refactor: helm repositories

2025-09-17 18:24:14 +02:00 · 2025-06-29 21:50:33 +02:00
parent 52e68d7b53
commit 0ae57c7d1b
24 changed files with 253 additions and 124 deletions
--- a/kubernetes/apps/flux-system/repositories/kustomization.yaml
+++ b/kubernetes/apps/flux-system/repositories/kustomization.yaml
@@ -2,5 +2,8 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+components:
+  - ../../components/common
 resources:
-  - ./helm
+  - ./landing-page/ks.yaml
+
--- a/.archive/kubernetes/ngnode/landing-page/app-staging/helmrelease.yaml
+++ b/.archive/kubernetes/ngnode/landing-page/app-staging/helmrelease.yaml
@@ -0,0 +1,53 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: &app ngnode-landing-page-staging
+spec:
+  interval: 1h
+  chartRef:
+    kind: OCIRepository
+    name: app-template
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    controllers:
+      ngnode-landing-page-staging:
+        containers:
+          app:
+            image:
+              repository: ghcr.io/ngnodehq/landing-page
+              tag: v0.1.2
+            resources:
+              requests:
+                cpu: 5m
+                memory: 10Mi
+              limits:
+                memory: 400Mi
+    service:
+      app:
+        controller: *app
+        ports:
+          http:
+            port: 3000
+    ingress:
+      app:
+        enabled: true
+        className: external
+        hosts:
+          - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+        tls:
+          - hosts:
+              - *host
--- a/.archive/kubernetes/ngnode/landing-page/app-staging/kustomization.yaml
+++ b/.archive/kubernetes/ngnode/landing-page/app-staging/kustomization.yaml
@@ -3,12 +3,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./ingress-nginx.yaml
-  - ./jetstack.yaml
-  - ./k8s-gateway.yaml
-  - ./kyverno.yaml
-  - ./openebs.yaml
-  - ./postfinance.yaml
-  - ./prometheus-community.yaml
-  - ./rook-ceph.yaml
-  - ./stevehipwell.yaml
+  - ./helmrelease.yaml
+generatorOptions:
+  disableNameSuffixHash: true
--- a/.archive/kubernetes/ngnode/landing-page/app/helmrelease.yaml
+++ b/.archive/kubernetes/ngnode/landing-page/app/helmrelease.yaml
@@ -0,0 +1,65 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app ngnode-landing-page
+spec:
+  interval: 1h
+  chartRef:
+    kind: OCIRepository
+    name: app-template
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    controllers:
+      ngnode-landing-page:
+        containers:
+          app:
+            image:
+              repository: ghcr.io/ngnodehq/landing-page
+              tag: v0.1.4@sha256:87e6e0c73a0a97b1ad47d9d09d006c1b56257964561f2f47c9111f3cfb54399a
+            resources:
+              requests:
+                cpu: 5m
+                memory: 10Mi
+              limits:
+                memory: 400Mi
+    service:
+      app:
+        controller: *app
+        ports:
+          http:
+            port: 3000
+    ingress:
+      app:
+        enabled: true
+        className: external
+        hosts:
+          - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+          - host: www.ngnode.com
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+          - host: ngnode.com
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+        tls:
+          - hosts:
+              - *host
--- a/.archive/kubernetes/ngnode/landing-page/app/kustomization.yaml
+++ b/.archive/kubernetes/ngnode/landing-page/app/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml
+generatorOptions:
+  disableNameSuffixHash: true
--- a/.archive/kubernetes/ngnode/landing-page/ks.yaml
+++ b/.archive/kubernetes/ngnode/landing-page/ks.yaml
@@ -0,0 +1,50 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app ngnode-landing-page
+  namespace: flux-system
+spec:
+  targetNamespace: ngnode
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+
