From 439956fe240c619cba1e07c895b75a8098018a92 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 31 Jul 2024 16:47:39 +0200 Subject: [PATCH 001/130] moving argocd kubernetes configuration --- {kubernetes => argocd}/.gitignore | 0 {kubernetes => argocd}/apps/book-info/base/kustomization.yaml | 0 {kubernetes => argocd}/apps/book-info/base/ns.yaml | 0 .../apps/book-info/overlays/dev/kustomization.yaml | 0 .../apps/book-info/overlays/prod/kustomization.yaml | 0 {kubernetes => argocd}/apps/kafka/base/kafdrop-values.yaml | 0 {kubernetes => argocd}/apps/kafka/base/kafka-cluster.yaml | 0 {kubernetes => argocd}/apps/kafka/base/kafka-topic.yaml | 0 {kubernetes => argocd}/apps/kafka/base/kustomization.yaml | 0 {kubernetes => argocd}/apps/kafka/base/ns.yaml | 0 .../apps/kafka/base/schema-registry-values.yaml | 0 .../apps/kafka/base/strimzi-kafka-operator-values.yaml | 0 {kubernetes => argocd}/apps/kafka/base/tempo-externalsecret.yaml | 0 .../apps/kafka/overlays/dev/kafdrop-values.yaml | 0 {kubernetes => argocd}/apps/kafka/overlays/dev/kustomization.yaml | 0 .../apps/kafka/overlays/dev/schema-registry-values.yaml | 0 .../apps/kafka/overlays/dev/strimzi-kafka-operator-values.yaml | 0 .../apps/kafka/overlays/prod/kafdrop-values.yaml | 0 .../apps/kafka/overlays/prod/kustomization.yaml | 0 .../apps/kafka/overlays/prod/schema-registry-values.yaml | 0 .../apps/kafka/overlays/prod/strimzi-kafka-operator-values.yaml | 0 {kubernetes => argocd}/bootstrap/apps/base/apps/kafka-app.yaml | 0 {kubernetes => argocd}/bootstrap/apps/base/kustomization.yaml | 0 .../bootstrap/apps/overlays/dev/apps/kafka-app.yaml | 0 .../bootstrap/apps/overlays/dev/kustomization.yaml | 0 .../bootstrap/apps/overlays/prod/kustomization.yaml | 0 {kubernetes => argocd}/bootstrap/argocd/base/kustomization.yaml | 0 {kubernetes => argocd}/bootstrap/argocd/base/project.yaml | 0 {kubernetes => argocd}/bootstrap/argocd/base/root-app.yaml | 0 .../bootstrap/argocd/overlays/dev/infra-branch.yaml | 0 .../bootstrap/argocd/overlays/dev/kustomization.yaml | 0 .../bootstrap/argocd/overlays/prod/infra-branch.yaml | 0 .../bootstrap/argocd/overlays/prod/kustomization.yaml | 0 {kubernetes => argocd}/bootstrap/infra/base/apps/argocd-app.yaml | 0 .../bootstrap/infra/base/apps/cert-manager-app.yaml | 0 {kubernetes => argocd}/bootstrap/infra/base/apps/cilium-app.yaml | 0 .../bootstrap/infra/base/apps/cilium-config-app.yaml | 0 {kubernetes => argocd}/bootstrap/infra/base/apps/crds-app.yaml | 0 .../bootstrap/infra/base/apps/csi-external-snapshotter-app.yaml | 0 .../bootstrap/infra/base/apps/databases-app.yaml | 0 {kubernetes => argocd}/bootstrap/infra/base/apps/elastic-app.yaml | 0 .../bootstrap/infra/base/apps/external-secrets-app.yaml | 0 {kubernetes => argocd}/bootstrap/infra/base/apps/fluent-app.yaml | 0 {kubernetes => argocd}/bootstrap/infra/base/apps/grafana-app.yaml | 0 .../bootstrap/infra/base/apps/istio-base-app.yaml | 0 .../bootstrap/infra/base/apps/istio-cni-app.yaml | 0 .../bootstrap/infra/base/apps/istio-config-app.yaml | 0 .../bootstrap/infra/base/apps/istio-gateway-app.yaml | 0 .../bootstrap/infra/base/apps/istio-istiod-app.yaml | 0 .../bootstrap/infra/base/apps/istio-ztunnel-app.yaml | 0 .../bootstrap/infra/base/apps/keycloak-app.yaml | 0 .../bootstrap/infra/base/apps/kube-prom-stack-app.yaml | 0 {kubernetes => argocd}/bootstrap/infra/base/apps/loki-app.yaml | 0 .../bootstrap/infra/base/apps/longhorn-app.yaml | 0 {kubernetes => argocd}/bootstrap/infra/base/apps/minio-app.yaml | 0 {kubernetes => argocd}/bootstrap/infra/base/apps/nginx-app.yaml | 0 .../bootstrap/infra/base/apps/oauth2-proxy-app.yaml | 0 .../bootstrap/infra/base/apps/system-upgrade-app.yaml | 0 {kubernetes => argocd}/bootstrap/infra/base/apps/tempo-app.yaml | 0 {kubernetes => argocd}/bootstrap/infra/base/apps/velero-app.yaml | 0 {kubernetes => argocd}/bootstrap/infra/base/kustomization.yaml | 0 .../bootstrap/infra/overlays/dev/apps/argocd-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/cert-manager-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/cilium-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/cilium-config-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/crds-app.yaml | 0 .../infra/overlays/dev/apps/csi-external-snapshotter-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/databases-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/elastic-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/external-secrets-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/fluent-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/grafana-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/istio-config-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/keycloak-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/kube-prom-stack-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/loki-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/longhorn-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/minio-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/nginx-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/oauth2-proxy-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/system-upgrade-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/tempo-app.yaml | 0 .../bootstrap/infra/overlays/dev/apps/velero-app.yaml | 0 .../bootstrap/infra/overlays/dev/kustomization.yaml | 0 .../bootstrap/infra/overlays/prod/kustomization.yaml | 0 {kubernetes => argocd}/bootstrap/root-app/base/application.yaml | 0 .../bootstrap/root-app/base/infrastructure.yaml | 0 {kubernetes => argocd}/bootstrap/root-app/base/kustomization.yaml | 0 .../bootstrap/root-app/overlays/dev/app-branch.yaml | 0 .../bootstrap/root-app/overlays/dev/infra-branch.yaml | 0 .../bootstrap/root-app/overlays/dev/kustomization.yaml | 0 .../bootstrap/root-app/overlays/prod/app-branch.yaml | 0 .../bootstrap/root-app/overlays/prod/infra-branch.yaml | 0 .../bootstrap/root-app/overlays/prod/kustomization.yaml | 0 {kubernetes => argocd}/bootstrap/vault/base/kustomization.yaml | 0 {kubernetes => argocd}/bootstrap/vault/base/ns.yaml | 0 .../bootstrap/vault/base/vault-auth-serviceaccount.yaml | 0 .../bootstrap/vault/overlays/dev/kustomization.yaml | 0 .../bootstrap/vault/overlays/prod/kustomization.yaml | 0 .../infrastructure/argocd/base/kustomization.yaml | 0 {kubernetes => argocd}/infrastructure/argocd/base/ns.yaml | 0 {kubernetes => argocd}/infrastructure/argocd/base/values.yaml | 0 .../infrastructure/argocd/overlays/dev/kustomization.yaml | 0 .../infrastructure/argocd/overlays/dev/values.yaml | 0 .../infrastructure/argocd/overlays/prod/kustomization.yaml | 0 .../infrastructure/argocd/overlays/prod/values.yaml | 0 .../infrastructure/cert-manager/base/ca-issuer.yaml | 0 .../infrastructure/cert-manager/base/cert-manager-values.yaml | 0 .../infrastructure/cert-manager/base/ionos-externalsecret.yaml | 0 .../infrastructure/cert-manager/base/ionos-issuer.yaml | 0 .../infrastructure/cert-manager/base/ionos-webhook-values.yaml | 0 .../infrastructure/cert-manager/base/kustomization.yaml | 0 {kubernetes => argocd}/infrastructure/cert-manager/base/ns.yaml | 0 .../infrastructure/cert-manager/base/self-signed-issuer.yaml | 0 .../cert-manager/overlays/dev/cert-manager-values.yaml | 0 .../cert-manager/overlays/dev/ionos-webhook-values.yaml | 0 .../infrastructure/cert-manager/overlays/dev/kustomization.yaml | 0 .../cert-manager/overlays/prod/cert-manager-values.yaml | 0 .../cert-manager/overlays/prod/ionos-webhook-values.yaml | 0 .../infrastructure/cert-manager/overlays/prod/kustomization.yaml | 0 .../cilium-config/base/cilium-l2-announcement-policy.yaml | 0 .../infrastructure/cilium-config/base/ip-pool-lb.yaml | 0 .../infrastructure/cilium-config/base/kustomization.yaml | 0 .../infrastructure/cilium-config/overlays/dev/kustomization.yaml | 0 .../infrastructure/cilium-config/overlays/prod/kustomization.yaml | 0 .../infrastructure/cilium/base/kustomization.yaml | 0 {kubernetes => argocd}/infrastructure/cilium/base/values.yaml | 0 .../infrastructure/cilium/overlays/dev/kustomization.yaml | 0 .../infrastructure/cilium/overlays/dev/values.yaml | 0 .../infrastructure/cilium/overlays/prod/kustomization.yaml | 0 .../infrastructure/cilium/overlays/prod/values.yaml | 0 .../infrastructure/crds/base/kustomization.yaml | 0 .../infrastructure/crds/overlays/dev/kustomization.yaml | 0 .../infrastructure/crds/overlays/prod/kustomization.yaml | 0 .../csi-external-snapshotter/base/kustomization.yaml | 0 .../csi-external-snapshotter/overlays/dev/kustomization.yaml | 0 .../csi-external-snapshotter/overlays/prod/kustomization.yaml | 0 .../infrastructure/databases/base/cloudnative-pg-values.yaml | 0 .../infrastructure/databases/base/kustomization.yaml | 0 .../infrastructure/databases/base/mongodb-database-example.yaml | 0 .../infrastructure/databases/base/mongodb-operator-values.yaml | 0 {kubernetes => argocd}/infrastructure/databases/base/ns.yaml | 0 .../databases/overlays/dev/cloudnative-pg-values.yaml | 0 .../infrastructure/databases/overlays/dev/kustomization.yaml | 0 .../databases/overlays/dev/mongodb-operator-values.yaml | 0 .../databases/overlays/prod/cloudnative-pg-values.yaml | 0 .../infrastructure/databases/overlays/prod/kustomization.yaml | 0 .../databases/overlays/prod/mongodb-operator-values.yaml | 0 .../infrastructure/elastic/base/eck-operator-values.yaml | 0 .../elastic/base/elasticsearch-admin-externalsecret.yaml | 0 .../elastic/base/elasticsearch-fluentd-externalsecret.yaml | 0 .../infrastructure/elastic/base/elasticsearch-fluentd-role.yaml | 0 .../infrastructure/elastic/base/elasticsearch-ingress.yaml | 0 .../elastic/base/elasticsearch-prometheus-externalsecret.yaml | 0 .../elastic/base/elasticsearch-prometheus-role.yaml | 0 .../infrastructure/elastic/base/elasticsearch.yaml | 0 .../infrastructure/elastic/base/kibana-ingress.yaml | 0 {kubernetes => argocd}/infrastructure/elastic/base/kibana.yaml | 0 .../infrastructure/elastic/base/kustomization.yaml | 0 {kubernetes => argocd}/infrastructure/elastic/base/ns.yaml | 0 .../elastic/base/prometheus-elasticsearch-exporter-values.yaml | 0 .../infrastructure/elastic/base/servicemonitor.yaml | 0 .../infrastructure/elastic/overlays/dev/eck-operator-values.yaml | 0 .../infrastructure/elastic/overlays/dev/kustomization.yaml | 0 .../overlays/dev/prometheus-elasticsearch-exporter-values.yaml | 0 .../infrastructure/elastic/overlays/prod/eck-operator-values.yaml | 0 .../infrastructure/elastic/overlays/prod/kustomization.yaml | 0 .../overlays/prod/prometheus-elasticsearch-exporter-values.yaml | 0 .../external-secrets/base/cluster-secret-store.yaml | 0 .../infrastructure/external-secrets/base/kustomization.yaml | 0 .../infrastructure/external-secrets/base/ns.yaml | 0 .../infrastructure/external-secrets/base/values.yaml | 0 .../external-secrets/overlays/dev/kustomization.yaml | 0 .../infrastructure/external-secrets/overlays/dev/values.yaml | 0 .../external-secrets/overlays/prod/kustomization.yaml | 0 .../infrastructure/external-secrets/overlays/prod/values.yaml | 0 .../infrastructure/fluent/base/fluent-bit-values.yaml | 0 .../infrastructure/fluent/base/fluentd-certificate.yaml | 0 .../infrastructure/fluent/base/fluentd-elastic-templates-cm.yaml | 0 .../infrastructure/fluent/base/fluentd-externalsecret.yaml | 0 .../infrastructure/fluent/base/fluentd-extservice.yaml | 0 .../infrastructure/fluent/base/fluentd-values.yaml | 0 .../infrastructure/fluent/base/kustomization.yaml | 0 {kubernetes => argocd}/infrastructure/fluent/base/logging-cm.yaml | 0 {kubernetes => argocd}/infrastructure/fluent/base/ns.yaml | 0 .../infrastructure/fluent/base/servicemonitor.yaml | 0 .../infrastructure/fluent/overlays/dev/fluent-bit-values.yaml | 0 .../infrastructure/fluent/overlays/dev/fluentd-values.yaml | 0 .../infrastructure/fluent/overlays/dev/kustomization.yaml | 0 .../infrastructure/fluent/overlays/prod/fluent-bit-values.yaml | 0 .../infrastructure/fluent/overlays/prod/fluentd-values.yaml | 0 .../infrastructure/fluent/overlays/prod/kustomization.yaml | 0 .../infrastructure/grafana/base/dashboards/k3s-apiserver.json | 0 .../grafana/base/dashboards/k3s-controllermanager-dashboard.json | 0 .../infrastructure/grafana/base/dashboards/k3s-etcd.json | 0 .../infrastructure/grafana/base/dashboards/k3s-kubelet.json | 0 .../grafana/base/dashboards/k3s-proxy-dashboard.json | 0 .../grafana/base/dashboards/k3s-scheduler-dashboard.json | 0 .../grafana/base/dashboards/pi-cluster-dashboard.json | 0 .../grafana/base/dashboards/prometheus-dashboard-2.json | 0 .../infrastructure/grafana/base/grafana-env-externalsecret.yaml | 0 .../infrastructure/grafana/base/grafana-externalsecret.yaml | 0 {kubernetes => argocd}/infrastructure/grafana/base/ingress.yaml | 0 .../infrastructure/grafana/base/kustomization.yaml | 0 {kubernetes => argocd}/infrastructure/grafana/base/ns.yaml | 0 {kubernetes => argocd}/infrastructure/grafana/base/values.yaml | 0 .../infrastructure/grafana/overlays/dev/kustomization.yaml | 0 .../infrastructure/grafana/overlays/dev/values.yaml | 0 .../infrastructure/grafana/overlays/prod/kustomization.yaml | 0 .../infrastructure/grafana/overlays/prod/values.yaml | 0 .../infrastructure/istio/base/cilium-istio-networkpolicy.yaml | 0 .../infrastructure/istio/base/istio-opentelemetry.yaml | 0 .../infrastructure/istio/base/istio-prometheus-config.yaml | 0 .../infrastructure/istio/base/kiali-external-secret.yaml | 0 .../infrastructure/istio/base/kustomization.yaml | 0 {kubernetes => argocd}/infrastructure/istio/base/ns.yaml | 0 .../istio/istio-base/base/cilium-istio-networkpolicy.yaml | 0 .../infrastructure/istio/istio-base/base/kustomization.yaml | 0 .../infrastructure/istio/istio-base/base/ns.yaml | 0 .../infrastructure/istio/istio-base/base/values.yaml | 0 .../istio/istio-base/overlays/dev/kustomization.yaml | 0 .../infrastructure/istio/istio-base/overlays/dev/values.yaml | 0 .../istio/istio-base/overlays/prod/kustomization.yaml | 0 .../infrastructure/istio/istio-base/overlays/prod/values.yaml | 0 .../infrastructure/istio/istio-cni/base/kustomization.yaml | 0 .../infrastructure/istio/istio-cni/base/values.yaml | 0 .../istio/istio-cni/overlays/dev/kustomization.yaml | 0 .../infrastructure/istio/istio-cni/overlays/dev/values.yaml | 0 .../istio/istio-cni/overlays/prod/kustomization.yaml | 0 .../infrastructure/istio/istio-cni/overlays/prod/values.yaml | 0 .../infrastructure/istio/istio-gateway/base/kustomization.yaml | 0 .../infrastructure/istio/istio-gateway/base/ns.yaml | 0 .../infrastructure/istio/istio-gateway/base/values.yaml | 0 .../istio/istio-gateway/overlays/dev/kustomization.yaml | 0 .../infrastructure/istio/istio-gateway/overlays/dev/values.yaml | 0 .../istio/istio-gateway/overlays/prod/kustomization.yaml | 0 .../infrastructure/istio/istio-gateway/overlays/prod/values.yaml | 0 .../infrastructure/istio/istio-istiod/base/kustomization.yaml | 0 .../infrastructure/istio/istio-istiod/base/values.yaml | 0 .../istio/istio-istiod/overlays/dev/kustomization.yaml | 0 .../infrastructure/istio/istio-istiod/overlays/dev/values.yaml | 0 .../istio/istio-istiod/overlays/prod/kustomization.yaml | 0 .../infrastructure/istio/istio-istiod/overlays/prod/values.yaml | 0 .../infrastructure/istio/istio-ztunnel/base/kustomization.yaml | 0 .../infrastructure/istio/istio-ztunnel/base/values.yaml | 0 .../istio/istio-ztunnel/overlays/dev/kustomization.yaml | 0 .../infrastructure/istio/istio-ztunnel/overlays/dev/values.yaml | 0 .../istio/istio-ztunnel/overlays/prod/kustomization.yaml | 0 .../infrastructure/istio/istio-ztunnel/overlays/prod/values.yaml | 0 .../infrastructure/istio/overlays/dev/kustomization.yaml | 0 .../infrastructure/istio/overlays/prod/kustomization.yaml | 0 .../infrastructure/keycloak/base/keycloak-db-externalsecret.yaml | 0 .../infrastructure/keycloak/base/keycloak-db.yaml | 0 .../infrastructure/keycloak/base/keycloak-env-externalsecret.yaml | 0 .../infrastructure/keycloak/base/keycloak-externalsecret.yaml | 0 .../infrastructure/keycloak/base/kustomization.yaml | 0 .../infrastructure/keycloak/base/minio-externalsecret.yaml | 0 {kubernetes => argocd}/infrastructure/keycloak/base/ns.yaml | 0 .../infrastructure/keycloak/base/picluster-realm.json | 0 {kubernetes => argocd}/infrastructure/keycloak/base/values.yaml | 0 .../infrastructure/keycloak/overlays/dev/kustomization.yaml | 0 .../infrastructure/keycloak/overlays/dev/values.yaml | 0 .../infrastructure/keycloak/overlays/prod/kustomization.yaml | 0 .../infrastructure/keycloak/overlays/prod/values.yaml | 0 .../infrastructure/kiali/base/kustomization.yaml | 0 {kubernetes => argocd}/infrastructure/kiali/base/ns.yaml | 0 {kubernetes => argocd}/infrastructure/kiali/base/values.yaml | 0 .../infrastructure/kiali/overlays/dev/kustomization.yaml | 0 .../infrastructure/kiali/overlays/dev/values.yaml | 0 .../infrastructure/kiali/overlays/prod/kustomization.yaml | 0 .../infrastructure/kiali/overlays/prod/values.yaml | 0 .../kube-prometheus-stack/base/external-node-service-metrics.yaml | 0 .../kube-prometheus-stack/base/grafana-dashboards.yaml | 0 .../infrastructure/kube-prometheus-stack/base/ingress.yaml | 0 .../kube-prometheus-stack/base/k3s-service-metric.yaml | 0 .../kube-prometheus-stack/base/k3s-servicemonitor.yaml | 0 .../infrastructure/kube-prometheus-stack/base/kustomization.yaml | 0 .../kube-prometheus-stack/base/minio-bearer-externalsecret.yaml | 0 .../kube-prometheus-stack/base/minio-service-metrics.yaml | 0 .../kube-prometheus-stack/base/minio-servicemonitor.yaml | 0 .../infrastructure/kube-prometheus-stack/base/ns.yaml | 0 .../kube-prometheus-stack/base/prometheus-rules.yaml | 0 .../infrastructure/kube-prometheus-stack/base/values.yaml | 0 .../kube-prometheus-stack/overlays/dev/kustomization.yaml | 0 .../infrastructure/kube-prometheus-stack/overlays/dev/values.yaml | 0 .../kube-prometheus-stack/overlays/prod/kustomization.yaml | 0 .../kube-prometheus-stack/overlays/prod/values.yaml | 0 .../infrastructure/loki/base/kustomization.yaml | 0 .../infrastructure/loki/base/loki-externalsecret.yaml | 0 {kubernetes => argocd}/infrastructure/loki/base/ns.yaml | 0 {kubernetes => argocd}/infrastructure/loki/base/values.yaml | 0 .../infrastructure/loki/overlays/dev/kustomization.yaml | 0 .../infrastructure/loki/overlays/dev/values.yaml | 0 .../infrastructure/loki/overlays/prod/kustomization.yaml | 0 .../infrastructure/loki/overlays/prod/values.yaml | 0 .../infrastructure/longhorn/base/kustomization.yaml | 0 .../infrastructure/longhorn/base/minio-externalsecret.yaml | 0 {kubernetes => argocd}/infrastructure/longhorn/base/ns.yaml | 0 .../infrastructure/longhorn/base/service-monitor.yaml | 0 {kubernetes => argocd}/infrastructure/longhorn/base/values.yaml | 0 .../infrastructure/longhorn/base/volume-snapshot-class.yaml | 0 .../infrastructure/longhorn/overlays/dev/kustomization.yaml | 0 .../infrastructure/longhorn/overlays/dev/values.yaml | 0 .../infrastructure/longhorn/overlays/prod/kustomization.yaml | 0 .../infrastructure/longhorn/overlays/prod/values.yaml | 0 .../infrastructure/minio/base/kustomization.yaml | 0 .../infrastructure/minio/base/minio-externalsecret.yaml | 0 {kubernetes => argocd}/infrastructure/minio/base/ns.yaml | 0 {kubernetes => argocd}/infrastructure/minio/base/values.yaml | 0 .../infrastructure/minio/overlays/dev/kustomization.yaml | 0 .../infrastructure/minio/overlays/dev/values.yaml | 0 .../infrastructure/minio/overlays/prod/kustomization.yaml | 0 .../infrastructure/minio/overlays/prod/values.yaml | 0 .../infrastructure/nginx/base/basic-auth-externalsecret.yaml | 0 .../infrastructure/nginx/base/kustomization.yaml | 0 {kubernetes => argocd}/infrastructure/nginx/base/ns.yaml | 0 {kubernetes => argocd}/infrastructure/nginx/base/values.yaml | 0 .../infrastructure/nginx/overlays/dev/kustomization.yaml | 0 .../infrastructure/nginx/overlays/dev/values.yaml | 0 .../infrastructure/nginx/overlays/prod/kustomization.yaml | 0 .../infrastructure/nginx/overlays/prod/values.yaml | 0 .../infrastructure/oauth2-proxy/base/kustomization.yaml | 0 {kubernetes => argocd}/infrastructure/oauth2-proxy/base/ns.yaml | 0 .../oauth2-proxy/base/oauth2-proxy-externalsecret.yaml | 0 .../infrastructure/oauth2-proxy/base/values.yaml | 0 .../infrastructure/oauth2-proxy/overlays/dev/kustomization.yaml | 0 .../infrastructure/oauth2-proxy/overlays/dev/values.yaml | 0 .../infrastructure/oauth2-proxy/overlays/prod/kustomization.yaml | 0 .../infrastructure/oauth2-proxy/overlays/prod/values.yaml | 0 .../infrastructure/system-upgrade/base/k3s-agent.yaml | 0 .../infrastructure/system-upgrade/base/k3s-server.yaml | 0 .../infrastructure/system-upgrade/base/kustomization.yaml | 0 .../infrastructure/system-upgrade/overlays/dev/kustomization.yaml | 0 .../system-upgrade/overlays/prod/kustomization.yaml | 0 .../infrastructure/tempo/base/kustomization.yaml | 0 {kubernetes => argocd}/infrastructure/tempo/base/ns.yaml | 0 .../infrastructure/tempo/base/tempo-externalsecret.yaml | 0 {kubernetes => argocd}/infrastructure/tempo/base/values.yaml | 0 .../infrastructure/tempo/overlays/dev/kustomization.yaml | 0 .../infrastructure/tempo/overlays/dev/values.yaml | 0 .../infrastructure/tempo/overlays/prod/kustomization.yaml | 0 .../infrastructure/tempo/overlays/prod/values.yaml | 0 .../infrastructure/velero/base/kustomization.yaml | 0 {kubernetes => argocd}/infrastructure/velero/base/ns.yaml | 0 {kubernetes => argocd}/infrastructure/velero/base/schedule.yaml | 0 .../infrastructure/velero/base/servicemonitor.yaml | 0 {kubernetes => argocd}/infrastructure/velero/base/values.yaml | 0 .../infrastructure/velero/base/velero-externalsecret.yaml | 0 .../infrastructure/velero/base/volume-snapshot.yaml | 0 .../infrastructure/velero/overlays/dev/kustomization.yaml | 0 .../infrastructure/velero/overlays/dev/values.yaml | 0 .../infrastructure/velero/overlays/prod/kustomization.yaml | 0 .../infrastructure/velero/overlays/prod/values.yaml | 0 353 files changed, 0 insertions(+), 0 deletions(-) rename {kubernetes => argocd}/.gitignore (100%) rename {kubernetes => argocd}/apps/book-info/base/kustomization.yaml (100%) rename {kubernetes => argocd}/apps/book-info/base/ns.yaml (100%) rename {kubernetes => argocd}/apps/book-info/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/apps/book-info/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/apps/kafka/base/kafdrop-values.yaml (100%) rename {kubernetes => argocd}/apps/kafka/base/kafka-cluster.yaml (100%) rename {kubernetes => argocd}/apps/kafka/base/kafka-topic.yaml (100%) rename {kubernetes => argocd}/apps/kafka/base/kustomization.yaml (100%) rename {kubernetes => argocd}/apps/kafka/base/ns.yaml (100%) rename {kubernetes => argocd}/apps/kafka/base/schema-registry-values.yaml (100%) rename {kubernetes => argocd}/apps/kafka/base/strimzi-kafka-operator-values.yaml (100%) rename {kubernetes => argocd}/apps/kafka/base/tempo-externalsecret.yaml (100%) rename {kubernetes => argocd}/apps/kafka/overlays/dev/kafdrop-values.yaml (100%) rename {kubernetes => argocd}/apps/kafka/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/apps/kafka/overlays/dev/schema-registry-values.yaml (100%) rename {kubernetes => argocd}/apps/kafka/overlays/dev/strimzi-kafka-operator-values.yaml (100%) rename {kubernetes => argocd}/apps/kafka/overlays/prod/kafdrop-values.yaml (100%) rename {kubernetes => argocd}/apps/kafka/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/apps/kafka/overlays/prod/schema-registry-values.yaml (100%) rename {kubernetes => argocd}/apps/kafka/overlays/prod/strimzi-kafka-operator-values.yaml (100%) rename {kubernetes => argocd}/bootstrap/apps/base/apps/kafka-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/apps/base/kustomization.yaml (100%) rename {kubernetes => argocd}/bootstrap/apps/overlays/dev/apps/kafka-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/apps/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/bootstrap/apps/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/bootstrap/argocd/base/kustomization.yaml (100%) rename {kubernetes => argocd}/bootstrap/argocd/base/project.yaml (100%) rename {kubernetes => argocd}/bootstrap/argocd/base/root-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/argocd/overlays/dev/infra-branch.yaml (100%) rename {kubernetes => argocd}/bootstrap/argocd/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/bootstrap/argocd/overlays/prod/infra-branch.yaml (100%) rename {kubernetes => argocd}/bootstrap/argocd/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/argocd-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/cert-manager-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/cilium-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/cilium-config-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/crds-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/csi-external-snapshotter-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/databases-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/elastic-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/external-secrets-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/fluent-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/grafana-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/istio-base-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/istio-cni-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/istio-config-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/istio-gateway-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/istio-istiod-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/istio-ztunnel-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/keycloak-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/kube-prom-stack-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/loki-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/longhorn-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/minio-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/nginx-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/oauth2-proxy-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/system-upgrade-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/tempo-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/apps/velero-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/base/kustomization.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/argocd-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/cert-manager-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/cilium-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/cilium-config-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/crds-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/csi-external-snapshotter-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/databases-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/elastic-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/external-secrets-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/fluent-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/grafana-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/istio-config-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/keycloak-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/kube-prom-stack-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/loki-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/longhorn-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/minio-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/nginx-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/oauth2-proxy-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/system-upgrade-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/tempo-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/apps/velero-app.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/bootstrap/infra/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/bootstrap/root-app/base/application.yaml (100%) rename {kubernetes => argocd}/bootstrap/root-app/base/infrastructure.yaml (100%) rename {kubernetes => argocd}/bootstrap/root-app/base/kustomization.yaml (100%) rename {kubernetes => argocd}/bootstrap/root-app/overlays/dev/app-branch.yaml (100%) rename {kubernetes => argocd}/bootstrap/root-app/overlays/dev/infra-branch.yaml (100%) rename {kubernetes => argocd}/bootstrap/root-app/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/bootstrap/root-app/overlays/prod/app-branch.yaml (100%) rename {kubernetes => argocd}/bootstrap/root-app/overlays/prod/infra-branch.yaml (100%) rename {kubernetes => argocd}/bootstrap/root-app/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/bootstrap/vault/base/kustomization.yaml (100%) rename {kubernetes => argocd}/bootstrap/vault/base/ns.yaml (100%) rename {kubernetes => argocd}/bootstrap/vault/base/vault-auth-serviceaccount.yaml (100%) rename {kubernetes => argocd}/bootstrap/vault/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/bootstrap/vault/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/argocd/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/argocd/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/argocd/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/argocd/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/argocd/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/argocd/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/argocd/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/cert-manager/base/ca-issuer.yaml (100%) rename {kubernetes => argocd}/infrastructure/cert-manager/base/cert-manager-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/cert-manager/base/ionos-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/cert-manager/base/ionos-issuer.yaml (100%) rename {kubernetes => argocd}/infrastructure/cert-manager/base/ionos-webhook-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/cert-manager/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/cert-manager/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/cert-manager/base/self-signed-issuer.yaml (100%) rename {kubernetes => argocd}/infrastructure/cert-manager/overlays/dev/cert-manager-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/cert-manager/overlays/dev/ionos-webhook-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/cert-manager/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/cert-manager/overlays/prod/cert-manager-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/cert-manager/overlays/prod/ionos-webhook-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/cert-manager/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/cilium-config/base/cilium-l2-announcement-policy.yaml (100%) rename {kubernetes => argocd}/infrastructure/cilium-config/base/ip-pool-lb.yaml (100%) rename {kubernetes => argocd}/infrastructure/cilium-config/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/cilium-config/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/cilium-config/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/cilium/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/cilium/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/cilium/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/cilium/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/cilium/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/cilium/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/crds/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/crds/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/crds/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/csi-external-snapshotter/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/csi-external-snapshotter/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/csi-external-snapshotter/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/databases/base/cloudnative-pg-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/databases/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/databases/base/mongodb-database-example.yaml (100%) rename {kubernetes => argocd}/infrastructure/databases/base/mongodb-operator-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/databases/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/databases/overlays/dev/cloudnative-pg-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/databases/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/databases/overlays/dev/mongodb-operator-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/databases/overlays/prod/cloudnative-pg-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/databases/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/databases/overlays/prod/mongodb-operator-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/base/eck-operator-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/base/elasticsearch-admin-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/base/elasticsearch-fluentd-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/base/elasticsearch-fluentd-role.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/base/elasticsearch-ingress.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/base/elasticsearch-prometheus-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/base/elasticsearch-prometheus-role.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/base/elasticsearch.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/base/kibana-ingress.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/base/kibana.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/base/prometheus-elasticsearch-exporter-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/base/servicemonitor.