add old clsutertool to archive

clustertool/.github/workflows/fluxupdate.yaml

@@ -0,0 +1,43 @@
+name: update-flux
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 4 * * *"
+
+
+jobs:
+  flux-upgrade:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        fetch-depth: 1
+
+    - name: Setup Flux CLI
+      uses: fluxcd/flux2/action@main
+
+    - name: Upgrade Flux
+      id: upgrade
+      run: |
+        UGLY_VERSION="$(flux -v)"
+        VERSION="v${UGLY_VERSION#*flux version }"
+        flux install --version="${VERSION}" \
+          --network-policy=false \
+          --export > ./cluster/main/flux-system/gotk-components.yaml
+        echo "::set-output name=flux_version::$VERSION"
+
+    - name: Create pull request for Flux upgrade
+      uses: peter-evans/create-pull-request@v3
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        branch: "flux/upgrade-${{ steps.upgrade.outputs.flux_version }}"
+        delete-branch: true
+        title: "chore(deps): upgrade flux components to ${{ steps.upgrade.outputs.flux_version }}"
+        signoff: true
+        committer: "TrueCharts Bot <truecharts-bot@users.noreply.github.com>"
+        author: "TrueCharts Bot <truecharts-bot@users.noreply.github.com>"
+        commit-message: "chore(deps): upgrade flux components to ${{ steps.upgrade.outputs.flux_version }}"
+        body: |
+          Release notes: https://github.com/fluxcd/flux2/releases/tag/${{ steps.upgrade.outputs.flux_version }}
+        labels: flux/upgrade

clustertool/.pre-commit-config.yaml

@@ -0,0 +1,59 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+fail_fast: false
+repos:
+    #  - repo: https://github.com/adrienverge/yamllint.git
+    #    rev: v1.26.3
+    #    hooks:
+    #      - id: yamllint
+    #        args:
+    #          - --config-file
+    #          - .github/linters/.yamllint.yaml
+    #  - repo: https://github.com/igorshubovych/markdownlint-cli
+    #    rev: v0.31.1
+    #    hooks:
+    #      - id: markdownlint
+    #        args:
+    #          - --config
+    #          - ".github/linters/.markdownlint.yaml"
+    #  - repo: https://github.com/jumanjihouse/pre-commit-hooks
+    #    rev: 2.1.6
+    #    hooks:
+    #      - id: shellcheck
+    #        language: script
+    #        args: [--severity=error]
+    #        additional_dependencies: []
+    - repo: https://github.com/pre-commit/pre-commit-hooks
+      rev: v4.2.0
+      hooks:
+        - id: trailing-whitespace
+        - id: end-of-file-fixer
+        - id: fix-byte-order-marker
+        - id: mixed-line-ending
+        # - id: check-added-large-files
+        #   args:
+        #     - --maxkb=2048
+        - id: check-merge-conflict
+        - id: check-executables-have-shebangs
+        - id: mixed-line-ending
+    - repo: https://github.com/sirosen/fix-smartquotes
+      rev: 0.2.0
+      hooks:
+        - id: fix-smartquotes
+    - repo: local
+      hooks:
+        - id: custom-script-file
+          name: custom-script-file
+          entry: deps/encryption.sh ensure
+          language: script
+    - repo: https://github.com/Lucas-C/pre-commit-hooks
+      rev: v1.1.13
+      hooks:
+        - id: remove-crlf
+        - id: remove-tabs
+        - id: forbid-crlf
+        - id: forbid-tabs
+    - repo: https://github.com/k8s-at-home/sops-pre-commit
+      rev: v2.1.0
+      hooks:
+        - id: forbid-secrets

clustertool/.sops.yaml

@@ -0,0 +1,19 @@
+creation_rules:
+  - path_regex: cluster.*\.secret.ya?ml
+    encrypted_regex: "((?i)(displayname|email|pass|ca|id|bootstraptoken|secretboxencryptionsecret|secrets|secrets|password|cert|secret($|[^N])|key|token|^data$|^stringData))"
+    age: >-
+      age10te85vgqaygcrrz6g24guk5flht2kjmlkfem0lj9ml7yly8f5acqzdgtga
+  - path_regex: .*\.secret
+    encrypted_regex: "((?i)(displayname|email|pass|ca|id|bootstraptoken|secretboxencryptionsecret|secrets|secrets|password|cert|secret($|[^N])|key|token|^data$|^stringData))"
+    age: >-
+      age10te85vgqaygcrrz6g24guk5flht2kjmlkfem0lj9ml7yly8f5acqzdgtga
+  - path_regex: age.agekey.enc
+    age: >-
+      age10te85vgqaygcrrz6g24guk5flht2kjmlkfem0lj9ml7yly8f5acqzdgtga
+  - path_regex: talenv.yaml
+    age: >-
+      age10te85vgqaygcrrz6g24guk5flht2kjmlkfem0lj9ml7yly8f5acqzdgtga
+  - path_regex: talsecret.yaml
+    encrypted_regex: "((?i)(displayname|email|pass|ca|id|bootstraptoken|secretboxencryptionsecret|secrets|secrets|password|cert|secret($|[^N])|key|token|^data$|^stringData))"
+    age: >-
+      age10te85vgqaygcrrz6g24guk5flht2kjmlkfem0lj9ml7yly8f5acqzdgtga