+  path: ./kubernetes/apps/ngnode/landing-page/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app ngnode-landing-page-staging
+  namespace: flux-system
+spec:
+  targetNamespace: ngnode
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+
+  path: ./kubernetes/apps/ngnode/landing-page/app-staging
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app
--- a/kubernetes/apps/flux-system/kustomization.yaml
+++ b/kubernetes/apps/flux-system/kustomization.yaml
@@ -7,4 +7,3 @@ kind: Kustomization
 resources:
  - ./flux-instance/ks.yaml
  - ./flux-operator/ks.yaml
-  - ./repositories
--- a/kubernetes/apps/flux-system/repositories/helm/ingress-nginx.yaml
+++ b/kubernetes/apps/flux-system/repositories/helm/ingress-nginx.yaml
@@ -1,11 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: ingress-nginx
-  namespace: flux-system
-spec:
-  interval: 2h
-  url: https://kubernetes.github.io/ingress-nginx
-  timeout: 3m
--- a/kubernetes/apps/flux-system/repositories/helm/jetstack.yaml
+++ b/kubernetes/apps/flux-system/repositories/helm/jetstack.yaml
@@ -1,11 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: jetstack
-  namespace: flux-system
-spec:
-  interval: 2h
-  url: https://charts.jetstack.io/
-  timeout: 3m
--- a/kubernetes/apps/flux-system/repositories/helm/k8s-gateway.yaml
+++ b/kubernetes/apps/flux-system/repositories/helm/k8s-gateway.yaml
@@ -1,10 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: k8s-gateway
-  namespace: flux-system
-spec:
-  interval: 2h
-  url: https://ori-edge.github.io/k8s_gateway
--- a/kubernetes/apps/flux-system/repositories/helm/kyverno.yaml
+++ b/kubernetes/apps/flux-system/repositories/helm/kyverno.yaml
@@ -1,11 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: kyverno
-  namespace: flux-system
-spec:
-  type: oci
-  interval: 5m
-  url: oci://ghcr.io/kyverno/charts
--- a/kubernetes/apps/flux-system/repositories/helm/openebs.yaml
+++ b/kubernetes/apps/flux-system/repositories/helm/openebs.yaml
@@ -1,10 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: openebs
-  namespace: flux-system
-spec:
-  interval: 2h
-  url: https://openebs.github.io/openebs
--- a/kubernetes/apps/flux-system/repositories/helm/postfinance.yaml
+++ b/kubernetes/apps/flux-system/repositories/helm/postfinance.yaml
@@ -1,10 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: postfinance
-  namespace: flux-system
-spec:
-  interval: 2h
-  url: https://postfinance.github.io/kubelet-csr-approver
--- a/kubernetes/apps/flux-system/repositories/helm/prometheus-community.yaml
+++ b/kubernetes/apps/flux-system/repositories/helm/prometheus-community.yaml
@@ -1,11 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: prometheus-community
-  namespace: flux-system
-spec:
-  interval: 2h
-  url: https://prometheus-community.github.io/helm-charts
-  timeout: 3m
--- a/kubernetes/apps/flux-system/repositories/helm/rook-ceph.yaml
+++ b/kubernetes/apps/flux-system/repositories/helm/rook-ceph.yaml
@@ -1,11 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: rook-ceph
-  namespace: flux-system
-spec:
-  interval: 2h
-  url: https://charts.rook.io/release
-  timeout: 3m
--- a/kubernetes/apps/flux-system/repositories/helm/stevehipwell.yaml
+++ b/kubernetes/apps/flux-system/repositories/helm/stevehipwell.yaml
@@ -1,11 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: stevehipwell
-  namespace: flux-system
-spec:
-  type: oci
-  interval: 5m
-  url: oci://ghcr.io/stevehipwell/helm-charts
--- a/kubernetes/apps/kyverno/kyverno/app/helmrelease.yaml
+++ b/kubernetes/apps/kyverno/kyverno/app/helmrelease.yaml
@@ -1,26 +1,35 @@
 ---
+# yaml-language-server: $schema=https://schemas.budimanjojo.com/source.toolkit.fluxcd.io/ocirepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: OCIRepository
+metadata:
+  name: kyverno
+spec:
+  interval: 30m
+  timeout: 60s
+  url: oci://ghcr.io/kyverno/charts/kyverno