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/overlays/dev/eck-operator-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/overlays/dev/prometheus-elasticsearch-exporter-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/overlays/prod/eck-operator-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/elastic/overlays/prod/prometheus-elasticsearch-exporter-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/external-secrets/base/cluster-secret-store.yaml (100%) rename {kubernetes => argocd}/infrastructure/external-secrets/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/external-secrets/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/external-secrets/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/external-secrets/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/external-secrets/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/external-secrets/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/external-secrets/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/fluent/base/fluent-bit-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/fluent/base/fluentd-certificate.yaml (100%) rename {kubernetes => argocd}/infrastructure/fluent/base/fluentd-elastic-templates-cm.yaml (100%) rename {kubernetes => argocd}/infrastructure/fluent/base/fluentd-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/fluent/base/fluentd-extservice.yaml (100%) rename {kubernetes => argocd}/infrastructure/fluent/base/fluentd-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/fluent/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/fluent/base/logging-cm.yaml (100%) rename {kubernetes => argocd}/infrastructure/fluent/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/fluent/base/servicemonitor.yaml (100%) rename {kubernetes => argocd}/infrastructure/fluent/overlays/dev/fluent-bit-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/fluent/overlays/dev/fluentd-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/fluent/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/fluent/overlays/prod/fluent-bit-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/fluent/overlays/prod/fluentd-values.yaml (100%) rename {kubernetes => argocd}/infrastructure/fluent/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/grafana/base/dashboards/k3s-apiserver.json (100%) rename {kubernetes => argocd}/infrastructure/grafana/base/dashboards/k3s-controllermanager-dashboard.json (100%) rename {kubernetes => argocd}/infrastructure/grafana/base/dashboards/k3s-etcd.json (100%) rename {kubernetes => argocd}/infrastructure/grafana/base/dashboards/k3s-kubelet.json (100%) rename {kubernetes => argocd}/infrastructure/grafana/base/dashboards/k3s-proxy-dashboard.json (100%) rename {kubernetes => argocd}/infrastructure/grafana/base/dashboards/k3s-scheduler-dashboard.json (100%) rename {kubernetes => argocd}/infrastructure/grafana/base/dashboards/pi-cluster-dashboard.json (100%) rename {kubernetes => argocd}/infrastructure/grafana/base/dashboards/prometheus-dashboard-2.json (100%) rename {kubernetes => argocd}/infrastructure/grafana/base/grafana-env-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/grafana/base/grafana-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/grafana/base/ingress.yaml (100%) rename {kubernetes => argocd}/infrastructure/grafana/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/grafana/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/grafana/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/grafana/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/grafana/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/grafana/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/grafana/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/base/cilium-istio-networkpolicy.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/base/istio-opentelemetry.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/base/istio-prometheus-config.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/base/kiali-external-secret.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-base/base/cilium-istio-networkpolicy.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-base/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-base/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-base/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-base/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-base/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-base/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-base/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-cni/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-cni/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-cni/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-cni/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-cni/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-cni/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-gateway/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-gateway/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-gateway/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-gateway/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-gateway/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-gateway/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-gateway/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-istiod/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-istiod/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-istiod/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-istiod/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-istiod/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-istiod/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-ztunnel/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-ztunnel/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-ztunnel/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-ztunnel/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-ztunnel/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/istio-ztunnel/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/istio/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/keycloak/base/keycloak-db-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/keycloak/base/keycloak-db.yaml (100%) rename {kubernetes => argocd}/infrastructure/keycloak/base/keycloak-env-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/keycloak/base/keycloak-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/keycloak/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/keycloak/base/minio-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/keycloak/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/keycloak/base/picluster-realm.json (100%) rename {kubernetes => argocd}/infrastructure/keycloak/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/keycloak/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/keycloak/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/keycloak/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/keycloak/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/kiali/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/kiali/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/kiali/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/kiali/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/kiali/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/kiali/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/kiali/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/kube-prometheus-stack/base/external-node-service-metrics.yaml (100%) rename {kubernetes => argocd}/infrastructure/kube-prometheus-stack/base/grafana-dashboards.yaml (100%) rename {kubernetes => argocd}/infrastructure/kube-prometheus-stack/base/ingress.yaml (100%) rename {kubernetes => argocd}/infrastructure/kube-prometheus-stack/base/k3s-service-metric.yaml (100%) rename {kubernetes => argocd}/infrastructure/kube-prometheus-stack/base/k3s-servicemonitor.yaml (100%) rename {kubernetes => argocd}/infrastructure/kube-prometheus-stack/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/kube-prometheus-stack/base/minio-bearer-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/kube-prometheus-stack/base/minio-service-metrics.yaml (100%) rename {kubernetes => argocd}/infrastructure/kube-prometheus-stack/base/minio-servicemonitor.yaml (100%) rename {kubernetes => argocd}/infrastructure/kube-prometheus-stack/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/kube-prometheus-stack/base/prometheus-rules.yaml (100%) rename {kubernetes => argocd}/infrastructure/kube-prometheus-stack/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/kube-prometheus-stack/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/kube-prometheus-stack/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/kube-prometheus-stack/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/kube-prometheus-stack/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/loki/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/loki/base/loki-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/loki/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/loki/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/loki/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/loki/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/loki/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/loki/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/longhorn/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/longhorn/base/minio-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/longhorn/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/longhorn/base/service-monitor.yaml (100%) rename {kubernetes => argocd}/infrastructure/longhorn/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/longhorn/base/volume-snapshot-class.yaml (100%) rename {kubernetes => argocd}/infrastructure/longhorn/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/longhorn/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/longhorn/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/longhorn/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/minio/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/minio/base/minio-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/minio/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/minio/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/minio/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/minio/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/minio/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/minio/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/nginx/base/basic-auth-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/nginx/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/nginx/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/nginx/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/nginx/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/nginx/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/nginx/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/nginx/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/oauth2-proxy/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/oauth2-proxy/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/oauth2-proxy/base/oauth2-proxy-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/oauth2-proxy/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/oauth2-proxy/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/oauth2-proxy/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/oauth2-proxy/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/oauth2-proxy/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/system-upgrade/base/k3s-agent.yaml (100%) rename {kubernetes => argocd}/infrastructure/system-upgrade/base/k3s-server.yaml (100%) rename {kubernetes => argocd}/infrastructure/system-upgrade/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/system-upgrade/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/system-upgrade/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/tempo/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/tempo/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/tempo/base/tempo-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/tempo/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/tempo/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/tempo/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/tempo/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/tempo/overlays/prod/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/velero/base/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/velero/base/ns.yaml (100%) rename {kubernetes => argocd}/infrastructure/velero/base/schedule.yaml (100%) rename {kubernetes => argocd}/infrastructure/velero/base/servicemonitor.yaml (100%) rename {kubernetes => argocd}/infrastructure/velero/base/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/velero/base/velero-externalsecret.yaml (100%) rename {kubernetes => argocd}/infrastructure/velero/base/volume-snapshot.yaml (100%) rename {kubernetes => argocd}/infrastructure/velero/overlays/dev/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/velero/overlays/dev/values.yaml (100%) rename {kubernetes => argocd}/infrastructure/velero/overlays/prod/kustomization.yaml (100%) rename {kubernetes => argocd}/infrastructure/velero/overlays/prod/values.yaml (100%) diff --git a/kubernetes/.gitignore b/argocd/.gitignore similarity index 100% rename from kubernetes/.gitignore rename to argocd/.gitignore diff --git a/kubernetes/apps/book-info/base/kustomization.yaml b/argocd/apps/book-info/base/kustomization.yaml similarity index 100% rename from kubernetes/apps/book-info/base/kustomization.yaml rename to argocd/apps/book-info/base/kustomization.yaml diff --git a/kubernetes/apps/book-info/base/ns.yaml b/argocd/apps/book-info/base/ns.yaml similarity index 100% rename from kubernetes/apps/book-info/base/ns.yaml rename to argocd/apps/book-info/base/ns.yaml diff --git a/kubernetes/apps/book-info/overlays/dev/kustomization.yaml b/argocd/apps/book-info/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/apps/book-info/overlays/dev/kustomization.yaml rename to argocd/apps/book-info/overlays/dev/kustomization.yaml diff --git a/kubernetes/apps/book-info/overlays/prod/kustomization.yaml b/argocd/apps/book-info/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/apps/book-info/overlays/prod/kustomization.yaml rename to argocd/apps/book-info/overlays/prod/kustomization.yaml diff --git a/kubernetes/apps/kafka/base/kafdrop-values.yaml b/argocd/apps/kafka/base/kafdrop-values.yaml similarity index 100% rename from kubernetes/apps/kafka/base/kafdrop-values.yaml rename to argocd/apps/kafka/base/kafdrop-values.yaml diff --git a/kubernetes/apps/kafka/base/kafka-cluster.yaml b/argocd/apps/kafka/base/kafka-cluster.yaml similarity index 100% rename from kubernetes/apps/kafka/base/kafka-cluster.yaml rename to argocd/apps/kafka/base/kafka-cluster.yaml diff --git a/kubernetes/apps/kafka/base/kafka-topic.yaml b/argocd/apps/kafka/base/kafka-topic.yaml similarity index 100% rename from kubernetes/apps/kafka/base/kafka-topic.yaml rename to argocd/apps/kafka/base/kafka-topic.yaml diff --git a/kubernetes/apps/kafka/base/kustomization.yaml b/argocd/apps/kafka/base/kustomization.yaml similarity index 100% rename from kubernetes/apps/kafka/base/kustomization.yaml rename to argocd/apps/kafka/base/kustomization.yaml diff --git a/kubernetes/apps/kafka/base/ns.yaml b/argocd/apps/kafka/base/ns.yaml similarity index 100% rename from kubernetes/apps/kafka/base/ns.yaml rename to argocd/apps/kafka/base/ns.yaml diff --git a/kubernetes/apps/kafka/base/schema-registry-values.yaml b/argocd/apps/kafka/base/schema-registry-values.yaml similarity index 100% rename from kubernetes/apps/kafka/base/schema-registry-values.yaml rename to argocd/apps/kafka/base/schema-registry-values.yaml diff --git a/kubernetes/apps/kafka/base/strimzi-kafka-operator-values.yaml b/argocd/apps/kafka/base/strimzi-kafka-operator-values.yaml similarity index 100% rename from kubernetes/apps/kafka/base/strimzi-kafka-operator-values.yaml rename to argocd/apps/kafka/base/strimzi-kafka-operator-values.yaml diff --git a/kubernetes/apps/kafka/base/tempo-externalsecret.yaml b/argocd/apps/kafka/base/tempo-externalsecret.yaml similarity index 100% rename from kubernetes/apps/kafka/base/tempo-externalsecret.yaml rename to argocd/apps/kafka/base/tempo-externalsecret.yaml diff --git a/kubernetes/apps/kafka/overlays/dev/kafdrop-values.yaml b/argocd/apps/kafka/overlays/dev/kafdrop-values.yaml similarity index 100% rename from kubernetes/apps/kafka/overlays/dev/kafdrop-values.yaml rename to argocd/apps/kafka/overlays/dev/kafdrop-values.yaml diff --git a/kubernetes/apps/kafka/overlays/dev/kustomization.yaml b/argocd/apps/kafka/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/apps/kafka/overlays/dev/kustomization.yaml rename to argocd/apps/kafka/overlays/dev/kustomization.yaml diff --git a/kubernetes/apps/kafka/overlays/dev/schema-registry-values.yaml b/argocd/apps/kafka/overlays/dev/schema-registry-values.yaml similarity index 100% rename from kubernetes/apps/kafka/overlays/dev/schema-registry-values.yaml rename to argocd/apps/kafka/overlays/dev/schema-registry-values.yaml diff --git a/kubernetes/apps/kafka/overlays/dev/strimzi-kafka-operator-values.yaml b/argocd/apps/kafka/overlays/dev/strimzi-kafka-operator-values.yaml similarity index 100% rename from kubernetes/apps/kafka/overlays/dev/strimzi-kafka-operator-values.yaml rename to argocd/apps/kafka/overlays/dev/strimzi-kafka-operator-values.yaml diff --git a/kubernetes/apps/kafka/overlays/prod/kafdrop-values.yaml b/argocd/apps/kafka/overlays/prod/kafdrop-values.yaml similarity index 100% rename from kubernetes/apps/kafka/overlays/prod/kafdrop-values.yaml rename to argocd/apps/kafka/overlays/prod/kafdrop-values.yaml diff --git a/kubernetes/apps/kafka/overlays/prod/kustomization.yaml b/argocd/apps/kafka/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/apps/kafka/overlays/prod/kustomization.yaml rename to argocd/apps/kafka/overlays/prod/kustomization.yaml diff --git a/kubernetes/apps/kafka/overlays/prod/schema-registry-values.yaml b/argocd/apps/kafka/overlays/prod/schema-registry-values.yaml similarity index 100% rename from kubernetes/apps/kafka/overlays/prod/schema-registry-values.yaml rename to argocd/apps/kafka/overlays/prod/schema-registry-values.yaml diff --git a/kubernetes/apps/kafka/overlays/prod/strimzi-kafka-operator-values.yaml b/argocd/apps/kafka/overlays/prod/strimzi-kafka-operator-values.yaml similarity index 100% rename from kubernetes/apps/kafka/overlays/prod/strimzi-kafka-operator-values.yaml rename to argocd/apps/kafka/overlays/prod/strimzi-kafka-operator-values.yaml diff --git a/kubernetes/bootstrap/apps/base/apps/kafka-app.yaml b/argocd/bootstrap/apps/base/apps/kafka-app.yaml similarity index 100% rename from kubernetes/bootstrap/apps/base/apps/kafka-app.yaml rename to argocd/bootstrap/apps/base/apps/kafka-app.yaml diff --git a/kubernetes/bootstrap/apps/base/kustomization.yaml b/argocd/bootstrap/apps/base/kustomization.yaml similarity index 100% rename from kubernetes/bootstrap/apps/base/kustomization.yaml rename to argocd/bootstrap/apps/base/kustomization.yaml diff --git a/kubernetes/bootstrap/apps/overlays/dev/apps/kafka-app.yaml b/argocd/bootstrap/apps/overlays/dev/apps/kafka-app.yaml similarity index 100% rename from kubernetes/bootstrap/apps/overlays/dev/apps/kafka-app.yaml rename to argocd/bootstrap/apps/overlays/dev/apps/kafka-app.yaml diff --git a/kubernetes/bootstrap/apps/overlays/dev/kustomization.yaml b/argocd/bootstrap/apps/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/bootstrap/apps/overlays/dev/kustomization.yaml rename to argocd/bootstrap/apps/overlays/dev/kustomization.yaml diff --git a/kubernetes/bootstrap/apps/overlays/prod/kustomization.yaml b/argocd/bootstrap/apps/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/bootstrap/apps/overlays/prod/kustomization.yaml rename to argocd/bootstrap/apps/overlays/prod/kustomization.yaml diff --git a/kubernetes/bootstrap/argocd/base/kustomization.yaml b/argocd/bootstrap/argocd/base/kustomization.yaml similarity index 100% rename from kubernetes/bootstrap/argocd/base/kustomization.yaml rename to argocd/bootstrap/argocd/base/kustomization.yaml diff --git a/kubernetes/bootstrap/argocd/base/project.yaml b/argocd/bootstrap/argocd/base/project.yaml similarity index 100% rename from kubernetes/bootstrap/argocd/base/project.yaml rename to argocd/bootstrap/argocd/base/project.yaml diff --git a/kubernetes/bootstrap/argocd/base/root-app.yaml b/argocd/bootstrap/argocd/base/root-app.yaml similarity index 100% rename from kubernetes/bootstrap/argocd/base/root-app.yaml rename to argocd/bootstrap/argocd/base/root-app.yaml diff --git a/kubernetes/bootstrap/argocd/overlays/dev/infra-branch.yaml b/argocd/bootstrap/argocd/overlays/dev/infra-branch.yaml similarity index 100% rename from kubernetes/bootstrap/argocd/overlays/dev/infra-branch.yaml rename to argocd/bootstrap/argocd/overlays/dev/infra-branch.yaml diff --git a/kubernetes/bootstrap/argocd/overlays/dev/kustomization.yaml b/argocd/bootstrap/argocd/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/bootstrap/argocd/overlays/dev/kustomization.yaml rename to argocd/bootstrap/argocd/overlays/dev/kustomization.yaml diff --git a/kubernetes/bootstrap/argocd/overlays/prod/infra-branch.yaml b/argocd/bootstrap/argocd/overlays/prod/infra-branch.yaml similarity index 100% rename from kubernetes/bootstrap/argocd/overlays/prod/infra-branch.yaml rename to argocd/bootstrap/argocd/overlays/prod/infra-branch.yaml diff --git a/kubernetes/bootstrap/argocd/overlays/prod/kustomization.yaml b/argocd/bootstrap/argocd/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/bootstrap/argocd/overlays/prod/kustomization.yaml rename to argocd/bootstrap/argocd/overlays/prod/kustomization.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/argocd-app.yaml b/argocd/bootstrap/infra/base/apps/argocd-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/argocd-app.yaml rename to argocd/bootstrap/infra/base/apps/argocd-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/cert-manager-app.yaml b/argocd/bootstrap/infra/base/apps/cert-manager-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/cert-manager-app.yaml rename to argocd/bootstrap/infra/base/apps/cert-manager-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/cilium-app.yaml b/argocd/bootstrap/infra/base/apps/cilium-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/cilium-app.yaml rename to argocd/bootstrap/infra/base/apps/cilium-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/cilium-config-app.yaml b/argocd/bootstrap/infra/base/apps/cilium-config-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/cilium-config-app.yaml rename to argocd/bootstrap/infra/base/apps/cilium-config-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/crds-app.yaml b/argocd/bootstrap/infra/base/apps/crds-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/crds-app.yaml rename to argocd/bootstrap/infra/base/apps/crds-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/csi-external-snapshotter-app.yaml b/argocd/bootstrap/infra/base/apps/csi-external-snapshotter-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/csi-external-snapshotter-app.yaml rename to argocd/bootstrap/infra/base/apps/csi-external-snapshotter-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/databases-app.yaml b/argocd/bootstrap/infra/base/apps/databases-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/databases-app.yaml rename to argocd/bootstrap/infra/base/apps/databases-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/elastic-app.yaml b/argocd/bootstrap/infra/base/apps/elastic-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/elastic-app.yaml rename to argocd/bootstrap/infra/base/apps/elastic-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/external-secrets-app.yaml b/argocd/bootstrap/infra/base/apps/external-secrets-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/external-secrets-app.yaml rename to argocd/bootstrap/infra/base/apps/external-secrets-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/fluent-app.yaml b/argocd/bootstrap/infra/base/apps/fluent-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/fluent-app.yaml rename to argocd/bootstrap/infra/base/apps/fluent-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/grafana-app.yaml b/argocd/bootstrap/infra/base/apps/grafana-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/grafana-app.yaml rename to argocd/bootstrap/infra/base/apps/grafana-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/istio-base-app.yaml b/argocd/bootstrap/infra/base/apps/istio-base-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/istio-base-app.yaml rename to argocd/bootstrap/infra/base/apps/istio-base-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/istio-cni-app.yaml b/argocd/bootstrap/infra/base/apps/istio-cni-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/istio-cni-app.yaml rename to argocd/bootstrap/infra/base/apps/istio-cni-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/istio-config-app.yaml b/argocd/bootstrap/infra/base/apps/istio-config-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/istio-config-app.yaml rename to argocd/bootstrap/infra/base/apps/istio-config-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/istio-gateway-app.yaml b/argocd/bootstrap/infra/base/apps/istio-gateway-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/istio-gateway-app.yaml rename to argocd/bootstrap/infra/base/apps/istio-gateway-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/istio-istiod-app.yaml b/argocd/bootstrap/infra/base/apps/istio-istiod-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/istio-istiod-app.yaml rename to argocd/bootstrap/infra/base/apps/istio-istiod-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/istio-ztunnel-app.yaml b/argocd/bootstrap/infra/base/apps/istio-ztunnel-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/istio-ztunnel-app.yaml rename to argocd/bootstrap/infra/base/apps/istio-ztunnel-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/keycloak-app.yaml b/argocd/bootstrap/infra/base/apps/keycloak-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/keycloak-app.yaml rename to argocd/bootstrap/infra/base/apps/keycloak-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/kube-prom-stack-app.yaml b/argocd/bootstrap/infra/base/apps/kube-prom-stack-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/kube-prom-stack-app.yaml rename to argocd/bootstrap/infra/base/apps/kube-prom-stack-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/loki-app.yaml b/argocd/bootstrap/infra/base/apps/loki-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/loki-app.yaml rename to argocd/bootstrap/infra/base/apps/loki-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/longhorn-app.yaml b/argocd/bootstrap/infra/base/apps/longhorn-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/longhorn-app.yaml rename to argocd/bootstrap/infra/base/apps/longhorn-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/minio-app.yaml b/argocd/bootstrap/infra/base/apps/minio-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/minio-app.yaml rename to argocd/bootstrap/infra/base/apps/minio-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/nginx-app.yaml b/argocd/bootstrap/infra/base/apps/nginx-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/nginx-app.yaml rename to argocd/bootstrap/infra/base/apps/nginx-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/oauth2-proxy-app.yaml b/argocd/bootstrap/infra/base/apps/oauth2-proxy-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/oauth2-proxy-app.yaml rename to argocd/bootstrap/infra/base/apps/oauth2-proxy-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/system-upgrade-app.yaml b/argocd/bootstrap/infra/base/apps/system-upgrade-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/system-upgrade-app.yaml rename to argocd/bootstrap/infra/base/apps/system-upgrade-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/tempo-app.yaml b/argocd/bootstrap/infra/base/apps/tempo-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/tempo-app.yaml rename to argocd/bootstrap/infra/base/apps/tempo-app.yaml diff --git a/kubernetes/bootstrap/infra/base/apps/velero-app.yaml b/argocd/bootstrap/infra/base/apps/velero-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/apps/velero-app.yaml rename to argocd/bootstrap/infra/base/apps/velero-app.yaml diff --git a/kubernetes/bootstrap/infra/base/kustomization.yaml b/argocd/bootstrap/infra/base/kustomization.yaml similarity index 100% rename from kubernetes/bootstrap/infra/base/kustomization.yaml rename to argocd/bootstrap/infra/base/kustomization.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/argocd-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/argocd-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/argocd-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/argocd-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/cert-manager-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/cert-manager-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/cert-manager-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/cert-manager-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/cilium-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/cilium-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/cilium-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/cilium-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/cilium-config-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/cilium-config-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/cilium-config-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/cilium-config-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/crds-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/crds-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/crds-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/crds-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/csi-external-snapshotter-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/csi-external-snapshotter-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/csi-external-snapshotter-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/csi-external-snapshotter-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/databases-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/databases-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/databases-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/databases-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/elastic-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/elastic-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/elastic-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/elastic-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/external-secrets-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/external-secrets-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/external-secrets-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/external-secrets-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/fluent-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/fluent-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/fluent-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/fluent-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/grafana-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/grafana-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/grafana-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/grafana-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/istio-config-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/istio-config-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/istio-config-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/istio-config-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/keycloak-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/keycloak-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/keycloak-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/keycloak-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/kube-prom-stack-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/kube-prom-stack-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/kube-prom-stack-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/kube-prom-stack-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/loki-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/loki-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/loki-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/loki-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/longhorn-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/longhorn-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/longhorn-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/longhorn-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/minio-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/minio-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/minio-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/minio-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/nginx-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/nginx-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/nginx-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/nginx-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/oauth2-proxy-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/oauth2-proxy-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/oauth2-proxy-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/oauth2-proxy-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/system-upgrade-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/system-upgrade-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/system-upgrade-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/system-upgrade-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/tempo-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/tempo-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/tempo-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/tempo-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/apps/velero-app.yaml b/argocd/bootstrap/infra/overlays/dev/apps/velero-app.