add old clsutertool to archive

clustertool/cluster/main/add-ons/install.yaml

@@ -0,0 +1,22 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: flux-system-add-ons
+  namespace: flux-system
+spec:
+  path: ./cluster/main/add-ons
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  prune: true
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute: {}
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-config

clustertool/cluster/main/add-ons/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - monitoring

clustertool/cluster/main/add-ons/monitoring/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - pod-monitor.yaml
+  - prometheus-rules.yaml

clustertool/cluster/main/add-ons/monitoring/pod-monitor.yaml

@@ -0,0 +1,76 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: kustomize-controller
+  namespace: flux-system
+  labels:
+    app.kubernetes.io/instance: flux-system
+    app.kubernetes.io/version: latest
+spec:
+  namespaceSelector:
+    matchNames:
+      - flux-system
+  selector:
+    matchLabels:
+      app: kustomize-controller
+  podMetricsEndpoints:
+    - port: http-prom
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: source-controller
+  namespace: flux-system
+  labels:
+    app.kubernetes.io/instance: flux-system
+    app.kubernetes.io/version: latest
+spec:
+  namespaceSelector:
+    matchNames:
+      - flux-system
+  selector:
+    matchLabels:
+      app: source-controller
+  podMetricsEndpoints:
+    - port: http-prom
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: helm-controller
+  namespace: flux-system
+  labels:
+    app.kubernetes.io/instance: flux-system
+    app.kubernetes.io/version: latest
+spec:
+  namespaceSelector:
+    matchNames:
+      - flux-system
+  selector:
+    matchLabels:
+      app: helm-controller
+  podMetricsEndpoints:
+    - port: http-prom
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: notification-controller
+  namespace: flux-system
+  labels:
+    app.kubernetes.io/instance: flux-system
+    app.kubernetes.io/version: latest
+spec:
+  namespaceSelector:
+    matchNames:
+      - flux-system
+  selector:
+    matchLabels:
+      app: notification-controller
+  podMetricsEndpoints:
+    - port: http-prom

clustertool/cluster/main/add-ons/monitoring/prometheus-rules.yaml

@@ -0,0 +1,34 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: flux
+  namespace: flux-system
+spec:
+  groups:
+    - name: flux
+      rules:
+        - alert: FluxComponentAbsent
+          annotations:
+            description: Flux component has disappeared from Prometheus target discovery.
+            summary: Flux component is down.
+          expr: |
+            absent(up{job=~".*flux-system.*"} == 1)
+          for: 5m
+          labels:
+            severity: critical
+        - alert: FluxReconciliationFailure
+          annotations:
+            description:
+              "{{ $labels.kind }} {{ $labels.namespace }}/{{ $labels.name }} reconciliation has been failing
+              for more than ten minutes."
+            summary: Flux reconciliation failure.
+          expr: |
+            max(gotk_reconcile_condition{status="False",type="Ready"}) by (namespace, name, kind)
+              +
+            on(namespace, name, kind) (max(gotk_reconcile_condition{status="Deleted"})
+              by (namespace, name, kind)) * 2 == 1
+          for: 10m
+          labels:
+            severity: critical

clustertool/cluster/main/apps.yaml

@@ -0,0 +1,24 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+    name: apps
+    namespace: flux-system
+spec:
+    interval: 10m0s
+    dependsOn:
+    - name: kube-system
+    - name: crds
+    - name: operators
+    - name: system
+    - name: core
+    - name: helm-repos
+    - name: flux-config
+    path: ./cluster/apps
+    prune: true
+    sourceRef:
+        kind: GitRepository
+        name: flux-system
+    decryption:
+        provider: sops
+        secretRef:
+            name: sops-age

clustertool/cluster/main/core.yaml

@@ -0,0 +1,23 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+    name: core
+    namespace: flux-system
+spec:
+    interval: 10m0s
+    dependsOn:
+    - name: kube-system
+    - name: crds
+    - name: operators
+    - name: system
+    - name: helm-repos
+    - name: flux-config
+    path: ./cluster/core
+    prune: true
+    sourceRef:
+        kind: GitRepository
+        name: flux-system
+    decryption:
+        provider: sops
+        secretRef:
+            name: sops-age

clustertool/cluster/main/crds.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+    name: crds
+    namespace: flux-system
+spec:
+    interval: 10m0s
+    dependsOn:
+    - name: flux-config
+    path: ./cluster/crds
+    prune: false
+    sourceRef:
+        kind: GitRepository
+        name: flux-system

