julian/scale-catalog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add old clsutertool to archive

Browse Source
This commit is contained in:
Kjeld Schouten
2024-06-12 16:49:02 +02:00
parent 8d1dbb91dd
commit 07fdb4281e
138 changed files with 13329 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
clustertool/cluster/apps/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- placeholder.yaml

0
clustertool/cluster/apps/placeholder.yaml Normal file
View File

4
clustertool/cluster/core/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- placeholder.yaml

0
clustertool/cluster/core/placeholder.yaml Normal file
View File

4
clustertool/cluster/crds/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- placeholder.yaml

0
clustertool/cluster/crds/placeholder.yaml Normal file
View File

10
clustertool/cluster/helm-repos/actions-runner-controller-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: actions-runner-controller-charts
namespace: flux-system
spec:
type: oci
interval: 5m
url: oci://ghcr.io/actions/actions-runner-controller-charts

9
clustertool/cluster/helm-repos/authentik-charts.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: authentik-charts
namespace: flux-system
spec:
interval: 15m
url: https://charts.goauthentik.io
timeout: 3m

9
clustertool/cluster/helm-repos/backube-charts.yaml Normal file
View File

@ -0,0 +1,9 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: backube-charts
namespace: flux-system
spec:
interval: 2h
url: https://backube.github.io/helm-charts/

10
clustertool/cluster/helm-repos/bitnami-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: bitnami-charts
namespace: flux-system
spec:
type: oci
interval: 30m
url: oci://registry-1.docker.io/bitnamicharts

10
clustertool/cluster/helm-repos/bjw-s-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: bjw-s-charts
namespace: flux-system
spec:
type: oci
interval: 30m
url: oci://ghcr.io/bjw-s/helm

10
clustertool/cluster/helm-repos/cilium-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: cilium-charts
namespace: flux-system
spec:
interval: 30m
url: https://helm.cilium.io
timeout: 3m

9
clustertool/cluster/helm-repos/cloudnative-pg-charts.yaml Normal file
View File

@ -0,0 +1,9 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: cloudnative-pg-charts
namespace: flux-system
spec:
interval: 1h
url: https://cloudnative-pg.github.io/charts

10
clustertool/cluster/helm-repos/deliveryhero-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: deliveryhero-charts
namespace: flux-system
spec:
interval: 30m
url: https://charts.deliveryhero.io/
timeout: 3m

9
clustertool/cluster/helm-repos/democratic-csi-charts.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: democratic-csi-charts
namespace: flux-system
spec:
interval: 30m
url: https://democratic-csi.github.io/charts/
timeout: 3m

10
clustertool/cluster/helm-repos/descheduler-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: descheduler-charts
namespace: flux-system
spec:
interval: 30m
url: https://kubernetes-sigs.github.io/descheduler
timeout: 3m

9
clustertool/cluster/helm-repos/dysnix-charts.yaml Normal file
View File

@ -0,0 +1,9 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: dysnix-charts
namespace: flux-system
spec:
interval: 1h
url: https://dysnix.github.io/charts

10
clustertool/cluster/helm-repos/external-dns-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: external-dns-charts
namespace: flux-system
spec:
interval: 30m
url: https://kubernetes-sigs.github.io/external-dns
timeout: 3m

9
clustertool/cluster/helm-repos/external-secrets-charts.yaml Normal file
View File

@ -0,0 +1,9 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: external-secrets-charts
namespace: flux-system
spec:
interval: 2h
url: https://charts.external-secrets.io

10
clustertool/cluster/helm-repos/fairwinds-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: fairwinds-charts
namespace: flux-system
spec:
interval: 30m
url: https://charts.fairwinds.com/stable
timeout: 3m

9
clustertool/cluster/helm-repos/fluent-bit-charts.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: fluent-bit-charts
namespace: flux-system
spec:
interval: 10m
url: https://fluent.github.io/helm-charts
timeout: 3m