clustertool/README.md

@@ -0,0 +1,117 @@
+# Clustertool
+
+Easy deployment tooling and documentation for deploying TalosOS and/or FluxCD
+
+## Limitations
+
+Our default talconfig.yaml file, makes a lot of assumptions for quick deployment. You're free to adapt your version of it as you please.
+By default you:
+
+- Should not have more than 1 network adapter on controlplane nodes
+- Should not have more than 1 Disk on controlplane nodes
+
+## Requirements
+
+### All-in-One VM
+
+Our default configuration ships with qemu guest additions installed already.
+
+#### Minimum Specs
+
+6 Threads or vCores
+8GB Ram
+128GB storage
+1GBe Networking
+
+#### Recommended specs
+
+8 Cores
+16GB Ram
+256GB storage
+10GBe Networking
+
+## TalosOS synopsys
+
+TalosOS is a bare-bones linux distribution to run kubernetes clusters.
+It gets build/installed/maintained based on configuration files.
+
+To more-easily generate those, we use another tool internally: talhelper.
+When using clustertool, configuration mangement goes like this:
+
+clustertool -> talhelper -> talosctl -> node/vm
+
+---
+
+## Getting Started
+
+
+## Preparations
+
+### ISO Preparations
+
+We use pre-extended builds of TalosOS with additional drivers.
+For ISO's we advice to use the following:
+
+**Iso for VM installation**
+
+AMD64 ISO: https://factory.talos.dev/image/dc2c29fc8374161b858245a14658779154bf11aa9c23a04813fa8f298fcd0bfc/v1.6.4/metal-amd64.iso
+
+### General Preparations
+
+- Fork the repo here, to your own github account or download and extract
+- Ensure you've cd'ed into this folder.
+- edit `talenv.yaml` and set the settings as you want them
+- Be sure to set `VIP` to a seperate free IP adress from MASTER1, MASTER1 being your nodeIP adresss VIP being used by the system internally.
+- Also make sure to give `METALLB_RANGE`, a free IP range *outside* of your router DHCP range
+- The `KUBEAPPS_IP`, will be used to expose KubeApps, for giving you an easy Apps management GUI
+- Set static DHCP adresses on your router to the IP adresses you defined in `talenv.yaml`
+
+### Client Preparations
+
+"Client" refers to this toolkit
+"VM host" refers to the system hosting the TalosOS Virtual Machine "cluster" itself
+
+#### windows
+
+Please run this in a WSL Linux (Preferably Debian) shell instead of directly on windows.
+DO NOT use a GIT folder checked-out on windows, on the WSL. Ensure you git-clone or git-checkout the folder on WSL when using it in WSL!
+
+#### Linux
+
+**Required External Dependencies**
+
+- curl
+- GIT
+- Bash
+- Python3
+- PIP3
+
+**Other Dependencies**
+
+- Ensure your local system time is 100% correct
+- Run `sudo ./clustertool.sh` tool to install the other dependencies automatically
+
+### VM-Host Preparations
+
+#### TrueNAS SCALE VM-Host
+
+- Ensure you add a "bridge" network interface connected to your actual physical interface. (This ensures the host can reach its VM's correctly)
+- Ensure you add your IP and/or DHCP settings to the bridge interface and remove them from the host
+- Create a VM that complies to the minimum and/or recommended system specifications stated above
+- Ensure to use a `virtio` network adapter and a `virtio` disk, for optimal performance
+- Boot the VM with given iso
+- Ensure the VM has the IP adresses defined earlier and the same VM is set in `talenv.yaml`
+- Continue with Bootstrapping
+
+#### ProxMox VM-Host
+
+*to be done*
+
+
+## Bootstrapping TalosOS on the cluster
+
+- Run `sudo ./clustertool.sh` tool, generate cluster configuration
+- Run `sudo ./clustertool.sh` tool, Apply and Bootstrap the TalosOS cluster
+- *optional* Run `sudo ./clustertool.sh` tool, Encrypt your configuration files
+- **IMPORTANT**: safe the content of the folder**safe**, this contains the encryption key to your cluster!
+- After waiting a few minutes, you will now have KubeApps available on http://KUBEAPPS_IP:80 where `KUBEAPPS_IP` is the IP intered above.

clustertool/cluster/apps/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - placeholder.yaml

clustertool/cluster/core/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - placeholder.yaml

clustertool/cluster/crds/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - placeholder.yaml

clustertool/cluster/helm-repos/actions-runner-controller-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: actions-runner-controller-charts
+    namespace: flux-system
+spec:
+    type: oci
+    interval: 5m
+    url: oci://ghcr.io/actions/actions-runner-controller-charts

clustertool/cluster/helm-repos/authentik-charts.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+    name: authentik-charts
+    namespace: flux-system
+spec:
+    interval: 15m
+    url: https://charts.goauthentik.io
+    timeout: 3m

clustertool/cluster/helm-repos/backube-charts.yaml

@@ -0,0 +1,9 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: backube-charts
+    namespace: flux-system
+spec:
+    interval: 2h
+    url: https://backube.github.io/helm-charts/

