feat: flux instance

2025-09-17 18:24:14 +02:00 · 2025-04-03 16:37:50 +02:00
parent d0a14fc471
commit a33b7d9285
106 changed files with 754 additions and 808 deletions
--- a/kubernetes/bootstrap/apps/helmfile.yaml
+++ b/kubernetes/bootstrap/apps/helmfile.yaml
@@ -12,12 +12,6 @@ helmDefaults:
  waitForJobs: true

 repositories:
-  - name: cilium
-    url: https://helm.cilium.io
-
-  - name: coredns
-    url: https://coredns.github.io/helm
-
  - name: postfinance
    url: https://postfinance.github.io/kubelet-csr-approver

@@ -29,20 +23,31 @@ releases:

  - name: cilium
    namespace: kube-system
-    chart: cilium/cilium
+    atomic: true
+    chart: oci://ghcr.io/home-operations/charts-mirror/cilium
    version: 1.17.2
    values: ["../../apps/kube-system/cilium/app/helm-values.yaml"]
+    hooks:
+      - # Wait for cilium CRDs to be available
+        events: ['postsync']
+        command: bash
+        args:
+          - -c
+          - until kubectl get crd ciliumbgppeeringpolicies.cilium.io ciliuml2announcementpolicies.cilium.io ciliumloadbalancerippools.cilium.io &>/dev/null; do sleep 10; done
+        showlogs: true
    needs: ["observability/kube-prometheus-stack-crds"]

  - name: coredns
    namespace: kube-system
-    chart: coredns/coredns
+    atomic: true
+    chart: oci://ghcr.io/coredns/charts/coredns
    version: 1.39.2
    values: ["../../apps/kube-system/coredns/app/helm-values.yaml"]
    needs: ["kube-system/cilium"]

  - name: kubelet-csr-approver
    namespace: kube-system
+    atomic: true
    chart: postfinance/kubelet-csr-approver
    version: 1.2.6
    values: ["../../apps/kube-system/kubelet-csr-approver/app/helm-values.yaml"]
@@ -50,7 +55,48 @@ releases:

  - name: spegel
    namespace: kube-system
+    atomic: true
    chart: oci://ghcr.io/spegel-org/helm-charts/spegel
-    version: v0.0.30
+    version: 0.1.1
    values: ["../../apps/kube-system/spegel/app/helm-values.yaml"]
    needs: ["kube-system/kubelet-csr-approver"]
+
+  - name: cert-manager
+    namespace: cert-manager
+    atomic: true
+    chart: oci://ghcr.io/home-operations/charts-mirror/cert-manager
+    version: v1.17.1
+    values: ['../../apps/cert-manager/cert-manager/app/helm/values.yaml']
+    needs: ['kube-system/spegel']
+
+  - name: external-secrets
+    namespace: flux-system
+    atomic: true
+    chart: oci://ghcr.io/external-secrets/charts/external-secrets
+    version: 0.15.1
+    values: ['../../apps/external-secrets/external-secrets/app/helm/values.yaml']
+    needs: ['cert-manager/cert-manager']
+
+  - name: onepassword-connect
+    namespace: external-secrets
+    atomic: true
+    chart: oci://ghcr.io/bjw-s/helm/app-template
+    version: 3.7.3
+    values: ['../../apps/external-secrets/external-secrets/stores/onepassword/helm/values.yaml']
+    needs: ['external-secrets/external-secrets']
+
+  - name: flux-operator
+    namespace: flux-system
+    atomic: true
+    chart: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator
+    version: 0.18.0
+    values: ['../../apps/flux-system/flux-operator/app/helm/values.yaml']
+    needs: ['external-secrets/external-secrets']
+
+  - name: flux-instance
+    namespace: flux-system
+    atomic: true
+    chart: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-instance
+    version: 0.18.0
+    values: ['../../apps/flux-system/flux-instance/app/helm/values.yaml']
+    needs: ['flux-system/flux-operator']