+  ref:
+    tag: 3.4.4
+  layerSelector:
+    mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
+    operation: copy
+---
 # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: &app kyverno
 spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: kyverno
-      version: 3.4.4
-      sourceRef:
-        kind: HelmRepository
+  interval: 1h
+  chartRef:
+    kind: OCIRepository
    name: kyverno
-        namespace: flux-system
  install:
    remediation:
-      retries: 3
+      retries: -1
  upgrade:
    cleanupOnFail: true
    remediation:
-      strategy: rollback
      retries: 3
  values:
    crds:
--- a/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml
+++ b/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml
@@ -1,4 +1,14 @@
 ---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: k8s-gateway
+  namespace: network # Required for Renovate lookups
+spec:
+  interval: 1h
+  url: https://ori-edge.github.io/k8s_gateway
+---
 # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
--- a/kubernetes/apps/network/nginx/external/helmrelease.yaml
+++ b/kubernetes/apps/network/nginx/external/helmrelease.yaml
@@ -13,7 +13,6 @@ spec:
      sourceRef:
        kind: HelmRepository
        name: ingress-nginx
-        namespace: flux-system
  install:
    remediation:
      retries: 3
--- a/kubernetes/apps/network/nginx/internal/helmrelease.yaml
+++ b/kubernetes/apps/network/nginx/internal/helmrelease.yaml
@@ -1,4 +1,14 @@
 ---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: ingress-nginx
+spec:
+  interval: 2h
+  url: https://kubernetes.github.io/ingress-nginx
+  timeout: 3m
+---
 # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
@@ -13,7 +23,6 @@ spec:
      sourceRef:
        kind: HelmRepository
        name: ingress-nginx
-        namespace: flux-system
  install:
    remediation:
      retries: 3
--- a/kubernetes/apps/observability/kube-prometheus-stack/app/helmrelease.yaml
+++ b/kubernetes/apps/observability/kube-prometheus-stack/app/helmrelease.yaml
@@ -13,7 +13,6 @@ spec:
      sourceRef:
        kind: HelmRepository
        name: prometheus-community
-        namespace: flux-system
      interval: 5m
  install:
    crds: Skip
--- a/kubernetes/apps/observability/kube-prometheus-stack/crds/helmrelease.yaml
+++ b/kubernetes/apps/observability/kube-prometheus-stack/crds/helmrelease.yaml
@@ -1,4 +1,15 @@
 ---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: prometheus-community
+  namespace: flux-system
+spec:
+  interval: 2h
+  url: https://prometheus-community.github.io/helm-charts
+  timeout: 3m
+---
 # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
@@ -13,7 +24,6 @@ spec:
      sourceRef:
        kind: HelmRepository
        name: prometheus-community
-        namespace: flux-system
  install:
    remediation:
      retries: 3
--- a/kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml
+++ b/kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml
@@ -1,4 +1,13 @@
 ---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: openebs
+spec:
+  interval: 2h
+  url: https://openebs.github.io/openebs
+---
 # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
@@ -13,7 +22,6 @@ spec:
      sourceRef:
        kind: HelmRepository
        name: openebs
-        namespace: flux-system
  install:
    remediation:
      retries: 3
--- a/kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml
+++ b/kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml
@@ -1,4 +1,14 @@
 ---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: rook-ceph
+spec:
+  interval: 2h
+  url: https://charts.rook.io/release
+  timeout: 3m
+---
 # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
@@ -13,7 +23,6 @@ spec:
      sourceRef:
        kind: HelmRepository
        name: rook-ceph
-        namespace: flux-system
  maxHistory: 2
  install:
    createNamespace: true