clustertool/cluster/main/flux-config/app/clustersettings.secret.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cluster-config
+  namespace: flux-system
+data:
+  VIP: 192.168.10.100
+  MASTER1IP: 192.168.10.110
+  GATEWAY: 192.168.10.1
+  METALLB_RANGE: 192.168.10.100-192.168.10.250
+  KUBEAPPS_IP: 192.168.10.105
+  EMAIL: "TBD"
+  CLOUDFLARE_TOKEN: "TBD"
+  GITHUB_TOKEN: "TBD"
+  GITHUB_USER: "TBD"
+  GITHUB_REPOSITORY: "TBD"
+  BASE_DOMAIN: "TBD"

clustertool/cluster/main/flux-config/app/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: flux-system
+resources:
+  - clustersettings.secret.yaml

clustertool/cluster/main/flux-config/install.yaml

@@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: flux-config
+  namespace: flux-system
+spec:
+  path: ./cluster/main/flux-config/app
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  prune: true
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age

clustertool/cluster/main/flux-system/gotk-sync.yaml

@@ -0,0 +1,27 @@
+# This manifest was generated by flux. DO NOT EDIT.
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: flux-system
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  ref:
+    branch: main
+  secretRef:
+    name: flux-system
+  url: ssh://git@github.com/Ornias1993/cluster
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: flux-system
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  path: ./cluster/main
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system

clustertool/cluster/main/flux-system/kustomization.yaml

@@ -0,0 +1,89 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+    # manifests generated during bootstrap
+    - gotk-components.yaml
+    - gotk-sync.yaml
+patches:
+    - patch: |
+        apiVersion: apps/v1
+        kind: Deployment
+        metadata:
+          name: not-used
+        spec:
+          template:
+            spec:
+              containers:
+                - name: manager
+                  resources:
+                    limits:
+                      cpu: 2000m
+                      memory: "2Gi"
+      target:
+        kind: Deployment
+        name: (kustomize-controller|helm-controller|source-controller)
+    - patch: |
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --concurrent=8
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --kube-api-qps=500
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --kube-api-burst=1000
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --requeue-dependency=5s
+      # Increase the number of reconciliations that can be performed in parallel and bump the resources limits
+      # https://fluxcd.io/flux/cheatsheets/bootstrap/#increase-the-number-of-workers
+      target:
+        kind: Deployment
+        name: (kustomize-controller|helm-controller|source-controller)
+    - patch: |
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --feature-gates=OOMWatch=true
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --oom-watch-memory-threshold=95
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --oom-watch-interval=500ms
+      # Enable Helm near OOM detection
+      # https://fluxcd.io/flux/cheatsheets/bootstrap/#enable-helm-near-oom-detection
+      target:
+        kind: Deployment
+        name: helm-controller
+    - patch: |
+        - op: add
+          path: /rules/-
+          value:
+            apiGroups: ["infra.contrib.fluxcd.io"]
+            resources: ["*"]
+            verbs: ["*"]
+      target:
+        kind: ClusterRole
+        name: crd-controller-flux-system
+    - patch: |
+        $patch: delete
+        apiVersion: networking.k8s.io/v1
+        kind: NetworkPolicy
+        metadata:
+          name: not-used
+      target:
+        group: networking.k8s.io
+        version: v1
+        kind: NetworkPolicy
+    #- patch: |
+    #    - op: add
+    #      path: /spec/template/spec/containers/0/args/-
+    #      value: --feature-gates=DetectDrift=true,CorrectDrift=false
+    #    - op: add
+    #      path: /spec/template/spec/containers/0/args/-
+    #      value: --log-level=debug
+    #  # Enable drift detection for HelmReleases and set the log level to debug
+    #  # https://fluxcd.io/flux/components/helm/helmreleases/#drift-detection
+    #  target:
+    #    kind: Deployment
+    #    name: helm-controller

clustertool/cluster/main/helm-repos.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+    name: helm-repos
+    namespace: flux-system
+spec:
+    interval: 10m0s
+    dependsOn:
+    - name: flux-config
+    path: ./cluster/helm-repos
+    prune: true
+    sourceRef:
+        kind: GitRepository
+        name: flux-system
+    decryption:
+        provider: sops
+        secretRef:
+            name: sops-age

