infra/foundation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: infra:main
Branches Tags
infra:main
...
compare: infra:4acc21813584860f6a9138f09ec5735db052ade3
Branches Tags
infra:main

4 Commits
main ... 4acc218135

Author SHA1 Message Date
Dreaded_X
4acc218135 feat: Added OpenEBS local storage 2025-12-03 05:00:15 +01:00
Dreaded_X
7d00923dbc feat: Use pre-generated deploy key 2025-12-03 05:00:06 +01:00
Dreaded_X
e19e14e761 chore: Added pre-commit hooks 2025-12-02 05:10:18 +01:00
Dreaded_X
8fc8a589b7 feat: Added spegel 2025-12-02 05:09:27 +01:00
20 changed files with 185 additions and 1 deletions
Expand all files Collapse all files

1
.gitattributes vendored Normal file
View File

@@ -0,0 +1 @@
*.key filter=git-crypt diff=git-crypt

28
.pre-commit-config.yaml Normal file
View File

@@ -0,0 +1,28 @@
default_install_hook_types: [pre-commit, commit-msg]
exclude: gotk-.*.yaml
repos:
- repo: builtin
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml
args:
- --allow-multiple-documents
- id: check-added-large-files
- id: check-merge-conflict
- id: check-executables-have-shebangs
- repo: https://github.com/crate-ci/typos
rev: v1.40.0
hooks:
- id: typos
- repo: https://github.com/sirwart/ripsecrets
rev: v0.1.11
hooks:
- id: ripsecrets-system
- repo: https://github.com/crate-ci/committed
rev: v1.1.8
hooks:
- id: committed

1
.secretsignore Normal file
View File

@@ -0,0 +1 @@
keys/*.key

6
.typos.toml Normal file
View File

@@ -0,0 +1,6 @@
[default]
extend-ignore-re = [
"(?Rm)^.*(#|//)\\s*spellchecker:disable-line$",
"(?s)(#|//)\\s*spellchecker:off.*?\\n\\s*(#|//)\\s*spellchecker:on",
"(#|//)\\s*spellchecker:ignore-next-line\\n.*",
]

8
bootstrap.sh
View File

@@ -58,6 +58,7 @@ if [ "${vip}" = "null" ]; then
fi fi
echo -n "Checking connection to ${bootstrap_ip}... " echo -n "Checking connection to ${bootstrap_ip}... "
# spellchecker:ignore-next-line
if nmap -Pn ${bootstrap_ip} -p 50000 | grep -q 'open'; then if nmap -Pn ${bootstrap_ip} -p 50000 | grep -q 'open'; then
echo "[Success]" echo "[Success]"
else else
@@ -67,6 +68,7 @@ fi
count=0 count=0
max_retries=20 max_retries=20
# spellchecker:ignore-next-line
while ! nmap -Pn ${vip} -p 50000 | grep -q 'open' && [ ${count} -lt ${max_retries} ]; do while ! nmap -Pn ${vip} -p 50000 | grep -q 'open' && [ ${count} -lt ${max_retries} ]; do
if [ $count -eq 0 ]; then if [ $count -eq 0 ]; then
echo -n "Bootstrapping Kubernetes" echo -n "Bootstrapping Kubernetes"
@@ -122,5 +124,9 @@ cilium-cli status --wait
# cilium-cli connectivity test --namespace-labels pod-security.kubernetes.io/enforce=privileged # cilium-cli connectivity test --namespace-labels pod-security.kubernetes.io/enforce=privileged
echo "Bootstrapping flux..." echo "Bootstrapping flux..."
flux bootstrap git --url ssh://git@huizinga.dev/infra/foundation --branch=main --path=clusters/${cluster_name} \ flux bootstrap git \
--url ssh://git@huizinga.dev/infra/foundation \
--branch=main \
--private-key-file=keys/${cluster_name}.key
--path=clusters/${cluster_name} \
--components-extra=source-watcher --components-extra=source-watcher