clustertool/cluster/helm-repos/bitnami-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: bitnami-charts
+    namespace: flux-system
+spec:
+    type: oci
+    interval: 30m
+    url: oci://registry-1.docker.io/bitnamicharts

clustertool/cluster/helm-repos/bjw-s-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: bjw-s-charts
+    namespace: flux-system
+spec:
+    type: oci
+    interval: 30m
+    url: oci://ghcr.io/bjw-s/helm

clustertool/cluster/helm-repos/cilium-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: cilium-charts
+    namespace: flux-system
+spec:
+    interval: 30m
+    url: https://helm.cilium.io
+    timeout: 3m

clustertool/cluster/helm-repos/cloudnative-pg-charts.yaml

@@ -0,0 +1,9 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: cloudnative-pg-charts
+    namespace: flux-system
+spec:
+    interval: 1h
+    url: https://cloudnative-pg.github.io/charts

clustertool/cluster/helm-repos/deliveryhero-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: deliveryhero-charts
+    namespace: flux-system
+spec:
+    interval: 30m
+    url: https://charts.deliveryhero.io/
+    timeout: 3m

clustertool/cluster/helm-repos/democratic-csi-charts.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: democratic-csi-charts
+    namespace: flux-system
+spec:
+    interval: 30m
+    url: https://democratic-csi.github.io/charts/
+    timeout: 3m

clustertool/cluster/helm-repos/descheduler-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: descheduler-charts
+    namespace: flux-system
+spec:
+    interval: 30m
+    url: https://kubernetes-sigs.github.io/descheduler
+    timeout: 3m

clustertool/cluster/helm-repos/dysnix-charts.yaml

@@ -0,0 +1,9 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: dysnix-charts
+    namespace: flux-system
+spec:
+    interval: 1h
+    url: https://dysnix.github.io/charts

clustertool/cluster/helm-repos/external-dns-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: external-dns-charts
+    namespace: flux-system
+spec:
+    interval: 30m
+    url: https://kubernetes-sigs.github.io/external-dns
+    timeout: 3m

clustertool/cluster/helm-repos/external-secrets-charts.yaml

@@ -0,0 +1,9 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: external-secrets-charts
+    namespace: flux-system
+spec:
+    interval: 2h
+    url: https://charts.external-secrets.io

clustertool/cluster/helm-repos/fairwinds-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: fairwinds-charts
+    namespace: flux-system
+spec:
+    interval: 30m
+    url: https://charts.fairwinds.com/stable
+    timeout: 3m

clustertool/cluster/helm-repos/fluent-bit-charts.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+    name: fluent-bit-charts
+    namespace: flux-system
+spec:
+    interval: 10m
+    url: https://fluent.github.io/helm-charts
+    timeout: 3m

clustertool/cluster/helm-repos/grafana-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: grafana-charts
+    namespace: flux-system
+spec:
+    interval: 30m
+    url: https://grafana.github.io/helm-charts
+    timeout: 3m

clustertool/cluster/helm-repos/infracloudio-charts.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+    name: infracloudio-charts
+    namespace: flux-system
+spec:
+    interval: 10m
+    url: https://infracloudio.github.io/charts
+    timeout: 3m

clustertool/cluster/helm-repos/ingress-nginx-charts.yaml

@@ -0,0 +1,9 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: ingress-nginx-charts
+    namespace: flux-system
+spec:
+    interval: 2h
+    url: https://kubernetes.github.io/ingress-nginx

clustertool/cluster/helm-repos/intel-charts.yaml

@@ -0,0 +1,9 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: intel-charts
+    namespace: flux-system
+spec:
+    interval: 2h
+    url: https://intel.github.io/helm-charts

clustertool/cluster/helm-repos/jaegertracing-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: jaegertracing-charts
+    namespace: flux-system
+spec:
+    interval: 30m
+    url: https://jaegertracing.github.io/helm-charts
+    timeout: 3m

clustertool/cluster/helm-repos/jetstack-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: jetstack-charts
+    namespace: flux-system
+spec:
+    interval: 30m
+    url: https://charts.jetstack.io/
+    timeout: 3m

clustertool/cluster/helm-repos/k8s-at-home-charts.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+    name: k8s-at-home-charts
+    namespace: flux-system
+spec:
+    interval: 10m
+    url: https://k8s-at-home.com/charts
+    timeout: 3m

clustertool/cluster/helm-repos/kubernetes-sigs-metrics-server-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: kubernetes-sigs-metrics-server-charts
+    namespace: flux-system
+spec:
+    interval: 30m
+    url: https://kubernetes-sigs.github.io/metrics-server/
+    timeout: 3m