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/apps/velero-app.yaml rename to argocd/bootstrap/infra/overlays/dev/apps/velero-app.yaml diff --git a/kubernetes/bootstrap/infra/overlays/dev/kustomization.yaml b/argocd/bootstrap/infra/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/dev/kustomization.yaml rename to argocd/bootstrap/infra/overlays/dev/kustomization.yaml diff --git a/kubernetes/bootstrap/infra/overlays/prod/kustomization.yaml b/argocd/bootstrap/infra/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/bootstrap/infra/overlays/prod/kustomization.yaml rename to argocd/bootstrap/infra/overlays/prod/kustomization.yaml diff --git a/kubernetes/bootstrap/root-app/base/application.yaml b/argocd/bootstrap/root-app/base/application.yaml similarity index 100% rename from kubernetes/bootstrap/root-app/base/application.yaml rename to argocd/bootstrap/root-app/base/application.yaml diff --git a/kubernetes/bootstrap/root-app/base/infrastructure.yaml b/argocd/bootstrap/root-app/base/infrastructure.yaml similarity index 100% rename from kubernetes/bootstrap/root-app/base/infrastructure.yaml rename to argocd/bootstrap/root-app/base/infrastructure.yaml diff --git a/kubernetes/bootstrap/root-app/base/kustomization.yaml b/argocd/bootstrap/root-app/base/kustomization.yaml similarity index 100% rename from kubernetes/bootstrap/root-app/base/kustomization.yaml rename to argocd/bootstrap/root-app/base/kustomization.yaml diff --git a/kubernetes/bootstrap/root-app/overlays/dev/app-branch.yaml b/argocd/bootstrap/root-app/overlays/dev/app-branch.yaml similarity index 100% rename from kubernetes/bootstrap/root-app/overlays/dev/app-branch.yaml rename to argocd/bootstrap/root-app/overlays/dev/app-branch.yaml diff --git a/kubernetes/bootstrap/root-app/overlays/dev/infra-branch.yaml b/argocd/bootstrap/root-app/overlays/dev/infra-branch.yaml similarity index 100% rename from kubernetes/bootstrap/root-app/overlays/dev/infra-branch.yaml rename to argocd/bootstrap/root-app/overlays/dev/infra-branch.yaml diff --git a/kubernetes/bootstrap/root-app/overlays/dev/kustomization.yaml b/argocd/bootstrap/root-app/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/bootstrap/root-app/overlays/dev/kustomization.yaml rename to argocd/bootstrap/root-app/overlays/dev/kustomization.yaml diff --git a/kubernetes/bootstrap/root-app/overlays/prod/app-branch.yaml b/argocd/bootstrap/root-app/overlays/prod/app-branch.yaml similarity index 100% rename from kubernetes/bootstrap/root-app/overlays/prod/app-branch.yaml rename to argocd/bootstrap/root-app/overlays/prod/app-branch.yaml diff --git a/kubernetes/bootstrap/root-app/overlays/prod/infra-branch.yaml b/argocd/bootstrap/root-app/overlays/prod/infra-branch.yaml similarity index 100% rename from kubernetes/bootstrap/root-app/overlays/prod/infra-branch.yaml rename to argocd/bootstrap/root-app/overlays/prod/infra-branch.yaml diff --git a/kubernetes/bootstrap/root-app/overlays/prod/kustomization.yaml b/argocd/bootstrap/root-app/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/bootstrap/root-app/overlays/prod/kustomization.yaml rename to argocd/bootstrap/root-app/overlays/prod/kustomization.yaml diff --git a/kubernetes/bootstrap/vault/base/kustomization.yaml b/argocd/bootstrap/vault/base/kustomization.yaml similarity index 100% rename from kubernetes/bootstrap/vault/base/kustomization.yaml rename to argocd/bootstrap/vault/base/kustomization.yaml diff --git a/kubernetes/bootstrap/vault/base/ns.yaml b/argocd/bootstrap/vault/base/ns.yaml similarity index 100% rename from kubernetes/bootstrap/vault/base/ns.yaml rename to argocd/bootstrap/vault/base/ns.yaml diff --git a/kubernetes/bootstrap/vault/base/vault-auth-serviceaccount.yaml b/argocd/bootstrap/vault/base/vault-auth-serviceaccount.yaml similarity index 100% rename from kubernetes/bootstrap/vault/base/vault-auth-serviceaccount.yaml rename to argocd/bootstrap/vault/base/vault-auth-serviceaccount.yaml diff --git a/kubernetes/bootstrap/vault/overlays/dev/kustomization.yaml b/argocd/bootstrap/vault/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/bootstrap/vault/overlays/dev/kustomization.yaml rename to argocd/bootstrap/vault/overlays/dev/kustomization.yaml diff --git a/kubernetes/bootstrap/vault/overlays/prod/kustomization.yaml b/argocd/bootstrap/vault/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/bootstrap/vault/overlays/prod/kustomization.yaml rename to argocd/bootstrap/vault/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/argocd/base/kustomization.yaml b/argocd/infrastructure/argocd/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/argocd/base/kustomization.yaml rename to argocd/infrastructure/argocd/base/kustomization.yaml diff --git a/kubernetes/infrastructure/argocd/base/ns.yaml b/argocd/infrastructure/argocd/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/argocd/base/ns.yaml rename to argocd/infrastructure/argocd/base/ns.yaml diff --git a/kubernetes/infrastructure/argocd/base/values.yaml b/argocd/infrastructure/argocd/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/argocd/base/values.yaml rename to argocd/infrastructure/argocd/base/values.yaml diff --git a/kubernetes/infrastructure/argocd/overlays/dev/kustomization.yaml b/argocd/infrastructure/argocd/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/argocd/overlays/dev/kustomization.yaml rename to argocd/infrastructure/argocd/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/argocd/overlays/dev/values.yaml b/argocd/infrastructure/argocd/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/argocd/overlays/dev/values.yaml rename to argocd/infrastructure/argocd/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/argocd/overlays/prod/kustomization.yaml b/argocd/infrastructure/argocd/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/argocd/overlays/prod/kustomization.yaml rename to argocd/infrastructure/argocd/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/argocd/overlays/prod/values.yaml b/argocd/infrastructure/argocd/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/argocd/overlays/prod/values.yaml rename to argocd/infrastructure/argocd/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/cert-manager/base/ca-issuer.yaml b/argocd/infrastructure/cert-manager/base/ca-issuer.yaml similarity index 100% rename from kubernetes/infrastructure/cert-manager/base/ca-issuer.yaml rename to argocd/infrastructure/cert-manager/base/ca-issuer.yaml diff --git a/kubernetes/infrastructure/cert-manager/base/cert-manager-values.yaml b/argocd/infrastructure/cert-manager/base/cert-manager-values.yaml similarity index 100% rename from kubernetes/infrastructure/cert-manager/base/cert-manager-values.yaml rename to argocd/infrastructure/cert-manager/base/cert-manager-values.yaml diff --git a/kubernetes/infrastructure/cert-manager/base/ionos-externalsecret.yaml b/argocd/infrastructure/cert-manager/base/ionos-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/cert-manager/base/ionos-externalsecret.yaml rename to argocd/infrastructure/cert-manager/base/ionos-externalsecret.yaml diff --git a/kubernetes/infrastructure/cert-manager/base/ionos-issuer.yaml b/argocd/infrastructure/cert-manager/base/ionos-issuer.yaml similarity index 100% rename from kubernetes/infrastructure/cert-manager/base/ionos-issuer.yaml rename to argocd/infrastructure/cert-manager/base/ionos-issuer.yaml diff --git a/kubernetes/infrastructure/cert-manager/base/ionos-webhook-values.yaml b/argocd/infrastructure/cert-manager/base/ionos-webhook-values.yaml similarity index 100% rename from kubernetes/infrastructure/cert-manager/base/ionos-webhook-values.yaml rename to argocd/infrastructure/cert-manager/base/ionos-webhook-values.yaml diff --git a/kubernetes/infrastructure/cert-manager/base/kustomization.yaml b/argocd/infrastructure/cert-manager/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/cert-manager/base/kustomization.yaml rename to argocd/infrastructure/cert-manager/base/kustomization.yaml diff --git a/kubernetes/infrastructure/cert-manager/base/ns.yaml b/argocd/infrastructure/cert-manager/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/cert-manager/base/ns.yaml rename to argocd/infrastructure/cert-manager/base/ns.yaml diff --git a/kubernetes/infrastructure/cert-manager/base/self-signed-issuer.yaml b/argocd/infrastructure/cert-manager/base/self-signed-issuer.yaml similarity index 100% rename from kubernetes/infrastructure/cert-manager/base/self-signed-issuer.yaml rename to argocd/infrastructure/cert-manager/base/self-signed-issuer.yaml diff --git a/kubernetes/infrastructure/cert-manager/overlays/dev/cert-manager-values.yaml b/argocd/infrastructure/cert-manager/overlays/dev/cert-manager-values.yaml similarity index 100% rename from kubernetes/infrastructure/cert-manager/overlays/dev/cert-manager-values.yaml rename to argocd/infrastructure/cert-manager/overlays/dev/cert-manager-values.yaml diff --git a/kubernetes/infrastructure/cert-manager/overlays/dev/ionos-webhook-values.yaml b/argocd/infrastructure/cert-manager/overlays/dev/ionos-webhook-values.yaml similarity index 100% rename from kubernetes/infrastructure/cert-manager/overlays/dev/ionos-webhook-values.yaml rename to argocd/infrastructure/cert-manager/overlays/dev/ionos-webhook-values.yaml diff --git a/kubernetes/infrastructure/cert-manager/overlays/dev/kustomization.yaml b/argocd/infrastructure/cert-manager/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/cert-manager/overlays/dev/kustomization.yaml rename to argocd/infrastructure/cert-manager/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/cert-manager/overlays/prod/cert-manager-values.yaml b/argocd/infrastructure/cert-manager/overlays/prod/cert-manager-values.yaml similarity index 100% rename from kubernetes/infrastructure/cert-manager/overlays/prod/cert-manager-values.yaml rename to argocd/infrastructure/cert-manager/overlays/prod/cert-manager-values.yaml diff --git a/kubernetes/infrastructure/cert-manager/overlays/prod/ionos-webhook-values.yaml b/argocd/infrastructure/cert-manager/overlays/prod/ionos-webhook-values.yaml similarity index 100% rename from kubernetes/infrastructure/cert-manager/overlays/prod/ionos-webhook-values.yaml rename to argocd/infrastructure/cert-manager/overlays/prod/ionos-webhook-values.yaml diff --git a/kubernetes/infrastructure/cert-manager/overlays/prod/kustomization.yaml b/argocd/infrastructure/cert-manager/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/cert-manager/overlays/prod/kustomization.yaml rename to argocd/infrastructure/cert-manager/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/cilium-config/base/cilium-l2-announcement-policy.yaml b/argocd/infrastructure/cilium-config/base/cilium-l2-announcement-policy.yaml similarity index 100% rename from kubernetes/infrastructure/cilium-config/base/cilium-l2-announcement-policy.yaml rename to argocd/infrastructure/cilium-config/base/cilium-l2-announcement-policy.yaml diff --git a/kubernetes/infrastructure/cilium-config/base/ip-pool-lb.yaml b/argocd/infrastructure/cilium-config/base/ip-pool-lb.yaml similarity index 100% rename from kubernetes/infrastructure/cilium-config/base/ip-pool-lb.yaml rename to argocd/infrastructure/cilium-config/base/ip-pool-lb.yaml diff --git a/kubernetes/infrastructure/cilium-config/base/kustomization.yaml b/argocd/infrastructure/cilium-config/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/cilium-config/base/kustomization.yaml rename to argocd/infrastructure/cilium-config/base/kustomization.yaml diff --git a/kubernetes/infrastructure/cilium-config/overlays/dev/kustomization.yaml b/argocd/infrastructure/cilium-config/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/cilium-config/overlays/dev/kustomization.yaml rename to argocd/infrastructure/cilium-config/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/cilium-config/overlays/prod/kustomization.yaml b/argocd/infrastructure/cilium-config/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/cilium-config/overlays/prod/kustomization.yaml rename to argocd/infrastructure/cilium-config/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/cilium/base/kustomization.yaml b/argocd/infrastructure/cilium/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/cilium/base/kustomization.yaml rename to argocd/infrastructure/cilium/base/kustomization.yaml diff --git a/kubernetes/infrastructure/cilium/base/values.yaml b/argocd/infrastructure/cilium/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/cilium/base/values.yaml rename to argocd/infrastructure/cilium/base/values.yaml diff --git a/kubernetes/infrastructure/cilium/overlays/dev/kustomization.yaml b/argocd/infrastructure/cilium/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/cilium/overlays/dev/kustomization.yaml rename to argocd/infrastructure/cilium/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/cilium/overlays/dev/values.yaml b/argocd/infrastructure/cilium/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/cilium/overlays/dev/values.yaml rename to argocd/infrastructure/cilium/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/cilium/overlays/prod/kustomization.yaml b/argocd/infrastructure/cilium/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/cilium/overlays/prod/kustomization.yaml rename to argocd/infrastructure/cilium/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/cilium/overlays/prod/values.yaml b/argocd/infrastructure/cilium/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/cilium/overlays/prod/values.yaml rename to argocd/infrastructure/cilium/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/crds/base/kustomization.yaml b/argocd/infrastructure/crds/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/crds/base/kustomization.yaml rename to argocd/infrastructure/crds/base/kustomization.yaml diff --git a/kubernetes/infrastructure/crds/overlays/dev/kustomization.yaml b/argocd/infrastructure/crds/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/crds/overlays/dev/kustomization.yaml rename to argocd/infrastructure/crds/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/crds/overlays/prod/kustomization.yaml b/argocd/infrastructure/crds/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/crds/overlays/prod/kustomization.yaml rename to argocd/infrastructure/crds/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/csi-external-snapshotter/base/kustomization.yaml b/argocd/infrastructure/csi-external-snapshotter/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/csi-external-snapshotter/base/kustomization.yaml rename to argocd/infrastructure/csi-external-snapshotter/base/kustomization.yaml diff --git a/kubernetes/infrastructure/csi-external-snapshotter/overlays/dev/kustomization.yaml b/argocd/infrastructure/csi-external-snapshotter/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/csi-external-snapshotter/overlays/dev/kustomization.yaml rename to argocd/infrastructure/csi-external-snapshotter/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/csi-external-snapshotter/overlays/prod/kustomization.yaml b/argocd/infrastructure/csi-external-snapshotter/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/csi-external-snapshotter/overlays/prod/kustomization.yaml rename to argocd/infrastructure/csi-external-snapshotter/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/databases/base/cloudnative-pg-values.yaml b/argocd/infrastructure/databases/base/cloudnative-pg-values.yaml similarity index 100% rename from kubernetes/infrastructure/databases/base/cloudnative-pg-values.yaml rename to argocd/infrastructure/databases/base/cloudnative-pg-values.yaml diff --git a/kubernetes/infrastructure/databases/base/kustomization.yaml b/argocd/infrastructure/databases/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/databases/base/kustomization.yaml rename to argocd/infrastructure/databases/base/kustomization.yaml diff --git a/kubernetes/infrastructure/databases/base/mongodb-database-example.yaml b/argocd/infrastructure/databases/base/mongodb-database-example.yaml similarity index 100% rename from kubernetes/infrastructure/databases/base/mongodb-database-example.yaml rename to argocd/infrastructure/databases/base/mongodb-database-example.yaml diff --git a/kubernetes/infrastructure/databases/base/mongodb-operator-values.yaml b/argocd/infrastructure/databases/base/mongodb-operator-values.yaml similarity index 100% rename from kubernetes/infrastructure/databases/base/mongodb-operator-values.yaml rename to argocd/infrastructure/databases/base/mongodb-operator-values.yaml diff --git a/kubernetes/infrastructure/databases/base/ns.yaml b/argocd/infrastructure/databases/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/databases/base/ns.yaml rename to argocd/infrastructure/databases/base/ns.yaml diff --git a/kubernetes/infrastructure/databases/overlays/dev/cloudnative-pg-values.yaml b/argocd/infrastructure/databases/overlays/dev/cloudnative-pg-values.yaml similarity index 100% rename from kubernetes/infrastructure/databases/overlays/dev/cloudnative-pg-values.yaml rename to argocd/infrastructure/databases/overlays/dev/cloudnative-pg-values.yaml diff --git a/kubernetes/infrastructure/databases/overlays/dev/kustomization.yaml b/argocd/infrastructure/databases/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/databases/overlays/dev/kustomization.yaml rename to argocd/infrastructure/databases/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/databases/overlays/dev/mongodb-operator-values.yaml b/argocd/infrastructure/databases/overlays/dev/mongodb-operator-values.yaml similarity index 100% rename from kubernetes/infrastructure/databases/overlays/dev/mongodb-operator-values.yaml rename to argocd/infrastructure/databases/overlays/dev/mongodb-operator-values.yaml diff --git a/kubernetes/infrastructure/databases/overlays/prod/cloudnative-pg-values.yaml b/argocd/infrastructure/databases/overlays/prod/cloudnative-pg-values.yaml similarity index 100% rename from kubernetes/infrastructure/databases/overlays/prod/cloudnative-pg-values.yaml rename to argocd/infrastructure/databases/overlays/prod/cloudnative-pg-values.yaml diff --git a/kubernetes/infrastructure/databases/overlays/prod/kustomization.yaml b/argocd/infrastructure/databases/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/databases/overlays/prod/kustomization.yaml rename to argocd/infrastructure/databases/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/databases/overlays/prod/mongodb-operator-values.yaml b/argocd/infrastructure/databases/overlays/prod/mongodb-operator-values.yaml similarity index 100% rename from kubernetes/infrastructure/databases/overlays/prod/mongodb-operator-values.yaml rename to argocd/infrastructure/databases/overlays/prod/mongodb-operator-values.yaml diff --git a/kubernetes/infrastructure/elastic/base/eck-operator-values.yaml b/argocd/infrastructure/elastic/base/eck-operator-values.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/base/eck-operator-values.yaml rename to argocd/infrastructure/elastic/base/eck-operator-values.yaml diff --git a/kubernetes/infrastructure/elastic/base/elasticsearch-admin-externalsecret.yaml b/argocd/infrastructure/elastic/base/elasticsearch-admin-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/base/elasticsearch-admin-externalsecret.yaml rename to argocd/infrastructure/elastic/base/elasticsearch-admin-externalsecret.yaml diff --git a/kubernetes/infrastructure/elastic/base/elasticsearch-fluentd-externalsecret.yaml b/argocd/infrastructure/elastic/base/elasticsearch-fluentd-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/base/elasticsearch-fluentd-externalsecret.yaml rename to argocd/infrastructure/elastic/base/elasticsearch-fluentd-externalsecret.yaml diff --git a/kubernetes/infrastructure/elastic/base/elasticsearch-fluentd-role.yaml b/argocd/infrastructure/elastic/base/elasticsearch-fluentd-role.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/base/elasticsearch-fluentd-role.yaml rename to argocd/infrastructure/elastic/base/elasticsearch-fluentd-role.yaml diff --git a/kubernetes/infrastructure/elastic/base/elasticsearch-ingress.yaml b/argocd/infrastructure/elastic/base/elasticsearch-ingress.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/base/elasticsearch-ingress.yaml rename to argocd/infrastructure/elastic/base/elasticsearch-ingress.yaml diff --git a/kubernetes/infrastructure/elastic/base/elasticsearch-prometheus-externalsecret.yaml b/argocd/infrastructure/elastic/base/elasticsearch-prometheus-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/base/elasticsearch-prometheus-externalsecret.yaml rename to argocd/infrastructure/elastic/base/elasticsearch-prometheus-externalsecret.yaml diff --git a/kubernetes/infrastructure/elastic/base/elasticsearch-prometheus-role.yaml b/argocd/infrastructure/elastic/base/elasticsearch-prometheus-role.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/base/elasticsearch-prometheus-role.yaml rename to argocd/infrastructure/elastic/base/elasticsearch-prometheus-role.yaml diff --git a/kubernetes/infrastructure/elastic/base/elasticsearch.yaml b/argocd/infrastructure/elastic/base/elasticsearch.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/base/elasticsearch.yaml rename to argocd/infrastructure/elastic/base/elasticsearch.yaml diff --git a/kubernetes/infrastructure/elastic/base/kibana-ingress.yaml b/argocd/infrastructure/elastic/base/kibana-ingress.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/base/kibana-ingress.yaml rename to argocd/infrastructure/elastic/base/kibana-ingress.yaml diff --git a/kubernetes/infrastructure/elastic/base/kibana.yaml b/argocd/infrastructure/elastic/base/kibana.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/base/kibana.yaml rename to argocd/infrastructure/elastic/base/kibana.yaml diff --git a/kubernetes/infrastructure/elastic/base/kustomization.yaml b/argocd/infrastructure/elastic/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/base/kustomization.yaml rename to argocd/infrastructure/elastic/base/kustomization.yaml diff --git a/kubernetes/infrastructure/elastic/base/ns.yaml b/argocd/infrastructure/elastic/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/base/ns.yaml rename to argocd/infrastructure/elastic/base/ns.yaml diff --git a/kubernetes/infrastructure/elastic/base/prometheus-elasticsearch-exporter-values.yaml b/argocd/infrastructure/elastic/base/prometheus-elasticsearch-exporter-values.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/base/prometheus-elasticsearch-exporter-values.yaml rename to argocd/infrastructure/elastic/base/prometheus-elasticsearch-exporter-values.yaml diff --git a/kubernetes/infrastructure/elastic/base/servicemonitor.yaml b/argocd/infrastructure/elastic/base/servicemonitor.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/base/servicemonitor.yaml rename to argocd/infrastructure/elastic/base/servicemonitor.yaml diff --git a/kubernetes/infrastructure/elastic/overlays/dev/eck-operator-values.yaml b/argocd/infrastructure/elastic/overlays/dev/eck-operator-values.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/overlays/dev/eck-operator-values.yaml rename to argocd/infrastructure/elastic/overlays/dev/eck-operator-values.yaml diff --git a/kubernetes/infrastructure/elastic/overlays/dev/kustomization.yaml b/argocd/infrastructure/elastic/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/overlays/dev/kustomization.yaml rename to argocd/infrastructure/elastic/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/elastic/overlays/dev/prometheus-elasticsearch-exporter-values.yaml b/argocd/infrastructure/elastic/overlays/dev/prometheus-elasticsearch-exporter-values.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/overlays/dev/prometheus-elasticsearch-exporter-values.yaml rename to argocd/infrastructure/elastic/overlays/dev/prometheus-elasticsearch-exporter-values.yaml diff --git a/kubernetes/infrastructure/elastic/overlays/prod/eck-operator-values.yaml b/argocd/infrastructure/elastic/overlays/prod/eck-operator-values.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/overlays/prod/eck-operator-values.yaml rename to argocd/infrastructure/elastic/overlays/prod/eck-operator-values.yaml diff --git a/kubernetes/infrastructure/elastic/overlays/prod/kustomization.yaml b/argocd/infrastructure/elastic/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/overlays/prod/kustomization.yaml rename to argocd/infrastructure/elastic/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/elastic/overlays/prod/prometheus-elasticsearch-exporter-values.yaml b/argocd/infrastructure/elastic/overlays/prod/prometheus-elasticsearch-exporter-values.yaml similarity index 100% rename from kubernetes/infrastructure/elastic/overlays/prod/prometheus-elasticsearch-exporter-values.yaml rename to argocd/infrastructure/elastic/overlays/prod/prometheus-elasticsearch-exporter-values.yaml diff --git a/kubernetes/infrastructure/external-secrets/base/cluster-secret-store.yaml b/argocd/infrastructure/external-secrets/base/cluster-secret-store.yaml similarity index 100% rename from kubernetes/infrastructure/external-secrets/base/cluster-secret-store.yaml rename to argocd/infrastructure/external-secrets/base/cluster-secret-store.yaml diff --git a/kubernetes/infrastructure/external-secrets/base/kustomization.yaml b/argocd/infrastructure/external-secrets/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/external-secrets/base/kustomization.yaml rename to argocd/infrastructure/external-secrets/base/kustomization.yaml diff --git a/kubernetes/infrastructure/external-secrets/base/ns.yaml b/argocd/infrastructure/external-secrets/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/external-secrets/base/ns.yaml rename to argocd/infrastructure/external-secrets/base/ns.yaml diff --git a/kubernetes/infrastructure/external-secrets/base/values.yaml b/argocd/infrastructure/external-secrets/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/external-secrets/base/values.yaml rename to argocd/infrastructure/external-secrets/base/values.yaml diff --git a/kubernetes/infrastructure/external-secrets/overlays/dev/kustomization.yaml b/argocd/infrastructure/external-secrets/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/external-secrets/overlays/dev/kustomization.yaml rename to argocd/infrastructure/external-secrets/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/external-secrets/overlays/dev/values.yaml b/argocd/infrastructure/external-secrets/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/external-secrets/overlays/dev/values.yaml rename to argocd/infrastructure/external-secrets/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/external-secrets/overlays/prod/kustomization.yaml b/argocd/infrastructure/external-secrets/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/external-secrets/overlays/prod/kustomization.yaml rename to argocd/infrastructure/external-secrets/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/external-secrets/overlays/prod/values.yaml b/argocd/infrastructure/external-secrets/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/external-secrets/overlays/prod/values.yaml rename to argocd/infrastructure/external-secrets/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/fluent/base/fluent-bit-values.yaml b/argocd/infrastructure/fluent/base/fluent-bit-values.yaml similarity index 100% rename from kubernetes/infrastructure/fluent/base/fluent-bit-values.yaml rename to argocd/infrastructure/fluent/base/fluent-bit-values.yaml diff --git a/kubernetes/infrastructure/fluent/base/fluentd-certificate.yaml b/argocd/infrastructure/fluent/base/fluentd-certificate.yaml similarity index 100% rename from kubernetes/infrastructure/fluent/base/fluentd-certificate.yaml rename to argocd/infrastructure/fluent/base/fluentd-certificate.yaml diff --git a/kubernetes/infrastructure/fluent/base/fluentd-elastic-templates-cm.yaml b/argocd/infrastructure/fluent/base/fluentd-elastic-templates-cm.yaml similarity index 100% rename from kubernetes/infrastructure/fluent/base/fluentd-elastic-templates-cm.yaml rename to argocd/infrastructure/fluent/base/fluentd-elastic-templates-cm.yaml diff --git a/kubernetes/infrastructure/fluent/base/fluentd-externalsecret.yaml b/argocd/infrastructure/fluent/base/fluentd-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/fluent/base/fluentd-externalsecret.yaml rename to argocd/infrastructure/fluent/base/fluentd-externalsecret.yaml diff --git a/kubernetes/infrastructure/fluent/base/fluentd-extservice.yaml b/argocd/infrastructure/fluent/base/fluentd-extservice.yaml similarity index 100% rename from kubernetes/infrastructure/fluent/base/fluentd-extservice.yaml rename to argocd/infrastructure/fluent/base/fluentd-extservice.yaml diff --git a/kubernetes/infrastructure/fluent/base/fluentd-values.yaml b/argocd/infrastructure/fluent/base/fluentd-values.yaml similarity index 100% rename from kubernetes/infrastructure/fluent/base/fluentd-values.yaml rename to argocd/infrastructure/fluent/base/fluentd-values.yaml diff --git a/kubernetes/infrastructure/fluent/base/kustomization.yaml b/argocd/infrastructure/fluent/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/fluent/base/kustomization.yaml rename to argocd/infrastructure/fluent/base/kustomization.yaml diff --git a/kubernetes/infrastructure/fluent/base/logging-cm.yaml b/argocd/infrastructure/fluent/base/logging-cm.yaml similarity index 100% rename from kubernetes/infrastructure/fluent/base/logging-cm.yaml rename to argocd/infrastructure/fluent/base/logging-cm.yaml diff --git a/kubernetes/infrastructure/fluent/base/ns.yaml b/argocd/infrastructure/fluent/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/fluent/base/ns.yaml rename to argocd/infrastructure/fluent/base/ns.yaml diff --git a/kubernetes/infrastructure/fluent/base/servicemonitor.yaml b/argocd/infrastructure/fluent/base/servicemonitor.yaml similarity index 100% rename from kubernetes/infrastructure/fluent/base/servicemonitor.yaml rename to argocd/infrastructure/fluent/base/servicemonitor.yaml diff --git a/kubernetes/infrastructure/fluent/overlays/dev/fluent-bit-values.yaml b/argocd/infrastructure/fluent/overlays/dev/fluent-bit-values.yaml similarity index 100% rename from kubernetes/infrastructure/fluent/overlays/dev/fluent-bit-values.yaml rename to argocd/infrastructure/fluent/overlays/dev/fluent-bit-values.yaml diff --git a/kubernetes/infrastructure/fluent/overlays/dev/fluentd-values.yaml b/argocd/infrastructure/fluent/overlays/dev/fluentd-values.yaml similarity index 100% rename from kubernetes/infrastructure/fluent/overlays/dev/fluentd-values.yaml rename to argocd/infrastructure/fluent/overlays/dev/fluentd-values.yaml diff --git a/kubernetes/infrastructure/fluent/overlays/dev/kustomization.yaml b/argocd/infrastructure/fluent/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/fluent/overlays/dev/kustomization.yaml rename to argocd/infrastructure/fluent/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/fluent/overlays/prod/fluent-bit-values.yaml b/argocd/infrastructure/fluent/overlays/prod/fluent-bit-values.yaml similarity index 100% rename from kubernetes/infrastructure/fluent/overlays/prod/fluent-bit-values.yaml rename to argocd/infrastructure/fluent/overlays/prod/fluent-bit-values.yaml diff --git a/kubernetes/infrastructure/fluent/overlays/prod/fluentd-values.yaml b/argocd/infrastructure/fluent/overlays/prod/fluentd-values.yaml similarity index 100% rename from kubernetes/infrastructure/fluent/overlays/prod/fluentd-values.yaml rename to argocd/infrastructure/fluent/overlays/prod/fluentd-values.yaml diff --git a/kubernetes/infrastructure/fluent/overlays/prod/kustomization.yaml b/argocd/infrastructure/fluent/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/fluent/overlays/prod/kustomization.yaml rename to argocd/infrastructure/fluent/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/grafana/base/dashboards/k3s-apiserver.json b/argocd/infrastructure/grafana/base/dashboards/k3s-apiserver.json similarity index 100% rename from kubernetes/infrastructure/grafana/base/dashboards/k3s-apiserver.json rename to argocd/infrastructure/grafana/base/dashboards/k3s-apiserver.json diff --git a/kubernetes/infrastructure/grafana/base/dashboards/k3s-controllermanager-dashboard.json b/argocd/infrastructure/grafana/base/dashboards/k3s-controllermanager-dashboard.json similarity index 100% rename from kubernetes/infrastructure/grafana/base/dashboards/k3s-controllermanager-dashboard.json rename to argocd/infrastructure/grafana/base/dashboards/k3s-controllermanager-dashboard.json diff --git a/kubernetes/infrastructure/grafana/base/dashboards/k3s-etcd.json b/argocd/infrastructure/grafana/base/dashboards/k3s-etcd.json similarity index 100% rename from kubernetes/infrastructure/grafana/base/dashboards/k3s-etcd.json rename to argocd/infrastructure/grafana/base/dashboards/k3s-etcd.json diff --git a/kubernetes/infrastructure/grafana/base/dashboards/k3s-kubelet.json b/argocd/infrastructure/grafana/base/dashboards/k3s-kubelet.json similarity index 100% rename from kubernetes/infrastructure/grafana/base/dashboards/k3s-kubelet.json rename to argocd/infrastructure/grafana/base/dashboards/k3s-kubelet.json diff --git a/kubernetes/infrastructure/grafana/base/dashboards/k3s-proxy-dashboard.json b/argocd/infrastructure/grafana/base/dashboards/k3s-proxy-dashboard.json similarity index 100% rename from kubernetes/infrastructure/grafana/base/dashboards/k3s-proxy-dashboard.json rename to