feat: Added lldap

feat: Allow cnpg garage credentials reflection
feat: Add refelctor
2025-12-18 02:56:58 +01:00 · 2025-12-18 02:56:58 +01:00 · 2025-12-18 02:55:28 +01:00 · 2025-12-18 02:55:28 +01:00 · 2025-12-18 02:55:28 +01:00 · 2025-12-18 02:55:28 +01:00
12 changed files with 79 additions and 4 deletions
--- a/apps/lldap/base/garage-s3-garage.yaml
+++ b/apps/lldap/base/garage-s3-garage.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: s3-garage
+  namespace: cnpg-system
+  annotations:
+    reflector.v1.k8s.emberstack.com/reflects: "cnpg-system/s3-garage"
+type: Opaque
+data: {}
--- a/apps/lldap/base/kustomization.yaml
+++ b/apps/lldap/base/kustomization.yaml
@@ -7,3 +7,5 @@ resources:
  - deployment.yaml
  - service.yaml
  - http-route.yaml
+  - secret-s3-garage.yaml
+  - object-store.yaml
--- a/controllers/cnpg/staging/object-store.yaml
+++ b/controllers/cnpg/staging/object-store.yaml
@@ -2,7 +2,7 @@ apiVersion: barmancloud.cnpg.io/v1
 kind: ObjectStore
 metadata:
  name: garage-store
-  namespace: cnpg-system
+  namespace: lldap
 spec:
  configuration:
    destinationPath: s3://cnpg-backup/
--- a/clusters/testing/kustomization.yaml
+++ b/clusters/testing/kustomization.yaml
@@ -9,6 +9,7 @@ resources:
  - ../../controllers/longhorn/longhorn.yaml
  - ../../controllers/local-path-provisioner/local-path-provisioner.yaml
  - ../../controllers/cnpg/cnpg.yaml
+  - ../../controllers/reflector/reflector.yaml

  - ../../configs/artifacts.yaml
  - ../../configs/cilium-config/cilium-config.yaml
--- a/controllers/artifacts.yaml
+++ b/controllers/artifacts.yaml
@@ -39,3 +39,8 @@ spec:
      copy:
        - from: "@foundation/controllers/cnpg/**"
          to: "@artifact/"
+    - name: reflector
+      originRevision: "@foundation"
+      copy:
+        - from: "@foundation/controllers/reflector/**"
+          to: "@artifact/"
--- a/controllers/cnpg/staging/kustomization.yaml
+++ b/controllers/cnpg/staging/kustomization.yaml
@@ -3,7 +3,6 @@ kind: Kustomization
 resources:
  - ../base
  - secret-s3-garage.enc.yaml
-  - object-store.yaml

