♻️ flux kustomizations

2025-09-17 18:24:14 +02:00 · 2022-12-26 15:24:33 +01:00
parent b4572bf19a
commit ca31e11491
730 changed files with 6825 additions and 3766 deletions
--- a/kubernetes/apps/networking/k8s-gateway/app/Corefile
+++ b/kubernetes/apps/networking/k8s-gateway/app/Corefile
@@ -0,0 +1,17 @@
+.:1053 {
+  errors
+  log
+  health {
+    lameduck 5s
+  }
+  ready
+  k8s_gateway ${SECRET_CLUSTER_DOMAIN} {
+    apex  k8s-gateway.network
+    resources Ingress Service
+    ttl 300
+  }
+  prometheus 0.0.0.0:9153
+  loop
+  reload
+  loadbalance
+}
--- a/kubernetes/apps/networking/k8s-gateway/app/helmrelease.yaml
+++ b/kubernetes/apps/networking/k8s-gateway/app/helmrelease.yaml
@@ -0,0 +1,92 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app k8s-gateway
+  namespace: networking
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.2.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+  values:
+    controller:
+      replicas: 2
+      strategy: RollingUpdate
+      annotations:
+        reloader.stakater.com/auto: "true"
+    image:
+      repository: quay.io/oriedge/k8s_gateway
+      tag: v0.3.2
+    args: ["-conf", "/etc/coredns/Corefile"]
+    service:
+      main:
+        type: LoadBalancer
+        loadBalancerIP: "${CLUSTER_LB_K8SGATEWAY}"
+        externalTrafficPolicy: Local
+        ports:
+          http:
+            enabled: false
+          metrics:
+            enabled: true
+            port: 9153
+          dns:
+            enabled: true
+            port: 53
+            targetPort: 1053
+            protocol: UDP
+    serviceMonitor:
+      main:
+        enabled: true
+        endpoints:
+          - port: metrics
+            scheme: http
+            path: /metrics
+            interval: 1m
+            scrapeTimeout: 10s
+    probes:
+      readiness:
+        custom: true
+        spec:
+          httpGet:
+            path: /ready
+            port: 8181
+      liveness:
+        custom: true
+        spec:
+          httpGet:
+            path: /health
+            port: 8080
+      startup:
+        enabled: false
+    serviceAccount:
+      create: true
+      name: *app
+    persistence:
+      config-file:
+        enabled: true
+        type: configMap
+        name: k8s-gateway-configmap
+        subPath: Corefile
+        mountPath: /etc/coredns/Corefile
+        readOnly: true
+    topologySpreadConstraints:
+      - maxSkew: 1
+        topologyKey: kubernetes.io/hostname
+        whenUnsatisfiable: DoNotSchedule
+        labelSelector:
+          matchLabels:
+            app.kubernetes.io/name: *app
--- a/kubernetes/apps/networking/k8s-gateway/app/kustomization.yaml
+++ b/kubernetes/apps/networking/k8s-gateway/app/kustomization.yaml
@@ -0,0 +1,14 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: networking
+resources:
+  - ./rbac.yaml
+  - ./helmrelease.yaml
+configMapGenerator:
+  - name: k8s-gateway-configmap
+    files:
+      - ./Corefile
+generatorOptions:
+  disableNameSuffixHash: true
--- a/kubernetes/apps/networking/k8s-gateway/app/rbac.yaml
+++ b/kubernetes/apps/networking/k8s-gateway/app/rbac.yaml
@@ -0,0 +1,48 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: k8s-gateway
+  namespace: networking
+  labels:
+    app.kubernetes.io/instance: k8s-gateway
+    app.kubernetes.io/name: k8s-gateway
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - namespaces
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - list
+      - watch
+  - apiGroups: ["gateway.networking.k8s.io"]
+    resources: ["*"]
+    verbs: ["watch", "list"]
+  - apiGroups: ["k8s.nginx.org"]
+    resources: ["*"]
+    verbs: ["watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: k8s-gateway
+  labels:
+    app.kubernetes.io/instance: k8s-gateway
+    app.kubernetes.io/name: k8s-gateway
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: k8s-gateway
+subjects:
+  - kind: ServiceAccount
+    name: k8s-gateway
+    namespace: networking
--- a/kubernetes/apps/networking/k8s-gateway/ks.yaml
+++ b/kubernetes/apps/networking/k8s-gateway/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: cluster-apps-k8s-gateway
+  namespace: flux-system
+  labels:
+    substitution.flux.home.arpa/enabled: "true"
+spec:
+  path: ./kubernetes/apps/networking/k8s-gateway/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops-kubernetes
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      name: k8s-gateway
+      namespace: networking
+  interval: 30m
+  retryInterval: 1m
+  timeout: 3m