argocd/infrastructure/grafana/base/dashboards/k3s-proxy-dashboard.json diff --git a/kubernetes/infrastructure/grafana/base/dashboards/k3s-scheduler-dashboard.json b/argocd/infrastructure/grafana/base/dashboards/k3s-scheduler-dashboard.json similarity index 100% rename from kubernetes/infrastructure/grafana/base/dashboards/k3s-scheduler-dashboard.json rename to argocd/infrastructure/grafana/base/dashboards/k3s-scheduler-dashboard.json diff --git a/kubernetes/infrastructure/grafana/base/dashboards/pi-cluster-dashboard.json b/argocd/infrastructure/grafana/base/dashboards/pi-cluster-dashboard.json similarity index 100% rename from kubernetes/infrastructure/grafana/base/dashboards/pi-cluster-dashboard.json rename to argocd/infrastructure/grafana/base/dashboards/pi-cluster-dashboard.json diff --git a/kubernetes/infrastructure/grafana/base/dashboards/prometheus-dashboard-2.json b/argocd/infrastructure/grafana/base/dashboards/prometheus-dashboard-2.json similarity index 100% rename from kubernetes/infrastructure/grafana/base/dashboards/prometheus-dashboard-2.json rename to argocd/infrastructure/grafana/base/dashboards/prometheus-dashboard-2.json diff --git a/kubernetes/infrastructure/grafana/base/grafana-env-externalsecret.yaml b/argocd/infrastructure/grafana/base/grafana-env-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/grafana/base/grafana-env-externalsecret.yaml rename to argocd/infrastructure/grafana/base/grafana-env-externalsecret.yaml diff --git a/kubernetes/infrastructure/grafana/base/grafana-externalsecret.yaml b/argocd/infrastructure/grafana/base/grafana-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/grafana/base/grafana-externalsecret.yaml rename to argocd/infrastructure/grafana/base/grafana-externalsecret.yaml diff --git a/kubernetes/infrastructure/grafana/base/ingress.yaml b/argocd/infrastructure/grafana/base/ingress.yaml similarity index 100% rename from kubernetes/infrastructure/grafana/base/ingress.yaml rename to argocd/infrastructure/grafana/base/ingress.yaml diff --git a/kubernetes/infrastructure/grafana/base/kustomization.yaml b/argocd/infrastructure/grafana/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/grafana/base/kustomization.yaml rename to argocd/infrastructure/grafana/base/kustomization.yaml diff --git a/kubernetes/infrastructure/grafana/base/ns.yaml b/argocd/infrastructure/grafana/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/grafana/base/ns.yaml rename to argocd/infrastructure/grafana/base/ns.yaml diff --git a/kubernetes/infrastructure/grafana/base/values.yaml b/argocd/infrastructure/grafana/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/grafana/base/values.yaml rename to argocd/infrastructure/grafana/base/values.yaml diff --git a/kubernetes/infrastructure/grafana/overlays/dev/kustomization.yaml b/argocd/infrastructure/grafana/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/grafana/overlays/dev/kustomization.yaml rename to argocd/infrastructure/grafana/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/grafana/overlays/dev/values.yaml b/argocd/infrastructure/grafana/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/grafana/overlays/dev/values.yaml rename to argocd/infrastructure/grafana/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/grafana/overlays/prod/kustomization.yaml b/argocd/infrastructure/grafana/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/grafana/overlays/prod/kustomization.yaml rename to argocd/infrastructure/grafana/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/grafana/overlays/prod/values.yaml b/argocd/infrastructure/grafana/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/grafana/overlays/prod/values.yaml rename to argocd/infrastructure/grafana/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/istio/base/cilium-istio-networkpolicy.yaml b/argocd/infrastructure/istio/base/cilium-istio-networkpolicy.yaml similarity index 100% rename from kubernetes/infrastructure/istio/base/cilium-istio-networkpolicy.yaml rename to argocd/infrastructure/istio/base/cilium-istio-networkpolicy.yaml diff --git a/kubernetes/infrastructure/istio/base/istio-opentelemetry.yaml b/argocd/infrastructure/istio/base/istio-opentelemetry.yaml similarity index 100% rename from kubernetes/infrastructure/istio/base/istio-opentelemetry.yaml rename to argocd/infrastructure/istio/base/istio-opentelemetry.yaml diff --git a/kubernetes/infrastructure/istio/base/istio-prometheus-config.yaml b/argocd/infrastructure/istio/base/istio-prometheus-config.yaml similarity index 100% rename from kubernetes/infrastructure/istio/base/istio-prometheus-config.yaml rename to argocd/infrastructure/istio/base/istio-prometheus-config.yaml diff --git a/kubernetes/infrastructure/istio/base/kiali-external-secret.yaml b/argocd/infrastructure/istio/base/kiali-external-secret.yaml similarity index 100% rename from kubernetes/infrastructure/istio/base/kiali-external-secret.yaml rename to argocd/infrastructure/istio/base/kiali-external-secret.yaml diff --git a/kubernetes/infrastructure/istio/base/kustomization.yaml b/argocd/infrastructure/istio/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/base/kustomization.yaml rename to argocd/infrastructure/istio/base/kustomization.yaml diff --git a/kubernetes/infrastructure/istio/base/ns.yaml b/argocd/infrastructure/istio/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/istio/base/ns.yaml rename to argocd/infrastructure/istio/base/ns.yaml diff --git a/kubernetes/infrastructure/istio/istio-base/base/cilium-istio-networkpolicy.yaml b/argocd/infrastructure/istio/istio-base/base/cilium-istio-networkpolicy.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-base/base/cilium-istio-networkpolicy.yaml rename to argocd/infrastructure/istio/istio-base/base/cilium-istio-networkpolicy.yaml diff --git a/kubernetes/infrastructure/istio/istio-base/base/kustomization.yaml b/argocd/infrastructure/istio/istio-base/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-base/base/kustomization.yaml rename to argocd/infrastructure/istio/istio-base/base/kustomization.yaml diff --git a/kubernetes/infrastructure/istio/istio-base/base/ns.yaml b/argocd/infrastructure/istio/istio-base/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-base/base/ns.yaml rename to argocd/infrastructure/istio/istio-base/base/ns.yaml diff --git a/kubernetes/infrastructure/istio/istio-base/base/values.yaml b/argocd/infrastructure/istio/istio-base/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-base/base/values.yaml rename to argocd/infrastructure/istio/istio-base/base/values.yaml diff --git a/kubernetes/infrastructure/istio/istio-base/overlays/dev/kustomization.yaml b/argocd/infrastructure/istio/istio-base/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-base/overlays/dev/kustomization.yaml rename to argocd/infrastructure/istio/istio-base/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/istio/istio-base/overlays/dev/values.yaml b/argocd/infrastructure/istio/istio-base/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-base/overlays/dev/values.yaml rename to argocd/infrastructure/istio/istio-base/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/istio/istio-base/overlays/prod/kustomization.yaml b/argocd/infrastructure/istio/istio-base/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-base/overlays/prod/kustomization.yaml rename to argocd/infrastructure/istio/istio-base/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/istio/istio-base/overlays/prod/values.yaml b/argocd/infrastructure/istio/istio-base/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-base/overlays/prod/values.yaml rename to argocd/infrastructure/istio/istio-base/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/istio/istio-cni/base/kustomization.yaml b/argocd/infrastructure/istio/istio-cni/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-cni/base/kustomization.yaml rename to argocd/infrastructure/istio/istio-cni/base/kustomization.yaml diff --git a/kubernetes/infrastructure/istio/istio-cni/base/values.yaml b/argocd/infrastructure/istio/istio-cni/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-cni/base/values.yaml rename to argocd/infrastructure/istio/istio-cni/base/values.yaml diff --git a/kubernetes/infrastructure/istio/istio-cni/overlays/dev/kustomization.yaml b/argocd/infrastructure/istio/istio-cni/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-cni/overlays/dev/kustomization.yaml rename to argocd/infrastructure/istio/istio-cni/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/istio/istio-cni/overlays/dev/values.yaml b/argocd/infrastructure/istio/istio-cni/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-cni/overlays/dev/values.yaml rename to argocd/infrastructure/istio/istio-cni/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/istio/istio-cni/overlays/prod/kustomization.yaml b/argocd/infrastructure/istio/istio-cni/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-cni/overlays/prod/kustomization.yaml rename to argocd/infrastructure/istio/istio-cni/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/istio/istio-cni/overlays/prod/values.yaml b/argocd/infrastructure/istio/istio-cni/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-cni/overlays/prod/values.yaml rename to argocd/infrastructure/istio/istio-cni/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/istio/istio-gateway/base/kustomization.yaml b/argocd/infrastructure/istio/istio-gateway/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-gateway/base/kustomization.yaml rename to argocd/infrastructure/istio/istio-gateway/base/kustomization.yaml diff --git a/kubernetes/infrastructure/istio/istio-gateway/base/ns.yaml b/argocd/infrastructure/istio/istio-gateway/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-gateway/base/ns.yaml rename to argocd/infrastructure/istio/istio-gateway/base/ns.yaml diff --git a/kubernetes/infrastructure/istio/istio-gateway/base/values.yaml b/argocd/infrastructure/istio/istio-gateway/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-gateway/base/values.yaml rename to argocd/infrastructure/istio/istio-gateway/base/values.yaml diff --git a/kubernetes/infrastructure/istio/istio-gateway/overlays/dev/kustomization.yaml b/argocd/infrastructure/istio/istio-gateway/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-gateway/overlays/dev/kustomization.yaml rename to argocd/infrastructure/istio/istio-gateway/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/istio/istio-gateway/overlays/dev/values.yaml b/argocd/infrastructure/istio/istio-gateway/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-gateway/overlays/dev/values.yaml rename to argocd/infrastructure/istio/istio-gateway/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/istio/istio-gateway/overlays/prod/kustomization.yaml b/argocd/infrastructure/istio/istio-gateway/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-gateway/overlays/prod/kustomization.yaml rename to argocd/infrastructure/istio/istio-gateway/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/istio/istio-gateway/overlays/prod/values.yaml b/argocd/infrastructure/istio/istio-gateway/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-gateway/overlays/prod/values.yaml rename to argocd/infrastructure/istio/istio-gateway/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/istio/istio-istiod/base/kustomization.yaml b/argocd/infrastructure/istio/istio-istiod/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-istiod/base/kustomization.yaml rename to argocd/infrastructure/istio/istio-istiod/base/kustomization.yaml diff --git a/kubernetes/infrastructure/istio/istio-istiod/base/values.yaml b/argocd/infrastructure/istio/istio-istiod/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-istiod/base/values.yaml rename to argocd/infrastructure/istio/istio-istiod/base/values.yaml diff --git a/kubernetes/infrastructure/istio/istio-istiod/overlays/dev/kustomization.yaml b/argocd/infrastructure/istio/istio-istiod/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-istiod/overlays/dev/kustomization.yaml rename to argocd/infrastructure/istio/istio-istiod/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/istio/istio-istiod/overlays/dev/values.yaml b/argocd/infrastructure/istio/istio-istiod/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-istiod/overlays/dev/values.yaml rename to argocd/infrastructure/istio/istio-istiod/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/istio/istio-istiod/overlays/prod/kustomization.yaml b/argocd/infrastructure/istio/istio-istiod/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-istiod/overlays/prod/kustomization.yaml rename to argocd/infrastructure/istio/istio-istiod/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/istio/istio-istiod/overlays/prod/values.yaml b/argocd/infrastructure/istio/istio-istiod/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-istiod/overlays/prod/values.yaml rename to argocd/infrastructure/istio/istio-istiod/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/istio/istio-ztunnel/base/kustomization.yaml b/argocd/infrastructure/istio/istio-ztunnel/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-ztunnel/base/kustomization.yaml rename to argocd/infrastructure/istio/istio-ztunnel/base/kustomization.yaml diff --git a/kubernetes/infrastructure/istio/istio-ztunnel/base/values.yaml b/argocd/infrastructure/istio/istio-ztunnel/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-ztunnel/base/values.yaml rename to argocd/infrastructure/istio/istio-ztunnel/base/values.yaml diff --git a/kubernetes/infrastructure/istio/istio-ztunnel/overlays/dev/kustomization.yaml b/argocd/infrastructure/istio/istio-ztunnel/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-ztunnel/overlays/dev/kustomization.yaml rename to argocd/infrastructure/istio/istio-ztunnel/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/istio/istio-ztunnel/overlays/dev/values.yaml b/argocd/infrastructure/istio/istio-ztunnel/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-ztunnel/overlays/dev/values.yaml rename to argocd/infrastructure/istio/istio-ztunnel/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/istio/istio-ztunnel/overlays/prod/kustomization.yaml b/argocd/infrastructure/istio/istio-ztunnel/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-ztunnel/overlays/prod/kustomization.yaml rename to argocd/infrastructure/istio/istio-ztunnel/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/istio/istio-ztunnel/overlays/prod/values.yaml b/argocd/infrastructure/istio/istio-ztunnel/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/istio/istio-ztunnel/overlays/prod/values.yaml rename to argocd/infrastructure/istio/istio-ztunnel/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/istio/overlays/dev/kustomization.yaml b/argocd/infrastructure/istio/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/overlays/dev/kustomization.yaml rename to argocd/infrastructure/istio/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/istio/overlays/prod/kustomization.yaml b/argocd/infrastructure/istio/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/istio/overlays/prod/kustomization.yaml rename to argocd/infrastructure/istio/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/keycloak/base/keycloak-db-externalsecret.yaml b/argocd/infrastructure/keycloak/base/keycloak-db-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/keycloak/base/keycloak-db-externalsecret.yaml rename to argocd/infrastructure/keycloak/base/keycloak-db-externalsecret.yaml diff --git a/kubernetes/infrastructure/keycloak/base/keycloak-db.yaml b/argocd/infrastructure/keycloak/base/keycloak-db.yaml similarity index 100% rename from kubernetes/infrastructure/keycloak/base/keycloak-db.yaml rename to argocd/infrastructure/keycloak/base/keycloak-db.yaml diff --git a/kubernetes/infrastructure/keycloak/base/keycloak-env-externalsecret.yaml b/argocd/infrastructure/keycloak/base/keycloak-env-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/keycloak/base/keycloak-env-externalsecret.yaml rename to argocd/infrastructure/keycloak/base/keycloak-env-externalsecret.yaml diff --git a/kubernetes/infrastructure/keycloak/base/keycloak-externalsecret.yaml b/argocd/infrastructure/keycloak/base/keycloak-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/keycloak/base/keycloak-externalsecret.yaml rename to argocd/infrastructure/keycloak/base/keycloak-externalsecret.yaml diff --git a/kubernetes/infrastructure/keycloak/base/kustomization.yaml b/argocd/infrastructure/keycloak/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/keycloak/base/kustomization.yaml rename to argocd/infrastructure/keycloak/base/kustomization.yaml diff --git a/kubernetes/infrastructure/keycloak/base/minio-externalsecret.yaml b/argocd/infrastructure/keycloak/base/minio-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/keycloak/base/minio-externalsecret.yaml rename to argocd/infrastructure/keycloak/base/minio-externalsecret.yaml diff --git a/kubernetes/infrastructure/keycloak/base/ns.yaml b/argocd/infrastructure/keycloak/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/keycloak/base/ns.yaml rename to argocd/infrastructure/keycloak/base/ns.yaml diff --git a/kubernetes/infrastructure/keycloak/base/picluster-realm.json b/argocd/infrastructure/keycloak/base/picluster-realm.json similarity index 100% rename from kubernetes/infrastructure/keycloak/base/picluster-realm.json rename to argocd/infrastructure/keycloak/base/picluster-realm.json diff --git a/kubernetes/infrastructure/keycloak/base/values.yaml b/argocd/infrastructure/keycloak/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/keycloak/base/values.yaml rename to argocd/infrastructure/keycloak/base/values.yaml diff --git a/kubernetes/infrastructure/keycloak/overlays/dev/kustomization.yaml b/argocd/infrastructure/keycloak/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/keycloak/overlays/dev/kustomization.yaml rename to argocd/infrastructure/keycloak/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/keycloak/overlays/dev/values.yaml b/argocd/infrastructure/keycloak/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/keycloak/overlays/dev/values.yaml rename to argocd/infrastructure/keycloak/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/keycloak/overlays/prod/kustomization.yaml b/argocd/infrastructure/keycloak/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/keycloak/overlays/prod/kustomization.yaml rename to argocd/infrastructure/keycloak/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/keycloak/overlays/prod/values.yaml b/argocd/infrastructure/keycloak/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/keycloak/overlays/prod/values.yaml rename to argocd/infrastructure/keycloak/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/kiali/base/kustomization.yaml b/argocd/infrastructure/kiali/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/kiali/base/kustomization.yaml rename to argocd/infrastructure/kiali/base/kustomization.yaml diff --git a/kubernetes/infrastructure/kiali/base/ns.yaml b/argocd/infrastructure/kiali/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/kiali/base/ns.yaml rename to argocd/infrastructure/kiali/base/ns.yaml diff --git a/kubernetes/infrastructure/kiali/base/values.yaml b/argocd/infrastructure/kiali/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/kiali/base/values.yaml rename to argocd/infrastructure/kiali/base/values.yaml diff --git a/kubernetes/infrastructure/kiali/overlays/dev/kustomization.yaml b/argocd/infrastructure/kiali/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/kiali/overlays/dev/kustomization.yaml rename to argocd/infrastructure/kiali/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/kiali/overlays/dev/values.yaml b/argocd/infrastructure/kiali/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/kiali/overlays/dev/values.yaml rename to argocd/infrastructure/kiali/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/kiali/overlays/prod/kustomization.yaml b/argocd/infrastructure/kiali/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/kiali/overlays/prod/kustomization.yaml rename to argocd/infrastructure/kiali/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/kiali/overlays/prod/values.yaml b/argocd/infrastructure/kiali/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/kiali/overlays/prod/values.yaml rename to argocd/infrastructure/kiali/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/kube-prometheus-stack/base/external-node-service-metrics.yaml b/argocd/infrastructure/kube-prometheus-stack/base/external-node-service-metrics.yaml similarity index 100% rename from kubernetes/infrastructure/kube-prometheus-stack/base/external-node-service-metrics.yaml rename to argocd/infrastructure/kube-prometheus-stack/base/external-node-service-metrics.yaml diff --git a/kubernetes/infrastructure/kube-prometheus-stack/base/grafana-dashboards.yaml b/argocd/infrastructure/kube-prometheus-stack/base/grafana-dashboards.yaml similarity index 100% rename from kubernetes/infrastructure/kube-prometheus-stack/base/grafana-dashboards.yaml rename to argocd/infrastructure/kube-prometheus-stack/base/grafana-dashboards.yaml diff --git a/kubernetes/infrastructure/kube-prometheus-stack/base/ingress.yaml b/argocd/infrastructure/kube-prometheus-stack/base/ingress.yaml similarity index 100% rename from kubernetes/infrastructure/kube-prometheus-stack/base/ingress.yaml rename to argocd/infrastructure/kube-prometheus-stack/base/ingress.yaml diff --git a/kubernetes/infrastructure/kube-prometheus-stack/base/k3s-service-metric.yaml b/argocd/infrastructure/kube-prometheus-stack/base/k3s-service-metric.yaml similarity index 100% rename from kubernetes/infrastructure/kube-prometheus-stack/base/k3s-service-metric.yaml rename to argocd/infrastructure/kube-prometheus-stack/base/k3s-service-metric.yaml diff --git a/kubernetes/infrastructure/kube-prometheus-stack/base/k3s-servicemonitor.yaml b/argocd/infrastructure/kube-prometheus-stack/base/k3s-servicemonitor.yaml similarity index 100% rename from kubernetes/infrastructure/kube-prometheus-stack/base/k3s-servicemonitor.yaml rename to argocd/infrastructure/kube-prometheus-stack/base/k3s-servicemonitor.yaml diff --git a/kubernetes/infrastructure/kube-prometheus-stack/base/kustomization.yaml b/argocd/infrastructure/kube-prometheus-stack/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/kube-prometheus-stack/base/kustomization.yaml rename to argocd/infrastructure/kube-prometheus-stack/base/kustomization.yaml diff --git a/kubernetes/infrastructure/kube-prometheus-stack/base/minio-bearer-externalsecret.yaml b/argocd/infrastructure/kube-prometheus-stack/base/minio-bearer-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/kube-prometheus-stack/base/minio-bearer-externalsecret.yaml rename to argocd/infrastructure/kube-prometheus-stack/base/minio-bearer-externalsecret.yaml diff --git a/kubernetes/infrastructure/kube-prometheus-stack/base/minio-service-metrics.yaml b/argocd/infrastructure/kube-prometheus-stack/base/minio-service-metrics.yaml similarity index 100% rename from kubernetes/infrastructure/kube-prometheus-stack/base/minio-service-metrics.yaml rename to argocd/infrastructure/kube-prometheus-stack/base/minio-service-metrics.yaml diff --git a/kubernetes/infrastructure/kube-prometheus-stack/base/minio-servicemonitor.yaml b/argocd/infrastructure/kube-prometheus-stack/base/minio-servicemonitor.yaml similarity index 100% rename from kubernetes/infrastructure/kube-prometheus-stack/base/minio-servicemonitor.yaml rename to argocd/infrastructure/kube-prometheus-stack/base/minio-servicemonitor.yaml diff --git a/kubernetes/infrastructure/kube-prometheus-stack/base/ns.yaml b/argocd/infrastructure/kube-prometheus-stack/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/kube-prometheus-stack/base/ns.yaml rename to argocd/infrastructure/kube-prometheus-stack/base/ns.yaml diff --git a/kubernetes/infrastructure/kube-prometheus-stack/base/prometheus-rules.yaml b/argocd/infrastructure/kube-prometheus-stack/base/prometheus-rules.yaml similarity index 100% rename from kubernetes/infrastructure/kube-prometheus-stack/base/prometheus-rules.yaml rename to argocd/infrastructure/kube-prometheus-stack/base/prometheus-rules.yaml diff --git a/kubernetes/infrastructure/kube-prometheus-stack/base/values.yaml b/argocd/infrastructure/kube-prometheus-stack/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/kube-prometheus-stack/base/values.yaml rename to argocd/infrastructure/kube-prometheus-stack/base/values.yaml diff --git a/kubernetes/infrastructure/kube-prometheus-stack/overlays/dev/kustomization.yaml b/argocd/infrastructure/kube-prometheus-stack/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/kube-prometheus-stack/overlays/dev/kustomization.yaml rename to argocd/infrastructure/kube-prometheus-stack/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/kube-prometheus-stack/overlays/dev/values.yaml b/argocd/infrastructure/kube-prometheus-stack/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/kube-prometheus-stack/overlays/dev/values.yaml rename to argocd/infrastructure/kube-prometheus-stack/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/kube-prometheus-stack/overlays/prod/kustomization.yaml b/argocd/infrastructure/kube-prometheus-stack/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/kube-prometheus-stack/overlays/prod/kustomization.yaml rename to argocd/infrastructure/kube-prometheus-stack/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/kube-prometheus-stack/overlays/prod/values.yaml b/argocd/infrastructure/kube-prometheus-stack/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/kube-prometheus-stack/overlays/prod/values.yaml rename to argocd/infrastructure/kube-prometheus-stack/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/loki/base/kustomization.yaml b/argocd/infrastructure/loki/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/loki/base/kustomization.yaml rename to argocd/infrastructure/loki/base/kustomization.yaml diff --git a/kubernetes/infrastructure/loki/base/loki-externalsecret.yaml b/argocd/infrastructure/loki/base/loki-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/loki/base/loki-externalsecret.yaml rename to argocd/infrastructure/loki/base/loki-externalsecret.yaml diff --git a/kubernetes/infrastructure/loki/base/ns.yaml b/argocd/infrastructure/loki/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/loki/base/ns.yaml rename to argocd/infrastructure/loki/base/ns.yaml diff --git a/kubernetes/infrastructure/loki/base/values.yaml b/argocd/infrastructure/loki/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/loki/base/values.yaml rename to argocd/infrastructure/loki/base/values.yaml diff --git a/kubernetes/infrastructure/loki/overlays/dev/kustomization.yaml b/argocd/infrastructure/loki/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/loki/overlays/dev/kustomization.yaml rename to argocd/infrastructure/loki/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/loki/overlays/dev/values.yaml b/argocd/infrastructure/loki/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/loki/overlays/dev/values.yaml rename to argocd/infrastructure/loki/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/loki/overlays/prod/kustomization.yaml b/argocd/infrastructure/loki/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/loki/overlays/prod/kustomization.yaml rename to argocd/infrastructure/loki/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/loki/overlays/prod/values.yaml b/argocd/infrastructure/loki/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/loki/overlays/prod/values.yaml rename to argocd/infrastructure/loki/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/longhorn/base/kustomization.yaml b/argocd/infrastructure/longhorn/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/longhorn/base/kustomization.yaml rename to argocd/infrastructure/longhorn/base/kustomization.yaml diff --git a/kubernetes/infrastructure/longhorn/base/minio-externalsecret.yaml b/argocd/infrastructure/longhorn/base/minio-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/longhorn/base/minio-externalsecret.yaml rename to argocd/infrastructure/longhorn/base/minio-externalsecret.yaml diff --git a/kubernetes/infrastructure/longhorn/base/ns.yaml b/argocd/infrastructure/longhorn/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/longhorn/base/ns.yaml rename to argocd/infrastructure/longhorn/base/ns.yaml diff --git a/kubernetes/infrastructure/longhorn/base/service-monitor.yaml b/argocd/infrastructure/longhorn/base/service-monitor.yaml similarity index 100% rename from kubernetes/infrastructure/longhorn/base/service-monitor.yaml rename to argocd/infrastructure/longhorn/base/service-monitor.yaml diff --git a/kubernetes/infrastructure/longhorn/base/values.yaml b/argocd/infrastructure/longhorn/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/longhorn/base/values.yaml rename to argocd/infrastructure/longhorn/base/values.yaml diff --git a/kubernetes/infrastructure/longhorn/base/volume-snapshot-class.yaml b/argocd/infrastructure/longhorn/base/volume-snapshot-class.yaml similarity index 100% rename from kubernetes/infrastructure/longhorn/base/volume-snapshot-class.yaml rename to argocd/infrastructure/longhorn/base/volume-snapshot-class.yaml diff --git a/kubernetes/infrastructure/longhorn/overlays/dev/kustomization.yaml b/argocd/infrastructure/longhorn/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/longhorn/overlays/dev/kustomization.yaml rename to argocd/infrastructure/longhorn/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/longhorn/overlays/dev/values.yaml b/argocd/infrastructure/longhorn/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/longhorn/overlays/dev/values.yaml rename to argocd/infrastructure/longhorn/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/longhorn/overlays/prod/kustomization.yaml b/argocd/infrastructure/longhorn/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/longhorn/overlays/prod/kustomization.yaml rename to argocd/infrastructure/longhorn/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/longhorn/overlays/prod/values.yaml b/argocd/infrastructure/longhorn/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/longhorn/overlays/prod/values.yaml rename to argocd/infrastructure/longhorn/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/minio/base/kustomization.yaml b/argocd/infrastructure/minio/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/minio/base/kustomization.yaml rename to argocd/infrastructure/minio/base/kustomization.yaml diff --git a/kubernetes/infrastructure/minio/base/minio-externalsecret.yaml b/argocd/infrastructure/minio/base/minio-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/minio/base/minio-externalsecret.yaml rename to argocd/infrastructure/minio/base/minio-externalsecret.yaml diff --git a/kubernetes/infrastructure/minio/base/ns.yaml b/argocd/infrastructure/minio/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/minio/base/ns.yaml rename to argocd/infrastructure/minio/base/ns.yaml diff --git a/kubernetes/infrastructure/minio/base/values.yaml b/argocd/infrastructure/minio/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/minio/base/values.yaml rename to argocd/infrastructure/minio/base/values.yaml diff --git a/kubernetes/infrastructure/minio/overlays/dev/kustomization.yaml b/argocd/infrastructure/minio/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/minio/overlays/dev/kustomization.yaml rename to argocd/infrastructure/minio/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/minio/overlays/dev/values.yaml b/argocd/infrastructure/minio/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/minio/overlays/dev/values.yaml rename to argocd/infrastructure/minio/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/minio/overlays/prod/kustomization.yaml b/argocd/infrastructure/minio/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/minio/overlays/prod/kustomization.yaml rename to argocd/infrastructure/minio/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/minio/overlays/prod/values.yaml b/argocd/infrastructure/minio/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/minio/overlays/prod/values.yaml rename to argocd/infrastructure/minio/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/nginx/base/basic-auth-externalsecret.yaml b/argocd/infrastructure/nginx/base/basic-auth-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/nginx/base/basic-auth-externalsecret.yaml rename to argocd/infrastructure/nginx/base/basic-auth-externalsecret.yaml diff --git a/kubernetes/infrastructure/nginx/base/kustomization.yaml b/argocd/infrastructure/nginx/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/nginx/base/kustomization.yaml rename to argocd/infrastructure/nginx/base/kustomization.yaml diff --git a/kubernetes/infrastructure/nginx/base/ns.yaml b/argocd/infrastructure/nginx/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/nginx/base/ns.yaml rename to argocd/infrastructure/nginx/base/ns.yaml diff --git a/kubernetes/infrastructure/nginx/base/values.yaml b/argocd/infrastructure/nginx/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/nginx/base/values.yaml rename to argocd/infrastructure/nginx/base/values.yaml diff --git a/kubernetes/infrastructure/nginx/overlays/dev/kustomization.yaml b/argocd/infrastructure/nginx/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/nginx/overlays/dev/kustomization.yaml rename to argocd/infrastructure/nginx/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/nginx/overlays/dev/values.yaml b/argocd/infrastructure/nginx/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/nginx/overlays/dev/values.yaml rename to argocd/infrastructure/nginx/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/nginx/overlays/prod/kustomization.yaml