♻️ flux rework

2025-09-17 18:24:14 +02:00 · 2022-09-12 22:36:08 +02:00
parent 9c34132fa0
commit d319bd59c3
19 changed files with 110 additions and 5976 deletions
--- a/.github/workflows/schedule-flux-update.yaml
+++ b/.github/workflows/schedule-flux-update.yaml
@@ -1,50 +0,0 @@
---
-name: Schedule - Flux Update
-
-on: # yamllint disable-line rule:truthy
-  workflow_dispatch:
-  schedule:
-    - cron: "0 */4 * * *"
-  push:
-    branches:
-      - main
-    paths:
-      - ".github/workflows/schedule-flux-update.yaml"
-
-jobs:
-  flux-update:
-    name: Flux Update
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Generate Token
-        uses: tibdex/github-app-token@v1
-        id: generate-token
-        with:
-          app_id: "${{ secrets.BOT_APP_ID }}"
-          private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
-      - name: Install Flux
-        uses: fluxcd/flux2/action@main
-      - name: Flux Update
-        id: update
-        run: |
-          UGLY_VERSION="$(flux -v)"
-          VERSION="v${UGLY_VERSION#*flux version }"
-          flux install --version="${VERSION}" \
-            --network-policy=false \
-            --export > ./cluster/base/flux-system/gotk-components.yaml
-          echo "::set-output name=flux_version::$VERSION"
-      - name: Create pull request
-        uses: peter-evans/create-pull-request@v4
-        with:
-          token: "${{ steps.generate-token.outputs.token }}"
-          branch: "github-action/flux-update-${{ steps.update.outputs.flux_version }}"
-          delete-branch: true
-          title: "chore(github-action): update flux components to ${{ steps.update.outputs.flux_version }}"
-          signoff: true
-          commit-message: "chore(github-action): update flux components to ${{ steps.update.outputs.flux_version }}"
-          body: |
-            Release notes: https://github.com/fluxcd/flux2/releases/tag/${{ steps.update.outputs.flux_version }}
-          labels: |
-            renovate/github-action
--- a/cluster/base/flux-system/gotk-components.yaml
+++ b/cluster/base/flux-system/gotk-components.yaml
--- a/cluster/base/flux-system/kustomization.yaml
+++ b/cluster/base/flux-system/kustomization.yaml
@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- gotk-components.yaml
- gotk-sync.yaml
--- a/cluster/charts/benji-charts.yaml
+++ b/cluster/charts/benji-charts.yaml
@@ -1,17 +0,0 @@
---
-apiVersion: source.toolkit.fluxcd.io/v1beta1
-kind: GitRepository
-metadata:
-  name: benji-charts
-  namespace: flux-system
-spec:
-  interval: 1h
-  url: https://github.com/elemental-lf/benji
-  timeout: 3m
-  ref:
-    branch: master
-  ignore: |
-    # exclude all
-    /*
-    # include charts directory
-    !/charts/
--- a/cluster/charts/bjw-s-charts.yaml
+++ b/cluster/charts/bjw-s-charts.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: bjw-s-charts
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://bjw-s.github.io/helm-charts/
--- a/cluster/charts/kustomization.yaml
+++ b/cluster/charts/kustomization.yaml
@@ -4,8 +4,8 @@ kind: Kustomization
 resources:
  - authelia-charts.yaml
  - authentik-charts.yaml
-  - benji-charts.yaml
  - bitnami-charts.yaml
+  - bjw-s-charts.yaml
  - cert-manager-webhook-ovh.yaml
  - emxq-charts.yaml
  - external-dns-charts.yaml
--- a/cluster/configuration/secrets/cluster-secrets.sops.yaml
+++ b/cluster/configuration/secrets/cluster-secrets.sops.yaml
--- a/cluster/configuration/settings/cluster-settings.yaml
+++ b/cluster/configuration/settings/cluster-settings.yaml
--- a/cluster/configuration/kustomization.yaml
+++ b/cluster/configuration/kustomization.yaml
@@ -1,5 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - secrets
-  - settings
+  - cluster-secrets.sops.yaml
+  - cluster-settings.yaml
--- a/cluster/configuration/settings/kustomization.yaml
+++ b/cluster/configuration/settings/kustomization.yaml
@@ -1,4 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - cluster-settings.yaml
--- a/cluster/flux/apps.yaml
+++ b/cluster/flux/apps.yaml
--- a/cluster/flux/charts.yaml
+++ b/cluster/flux/charts.yaml
--- a/cluster/flux/configuration.yaml
+++ b/cluster/flux/configuration.yaml
--- a/cluster/flux/core.yaml
+++ b/cluster/flux/core.yaml
--- a/cluster/flux/crds.yaml
+++ b/cluster/flux/crds.yaml
--- a/cluster/flux/flux-system/flux-cluster.yaml
+++ b/cluster/flux/flux-system/flux-cluster.yaml
@@ -1,27 +1,28 @@
-# This manifest was generated by flux. DO NOT EDIT.