clustertool/cluster/main/kube-system.yaml

@@ -0,0 +1,21 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+    name: kube-system
+    namespace: flux-system
+spec:
+    interval: 10m0s
+    dependsOn:
+    - name: crds
+    - name: operators
+    - name: helm-repos
+    - name: flux-config
+    path: ./cluster/kube-system
+    prune: true
+    sourceRef:
+        kind: GitRepository
+        name: flux-system
+    decryption:
+        provider: sops
+        secretRef:
+            name: sops-age

clustertool/cluster/main/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - flux-config/install.yaml
+  - flux-system
+  - helm-repos.yaml
+  - crds.yaml
+  - operators.yaml
+  - kube-system.yaml
+  - system.yaml
+  - core.yaml
+  - apps.yaml
+  - monitoring.yaml
+  - add-ons/install.yaml
+  - weave-gitops/install.yaml

clustertool/cluster/main/monitoring.yaml

@@ -0,0 +1,23 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+    name: monitoring
+    namespace: flux-system
+spec:
+    interval: 10m0s
+    dependsOn:
+    - name: kube-system
+    - name: crds
+    - name: operators
+    - name: system
+    - name: helm-repos
+    - name: flux-config
+    path: ./cluster/monitoring
+    prune: true
+    sourceRef:
+        kind: GitRepository
+        name: flux-system
+    decryption:
+        provider: sops
+        secretRef:
+            name: sops-age

clustertool/cluster/main/operators.yaml

@@ -0,0 +1,20 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+    name: operators
+    namespace: flux-system
+spec:
+    interval: 10m0s
+    dependsOn:
+    - name: crds
+    - name: helm-repos
+    - name: flux-config
+    path: ./cluster/operators
+    prune: true
+    sourceRef:
+        kind: GitRepository
+        name: flux-system
+    decryption:
+        provider: sops
+        secretRef:
+            name: sops-age

clustertool/cluster/main/system.yaml

@@ -0,0 +1,22 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+    name: system
+    namespace: flux-system
+spec:
+    interval: 10m0s
+    dependsOn:
+    - name: kube-system
+    - name: crds
+    - name: operators
+    - name: helm-repos
+    - name: flux-config
+    path: ./cluster/system
+    prune: true
+    sourceRef:
+        kind: GitRepository
+        name: flux-system
+    decryption:
+        provider: sops
+        secretRef:
+            name: sops-age

clustertool/cluster/main/weave-gitops/app/helm-release.yaml

@@ -0,0 +1,63 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: weave-gitops
+  namespace: flux-system
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: weave-gitops
+      version: 4.0.35
+      sourceRef:
+        kind: HelmRepository
+        name: weave-gitops-charts
+        namespace: flux-system
+      interval: 15m
+  maxHistory: 3
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    adminUser:
+      create: true
+      username: admin
+      passwordHash: "$2a$12$n52fcX4nRDi94sye0bPCS.WQt9.KHmk0anwzwARdCuoVuk5ICFAG2"
+    ingress:
+      enabled: true
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        cert-manager.io/cluster-issuer: tc-le-prod
+        cert-manager.io/private-key-rotation-policy: Always
+        traefik.ingress.kubernetes.io/router.tls: 'true'
+      tls:
+        - hosts:
+            - gitops.${BASE_DOMAIN}
+          secretName: flux-system-weave-gitops
+      hosts:
+        - host: gitops.${BASE_DOMAIN}
+          paths:
+            - path: /
+              pathType: Prefix
+    networkPolicy:
+      create: false
+    metrics:
+      enabled: true
+    rbac:
+      create: true
+      impersonationResourceNames: ["admin"]
+      additionalRules:
+        - apiGroups: ["infra.contrib.fluxcd.io"]
+          resources: ["terraforms"]
+          verbs: ["get", "list", "patch"]
+    annotations:
+      reloader.stakater.com/auto: "true"

clustertool/cluster/main/weave-gitops/app/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: flux-system
+resources:
+  - helm-release.yaml

clustertool/cluster/main/weave-gitops/install.yaml

@@ -0,0 +1,24 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: flux-system-weave-gitops
+  namespace: flux-system
+spec:
+  path: ./cluster/main/weave-gitops/app
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  dependsOn:
+    - name: operators-prometheus-operator
+  prune: true
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute: {}
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-config