b/argocd/infrastructure/nginx/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/nginx/overlays/prod/kustomization.yaml rename to argocd/infrastructure/nginx/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/nginx/overlays/prod/values.yaml b/argocd/infrastructure/nginx/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/nginx/overlays/prod/values.yaml rename to argocd/infrastructure/nginx/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/oauth2-proxy/base/kustomization.yaml b/argocd/infrastructure/oauth2-proxy/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/oauth2-proxy/base/kustomization.yaml rename to argocd/infrastructure/oauth2-proxy/base/kustomization.yaml diff --git a/kubernetes/infrastructure/oauth2-proxy/base/ns.yaml b/argocd/infrastructure/oauth2-proxy/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/oauth2-proxy/base/ns.yaml rename to argocd/infrastructure/oauth2-proxy/base/ns.yaml diff --git a/kubernetes/infrastructure/oauth2-proxy/base/oauth2-proxy-externalsecret.yaml b/argocd/infrastructure/oauth2-proxy/base/oauth2-proxy-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/oauth2-proxy/base/oauth2-proxy-externalsecret.yaml rename to argocd/infrastructure/oauth2-proxy/base/oauth2-proxy-externalsecret.yaml diff --git a/kubernetes/infrastructure/oauth2-proxy/base/values.yaml b/argocd/infrastructure/oauth2-proxy/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/oauth2-proxy/base/values.yaml rename to argocd/infrastructure/oauth2-proxy/base/values.yaml diff --git a/kubernetes/infrastructure/oauth2-proxy/overlays/dev/kustomization.yaml b/argocd/infrastructure/oauth2-proxy/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/oauth2-proxy/overlays/dev/kustomization.yaml rename to argocd/infrastructure/oauth2-proxy/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/oauth2-proxy/overlays/dev/values.yaml b/argocd/infrastructure/oauth2-proxy/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/oauth2-proxy/overlays/dev/values.yaml rename to argocd/infrastructure/oauth2-proxy/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/oauth2-proxy/overlays/prod/kustomization.yaml b/argocd/infrastructure/oauth2-proxy/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/oauth2-proxy/overlays/prod/kustomization.yaml rename to argocd/infrastructure/oauth2-proxy/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/oauth2-proxy/overlays/prod/values.yaml b/argocd/infrastructure/oauth2-proxy/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/oauth2-proxy/overlays/prod/values.yaml rename to argocd/infrastructure/oauth2-proxy/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/system-upgrade/base/k3s-agent.yaml b/argocd/infrastructure/system-upgrade/base/k3s-agent.yaml similarity index 100% rename from kubernetes/infrastructure/system-upgrade/base/k3s-agent.yaml rename to argocd/infrastructure/system-upgrade/base/k3s-agent.yaml diff --git a/kubernetes/infrastructure/system-upgrade/base/k3s-server.yaml b/argocd/infrastructure/system-upgrade/base/k3s-server.yaml similarity index 100% rename from kubernetes/infrastructure/system-upgrade/base/k3s-server.yaml rename to argocd/infrastructure/system-upgrade/base/k3s-server.yaml diff --git a/kubernetes/infrastructure/system-upgrade/base/kustomization.yaml b/argocd/infrastructure/system-upgrade/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/system-upgrade/base/kustomization.yaml rename to argocd/infrastructure/system-upgrade/base/kustomization.yaml diff --git a/kubernetes/infrastructure/system-upgrade/overlays/dev/kustomization.yaml b/argocd/infrastructure/system-upgrade/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/system-upgrade/overlays/dev/kustomization.yaml rename to argocd/infrastructure/system-upgrade/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/system-upgrade/overlays/prod/kustomization.yaml b/argocd/infrastructure/system-upgrade/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/system-upgrade/overlays/prod/kustomization.yaml rename to argocd/infrastructure/system-upgrade/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/tempo/base/kustomization.yaml b/argocd/infrastructure/tempo/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/tempo/base/kustomization.yaml rename to argocd/infrastructure/tempo/base/kustomization.yaml diff --git a/kubernetes/infrastructure/tempo/base/ns.yaml b/argocd/infrastructure/tempo/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/tempo/base/ns.yaml rename to argocd/infrastructure/tempo/base/ns.yaml diff --git a/kubernetes/infrastructure/tempo/base/tempo-externalsecret.yaml b/argocd/infrastructure/tempo/base/tempo-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/tempo/base/tempo-externalsecret.yaml rename to argocd/infrastructure/tempo/base/tempo-externalsecret.yaml diff --git a/kubernetes/infrastructure/tempo/base/values.yaml b/argocd/infrastructure/tempo/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/tempo/base/values.yaml rename to argocd/infrastructure/tempo/base/values.yaml diff --git a/kubernetes/infrastructure/tempo/overlays/dev/kustomization.yaml b/argocd/infrastructure/tempo/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/tempo/overlays/dev/kustomization.yaml rename to argocd/infrastructure/tempo/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/tempo/overlays/dev/values.yaml b/argocd/infrastructure/tempo/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/tempo/overlays/dev/values.yaml rename to argocd/infrastructure/tempo/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/tempo/overlays/prod/kustomization.yaml b/argocd/infrastructure/tempo/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/tempo/overlays/prod/kustomization.yaml rename to argocd/infrastructure/tempo/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/tempo/overlays/prod/values.yaml b/argocd/infrastructure/tempo/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/tempo/overlays/prod/values.yaml rename to argocd/infrastructure/tempo/overlays/prod/values.yaml diff --git a/kubernetes/infrastructure/velero/base/kustomization.yaml b/argocd/infrastructure/velero/base/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/velero/base/kustomization.yaml rename to argocd/infrastructure/velero/base/kustomization.yaml diff --git a/kubernetes/infrastructure/velero/base/ns.yaml b/argocd/infrastructure/velero/base/ns.yaml similarity index 100% rename from kubernetes/infrastructure/velero/base/ns.yaml rename to argocd/infrastructure/velero/base/ns.yaml diff --git a/kubernetes/infrastructure/velero/base/schedule.yaml b/argocd/infrastructure/velero/base/schedule.yaml similarity index 100% rename from kubernetes/infrastructure/velero/base/schedule.yaml rename to argocd/infrastructure/velero/base/schedule.yaml diff --git a/kubernetes/infrastructure/velero/base/servicemonitor.yaml b/argocd/infrastructure/velero/base/servicemonitor.yaml similarity index 100% rename from kubernetes/infrastructure/velero/base/servicemonitor.yaml rename to argocd/infrastructure/velero/base/servicemonitor.yaml diff --git a/kubernetes/infrastructure/velero/base/values.yaml b/argocd/infrastructure/velero/base/values.yaml similarity index 100% rename from kubernetes/infrastructure/velero/base/values.yaml rename to argocd/infrastructure/velero/base/values.yaml diff --git a/kubernetes/infrastructure/velero/base/velero-externalsecret.yaml b/argocd/infrastructure/velero/base/velero-externalsecret.yaml similarity index 100% rename from kubernetes/infrastructure/velero/base/velero-externalsecret.yaml rename to argocd/infrastructure/velero/base/velero-externalsecret.yaml diff --git a/kubernetes/infrastructure/velero/base/volume-snapshot.yaml b/argocd/infrastructure/velero/base/volume-snapshot.yaml similarity index 100% rename from kubernetes/infrastructure/velero/base/volume-snapshot.yaml rename to argocd/infrastructure/velero/base/volume-snapshot.yaml diff --git a/kubernetes/infrastructure/velero/overlays/dev/kustomization.yaml b/argocd/infrastructure/velero/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/velero/overlays/dev/kustomization.yaml rename to argocd/infrastructure/velero/overlays/dev/kustomization.yaml diff --git a/kubernetes/infrastructure/velero/overlays/dev/values.yaml b/argocd/infrastructure/velero/overlays/dev/values.yaml similarity index 100% rename from kubernetes/infrastructure/velero/overlays/dev/values.yaml rename to argocd/infrastructure/velero/overlays/dev/values.yaml diff --git a/kubernetes/infrastructure/velero/overlays/prod/kustomization.yaml b/argocd/infrastructure/velero/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/infrastructure/velero/overlays/prod/kustomization.yaml rename to argocd/infrastructure/velero/overlays/prod/kustomization.yaml diff --git a/kubernetes/infrastructure/velero/overlays/prod/values.yaml b/argocd/infrastructure/velero/overlays/prod/values.yaml similarity index 100% rename from kubernetes/infrastructure/velero/overlays/prod/values.yaml rename to argocd/infrastructure/velero/overlays/prod/values.yaml From 5f25a20c43250af4ab3703e13af63509c83babee Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 31 Jul 2024 17:22:36 +0200 Subject: [PATCH 002/130] fluxcd app boilerplate template --- kubernetes/fluxcd-app-template/app.yaml | 31 +++++++++++++++++ .../fluxcd-app-template/app/base/helm.yaml | 34 +++++++++++++++++++ .../app/base/kustomization.yaml | 12 +++++++ .../app/base/kustomizeconfig.yaml | 11 ++++++ .../fluxcd-app-template/app/base/ns.yaml | 4 +++ .../fluxcd-app-template/app/base/values.yaml | 1 + .../app/components/componentX/helm-patch.yaml | 6 ++++ .../components/componentX/kustomization.yaml | 16 +++++++++ .../app/components/componentX/values.yaml | 1 + .../app/overlays/dev/helm-patch.yaml | 6 ++++ .../app/overlays/dev/kustomization.yaml | 19 +++++++++++ .../app/overlays/dev/values.yaml | 1 + .../app/overlays/prod/helm-patch.yaml | 6 ++++ .../app/overlays/prod/kustomization.yaml | 23 +++++++++++++ .../app/overlays/prod/values.yaml | 1 + .../fluxcd-app-template/boilerplate.yml | 17 ++++++++++ .../config/base/kustomization.yaml | 5 +++ .../config/overlays/dev/kustomization.yaml | 6 ++++ .../config/overlays/prod/kustomization.yaml | 6 ++++ 19 files changed, 206 insertions(+) create mode 100644 kubernetes/fluxcd-app-template/app.yaml create mode 100644 kubernetes/fluxcd-app-template/app/base/helm.yaml create mode 100644 kubernetes/fluxcd-app-template/app/base/kustomization.yaml create mode 100644 kubernetes/fluxcd-app-template/app/base/kustomizeconfig.yaml create mode 100644 kubernetes/fluxcd-app-template/app/base/ns.yaml create mode 100644 kubernetes/fluxcd-app-template/app/base/values.yaml create mode 100644 kubernetes/fluxcd-app-template/app/components/componentX/helm-patch.yaml create mode 100644 kubernetes/fluxcd-app-template/app/components/componentX/kustomization.yaml create mode 100644 kubernetes/fluxcd-app-template/app/components/componentX/values.yaml create mode 100644 kubernetes/fluxcd-app-template/app/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/fluxcd-app-template/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/fluxcd-app-template/app/overlays/dev/values.yaml create mode 100644 kubernetes/fluxcd-app-template/app/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/fluxcd-app-template/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/fluxcd-app-template/app/overlays/prod/values.yaml create mode 100644 kubernetes/fluxcd-app-template/boilerplate.yml create mode 100644 kubernetes/fluxcd-app-template/config/base/kustomization.yaml create mode 100644 kubernetes/fluxcd-app-template/config/overlays/dev/kustomization.yaml create mode 100644 kubernetes/fluxcd-app-template/config/overlays/prod/kustomization.yaml diff --git a/kubernetes/fluxcd-app-template/app.yaml b/kubernetes/fluxcd-app-template/app.yaml new file mode 100644 index 00000000..9e423964 --- /dev/null +++ b/kubernetes/fluxcd-app-template/app.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: {{ .app_name }}-app + namespace: flux-system +spec: + interval: 5m + targetNamespace: kube-system + sourceRef: + kind: GitRepository + name: flux-system + path: ./kubernetes/platform/{{ .app_name }}/app/overlays/prod + prune: true + +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: {{ .app_name }}-config + namespace: flux-system +spec: + interval: 5m + targetNamespace: kube-system + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: {{ .app_name }}-app + path: ./kubernetes/platform/{{ .app_name }}/config/overlays/prod + prune: true \ No newline at end of file diff --git a/kubernetes/fluxcd-app-template/app/base/helm.yaml b/kubernetes/fluxcd-app-template/app/base/helm.yaml new file mode 100644 index 00000000..79e538bc --- /dev/null +++ b/kubernetes/fluxcd-app-template/app/base/helm.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: {{ .app_name }} +spec: + url: {{ .chart_repo_url }} + interval: 10m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: {{ .app_name }} +spec: + interval: 5m + chart: + spec: + chart: {{ .chart_name }} + version: {{ .chart_version }} + sourceRef: + kind: HelmRepository + name: {{ .app_name }} + upgrade: + remediation: + retries: 3 + remediateLastFailure: true + install: + remediation: + retries: 3 + remediateLastFailure: true + valuesFrom: + - kind: ConfigMap + name: {{ .app_name }}-helm-values + valuesKey: base-values.yaml \ No newline at end of file diff --git a/kubernetes/fluxcd-app-template/app/base/kustomization.yaml b/kubernetes/fluxcd-app-template/app/base/kustomization.yaml new file mode 100644 index 00000000..2fc62dd9 --- /dev/null +++ b/kubernetes/fluxcd-app-template/app/base/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - helm.yaml + +configMapGenerator: + - name: {{ .app_name }}-helm-values + files: + - base-values.yaml=values.yaml +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/fluxcd-app-template/app/base/kustomizeconfig.yaml b/kubernetes/fluxcd-app-template/app/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/fluxcd-app-template/app/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/fluxcd-app-template/app/base/ns.yaml b/kubernetes/fluxcd-app-template/app/base/ns.yaml new file mode 100644 index 00000000..65fa8f34 --- /dev/null +++ b/kubernetes/fluxcd-app-template/app/base/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .app_namespace }} diff --git a/kubernetes/fluxcd-app-template/app/base/values.yaml b/kubernetes/fluxcd-app-template/app/base/values.yaml new file mode 100644 index 00000000..bc2b992b --- /dev/null +++ b/kubernetes/fluxcd-app-template/app/base/values.yaml @@ -0,0 +1 @@ +# {{ .app_name }} helm values (base) diff --git a/kubernetes/fluxcd-app-template/app/components/componentX/helm-patch.yaml b/kubernetes/fluxcd-app-template/app/components/componentX/helm-patch.yaml new file mode 100644 index 00000000..b323f7ed --- /dev/null +++ b/kubernetes/fluxcd-app-template/app/components/componentX/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: {{ .app_name }}-helm-values + valuesKey: componentX-values.yaml diff --git a/kubernetes/fluxcd-app-template/app/components/componentX/kustomization.yaml b/kubernetes/fluxcd-app-template/app/components/componentX/kustomization.yaml new file mode 100644 index 00000000..2ab8c270 --- /dev/null +++ b/kubernetes/fluxcd-app-template/app/components/componentX/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# patch values.yaml? +configMapGenerator: + - name: {{ .app_name }}-helm-values + behavior: merge + files: + - componentX-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: {{ .app_name }} + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/fluxcd-app-template/app/components/componentX/values.yaml b/kubernetes/fluxcd-app-template/app/components/componentX/values.yaml new file mode 100644 index 00000000..088bb428 --- /dev/null +++ b/kubernetes/fluxcd-app-template/app/components/componentX/values.yaml @@ -0,0 +1 @@ +# {{ .app_name }} helm values (componentX) \ No newline at end of file diff --git a/kubernetes/fluxcd-app-template/app/overlays/dev/helm-patch.yaml b/kubernetes/fluxcd-app-template/app/overlays/dev/helm-patch.yaml new file mode 100644 index 00000000..4979721d --- /dev/null +++ b/kubernetes/fluxcd-app-template/app/overlays/dev/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: {{ .app_name }}-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/fluxcd-app-template/app/overlays/dev/kustomization.yaml b/kubernetes/fluxcd-app-template/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..ce697b7f --- /dev/null +++ b/kubernetes/fluxcd-app-template/app/overlays/dev/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: {{ .app_namespace }} + +resources: + - ../../base + +configMapGenerator: + - name: {{ .app_name }}-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: {{ .app_name }} + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/fluxcd-app-template/app/overlays/dev/values.yaml b/kubernetes/fluxcd-app-template/app/overlays/dev/values.yaml new file mode 100644 index 00000000..359a6906 --- /dev/null +++ b/kubernetes/fluxcd-app-template/app/overlays/dev/values.yaml @@ -0,0 +1 @@ +# {{ .app_name }} helm values (dev overlay) diff --git a/kubernetes/fluxcd-app-template/app/overlays/prod/helm-patch.yaml b/kubernetes/fluxcd-app-template/app/overlays/prod/helm-patch.yaml new file mode 100644 index 00000000..4979721d --- /dev/null +++ b/kubernetes/fluxcd-app-template/app/overlays/prod/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: {{ .app_name }}-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/fluxcd-app-template/app/overlays/prod/kustomization.yaml b/kubernetes/fluxcd-app-template/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..e6995cd4 --- /dev/null +++ b/kubernetes/fluxcd-app-template/app/overlays/prod/kustomization.yaml @@ -0,0 +1,23 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: nginx + +resources: + - ../../base + +components: + - ../../components/opentelemetry + - ../../components/loadbalancer + +configMapGenerator: + - name: {{ .app_name }}-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: {{ .app_name }} + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/fluxcd-app-template/app/overlays/prod/values.yaml b/kubernetes/fluxcd-app-template/app/overlays/prod/values.yaml new file mode 100644 index 00000000..ec6a3dac --- /dev/null +++ b/kubernetes/fluxcd-app-template/app/overlays/prod/values.yaml @@ -0,0 +1 @@ +# {{ .app_name }} helm values (prod overlay) diff --git a/kubernetes/fluxcd-app-template/boilerplate.yml b/kubernetes/fluxcd-app-template/boilerplate.yml new file mode 100644 index 00000000..15ca2df2 --- /dev/null +++ b/kubernetes/fluxcd-app-template/boilerplate.yml @@ -0,0 +1,17 @@ +variables: + - name: app_name + description: Enter application name + + - name: app_namespace + description: Enter application namespace + + - name: chart_repo_url + description: Enter chart repo URL + + - name: chart_name + description: Enter Chart name + + - name: chart_version + description: Enter chart version + + diff --git a/kubernetes/fluxcd-app-template/config/base/kustomization.yaml b/kubernetes/fluxcd-app-template/config/base/kustomization.yaml new file mode 100644 index 00000000..cddb2441 --- /dev/null +++ b/kubernetes/fluxcd-app-template/config/base/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: {{ .app_namespace }} + +resources: [] \ No newline at end of file diff --git a/kubernetes/fluxcd-app-template/config/overlays/dev/kustomization.yaml b/kubernetes/fluxcd-app-template/config/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..af15db0b --- /dev/null +++ b/kubernetes/fluxcd-app-template/config/overlays/dev/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: {{ .app_namespace }} + +resources: + - ../../base \ No newline at end of file diff --git a/kubernetes/fluxcd-app-template/config/overlays/prod/kustomization.yaml b/kubernetes/fluxcd-app-template/config/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..af15db0b --- /dev/null +++ b/kubernetes/fluxcd-app-template/config/overlays/prod/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: {{ .app_namespace }} + +resources: + - ../../base \ No newline at end of file From f9341d04a85642c50a07752051179ce6d4585495 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 31 Jul 2024 17:34:11 +0200 Subject: [PATCH 003/130] Install and bootstrap flux --- .../bootstrap/flux/kustomization.yaml | 4 ++ .../prod/flux-system/flux-cluster.yaml | 26 ++++++++++++ .../prod/flux-system/flux-installation.yaml | 42 +++++++++++++++++++ .../prod/flux-system/kustomization.yaml | 5 +++ 4 files changed, 77 insertions(+) create mode 100644 kubernetes/clusters/bootstrap/flux/kustomization.yaml create mode 100644 kubernetes/clusters/prod/flux-system/flux-cluster.yaml create mode 100644 kubernetes/clusters/prod/flux-system/flux-installation.yaml create mode 100644 kubernetes/clusters/prod/flux-system/kustomization.yaml diff --git a/kubernetes/clusters/bootstrap/flux/kustomization.yaml b/kubernetes/clusters/bootstrap/flux/kustomization.yaml new file mode 100644 index 00000000..2932ce67 --- /dev/null +++ b/kubernetes/clusters/bootstrap/flux/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - github.com/fluxcd/flux2/manifests/install?ref=v2.3.0 \ No newline at end of file diff --git a/kubernetes/clusters/prod/flux-system/flux-cluster.yaml b/kubernetes/clusters/prod/flux-system/flux-cluster.yaml new file mode 100644 index 00000000..e4820e72 --- /dev/null +++ b/kubernetes/clusters/prod/flux-system/flux-cluster.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: flux-system + namespace: flux-system +spec: + interval: 1m0s + ref: + branch: master + secretRef: + name: flux-system + url: https://github.com/ricsanfre/pi-cluster.git +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: flux-system + namespace: flux-system +spec: + interval: 10m0s + path: ./kubernetes/clusters/prod + prune: true + sourceRef: + kind: GitRepository + name: flux-system diff --git a/kubernetes/clusters/prod/flux-system/flux-installation.yaml b/kubernetes/clusters/prod/flux-system/flux-installation.yaml new file mode 100644 index 00000000..5bf1df50 --- /dev/null +++ b/kubernetes/clusters/prod/flux-system/flux-installation.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: flux-installation + namespace: flux-system +spec: + interval: 10m + ref: + # renovate: datasource=github-releases depName=fluxcd/flux2 + tag: "v2.3.0" + url: https://github.com/fluxcd/flux2 + ignore: | + # exclude all + /* + # path to manifests + !/manifests +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: flux-installation + namespace: flux-system +spec: + interval: 10m + path: ./manifests/install + prune: true + wait: true + sourceRef: + kind: GitRepository + name: flux-installation + patches: + - target: + group: networking.k8s.io + version: v1 + kind: NetworkPolicy + patch: |- + $patch: delete + apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: not-used \ No newline at end of file diff --git a/kubernetes/clusters/prod/flux-system/kustomization.yaml b/kubernetes/clusters/prod/flux-system/kustomization.yaml new file mode 100644 index 00000000..79c81776 --- /dev/null +++ b/kubernetes/clusters/prod/flux-system/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - flux-installation.yaml + - flux-cluster.yaml \ No newline at end of file From b4cc9c7be27d46778485e677300061a634a8cba4 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Thu, 1 Aug 2024 17:18:47 +0200 Subject: [PATCH 004/130] Fixing error in fluxcd application template --- .../app/components/componentX/values.yaml | 2 +- .../fluxcd-app-template/app/overlays/prod/kustomization.yaml | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/kubernetes/fluxcd-app-template/app/components/componentX/values.yaml b/kubernetes/fluxcd-app-template/app/components/componentX/values.yaml index 088bb428..fcb5b996 100644 --- a/kubernetes/fluxcd-app-template/app/components/componentX/values.yaml +++ b/kubernetes/fluxcd-app-template/app/components/componentX/values.yaml @@ -1 +1 @@ -# {{ .app_name }} helm values (componentX) \ No newline at end of file +# {{ .app_name }} helm values (componentX) diff --git a/kubernetes/fluxcd-app-template/app/overlays/prod/kustomization.yaml b/kubernetes/fluxcd-app-template/app/overlays/prod/kustomization.yaml index e6995cd4..a35e23bd 100644 --- a/kubernetes/fluxcd-app-template/app/overlays/prod/kustomization.yaml +++ b/kubernetes/fluxcd-app-template/app/overlays/prod/kustomization.yaml @@ -1,13 +1,12 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: nginx +namespace: {{ .app_namespace }} resources: - ../../base components: - - ../../components/opentelemetry - - ../../components/loadbalancer + - ../../components/componentX configMapGenerator: - name: {{ .app_name }}-helm-values From 1cedf0b8cdc7436a43b81e71d58bbd65046d3577 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Thu, 1 Aug 2024 17:19:54 +0200 Subject: [PATCH 005/130] Adding Cilium flux application --- kubernetes/platform/cilium/app/base/helm.yaml | 34 ++++++++++++++++ .../cilium/app/base/kustomization.yaml | 11 ++++++ .../cilium/app/base/kustomizeconfig.yaml | 11 ++++++ .../platform/cilium/app/base/values.yaml | 39 +++++++++++++++++++ .../components/istio-config/helm-patch.yaml | 6 +++ .../istio-config/kustomization.yaml | 15 +++++++ .../app/components/istio-config/values.yaml | 11 ++++++ .../cilium/app/overlays/dev/helm-patch.yaml | 6 +++ .../app/overlays/dev/kustomization.yaml | 11 ++++++ .../cilium/app/overlays/dev/values.yaml | 5 +++ .../cilium/app/overlays/prod/helm-patch.yaml | 6 +++ .../app/overlays/prod/kustomization.yaml | 22 +++++++++++ .../cilium/app/overlays/prod/values.yaml | 1 + .../base/cilium-l2-announcement-policy.yaml | 8 ++++ .../cilium/config/base/ip-pool-lb.yaml | 10 +++++ .../cilium/config/base/kustomization.yaml | 6 +++ .../config/overlays/dev/ip-pool-lb.yaml | 10 +++++ .../config/overlays/dev/kustomization.yaml | 8 ++++ .../config/overlays/prod/kustomization.yaml | 6 +++ 19 files changed, 226 insertions(+) create mode 100644 kubernetes/platform/cilium/app/base/helm.yaml create mode 100644 kubernetes/platform/cilium/app/base/kustomization.yaml create mode 100644 kubernetes/platform/cilium/app/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/cilium/app/base/values.yaml create mode 100644 kubernetes/platform/cilium/app/components/istio-config/helm-patch.yaml create mode 100644 kubernetes/platform/cilium/app/components/istio-config/kustomization.yaml create mode 100644 kubernetes/platform/cilium/app/components/istio-config/values.yaml create mode 100644 kubernetes/platform/cilium/app/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/cilium/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/cilium/app/overlays/dev/values.yaml create mode 100644 kubernetes/platform/cilium/app/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/cilium/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/cilium/app/overlays/prod/values.yaml create mode 100644 kubernetes/platform/cilium/config/base/cilium-l2-announcement-policy.yaml create mode 100644 kubernetes/platform/cilium/config/base/ip-pool-lb.yaml create mode 100644 kubernetes/platform/cilium/config/base/kustomization.yaml create mode 100644 kubernetes/platform/cilium/config/overlays/dev/ip-pool-lb.yaml create mode 100644 kubernetes/platform/cilium/config/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/cilium/config/overlays/prod/kustomization.yaml diff --git a/kubernetes/platform/cilium/app/base/helm.yaml b/kubernetes/platform/cilium/app/base/helm.yaml new file mode 100644 index 00000000..02519980 --- /dev/null +++ b/kubernetes/platform/cilium/app/base/helm.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: cilium +spec: + url: https://helm.cilium.io/ + interval: 10m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cilium +spec: + interval: 5m + chart: + spec: + chart: cilium + version: 1.16.0 + sourceRef: + kind: HelmRepository + name: cilium + upgrade: + remediation: + retries: 3 + remediateLastFailure: true + install: + remediation: + retries: 3 + remediateLastFailure: true + valuesFrom: + - kind: ConfigMap + name: cilium--helm-values + valuesKey: base-values.yaml diff --git a/kubernetes/platform/cilium/app/base/kustomization.yaml b/kubernetes/platform/cilium/app/base/kustomization.yaml new file mode 100644 index 00000000..9e01fbc5 --- /dev/null +++ b/kubernetes/platform/cilium/app/base/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm.yaml + +configMapGenerator: + - name: cilium-helm-values + files: + - values.yaml +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/platform/cilium/app/base/kustomizeconfig.yaml b/kubernetes/platform/cilium/app/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/platform/cilium/app/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/platform/cilium/app/base/values.yaml b/kubernetes/platform/cilium/app/base/values.yaml new file mode 100644 index 00000000..a5a3e964 --- /dev/null +++ b/kubernetes/platform/cilium/app/base/values.yaml @@ -0,0 +1,39 @@ +# cilium helm values (base) + +# Increase the k8s api client rate limit to avoid being limited due to increased API usage +k8sClientRateLimit: + qps: 50 + burst: 200 + + +# Avoid having to manually restart the Cilium pods on config changes +operator: + replicas: 1 # Uncomment this if you only have one node + rollOutPods: true + + # Install operator on master node + nodeSelector: + node-role.kubernetes.io/master: "true" + +rollOutCiliumPods: true + +# K8s API service +k8sServiceHost: 10.0.0.11 +k8sServicePort: 6443 + +# Replace Kube-proxy +kubeProxyReplacement: true +kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256 + +# -- Configure IP Address Management mode. +# ref: https://docs.cilium.io/en/stable/network/concepts/ipam/ +ipam: + operator: + clusterPoolIPv4PodCIDRList: "10.42.0.0/16" + +l2announcements: + enabled: true + +externalIPs: + enabled: true + diff --git a/kubernetes/platform/cilium/app/components/istio-config/helm-patch.yaml b/kubernetes/platform/cilium/app/components/istio-config/helm-patch.yaml new file mode 100644 index 00000000..ed119599 --- /dev/null +++ b/kubernetes/platform/cilium/app/components/istio-config/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: cilium-helm-values + valuesKey: istio-config-values.yaml diff --git a/kubernetes/platform/cilium/app/components/istio-config/kustomization.yaml b/kubernetes/platform/cilium/app/components/istio-config/kustomization.yaml new file mode 100644 index 00000000..d92a3a0c --- /dev/null +++ b/kubernetes/platform/cilium/app/components/istio-config/kustomization.yaml @@ -0,0 +1,15 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +configMapGenerator: + - name: cilium-helm-values + behavior: merge + files: + - istio-config-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: cilium + path: helm-patch.yaml diff --git a/kubernetes/platform/cilium/app/components/istio-config/values.yaml b/kubernetes/platform/cilium/app/components/istio-config/values.yaml new file mode 100644 index 00000000..74504c0d --- /dev/null +++ b/kubernetes/platform/cilium/app/components/istio-config/values.yaml @@ -0,0 +1,11 @@ +# cilium helm values (istio-config) + +# Istio configuration +# https://docs.cilium.io/en/latest/network/servicemesh/istio/ +# Disable socket lb for non-root ns. This is used to enable Istio routing rules +socketLB: + hostNamespaceOnly: true +# Istio uses a CNI plugin to implement functionality for both sidecar and ambient modes. +# To ensure that Cilium does not interfere with other CNI plugins on the node, +cni: + exclusive: false \ No newline at end of file diff --git a/kubernetes/platform/cilium/app/overlays/dev/helm-patch.yaml b/kubernetes/platform/cilium/app/overlays/dev/helm-patch.yaml new file mode 100644 index 00000000..0dc1606b --- /dev/null +++ b/kubernetes/platform/cilium/app/overlays/dev/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: cilium-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/cilium/app/overlays/dev/kustomization.yaml b/kubernetes/platform/cilium/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..651c7c91 --- /dev/null +++ b/kubernetes/platform/cilium/app/overlays/dev/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system + +resources: + - ../../base + +configMapGenerator: + - name: cilium-overlay-values + files: + - values.yaml=values.yaml \ No newline at end of file diff --git a/kubernetes/platform/cilium/app/overlays/dev/values.yaml b/kubernetes/platform/cilium/app/overlays/dev/values.yaml new file mode 100644 index 00000000..2bd5337b --- /dev/null +++ b/kubernetes/platform/cilium/app/overlays/dev/values.yaml @@ -0,0 +1,5 @@ +# cilium helm values (dev overlay) + +# K8s API service +k8sServiceHost: picluster-control-plane + diff --git a/kubernetes/platform/cilium/app/overlays/prod/helm-patch.yaml b/kubernetes/platform/cilium/app/overlays/prod/helm-patch.yaml new file mode 100644 index 00000000..0dc1606b --- /dev/null +++ b/kubernetes/platform/cilium/app/overlays/prod/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: cilium-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/cilium/app/overlays/prod/kustomization.yaml b/kubernetes/platform/cilium/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..1520f54d --- /dev/null +++ b/kubernetes/platform/cilium/app/overlays/prod/kustomization.yaml @@ -0,0 +1,22 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system + +resources: + - ../../base + +components: + - ../../components/istio-config + +configMapGenerator: + - name: cilium-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: cilium + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/cilium/app/overlays/prod/values.yaml b/kubernetes/platform/cilium/app/overlays/prod/values.yaml new file mode 100644 index 00000000..4fb8f830 --- /dev/null +++ b/kubernetes/platform/cilium/app/overlays/prod/values.yaml @@ -0,0 +1 @@ +# cilium helm values (prod overlay) diff --git a/kubernetes/platform/cilium/config/base/cilium-l2-announcement-policy.yaml b/kubernetes/platform/cilium/config/base/cilium-l2-announcement-policy.yaml new file mode 100644 index 00000000..b9f42f44 --- /dev/null +++ b/kubernetes/platform/cilium/config/base/cilium-l2-announcement-policy.yaml @@ -0,0 +1,8 @@ +apiVersion: cilium.io/v2alpha1 +kind: CiliumL2AnnouncementPolicy +metadata: + name: default-l2-announcement-policy + namespace: kube-system +spec: + externalIPs: true + loadBalancerIPs: true \ No newline at end of file diff --git a/kubernetes/platform/cilium/config/base/ip-pool-lb.yaml b/kubernetes/platform/cilium/config/base/ip-pool-lb.yaml new file mode 100644 index 00000000..2edc4594 --- /dev/null +++ b/kubernetes/platform/cilium/config/base/ip-pool-lb.yaml @@ -0,0 +1,10 @@ +# ip-pool.yaml +apiVersion: "cilium.io/v2alpha1" +kind: CiliumLoadBalancerIPPool +metadata: + name: "first-pool" + namespace: kube-system +spec: + blocks: + - start: "10.0.0.100" + stop: "10.0.0.200" \ No newline at end of file diff --git a/kubernetes/platform/cilium/config/base/kustomization.yaml b/kubernetes/platform/cilium/config/base/kustomization.yaml new file mode 100644 index 00000000..1d46966a --- /dev/null +++ b/kubernetes/platform/cilium/config/base/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - cilium-l2-announcement-policy.yaml + - ip-pool-lb.yaml diff --git a/kubernetes/platform/cilium/config/overlays/dev/ip-pool-lb.yaml b/kubernetes/platform/cilium/config/overlays/dev/ip-pool-lb.yaml new file mode 100644 index 00000000..355f60f6 --- /dev/null +++ b/kubernetes/platform/cilium/config/overlays/dev/ip-pool-lb.yaml @@ -0,0 +1,10 @@ +# ip-pool.yaml +apiVersion: "cilium.io/v2alpha1" +kind: CiliumLoadBalancerIPPool +metadata: + name: "first-pool" + namespace: kube-system +spec: + blocks: + - start: "172.19.200.1" + stop: "172.19.200.254" \ No newline at end of file diff --git a/kubernetes/platform/cilium/config/overlays/dev/kustomization.yaml b/kubernetes/platform/cilium/config/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..936dfd69 --- /dev/null +++ b/kubernetes/platform/cilium/config/overlays/dev/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +patches: +- path: ip-pool-lb.yaml \ No newline at end of file diff --git a/kubernetes/platform/cilium/config/overlays/prod/kustomization.yaml b/kubernetes/platform/cilium/config/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..403486da --- /dev/null +++ b/kubernetes/platform/cilium/config/overlays/prod/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + From fc85f4cd42649f7cafbbe68e04436c7c4eddb022 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Thu, 1 Aug 2024 17:25:59 +0200 Subject: [PATCH 006/130] Adding coredns flux app --- .../platform/coredns/app/base/helm.yaml | 34 +++++++++++++++ .../coredns/app/base/kustomization.yaml | 12 ++++++ .../coredns/app/base/kustomizeconfig.yaml | 11 +++++ .../platform/coredns/app/base/values.yaml | 41 +++++++++++++++++++ .../coredns/app/overlays/dev/helm-patch.yaml | 6 +++ .../app/overlays/dev/kustomization.yaml | 19 +++++++++ .../coredns/app/overlays/dev/values.yaml | 1 + .../coredns/app/overlays/prod/helm-patch.yaml | 6 +++ .../app/overlays/prod/kustomization.yaml | 19 +++++++++ .../coredns/app/overlays/prod/values.yaml | 1 + 10 files changed, 150 insertions(+) create mode 100644 kubernetes/platform/coredns/app/base/helm.yaml create mode 100644 kubernetes/platform/coredns/app/base/kustomization.yaml create mode 100644 kubernetes/platform/coredns/app/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/coredns/app/base/values.yaml create mode 100644 kubernetes/platform/coredns/app/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/coredns/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/coredns/app/overlays/dev/values.yaml create mode 100644 kubernetes/platform/coredns/app/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/coredns/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/coredns/app/overlays/prod/values.yaml diff --git a/kubernetes/platform/coredns/app/base/helm.yaml b/kubernetes/platform/coredns/app/base/helm.yaml new file mode 100644 index 00000000..36de3ab2 --- /dev/null +++ b/kubernetes/platform/coredns/app/base/helm.