pd/ilITlwZpmpF+oRmMfIbgbEiAzTK+OWUb4q37bBzGvhc3V70soS7XmpU13lJwo=,iv:qMoW9dsDauSEsw7GjuCSmsCy3k54jt5x/nngSdGiErg=,tag:ZTkP8IGT+DOJLfO+gIX2xg==,type:str]
 kind: Secret
 metadata:
    name: receiver
    namespace: flux-system
 sops:
    lastmodified: "2025-04-23T17:01:23Z"
    mac: ENC[AES256_GCM,data:blRYui9FBvet9nuOUEPaMLLzD6CvX7pDZQEtQV5jLfKqLWEBFXUA13zqTrxtH1slGOzif1xshGqjOgsxREvEdb4Y8uSfoWSPuhkPI4WuRESjyYsVHUlP0fOIdE/CNc/xT4wTxxsvZ46ShGCMZ/QN29XsQ04nwHaEsTmYMqtgsBM=,iv:Km0FIruKN+N0Hsat4QaTBCCAHMQz5IiYkTKG2IGILUI=,tag:A1v4kEs46vz2Cm9ZN5Qw1g==,type:str]
    pgp:
        - created_at: "2025-04-23T17:01:23Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
            hQIMA7pKPTYH5bqOARAAwZ69AwI2iTOboLpzZmW41EngGkhPKGghGFssiyfWbXqR
            dtNG+wG371TF9nUMoLagJEqTUGRVX8xznG7R68QhVd85C1iswrNJjZ55nnJKf0IN
            aRcLp3xsZuWPefOFadaJglRtgLnmCtPNur1TmPXR4V94ycOe1wBTSbvheTs73h6M
            LBfRBruv2ttJsrcmI2az57KgOrIQnPu/z/NSEbc2GM3CU7/Z9ChWt+b5WEyv/7Sp
            Sp0ohmC9HputBFGueC6Hw08+152C8yn3BpJhMhiWcCEryNiwKawf/n2UFJ8gk86/
            5CkRX1CWRtz8nRIfmiwU5IBd5aMXhK684/1lTtdshHGEhSbaGA9N6lK70vdrfVl+
            euaQkqyCy2sFkhz0EvcK+PTGxnueQ4UuO01l5yRG/ZUdjzYVh9fpx3RoMnJaBctx
            l63LUG+xXSwR0xy4JIkrWyFDwIyGAebxbtQ8QUeLkmMzHyUx8tOL0qfKd8qkEFwg
            eJWh0guYllSldgP5h7bJXOTej3ZrP9yC1WY3z2wHu+415/eCpwucFCu/A5QnJXnA
            YLTE2CIwdDpj5XjjwQwmTNpBgfQ/csHJua40CURJbsYhk4HfqbHNdjEc5kkem/3L
            PrtA/d59iwy3Vjkn1xmrcX+od3qXRFVDwMjaCleAXi3dnsfN619j8PrZh2bkUyHU
            aAEJAhD1hSP/yZbfctLVNBCXT3HE8bLlAp82zYsqwx7UJWOhv4saodU1Zm13CWdk
            nlbN8v3w5o19Xo85rt4YB091dGliTAAQ2CfvsCLRO4ZjO6N2F4KSCSTO0jLSJkce
            hly9/ZsJAtXB
            =GCZA
            -----END PGP MESSAGE-----
          fp: 1E0CF38FF7C9ADAED58B436ABA4A3D3607E5BA8E
        - created_at: "2025-04-23T17:01:23Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
            hQIMA51kG++kLewoARAA5IO7TXG5xkv+mlSwFBDbldn5jPy9E1+HbZHp+4CmRquI
            ONPEeDZgh3n+Fr87OMUKMKfgdEpjdE+l80rCmF7zgaVNqLscRcLJ17k14XfbpsrG
            wsp5gsvymGh6sllUopetugvzd6gdxEianuhKU6DYJMM+X/nPTDsa5wHazRzPQxS/
            8zp9tlPWt0HkZelBKXmLoYofZBakZOqZstQvhB0SSjC0BVpQN5WIfh1ES6uoBxhY
            ddA0R34r1jwXWDE2UqD1Rx12H3TzUxdPGGw5rQKsEZSuEwxfxqjUAsn29ARR88qU
            FlvSsy+FW7/6HeTcxwS1IMyZfNwRKQYLkzcwqf+OsrrjqTSBPCt8rcMoDVH3vxdf
            wazu/vqoM1mwkUlogEF/M/SITEO9nJzrkAihAr6OJgfTJqi8RJffxoXQ8gAfan2J
            wYMkcTxPNnskyZMUr2onotdnqdVSMgR2vwnsvIfSWUSx4eMpK8wO2xQm60hAXNHx
            QCVcTz7sMDu6nD3xsvJs5D67YnkrLuqnuNeHQqSsREPv132kKIpEhAZop0MYk8ld
            798jafK8xCzasbIZqDRzSqUUK/Z/J4EN8A4zRY5EtcbXdKHpKkUYuX/Sb7y2FAQR
            JMV3uqLxJoz4mqUM0VJBt77Del5YQ5LeqE8aHMBDNtfjAdmK/2xg7BuGuromZYzS
            XgFxwGfX791vSkUJ/z+7Nf3QmAKBXOuEYaYJbcZ5pFbKKdcfI8iEfL7utVQ59U2k
            4BLB7aChrp8J795YQna+YgPybK5NR00FX6qLJiZAp56MdcvncJ8s42/epRWRusk=
            =8ak0
            -----END PGP MESSAGE-----
          fp: 49F10679C425233EFB4B1B6F9D641BEFA42DEC28
    encrypted_regex: ^(data|stringData)$
    version: 3.10.1