 ---
 apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: GitRepository
 metadata:
-  name: flux-system
+  name: flux-cluster
  namespace: flux-system
 spec:
-  interval: 1m0s
+  interval: 10m
+  # https://github.com/k8s-at-home/template-cluster-k3s/issues/324
+  url: ssh://git@github.com/auricom/home-ops
  ref:
    branch: main
  secretRef:
-    name: flux-system
-  url: ssh://git@github.com/auricom/home-ops
+    name: github-deploy-key
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 kind: Kustomization
 metadata:
-  name: flux-system
+  name: flux-cluster
  namespace: flux-system
 spec:
-  interval: 10m0s
-  path: ./cluster/base
+  interval: 10m
+  path: ./cluster/flux
  prune: true
+  wait: false
  sourceRef:
    kind: GitRepository
-    name: flux-system
+    name: flux-cluster
--- a/cluster/flux/flux-system/flux-installation.yaml
+++ b/cluster/flux/flux-system/flux-installation.yaml
@@ -0,0 +1,55 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: GitRepository
+metadata:
+  name: flux-installation
+  namespace: flux-system
+spec:
+  interval: 10m
+  ref:
+    # renovate: datasource=github-releases depName=fluxcd/flux2
+    tag: "v0.34.0"
+  url: https://github.com/fluxcd/flux2
+  ignore: |
+    # exclude all
+    /*
+    # path to manifests
+    !/manifests
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: flux-installation
+  namespace: flux-system
+spec:
+  interval: 10m
+  path: ./manifests/install
+  prune: true
+  wait: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-installation
+  images:
+    - name: fluxcd/helm-controller
+      newName: ghcr.io/fluxcd/helm-controller
+    - name: fluxcd/image-automation-controller
+      newName: ghcr.io/fluxcd/image-automation-controller
+    - name: fluxcd/image-reflector-controller
+      newName: ghcr.io/fluxcd/image-reflector-controller
+    - name: fluxcd/kustomize-controller
+      newName: ghcr.io/fluxcd/kustomize-controller
+    - name: fluxcd/notification-controller
+      newName: ghcr.io/fluxcd/notification-controller
+    - name: fluxcd/source-controller
+      newName: ghcr.io/fluxcd/source-controller
+  patches:
+    - target:
+        group: networking.k8s.io
+        version: v1
+        kind: NetworkPolicy
+      patch: |-
+        $patch: delete
+        apiVersion: networking.k8s.io/v1
+        kind: NetworkPolicy
+        metadata:
+          name: not-used
--- a/cluster/flux/flux-system/github-deploy-key.sops.yaml
+++ b/cluster/flux/flux-system/github-deploy-key.sops.yaml
