add old clsutertool to archive
This commit is contained in:
parent
8d1dbb91dd
commit
07fdb4281e
43
clustertool/.github/workflows/fluxupdate.yaml
vendored
Normal file
43
clustertool/.github/workflows/fluxupdate.yaml
vendored
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
name: update-flux
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
schedule:
|
||||||
|
- cron: "0 4 * * *"
|
||||||
|
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
flux-upgrade:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
with:
|
||||||
|
fetch-depth: 1
|
||||||
|
|
||||||
|
- name: Setup Flux CLI
|
||||||
|
uses: fluxcd/flux2/action@main
|
||||||
|
|
||||||
|
- name: Upgrade Flux
|
||||||
|
id: upgrade
|
||||||
|
run: |
|
||||||
|
UGLY_VERSION="$(flux -v)"
|
||||||
|
VERSION="v${UGLY_VERSION#*flux version }"
|
||||||
|
flux install --version="${VERSION}" \
|
||||||
|
--network-policy=false \
|
||||||
|
--export > ./cluster/main/flux-system/gotk-components.yaml
|
||||||
|
echo "::set-output name=flux_version::$VERSION"
|
||||||
|
|
||||||
|
- name: Create pull request for Flux upgrade
|
||||||
|
uses: peter-evans/create-pull-request@v3
|
||||||
|
with:
|
||||||
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
branch: "flux/upgrade-${{ steps.upgrade.outputs.flux_version }}"
|
||||||
|
delete-branch: true
|
||||||
|
title: "chore(deps): upgrade flux components to ${{ steps.upgrade.outputs.flux_version }}"
|
||||||
|
signoff: true
|
||||||
|
committer: "TrueCharts Bot <truecharts-bot@users.noreply.github.com>"
|
||||||
|
author: "TrueCharts Bot <truecharts-bot@users.noreply.github.com>"
|
||||||
|
commit-message: "chore(deps): upgrade flux components to ${{ steps.upgrade.outputs.flux_version }}"
|
||||||
|
body: |
|
||||||
|
Release notes: https://github.com/fluxcd/flux2/releases/tag/${{ steps.upgrade.outputs.flux_version }}
|
||||||
|
labels: flux/upgrade
|
59
clustertool/.pre-commit-config.yaml
Normal file
59
clustertool/.pre-commit-config.yaml
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
# See https://pre-commit.com for more information
|
||||||
|
# See https://pre-commit.com/hooks.html for more hooks
|
||||||
|
fail_fast: false
|
||||||
|
repos:
|
||||||
|
# - repo: https://github.com/adrienverge/yamllint.git
|
||||||
|
# rev: v1.26.3
|
||||||
|
# hooks:
|
||||||
|
# - id: yamllint
|
||||||
|
# args:
|
||||||
|
# - --config-file
|
||||||
|
# - .github/linters/.yamllint.yaml
|
||||||
|
# - repo: https://github.com/igorshubovych/markdownlint-cli
|
||||||
|
# rev: v0.31.1
|
||||||
|
# hooks:
|
||||||
|
# - id: markdownlint
|
||||||
|
# args:
|
||||||
|
# - --config
|
||||||
|
# - ".github/linters/.markdownlint.yaml"
|
||||||
|
# - repo: https://github.com/jumanjihouse/pre-commit-hooks
|
||||||
|
# rev: 2.1.6
|
||||||
|
# hooks:
|
||||||
|
# - id: shellcheck
|
||||||
|
# language: script
|
||||||
|
# args: [--severity=error]
|
||||||
|
# additional_dependencies: []
|
||||||
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||||
|
rev: v4.2.0
|
||||||
|
hooks:
|
||||||
|
- id: trailing-whitespace
|
||||||
|
- id: end-of-file-fixer
|
||||||
|
- id: fix-byte-order-marker
|
||||||
|
- id: mixed-line-ending
|
||||||
|
# - id: check-added-large-files
|
||||||
|
# args:
|
||||||
|
# - --maxkb=2048
|
||||||
|
- id: check-merge-conflict
|
||||||
|
- id: check-executables-have-shebangs
|
||||||
|
- id: mixed-line-ending
|
||||||
|
- repo: https://github.com/sirosen/fix-smartquotes
|
||||||
|
rev: 0.2.0
|
||||||
|
hooks:
|
||||||
|
- id: fix-smartquotes
|
||||||
|
- repo: local
|
||||||
|
hooks:
|
||||||
|
- id: custom-script-file
|
||||||
|
name: custom-script-file
|
||||||
|
entry: deps/encryption.sh ensure
|
||||||
|
language: script
|
||||||
|
- repo: https://github.com/Lucas-C/pre-commit-hooks
|
||||||
|
rev: v1.1.13
|
||||||
|
hooks:
|
||||||
|
- id: remove-crlf
|
||||||
|
- id: remove-tabs
|
||||||
|
- id: forbid-crlf
|
||||||
|
- id: forbid-tabs
|
||||||
|
- repo: https://github.com/k8s-at-home/sops-pre-commit
|
||||||
|
rev: v2.1.0
|
||||||
|
hooks:
|
||||||
|
- id: forbid-secrets
|
19
clustertool/.sops.yaml
Normal file
19
clustertool/.sops.yaml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
creation_rules:
|
||||||
|
- path_regex: cluster.*\.secret.ya?ml
|
||||||
|
encrypted_regex: "((?i)(displayname|email|pass|ca|id|bootstraptoken|secretboxencryptionsecret|secrets|secrets|password|cert|secret($|[^N])|key|token|^data$|^stringData))"
|
||||||
|
age: >-
|
||||||
|
age10te85vgqaygcrrz6g24guk5flht2kjmlkfem0lj9ml7yly8f5acqzdgtga
|
||||||
|
- path_regex: .*\.secret
|
||||||
|
encrypted_regex: "((?i)(displayname|email|pass|ca|id|bootstraptoken|secretboxencryptionsecret|secrets|secrets|password|cert|secret($|[^N])|key|token|^data$|^stringData))"
|
||||||
|
age: >-
|
||||||
|
age10te85vgqaygcrrz6g24guk5flht2kjmlkfem0lj9ml7yly8f5acqzdgtga
|
||||||
|
- path_regex: age.agekey.enc
|
||||||
|
age: >-
|
||||||
|
age10te85vgqaygcrrz6g24guk5flht2kjmlkfem0lj9ml7yly8f5acqzdgtga
|
||||||
|
- path_regex: talenv.yaml
|
||||||
|
age: >-
|
||||||
|
age10te85vgqaygcrrz6g24guk5flht2kjmlkfem0lj9ml7yly8f5acqzdgtga
|
||||||
|
- path_regex: talsecret.yaml
|
||||||
|
encrypted_regex: "((?i)(displayname|email|pass|ca|id|bootstraptoken|secretboxencryptionsecret|secrets|secrets|password|cert|secret($|[^N])|key|token|^data$|^stringData))"
|
||||||
|
age: >-
|
||||||
|
age10te85vgqaygcrrz6g24guk5flht2kjmlkfem0lj9ml7yly8f5acqzdgtga
|
117
clustertool/README.md
Normal file
117
clustertool/README.md
Normal file
@ -0,0 +1,117 @@
|
|||||||
|
# Clustertool
|
||||||
|
|
||||||
|
Easy deployment tooling and documentation for deploying TalosOS and/or FluxCD
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
|
||||||
|
Our default talconfig.yaml file, makes a lot of assumptions for quick deployment. You're free to adapt your version of it as you please.