10
clustertool/cluster/helm-repos/grafana-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: grafana-charts
namespace: flux-system
spec:
interval: 30m
url: https://grafana.github.io/helm-charts
timeout: 3m

9
clustertool/cluster/helm-repos/infracloudio-charts.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: infracloudio-charts
namespace: flux-system
spec:
interval: 10m
url: https://infracloudio.github.io/charts
timeout: 3m

9
clustertool/cluster/helm-repos/ingress-nginx-charts.yaml Normal file
View File

@ -0,0 +1,9 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: ingress-nginx-charts
namespace: flux-system
spec:
interval: 2h
url: https://kubernetes.github.io/ingress-nginx

9
clustertool/cluster/helm-repos/intel-charts.yaml Normal file
View File

@ -0,0 +1,9 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: intel-charts
namespace: flux-system
spec:
interval: 2h
url: https://intel.github.io/helm-charts

10
clustertool/cluster/helm-repos/jaegertracing-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: jaegertracing-charts
namespace: flux-system
spec:
interval: 30m
url: https://jaegertracing.github.io/helm-charts
timeout: 3m

10
clustertool/cluster/helm-repos/jetstack-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: jetstack-charts
namespace: flux-system
spec:
interval: 30m
url: https://charts.jetstack.io/
timeout: 3m

9
clustertool/cluster/helm-repos/k8s-at-home-charts.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: k8s-at-home-charts
namespace: flux-system
spec:
interval: 10m
url: https://k8s-at-home.com/charts
timeout: 3m

10
clustertool/cluster/helm-repos/kubernetes-sigs-metrics-server-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: kubernetes-sigs-metrics-server-charts
namespace: flux-system
spec:
interval: 30m
url: https://kubernetes-sigs.github.io/metrics-server/
timeout: 3m

40
clustertool/cluster/helm-repos/kustomization.yaml Normal file
View File

@ -0,0 +1,40 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- truechartsoci.yaml
- actions-runner-controller-charts.yaml
- bitnami-charts.yaml
- backube-charts.yaml
- bjw-s-charts.yaml
- cilium-charts.yaml
- cloudnative-pg-charts.yaml
- deliveryhero-charts.yaml
- democratic-csi-charts.yaml
- descheduler-charts.yaml
- dysnix-charts.yaml
- external-dns-charts.yaml
- external-secrets-charts.yaml
- fairwinds-charts.yaml
- grafana-charts.yaml
- ingress-nginx-charts.yaml
- intel-charts.yaml
- jaegertracing-charts.yaml
- jetstack-charts.yaml
- kubernetes-sigs-metrics-server-charts.yaml
- kyverno-charts.yaml
- lwolf-charts.yaml
- node-feature-discovery-charts.yaml
- piraeus-charts.yaml
- postfinance-charts.yaml
- prometheus-community-charts.yaml
- rook-ceph-charts.yaml
- runix-charts.yaml
- stakater-charts.yaml
- tf-controller-charts.yaml
- weave-gitops-charts.yaml
- authentik-charts.yaml
- fluent-bit-charts.yaml
- infracloudio-charts.yaml
- k8s-at-home-charts.yaml
- metallb-charts.yaml
- traefik-charts.yaml

10
clustertool/cluster/helm-repos/kyverno-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: kyverno-charts
namespace: flux-system
spec:
type: oci
interval: 30m
url: oci://ghcr.io/kyverno/charts

9
clustertool/cluster/helm-repos/lwolf-charts.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: lwolf-charts
namespace: flux-system
spec:
interval: 1h
url: https://charts.lwolf.org
timeout: 3m

9
clustertool/cluster/helm-repos/metallb-charts.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: metallb-charts
namespace: flux-system
spec:
interval: 10m
url: https://metallb.github.io/metallb
timeout: 3m

9
clustertool/cluster/helm-repos/node-feature-discovery-charts.yaml Normal file
View File