clustertool/cluster/helm-repos/kustomization.yaml

@@ -0,0 +1,40 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+    - truechartsoci.yaml
+    - actions-runner-controller-charts.yaml
+    - bitnami-charts.yaml
+    - backube-charts.yaml
+    - bjw-s-charts.yaml
+    - cilium-charts.yaml
+    - cloudnative-pg-charts.yaml
+    - deliveryhero-charts.yaml
+    - democratic-csi-charts.yaml
+    - descheduler-charts.yaml
+    - dysnix-charts.yaml
+    - external-dns-charts.yaml
+    - external-secrets-charts.yaml
+    - fairwinds-charts.yaml
+    - grafana-charts.yaml
+    - ingress-nginx-charts.yaml
+    - intel-charts.yaml
+    - jaegertracing-charts.yaml
+    - jetstack-charts.yaml
+    - kubernetes-sigs-metrics-server-charts.yaml
+    - kyverno-charts.yaml
+    - lwolf-charts.yaml
+    - node-feature-discovery-charts.yaml
+    - piraeus-charts.yaml
+    - postfinance-charts.yaml
+    - prometheus-community-charts.yaml
+    - rook-ceph-charts.yaml
+    - runix-charts.yaml
+    - stakater-charts.yaml
+    - tf-controller-charts.yaml
+    - weave-gitops-charts.yaml
+    - authentik-charts.yaml
+    - fluent-bit-charts.yaml
+    - infracloudio-charts.yaml
+    - k8s-at-home-charts.yaml
+    - metallb-charts.yaml
+    - traefik-charts.yaml

clustertool/cluster/helm-repos/kyverno-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: kyverno-charts
+    namespace: flux-system
+spec:
+    type: oci
+    interval: 30m
+    url: oci://ghcr.io/kyverno/charts

clustertool/cluster/helm-repos/lwolf-charts.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: lwolf-charts
+    namespace: flux-system
+spec:
+    interval: 1h
+    url: https://charts.lwolf.org
+    timeout: 3m

clustertool/cluster/helm-repos/metallb-charts.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+    name: metallb-charts
+    namespace: flux-system
+spec:
+    interval: 10m
+    url: https://metallb.github.io/metallb
+    timeout: 3m

clustertool/cluster/helm-repos/node-feature-discovery-charts.yaml

@@ -0,0 +1,9 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: node-feature-discovery-charts
+    namespace: flux-system
+spec:
+    interval: 1h
+    url: https://kubernetes-sigs.github.io/node-feature-discovery/charts

clustertool/cluster/helm-repos/piraeus-charts.yaml

@@ -0,0 +1,9 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: piraeus-charts
+    namespace: flux-system
+spec:
+    interval: 2h
+    url: https://piraeus.io/helm-charts/

clustertool/cluster/helm-repos/postfinance-charts.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: postfinance
+    namespace: flux-system
+spec:
+    interval: 30m
+    url: https://postfinance.github.io/kubelet-csr-approver
+    timeout: 3m

clustertool/cluster/helm-repos/prometheus-community-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: prometheus-community-charts
+    namespace: flux-system
+spec:
+    type: oci
+    interval: 30m
+    url: oci://ghcr.io/prometheus-community/charts

clustertool/cluster/helm-repos/rook-ceph-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: rook-ceph-charts
+    namespace: flux-system
+spec:
+    interval: 30m
+    url: https://charts.rook.io/release
+    timeout: 3m

clustertool/cluster/helm-repos/runix-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: runix-charts
+    namespace: flux-system
+spec:
+    interval: 30m
+    url: https://helm.runix.net
+    timeout: 3m

clustertool/cluster/helm-repos/stakater-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: stakater-charts
+    namespace: flux-system
+spec:
+    interval: 30m
+    url: https://stakater.github.io/stakater-charts
+    timeout: 3m

clustertool/cluster/helm-repos/tf-controller-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: tf-controller-charts
+    namespace: flux-system
+spec:
+    interval: 30m
+    url: https://weaveworks.github.io/tf-controller/
+    timeout: 3m

clustertool/cluster/helm-repos/traefik-charts.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+    name: traefik-charts
+    namespace: flux-system
+spec:
+    interval: 10m
+    url: https://helm.traefik.io/traefik
+    timeout: 3m

clustertool/cluster/helm-repos/truechartsoci.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: truechartsoci
+    namespace: flux-system
+spec:
+    type: oci
+    interval: 5m
+    url: oci://tccr.io/truecharts

clustertool/cluster/helm-repos/weave-gitops-charts.yaml

@@ -0,0 +1,10 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+    name: weave-gitops-charts
+    namespace: flux-system
+spec:
+    type: oci
+    interval: 5m
+    url: oci://ghcr.io/weaveworks/charts

clustertool/cluster/kube-system/cilium/app/cilium-values.yaml

@@ -0,0 +1,44 @@
+# autoDirectNodeRoutes: true
+cluster:
+    name: main
+    id: "1"
+securityContext:
+    privileged: true
+    capabilities:
+        ciliumAgent: '{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}'
+        cleanCiliumState: '{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}'
+cgroup:
+    autoMount:
+        enabled: false
+    hostRoot: /sys/fs/cgroup
+endpointRoutes:
+    enabled: true
+ipam:
+    mode: kubernetes
+kubeProxyReplacement: true
+kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
+k8sServiceHost: localhost
+k8sServicePort: 7445
+ipv4NativeRoutingCIDR: 172.16.0.0/16
+operator:
+    rollOutPods: true
+rollOutCiliumPods: true
+hubble:
+    enabled: true
+    metrics:
+        enabled:
+            - dns:query;ignoreAAAA
+            - drop
+            - tcp
+            - flow
+            - port-distribution
+            - icmp
+            - http
+    relay:
+        enabled: true
+        rollOutPods: true
+    ui:
+        enabled: true
+        rollOutPods: true
+        ingress:
+            enabled: false