|
||||||
|
By default you:
|
||||||
|
|
||||||
|
- Should not have more than 1 network adapter on controlplane nodes
|
||||||
|
- Should not have more than 1 Disk on controlplane nodes
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
|
||||||
|
### All-in-One VM
|
||||||
|
|
||||||
|
Our default configuration ships with qemu guest additions installed already.
|
||||||
|
|
||||||
|
#### Minimum Specs
|
||||||
|
|
||||||
|
6 Threads or vCores
|
||||||
|
8GB Ram
|
||||||
|
128GB storage
|
||||||
|
1GBe Networking
|
||||||
|
|
||||||
|
#### Recommended specs
|
||||||
|
|
||||||
|
8 Cores
|
||||||
|
16GB Ram
|
||||||
|
256GB storage
|
||||||
|
10GBe Networking
|
||||||
|
|
||||||
|
## TalosOS synopsys
|
||||||
|
|
||||||
|
TalosOS is a bare-bones linux distribution to run kubernetes clusters.
|
||||||
|
It gets build/installed/maintained based on configuration files.
|
||||||
|
|
||||||
|
To more-easily generate those, we use another tool internally: talhelper.
|
||||||
|
When using clustertool, configuration mangement goes like this:
|
||||||
|
|
||||||
|
clustertool -> talhelper -> talosctl -> node/vm
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Getting Started
|
||||||
|
|
||||||
|
|
||||||
|
## Preparations
|
||||||
|
|
||||||
|
### ISO Preparations
|
||||||
|
|
||||||
|
We use pre-extended builds of TalosOS with additional drivers.
|
||||||
|
For ISO's we advice to use the following:
|
||||||
|
|
||||||
|
**Iso for VM installation**
|
||||||
|
|
||||||
|
AMD64 ISO: https://factory.talos.dev/image/dc2c29fc8374161b858245a14658779154bf11aa9c23a04813fa8f298fcd0bfc/v1.6.4/metal-amd64.iso
|
||||||
|
|
||||||
|
### General Preparations
|
||||||
|
|
||||||
|
- Fork the repo here, to your own github account or download and extract
|
||||||
|
- Ensure you've cd'ed into this folder.
|
||||||
|
- edit `talenv.yaml` and set the settings as you want them
|
||||||
|
- Be sure to set `VIP` to a seperate free IP adress from MASTER1, MASTER1 being your nodeIP adresss VIP being used by the system internally.
|
||||||
|
- Also make sure to give `METALLB_RANGE`, a free IP range *outside* of your router DHCP range
|
||||||
|
- The `KUBEAPPS_IP`, will be used to expose KubeApps, for giving you an easy Apps management GUI
|
||||||
|
- Set static DHCP adresses on your router to the IP adresses you defined in `talenv.yaml`
|
||||||
|
|
||||||
|
### Client Preparations
|
||||||
|
|
||||||
|
"Client" refers to this toolkit
|
||||||
|
"VM host" refers to the system hosting the TalosOS Virtual Machine "cluster" itself
|
||||||
|
|
||||||
|
#### windows
|
||||||
|
|
||||||
|
Please run this in a WSL Linux (Preferably Debian) shell instead of directly on windows.
|
||||||
|
DO NOT use a GIT folder checked-out on windows, on the WSL. Ensure you git-clone or git-checkout the folder on WSL when using it in WSL!
|
||||||
|
|
||||||
|
#### Linux
|
||||||
|
|
||||||
|
**Required External Dependencies**
|
||||||
|
|
||||||
|
- curl
|
||||||
|
- GIT
|
||||||
|
- Bash
|
||||||
|
- Python3
|
||||||
|
- PIP3
|
||||||
|
|
||||||
|
**Other Dependencies**
|
||||||
|
|
||||||
|
- Ensure your local system time is 100% correct
|
||||||
|
- Run `sudo ./clustertool.sh` tool to install the other dependencies automatically
|
||||||
|
|
||||||
|
### VM-Host Preparations
|
||||||
|
|
||||||
|
#### TrueNAS SCALE VM-Host
|
||||||
|
|
||||||
|
- Ensure you add a "bridge" network interface connected to your actual physical interface. (This ensures the host can reach its VM's correctly)
|
||||||
|
- Ensure you add your IP and/or DHCP settings to the bridge interface and remove them from the host
|
||||||
|
- Create a VM that complies to the minimum and/or recommended system specifications stated above
|
||||||
|
- Ensure to use a `virtio` network adapter and a `virtio` disk, for optimal performance
|
||||||
|
- Boot the VM with given iso
|
||||||
|
- Ensure the VM has the IP adresses defined earlier and the same VM is set in `talenv.yaml`
|
||||||
|
- Continue with Bootstrapping
|
||||||
|
|
||||||
|
#### ProxMox VM-Host
|
||||||
|
|
||||||
|
*to be done*
|
||||||
|
|
||||||
|
|
||||||
|
## Bootstrapping TalosOS on the cluster
|
||||||
|
|
||||||
|
- Run `sudo ./clustertool.sh` tool, generate cluster configuration
|
||||||
|
- Run `sudo ./clustertool.sh` tool, Apply and Bootstrap the TalosOS cluster
|
||||||
|
- *optional* Run `sudo ./clustertool.sh` tool, Encrypt your configuration files
|
||||||
|
- **IMPORTANT**: safe the content of the folder**safe**, this contains the encryption key to your cluster!
|
||||||
|
- After waiting a few minutes, you will now have KubeApps available on http://KUBEAPPS_IP:80 where `KUBEAPPS_IP` is the IP intered above.