@ -0,0 +1,9 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: node-feature-discovery-charts
namespace: flux-system
spec:
interval: 1h
url: https://kubernetes-sigs.github.io/node-feature-discovery/charts

9
clustertool/cluster/helm-repos/piraeus-charts.yaml Normal file
View File

@ -0,0 +1,9 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: piraeus-charts
namespace: flux-system
spec:
interval: 2h
url: https://piraeus.io/helm-charts/

9
clustertool/cluster/helm-repos/postfinance-charts.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: postfinance
namespace: flux-system
spec:
interval: 30m
url: https://postfinance.github.io/kubelet-csr-approver
timeout: 3m

10
clustertool/cluster/helm-repos/prometheus-community-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: prometheus-community-charts
namespace: flux-system
spec:
type: oci
interval: 30m
url: oci://ghcr.io/prometheus-community/charts

10
clustertool/cluster/helm-repos/rook-ceph-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: rook-ceph-charts
namespace: flux-system
spec:
interval: 30m
url: https://charts.rook.io/release
timeout: 3m

10
clustertool/cluster/helm-repos/runix-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: runix-charts
namespace: flux-system
spec:
interval: 30m
url: https://helm.runix.net
timeout: 3m

10
clustertool/cluster/helm-repos/stakater-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: stakater-charts
namespace: flux-system
spec:
interval: 30m
url: https://stakater.github.io/stakater-charts
timeout: 3m

10
clustertool/cluster/helm-repos/tf-controller-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: tf-controller-charts
namespace: flux-system
spec:
interval: 30m
url: https://weaveworks.github.io/tf-controller/
timeout: 3m

9
clustertool/cluster/helm-repos/traefik-charts.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: traefik-charts
namespace: flux-system
spec:
interval: 10m
url: https://helm.traefik.io/traefik
timeout: 3m

10
clustertool/cluster/helm-repos/truechartsoci.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: truechartsoci
namespace: flux-system
spec:
type: oci
interval: 5m
url: oci://tccr.io/truecharts

10
clustertool/cluster/helm-repos/weave-gitops-charts.yaml Normal file
View File

@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: weave-gitops-charts
namespace: flux-system
spec:
type: oci
interval: 5m
url: oci://ghcr.io/weaveworks/charts

44
clustertool/cluster/kube-system/cilium/app/cilium-values.yaml Normal file
View File

@ -0,0 +1,44 @@
# autoDirectNodeRoutes: true
cluster:
name: main
id: "1"
securityContext:
privileged: true
capabilities:
ciliumAgent: '{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}'
cleanCiliumState: '{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}'
cgroup:
autoMount:
enabled: false
hostRoot: /sys/fs/cgroup
endpointRoutes:
enabled: true
ipam:
mode: kubernetes
kubeProxyReplacement: true
kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
k8sServiceHost: localhost
k8sServicePort: 7445
ipv4NativeRoutingCIDR: 172.16.0.0/16
operator:
rollOutPods: true
rollOutCiliumPods: true
hubble:
enabled: true
metrics:
enabled:
- dns:query;ignoreAAAA
- drop
- tcp
- flow
- port-distribution
- icmp
- http
relay:
enabled: true
rollOutPods: true
ui:
enabled: true
rollOutPods: true
ingress:
enabled: false

54
clustertool/cluster/kube-system/cilium/app/helm-release.yaml Normal file
View File

@ -0,0 +1,54 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: cilium
namespace: kube-system
annotations:
meta.helm.sh/release-name: cilium
meta.helm.sh/release-namespace: kube-system
labels:
app.kubernetes.io/managed-by: Helm
spec:
interval: 15m
chart:
spec:
chart: cilium
version: 1.14.4
sourceRef:
kind: HelmRepository
name: cilium-charts
namespace: flux-system
interval: 15m
maxHistory: 3
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
remediateLastFailure: true
uninstall:
keepHistory: false
valuesFrom:
- kind: ConfigMap
name: cilium-values
values:
hubble:
metrics:
serviceMonitor:
enabled: true
relay:
prometheus:
serviceMonitor:
enabled: true
prometheus:
enabled: true
serviceMonitor:
enabled: true
operator:
prometheus:
enabled: true
serviceMonitor:
enabled: true