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: coredns +spec: + url: https://coredns.github.io/helm + interval: 10m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: coredns +spec: + interval: 5m + chart: + spec: + chart: coredns + version: 1.31.0 + sourceRef: + kind: HelmRepository + name: coredns + upgrade: + remediation: + retries: 3 + remediateLastFailure: true + install: + remediation: + retries: 3 + remediateLastFailure: true + valuesFrom: + - kind: ConfigMap + name: coredns-helm-values + valuesKey: base-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/coredns/app/base/kustomization.yaml b/kubernetes/platform/coredns/app/base/kustomization.yaml new file mode 100644 index 00000000..1bc62391 --- /dev/null +++ b/kubernetes/platform/coredns/app/base/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - helm.yaml + +configMapGenerator: + - name: coredns-helm-values + files: + - base-values.yaml=values.yaml +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/platform/coredns/app/base/kustomizeconfig.yaml b/kubernetes/platform/coredns/app/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/platform/coredns/app/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/platform/coredns/app/base/values.yaml b/kubernetes/platform/coredns/app/base/values.yaml new file mode 100644 index 00000000..ace1c9ba --- /dev/null +++ b/kubernetes/platform/coredns/app/base/values.yaml @@ -0,0 +1,41 @@ +# coredns helm values (base) + +replicaCount: 3 +k8sAppLabelOverride: kube-dns +serviceAccount: + create: true +service: + name: kube-dns + clusterIP: 10.43.0.10 + +# Default zone is what Kubernetes recommends: +# https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#coredns-configmap-options +servers: +- zones: + - zone: . + port: 53 + plugins: + - name: errors + # Serves a /health endpoint on :8080, required for livenessProbe + - name: health + configBlock: |- + lameduck 5s + # Serves a /ready endpoint on :8181, required for readinessProbe + - name: ready + # Required to query kubernetes API for data + - name: kubernetes + parameters: cluster.local in-addr.arpa ip6.arpa + configBlock: |- + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + # Serves a /metrics endpoint on :9153, required for serviceMonitor + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . /etc/resolv.conf + - name: cache + parameters: 30 + - name: loop + - name: reload + - name: loadbalance \ No newline at end of file diff --git a/kubernetes/platform/coredns/app/overlays/dev/helm-patch.yaml b/kubernetes/platform/coredns/app/overlays/dev/helm-patch.yaml new file mode 100644 index 00000000..25916b98 --- /dev/null +++ b/kubernetes/platform/coredns/app/overlays/dev/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: coredns-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/coredns/app/overlays/dev/kustomization.yaml b/kubernetes/platform/coredns/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..e922b9d4 --- /dev/null +++ b/kubernetes/platform/coredns/app/overlays/dev/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system + +resources: + - ../../base + +configMapGenerator: + - name: coredns-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: coredns + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/coredns/app/overlays/dev/values.yaml b/kubernetes/platform/coredns/app/overlays/dev/values.yaml new file mode 100644 index 00000000..58e2d5eb --- /dev/null +++ b/kubernetes/platform/coredns/app/overlays/dev/values.yaml @@ -0,0 +1 @@ +# coredns helm values (dev overlay) diff --git a/kubernetes/platform/coredns/app/overlays/prod/helm-patch.yaml b/kubernetes/platform/coredns/app/overlays/prod/helm-patch.yaml new file mode 100644 index 00000000..25916b98 --- /dev/null +++ b/kubernetes/platform/coredns/app/overlays/prod/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: coredns-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/coredns/app/overlays/prod/kustomization.yaml b/kubernetes/platform/coredns/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..e922b9d4 --- /dev/null +++ b/kubernetes/platform/coredns/app/overlays/prod/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system + +resources: + - ../../base + +configMapGenerator: + - name: coredns-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: coredns + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/coredns/app/overlays/prod/values.yaml b/kubernetes/platform/coredns/app/overlays/prod/values.yaml new file mode 100644 index 00000000..3b05f1db --- /dev/null +++ b/kubernetes/platform/coredns/app/overlays/prod/values.yaml @@ -0,0 +1 @@ +# coredns helm values (prod overlay) From 256e2e6f16ae35ca862485119ae1c3598da185c0 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Thu, 1 Aug 2024 17:32:49 +0200 Subject: [PATCH 007/130] Adding helmfile bootstraping config file --- kubernetes/clusters/bootstrap/helmfile.yaml | 38 +++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 kubernetes/clusters/bootstrap/helmfile.yaml diff --git a/kubernetes/clusters/bootstrap/helmfile.yaml b/kubernetes/clusters/bootstrap/helmfile.yaml new file mode 100644 index 00000000..18734689 --- /dev/null +++ b/kubernetes/clusters/bootstrap/helmfile.yaml @@ -0,0 +1,38 @@ +helmDefaults: + wait: true + waitForJobs: true + timeout: 600 + recreatePods: true + force: true + +repositories: + - name: cilium + url: https://helm.cilium.io + - name: prometheus-community + url: https://prometheus-community.github.io/helm-charts + - name: coredns + url: https://coredns.github.io/helm + +releases: + - name: prometheus-operator-crds + namespace: kube-system + chart: prometheus-community/prometheus-operator-crds + version: 13.0.2 + - name: cilium + namespace: kube-system + chart: cilium/cilium + version: 1.16.0 + values: + - ../../platform/cilium/app/base/values.yaml + - ../../platform/cilium/app/overlays/dev/values.yaml + needs: + - kube-system/prometheus-operator-crds + - name: cordns + namespace: kube-system + chart: coredns/coredns + version: 1.31.0 + values: + - ../../platform/coredns/app/base/values.yaml + needs: + - kube-system/prometheus-operator-crds + - kube-system/cilium \ No newline at end of file From 2a15ad89cb5a19fda668d55ba5a891c95cc5bf31 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Mon, 19 Aug 2024 11:01:06 +0200 Subject: [PATCH 008/130] Disabling k3s helmcontroller and add-ons --- ansible/vars/picluster.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ansible/vars/picluster.yml b/ansible/vars/picluster.yml index 1ac407aa..28cddc96 100644 --- a/ansible/vars/picluster.yml +++ b/ansible/vars/picluster.yml @@ -31,9 +31,11 @@ k3s_kubelet_config: | # --flannel-backend=none # --disable-kube-proxy # --disable-network-policy +# --disable-helm-controller # --disable 'servicelb' # --disable 'traefik' # --disable 'local-storage' +# --disable 'coredns' # --node-taint 'node-role.kubernetes.io/control-plane:NoSchedule' # --kube-controller-manager-arg 'bind-address=0.0.0.0' # --kube-proxy-arg 'metrics-bind-address=0.0.0.0' @@ -45,14 +47,19 @@ k3s_server_config: # Disable Flannel CNI flannel-backend: none disable-network-policy: true + # Disable Helm Controller + disable-helm-controller: true # Disable kube-proxy (using cilium kube-proxy replacement) disable-kube-proxy: true tls-san: - "{{ k3s_api_vip }}" # IP to HAProxy + # Disable K3s addons: coredns, local path, servicelb, traefik and metric-server disable: + - coredns - local-storage - servicelb - traefik + - metric-server write-kubeconfig-mode: 644 node-taint: - 'node-role.kubernetes.io/control-plane:NoSchedule' From 8f45399c4e8847cc8968f063f179570d523f479a Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Mon, 19 Aug 2024 11:04:22 +0200 Subject: [PATCH 009/130] Adding istio component to cilium kustomize app --- kubernetes/clusters/bootstrap/helmfile.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/kubernetes/clusters/bootstrap/helmfile.yaml b/kubernetes/clusters/bootstrap/helmfile.yaml index 18734689..1f3df9e9 100644 --- a/kubernetes/clusters/bootstrap/helmfile.yaml +++ b/kubernetes/clusters/bootstrap/helmfile.yaml @@ -24,6 +24,7 @@ releases: version: 1.16.0 values: - ../../platform/cilium/app/base/values.yaml + - ../../platform/cilium/app/components/values.yaml - ../../platform/cilium/app/overlays/dev/values.yaml needs: - kube-system/prometheus-operator-crds From c9ab9cf1c6cd79b9f664103c46f6787cdc185ffe Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Mon, 19 Aug 2024 13:24:35 +0200 Subject: [PATCH 010/130] Bootstrap ansible playbook update to use FluxCD instead of ArgoCD --- ansible-runner/Dockerfile | 6 ++++ ansible/create_vault_credentials.yml | 3 ++ ansible/k3s_bootstrap.yml | 19 +++++++---- ansible/tasks/cilium_config.yaml | 34 +++++++++++++++++++ ansible/tasks/fluxcd_bootstrap.yaml | 24 +++++++++++++ ansible/vars/picluster.yml | 2 +- ansible/vars/vault.yml.j2 | 4 +++ .../prod/flux-system/flux-cluster.yaml | 2 +- 8 files changed, 86 insertions(+), 8 deletions(-) create mode 100644 ansible/tasks/cilium_config.yaml create mode 100644 ansible/tasks/fluxcd_bootstrap.yaml diff --git a/ansible-runner/Dockerfile b/ansible-runner/Dockerfile index 474e0207..7661d091 100644 --- a/ansible-runner/Dockerfile +++ b/ansible-runner/Dockerfile @@ -1,3 +1,6 @@ +FROM ghcr.io/helmfile/helmfile:v0.167.1 AS helmfile + + FROM python:slim ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=--ignore-certs ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS=--ignore-certs @@ -23,6 +26,9 @@ RUN ANSIBLE_GALAXY_DISABLE_GPG_VERIFY=1 ansible-galaxy collection install $ANSIB # Configure ansible-runner RUN ansible-playbook ansible_runner_setup.yml +# Copy helmfile +COPY --from=helmfile /usr/local/bin/helmfile /usr/local/bin/helmfile + ENV USER runner ENV FOLDER /home/runner diff --git a/ansible/create_vault_credentials.yml b/ansible/create_vault_credentials.yml index f3c85e05..d30e3d8b 100644 --- a/ansible/create_vault_credentials.yml +++ b/ansible/create_vault_credentials.yml @@ -4,6 +4,9 @@ hosts: localhost vars_prompt: + - name: github_pat + prompt: Enter Github PAT + private: true - name: ionos_public_prefix prompt: Enter IONOS public prefix private: true diff --git a/ansible/k3s_bootstrap.yml b/ansible/k3s_bootstrap.yml index 5cd81cf9..a4b15222 100644 --- a/ansible/k3s_bootstrap.yml +++ b/ansible/k3s_bootstrap.yml @@ -55,17 +55,24 @@ overlay: "prod" when: overlay is undefined - - name: Install CRDs - include_tasks: tasks/crds_install.yml + - name: Install cilium and coreDNS + become: false + shell: | + set -o pipefail + helmfile --quiet --file ../kubernetes/clusters/bootstrap/helmfile.yaml apply --skip-diff-on-install --suppress-diff + args: + executable: /bin/bash + register: output + changed_when: true - - name: Install Cilium CNI - include_tasks: tasks/cilium_install.yml + - name: Config Cilium CNI + include_tasks: tasks/cilium_config.yml - name: Configure Vault integration include_tasks: tasks/configure_vault_integration.yml - - name: ArgoCD bootstrap - include_tasks: tasks/argocd_bootstrap.yml + - name: Flux bootstrap + include_tasks: tasks/flux_bootstrap.yml - name: Install cli utils. include_tasks: tasks/install_cli_utils.yml diff --git a/ansible/tasks/cilium_config.yaml b/ansible/tasks/cilium_config.yaml new file mode 100644 index 00000000..b449ffcd --- /dev/null +++ b/ansible/tasks/cilium_config.yaml @@ -0,0 +1,34 @@ +--- + +- name: "Wait for K3S worker nodes to be ready. Nodes Ready status when Cilium has been installed" + command: + cmd: "kubectl get nodes {{ item }}" + register: nodes + until: + - '" Ready " in nodes.stdout' + retries: 10 + delay: 60 + with_items: "{{ groups['k3s_worker'] }}" + +- name: Wait for Cilium CRDs to be ready + become: false + shell: | + set -o pipefail + while ! kubectl wait --for condition=established --timeout=60s crd/ciliuml2announcementpolicies.cilium.io crd/ciliuml2announcementpolicies.cilium.io + do + sleep 10 + done + args: + executable: /bin/bash + changed_when: false + +- name: Cilium configuration + become: false + shell: | + set -o pipefail + kubectl kustomize --enable-helm --load-restrictor=LoadRestrictionsNone \ + ../kubernetes/platform/cilium-config/overlays/"{{overlay}}" | kubectl apply -f - + args: + executable: /bin/bash + register: output + changed_when: true diff --git a/ansible/tasks/fluxcd_bootstrap.yaml b/ansible/tasks/fluxcd_bootstrap.yaml new file mode 100644 index 00000000..115caa52 --- /dev/null +++ b/ansible/tasks/fluxcd_bootstrap.yaml @@ -0,0 +1,24 @@ +--- + +- name: Deploy Flux CD + shell: | + kubectl kustomize --enable-helm --load-restrictor=LoadRestrictionsNone \ + ../kubernetes/clusters/bootstrap/flux | kubectl apply -f - + args: + executable: /bin/bash + +- name: Create Github secret + shell: | + kubectl create secret generic flux-system -n flux-system \ + --from-literal=username=git \ + --from-literal=password="{{github_pat}}" + args: + executable: /bin/bash + changed_when: false + +- name: Bootstrap applications + shell: | + kubectl kustomize --enable-helm --load-restrictor=LoadRestrictionsNone \ + ../kubernetes/clusters/"{{overlay}}"/flux-system | kubectl apply -f - + args: + executable: /bin/bash diff --git a/ansible/vars/picluster.yml b/ansible/vars/picluster.yml index 28cddc96..381894ad 100644 --- a/ansible/vars/picluster.yml +++ b/ansible/vars/picluster.yml @@ -59,7 +59,7 @@ k3s_server_config: - local-storage - servicelb - traefik - - metric-server + - metrics-server write-kubeconfig-mode: 644 node-taint: - 'node-role.kubernetes.io/control-plane:NoSchedule' diff --git a/ansible/vars/vault.yml.j2 b/ansible/vars/vault.yml.j2 index 1582e645..295accc7 100644 --- a/ansible/vars/vault.yml.j2 +++ b/ansible/vars/vault.yml.j2 @@ -10,6 +10,10 @@ vault: cluster: k3s: token: {{ k3s_token }} + # Flux secret + flux: + github: + pat: {{ github_pat }} # Ingress secrets ingress: admin: diff --git a/kubernetes/clusters/prod/flux-system/flux-cluster.yaml b/kubernetes/clusters/prod/flux-system/flux-cluster.yaml index e4820e72..11132cce 100644 --- a/kubernetes/clusters/prod/flux-system/flux-cluster.yaml +++ b/kubernetes/clusters/prod/flux-system/flux-cluster.yaml @@ -7,7 +7,7 @@ metadata: spec: interval: 1m0s ref: - branch: master + branch: flux secretRef: name: flux-system url: https://github.com/ricsanfre/pi-cluster.git From a6feaa3ffda3e6fbd57c338f5ff73815b4c2ab5f Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Mon, 19 Aug 2024 14:59:07 +0200 Subject: [PATCH 011/130] Adding helmfile to ansible runner docker image --- ansible-runner/Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ansible-runner/Dockerfile b/ansible-runner/Dockerfile index 7661d091..c6e583c5 100644 --- a/ansible-runner/Dockerfile +++ b/ansible-runner/Dockerfile @@ -5,7 +5,7 @@ FROM python:slim ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=--ignore-certs ARG ANSIBLE_GALAXY_CLI_ROLE_OPTS=--ignore-certs RUN apt-get update -qq && \ - apt-get install sudo git apt-utils python3-pip pwgen gnupg -y && \ + apt-get install sudo git apt-utils python3-pip pwgen gnupg curl -y && \ apt-get clean && \ rm -rf /usr/share/doc/* /usr/share/man/* /var/lib/apt/lists/* /tmp/* /var/tmp/* @@ -29,7 +29,6 @@ RUN ansible-playbook ansible_runner_setup.yml # Copy helmfile COPY --from=helmfile /usr/local/bin/helmfile /usr/local/bin/helmfile - ENV USER runner ENV FOLDER /home/runner RUN /usr/sbin/groupadd $USER && \ @@ -45,6 +44,9 @@ RUN for dir in \ USER $USER +# Install helmfile helm plugins +RUN helmfile init --force + RUN echo "export GPG_TTY=\$(tty)" >> /home/runner/.bashrc WORKDIR /runner \ No newline at end of file From f5f267451a8d9e41304fb05b9e4b6d6e4a504b30 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Mon, 19 Aug 2024 15:00:27 +0200 Subject: [PATCH 012/130] Configuring helmfile with prod paths --- kubernetes/clusters/bootstrap/helmfile.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/clusters/bootstrap/helmfile.yaml b/kubernetes/clusters/bootstrap/helmfile.yaml index 1f3df9e9..76d4778b 100644 --- a/kubernetes/clusters/bootstrap/helmfile.yaml +++ b/kubernetes/clusters/bootstrap/helmfile.yaml @@ -24,8 +24,8 @@ releases: version: 1.16.0 values: - ../../platform/cilium/app/base/values.yaml - - ../../platform/cilium/app/components/values.yaml - - ../../platform/cilium/app/overlays/dev/values.yaml + - ../../platform/cilium/app/components/istio-config/values.yaml + - ../../platform/cilium/app/overlays/prod/values.yaml needs: - kube-system/prometheus-operator-crds - name: cordns From 014544084a1838ca461f0688442e542cea3ece6c Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Mon, 19 Aug 2024 18:12:19 +0200 Subject: [PATCH 013/130] Adding vault configuration during cluster bootstrap --- ansible/tasks/configure_vault_integration.yml | 2 +- .../bootstrap/vault/base/kustomization.yaml | 7 +++ .../clusters/bootstrap/vault/base/ns.yaml | 4 ++ .../vault/base/vault-auth-serviceaccount.yaml | 51 +++++++++++++++++++ .../vault/overlays/dev/kustomization.yaml | 5 ++ .../vault/overlays/prod/kustomization.yaml | 5 ++ 6 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 kubernetes/clusters/bootstrap/vault/base/kustomization.yaml create mode 100644 kubernetes/clusters/bootstrap/vault/base/ns.yaml create mode 100644 kubernetes/clusters/bootstrap/vault/base/vault-auth-serviceaccount.yaml create mode 100644 kubernetes/clusters/bootstrap/vault/overlays/dev/kustomization.yaml create mode 100644 kubernetes/clusters/bootstrap/vault/overlays/prod/kustomization.yaml diff --git a/ansible/tasks/configure_vault_integration.yml b/ansible/tasks/configure_vault_integration.yml index 4faf6bdb..5eb0ac31 100644 --- a/ansible/tasks/configure_vault_integration.yml +++ b/ansible/tasks/configure_vault_integration.yml @@ -5,7 +5,7 @@ shell: | set -o pipefail kubectl kustomize --enable-helm --load-restrictor=LoadRestrictionsNone \ - ../kubernetes/bootstrap/vault/overlays/"{{overlay}}" | kubectl apply -f - + ../kubernetes/clusters/bootstrap/vault/overlays/"{{overlay}}" | kubectl apply -f - args: executable: /bin/bash register: output diff --git a/kubernetes/clusters/bootstrap/vault/base/kustomization.yaml b/kubernetes/clusters/bootstrap/vault/base/kustomization.yaml new file mode 100644 index 00000000..27d936e5 --- /dev/null +++ b/kubernetes/clusters/bootstrap/vault/base/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ns.yaml +- vault-auth-serviceaccount.yaml + diff --git a/kubernetes/clusters/bootstrap/vault/base/ns.yaml b/kubernetes/clusters/bootstrap/vault/base/ns.yaml new file mode 100644 index 00000000..0158c8f4 --- /dev/null +++ b/kubernetes/clusters/bootstrap/vault/base/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: vault diff --git a/kubernetes/clusters/bootstrap/vault/base/vault-auth-serviceaccount.yaml b/kubernetes/clusters/bootstrap/vault/base/vault-auth-serviceaccount.yaml new file mode 100644 index 00000000..a94a92c5 --- /dev/null +++ b/kubernetes/clusters/bootstrap/vault/base/vault-auth-serviceaccount.yaml @@ -0,0 +1,51 @@ +# Create service account to be used by Vault kuberentes authentication +# +# Kubernetes Auth Doc: +# https://developer.hashicorp.com/vault/docs/auth/kubernetes +# External Vault config: +# https://developer.hashicorp.com/vault/tutorials/kubernetes/kubernetes-external-vault + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: vault-auth + namespace: vault + + +# Vault kubernetes authentication +# auth method accesses the Kubernetes TokenReview API to validate the provided JWT is still valid. +# Service Accounts used in this auth method will need to have access to the TokenReview API. +# If Kubernetes is configured to use RBAC roles, the Service Account should be granted permissions to access this API. +# https://developer.hashicorp.com/vault/docs/auth/kubernetes#configuring-kubernetes + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: role-tokenreview-binding + namespace: vault +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: + - kind: ServiceAccount + name: vault-auth + namespace: vault + +--- +# Long-lived token for vault-auth service account. +# From Kubernetes v1.24, secrets contained long-lived tokens associated to service accounts +# are not longer created. +# See how to create it in Kubernetes documentation: +# https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#manually-create-a-long-lived-api-token-for-a-serviceaccount + +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: vault-auth-secret + namespace: vault + annotations: + kubernetes.io/service-account.name: vault-auth diff --git a/kubernetes/clusters/bootstrap/vault/overlays/dev/kustomization.yaml b/kubernetes/clusters/bootstrap/vault/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..774a422d --- /dev/null +++ b/kubernetes/clusters/bootstrap/vault/overlays/dev/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base diff --git a/kubernetes/clusters/bootstrap/vault/overlays/prod/kustomization.yaml b/kubernetes/clusters/bootstrap/vault/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..774a422d --- /dev/null +++ b/kubernetes/clusters/bootstrap/vault/overlays/prod/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base From 816fb5df90ba277e94c997fc7c25f3565432fa2d Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Mon, 19 Aug 2024 18:24:13 +0200 Subject: [PATCH 014/130] Adding cilium an coreDNS flux apps --- .../clusters/prod/infra/cilium-app.yaml | 31 +++++++++++++++++++ .../clusters/prod/infra/coredns-app.yaml | 16 ++++++++++ 2 files changed, 47 insertions(+) create mode 100644 kubernetes/clusters/prod/infra/cilium-app.yaml create mode 100644 kubernetes/clusters/prod/infra/coredns-app.yaml diff --git a/kubernetes/clusters/prod/infra/cilium-app.yaml b/kubernetes/clusters/prod/infra/cilium-app.yaml new file mode 100644 index 00000000..f25583d5 --- /dev/null +++ b/kubernetes/clusters/prod/infra/cilium-app.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cilium-app + namespace: flux-system +spec: + interval: 5m + targetNamespace: kube-system + sourceRef: + kind: GitRepository + name: flux-system + path: ./kubernetes/platform/cilium/app/overlays/dev + prune: true + +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cilium-config + namespace: flux-system +spec: + interval: 5m + targetNamespace: kube-system + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: cilium-app + path: ./kubernetes/platform/cilium/config/overlays/dev + prune: true \ No newline at end of file diff --git a/kubernetes/clusters/prod/infra/coredns-app.yaml b/kubernetes/clusters/prod/infra/coredns-app.yaml new file mode 100644 index 00000000..b699ac33 --- /dev/null +++ b/kubernetes/clusters/prod/infra/coredns-app.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: coredns-app + namespace: flux-system +spec: + interval: 5m + targetNamespace: kube-system + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: cilium-app + path: ./kubernetes/platform/coredns/app/overlays/prod + prune: true From 4caffd07f812c640f6ff94a73ef2bb2764b4894f Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Mon, 19 Aug 2024 19:13:45 +0200 Subject: [PATCH 015/130] Fixing ansible task wrong extension --- ansible/tasks/{cilium_config.yaml => cilium_config.yml} | 0 ansible/tasks/{fluxcd_bootstrap.yaml => fluxcd_bootstrap.yml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename ansible/tasks/{cilium_config.yaml => cilium_config.yml} (100%) rename ansible/tasks/{fluxcd_bootstrap.yaml => fluxcd_bootstrap.yml} (100%) diff --git a/ansible/tasks/cilium_config.yaml b/ansible/tasks/cilium_config.yml similarity index 100% rename from ansible/tasks/cilium_config.yaml rename to ansible/tasks/cilium_config.yml diff --git a/ansible/tasks/fluxcd_bootstrap.yaml b/ansible/tasks/fluxcd_bootstrap.yml similarity index 100% rename from ansible/tasks/fluxcd_bootstrap.yaml rename to ansible/tasks/fluxcd_bootstrap.yml From d5514426c6c32211f20f150bc425460c7052d6a2 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Mon, 19 Aug 2024 19:40:39 +0200 Subject: [PATCH 016/130] Fixing k3s-bootstrap errors --- ansible/k3s_bootstrap.yml | 2 +- ansible/tasks/cilium_config.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/k3s_bootstrap.yml b/ansible/k3s_bootstrap.yml index a4b15222..a1321a4f 100644 --- a/ansible/k3s_bootstrap.yml +++ b/ansible/k3s_bootstrap.yml @@ -72,7 +72,7 @@ include_tasks: tasks/configure_vault_integration.yml - name: Flux bootstrap - include_tasks: tasks/flux_bootstrap.yml + include_tasks: tasks/fluxcd_bootstrap.yml - name: Install cli utils. include_tasks: tasks/install_cli_utils.yml diff --git a/ansible/tasks/cilium_config.yml b/ansible/tasks/cilium_config.yml index b449ffcd..aca4cb75 100644 --- a/ansible/tasks/cilium_config.yml +++ b/ansible/tasks/cilium_config.yml @@ -27,7 +27,7 @@ shell: | set -o pipefail kubectl kustomize --enable-helm --load-restrictor=LoadRestrictionsNone \ - ../kubernetes/platform/cilium-config/overlays/"{{overlay}}" | kubectl apply -f - + ../kubernetes/platform/cilium/config/overlays/"{{overlay}}" | kubectl apply -f - args: executable: /bin/bash register: output From c68c0c6f09a18b072b3c994a48089598cc4a8382 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 21 Aug 2024 12:31:45 +0200 Subject: [PATCH 017/130] Fixing typo in cilium helmrelease manifest file --- kubernetes/platform/cilium/app/base/helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/platform/cilium/app/base/helm.yaml b/kubernetes/platform/cilium/app/base/helm.yaml index 02519980..680165be 100644 --- a/kubernetes/platform/cilium/app/base/helm.yaml +++ b/kubernetes/platform/cilium/app/base/helm.yaml @@ -30,5 +30,5 @@ spec: remediateLastFailure: true valuesFrom: - kind: ConfigMap - name: cilium--helm-values + name: cilium-helm-values valuesKey: base-values.yaml From f3222d8c18ce92207445dfb8764404962a36d1df Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 21 Aug 2024 12:37:21 +0200 Subject: [PATCH 018/130] Updating name of base-values.yaml --- kubernetes/platform/cilium/app/base/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/platform/cilium/app/base/kustomization.yaml b/kubernetes/platform/cilium/app/base/kustomization.yaml index 9e01fbc5..64e89f46 100644 --- a/kubernetes/platform/cilium/app/base/kustomization.yaml +++ b/kubernetes/platform/cilium/app/base/kustomization.yaml @@ -6,6 +6,6 @@ resources: configMapGenerator: - name: cilium-helm-values files: - - values.yaml + - base-values.yaml configurations: - kustomizeconfig.yaml \ No newline at end of file From 2c253c50b7e2acf5cc990f9987fb0bd06c6a0f97 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 21 Aug 2024 12:52:20 +0200 Subject: [PATCH 019/130] Fixing issues cilium kustomize app --- kubernetes/platform/cilium/app/base/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/platform/cilium/app/base/kustomization.yaml b/kubernetes/platform/cilium/app/base/kustomization.yaml index 64e89f46..b95174fc 100644 --- a/kubernetes/platform/cilium/app/base/kustomization.yaml +++ b/kubernetes/platform/cilium/app/base/kustomization.yaml @@ -6,6 +6,6 @@ resources: configMapGenerator: - name: cilium-helm-values files: - - base-values.yaml + - base-values.yaml=values.yaml configurations: - kustomizeconfig.yaml \ No newline at end of file From 2efb6279b09b28149f923720a717e96b7d4632a6 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 21 Aug 2024 12:55:40 +0200 Subject: [PATCH 020/130] Removing ns.yaml resource --- kubernetes/platform/coredns/app/base/kustomization.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/kubernetes/platform/coredns/app/base/kustomization.yaml b/kubernetes/platform/coredns/app/base/kustomization.yaml index 1bc62391..a7447e35 100644 --- a/kubernetes/platform/coredns/app/base/kustomization.yaml +++ b/kubernetes/platform/coredns/app/base/kustomization.yaml @@ -1,7 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ns.yaml - helm.yaml configMapGenerator: From a1042d9a397c0b18fee5043270ada60bd4bcc732 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 21 Aug 2024 13:00:12 +0200 Subject: [PATCH 021/130] Fixing typo with coreDNS release name --- kubernetes/clusters/bootstrap/helmfile.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/clusters/bootstrap/helmfile.yaml b/kubernetes/clusters/bootstrap/helmfile.yaml index 76d4778b..5bf5b101 100644 --- a/kubernetes/clusters/bootstrap/helmfile.yaml +++ b/kubernetes/clusters/bootstrap/helmfile.yaml @@ -28,7 +28,7 @@ releases: - ../../platform/cilium/app/overlays/prod/values.yaml needs: - kube-system/prometheus-operator-crds - - name: cordns + - name: coredns namespace: kube-system chart: coredns/coredns version: 1.31.0 From 63fd41b436d8f830f504836c80670ae0bc9d5efb Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 21 Aug 2024 13:46:27 +0200 Subject: [PATCH 022/130] Removing deprecated recreatePods parameter --- kubernetes/clusters/bootstrap/helmfile.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/clusters/bootstrap/helmfile.yaml b/kubernetes/clusters/bootstrap/helmfile.yaml index 5bf5b101..da94f4e5 100644 --- a/kubernetes/clusters/bootstrap/helmfile.yaml +++ b/kubernetes/clusters/bootstrap/helmfile.yaml @@ -2,7 +2,7 @@ helmDefaults: wait: true waitForJobs: true timeout: 600 - recreatePods: true + recreatePods: false force: true repositories: From 65ab3fc67a205dd2684635785638376ca61ab9c1 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 21 Aug 2024 13:47:06 +0200 Subject: [PATCH 023/130] Fixing Git PAT vault variable name --- ansible/tasks/fluxcd_bootstrap.