|
4
clustertool/cluster/apps/kustomization.yaml
Normal file
4
clustertool/cluster/apps/kustomization.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- placeholder.yaml
|
0
clustertool/cluster/apps/placeholder.yaml
Normal file
0
clustertool/cluster/apps/placeholder.yaml
Normal file
4
clustertool/cluster/core/kustomization.yaml
Normal file
4
clustertool/cluster/core/kustomization.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- placeholder.yaml
|
0
clustertool/cluster/core/placeholder.yaml
Normal file
0
clustertool/cluster/core/placeholder.yaml
Normal file
4
clustertool/cluster/crds/kustomization.yaml
Normal file
4
clustertool/cluster/crds/kustomization.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- placeholder.yaml
|
0
clustertool/cluster/crds/placeholder.yaml
Normal file
0
clustertool/cluster/crds/placeholder.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: actions-runner-controller-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
type: oci
|
||||||
|
interval: 5m
|
||||||
|
url: oci://ghcr.io/actions/actions-runner-controller-charts
|
9
clustertool/cluster/helm-repos/authentik-charts.yaml
Normal file
9
clustertool/cluster/helm-repos/authentik-charts.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: authentik-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 15m
|
||||||
|
url: https://charts.goauthentik.io
|
||||||
|
timeout: 3m
|
9
clustertool/cluster/helm-repos/backube-charts.yaml
Normal file
9
clustertool/cluster/helm-repos/backube-charts.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: backube-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 2h
|
||||||
|
url: https://backube.github.io/helm-charts/
|
10
clustertool/cluster/helm-repos/bitnami-charts.yaml
Normal file
10
clustertool/cluster/helm-repos/bitnami-charts.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: bitnami-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
type: oci
|
||||||
|
interval: 30m
|
||||||
|
url: oci://registry-1.docker.io/bitnamicharts
|
10
clustertool/cluster/helm-repos/bjw-s-charts.yaml
Normal file
10
clustertool/cluster/helm-repos/bjw-s-charts.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: bjw-s-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
type: oci
|
||||||
|
interval: 30m
|
||||||
|
url: oci://ghcr.io/bjw-s/helm
|
10
clustertool/cluster/helm-repos/cilium-charts.yaml
Normal file
10
clustertool/cluster/helm-repos/cilium-charts.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: cilium-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://helm.cilium.io
|
||||||
|
timeout: 3m
|
@ -0,0 +1,9 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: cloudnative-pg-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 1h
|
||||||
|
url: https://cloudnative-pg.github.io/charts
|
10
clustertool/cluster/helm-repos/deliveryhero-charts.yaml
Normal file
10
clustertool/cluster/helm-repos/deliveryhero-charts.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: deliveryhero-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://charts.deliveryhero.io/
|
||||||
|
timeout: 3m
|
@ -0,0 +1,9 @@
|
|||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: democratic-csi-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://democratic-csi.github.io/charts/
|
||||||
|
timeout: 3m
|
10
clustertool/cluster/helm-repos/descheduler-charts.yaml
Normal file
10
clustertool/cluster/helm-repos/descheduler-charts.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: descheduler-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://kubernetes-sigs.github.io/descheduler
|
||||||
|
timeout: 3m
|
9
clustertool/cluster/helm-repos/dysnix-charts.yaml
Normal file
9
clustertool/cluster/helm-repos/dysnix-charts.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: dysnix-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 1h
|
||||||
|
url: https://dysnix.github.io/charts
|
10
clustertool/cluster/helm-repos/external-dns-charts.yaml
Normal file
10
clustertool/cluster/helm-repos/external-dns-charts.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: external-dns-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://kubernetes-sigs.github.io/external-dns
|
||||||
|
timeout: 3m
|
@ -0,0 +1,9 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: external-secrets-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 2h
|
||||||
|
url: https://charts.external-secrets.io
|
10
clustertool/cluster/helm-repos/fairwinds-charts.yaml
Normal file
10
clustertool/cluster/helm-repos/fairwinds-charts.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: fairwinds-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://charts.fairwinds.com/stable
|
||||||
|
timeout: 3m
|
9
clustertool/cluster/helm-repos/fluent-bit-charts.yaml
Normal file
9
clustertool/cluster/helm-repos/fluent-bit-charts.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: fluent-bit-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m
|
||||||
|
url: https://fluent.github.io/helm-charts
|
||||||
|
timeout: 3m
|
10
clustertool/cluster/helm-repos/grafana-charts.yaml
Normal file
10
clustertool/cluster/helm-repos/grafana-charts.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: grafana-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://grafana.github.io/helm-charts
|
||||||
|
timeout: 3m
|
9
clustertool/cluster/helm-repos/infracloudio-charts.yaml
Normal file
9
clustertool/cluster/helm-repos/infracloudio-charts.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: infracloudio-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m
|
||||||
|
url: https://infracloudio.github.io/charts
|
||||||
|
timeout: 3m
|
9
clustertool/cluster/helm-repos/ingress-nginx-charts.yaml
Normal file
9
clustertool/cluster/helm-repos/ingress-nginx-charts.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: ingress-nginx-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 2h
|
||||||
|
url: https://kubernetes.github.io/ingress-nginx
|
9
clustertool/cluster/helm-repos/intel-charts.yaml
Normal file
9
clustertool/cluster/helm-repos/intel-charts.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: intel-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 2h
|
||||||
|
url: https://intel.github.io/helm-charts
|
10
clustertool/cluster/helm-repos/jaegertracing-charts.yaml
Normal file
10
clustertool/cluster/helm-repos/jaegertracing-charts.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: jaegertracing-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://jaegertracing.github.io/helm-charts
|
||||||
|
timeout: 3m
|
10
clustertool/cluster/helm-repos/jetstack-charts.yaml
Normal file
10
clustertool/cluster/helm-repos/jetstack-charts.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: jetstack-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://charts.jetstack.io/
|
||||||
|
timeout: 3m
|
9
clustertool/cluster/helm-repos/k8s-at-home-charts.yaml
Normal file
9
clustertool/cluster/helm-repos/k8s-at-home-charts.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: k8s-at-home-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m
|
||||||
|
url: https://k8s-at-home.com/charts
|
||||||
|
timeout: 3m
|
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: kubernetes-sigs-metrics-server-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://kubernetes-sigs.github.io/metrics-server/
|
||||||
|
timeout: 3m
|
40
clustertool/cluster/helm-repos/kustomization.yaml
Normal file
40
clustertool/cluster/helm-repos/kustomization.yaml
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- truechartsoci.yaml
|
||||||
|
- actions-runner-controller-charts.yaml
|
||||||
|
- bitnami-charts.yaml
|
||||||
|
- backube-charts.yaml
|
||||||
|
- bjw-s-charts.yaml
|
||||||
|
- cilium-charts.yaml
|
||||||
|
- cloudnative-pg-charts.yaml
|
||||||
|
- deliveryhero-charts.yaml
|
||||||
|
- democratic-csi-charts.yaml