11
clustertool/cluster/kube-system/cilium/app/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kube-system
resources:
- helm-release.yaml
configMapGenerator:
- name: cilium-values
files:
- values.yaml=./cilium-values.yaml
generatorOptions:
disableNameSuffixHash: true

17
clustertool/cluster/kube-system/cilium/install.yaml Normal file
View File

@ -0,0 +1,17 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: kube-system-cilium
namespace: flux-system
spec:
path: ./cluster/kube-system/cilium/app
sourceRef:
kind: GitRepository
name: flux-system
prune: true
wait: true
interval: 30m
retryInterval: 1m
timeout: 5m

21
clustertool/cluster/kube-system/kubelet-csr-approver/app/helm-release.yaml Normal file
View File

@ -0,0 +1,21 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: kubelet-csr-approver
namespace: kube-system
spec:
interval: 30m
chart:
spec:
chart: kubelet-csr-approver
version: 1.0.5
sourceRef:
kind: HelmRepository
name: postfinance
namespace: flux-system
interval: 30m
values:
providerRegex: |
^(k8s-[1-6])$
bypassDnsResolution: true

7
clustertool/cluster/kube-system/kubelet-csr-approver/app/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kube-system
resources:
- helm-release.yaml
generatorOptions:
disableNameSuffixHash: true

18
clustertool/cluster/kube-system/kubelet-csr-approver/install.yaml Normal file
View File

@ -0,0 +1,18 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: kube-system-kubelet-csr-approver
namespace: flux-system
labels:
substitution.flux.home.arpa/enabled: "true"
spec:
path: ./cluster/kube-system/kubelet-csr-approver/app
sourceRef:
kind: GitRepository
name: flux-system
prune: true
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m

7
clustertool/cluster/kube-system/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- cilium/install.yaml
- kubelet-csr-approver/install.yaml
- metrics-server/install.yaml

32
clustertool/cluster/kube-system/metrics-server/app/helm-release.yaml Normal file
View File

@ -0,0 +1,32 @@
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: metrics-server
namespace: kube-system
spec:
interval: 15m
chart:
spec:
chart: metrics-server
version: 3.11.0
sourceRef:
kind: HelmRepository
name: kubernetes-sigs-metrics-server-charts
namespace: flux-system
interval: 15m
maxHistory: 3
install:
createNamespace: true
remediation:
retries: 3
upgrade:
remediation:
retries: 3
uninstall:
keepHistory: false
values:
metrics:
enabled: true
serviceMonitor:
enabled: true

4
clustertool/cluster/kube-system/metrics-server/app/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml

17
clustertool/cluster/kube-system/metrics-server/install.yaml Normal file
View File

@ -0,0 +1,17 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: kube-system-metrics-server
namespace: flux-system
spec:
path: ./cluster/kube-system/metrics-server/app
sourceRef:
kind: GitRepository
name: flux-system
prune: true
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m

7
clustertool/cluster/kube-system/namespace.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: Namespace
metadata:
name: kube-system
labels:
kustomize.toolkit.fluxcd.io/prune: disabled
goldilocks.fairwinds.com/enabled: "true"

22
clustertool/cluster/main/add-ons/install.yaml Normal file
View File

@ -0,0 +1,22 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: flux-system-add-ons
namespace: flux-system
spec:
path: ./cluster/main/add-ons
sourceRef:
kind: GitRepository
name: flux-system
prune: true
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-config

5
clustertool/cluster/main/add-ons/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- monitoring

6
clustertool/cluster/main/add-ons/monitoring/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- pod-monitor.yaml
- prometheus-rules.yaml

