mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-17 18:24:14 +02:00
feat: flux instance
This commit is contained in:
auricom
@@ -0,0 +1,18 @@
|
||||
---
|
||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: github-webhook-token
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: onepassword
|
||||
target:
|
||||
name: github-webhook-token-secret
|
||||
template:
|
||||
data:
|
||||
token: "{{ .FLUX_GITHUB_WEBHOOK_TOKEN }}"
|
||||
dataFrom:
|
||||
- extract:
|
||||
key: flux
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
nameReference:
|
||||
- kind: ConfigMap
|
||||
version: v1
|
||||
fieldSpecs:
|
||||
- path: spec/valuesFrom/name
|
||||
kind: HelmRelease
|
||||
104
kubernetes/apps/flux-system/flux-instance/app/helm/values.yaml
Normal file
104
kubernetes/apps/flux-system/flux-instance/app/helm/values.yaml
Normal file
@@ -0,0 +1,104 @@
|
||||
---
|
||||
instance:
|
||||
distribution:
|
||||
# renovate: datasource=github-releases depName=controlplaneio-fluxcd/distribution
|
||||
version: 2.5.1
|
||||
cluster:
|
||||
networkPolicy: false
|
||||
components:
|
||||
- source-controller
|
||||
- kustomize-controller
|
||||
- helm-controller
|
||||
- notification-controller
|
||||
sync:
|
||||
kind: GitRepository
|
||||
url: https://github.com/auricom/home-ops
|
||||
ref: refs/heads/main
|
||||
path: kubernetes/flux
|
||||
interval: 1h
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: flux
|
||||
kustomize:
|
||||
patches:
|
||||
- # Add Sops decryption to 'flux-system' Kustomization
|
||||
patch: |
|
||||
- op: add
|
||||
path: /spec/decryption
|
||||
value:
|
||||
provider: sops
|
||||
secretRef:
|
||||
name: sops-age
|
||||
target:
|
||||
group: kustomize.toolkit.fluxcd.io
|
||||
kind: Kustomization
|
||||
- # Increase the number of workers
|
||||
patch: |
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
value: --concurrent=10
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
value: --requeue-dependency=5s
|
||||
target:
|
||||
kind: Deployment
|
||||
name: (kustomize-controller|helm-controller|source-controller)
|
||||
- # Increase the memory limits
|
||||
patch: |
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: all
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: manager
|
||||
resources:
|
||||
limits:
|
||||
memory: 2Gi
|
||||
target:
|
||||
kind: Deployment
|
||||
name: (kustomize-controller|helm-controller|source-controller)
|
||||
- # Enable in-memory kustomize builds
|
||||
patch: |
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
value: --concurrent=20
|
||||
- op: replace
|
||||
path: /spec/template/spec/volumes/0
|
||||
value:
|
||||
name: temp
|
||||
emptyDir:
|
||||
medium: Memory
|
||||
target:
|
||||
kind: Deployment
|
||||
name: kustomize-controller
|
||||
- # Enable Helm repositories caching
|
||||
patch: |
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
value: --helm-cache-max-size=10
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
value: --helm-cache-ttl=60m
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
value: --helm-cache-purge-interval=5m
|
||||
target:
|
||||
kind: Deployment
|
||||
name: source-controller
|
||||
- # Flux near OOM detection for Helm
|
||||
patch: |
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
value: --feature-gates=OOMWatch=true
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
value: --oom-watch-memory-threshold=95
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
value: --oom-watch-interval=500ms
|
||||
target:
|
||||
kind: Deployment
|
||||
name: helm-controller
|
||||
@@ -0,0 +1,40 @@
|
||||
---
|
||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1beta2.json
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||
kind: OCIRepository
|
||||
metadata:
|
||||
name: flux-instance
|
||||
spec:
|
||||
interval: 5m
|
||||
layerSelector:
|
||||
mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
|
||||
operation: copy
|
||||
ref:
|
||||
tag: 0.18.0
|
||||
url: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-instance
|
||||
verify:
|
||||
provider: cosign
|
||||
matchOIDCIdentity:
|
||||