|
||||||
|
- descheduler-charts.yaml
|
||||||
|
- dysnix-charts.yaml
|
||||||
|
- external-dns-charts.yaml
|
||||||
|
- external-secrets-charts.yaml
|
||||||
|
- fairwinds-charts.yaml
|
||||||
|
- grafana-charts.yaml
|
||||||
|
- ingress-nginx-charts.yaml
|
||||||
|
- intel-charts.yaml
|
||||||
|
- jaegertracing-charts.yaml
|
||||||
|
- jetstack-charts.yaml
|
||||||
|
- kubernetes-sigs-metrics-server-charts.yaml
|
||||||
|
- kyverno-charts.yaml
|
||||||
|
- lwolf-charts.yaml
|
||||||
|
- node-feature-discovery-charts.yaml
|
||||||
|
- piraeus-charts.yaml
|
||||||
|
- postfinance-charts.yaml
|
||||||
|
- prometheus-community-charts.yaml
|
||||||
|
- rook-ceph-charts.yaml
|
||||||
|
- runix-charts.yaml
|
||||||
|
- stakater-charts.yaml
|
||||||
|
- tf-controller-charts.yaml
|
||||||
|
- weave-gitops-charts.yaml
|
||||||
|
- authentik-charts.yaml
|
||||||
|
- fluent-bit-charts.yaml
|
||||||
|
- infracloudio-charts.yaml
|
||||||
|
- k8s-at-home-charts.yaml
|
||||||
|
- metallb-charts.yaml
|
||||||
|
- traefik-charts.yaml
|
10
clustertool/cluster/helm-repos/kyverno-charts.yaml
Normal file
10
clustertool/cluster/helm-repos/kyverno-charts.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: kyverno-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
type: oci
|
||||||
|
interval: 30m
|
||||||
|
url: oci://ghcr.io/kyverno/charts
|
9
clustertool/cluster/helm-repos/lwolf-charts.yaml
Normal file
9
clustertool/cluster/helm-repos/lwolf-charts.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: lwolf-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 1h
|
||||||
|
url: https://charts.lwolf.org
|
||||||
|
timeout: 3m
|
9
clustertool/cluster/helm-repos/metallb-charts.yaml
Normal file
9
clustertool/cluster/helm-repos/metallb-charts.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: metallb-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m
|
||||||
|
url: https://metallb.github.io/metallb
|
||||||
|
timeout: 3m
|
@ -0,0 +1,9 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: node-feature-discovery-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 1h
|
||||||
|
url: https://kubernetes-sigs.github.io/node-feature-discovery/charts
|
9
clustertool/cluster/helm-repos/piraeus-charts.yaml
Normal file
9
clustertool/cluster/helm-repos/piraeus-charts.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: piraeus-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 2h
|
||||||
|
url: https://piraeus.io/helm-charts/
|
9
clustertool/cluster/helm-repos/postfinance-charts.yaml
Normal file
9
clustertool/cluster/helm-repos/postfinance-charts.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: postfinance
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://postfinance.github.io/kubelet-csr-approver
|
||||||
|
timeout: 3m
|
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: prometheus-community-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
type: oci
|
||||||
|
interval: 30m
|
||||||
|
url: oci://ghcr.io/prometheus-community/charts
|
10
clustertool/cluster/helm-repos/rook-ceph-charts.yaml
Normal file
10
clustertool/cluster/helm-repos/rook-ceph-charts.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: rook-ceph-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://charts.rook.io/release
|
||||||
|
timeout: 3m
|
10
clustertool/cluster/helm-repos/runix-charts.yaml
Normal file
10
clustertool/cluster/helm-repos/runix-charts.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: runix-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://helm.runix.net
|
||||||
|
timeout: 3m
|
10
clustertool/cluster/helm-repos/stakater-charts.yaml
Normal file
10
clustertool/cluster/helm-repos/stakater-charts.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: stakater-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://stakater.github.io/stakater-charts
|
||||||
|
timeout: 3m
|
10
clustertool/cluster/helm-repos/tf-controller-charts.yaml
Normal file
10
clustertool/cluster/helm-repos/tf-controller-charts.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: tf-controller-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
url: https://weaveworks.github.io/tf-controller/
|
||||||
|
timeout: 3m
|
9
clustertool/cluster/helm-repos/traefik-charts.yaml
Normal file
9
clustertool/cluster/helm-repos/traefik-charts.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: traefik-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m
|
||||||
|
url: https://helm.traefik.io/traefik
|
||||||
|
timeout: 3m
|
10
clustertool/cluster/helm-repos/truechartsoci.yaml
Normal file
10
clustertool/cluster/helm-repos/truechartsoci.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: truechartsoci
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
type: oci
|
||||||
|
interval: 5m
|
||||||
|
url: oci://tccr.io/truecharts
|
10
clustertool/cluster/helm-repos/weave-gitops-charts.yaml
Normal file
10
clustertool/cluster/helm-repos/weave-gitops-charts.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: weave-gitops-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
type: oci
|
||||||
|
interval: 5m
|
||||||
|
url: oci://ghcr.io/weaveworks/charts
|
@ -0,0 +1,44 @@
|
|||||||
|
# autoDirectNodeRoutes: true
|
||||||
|
cluster:
|
||||||
|
name: main
|
||||||
|
id: "1"
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
capabilities:
|
||||||
|
ciliumAgent: '{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}'
|
||||||
|
cleanCiliumState: '{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}'
|
||||||
|
cgroup:
|
||||||
|
autoMount:
|
||||||
|
enabled: false
|
||||||
|
hostRoot: /sys/fs/cgroup
|
||||||
|
endpointRoutes:
|
||||||
|
enabled: true
|
||||||
|
ipam:
|
||||||
|
mode: kubernetes
|
||||||
|
kubeProxyReplacement: true
|
||||||
|
kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
|
||||||
|
k8sServiceHost: localhost
|
||||||
|
k8sServicePort: 7445
|
||||||
|
ipv4NativeRoutingCIDR: 172.16.0.0/16
|
||||||
|
operator:
|
||||||
|
rollOutPods: true
|
||||||
|
rollOutCiliumPods: true
|
||||||
|
hubble:
|
||||||
|
enabled: true
|
||||||
|
metrics:
|
||||||
|
enabled:
|
||||||
|
- dns:query;ignoreAAAA
|
||||||
|
- drop
|
||||||
|
- tcp
|
||||||
|
- flow
|
||||||
|
- port-distribution
|
||||||
|
- icmp
|
||||||
|
- http
|
||||||
|
relay:
|
||||||
|
enabled: true
|
||||||
|
rollOutPods: true
|
||||||
|
ui:
|
||||||
|
enabled: true
|
||||||
|
rollOutPods: true
|
||||||
|
ingress:
|
||||||
|
enabled: false
|
54
clustertool/cluster/kube-system/cilium/app/helm-release.yaml
Normal file
54
clustertool/cluster/kube-system/cilium/app/helm-release.yaml
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: cilium
|
||||||
|
namespace: kube-system
|
||||||
|
annotations:
|
||||||
|
meta.helm.sh/release-name: cilium
|
||||||
|
meta.helm.sh/release-namespace: kube-system
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
spec:
|
||||||
|
interval: 15m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: cilium
|
||||||
|
version: 1.14.4
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: cilium-charts
|
||||||
|
namespace: flux-system
|
||||||
|
interval: 15m
|
||||||
|
maxHistory: 3
|
||||||
|
install:
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
upgrade:
|
||||||
|
cleanupOnFail: true
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
remediateLastFailure: true
|
||||||
|
uninstall:
|
||||||
|
keepHistory: false
|
||||||
|
valuesFrom:
|
||||||
|
- kind: ConfigMap
|
||||||
|
name: cilium-values
|
||||||
|
values:
|
||||||
|
hubble:
|
||||||
|
metrics:
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: true
|
||||||
|
relay:
|
||||||
|
prometheus:
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: true
|
||||||
|
prometheus:
|
||||||
|
enabled: true
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: true
|
||||||
|
operator:
|
||||||