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/fluxcd_bootstrap.yml b/ansible/tasks/fluxcd_bootstrap.yml index 115caa52..bc56de17 100644 --- a/ansible/tasks/fluxcd_bootstrap.yml +++ b/ansible/tasks/fluxcd_bootstrap.yml @@ -11,7 +11,7 @@ shell: | kubectl create secret generic flux-system -n flux-system \ --from-literal=username=git \ - --from-literal=password="{{github_pat}}" + --from-literal=password="{{vault.flux.github.pat}}" args: executable: /bin/bash changed_when: false From 0a75079d197b508c21699ece7ebb5139182dd465 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 21 Aug 2024 17:30:03 +0200 Subject: [PATCH 024/130] Adding cluster settings configMap --- kubernetes/clusters/prod/settings/cluster-settings.yaml | 8 ++++++++ kubernetes/clusters/prod/settings/kustomization.yaml | 4 ++++ 2 files changed, 12 insertions(+) create mode 100644 kubernetes/clusters/prod/settings/cluster-settings.yaml create mode 100644 kubernetes/clusters/prod/settings/kustomization.yaml diff --git a/kubernetes/clusters/prod/settings/cluster-settings.yaml b/kubernetes/clusters/prod/settings/cluster-settings.yaml new file mode 100644 index 00000000..6961f311 --- /dev/null +++ b/kubernetes/clusters/prod/settings/cluster-settings.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-settings + namespace: flux-system +data: + CLUSTER_DOMAIN: picluster.ricsanfre.com \ No newline at end of file diff --git a/kubernetes/clusters/prod/settings/kustomization.yaml b/kubernetes/clusters/prod/settings/kustomization.yaml new file mode 100644 index 00000000..2aa69c40 --- /dev/null +++ b/kubernetes/clusters/prod/settings/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./cluster-settings.yaml \ No newline at end of file From 04e6c4e9ef7c50e2f686d75b8674365004d31eb4 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 21 Aug 2024 17:35:44 +0200 Subject: [PATCH 025/130] Adding external-secrets flux app --- .../prod/infra/external-secrets-app.yaml | 35 +++++++++++++++++++ .../external-secrets/app/base/helm.yaml | 34 ++++++++++++++++++ .../app/base/kustomization.yaml | 12 +++++++ .../app/base/kustomizeconfig.yaml | 11 ++++++ .../external-secrets/app/base/ns.yaml | 4 +++ .../external-secrets/app/base/values.yaml | 2 ++ .../app/overlays/dev/helm-patch.yaml | 6 ++++ .../app/overlays/dev/kustomization.yaml | 19 ++++++++++ .../app/overlays/dev/values.yaml | 1 + .../app/overlays/prod/helm-patch.yaml | 6 ++++ .../app/overlays/prod/kustomization.yaml | 19 ++++++++++ .../app/overlays/prod/values.yaml | 1 + .../config/base/cluster-secret-store.yaml | 15 ++++++++ .../config/base/kustomization.yaml | 6 ++++ .../config/overlays/dev/kustomization.yaml | 6 ++++ .../config/overlays/prod/kustomization.yaml | 6 ++++ 16 files changed, 183 insertions(+) create mode 100644 kubernetes/clusters/prod/infra/external-secrets-app.yaml create mode 100644 kubernetes/platform/external-secrets/app/base/helm.yaml create mode 100644 kubernetes/platform/external-secrets/app/base/kustomization.yaml create mode 100644 kubernetes/platform/external-secrets/app/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/external-secrets/app/base/ns.yaml create mode 100644 kubernetes/platform/external-secrets/app/base/values.yaml create mode 100644 kubernetes/platform/external-secrets/app/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/external-secrets/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/external-secrets/app/overlays/dev/values.yaml create mode 100644 kubernetes/platform/external-secrets/app/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/external-secrets/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/external-secrets/app/overlays/prod/values.yaml create mode 100644 kubernetes/platform/external-secrets/config/base/cluster-secret-store.yaml create mode 100644 kubernetes/platform/external-secrets/config/base/kustomization.yaml create mode 100644 kubernetes/platform/external-secrets/config/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/external-secrets/config/overlays/prod/kustomization.yaml diff --git a/kubernetes/clusters/prod/infra/external-secrets-app.yaml b/kubernetes/clusters/prod/infra/external-secrets-app.yaml new file mode 100644 index 00000000..50103d1b --- /dev/null +++ b/kubernetes/clusters/prod/infra/external-secrets-app.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: external-secrets-app + namespace: flux-system +spec: + interval: 5m + targetNamespace: kube-system + sourceRef: + kind: GitRepository + name: flux-system + path: ./kubernetes/platform/external-secrets/app/overlays/prod + prune: true + +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: external-secrets-config + namespace: flux-system +spec: + interval: 5m + targetNamespace: kube-system + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: external-secrets-app + path: ./kubernetes/platform/external-secrets/config/overlays/prod + prune: true + postBuild: + substituteFrom: + - kind: ConfigMap + name: cluster-settings \ No newline at end of file diff --git a/kubernetes/platform/external-secrets/app/base/helm.yaml b/kubernetes/platform/external-secrets/app/base/helm.yaml new file mode 100644 index 00000000..d0805c2d --- /dev/null +++ b/kubernetes/platform/external-secrets/app/base/helm.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: external-secrets +spec: + url: https://charts.external-secrets.io + interval: 10m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: external-secrets +spec: + interval: 5m + chart: + spec: + chart: external-secrets + version: 0.10.0 + sourceRef: + kind: HelmRepository + name: external-secrets + upgrade: + remediation: + retries: 3 + remediateLastFailure: true + install: + remediation: + retries: 3 + remediateLastFailure: true + valuesFrom: + - kind: ConfigMap + name: external-secrets-helm-values + valuesKey: base-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/external-secrets/app/base/kustomization.yaml b/kubernetes/platform/external-secrets/app/base/kustomization.yaml new file mode 100644 index 00000000..a8a6b2ff --- /dev/null +++ b/kubernetes/platform/external-secrets/app/base/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - helm.yaml + +configMapGenerator: + - name: external-secrets-helm-values + files: + - base-values.yaml=values.yaml +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/platform/external-secrets/app/base/kustomizeconfig.yaml b/kubernetes/platform/external-secrets/app/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/platform/external-secrets/app/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/platform/external-secrets/app/base/ns.yaml b/kubernetes/platform/external-secrets/app/base/ns.yaml new file mode 100644 index 00000000..4ef398e7 --- /dev/null +++ b/kubernetes/platform/external-secrets/app/base/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: external-secrets diff --git a/kubernetes/platform/external-secrets/app/base/values.yaml b/kubernetes/platform/external-secrets/app/base/values.yaml new file mode 100644 index 00000000..151a2ad9 --- /dev/null +++ b/kubernetes/platform/external-secrets/app/base/values.yaml @@ -0,0 +1,2 @@ +# external-secrets helm values (base) +installCRDs: true diff --git a/kubernetes/platform/external-secrets/app/overlays/dev/helm-patch.yaml b/kubernetes/platform/external-secrets/app/overlays/dev/helm-patch.yaml new file mode 100644 index 00000000..88a8be67 --- /dev/null +++ b/kubernetes/platform/external-secrets/app/overlays/dev/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: external-secrets-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/external-secrets/app/overlays/dev/kustomization.yaml b/kubernetes/platform/external-secrets/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..296fadd4 --- /dev/null +++ b/kubernetes/platform/external-secrets/app/overlays/dev/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: external-secrets + +resources: + - ../../base + +configMapGenerator: + - name: external-secrets-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: external-secrets + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/external-secrets/app/overlays/dev/values.yaml b/kubernetes/platform/external-secrets/app/overlays/dev/values.yaml new file mode 100644 index 00000000..162591cd --- /dev/null +++ b/kubernetes/platform/external-secrets/app/overlays/dev/values.yaml @@ -0,0 +1 @@ +# external-secrets helm values (dev overlay) diff --git a/kubernetes/platform/external-secrets/app/overlays/prod/helm-patch.yaml b/kubernetes/platform/external-secrets/app/overlays/prod/helm-patch.yaml new file mode 100644 index 00000000..88a8be67 --- /dev/null +++ b/kubernetes/platform/external-secrets/app/overlays/prod/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: external-secrets-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/external-secrets/app/overlays/prod/kustomization.yaml b/kubernetes/platform/external-secrets/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..296fadd4 --- /dev/null +++ b/kubernetes/platform/external-secrets/app/overlays/prod/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: external-secrets + +resources: + - ../../base + +configMapGenerator: + - name: external-secrets-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: external-secrets + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/external-secrets/app/overlays/prod/values.yaml b/kubernetes/platform/external-secrets/app/overlays/prod/values.yaml new file mode 100644 index 00000000..fccb6b2c --- /dev/null +++ b/kubernetes/platform/external-secrets/app/overlays/prod/values.yaml @@ -0,0 +1 @@ +# external-secrets helm values (prod overlay) diff --git a/kubernetes/platform/external-secrets/config/base/cluster-secret-store.yaml b/kubernetes/platform/external-secrets/config/base/cluster-secret-store.yaml new file mode 100644 index 00000000..76a74912 --- /dev/null +++ b/kubernetes/platform/external-secrets/config/base/cluster-secret-store.yaml @@ -0,0 +1,15 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: vault-backend + namespace: external-secrets +spec: + provider: + vault: + server: "https://vault.${CLUSTER_DOMAIN}:8200" + path: secret + version: v2 + auth: + kubernetes: + mountPath: "kubernetes" + role: "external-secrets" \ No newline at end of file diff --git a/kubernetes/platform/external-secrets/config/base/kustomization.yaml b/kubernetes/platform/external-secrets/config/base/kustomization.yaml new file mode 100644 index 00000000..e3806fa9 --- /dev/null +++ b/kubernetes/platform/external-secrets/config/base/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: external-secrets + +resources: + - cluster-secret-store.yaml \ No newline at end of file diff --git a/kubernetes/platform/external-secrets/config/overlays/dev/kustomization.yaml b/kubernetes/platform/external-secrets/config/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..d5d277d5 --- /dev/null +++ b/kubernetes/platform/external-secrets/config/overlays/dev/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: external-secrets + +resources: + - ../../base \ No newline at end of file diff --git a/kubernetes/platform/external-secrets/config/overlays/prod/kustomization.yaml b/kubernetes/platform/external-secrets/config/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..d5d277d5 --- /dev/null +++ b/kubernetes/platform/external-secrets/config/overlays/prod/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: external-secrets + +resources: + - ../../base \ No newline at end of file From 431e1af8043cbb122c916211c18873bef6a588ef Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 21 Aug 2024 17:42:33 +0200 Subject: [PATCH 026/130] Fixing namespace name in external-secrets app --- kubernetes/clusters/prod/infra/external-secrets-app.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/clusters/prod/infra/external-secrets-app.yaml b/kubernetes/clusters/prod/infra/external-secrets-app.yaml index 50103d1b..8e32e2a3 100644 --- a/kubernetes/clusters/prod/infra/external-secrets-app.yaml +++ b/kubernetes/clusters/prod/infra/external-secrets-app.yaml @@ -6,7 +6,7 @@ metadata: namespace: flux-system spec: interval: 5m - targetNamespace: kube-system + targetNamespace: external-secrets sourceRef: kind: GitRepository name: flux-system @@ -21,7 +21,7 @@ metadata: namespace: flux-system spec: interval: 5m - targetNamespace: kube-system + targetNamespace: external-secrets sourceRef: kind: GitRepository name: flux-system From cb6b70e1d4b675bcf23a54b596f5e8b479184081 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 21 Aug 2024 17:43:02 +0200 Subject: [PATCH 027/130] Fixing namespace in flux app template --- kubernetes/fluxcd-app-template/app.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/fluxcd-app-template/app.yaml b/kubernetes/fluxcd-app-template/app.yaml index 9e423964..7d722927 100644 --- a/kubernetes/fluxcd-app-template/app.yaml +++ b/kubernetes/fluxcd-app-template/app.yaml @@ -6,7 +6,7 @@ metadata: namespace: flux-system spec: interval: 5m - targetNamespace: kube-system + targetNamespace: {{ .app_namespace }} sourceRef: kind: GitRepository name: flux-system @@ -21,7 +21,7 @@ metadata: namespace: flux-system spec: interval: 5m - targetNamespace: kube-system + targetNamespace: {{ .app_namespace }} sourceRef: kind: GitRepository name: flux-system From ae041bcc7214fbbfbe1101321a6e2b54a71e2823 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 21 Aug 2024 18:01:10 +0200 Subject: [PATCH 028/130] Adding nginx flux app --- kubernetes/clusters/prod/infra/nginx-app.yaml | 23 +++++++++++ kubernetes/platform/nginx/app/base/helm.yaml | 34 +++++++++++++++ .../nginx/app/base/kustomization.yaml | 12 ++++++ .../nginx/app/base/kustomizeconfig.yaml | 11 +++++ kubernetes/platform/nginx/app/base/ns.yaml | 4 ++ .../platform/nginx/app/base/values.yaml | 8 ++++ .../components/loadbalancer/helm-patch.yaml | 6 +++ .../loadbalancer/kustomization.yaml | 16 ++++++++ .../app/components/loadbalancer/values.yaml | 4 ++ .../components/opentelemetry/helm-patch.yaml | 6 +++ .../opentelemetry/kustomization.yaml | 16 ++++++++ .../app/components/opentelemetry/values.yaml | 41 +++++++++++++++++++ .../nginx/app/overlays/dev/helm-patch.yaml | 6 +++ .../nginx/app/overlays/dev/kustomization.yaml | 19 +++++++++ .../nginx/app/overlays/dev/values.yaml | 4 ++ .../nginx/app/overlays/prod/helm-patch.yaml | 6 +++ .../app/overlays/prod/kustomization.yaml | 23 +++++++++++ .../nginx/app/overlays/prod/values.yaml | 1 + 18 files changed, 240 insertions(+) create mode 100644 kubernetes/clusters/prod/infra/nginx-app.yaml create mode 100644 kubernetes/platform/nginx/app/base/helm.yaml create mode 100644 kubernetes/platform/nginx/app/base/kustomization.yaml create mode 100644 kubernetes/platform/nginx/app/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/nginx/app/base/ns.yaml create mode 100644 kubernetes/platform/nginx/app/base/values.yaml create mode 100644 kubernetes/platform/nginx/app/components/loadbalancer/helm-patch.yaml create mode 100644 kubernetes/platform/nginx/app/components/loadbalancer/kustomization.yaml create mode 100644 kubernetes/platform/nginx/app/components/loadbalancer/values.yaml create mode 100644 kubernetes/platform/nginx/app/components/opentelemetry/helm-patch.yaml create mode 100644 kubernetes/platform/nginx/app/components/opentelemetry/kustomization.yaml create mode 100644 kubernetes/platform/nginx/app/components/opentelemetry/values.yaml create mode 100644 kubernetes/platform/nginx/app/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/nginx/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/nginx/app/overlays/dev/values.yaml create mode 100644 kubernetes/platform/nginx/app/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/nginx/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/nginx/app/overlays/prod/values.yaml diff --git a/kubernetes/clusters/prod/infra/nginx-app.yaml b/kubernetes/clusters/prod/infra/nginx-app.yaml new file mode 100644 index 00000000..14efedf8 --- /dev/null +++ b/kubernetes/clusters/prod/infra/nginx-app.yaml @@ -0,0 +1,23 @@ +# nginx application +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: ingress-nginx-app + namespace: flux-system +spec: + interval: 5m + targetNamespace: nginx + sourceRef: + kind: GitRepository + name: flux-system + path: ./kubernetes/platform/nginx/app/overlays/prod + prune: true + postBuild: + substitute: + NGINX_LOAD_BALANCER_IP: "10.0.0.100" + substituteFrom: + - kind: ConfigMap + name: cluster-settings + # Use this ConfigMap if it exists, but proceed if it doesn't. + optional: true diff --git a/kubernetes/platform/nginx/app/base/helm.yaml b/kubernetes/platform/nginx/app/base/helm.yaml new file mode 100644 index 00000000..fcc1ecf4 --- /dev/null +++ b/kubernetes/platform/nginx/app/base/helm.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: ingress-nginx +spec: + url: https://kubernetes.github.io/ingress-nginx + interval: 10m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: ingress-nginx +spec: + interval: 5m + chart: + spec: + chart: ingress-nginx + version: 4.11.1 + sourceRef: + kind: HelmRepository + name: ingress-nginx + upgrade: + remediation: + retries: 3 + remediateLastFailure: true + install: + remediation: + retries: 3 + remediateLastFailure: true + valuesFrom: + - kind: ConfigMap + name: ingress-nginx-helm-values + valuesKey: base-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/nginx/app/base/kustomization.yaml b/kubernetes/platform/nginx/app/base/kustomization.yaml new file mode 100644 index 00000000..e888d020 --- /dev/null +++ b/kubernetes/platform/nginx/app/base/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - helm.yaml + +configMapGenerator: + - name: ingress-nginx-helm-values + files: + - base-values.yaml=values.yaml +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/platform/nginx/app/base/kustomizeconfig.yaml b/kubernetes/platform/nginx/app/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/platform/nginx/app/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/platform/nginx/app/base/ns.yaml b/kubernetes/platform/nginx/app/base/ns.yaml new file mode 100644 index 00000000..625789db --- /dev/null +++ b/kubernetes/platform/nginx/app/base/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: nginx diff --git a/kubernetes/platform/nginx/app/base/values.yaml b/kubernetes/platform/nginx/app/base/values.yaml new file mode 100644 index 00000000..79bca52f --- /dev/null +++ b/kubernetes/platform/nginx/app/base/values.yaml @@ -0,0 +1,8 @@ +# nginx helm values (base) + +controller: + replicaCount: 2 + autoscaling: + enabled: true + minReplicas: 2 + maxReplicas: 20 diff --git a/kubernetes/platform/nginx/app/components/loadbalancer/helm-patch.yaml b/kubernetes/platform/nginx/app/components/loadbalancer/helm-patch.yaml new file mode 100644 index 00000000..e1fc7876 --- /dev/null +++ b/kubernetes/platform/nginx/app/components/loadbalancer/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: ingress-nginx-helm-values + valuesKey: loadbalancer-values.yaml diff --git a/kubernetes/platform/nginx/app/components/loadbalancer/kustomization.yaml b/kubernetes/platform/nginx/app/components/loadbalancer/kustomization.yaml new file mode 100644 index 00000000..68cfae61 --- /dev/null +++ b/kubernetes/platform/nginx/app/components/loadbalancer/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# patch values.yaml? +configMapGenerator: + - name: ingress-nginx-helm-values + behavior: merge + files: + - loadbalancer-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: ingress-nginx + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/nginx/app/components/loadbalancer/values.yaml b/kubernetes/platform/nginx/app/components/loadbalancer/values.yaml new file mode 100644 index 00000000..c5a27eaf --- /dev/null +++ b/kubernetes/platform/nginx/app/components/loadbalancer/values.yaml @@ -0,0 +1,4 @@ + # Set specific LoadBalancer IP address for Ingress service + service: + annotations: + io.cilium/lb-ipam-ips: ${NGINX_LOAD_BALANCER_IP} \ No newline at end of file diff --git a/kubernetes/platform/nginx/app/components/opentelemetry/helm-patch.yaml b/kubernetes/platform/nginx/app/components/opentelemetry/helm-patch.yaml new file mode 100644 index 00000000..1a2e5371 --- /dev/null +++ b/kubernetes/platform/nginx/app/components/opentelemetry/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: ingress-nginx-helm-values + valuesKey: otel-values.yaml diff --git a/kubernetes/platform/nginx/app/components/opentelemetry/kustomization.yaml b/kubernetes/platform/nginx/app/components/opentelemetry/kustomization.yaml new file mode 100644 index 00000000..d1311b75 --- /dev/null +++ b/kubernetes/platform/nginx/app/components/opentelemetry/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# patch values.yaml? +configMapGenerator: + - name: ingress-nginx-helm-values + behavior: merge + files: + - otel-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: ingress-nginx + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/nginx/app/components/opentelemetry/values.yaml b/kubernetes/platform/nginx/app/components/opentelemetry/values.yaml new file mode 100644 index 00000000..860ba5ff --- /dev/null +++ b/kubernetes/platform/nginx/app/components/opentelemetry/values.yaml @@ -0,0 +1,41 @@ +controller: + # Enabling Promethues metrics and Service Monitoring + metrics: + enabled: true + serviceMonitor: + enabled: true + # Enabling OTEL traces + opentelemetry: + enabled: true + + config: + # Open Telemetry + enable-opentelemetry: "true" + otlp-collector-host: ${otel_collector:=tempo-distributor.tempo.svc.cluster.local} + otlp-service-name: nginx-internal + # Print access log to file instead of stdout + # Separating acces logs from the rest + access-log-path: "/data/access.log" + log-format-escape-json: "true" + log-format-upstream: '{"source": "nginx", "time": $msec, "resp_body_size": $body_bytes_sent, "request_host": "$http_host", "request_address": "$remote_addr", "request_length": $request_length, "request_method": "$request_method", "uri": "$request_uri", "status": $status, "user_agent": "$http_user_agent", "resp_time": $request_time, "upstream_addr": "$upstream_addr", "trace_id": "$opentelemetry_trace_id", "span_id": "$opentelemetry_span_id"}' + # controller extra Volume + extraVolumeMounts: + - name: data + mountPath: /data + extraVolumes: + - name: data + emptyDir: {} + extraContainers: + - name: stream-accesslog + image: busybox + args: + - /bin/sh + - -c + - tail -n+1 -F /data/access.log + imagePullPolicy: Always + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data + name: data \ No newline at end of file diff --git a/kubernetes/platform/nginx/app/overlays/dev/helm-patch.yaml b/kubernetes/platform/nginx/app/overlays/dev/helm-patch.yaml new file mode 100644 index 00000000..b434344e --- /dev/null +++ b/kubernetes/platform/nginx/app/overlays/dev/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: ingress-nginx-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/nginx/app/overlays/dev/kustomization.yaml b/kubernetes/platform/nginx/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..01b66a19 --- /dev/null +++ b/kubernetes/platform/nginx/app/overlays/dev/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: nginx + +resources: + - ../../base + +configMapGenerator: + - name: ingress-nginx-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: ingress-nginx + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/nginx/app/overlays/dev/values.yaml b/kubernetes/platform/nginx/app/overlays/dev/values.yaml new file mode 100644 index 00000000..58c69738 --- /dev/null +++ b/kubernetes/platform/nginx/app/overlays/dev/values.yaml @@ -0,0 +1,4 @@ +# nginx helm values (dev patch) +controller: + autoscaling: + maxReplicas: 5 \ No newline at end of file diff --git a/kubernetes/platform/nginx/app/overlays/prod/helm-patch.yaml b/kubernetes/platform/nginx/app/overlays/prod/helm-patch.yaml new file mode 100644 index 00000000..b434344e --- /dev/null +++ b/kubernetes/platform/nginx/app/overlays/prod/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: ingress-nginx-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/nginx/app/overlays/prod/kustomization.yaml b/kubernetes/platform/nginx/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..b1bb82a9 --- /dev/null +++ b/kubernetes/platform/nginx/app/overlays/prod/kustomization.yaml @@ -0,0 +1,23 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: nginx + +resources: + - ../../base + +components: + - ../../components/opentelemetry + - ../../components/loadbalancer + +configMapGenerator: + - name: ingress-nginx-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: ingress-nginx + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/nginx/app/overlays/prod/values.yaml b/kubernetes/platform/nginx/app/overlays/prod/values.yaml new file mode 100644 index 00000000..ee3afd55 --- /dev/null +++ b/kubernetes/platform/nginx/app/overlays/prod/values.yaml @@ -0,0 +1 @@ +# nginx helm values (prod patch) From 85ebb957f6dcf1470842aae2e59368579d8ba02e Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 21 Aug 2024 18:07:17 +0200 Subject: [PATCH 029/130] Upgrade nginx helm chart to 4.11.2 --- kubernetes/platform/nginx/app/base/helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/platform/nginx/app/base/helm.yaml b/kubernetes/platform/nginx/app/base/helm.yaml index fcc1ecf4..cced18a6 100644 --- a/kubernetes/platform/nginx/app/base/helm.yaml +++ b/kubernetes/platform/nginx/app/base/helm.yaml @@ -16,7 +16,7 @@ spec: chart: spec: chart: ingress-nginx - version: 4.11.1 + version: 4.11.2 sourceRef: kind: HelmRepository name: ingress-nginx From 4aaf012ef7e46d674c08caa26505a8fe3102c948 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 21 Aug 2024 18:08:01 +0200 Subject: [PATCH 030/130] Pointing to prod overlay instead of dev --- kubernetes/clusters/prod/infra/cilium-app.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/clusters/prod/infra/cilium-app.yaml b/kubernetes/clusters/prod/infra/cilium-app.yaml index f25583d5..28894c09 100644 --- a/kubernetes/clusters/prod/infra/cilium-app.yaml +++ b/kubernetes/clusters/prod/infra/cilium-app.yaml @@ -10,7 +10,7 @@ spec: sourceRef: kind: GitRepository name: flux-system - path: ./kubernetes/platform/cilium/app/overlays/dev + path: ./kubernetes/platform/cilium/app/overlays/prod prune: true --- @@ -27,5 +27,5 @@ spec: name: flux-system dependsOn: - name: cilium-app - path: ./kubernetes/platform/cilium/config/overlays/dev + path: ./kubernetes/platform/cilium/config/overlays/prod prune: true \ No newline at end of file From 14396183de74d358aa415d9b9607ff0778fb2678 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 21 Aug 2024 18:18:05 +0200 Subject: [PATCH 031/130] Rolling-back nginx to 4.11.1 --- kubernetes/platform/nginx/app/base/helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/platform/nginx/app/base/helm.yaml b/kubernetes/platform/nginx/app/base/helm.yaml index cced18a6..fcc1ecf4 100644 --- a/kubernetes/platform/nginx/app/base/helm.yaml +++ b/kubernetes/platform/nginx/app/base/helm.yaml @@ -16,7 +16,7 @@ spec: chart: spec: chart: ingress-nginx - version: 4.11.2 + version: 4.11.1 sourceRef: kind: HelmRepository name: ingress-nginx From 3409d176ab8483a32873259aaf7e7c6c81496619 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 21 Aug 2024 18:43:53 +0200 Subject: [PATCH 032/130] upgrading again to nginx 4.11.2 --- kubernetes/platform/nginx/app/base/helm.yaml | 2 +- kubernetes/platform/nginx/app/base/values.yaml | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/kubernetes/platform/nginx/app/base/helm.yaml b/kubernetes/platform/nginx/app/base/helm.yaml index fcc1ecf4..cced18a6 100644 --- a/kubernetes/platform/nginx/app/base/helm.yaml +++ b/kubernetes/platform/nginx/app/base/helm.yaml @@ -16,7 +16,7 @@ spec: chart: spec: chart: ingress-nginx - version: 4.11.1 + version: 4.11.2 sourceRef: kind: HelmRepository name: ingress-nginx diff --git a/kubernetes/platform/nginx/app/base/values.yaml b/kubernetes/platform/nginx/app/base/values.yaml index 79bca52f..82f95b52 100644 --- a/kubernetes/platform/nginx/app/base/values.yaml +++ b/kubernetes/platform/nginx/app/base/values.yaml @@ -2,7 +2,3 @@ controller: replicaCount: 2 - autoscaling: - enabled: true - minReplicas: 2 - maxReplicas: 20 From 2451a8720a33ee09b3dce17d35350675247e8add Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 21 Aug 2024 19:26:13 +0200 Subject: [PATCH 033/130] Nginx back to 1 replica --- kubernetes/platform/nginx/app/base/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/platform/nginx/app/base/values.yaml b/kubernetes/platform/nginx/app/base/values.yaml index 82f95b52..ab2f2a71 100644 --- a/kubernetes/platform/nginx/app/base/values.yaml +++ b/kubernetes/platform/nginx/app/base/values.yaml @@ -1,4 +1,4 @@ # nginx helm values (base) controller: - replicaCount: 2 + replicaCount: 1 From 76efcc541b5b6b08ce817311001739217aa69c13 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 25 Aug 2024 11:03:15 +0200 Subject: [PATCH 034/130] Adding cert-manager fluxcd app --- .../clusters/prod/infra/cert-manager-app.yaml | 50 +++++++++++++++++++ .../platform/cert-manager/app/base/helm.yaml | 34 +++++++++++++ .../cert-manager/app/base/kustomization.yaml | 12 +++++ .../app/base/kustomizeconfig.yaml | 11 ++++ .../platform/cert-manager/app/base/ns.yaml | 4 ++ .../cert-manager/app/base/values.yaml | 2 + .../app/overlays/dev/helm-patch.yaml | 6 +++ .../app/overlays/dev/kustomization.yaml | 19 +++++++ .../cert-manager/app/overlays/dev/values.yaml | 1 + .../app/overlays/prod/helm-patch.yaml | 6 +++ .../app/overlays/prod/kustomization.yaml | 19 +++++++ .../app/overlays/prod/values.yaml | 1 + .../cert-manager/config/base/ca-issuer.yaml | 26 ++++++++++ .../config/base/kustomization.yaml | 7 +++ .../config/base/self-signed-issuer.yaml | 9 ++++ .../config/overlays/dev/kustomization.yaml | 6 +++ .../overlays/prod/ionos-externalsecret.yaml | 26 ++++++++++ .../config/overlays/prod/ionos-issuer.yaml | 28 +++++++++++ .../config/overlays/prod/kustomization.yaml | 8 +++ .../cert-manager/webhook-ionos/base/helm.yaml | 34 +++++++++++++ .../webhook-ionos/base/kustomization.yaml | 12 +++++ .../webhook-ionos/base/kustomizeconfig.yaml | 11 ++++ .../webhook-ionos/base/values.yaml | 2 + .../overlays/dev/helm-patch.yaml | 6 +++ .../overlays/dev/kustomization.yaml | 19 +++++++ .../webhook-ionos/overlays/dev/values.yaml | 1 + .../overlays/prod/helm-patch.yaml | 6 +++ .../overlays/prod/kustomization.yaml | 19 +++++++ .../webhook-ionos/overlays/prod/values.yaml | 1 + 29 files changed, 386 insertions(+) create mode 100644 kubernetes/clusters/prod/infra/cert-manager-app.yaml create mode 100644 kubernetes/platform/cert-manager/app/base/helm.yaml create mode 100644 kubernetes/platform/cert-manager/app/base/kustomization.yaml create mode 100644 kubernetes/platform/cert-manager/app/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/cert-manager/app/base/ns.yaml create mode 100644 kubernetes/platform/cert-manager/app/base/values.yaml create mode 100644 kubernetes/platform/cert-manager/app/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/cert-manager/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/cert-manager/app/overlays/dev/values.yaml create mode 100644 kubernetes/platform/cert-manager/app/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/cert-manager/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/cert-manager/app/overlays/prod/values.yaml create mode 100644 kubernetes/platform/cert-manager/config/base/ca-issuer.yaml create mode 100644 kubernetes/platform/cert-manager/config/base/kustomization.yaml create mode 100644 kubernetes/platform/cert-manager/config/base/self-signed-issuer.yaml create mode 100644 kubernetes/platform/cert-manager/config/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/cert-manager/config/overlays/prod/ionos-externalsecret.yaml create mode 100644 kubernetes/platform/cert-manager/config/overlays/prod/ionos-issuer.yaml create mode 100644 kubernetes/platform/cert-manager/config/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/cert-manager/webhook-ionos/base/helm.yaml create mode 100644 kubernetes/platform/cert-manager/webhook-ionos/base/kustomization.yaml create mode 100644 kubernetes/platform/cert-manager/webhook-ionos/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/cert-manager/webhook-ionos/base/values.yaml create mode 100644 kubernetes/platform/cert-manager/webhook-ionos/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/cert-manager/webhook-ionos/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/cert-manager/webhook-ionos/overlays/dev/values.yaml create mode 100644 kubernetes/platform/cert-manager/webhook-ionos/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/cert-manager/webhook-ionos/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/cert-manager/webhook-ionos/overlays/prod/values.yaml diff --git a/kubernetes/clusters/prod/infra/cert-manager-app.yaml b/kubernetes/clusters/prod/infra/cert-manager-app.yaml new file mode 100644 index 00000000..9461608b --- /dev/null +++ b/kubernetes/clusters/prod/infra/cert-manager-app.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cert-manager-app + namespace: flux-system +spec: + interval: 5m + targetNamespace: cert-manager + sourceRef: + kind: GitRepository + name: flux-system + path: ./kubernetes/platform/cert-manager/app/overlays/prod + prune: true + +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cert-manager-webhook-ionos + namespace: flux-system +spec: + interval: 5m + targetNamespace: cert-manager + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: cert-manager-app + path: ./kubernetes/platform/cert-manager/webhook-ionos/overlays/prod + prune: true + +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cert-manager-config + namespace: flux-system +spec: + interval: 5m + targetNamespace: cert-manager + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: cert-manager-app + - name: cert-manager-webhook-ionos + - name: external-secrets + path: ./kubernetes/platform/cert-manager/config/overlays/prod + prune: true \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/app/base/helm.yaml b/kubernetes/platform/cert-manager/app/base/helm.yaml new file mode 100644 index 00000000..02ab9ce5 --- /dev/null +++ b/kubernetes/platform/cert-manager/app/base/helm.