76
clustertool/cluster/main/add-ons/monitoring/pod-monitor.yaml Normal file
View File

@ -0,0 +1,76 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: kustomize-controller
namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
spec:
namespaceSelector:
matchNames:
- flux-system
selector:
matchLabels:
app: kustomize-controller
podMetricsEndpoints:
- port: http-prom
---
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: source-controller
namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
spec:
namespaceSelector:
matchNames:
- flux-system
selector:
matchLabels:
app: source-controller
podMetricsEndpoints:
- port: http-prom
---
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: helm-controller
namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
spec:
namespaceSelector:
matchNames:
- flux-system
selector:
matchLabels:
app: helm-controller
podMetricsEndpoints:
- port: http-prom
---
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: notification-controller
namespace: flux-system
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: latest
spec:
namespaceSelector:
matchNames:
- flux-system
selector:
matchLabels:
app: notification-controller
podMetricsEndpoints:
- port: http-prom

34
clustertool/cluster/main/add-ons/monitoring/prometheus-rules.yaml Normal file
View File

@ -0,0 +1,34 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: flux
namespace: flux-system
spec:
groups:
- name: flux
rules:
- alert: FluxComponentAbsent
annotations:
description: Flux component has disappeared from Prometheus target discovery.
summary: Flux component is down.
expr: |
absent(up{job=~".*flux-system.*"} == 1)
for: 5m
labels:
severity: critical
- alert: FluxReconciliationFailure
annotations:
description:
"{{ $labels.kind }} {{ $labels.namespace }}/{{ $labels.name }} reconciliation has been failing
for more than ten minutes."
summary: Flux reconciliation failure.
expr: |
max(gotk_reconcile_condition{status="False",type="Ready"}) by (namespace, name, kind)
+
on(namespace, name, kind) (max(gotk_reconcile_condition{status="Deleted"})
by (namespace, name, kind)) * 2 == 1
for: 10m
labels:
severity: critical

24
clustertool/cluster/main/apps.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: apps
namespace: flux-system
spec:
interval: 10m0s
dependsOn:
- name: kube-system
- name: crds
- name: operators
- name: system
- name: core
- name: helm-repos
- name: flux-config
path: ./cluster/apps
prune: true
sourceRef:
kind: GitRepository
name: flux-system
decryption:
provider: sops
secretRef:
name: sops-age

23
clustertool/cluster/main/core.yaml Normal file
View File

@ -0,0 +1,23 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: core
namespace: flux-system
spec:
interval: 10m0s
dependsOn:
- name: kube-system
- name: crds
- name: operators
- name: system
- name: helm-repos
- name: flux-config
path: ./cluster/core
prune: true
sourceRef:
kind: GitRepository
name: flux-system
decryption:
provider: sops
secretRef:
name: sops-age

14
clustertool/cluster/main/crds.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: crds
namespace: flux-system
spec:
interval: 10m0s
dependsOn:
- name: flux-config
path: ./cluster/crds
prune: false
sourceRef:
kind: GitRepository
name: flux-system

18
clustertool/cluster/main/flux-config/app/clustersettings.secret.yaml Normal file
View File

@ -0,0 +1,18 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: cluster-config
namespace: flux-system
data:
VIP: 192.168.10.100
MASTER1IP: 192.168.10.110
GATEWAY: 192.168.10.1
METALLB_RANGE: 192.168.10.100-192.168.10.250
KUBEAPPS_IP: 192.168.10.105
EMAIL: "TBD"
CLOUDFLARE_TOKEN: "TBD"
GITHUB_TOKEN: "TBD"
GITHUB_USER: "TBD"
GITHUB_REPOSITORY: "TBD"
BASE_DOMAIN: "TBD"

6
clustertool/cluster/main/flux-config/app/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: flux-system
resources:
- clustersettings.secret.yaml