|
prometheus:
|
||||||
|
enabled: true
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: true
|
@ -0,0 +1,11 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: kube-system
|
||||||
|
resources:
|
||||||
|
- helm-release.yaml
|
||||||
|
configMapGenerator:
|
||||||
|
- name: cilium-values
|
||||||
|
files:
|
||||||
|
- values.yaml=./cilium-values.yaml
|
||||||
|
generatorOptions:
|
||||||
|
disableNameSuffixHash: true
|
17
clustertool/cluster/kube-system/cilium/install.yaml
Normal file
17
clustertool/cluster/kube-system/cilium/install.yaml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: kube-system-cilium
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
path: ./cluster/kube-system/cilium/app
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
prune: true
|
||||||
|
wait: true
|
||||||
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
|
timeout: 5m
|
@ -0,0 +1,21 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: kubelet-csr-approver
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: kubelet-csr-approver
|
||||||
|
version: 1.0.5
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: postfinance
|
||||||
|
namespace: flux-system
|
||||||
|
interval: 30m
|
||||||
|
values:
|
||||||
|
providerRegex: |
|
||||||
|
^(k8s-[1-6])$
|
||||||
|
bypassDnsResolution: true
|
@ -0,0 +1,7 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: kube-system
|
||||||
|
resources:
|
||||||
|
- helm-release.yaml
|
||||||
|
generatorOptions:
|
||||||
|
disableNameSuffixHash: true
|
@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: kube-system-kubelet-csr-approver
|
||||||
|
namespace: flux-system
|
||||||
|
labels:
|
||||||
|
substitution.flux.home.arpa/enabled: "true"
|
||||||
|
spec:
|
||||||
|
path: ./cluster/kube-system/kubelet-csr-approver/app
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
prune: true
|
||||||
|
wait: false
|
||||||
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
|
timeout: 5m
|
7
clustertool/cluster/kube-system/kustomization.yaml
Normal file
7
clustertool/cluster/kube-system/kustomization.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- namespace.yaml
|
||||||
|
- cilium/install.yaml
|
||||||
|
- kubelet-csr-approver/install.yaml
|
||||||
|
- metrics-server/install.yaml
|
@ -0,0 +1,32 @@
|
|||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: metrics-server
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
interval: 15m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: metrics-server
|
||||||
|
version: 3.11.0
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: kubernetes-sigs-metrics-server-charts
|
||||||
|
namespace: flux-system
|
||||||
|
interval: 15m
|
||||||
|
maxHistory: 3
|
||||||
|
install:
|
||||||
|
createNamespace: true
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
upgrade:
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
uninstall:
|
||||||
|
keepHistory: false
|
||||||
|
values:
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: true
|
@ -0,0 +1,4 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- helm-release.yaml
|
17
clustertool/cluster/kube-system/metrics-server/install.yaml
Normal file
17
clustertool/cluster/kube-system/metrics-server/install.yaml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: kube-system-metrics-server
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
path: ./cluster/kube-system/metrics-server/app
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
prune: true
|
||||||
|
wait: false
|
||||||
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
|
timeout: 5m
|
7
clustertool/cluster/kube-system/namespace.yaml
Normal file
7
clustertool/cluster/kube-system/namespace.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: kube-system
|
||||||
|
labels:
|
||||||
|
kustomize.toolkit.fluxcd.io/prune: disabled
|
||||||
|
goldilocks.fairwinds.com/enabled: "true"
|
22
clustertool/cluster/main/add-ons/install.yaml
Normal file
22
clustertool/cluster/main/add-ons/install.yaml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: flux-system-add-ons
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
path: ./cluster/main/add-ons
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
prune: true
|
||||||
|
wait: false
|
||||||
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
|
timeout: 5m
|
||||||
|
postBuild:
|
||||||
|
substitute: {}
|
||||||
|
substituteFrom:
|
||||||
|
- kind: ConfigMap
|
||||||
|
name: cluster-config
|
5
clustertool/cluster/main/add-ons/kustomization.yaml
Normal file
5
clustertool/cluster/main/add-ons/kustomization.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- monitoring
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- pod-monitor.yaml
|
||||||
|
- prometheus-rules.yaml
|
76
clustertool/cluster/main/add-ons/monitoring/pod-monitor.yaml
Normal file
76
clustertool/cluster/main/add-ons/monitoring/pod-monitor.yaml
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: PodMonitor
|
||||||
|
metadata:
|
||||||
|
name: kustomize-controller
|
||||||
|
namespace: flux-system
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/instance: flux-system
|
||||||
|
app.kubernetes.io/version: latest
|
||||||
|
spec:
|
||||||
|
namespaceSelector:
|
||||||
|
matchNames:
|
||||||
|
- flux-system
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: kustomize-controller
|
||||||
|
podMetricsEndpoints:
|
||||||
|
- port: http-prom
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: PodMonitor
|
||||||
|
metadata:
|
||||||
|
name: source-controller
|
||||||
|
namespace: flux-system
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/instance: flux-system
|
||||||
|
app.kubernetes.io/version: latest
|
||||||
|
spec:
|
||||||
|
namespaceSelector:
|
||||||
|
matchNames:
|
||||||
|
- flux-system
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: source-controller
|
||||||
|
podMetricsEndpoints:
|
||||||
|
- port: http-prom
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: PodMonitor
|
||||||
|
metadata:
|
||||||
|
name: helm-controller
|
||||||
|
namespace: flux-system
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/instance: flux-system
|
||||||
|
app.kubernetes.io/version: latest
|
||||||
|
spec:
|
||||||
|
namespaceSelector:
|
||||||
|
matchNames:
|
||||||
|
- flux-system
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: helm-controller
|
||||||
|
podMetricsEndpoints:
|
||||||
|
- port: http-prom
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: PodMonitor
|
||||||
|
metadata:
|
||||||
|
name: notification-controller
|
||||||
|
namespace: flux-system
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/instance: flux-system
|
||||||
|
app.kubernetes.io/version: latest
|
||||||
|
spec:
|
||||||
|
namespaceSelector:
|
||||||
|
matchNames:
|
||||||
|
- flux-system
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: notification-controller
|
||||||
|
podMetricsEndpoints:
|
||||||
|
- port: http-prom
|
@ -0,0 +1,34 @@
|
|||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/monitoring.coreos.com/prometheusrule_v1.json
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: PrometheusRule
|
||||||
|
metadata:
|
||||||
|
name: flux
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
groups:
|
||||||
|
- name: flux
|
||||||
|
rules:
|
||||||
|
- alert: FluxComponentAbsent
|
||||||
|
annotations:
|
||||||
|
description: Flux component has disappeared from Prometheus target discovery.
|
||||||
|
summary: Flux component is down.
|
||||||
|
expr: |
|
||||||
|
absent(up{job=~".*flux-system.*"} == 1)
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
- alert: FluxReconciliationFailure
|
||||||
|
annotations:
|
||||||
|
description:
|
||||||
|
"{{ $labels.kind }} {{ $labels.namespace }}/{{ $labels.name }} reconciliation has been failing
|
||||||
|
for more than ten minutes."