clustertool/cluster/kube-system/cilium/app/helm-release.yaml

@@ -0,0 +1,54 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+    name: cilium
+    namespace: kube-system
+    annotations:
+        meta.helm.sh/release-name: cilium
+        meta.helm.sh/release-namespace: kube-system
+    labels:
+        app.kubernetes.io/managed-by: Helm
+spec:
+    interval: 15m
+    chart:
+        spec:
+            chart: cilium
+            version: 1.14.4
+            sourceRef:
+                kind: HelmRepository
+                name: cilium-charts
+                namespace: flux-system
+            interval: 15m
+    maxHistory: 3
+    install:
+        remediation:
+            retries: 3
+    upgrade:
+        cleanupOnFail: true
+        remediation:
+            retries: 3
+            remediateLastFailure: true
+    uninstall:
+        keepHistory: false
+    valuesFrom:
+        - kind: ConfigMap
+          name: cilium-values
+    values:
+        hubble:
+            metrics:
+                serviceMonitor:
+                    enabled: true
+            relay:
+                prometheus:
+                    serviceMonitor:
+                        enabled: true
+        prometheus:
+            enabled: true
+            serviceMonitor:
+                enabled: true
+        operator:
+            prometheus:
+                enabled: true
+                serviceMonitor:
+                    enabled: true

clustertool/cluster/kube-system/cilium/app/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+resources:
+    - helm-release.yaml
+configMapGenerator:
+    - name: cilium-values
+      files:
+        - values.yaml=./cilium-values.yaml
+generatorOptions:
+    disableNameSuffixHash: true

clustertool/cluster/kube-system/cilium/install.yaml

@@ -0,0 +1,17 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: kube-system-cilium
+  namespace: flux-system
+spec:
+  path: ./cluster/kube-system/cilium/app
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  prune: true
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m

clustertool/cluster/kube-system/kubelet-csr-approver/app/helm-release.yaml

@@ -0,0 +1,21 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+    name: kubelet-csr-approver
+    namespace: kube-system
+spec:
+    interval: 30m
+    chart:
+        spec:
+            chart: kubelet-csr-approver
+            version: 1.0.5
+            sourceRef:
+                kind: HelmRepository
+                name: postfinance
+                namespace: flux-system
+            interval: 30m
+    values:
+      providerRegex: |
+          ^(k8s-[1-6])$
+      bypassDnsResolution: true

clustertool/cluster/kube-system/kubelet-csr-approver/app/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+resources:
+    - helm-release.yaml
+generatorOptions:
+    disableNameSuffixHash: true

clustertool/cluster/kube-system/kubelet-csr-approver/install.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: kube-system-kubelet-csr-approver
+  namespace: flux-system
+  labels:
+    substitution.flux.home.arpa/enabled: "true"
+spec:
+  path: ./cluster/kube-system/kubelet-csr-approver/app
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  prune: true
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m

clustertool/cluster/kube-system/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+    - namespace.yaml
+    - cilium/install.yaml
+    - kubelet-csr-approver/install.yaml
+    - metrics-server/install.yaml

clustertool/cluster/kube-system/metrics-server/app/helm-release.yaml

@@ -0,0 +1,32 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+    name: metrics-server
+    namespace: kube-system
+spec:
+    interval: 15m
+    chart:
+        spec:
+            chart: metrics-server
+            version: 3.11.0
+            sourceRef:
+                kind: HelmRepository
+                name: kubernetes-sigs-metrics-server-charts
+                namespace: flux-system
+            interval: 15m
+    maxHistory: 3
+    install:
+        createNamespace: true
+        remediation:
+            retries: 3
+    upgrade:
+        remediation:
+            retries: 3
+    uninstall:
+        keepHistory: false
+    values:
+        metrics:
+            enabled: true
+        serviceMonitor:
+            enabled: true

clustertool/cluster/kube-system/metrics-server/app/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+    - helm-release.yaml

clustertool/cluster/kube-system/metrics-server/install.yaml

@@ -0,0 +1,17 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: kube-system-metrics-server
+  namespace: flux-system
+spec:
+  path: ./cluster/kube-system/metrics-server/app
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  prune: true
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m

clustertool/cluster/kube-system/namespace.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+    name: kube-system
+    labels:
+        kustomize.toolkit.fluxcd.io/prune: disabled
+        goldilocks.fairwinds.com/enabled: "true"

clustertool/cluster/main/add-ons/install.yaml

@@ -0,0 +1,22 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: flux-system-add-ons
+  namespace: flux-system
+spec:
+  path: ./cluster/main/add-ons
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  prune: true
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute: {}
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-config

clustertool/cluster/main/add-ons/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - monitoring

clustertool/cluster/main/add-ons/monitoring/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - pod-monitor.yaml
+  - prometheus-rules.yaml