@@ -0,0 +1,31 @@
+# yamllint disable
+# https://github.com/k8s-at-home/template-cluster-k3s/issues/324
+apiVersion: v1
+kind: Secret
+metadata:
+    name: github-deploy-key
+    namespace: flux-system
+stringData:
+    identity: ENC[AES256_GCM,data:9W1QtXKVHOZtK/flmsoU5+h1BTmG46s+JY98Qk9Qxt/WccZIeqtiwHozp2popqJSwOqMTzbMJuFiELOrzxY8mc7vntTuLhsguRNPPHfsXPS+ScIio32jP/cxKUl2f6myphnSWwvSmRcH1L/ixzHI5UQC1Jh6GHU/I78esqNcaucjBHqSuu118dYd0eiGfK3eLyyuUFAXP/f5UzetPsP/Mq6V2ha3svop9ZGVdVo/VjWqR2JJ/BBYzL3GLqFB6hnifLZxQ+cKun2KQKbhvhcFXkPll3ZAvgpIYm62fwfqVws98Lsn6uuByWKdEuPMgl9WtU4lfJeWso9G+sWGyinfFRzodOHk8exSsAT0g68x2IAGY7ZjQTgF5RDmii40OQBLC/I0VIjgb3C7/O3CbnU+IBr7,iv:Z9C1WbJLa5dULnXvT1Z7C5xNbI3wCNsYZtp+mJYBJF8=,tag:/JpI9PsIIV1SbZPhhYzkZg==,type:str]
+    identidy.pub: ENC[AES256_GCM,data:oXByCEAnnEmC2ZZiXjPJqkyh3h6Dqk4SyYchIlsoLr5Y9KKKvGLwZ7yGNIhpSbU7PUYdp8NIO0LMeYrK5xfUEmFKBdZl3uZ6fWQ5IFNW32v/0lwg2ZJqUIdywPLvmbPTUg8+nkcLVMMJVgN8edjWsVz69OdkpIWdbaGf/+j75cIO2QbXIUUNXC0bEzOF46zSTD3UOeQpd86AxO1W4NuRH355bPmw0RytQB7bNG8svKu8/1Ymh4CIZAizDwOqihdu6W71LfiTsNsoENMSiw==,iv:eRNPkhiaoqd+Wit+C1NPxBMM0swqbC2MlRnSsXXx0oA=,tag:zjuKq38HE3Ma134dMhj8iQ==,type:str]
+    known_hosts: ENC[AES256_GCM,data:Lcmee02u0o3QQc+/kvdwUUaSMY6Hz0gAsfagIVbAh2BC/kMHESQDgVBq98SDW68myww5GTzRXsgtxVapXc6KpOmpBF0Fh39tEpe1Q1lvzRdNKSCJ6ffuA/kupM3QUstLr4jpXzQ3mw06vM0xrei7lmyycBzF+HL3P6byE9GtFkS88bQCj4w6phUa6ve3L7ImmqL4u/F+5note0HW4STS4nChWjGielx2vdEvEQ==,iv:grJD1VvcxXLNzZxf6jROx1mGDl/ViHhT6Ht56dQ1lYY=,tag:zQdj6V6p7VS9G3qVIj6eBg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUkcxTmRBUGhLbHFiMmlC
+            RTIzK09EOFByYWladXFZUm4wZHlocmVieEhJCnI2emlSN1hjRGRQdXNueWZiWHpO
+            RHMzSE12S2lHeVF3bkJRQVBZMW5nM3cKLS0tIHhieFpPalp1YXZoQWd4MHlnRkQ3
+            Vm9McjJVUnVrODBzTzVsOEZPODR2c1kKWRxQqDWq+2YsNBLXYB8frfs7YWIo4FaZ
+            tZ7eUewEEhP/sWB5zc96NoVJMQSoE+Obn0A+FBLCQFaA7AY2G9hi1w==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-09-12T20:34:27Z"
+    mac: ENC[AES256_GCM,data:ypR+H3I5o5cVJL4ZJwwfffHm3LuEGC6vOYM3FRwCeP+U7giVCcXNv1qHGSHhuCVynHfZUPXuJTx1gliRk4UvkP877E+nlzJAlRN10uhXS4DNWvs86EIM1cDLVzBmsjWY+q3RhZ1FC5ceVNSLdtihKLeKQz7ICyFuXhBCbuTZko0=,iv:u/EuOR3jRwPdqnMWBAdeY/WF5XrNiuUpPYkkzSqh268=,tag:ShtGtcZaEKiWVkEsqorTiQ==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3
--- a/cluster/configuration/secrets/kustomization.yaml
+++ b/cluster/configuration/secrets/kustomization.yaml
@@ -1,4 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - cluster-secrets.sops.yaml
+  - flux-installation.yaml
+  - flux-cluster.yaml