|
||||||
|
summary: Flux reconciliation failure.
|
||||||
|
expr: |
|
||||||
|
max(gotk_reconcile_condition{status="False",type="Ready"}) by (namespace, name, kind)
|
||||||
|
+
|
||||||
|
on(namespace, name, kind) (max(gotk_reconcile_condition{status="Deleted"})
|
||||||
|
by (namespace, name, kind)) * 2 == 1
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
24
clustertool/cluster/main/apps.yaml
Normal file
24
clustertool/cluster/main/apps.yaml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: apps
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
dependsOn:
|
||||||
|
- name: kube-system
|
||||||
|
- name: crds
|
||||||
|
- name: operators
|
||||||
|
- name: system
|
||||||
|
- name: core
|
||||||
|
- name: helm-repos
|
||||||
|
- name: flux-config
|
||||||
|
path: ./cluster/apps
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
decryption:
|
||||||
|
provider: sops
|
||||||
|
secretRef:
|
||||||
|
name: sops-age
|
23
clustertool/cluster/main/core.yaml
Normal file
23
clustertool/cluster/main/core.yaml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: core
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
dependsOn:
|
||||||
|
- name: kube-system
|
||||||
|
- name: crds
|
||||||
|
- name: operators
|
||||||
|
- name: system
|
||||||
|
- name: helm-repos
|
||||||
|
- name: flux-config
|
||||||
|
path: ./cluster/core
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
decryption:
|
||||||
|
provider: sops
|
||||||
|
secretRef:
|
||||||
|
name: sops-age
|
14
clustertool/cluster/main/crds.yaml
Normal file
14
clustertool/cluster/main/crds.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: crds
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
dependsOn:
|
||||||
|
- name: flux-config
|
||||||
|
path: ./cluster/crds
|
||||||
|
prune: false
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: cluster-config
|
||||||
|
namespace: flux-system
|
||||||
|
data:
|
||||||
|
VIP: 192.168.10.100
|
||||||
|
MASTER1IP: 192.168.10.110
|
||||||
|
GATEWAY: 192.168.10.1
|
||||||
|
METALLB_RANGE: 192.168.10.100-192.168.10.250
|
||||||
|
KUBEAPPS_IP: 192.168.10.105
|
||||||
|
EMAIL: "TBD"
|
||||||
|
CLOUDFLARE_TOKEN: "TBD"
|
||||||
|
GITHUB_TOKEN: "TBD"
|
||||||
|
GITHUB_USER: "TBD"
|
||||||
|
GITHUB_REPOSITORY: "TBD"
|
||||||
|
BASE_DOMAIN: "TBD"
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: flux-system
|
||||||
|
resources:
|
||||||
|
- clustersettings.secret.yaml
|
21
clustertool/cluster/main/flux-config/install.yaml
Normal file
21
clustertool/cluster/main/flux-config/install.yaml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: flux-config
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
path: ./cluster/main/flux-config/app
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
prune: true
|
||||||
|
wait: false
|
||||||
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
|
timeout: 5m
|
||||||
|
decryption:
|
||||||
|
provider: sops
|
||||||
|
secretRef:
|
||||||
|
name: sops-age
|
9622
clustertool/cluster/main/flux-system/gotk-components.yaml
Normal file
9622
clustertool/cluster/main/flux-system/gotk-components.yaml
Normal file
File diff suppressed because it is too large
Load Diff
27
clustertool/cluster/main/flux-system/gotk-sync.yaml
Normal file
27
clustertool/cluster/main/flux-system/gotk-sync.yaml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
# This manifest was generated by flux. DO NOT EDIT.
|
||||||
|
---
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
|
kind: GitRepository
|
||||||
|
metadata:
|
||||||
|
name: flux-system
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 1m0s
|
||||||
|
ref:
|
||||||
|
branch: main
|
||||||
|
secretRef:
|
||||||
|
name: flux-system
|
||||||
|
url: ssh://git@github.com/Ornias1993/cluster
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: flux-system
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
path: ./cluster/main
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
89
clustertool/cluster/main/flux-system/kustomization.yaml
Normal file
89
clustertool/cluster/main/flux-system/kustomization.yaml
Normal file
@ -0,0 +1,89 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
# manifests generated during bootstrap
|
||||||
|
- gotk-components.yaml
|
||||||
|
- gotk-sync.yaml
|
||||||
|
patches:
|
||||||
|
- patch: |
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: not-used
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: manager
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 2000m
|
||||||
|
memory: "2Gi"
|
||||||
|
target:
|
||||||
|
kind: Deployment
|
||||||
|
name: (kustomize-controller|helm-controller|source-controller)
|
||||||
|
- patch: |
|
||||||
|
- op: add
|
||||||
|
path: /spec/template/spec/containers/0/args/-
|
||||||
|
value: --concurrent=8
|
||||||
|
- op: add
|
||||||
|
path: /spec/template/spec/containers/0/args/-
|
||||||
|
value: --kube-api-qps=500
|
||||||
|
- op: add
|
||||||
|
path: /spec/template/spec/containers/0/args/-
|
||||||
|
value: --kube-api-burst=1000
|
||||||
|
- op: add
|
||||||
|
path: /spec/template/spec/containers/0/args/-
|
||||||
|
value: --requeue-dependency=5s
|
||||||
|
# Increase the number of reconciliations that can be performed in parallel and bump the resources limits
|
||||||
|
# https://fluxcd.io/flux/cheatsheets/bootstrap/#increase-the-number-of-workers
|
||||||
|
target:
|
||||||
|
kind: Deployment
|
||||||
|
name: (kustomize-controller|helm-controller|source-controller)
|
||||||
|
- patch: |
|
||||||
|
- op: add
|
||||||
|
path: /spec/template/spec/containers/0/args/-
|
||||||
|
value: --feature-gates=OOMWatch=true
|
||||||
|
- op: add
|
||||||
|
path: /spec/template/spec/containers/0/args/-
|
||||||
|
value: --oom-watch-memory-threshold=95
|
||||||
|
- op: add
|
||||||
|
path: /spec/template/spec/containers/0/args/-
|
||||||
|
value: --oom-watch-interval=500ms
|
||||||
|
# Enable Helm near OOM detection
|
||||||
|
# https://fluxcd.io/flux/cheatsheets/bootstrap/#enable-helm-near-oom-detection
|
||||||
|
target:
|
||||||
|
kind: Deployment
|
||||||
|
name: helm-controller
|
||||||
|
- patch: |
|
||||||
|
- op: add
|
||||||
|
path: /rules/-
|
||||||
|
value:
|
||||||
|
apiGroups: ["infra.contrib.fluxcd.io"]
|
||||||
|
resources: ["*"]
|
||||||
|
verbs: ["*"]
|
||||||
|
target:
|
||||||
|
kind: ClusterRole
|
||||||
|
name: crd-controller-flux-system
|
||||||
|
- patch: |
|
||||||
|
$patch: delete
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: NetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: not-used
|
||||||
|
target:
|
||||||
|
group: networking.k8s.io
|
||||||
|
version: v1
|
||||||
|
kind: NetworkPolicy
|
||||||
|
#- patch: |
|
||||||
|
# - op: add
|
||||||
|
# path: /spec/template/spec/containers/0/args/-
|
||||||
|
# value: --feature-gates=DetectDrift=true,CorrectDrift=false
|
||||||
|
# - op: add
|
||||||
|
# path: /spec/template/spec/containers/0/args/-
|
||||||
|
# value: --log-level=debug
|
||||||
|
# # Enable drift detection for HelmReleases and set the log level to debug
|
||||||
|
# # https://fluxcd.io/flux/components/helm/helmreleases/#drift-detection
|
||||||
|
# target:
|
||||||
|
# kind: Deployment
|
||||||
|
# name: helm-controller
|
18
clustertool/cluster/main/helm-repos.yaml