- issuer: ^https://token.actions.githubusercontent.com$
|
||||
subject: ^https://github.com/controlplaneio-fluxcd/charts.*$
|
||||
---
|
||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: flux-instance
|
||||
spec:
|
||||
interval: 1h
|
||||
chartRef:
|
||||
kind: OCIRepository
|
||||
name: flux-instance
|
||||
install:
|
||||
remediation:
|
||||
retries: -1
|
||||
upgrade:
|
||||
cleanupOnFail: true
|
||||
remediation:
|
||||
retries: 3
|
||||
valuesFrom:
|
||||
- kind: ConfigMap
|
||||
name: flux-instance-values
|
||||
23
kubernetes/apps/flux-system/flux-instance/app/ingress.yaml
Normal file
23
kubernetes/apps/flux-system/flux-instance/app/ingress.yaml
Normal file
@@ -0,0 +1,23 @@
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: webhook-receiver
|
||||
annotations:
|
||||
hajimari.io/enable: "false"
|
||||
spec:
|
||||
ingressClassName: external
|
||||
rules:
|
||||
- host: "flux-webhook.${SECRET_EXTERNAL_DOMAIN}"
|
||||
http:
|
||||
paths:
|
||||
- path: /hook/
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: webhook-receiver
|
||||
port:
|
||||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- "flux-webhook.${SECRET_EXTERNAL_DOMAIN}"
|
||||
@@ -0,0 +1,16 @@
|
||||
---
|
||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./externalsecret.yaml
|
||||
- ./helmrelease.yaml
|
||||
- ./ingress.yaml
|
||||
- ./prometheusrule.yaml
|
||||
- ./receiver.yaml
|
||||
configMapGenerator:
|
||||
- name: flux-instance-values
|
||||
files:
|
||||
- values.yaml=./helm/values.yaml
|
||||
configurations:
|
||||
- ./helm/kustomizeconfig.yaml
|
||||
@@ -0,0 +1,30 @@
|
||||
---
|
||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/prometheusrule_v1.json
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: flux-instance-rules
|
||||
namespace: flux-system
|
||||
spec:
|
||||
groups:
|
||||
- name: flux-instance.rules
|
||||
rules:
|
||||
- alert: FluxInstanceAbsent
|
||||
expr: |
|
||||
absent(flux_instance_info{exported_namespace="flux-system", name="flux"})
|
||||
for: 5m
|
||||
annotations:
|
||||
summary: >-
|
||||
Flux instance metric is missing
|
||||
labels:
|
||||
severity: critical
|
||||
|
||||
- alert: FluxInstanceNotReady
|
||||
expr: |
|
||||
flux_instance_info{exported_namespace="flux-system", name="flux", ready!="True"}
|
||||
for: 5m
|
||||
annotations:
|
||||
summary: >-
|
||||
Flux instance {{ $labels.name }} is not ready
|
||||
labels:
|
||||
severity: critical
|
||||
18
kubernetes/apps/flux-system/flux-instance/app/receiver.yaml
Normal file
18
kubernetes/apps/flux-system/flux-instance/app/receiver.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
---
|
||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/receiver_v1.json
|
||||
apiVersion: notification.toolkit.fluxcd.io/v1
|
||||
kind: Receiver
|
||||
metadata:
|
||||
name: github-webhook
|
||||
spec:
|
||||
type: github
|
||||
events: ["ping", "push"]
|
||||
secretRef:
|
||||
name: github-webhook-token-secret
|
||||
resources:
|
||||
- apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: GitRepository
|
||||
name: flux-system
|
||||
- apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
name: flux-system
|
||||
32
kubernetes/apps/flux-system/flux-instance/ks.yaml
Normal file
32
kubernetes/apps/flux-system/flux-instance/ks.yaml
Normal file
@@ -0,0 +1,32 @@
|
||||
---
|
||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app flux-instance
|
||||
namespace: &namespace flux-system
|
||||
spec:
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
dependsOn:
|
||||
- name: flux-operator
|
||||
namespace: *namespace
|
||||
interval: 1h
|
||||
path: ./kubernetes/apps/flux-system/flux-instance/app
|
||||
prune: true
|
||||
retryInterval: 2m
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: home-ops-kubernetes
|
||||
namespace: *namespace
|
||||
targetNamespace: *namespace
|
||||
timeout: 5m
|
||||
postBuild:
|
||||
substituteFrom:
|
||||
- kind: ConfigMap
|
||||
name: cluster-settings
|
||||
optional: false
|
||||
- kind: Secret
|
||||
name: cluster-secrets
|
||||
optional: false
|
||||
Reference in New Issue
Block a user