21
clustertool/cluster/main/flux-config/install.yaml Normal file
View File

@ -0,0 +1,21 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: flux-config
namespace: flux-system
spec:
path: ./cluster/main/flux-config/app
sourceRef:
kind: GitRepository
name: flux-system
prune: true
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m
decryption:
provider: sops
secretRef:
name: sops-age

9622
clustertool/cluster/main/flux-system/gotk-components.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

27
clustertool/cluster/main/flux-system/gotk-sync.yaml Normal file
View File

@ -0,0 +1,27 @@
# This manifest was generated by flux. DO NOT EDIT.
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 1m0s
ref:
branch: main
secretRef:
name: flux-system
url: ssh://git@github.com/Ornias1993/cluster
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 10m0s
path: ./cluster/main
prune: true
sourceRef:
kind: GitRepository
name: flux-system

89
clustertool/cluster/main/flux-system/kustomization.yaml Normal file
View File

@ -0,0 +1,89 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# manifests generated during bootstrap
- gotk-components.yaml
- gotk-sync.yaml
patches:
- patch: |
apiVersion: apps/v1
kind: Deployment
metadata:
name: not-used
spec:
template:
spec:
containers:
- name: manager
resources:
limits:
cpu: 2000m
memory: "2Gi"
target:
kind: Deployment
name: (kustomize-controller|helm-controller|source-controller)
- patch: |
- op: add
path: /spec/template/spec/containers/0/args/-
value: --concurrent=8
- op: add
path: /spec/template/spec/containers/0/args/-
value: --kube-api-qps=500
- op: add
path: /spec/template/spec/containers/0/args/-
value: --kube-api-burst=1000
- op: add
path: /spec/template/spec/containers/0/args/-
value: --requeue-dependency=5s
# Increase the number of reconciliations that can be performed in parallel and bump the resources limits
# https://fluxcd.io/flux/cheatsheets/bootstrap/#increase-the-number-of-workers
target:
kind: Deployment
name: (kustomize-controller|helm-controller|source-controller)
- patch: |
- op: add
path: /spec/template/spec/containers/0/args/-
value: --feature-gates=OOMWatch=true
- op: add
path: /spec/template/spec/containers/0/args/-
value: --oom-watch-memory-threshold=95
- op: add
path: /spec/template/spec/containers/0/args/-
value: --oom-watch-interval=500ms
# Enable Helm near OOM detection
# https://fluxcd.io/flux/cheatsheets/bootstrap/#enable-helm-near-oom-detection
target:
kind: Deployment
name: helm-controller
- patch: |
- op: add
path: /rules/-
value:
apiGroups: ["infra.contrib.fluxcd.io"]
resources: ["*"]
verbs: ["*"]
target:
kind: ClusterRole
name: crd-controller-flux-system
- patch: |
$patch: delete
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: not-used
target:
group: networking.k8s.io
version: v1
kind: NetworkPolicy
#- patch: |
# - op: add
# path: /spec/template/spec/containers/0/args/-
# value: --feature-gates=DetectDrift=true,CorrectDrift=false
# - op: add
# path: /spec/template/spec/containers/0/args/-
# value: --log-level=debug
# # Enable drift detection for HelmReleases and set the log level to debug
# # https://fluxcd.io/flux/components/helm/helmreleases/#drift-detection
# target:
# kind: Deployment
# name: helm-controller

18
clustertool/cluster/main/helm-repos.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: helm-repos
namespace: flux-system
spec:
interval: 10m0s
dependsOn:
- name: flux-config
path: ./cluster/helm-repos
prune: true
sourceRef:
kind: GitRepository
name: flux-system
decryption:
provider: sops
secretRef:
name: sops-age

21
clustertool/cluster/main/kube-system.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: kube-system
namespace: flux-system
spec:
interval: 10m0s
dependsOn:
- name: crds
- name: operators
- name: helm-repos
- name: flux-config
path: ./cluster/kube-system
prune: true
sourceRef:
kind: GitRepository
name: flux-system
decryption:
provider: sops
secretRef:
name: sops-age