Normal file
18
clustertool/cluster/main/helm-repos.yaml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: helm-repos
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
dependsOn:
|
||||||
|
- name: flux-config
|
||||||
|
path: ./cluster/helm-repos
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
decryption:
|
||||||
|
provider: sops
|
||||||
|
secretRef:
|
||||||
|
name: sops-age
|
21
clustertool/cluster/main/kube-system.yaml
Normal file
21
clustertool/cluster/main/kube-system.yaml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: kube-system
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
dependsOn:
|
||||||
|
- name: crds
|
||||||
|
- name: operators
|
||||||
|
- name: helm-repos
|
||||||
|
- name: flux-config
|
||||||
|
path: ./cluster/kube-system
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
decryption:
|
||||||
|
provider: sops
|
||||||
|
secretRef:
|
||||||
|
name: sops-age
|
15
clustertool/cluster/main/kustomization.yaml
Normal file
15
clustertool/cluster/main/kustomization.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- flux-config/install.yaml
|
||||||
|
- flux-system
|
||||||
|
- helm-repos.yaml
|
||||||
|
- crds.yaml
|
||||||
|
- operators.yaml
|
||||||
|
- kube-system.yaml
|
||||||
|
- system.yaml
|
||||||
|
- core.yaml
|
||||||
|
- apps.yaml
|
||||||
|
- monitoring.yaml
|
||||||
|
- add-ons/install.yaml
|
||||||
|
- weave-gitops/install.yaml
|
23
clustertool/cluster/main/monitoring.yaml
Normal file
23
clustertool/cluster/main/monitoring.yaml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: monitoring
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
dependsOn:
|
||||||
|
- name: kube-system
|
||||||
|
- name: crds
|
||||||
|
- name: operators
|
||||||
|
- name: system
|
||||||
|
- name: helm-repos
|
||||||
|
- name: flux-config
|
||||||
|
path: ./cluster/monitoring
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
decryption:
|
||||||
|
provider: sops
|
||||||
|
secretRef:
|
||||||
|
name: sops-age
|
20
clustertool/cluster/main/operators.yaml
Normal file
20
clustertool/cluster/main/operators.yaml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: operators
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
dependsOn:
|
||||||
|
- name: crds
|
||||||
|
- name: helm-repos
|
||||||
|
- name: flux-config
|
||||||
|
path: ./cluster/operators
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
decryption:
|
||||||
|
provider: sops
|
||||||
|
secretRef:
|
||||||
|
name: sops-age
|
22
clustertool/cluster/main/system.yaml
Normal file
22
clustertool/cluster/main/system.yaml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: system
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
dependsOn:
|
||||||
|
- name: kube-system
|
||||||
|
- name: crds
|
||||||
|
- name: operators
|
||||||
|
- name: helm-repos
|
||||||
|
- name: flux-config
|
||||||
|
path: ./cluster/system
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
decryption:
|
||||||
|
provider: sops
|
||||||
|
secretRef:
|
||||||
|
name: sops-age
|
63
clustertool/cluster/main/weave-gitops/app/helm-release.yaml
Normal file
63
clustertool/cluster/main/weave-gitops/app/helm-release.yaml
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: weave-gitops
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 15m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: weave-gitops
|
||||||
|
version: 4.0.35
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: weave-gitops-charts
|
||||||
|
namespace: flux-system
|
||||||
|
interval: 15m
|
||||||
|
maxHistory: 3
|
||||||
|
install:
|
||||||
|
createNamespace: true
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
upgrade:
|
||||||
|
cleanupOnFail: true
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
uninstall:
|
||||||
|
keepHistory: false
|
||||||
|
values:
|
||||||
|
adminUser:
|
||||||
|
create: true
|
||||||
|
username: admin
|
||||||
|
passwordHash: "$2a$12$n52fcX4nRDi94sye0bPCS.WQt9.KHmk0anwzwARdCuoVuk5ICFAG2"
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
cert-manager.io/cluster-issuer: tc-le-prod
|
||||||
|
cert-manager.io/private-key-rotation-policy: Always
|
||||||
|
traefik.ingress.kubernetes.io/router.tls: 'true'
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- gitops.${BASE_DOMAIN}
|
||||||
|
secretName: flux-system-weave-gitops
|
||||||
|
hosts:
|
||||||
|
- host: gitops.${BASE_DOMAIN}
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
networkPolicy:
|
||||||
|
create: false
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
rbac:
|
||||||
|
create: true
|
||||||
|
impersonationResourceNames: ["admin"]
|
||||||
|
additionalRules:
|
||||||
|
- apiGroups: ["infra.contrib.fluxcd.io"]
|
||||||
|
resources: ["terraforms"]
|
||||||
|
verbs: ["get", "list", "patch"]
|
||||||
|
annotations:
|
||||||
|
reloader.stakater.com/auto: "true"
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: flux-system
|
||||||
|
resources:
|
||||||
|
- helm-release.yaml
|
24
clustertool/cluster/main/weave-gitops/install.yaml
Normal file
24
clustertool/cluster/main/weave-gitops/install.yaml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://kubernetes-schemas.zinn.ca/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: flux-system-weave-gitops
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
path: ./cluster/main/weave-gitops/app
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
dependsOn:
|
||||||
|
- name: operators-prometheus-operator
|
||||||
|
prune: true
|
||||||
|
wait: false
|
||||||
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
|
timeout: 5m
|
||||||
|
postBuild:
|
||||||
|
substitute: {}
|
||||||
|
substituteFrom:
|
||||||
|
- kind: ConfigMap
|
||||||
|
name: cluster-config
|
4
clustertool/cluster/monitoring/kustomization.yaml
Normal file
4
clustertool/cluster/monitoring/kustomization.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- placeholder.yaml
|
0
clustertool/cluster/monitoring/placeholder.yaml
Normal file
0
clustertool/cluster/monitoring/placeholder.yaml
Normal file
4
clustertool/cluster/operators/kustomization.yaml
Normal file
4
clustertool/cluster/operators/kustomization.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- placeholder.yaml
|
0
clustertool/cluster/operators/placeholder.yaml
Normal file
0
clustertool/cluster/operators/placeholder.yaml
Normal file
4
clustertool/cluster/system/kustomization.yaml
Normal file
4
clustertool/cluster/system/kustomization.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- placeholder.yaml
|
0
clustertool/cluster/system/placeholder.yaml
Normal file
0
clustertool/cluster/system/placeholder.yaml
Normal file
2
clustertool/clusterconfig/.gitignore
vendored
Normal file
2
clustertool/clusterconfig/.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
main-k8s-control-1.yaml
|
||||||
|
talosconfig
|
13
clustertool/clustertool.sh
Normal file
13
clustertool/clustertool.sh
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
#!/usr/bin/sudo bash
|
||||||
|
|
||||||
|
source ./src/functions/functions.sh
|
||||||
|
source ./src/menus/menus.sh
|
||||||
|
|
||||||
|
export FILES
|
||||||
|
|
||||||
|
if [[ $EUID -ne 0 ]]; then
|
||||||
|
echo "$0 is not running as root. Try using sudo."
