Added cert-manager

artifacts.yaml

@@ -0,0 +1,16 @@
+apiVersion: source.extensions.fluxcd.io/v1beta1
+kind: ArtifactGenerator
+metadata:
+  name: flux-system
+  namespace: flux-system
+spec:
+  sources:
+    - alias: foundation
+      kind: GitRepository
+      name: flux-system
+  artifacts:
+    - name: cert-manager
+      originRevision: "@monorepo"
+      copy:
+        - from: "@foundation/controllers/cert-manager/**"
+          to: "@artifact/"

bootstrap.sh

@@ -117,3 +117,7 @@ cilium-cli status --wait
 
 # echo "Running connectivity test..."
 # cilium-cli connectivity test --namespace-labels pod-security.kubernetes.io/enforce=privileged
+
+echo "Bootstrapping flux..."
+flux bootstrap git --url ssh://git@huizinga.dev/infra/foundation --branch=main --path=clusters/${cluster_name} \
+	--components-extra=source-watcher

clusters/testing/artifacts.yaml

@@ -0,0 +1 @@
+../../artifacts.yaml

clusters/testing/controllers/cert-manager.yaml

@@ -0,0 +1 @@
+../../../controllers/cert-manager/cert-manager.yaml

clusters/testing/flux-system/gotk-sync.yaml

@@ -0,0 +1,27 @@
+# This manifest was generated by flux. DO NOT EDIT.
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: flux-system
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  ref:
+    branch: main
+  secretRef:
+    name: flux-system
+  url: ssh://git@huizinga.dev/infra/foundation
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: flux-system
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  path: ./clusters/testing
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system

clusters/testing/flux-system/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- gotk-components.yaml
+- gotk-sync.yaml

configurations/helm-release.yaml

@@ -0,0 +1,6 @@
+nameReference:
+  - kind: ConfigMap
+    version: v1
+    fieldSpecs:
+      - path: spec/valuesFrom/name
+        kind: HelmRelease

controllers/cert-manager/cert-manager.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cert-manager
+  namespace: flux-system
+spec:
+  interval: 1h
+  retryInterval: 2m
+  timeout: 5m
+  sourceRef:
+    kind: ExternalArtifact
+    name: cert-manager
+  path: ./
+  prune: true
+  wait: true

controllers/cert-manager/helm-repository.yaml

@@ -0,0 +1,21 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  interval: 12h
+  install:
+    strategy:
+      name: RetryOnFailure
+      retryInterval: 2m
+  upgrade:
+    strategy:
+      name: RetryOnFailure
+      retryInterval: 3m
+  chartRef:
+    kind: OCIRepository
+    name: cert-manager
+  valuesFrom:
+    - kind: ConfigMap
+      name: values

controllers/cert-manager/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./namespace.yaml
+  - ./oci-repository.yaml
+  - ./helm-release.yaml
+
+configurations:
+  - ../../configurations/helm-release.yaml
+
+configMapGenerator:
+  - name: values
+    namespace: cert-manager
+    files:
+      - ./values.yaml

controllers/cert-manager/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager

controllers/cert-manager/oci-repository.yaml

@@ -0,0 +1,13 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: OCIRepository
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  interval: 24h
+  url: oci://quay.io/jetstack/charts/cert-manager
+  layerSelector:
+    mediaType: "application/vnd.cncf.helm.chart.content.v1.tar+gzip"
+    operation: copy
+  ref:
+    semver: "1.x"

controllers/cert-manager/values.yaml

@@ -0,0 +1,3 @@
+crds:
+  enabled: true
+  keep: false