clustertool/cluster/main/add-ons/monitoring/pod-monitor.yaml

@@ -0,0 +1,76 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: kustomize-controller
+  namespace: flux-system
+  labels:
+    app.kubernetes.io/instance: flux-system
+    app.kubernetes.io/version: latest
+spec:
+  namespaceSelector:
+    matchNames:
+      - flux-system
+  selector:
+    matchLabels:
+      app: kustomize-controller
+  podMetricsEndpoints:
+    - port: http-prom
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: source-controller
+  namespace: flux-system
+  labels:
+    app.kubernetes.io/instance: flux-system
+    app.kubernetes.io/version: latest
+spec:
+  namespaceSelector:
+    matchNames:
+      - flux-system
+  selector:
+    matchLabels:
+      app: source-controller
+  podMetricsEndpoints:
+    - port: http-prom
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: helm-controller
+  namespace: flux-system
+  labels:
+    app.kubernetes.io/instance: flux-system
+    app.kubernetes.io/version: latest
+spec:
+  namespaceSelector:
+    matchNames:
+      - flux-system
+  selector:
+    matchLabels:
+      app: helm-controller
+  podMetricsEndpoints:
+    - port: http-prom
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: notification-controller
+  namespace: flux-system
+  labels:
+    app.kubernetes.io/instance: flux-system
+    app.kubernetes.io/version: latest
+spec:
+  namespaceSelector:
+    matchNames:
+      - flux-system
+  selector:
+    matchLabels:
+      app: notification-controller
+  podMetricsEndpoints:
+    - port: http-prom

clustertool/cluster/main/add-ons/monitoring/prometheus-rules.yaml

@@ -0,0 +1,34 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: flux
+  namespace: flux-system
+spec:
+  groups:
+    - name: flux
+      rules:
+        - alert: FluxComponentAbsent
+          annotations:
+            description: Flux component has disappeared from Prometheus target discovery.
+            summary: Flux component is down.
+          expr: |
+            absent(up{job=~".*flux-system.*"} == 1)
+          for: 5m
+          labels:
+            severity: critical
+        - alert: FluxReconciliationFailure
+          annotations:
+            description:
+              "{{ $labels.kind }} {{ $labels.namespace }}/{{ $labels.name }} reconciliation has been failing
+              for more than ten minutes."
+            summary: Flux reconciliation failure.
+          expr: |
+            max(gotk_reconcile_condition{status="False",type="Ready"}) by (namespace, name, kind)
+              +
+            on(namespace, name, kind) (max(gotk_reconcile_condition{status="Deleted"})
+              by (namespace, name, kind)) * 2 == 1
+          for: 10m
+          labels:
+            severity: critical

clustertool/cluster/main/apps.yaml

@@ -0,0 +1,24 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+    name: apps
+    namespace: flux-system
+spec:
+    interval: 10m0s
+    dependsOn:
+    - name: kube-system
+    - name: crds
+    - name: operators
+    - name: system
+    - name: core
+    - name: helm-repos
+    - name: flux-config
+    path: ./cluster/apps
+    prune: true
+    sourceRef:
+        kind: GitRepository
+        name: flux-system
+    decryption:
+        provider: sops
+        secretRef:
+            name: sops-age

clustertool/cluster/main/core.yaml

@@ -0,0 +1,23 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+    name: core
+    namespace: flux-system
+spec:
+    interval: 10m0s
+    dependsOn:
+    - name: kube-system
+    - name: crds
+    - name: operators
+    - name: system
+    - name: helm-repos
+    - name: flux-config
+    path: ./cluster/core
+    prune: true
+    sourceRef:
+        kind: GitRepository
+        name: flux-system
+    decryption:
+        provider: sops
+        secretRef:
+            name: sops-age

clustertool/cluster/main/crds.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+    name: crds
+    namespace: flux-system
+spec:
+    interval: 10m0s
+    dependsOn:
+    - name: flux-config
+    path: ./cluster/crds
+    prune: false
+    sourceRef:
+        kind: GitRepository
+        name: flux-system

clustertool/cluster/main/flux-config/app/clustersettings.secret.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cluster-config
+  namespace: flux-system
+data:
+  VIP: 192.168.10.100
+  MASTER1IP: 192.168.10.110
+  GATEWAY: 192.168.10.1
+  METALLB_RANGE: 192.168.10.100-192.168.10.250
+  KUBEAPPS_IP: 192.168.10.105
+  EMAIL: "TBD"
+  CLOUDFLARE_TOKEN: "TBD"
+  GITHUB_TOKEN: "TBD"
+  GITHUB_USER: "TBD"
+  GITHUB_REPOSITORY: "TBD"
+  BASE_DOMAIN: "TBD"

clustertool/cluster/main/flux-config/app/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: flux-system
+resources:
+  - clustersettings.secret.yaml

clustertool/cluster/main/flux-config/install.yaml

@@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: flux-config
+  namespace: flux-system
+spec:
+  path: ./cluster/main/flux-config/app
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  prune: true
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age

clustertool/cluster/main/flux-system/gotk-sync.yaml

@@ -0,0 +1,27 @@
+# This manifest was generated by flux. DO NOT EDIT.
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: flux-system
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  ref:
+    branch: main
+  secretRef:
+    name: flux-system
+  url: ssh://git@github.com/Ornias1993/cluster
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: flux-system
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  path: ./cluster/main
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system