 configMapGenerator:
  - name: values-overlay
--- a/controllers/cnpg/staging/secret-s3-garage.enc.yaml
+++ b/controllers/cnpg/staging/secret-s3-garage.enc.yaml
@@ -3,6 +3,8 @@ kind: Secret
 metadata:
    name: s3-garage
    namespace: cnpg-system
+    annotations:
+        reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
 type: Opaque
 stringData:
    ACCESS_KEY_ID: ENC[AES256_GCM,data:TOEQMG/kHs5XUk77ijyV089ZTq1dKsoZUas=,iv:mVDOkl5qOxGdvCvdcXUuUjX85oKqbd+n5maHsKwCiFg=,tag:pho0oWPTwtM6lGQ2vA1d5A==,type:str]
@@ -27,8 +29,8 @@ sops:
            K09tZGI0Z2w0eXh5eHcvcEttMy82aU0K2fnCDfYIShzw2Zipof+C8zf9pcOmiDg9
            2SCiIfAJs9MB3n078P068z77KpvdlJYOi9pUTKSBhNw+mBI24y6X6A==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-15T03:46:42Z"
-    mac: ENC[AES256_GCM,data:UG9rSQ4ep7Ln4g5QCtvD6U90Oc8iWpni+kypMpJ+AQM8LC0TTs9zFQgcxmo2wjZn38Fp+br/5KC172SqBNG4Q1yXhlRiqiIeyx9ynrZeceRSqHaaruB1hj83/0FwahqjB/t6yutWIfnp00UC92mMKGlef48UNZ8IW17e5uHE0m4=,iv:LvR4BEkgAr6PJ8fYATFois4j8/rgztn/Jggj/mFgCIk=,tag:W38qDd1RkCdK3bVMqOVnjA==,type:str]
+    lastmodified: "2025-12-18T01:50:56Z"
+    mac: ENC[AES256_GCM,data:Wul3Dc7nvnBwmuTp+yIuaMRg//ui4rhZFsOlfOYeUx7z5ObGA0KIIgk8BM73/R4Hkzg2G/wKrUdWRa8wXFAwxzBEtFaXUgaSJhUjzMnDtVp+PiTLYWSYt8rx8S+lKbXk+2KLQOaHi10XO3P5JIXtEhP6K2a4rONwsi2224QPSec=,iv:OW4qY4oJXhi/EpktCW/9u8mhQQSaizc89lRFecOPo5w=,tag:fZqV8/0Nm/KGfGgmXNC4kg==,type:str]
    pgp:
        - created_at: "2025-12-11T23:56:15Z"
          enc: |-
--- a/controllers/reflector/helm-release.yaml
+++ b/controllers/reflector/helm-release.yaml
@@ -0,0 +1,23 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: reflector
+  namespace: reflector
+spec:
+  interval: 12h
+  install:
+    strategy:
+      name: RetryOnFailure
+      retryInterval: 2m
+  upgrade:
+    strategy:
+      name: RetryOnFailure
+      retryInterval: 3m
+  chart:
+    spec:
+      chart: reflector
+      version: "0.5.x"
+      sourceRef:
+        kind: HelmRepository
+        name: reflector
+      interval: 24h
--- a/controllers/reflector/helm-repository.yaml
+++ b/controllers/reflector/helm-repository.yaml
@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: reflector
+  namespace: reflector
+spec:
+  type: "oci"
+  interval: 24h
+  url: oci://ghcr.io/emberstack/helm-charts/reflector
--- a/controllers/reflector/kustomization.yaml
+++ b/controllers/reflector/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - helm-repository.yaml
+  - helm-release.yaml
--- a/controllers/reflector/namespace.yaml
+++ b/controllers/reflector/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: reflector
--- a/controllers/reflector/reflector.yaml
+++ b/controllers/reflector/reflector.yaml
@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: reflector
+  namespace: flux-system
+spec:
+  interval: 1h
+  retryInterval: 2m
+  timeout: 5m
+  sourceRef:
+    kind: ExternalArtifact
+    name: reflector
+  path: ./
+  prune: true
+  wait: true
Author	SHA1	Message	Date
Dreaded_X	af138a30d5	feat: Added lldap Some checks failed kustomization/cert-manager/fffa8587 reconciliation succeeded kustomization/flux-system/fffa8587 reconciliation succeeded kustomization/cnpg/fffa8587 reconciliation succeeded kustomization/lldap/fffa8587 build failed kustomization/reflector/fffa8587 health check failed	2025-12-18 02:56:58 +01:00
Dreaded_X	b0ce23a499	feat: Allow cnpg garage credentials reflection	2025-12-18 02:56:58 +01:00
Dreaded_X	177f84b00b	feat: Add refelctor	2025-12-18 02:55:28 +01:00
Dreaded_X	d5ae48434e	feat: Redirect http to https	2025-12-18 02:55:28 +01:00
Dreaded_X	b3febd862e	feat: Added default gateway	2025-12-18 02:55:28 +01:00
Dreaded_X	633cb984fd	feat: Move certificates to default namespace	2025-12-18 02:55:28 +01:00
Dreaded_X	21f793138c	feat: Setup cilium L2 announcments and IP pool	2025-12-18 02:55:28 +01:00
Dreaded_X	f6024a46e5	feat: Move spegel to apps	2025-12-18 02:55:28 +01:00
Dreaded_X	d6ef8702a3	feat: Put ClusterIssuer under certificates	2025-12-18 02:55:28 +01:00
Dreaded_X	ac19ed42d1	feat: Added barman cloud plugin	2025-12-18 02:55:28 +01:00