2
clusters/testing/kustomization.yaml
View File

@@ -5,6 +5,8 @@ resources:
- ../../controllers/artifacts.yaml - ../../controllers/artifacts.yaml
- ../../controllers/cilium/cilium.yaml - ../../controllers/cilium/cilium.yaml
- ../../controllers/cert-manager/cert-manager.yaml - ../../controllers/cert-manager/cert-manager.yaml
- ../../controllers/spegel/spegel.yaml
- ../../controllers/openebs/openebs.yaml
- ../../configs/artifacts.yaml - ../../configs/artifacts.yaml
- ../../configs/letsencrypt/letsencrypt.yaml - ../../configs/letsencrypt/letsencrypt.yaml
- ../../configs/certificates/certificates.yaml - ../../configs/certificates/certificates.yaml

2
committed.toml Normal file
View File

@@ -0,0 +1,2 @@
style = "conventional"
ignore_author_re = "Flux"

10
controllers/artifacts.yaml
View File

@@ -19,3 +19,13 @@ spec:
copy: copy:
- from: "@foundation/controllers/cert-manager/**" - from: "@foundation/controllers/cert-manager/**"
to: "@artifact/" to: "@artifact/"
- name: spegel
originRevision: "@foundation"
copy:
- from: "@foundation/controllers/spegel/**"
to: "@artifact/"
- name: openebs
originRevision: "@foundation"
copy:
- from: "@foundation/controllers/openebs/**"
to: "@artifact/"

39
controllers/openebs/helm-release.yaml Normal file
View File

@@ -0,0 +1,39 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: openebs
namespace: openebs
spec:
interval: 12h
install:
strategy:
name: RetryOnFailure
retryInterval: 2m
upgrade:
strategy:
name: RetryOnFailure
retryInterval: 3m
chart:
spec:
chart: openebs
version: "4.x"
sourceRef:
kind: HelmRepository
name: openebs
interval: 24h
values:
mayastor:
csi:
node:
initContainers:
enabled: false
engines:
# Disable for now while we set up local storage
replicated:
mayastor:
enabled: false
local:
lvm:
enabled: false
zfs:
enabled: false

8
controllers/openebs/helm-repository.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: openebs
namespace: openebs
spec:
interval: 24h
url: https://openebs.github.io/openebs

6
controllers/openebs/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- helm-repository.yaml
- helm-release.yaml

6
controllers/openebs/namespace.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: openebs
labels:
pod-security.kubernetes.io/enforce: privileged

15
controllers/openebs/openebs.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: openebs
namespace: flux-system
spec:
interval: 1h
retryInterval: 2m
timeout: 5m
sourceRef:
kind: ExternalArtifact
name: openebs
path: ./
prune: true
wait: true

17
controllers/spegel/helm-release.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: spegel
namespace: spegel
spec:
interval: 1m
chart:
spec:
chart: spegel
interval: 5m
sourceRef:
kind: HelmRepository
name: spegel
values:
spegel:
containerdRegistryConfigPath: /etc/cri/conf.d/hosts

9
controllers/spegel/helm-repository.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: spegel
namespace: spegel
spec:
type: "oci"
interval: 5m0s
url: oci://ghcr.io/spegel-org/helm-charts

6
controllers/spegel/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- helm-repository.yaml
- helm-release.yaml

6
controllers/spegel/namespace.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: spegel
labels:
pod-security.kubernetes.io/enforce: privileged

15
controllers/spegel/spegel.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: spegel
namespace: flux-system
spec:
interval: 1h
retryInterval: 2m
timeout: 5m
sourceRef:
kind: ExternalArtifact
name: spegel
path: ./
prune: true
wait: true

BIN
keys/testing.key Normal file
View File

Binary file not shown.

1
keys/testing.key.pub Normal file
View File

@@ -0,0 +1 @@
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJIjhlQCqpq97CQcM6hDThGBgt/jSqnvN9billcvouuNSyaKqZRdUFWxbauruXmVd5okuwjocyxU4FTuTtFyC5w= flux@testing