clustertool/cluster/main/flux-system/kustomization.yaml

@@ -0,0 +1,89 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+    # manifests generated during bootstrap
+    - gotk-components.yaml
+    - gotk-sync.yaml
+patches:
+    - patch: |
+        apiVersion: apps/v1
+        kind: Deployment
+        metadata:
+          name: not-used
+        spec:
+          template:
+            spec:
+              containers:
+                - name: manager
+                  resources:
+                    limits:
+                      cpu: 2000m
+                      memory: "2Gi"
+      target:
+        kind: Deployment
+        name: (kustomize-controller|helm-controller|source-controller)
+    - patch: |
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --concurrent=8
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --kube-api-qps=500
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --kube-api-burst=1000
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --requeue-dependency=5s
+      # Increase the number of reconciliations that can be performed in parallel and bump the resources limits
+      # https://fluxcd.io/flux/cheatsheets/bootstrap/#increase-the-number-of-workers
+      target:
+        kind: Deployment
+        name: (kustomize-controller|helm-controller|source-controller)
+    - patch: |
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --feature-gates=OOMWatch=true
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --oom-watch-memory-threshold=95
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --oom-watch-interval=500ms
+      # Enable Helm near OOM detection
+      # https://fluxcd.io/flux/cheatsheets/bootstrap/#enable-helm-near-oom-detection
+      target:
+        kind: Deployment
+        name: helm-controller
+    - patch: |
+        - op: add
+          path: /rules/-
+          value:
+            apiGroups: ["infra.contrib.fluxcd.io"]
+            resources: ["*"]
+            verbs: ["*"]
+      target:
+        kind: ClusterRole
+        name: crd-controller-flux-system
+    - patch: |
+        $patch: delete
+        apiVersion: networking.k8s.io/v1
+        kind: NetworkPolicy
+        metadata:
+          name: not-used
+      target:
+        group: networking.k8s.io
+        version: v1
+        kind: NetworkPolicy
+    #- patch: |
+    #    - op: add
+    #      path: /spec/template/spec/containers/0/args/-
+    #      value: --feature-gates=DetectDrift=true,CorrectDrift=false
+    #    - op: add
+    #      path: /spec/template/spec/containers/0/args/-
+    #      value: --log-level=debug
+    #  # Enable drift detection for HelmReleases and set the log level to debug
+    #  # https://fluxcd.io/flux/components/helm/helmreleases/#drift-detection
+    #  target:
+    #    kind: Deployment
+    #    name: helm-controller

clustertool/cluster/main/helm-repos.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+    name: helm-repos
+    namespace: flux-system
+spec:
+    interval: 10m0s
+    dependsOn:
+    - name: flux-config
+    path: ./cluster/helm-repos
+    prune: true
+    sourceRef:
+        kind: GitRepository
+        name: flux-system
+    decryption:
+        provider: sops
+        secretRef:
+            name: sops-age

clustertool/cluster/main/kube-system.yaml

@@ -0,0 +1,21 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+    name: kube-system
+    namespace: flux-system
+spec:
+    interval: 10m0s
+    dependsOn:
+    - name: crds
+    - name: operators
+    - name: helm-repos
+    - name: flux-config
+    path: ./cluster/kube-system
+    prune: true
+    sourceRef:
+        kind: GitRepository
+        name: flux-system
+    decryption:
+        provider: sops
+        secretRef:
+            name: sops-age

clustertool/cluster/main/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - flux-config/install.yaml
+  - flux-system
+  - helm-repos.yaml
+  - crds.yaml
+  - operators.yaml
+  - kube-system.yaml
+  - system.yaml
+  - core.yaml
+  - apps.yaml
+  - monitoring.yaml
+  - add-ons/install.yaml
+  - weave-gitops/install.yaml

clustertool/cluster/main/monitoring.yaml

@@ -0,0 +1,23 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+    name: monitoring
+    namespace: flux-system
+spec:
+    interval: 10m0s
+    dependsOn:
+    - name: kube-system
+    - name: crds
+    - name: operators
+    - name: system
+    - name: helm-repos
+    - name: flux-config
+    path: ./cluster/monitoring
+    prune: true
+    sourceRef:
+        kind: GitRepository
+        name: flux-system
+    decryption:
+        provider: sops
+        secretRef:
+            name: sops-age

clustertool/cluster/main/operators.yaml

@@ -0,0 +1,20 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+    name: operators
+    namespace: flux-system
+spec:
+    interval: 10m0s
+    dependsOn:
+    - name: crds
+    - name: helm-repos
+    - name: flux-config
+    path: ./cluster/operators
+    prune: true
+    sourceRef:
+        kind: GitRepository
+        name: flux-system
+    decryption:
+        provider: sops
+        secretRef:
+            name: sops-age

clustertool/cluster/main/system.yaml

@@ -0,0 +1,22 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+    name: system
+    namespace: flux-system
+spec:
+    interval: 10m0s
+    dependsOn:
+    - name: kube-system
+    - name: crds
+    - name: operators
+    - name: helm-repos
+    - name: flux-config
+    path: ./cluster/system
+    prune: true
+    sourceRef:
+        kind: GitRepository
+        name: flux-system
+    decryption:
+        provider: sops
+        secretRef:
+            name: sops-age