|
||||||
|
exit 2
|
||||||
|
else
|
||||||
|
menu
|
||||||
|
fi
|
BIN
clustertool/src/deps/age-v1.1.1-linux-amd64.tar.gz
Normal file
BIN
clustertool/src/deps/age-v1.1.1-linux-amd64.tar.gz
Normal file
Binary file not shown.
57
clustertool/src/deps/age/LICENSE
Normal file
57
clustertool/src/deps/age/LICENSE
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
Copyright 2019 The age Authors
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without
|
||||||
|
modification, are permitted provided that the following conditions are
|
||||||
|
met:
|
||||||
|
|
||||||
|
* Redistributions of source code must retain the above copyright
|
||||||
|
notice, this list of conditions and the following disclaimer.
|
||||||
|
* Redistributions in binary form must reproduce the above
|
||||||
|
copyright notice, this list of conditions and the following disclaimer
|
||||||
|
in the documentation and/or other materials provided with the
|
||||||
|
distribution.
|
||||||
|
* Neither the name of the age project nor the names of its
|
||||||
|
contributors may be used to endorse or promote products derived from
|
||||||
|
this software without specific prior written permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||||
|
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||||
|
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||||
|
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||||
|
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||||
|
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||||
|
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Copyright (c) 2009 The Go Authors. All rights reserved.
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without
|
||||||
|
modification, are permitted provided that the following conditions are
|
||||||
|
met:
|
||||||
|
|
||||||
|
* Redistributions of source code must retain the above copyright
|
||||||
|
notice, this list of conditions and the following disclaimer.
|
||||||
|
* Redistributions in binary form must reproduce the above
|
||||||
|
copyright notice, this list of conditions and the following disclaimer
|
||||||
|
in the documentation and/or other materials provided with the
|
||||||
|
distribution.
|
||||||
|
* Neither the name of Google Inc. nor the names of its
|
||||||
|
contributors may be used to endorse or promote products derived from
|
||||||
|
this software without specific prior written permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||||
|
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||||
|
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||||
|
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||||
|
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||||
|
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||||
|
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
15
clustertool/src/deps/cni/kustomization.yaml
Normal file
15
clustertool/src/deps/cni/kustomization.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
helmCharts:
|
||||||
|
- name: cilium
|
||||||
|
repo: https://helm.cilium.io/
|
||||||
|
version: 1.14.4
|
||||||
|
releaseName: cilium
|
||||||
|
namespace: kube-system
|
||||||
|
valuesFile: values.yaml
|
||||||
|
commonAnnotations:
|
||||||
|
meta.helm.sh/release-name: cilium
|
||||||
|
meta.helm.sh/release-namespace: kube-system
|
||||||
|
commonLabels:
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
14
clustertool/src/deps/csr-approver/kustomization.yaml
Normal file
14
clustertool/src/deps/csr-approver/kustomization.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
helmCharts:
|
||||||
|
- name: kubelet-csr-approver
|
||||||
|
repo: https://postfinance.github.io/kubelet-csr-approver
|
||||||
|
version: 1.0.5
|
||||||
|
releaseName: kubelet-csr-approver
|
||||||
|
namespace: kube-system
|
||||||
|
commonAnnotations:
|
||||||
|
meta.helm.sh/release-name: kubelet-csr-approver
|
||||||
|
meta.helm.sh/release-namespace: kube-system
|
||||||
|
commonLabels:
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
14
clustertool/src/deps/kubeapps/kustomization.yaml
Normal file
14
clustertool/src/deps/kubeapps/kustomization.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
helmCharts:
|
||||||
|
- name: kubeapps
|
||||||
|
repo: https://charts.truecharts.org
|
||||||
|
version: 0.0.1
|
||||||
|
releaseName: kubeapps
|
||||||
|
namespace: kubeapps
|
||||||
|
commonAnnotations:
|
||||||
|
meta.helm.sh/release-name: kubeapps
|
||||||
|
meta.helm.sh/release-namespace: kubeapps
|
||||||
|
commonLabels:
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
0
clustertool/src/deps/kubeapps/values.yaml
Normal file
0
clustertool/src/deps/kubeapps/values.yaml
Normal file
15
clustertool/src/deps/metallb-config/kustomization.yaml
Normal file
15
clustertool/src/deps/metallb-config/kustomization.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
helmCharts:
|
||||||
|
- name: metallb-config
|
||||||
|
repo: oci://tccr.io/truecharts
|
||||||
|
version: 5.1.13
|
||||||
|
releaseName: metallb-config
|
||||||
|
namespace: metallb-config
|
||||||
|
valuesFile: values.yaml
|
||||||
|
commonAnnotations:
|
||||||
|
meta.helm.sh/release-name: metallb-config
|
||||||
|
meta.helm.sh/release-namespace: metallb-config
|
||||||
|
commonLabels:
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
10
clustertool/src/deps/metallb-config/values.yaml
Normal file
10
clustertool/src/deps/metallb-config/values.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
ipAddressPools:
|
||||||
|
- name: main
|
||||||
|
autoAssign: false
|
||||||
|
avoidBuggyIPs: true
|
||||||
|
addresses:
|
||||||
|
- METALLB_RANGE
|
||||||
|
L2Advertisements:
|
||||||
|
- name: main
|
||||||
|
addressPools:
|
||||||
|
- main
|
14
clustertool/src/deps/metallb/kustomization.yaml
Normal file
14
clustertool/src/deps/metallb/kustomization.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
helmCharts:
|
||||||
|
- name: metallb
|
||||||
|
repo: oci://tccr.io/truecharts
|
||||||
|
version: 13.1.15
|
||||||
|
releaseName: metallb
|
||||||
|
namespace: metallb
|
||||||
|
commonAnnotations:
|
||||||
|
meta.helm.sh/release-name: metallb
|
||||||
|
meta.helm.sh/release-namespace: metallb
|
||||||
|
commonLabels:
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user