15
clustertool/cluster/main/kustomization.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- flux-config/install.yaml
- flux-system
- helm-repos.yaml
- crds.yaml
- operators.yaml
- kube-system.yaml
- system.yaml
- core.yaml
- apps.yaml
- monitoring.yaml
- add-ons/install.yaml
- weave-gitops/install.yaml

23
clustertool/cluster/main/monitoring.yaml Normal file
View File

@ -0,0 +1,23 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: monitoring
namespace: flux-system
spec:
interval: 10m0s
dependsOn:
- name: kube-system
- name: crds
- name: operators
- name: system
- name: helm-repos
- name: flux-config
path: ./cluster/monitoring
prune: true
sourceRef:
kind: GitRepository
name: flux-system
decryption:
provider: sops
secretRef:
name: sops-age

20
clustertool/cluster/main/operators.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: operators
namespace: flux-system
spec:
interval: 10m0s
dependsOn:
- name: crds
- name: helm-repos
- name: flux-config
path: ./cluster/operators
prune: true
sourceRef:
kind: GitRepository
name: flux-system
decryption:
provider: sops
secretRef:
name: sops-age

22
clustertool/cluster/main/system.yaml Normal file
View File

@ -0,0 +1,22 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: system
namespace: flux-system
spec:
interval: 10m0s
dependsOn:
- name: kube-system
- name: crds
- name: operators
- name: helm-repos
- name: flux-config
path: ./cluster/system
prune: true
sourceRef:
kind: GitRepository
name: flux-system
decryption:
provider: sops
secretRef:
name: sops-age

63
clustertool/cluster/main/weave-gitops/app/helm-release.yaml Normal file
View File

@ -0,0 +1,63 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: weave-gitops
namespace: flux-system
spec:
interval: 15m
chart:
spec:
chart: weave-gitops
version: 4.0.35
sourceRef:
kind: HelmRepository
name: weave-gitops-charts
namespace: flux-system
interval: 15m
maxHistory: 3
install:
createNamespace: true
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
uninstall:
keepHistory: false
values:
adminUser:
create: true
username: admin
passwordHash: "$2a$12$n52fcX4nRDi94sye0bPCS.WQt9.KHmk0anwzwARdCuoVuk5ICFAG2"
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
cert-manager.io/cluster-issuer: tc-le-prod
cert-manager.io/private-key-rotation-policy: Always
traefik.ingress.kubernetes.io/router.tls: 'true'
tls:
- hosts:
- gitops.${BASE_DOMAIN}
secretName: flux-system-weave-gitops
hosts:
- host: gitops.${BASE_DOMAIN}
paths:
- path: /
pathType: Prefix
networkPolicy:
create: false
metrics:
enabled: true
rbac:
create: true
impersonationResourceNames: ["admin"]
additionalRules:
- apiGroups: ["infra.contrib.fluxcd.io"]
resources: ["terraforms"]
verbs: ["get", "list", "patch"]
annotations:
reloader.stakater.com/auto: "true"

6
clustertool/cluster/main/weave-gitops/app/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: flux-system
resources:
- helm-release.yaml

24
clustertool/cluster/main/weave-gitops/install.yaml Normal file
View File

@ -0,0 +1,24 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: flux-system-weave-gitops
namespace: flux-system
spec:
path: ./cluster/main/weave-gitops/app
sourceRef:
kind: GitRepository
name: flux-system
dependsOn:
- name: operators-prometheus-operator
prune: true
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-config

4
clustertool/cluster/monitoring/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- placeholder.yaml

0
clustertool/cluster/monitoring/placeholder.yaml Normal file
View File

4
clustertool/cluster/operators/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- placeholder.yaml

0
clustertool/cluster/operators/placeholder.yaml Normal file
View File

4
clustertool/cluster/system/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- placeholder.yaml

0
clustertool/cluster/system/placeholder.yaml Normal file
View File