clustertool/cluster/main/weave-gitops/app/helm-release.yaml

@@ -0,0 +1,63 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: weave-gitops
+  namespace: flux-system
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: weave-gitops
+      version: 4.0.35
+      sourceRef:
+        kind: HelmRepository
+        name: weave-gitops-charts
+        namespace: flux-system
+      interval: 15m
+  maxHistory: 3
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    adminUser:
+      create: true
+      username: admin
+      passwordHash: "$2a$12$n52fcX4nRDi94sye0bPCS.WQt9.KHmk0anwzwARdCuoVuk5ICFAG2"
+    ingress:
+      enabled: true
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        cert-manager.io/cluster-issuer: tc-le-prod
+        cert-manager.io/private-key-rotation-policy: Always
+        traefik.ingress.kubernetes.io/router.tls: 'true'
+      tls:
+        - hosts:
+            - gitops.${BASE_DOMAIN}
+          secretName: flux-system-weave-gitops
+      hosts:
+        - host: gitops.${BASE_DOMAIN}
+          paths:
+            - path: /
+              pathType: Prefix
+    networkPolicy:
+      create: false
+    metrics:
+      enabled: true
+    rbac:
+      create: true
+      impersonationResourceNames: ["admin"]
+      additionalRules:
+        - apiGroups: ["infra.contrib.fluxcd.io"]
+          resources: ["terraforms"]
+          verbs: ["get", "list", "patch"]
+    annotations:
+      reloader.stakater.com/auto: "true"

clustertool/cluster/main/weave-gitops/app/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: flux-system
+resources:
+  - helm-release.yaml

clustertool/cluster/main/weave-gitops/install.yaml

@@ -0,0 +1,24 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: flux-system-weave-gitops
+  namespace: flux-system
+spec:
+  path: ./cluster/main/weave-gitops/app
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  dependsOn:
+    - name: operators-prometheus-operator
+  prune: true
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute: {}
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-config

clustertool/cluster/monitoring/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - placeholder.yaml

clustertool/cluster/operators/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - placeholder.yaml

clustertool/cluster/system/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - placeholder.yaml

clustertool/clusterconfig/.gitignore

@@ -0,0 +1,2 @@
+main-k8s-control-1.yaml
+talosconfig

clustertool/clustertool.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/sudo bash
+
+source ./src/functions/functions.sh
+source ./src/menus/menus.sh
+
+export FILES
+
+if [[ $EUID -ne 0 ]]; then
+    echo "$0 is not running as root. Try using sudo."
+    exit 2
+else
+  menu
+fi

clustertool/src/deps/age/LICENSE

@@ -0,0 +1,57 @@
+Copyright 2019 The age Authors
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of the age project nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---
+
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

clustertool/src/deps/cni/kustomization.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+helmCharts:
+  - name: cilium
+    repo: https://helm.cilium.io/
+    version: 1.14.4
+    releaseName: cilium
+    namespace: kube-system
+    valuesFile: values.yaml
+commonAnnotations:
+  meta.helm.sh/release-name: cilium
+  meta.helm.sh/release-namespace: kube-system
+commonLabels:
+  app.kubernetes.io/managed-by: Helm

clustertool/src/deps/csr-approver/kustomization.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+helmCharts:
+  - name: kubelet-csr-approver
+    repo: https://postfinance.github.io/kubelet-csr-approver
+    version: 1.0.5
+    releaseName: kubelet-csr-approver
+    namespace: kube-system
+commonAnnotations:
+  meta.helm.sh/release-name: kubelet-csr-approver
+  meta.helm.sh/release-namespace: kube-system
+commonLabels:
+  app.kubernetes.io/managed-by: Helm

clustertool/src/deps/kubeapps/kustomization.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+helmCharts:
+  - name: kubeapps
+    repo: https://charts.truecharts.org
+    version: 0.0.1
+    releaseName: kubeapps
+    namespace: kubeapps
+commonAnnotations:
+  meta.helm.sh/release-name: kubeapps
+  meta.helm.sh/release-namespace: kubeapps
+commonLabels:
+  app.kubernetes.io/managed-by: Helm

clustertool/src/deps/metallb-config/kustomization.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+helmCharts:
+  - name: metallb-config
+    repo: oci://tccr.io/truecharts
+    version: 5.1.13
+    releaseName: metallb-config
+    namespace: metallb-config
+    valuesFile: values.yaml
+commonAnnotations:
+  meta.helm.sh/release-name: metallb-config
+  meta.helm.sh/release-namespace: metallb-config
+commonLabels:
+  app.kubernetes.io/managed-by: Helm

clustertool/src/deps/metallb-config/values.yaml

@@ -0,0 +1,10 @@
+ipAddressPools:
+  - name: main
+    autoAssign: false
+    avoidBuggyIPs: true
+    addresses:
+      - METALLB_RANGE
+L2Advertisements:
+  - name: main
+    addressPools:
+      - main

clustertool/src/deps/metallb/kustomization.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+helmCharts:
+  - name: metallb
+    repo: oci://tccr.io/truecharts
+    version: 13.1.15
+    releaseName: metallb
+    namespace: metallb
+commonAnnotations:
+  meta.helm.sh/release-name: metallb
+  meta.helm.sh/release-namespace: metallb
+commonLabels:
+  app.kubernetes.io/managed-by: Helm