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: cert-manager +spec: + url: https://charts.jetstack.io + interval: 10m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cert-manager +spec: + interval: 5m + chart: + spec: + chart: cert-manager + version: v1.15.1 + sourceRef: + kind: HelmRepository + name: cert-manager + upgrade: + remediation: + retries: 3 + remediateLastFailure: true + install: + remediation: + retries: 3 + remediateLastFailure: true + valuesFrom: + - kind: ConfigMap + name: cert-manager-helm-values + valuesKey: base-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/app/base/kustomization.yaml b/kubernetes/platform/cert-manager/app/base/kustomization.yaml new file mode 100644 index 00000000..cf8ad785 --- /dev/null +++ b/kubernetes/platform/cert-manager/app/base/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - helm.yaml + +configMapGenerator: + - name: cert-manager-helm-values + files: + - base-values.yaml=values.yaml +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/app/base/kustomizeconfig.yaml b/kubernetes/platform/cert-manager/app/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/platform/cert-manager/app/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/app/base/ns.yaml b/kubernetes/platform/cert-manager/app/base/ns.yaml new file mode 100644 index 00000000..c90416ff --- /dev/null +++ b/kubernetes/platform/cert-manager/app/base/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager diff --git a/kubernetes/platform/cert-manager/app/base/values.yaml b/kubernetes/platform/cert-manager/app/base/values.yaml new file mode 100644 index 00000000..7f08c63c --- /dev/null +++ b/kubernetes/platform/cert-manager/app/base/values.yaml @@ -0,0 +1,2 @@ +# cert-manager helm values (base) +installCRDs: true \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/app/overlays/dev/helm-patch.yaml b/kubernetes/platform/cert-manager/app/overlays/dev/helm-patch.yaml new file mode 100644 index 00000000..8fff6078 --- /dev/null +++ b/kubernetes/platform/cert-manager/app/overlays/dev/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: cert-manager-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/app/overlays/dev/kustomization.yaml b/kubernetes/platform/cert-manager/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..c014804a --- /dev/null +++ b/kubernetes/platform/cert-manager/app/overlays/dev/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cert-manager + +resources: + - ../../base + +configMapGenerator: + - name: cert-manager-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: cert-manager + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/app/overlays/dev/values.yaml b/kubernetes/platform/cert-manager/app/overlays/dev/values.yaml new file mode 100644 index 00000000..6e76081e --- /dev/null +++ b/kubernetes/platform/cert-manager/app/overlays/dev/values.yaml @@ -0,0 +1 @@ +# cert-manager helm values (dev overlay) diff --git a/kubernetes/platform/cert-manager/app/overlays/prod/helm-patch.yaml b/kubernetes/platform/cert-manager/app/overlays/prod/helm-patch.yaml new file mode 100644 index 00000000..a9897676 --- /dev/null +++ b/kubernetes/platform/cert-manager/app/overlays/prod/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: cert-manager-helm-values + valuesKey: overlay-values.yaml diff --git a/kubernetes/platform/cert-manager/app/overlays/prod/kustomization.yaml b/kubernetes/platform/cert-manager/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..e0150aae --- /dev/null +++ b/kubernetes/platform/cert-manager/app/overlays/prod/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cert-manager + +resources: + - ../../base + +configMapGenerator: + - name: cert-manager-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: cert-manager + path: helm-patch.yaml diff --git a/kubernetes/platform/cert-manager/app/overlays/prod/values.yaml b/kubernetes/platform/cert-manager/app/overlays/prod/values.yaml new file mode 100644 index 00000000..80a41c5a --- /dev/null +++ b/kubernetes/platform/cert-manager/app/overlays/prod/values.yaml @@ -0,0 +1 @@ +# cert-manager helm values (prod overlay) diff --git a/kubernetes/platform/cert-manager/config/base/ca-issuer.yaml b/kubernetes/platform/cert-manager/config/base/ca-issuer.yaml new file mode 100644 index 00000000..caa715d5 --- /dev/null +++ b/kubernetes/platform/cert-manager/config/base/ca-issuer.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: picluster-ca + namespace: cert-manager +spec: + isCA: true + commonName: picluster-ca + secretName: root-secret + privateKey: + algorithm: ECDSA + size: 256 + issuerRef: + name: self-signed-issuer + kind: ClusterIssuer + group: cert-manager.io +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: ca-issuer + namespace: cert-manager +spec: + ca: + secretName: root-secret diff --git a/kubernetes/platform/cert-manager/config/base/kustomization.yaml b/kubernetes/platform/cert-manager/config/base/kustomization.yaml new file mode 100644 index 00000000..a38455e6 --- /dev/null +++ b/kubernetes/platform/cert-manager/config/base/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cert-manager + +resources: + - ca-issuer.yaml + - self-signed-issuer.yaml \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/config/base/self-signed-issuer.yaml b/kubernetes/platform/cert-manager/config/base/self-signed-issuer.yaml new file mode 100644 index 00000000..d481f6e2 --- /dev/null +++ b/kubernetes/platform/cert-manager/config/base/self-signed-issuer.yaml @@ -0,0 +1,9 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: self-signed-issuer + namespace: cert-manager + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +spec: + selfSigned: {} \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/config/overlays/dev/kustomization.yaml b/kubernetes/platform/cert-manager/config/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..52398ee1 --- /dev/null +++ b/kubernetes/platform/cert-manager/config/overlays/dev/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cert-manager + +resources: + - ../../base \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/config/overlays/prod/ionos-externalsecret.yaml b/kubernetes/platform/cert-manager/config/overlays/prod/ionos-externalsecret.yaml new file mode 100644 index 00000000..a701775e --- /dev/null +++ b/kubernetes/platform/cert-manager/config/overlays/prod/ionos-externalsecret.yaml @@ -0,0 +1,26 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ionos-externalsecret + namespace: cert-manager +spec: + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: ionos-secret + data: + - secretKey: IONOS_PUBLIC_PREFIX + remoteRef: + key: certmanager/ionos + property: public_prefix + conversionStrategy: Default # ArgoCD sync issue + decodingStrategy: None # ArgoCD sync issue + metadataPolicy: None # ArgoCD sync issue + - secretKey: IONOS_SECRET + remoteRef: + key: certmanager/ionos + property: secret + conversionStrategy: Default # ArgoCD sync issue + decodingStrategy: None # ArgoCD sync issue + metadataPolicy: None # ArgoCD sync issue \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/config/overlays/prod/ionos-issuer.yaml b/kubernetes/platform/cert-manager/config/overlays/prod/ionos-issuer.yaml new file mode 100644 index 00000000..2c4fcb91 --- /dev/null +++ b/kubernetes/platform/cert-manager/config/overlays/prod/ionos-issuer.yaml @@ -0,0 +1,28 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-issuer + namespace: cert-manager +spec: + acme: + # The ACME server URL + server: https://acme-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: admin@ricsanfre.com + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: letsencrypt-ionos-prod + # Enable the dns01 challenge provider + solvers: + - dns01: + webhook: + groupName: acme.fabmade.de + solverName: ionos + config: + apiUrl: https://api.hosting.ionos.com/dns/v1 + publicKeySecretRef: + key: IONOS_PUBLIC_PREFIX + name: ionos-secret + secretKeySecretRef: + key: IONOS_SECRET + name: ionos-secret \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/config/overlays/prod/kustomization.yaml b/kubernetes/platform/cert-manager/config/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..3678a8f7 --- /dev/null +++ b/kubernetes/platform/cert-manager/config/overlays/prod/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cert-manager + +resources: + - ../../base + - ionos-externalsecret.yaml + - ionos-issuer.yaml \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/webhook-ionos/base/helm.yaml b/kubernetes/platform/cert-manager/webhook-ionos/base/helm.yaml new file mode 100644 index 00000000..f8c398f9 --- /dev/null +++ b/kubernetes/platform/cert-manager/webhook-ionos/base/helm.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: cert-manager-webhook-ionos +spec: + url: https://fabmade.github.io/cert-manager-webhook-ionos + interval: 10m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cert-manager-webhook-ionos +spec: + interval: 5m + chart: + spec: + chart: cert-manager-webhook-ionos + version: 1.0.2 + sourceRef: + kind: HelmRepository + name: cert-manager-webhook-ionos + upgrade: + remediation: + retries: 3 + remediateLastFailure: true + install: + remediation: + retries: 3 + remediateLastFailure: true + valuesFrom: + - kind: ConfigMap + name: webhook-ionos-helm-values + valuesKey: base-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/webhook-ionos/base/kustomization.yaml b/kubernetes/platform/cert-manager/webhook-ionos/base/kustomization.yaml new file mode 100644 index 00000000..bbd41c9c --- /dev/null +++ b/kubernetes/platform/cert-manager/webhook-ionos/base/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cert-manager +resources: + - helm.yaml + +configMapGenerator: + - name: webhook-ionos-helm-values + files: + - base-values.yaml=values.yaml +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/webhook-ionos/base/kustomizeconfig.yaml b/kubernetes/platform/cert-manager/webhook-ionos/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/platform/cert-manager/webhook-ionos/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/webhook-ionos/base/values.yaml b/kubernetes/platform/cert-manager/webhook-ionos/base/values.yaml new file mode 100644 index 00000000..e62cfb1c --- /dev/null +++ b/kubernetes/platform/cert-manager/webhook-ionos/base/values.yaml @@ -0,0 +1,2 @@ +# webhook-ionos helm values (base) +groupName: acme.ricsanfre.com diff --git a/kubernetes/platform/cert-manager/webhook-ionos/overlays/dev/helm-patch.yaml b/kubernetes/platform/cert-manager/webhook-ionos/overlays/dev/helm-patch.yaml new file mode 100644 index 00000000..61e4b291 --- /dev/null +++ b/kubernetes/platform/cert-manager/webhook-ionos/overlays/dev/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: webhook-ionos-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/webhook-ionos/overlays/dev/kustomization.yaml b/kubernetes/platform/cert-manager/webhook-ionos/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..c61c1919 --- /dev/null +++ b/kubernetes/platform/cert-manager/webhook-ionos/overlays/dev/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cert-manager + +resources: + - ../../base + +configMapGenerator: + - name: webhook-ionos-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: cert-manager-webhook-ionos + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/webhook-ionos/overlays/dev/values.yaml b/kubernetes/platform/cert-manager/webhook-ionos/overlays/dev/values.yaml new file mode 100644 index 00000000..4328fe7a --- /dev/null +++ b/kubernetes/platform/cert-manager/webhook-ionos/overlays/dev/values.yaml @@ -0,0 +1 @@ +# webhook-ionos helm values (dev overlay) \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/webhook-ionos/overlays/prod/helm-patch.yaml b/kubernetes/platform/cert-manager/webhook-ionos/overlays/prod/helm-patch.yaml new file mode 100644 index 00000000..61e4b291 --- /dev/null +++ b/kubernetes/platform/cert-manager/webhook-ionos/overlays/prod/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: webhook-ionos-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/webhook-ionos/overlays/prod/kustomization.yaml b/kubernetes/platform/cert-manager/webhook-ionos/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..c61c1919 --- /dev/null +++ b/kubernetes/platform/cert-manager/webhook-ionos/overlays/prod/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cert-manager + +resources: + - ../../base + +configMapGenerator: + - name: webhook-ionos-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: cert-manager-webhook-ionos + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/webhook-ionos/overlays/prod/values.yaml b/kubernetes/platform/cert-manager/webhook-ionos/overlays/prod/values.yaml new file mode 100644 index 00000000..e9263073 --- /dev/null +++ b/kubernetes/platform/cert-manager/webhook-ionos/overlays/prod/values.yaml @@ -0,0 +1 @@ +# webhook-ionos helm values (prod overlay) \ No newline at end of file From 50fd6b07373e29768ab1f2e10e8272570ed6ba02 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 25 Aug 2024 11:07:11 +0200 Subject: [PATCH 035/130] Fixig app dependency name --- kubernetes/clusters/prod/infra/cert-manager-app.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/clusters/prod/infra/cert-manager-app.yaml b/kubernetes/clusters/prod/infra/cert-manager-app.yaml index 9461608b..45d05899 100644 --- a/kubernetes/clusters/prod/infra/cert-manager-app.yaml +++ b/kubernetes/clusters/prod/infra/cert-manager-app.yaml @@ -45,6 +45,6 @@ spec: dependsOn: - name: cert-manager-app - name: cert-manager-webhook-ionos - - name: external-secrets + - name: external-secrets-config path: ./kubernetes/platform/cert-manager/config/overlays/prod prune: true \ No newline at end of file From 717a3887760d496de5c9791b261c9c033d475bc8 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 25 Aug 2024 11:14:38 +0200 Subject: [PATCH 036/130] Adding csi-external-snapshotter flux app --- .../prod/infra/csi-external-snapshotter-app.yaml | 16 ++++++++++++++++ .../app/base/kustomization.yaml | 9 +++++++++ .../app/overlays/dev/kustomization.yaml | 5 +++++ .../app/overlays/prod/kustomization.yaml | 5 +++++ 4 files changed, 35 insertions(+) create mode 100644 kubernetes/clusters/prod/infra/csi-external-snapshotter-app.yaml create mode 100644 kubernetes/platform/csi-external-snapshotter/app/base/kustomization.yaml create mode 100644 kubernetes/platform/csi-external-snapshotter/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/csi-external-snapshotter/app/overlays/prod/kustomization.yaml diff --git a/kubernetes/clusters/prod/infra/csi-external-snapshotter-app.yaml b/kubernetes/clusters/prod/infra/csi-external-snapshotter-app.yaml new file mode 100644 index 00000000..f795ddbf --- /dev/null +++ b/kubernetes/clusters/prod/infra/csi-external-snapshotter-app.yaml @@ -0,0 +1,16 @@ +# nginx application +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: csi-external-snapshotter-app + namespace: flux-system +spec: + interval: 5m + targetNamespace: nginx + sourceRef: + kind: GitRepository + name: flux-system + path: ./kubernetes/platform/csi-external-snapshotter/app/overlays/prod + prune: true + diff --git a/kubernetes/platform/csi-external-snapshotter/app/base/kustomization.yaml b/kubernetes/platform/csi-external-snapshotter/app/base/kustomization.yaml new file mode 100644 index 00000000..e20724b2 --- /dev/null +++ b/kubernetes/platform/csi-external-snapshotter/app/base/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +resources: +# Longhorn 1.6.0 is compatible with CSI Snapshot Controller 6.3.2 +# (https://github.com/kubernetes-csi/external-snapshotter) +# In this version of CSI Snapshot Controller kustomization files are available +- https://github.com/kubernetes-csi/external-snapshotter/client/config/crd/?ref=v6.3.2 +- https://github.com/kubernetes-csi/external-snapshotter/deploy/kubernetes/snapshot-controller/?ref=v6.3.2 \ No newline at end of file diff --git a/kubernetes/platform/csi-external-snapshotter/app/overlays/dev/kustomization.yaml b/kubernetes/platform/csi-external-snapshotter/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..774a422d --- /dev/null +++ b/kubernetes/platform/csi-external-snapshotter/app/overlays/dev/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base diff --git a/kubernetes/platform/csi-external-snapshotter/app/overlays/prod/kustomization.yaml b/kubernetes/platform/csi-external-snapshotter/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..774a422d --- /dev/null +++ b/kubernetes/platform/csi-external-snapshotter/app/overlays/prod/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base From d7e9f97b046307773cdd0472921120484cfd023e Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 25 Aug 2024 11:17:46 +0200 Subject: [PATCH 037/130] Setting kube-system as external-snapshotter namespace --- .../clusters/prod/infra/csi-external-snapshotter-app.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/clusters/prod/infra/csi-external-snapshotter-app.yaml b/kubernetes/clusters/prod/infra/csi-external-snapshotter-app.yaml index f795ddbf..ab48a656 100644 --- a/kubernetes/clusters/prod/infra/csi-external-snapshotter-app.yaml +++ b/kubernetes/clusters/prod/infra/csi-external-snapshotter-app.yaml @@ -7,7 +7,7 @@ metadata: namespace: flux-system spec: interval: 5m - targetNamespace: nginx + targetNamespace: kube-system sourceRef: kind: GitRepository name: flux-system From 273eaf6510e1b99f08aef95315838d188b25859b Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 25 Aug 2024 11:40:43 +0200 Subject: [PATCH 038/130] Adding k3s system-upgrade flux app --- .../prod/infra/system-upgrade-app.yaml | 31 +++++++++++++++++++ .../app/base/kustomization.yaml | 6 ++++ .../app/overlays/dev/kustomization.yaml | 6 ++++ .../app/overlays/prod/kustomization.yaml | 6 ++++ .../system-upgrade/config/base/k3s-agent.yaml | 25 +++++++++++++++ .../config/base/k3s-server.yaml | 24 ++++++++++++++ .../config/base/kustomization.yaml | 6 ++++ .../config/overlays/dev/kustomization.yaml | 5 +++ .../config/overlays/prod/kustomization.yaml | 5 +++ 9 files changed, 114 insertions(+) create mode 100644 kubernetes/clusters/prod/infra/system-upgrade-app.yaml create mode 100644 kubernetes/platform/system-upgrade/app/base/kustomization.yaml create mode 100644 kubernetes/platform/system-upgrade/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/system-upgrade/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/system-upgrade/config/base/k3s-agent.yaml create mode 100644 kubernetes/platform/system-upgrade/config/base/k3s-server.yaml create mode 100644 kubernetes/platform/system-upgrade/config/base/kustomization.yaml create mode 100644 kubernetes/platform/system-upgrade/config/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/system-upgrade/config/overlays/prod/kustomization.yaml diff --git a/kubernetes/clusters/prod/infra/system-upgrade-app.yaml b/kubernetes/clusters/prod/infra/system-upgrade-app.yaml new file mode 100644 index 00000000..e42aade4 --- /dev/null +++ b/kubernetes/clusters/prod/infra/system-upgrade-app.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: system-upgrade-app + namespace: flux-system +spec: + interval: 5m + targetNamespace: system-upgrade + sourceRef: + kind: GitRepository + name: flux-system + path: ./kubernetes/platform/system-upgrade/app/overlays/prod + prune: true + +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: system-upgrade-config + namespace: flux-system +spec: + interval: 5m + targetNamespace: system-upgrade + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: system-upgrade-app + path: ./kubernetes/platform/system-upgrade/config/overlays/prod + prune: true diff --git a/kubernetes/platform/system-upgrade/app/base/kustomization.yaml b/kubernetes/platform/system-upgrade/app/base/kustomization.yaml new file mode 100644 index 00000000..752e8cb2 --- /dev/null +++ b/kubernetes/platform/system-upgrade/app/base/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - https://github.com/rancher/system-upgrade-controller/releases/download/v0.10.0/crd.yaml + - https://github.com/rancher/system-upgrade-controller/releases/download/v0.10.0/system-upgrade-controller.yaml diff --git a/kubernetes/platform/system-upgrade/app/overlays/dev/kustomization.yaml b/kubernetes/platform/system-upgrade/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..2b44c30e --- /dev/null +++ b/kubernetes/platform/system-upgrade/app/overlays/dev/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: system-upgrade + +resources: + - ../../base \ No newline at end of file diff --git a/kubernetes/platform/system-upgrade/app/overlays/prod/kustomization.yaml b/kubernetes/platform/system-upgrade/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..2b44c30e --- /dev/null +++ b/kubernetes/platform/system-upgrade/app/overlays/prod/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: system-upgrade + +resources: + - ../../base \ No newline at end of file diff --git a/kubernetes/platform/system-upgrade/config/base/k3s-agent.yaml b/kubernetes/platform/system-upgrade/config/base/k3s-agent.yaml new file mode 100644 index 00000000..aeef3edb --- /dev/null +++ b/kubernetes/platform/system-upgrade/config/base/k3s-agent.yaml @@ -0,0 +1,25 @@ +apiVersion: upgrade.cattle.io/v1 +kind: Plan +metadata: + name: k3s-agent + namespace: system-upgrade + labels: + k3s-upgrade: agent +spec: + nodeSelector: + matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: DoesNotExist + serviceAccountName: system-upgrade + # Wait for k3s-server upgrade plan to complete before executing k3s-agent plan + prepare: + image: rancher/k3s-upgrade + args: + - prepare + - k3s-server + concurrency: 1 + # Cordon node before upgrade it + cordon: true + upgrade: + image: rancher/k3s-upgrade + version: v1.30.2+k3s2 \ No newline at end of file diff --git a/kubernetes/platform/system-upgrade/config/base/k3s-server.yaml b/kubernetes/platform/system-upgrade/config/base/k3s-server.yaml new file mode 100644 index 00000000..06e1b707 --- /dev/null +++ b/kubernetes/platform/system-upgrade/config/base/k3s-server.yaml @@ -0,0 +1,24 @@ +apiVersion: upgrade.cattle.io/v1 +kind: Plan +metadata: + name: k3s-server + namespace: system-upgrade + labels: + k3s-upgrade: server +spec: + nodeSelector: + matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + # Enable plan deployment on master node (noSchedulable by installation) + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + serviceAccountName: system-upgrade + concurrency: 1 + # Cordon node before upgrade it + cordon: true + upgrade: + image: rancher/k3s-upgrade + version: v1.30.2+k3s2 \ No newline at end of file diff --git a/kubernetes/platform/system-upgrade/config/base/kustomization.yaml b/kubernetes/platform/system-upgrade/config/base/kustomization.yaml new file mode 100644 index 00000000..9eac6731 --- /dev/null +++ b/kubernetes/platform/system-upgrade/config/base/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - k3s-server.yaml + - k3s-agent.yaml \ No newline at end of file diff --git a/kubernetes/platform/system-upgrade/config/overlays/dev/kustomization.yaml b/kubernetes/platform/system-upgrade/config/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..681848f0 --- /dev/null +++ b/kubernetes/platform/system-upgrade/config/overlays/dev/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base \ No newline at end of file diff --git a/kubernetes/platform/system-upgrade/config/overlays/prod/kustomization.yaml b/kubernetes/platform/system-upgrade/config/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..681848f0 --- /dev/null +++ b/kubernetes/platform/system-upgrade/config/overlays/prod/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base \ No newline at end of file From a1460fd0c9de047541841295e955bf6d525876c5 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 25 Aug 2024 12:22:30 +0200 Subject: [PATCH 039/130] Adding S3_BACKUP_SERVER cluster setting --- kubernetes/clusters/prod/settings/cluster-settings.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kubernetes/clusters/prod/settings/cluster-settings.yaml b/kubernetes/clusters/prod/settings/cluster-settings.yaml index 6961f311..b96322c5 100644 --- a/kubernetes/clusters/prod/settings/cluster-settings.yaml +++ b/kubernetes/clusters/prod/settings/cluster-settings.yaml @@ -5,4 +5,5 @@ metadata: name: cluster-settings namespace: flux-system data: - CLUSTER_DOMAIN: picluster.ricsanfre.com \ No newline at end of file + CLUSTER_DOMAIN: picluster.ricsanfre.com + S3_BACKUP_SERVER: s3.ricsanfre.com \ No newline at end of file From c79c1b2da18558b51965be4553a3b0d685c16d0c Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 25 Aug 2024 12:27:51 +0200 Subject: [PATCH 040/130] Adding longhorn flux app --- .../clusters/prod/infra/longhorn-app.yaml | 24 +++++++++++++ .../platform/longhorn/app/base/helm.yaml | 34 ++++++++++++++++++ .../longhorn/app/base/kustomization.yaml | 12 +++++++ .../longhorn/app/base/kustomizeconfig.yaml | 11 ++++++ kubernetes/platform/longhorn/app/base/ns.yaml | 4 +++ .../platform/longhorn/app/base/values.yaml | 5 +++ .../app/components/backup/helm-patch.yaml | 6 ++++ .../app/components/backup/kustomization.yaml | 20 +++++++++++ .../backup/minio-externalsecret.yaml | 26 ++++++++++++++ .../app/components/backup/values.yaml | 6 ++++ .../backup/volume-snapshot-class.yaml | 32 +++++++++++++++++ .../app/components/ingress/helm-patch.yaml | 6 ++++ .../app/components/ingress/kustomization.yaml | 16 +++++++++ .../app/components/ingress/values.yaml | 36 +++++++++++++++++++ .../app/components/monitor/kustomization.yaml | 5 +++ .../components/monitor/service-monitor.yaml | 18 ++++++++++ .../longhorn/app/overlays/dev/helm-patch.yaml | 6 ++++ .../app/overlays/dev/kustomization.yaml | 19 ++++++++++ .../longhorn/app/overlays/dev/values.yaml | 1 + .../app/overlays/prod/helm-patch.yaml | 6 ++++ .../app/overlays/prod/kustomization.yaml | 24 +++++++++++++ .../longhorn/app/overlays/prod/values.yaml | 1 + 22 files changed, 318 insertions(+) create mode 100644 kubernetes/clusters/prod/infra/longhorn-app.yaml create mode 100644 kubernetes/platform/longhorn/app/base/helm.yaml create mode 100644 kubernetes/platform/longhorn/app/base/kustomization.yaml create mode 100644 kubernetes/platform/longhorn/app/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/longhorn/app/base/ns.yaml create mode 100644 kubernetes/platform/longhorn/app/base/values.yaml create mode 100644 kubernetes/platform/longhorn/app/components/backup/helm-patch.yaml create mode 100644 kubernetes/platform/longhorn/app/components/backup/kustomization.yaml create mode 100644 kubernetes/platform/longhorn/app/components/backup/minio-externalsecret.yaml create mode 100644 kubernetes/platform/longhorn/app/components/backup/values.yaml create mode 100644 kubernetes/platform/longhorn/app/components/backup/volume-snapshot-class.yaml create mode 100644 kubernetes/platform/longhorn/app/components/ingress/helm-patch.yaml create mode 100644 kubernetes/platform/longhorn/app/components/ingress/kustomization.yaml create mode 100644 kubernetes/platform/longhorn/app/components/ingress/values.yaml create mode 100644 kubernetes/platform/longhorn/app/components/monitor/kustomization.yaml create mode 100644 kubernetes/platform/longhorn/app/components/monitor/service-monitor.yaml create mode 100644 kubernetes/platform/longhorn/app/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/longhorn/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/longhorn/app/overlays/dev/values.yaml create mode 100644 kubernetes/platform/longhorn/app/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/longhorn/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/longhorn/app/overlays/prod/values.yaml diff --git a/kubernetes/clusters/prod/infra/longhorn-app.yaml b/kubernetes/clusters/prod/infra/longhorn-app.yaml new file mode 100644 index 00000000..9091acc5 --- /dev/null +++ b/kubernetes/clusters/prod/infra/longhorn-app.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: longhorn-app + namespace: flux-system +spec: + interval: 5m + targetNamespace: longhorn-system + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: csi-external-snapshooter-app + - name: external-secrets-config + path: ./kubernetes/platform/longhorn/app/overlays/prod + prune: true + postBuild: + substituteFrom: + - kind: ConfigMap + name: cluster-settings + # Use this ConfigMap if it exists, but proceed if it doesn't. + optional: true + diff --git a/kubernetes/platform/longhorn/app/base/helm.yaml b/kubernetes/platform/longhorn/app/base/helm.yaml new file mode 100644 index 00000000..799e35b4 --- /dev/null +++ b/kubernetes/platform/longhorn/app/base/helm.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: longhorn +spec: + url: https://charts.longhorn.io + interval: 10m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: longhorn +spec: + interval: 5m + chart: + spec: + chart: longhorn + version: 1.6.2 + sourceRef: + kind: HelmRepository + name: longhorn + upgrade: + remediation: + retries: 3 + remediateLastFailure: true + install: + remediation: + retries: 3 + remediateLastFailure: true + valuesFrom: + - kind: ConfigMap + name: longhorn-helm-values + valuesKey: base-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/longhorn/app/base/kustomization.yaml b/kubernetes/platform/longhorn/app/base/kustomization.yaml new file mode 100644 index 00000000..3c843028 --- /dev/null +++ b/kubernetes/platform/longhorn/app/base/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - helm.yaml + +configMapGenerator: + - name: longhorn-helm-values + files: + - base-values.yaml=values.yaml +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/platform/longhorn/app/base/kustomizeconfig.yaml b/kubernetes/platform/longhorn/app/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/platform/longhorn/app/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/platform/longhorn/app/base/ns.yaml b/kubernetes/platform/longhorn/app/base/ns.yaml new file mode 100644 index 00000000..9ac93955 --- /dev/null +++ b/kubernetes/platform/longhorn/app/base/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: longhorn-system diff --git a/kubernetes/platform/longhorn/app/base/values.yaml b/kubernetes/platform/longhorn/app/base/values.yaml new file mode 100644 index 00000000..d1719cdc --- /dev/null +++ b/kubernetes/platform/longhorn/app/base/values.yaml @@ -0,0 +1,5 @@ +# longhorn helm values (base) + +# Storage path +defaultSettings: + defaultDataPath: "/storage" \ No newline at end of file diff --git a/kubernetes/platform/longhorn/app/components/backup/helm-patch.yaml b/kubernetes/platform/longhorn/app/components/backup/helm-patch.yaml new file mode 100644 index 00000000..ed7e2dc7 --- /dev/null +++ b/kubernetes/platform/longhorn/app/components/backup/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: longhorn-helm-values + valuesKey: backup-values.yaml diff --git a/kubernetes/platform/longhorn/app/components/backup/kustomization.yaml b/kubernetes/platform/longhorn/app/components/backup/kustomization.yaml new file mode 100644 index 00000000..e91fc0ae --- /dev/null +++ b/kubernetes/platform/longhorn/app/components/backup/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - minio-externalsecret.yaml + - volume-snapshot-class.yaml + +# patch values.yaml +configMapGenerator: + - name: longhorn-helm-values + behavior: merge + files: + - backup-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: longhorn + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/longhorn/app/components/backup/minio-externalsecret.yaml b/kubernetes/platform/longhorn/app/components/backup/minio-externalsecret.yaml new file mode 100644 index 00000000..a3fe4593 --- /dev/null +++ b/kubernetes/platform/longhorn/app/components/backup/minio-externalsecret.yaml @@ -0,0 +1,26 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: minio-externalsecret + namespace: longhorn-system +spec: + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: longhorn-minio-secret + template: + engineVersion: v2 + data: + AWS_ENDPOINTS: "https://${S3_BACKUP_SERVER}:9091" + AWS_ACCESS_KEY_ID: "{{ .user | toString }}" + AWS_SECRET_ACCESS_KEY: "{{ .key | toString }}" + data: + - secretKey: user + remoteRef: + key: minio/longhorn + property: user + - secretKey: key + remoteRef: + key: minio/longhorn + property: key diff --git a/kubernetes/platform/longhorn/app/components/backup/values.yaml b/kubernetes/platform/longhorn/app/components/backup/values.yaml new file mode 100644 index 00000000..0b55a2da --- /dev/null +++ b/kubernetes/platform/longhorn/app/components/backup/values.yaml @@ -0,0 +1,6 @@ +# longhorn helm values (backup) + +defaultSettings: + # Backup S3 configuration + backupTarget: "s3://k3s-longhorn@eu-west-1/" + backupTargetCredentialSecret: longhorn-minio-secret diff --git a/kubernetes/platform/longhorn/app/components/backup/volume-snapshot-class.yaml b/kubernetes/platform/longhorn/app/components/backup/volume-snapshot-class.yaml new file mode 100644 index 00000000..7d7a25d9 --- /dev/null +++ b/kubernetes/platform/longhorn/app/components/backup/volume-snapshot-class.yaml @@ -0,0 +1,32 @@ +# VolumeSnapshotClasses + +# Default VolumeSnapshotClass + +kind: VolumeSnapshotClass +apiVersion: snapshot.storage.k8s.io/v1 +metadata: + name: longhorn +driver: driver.longhorn.io +deletionPolicy: Delete + +--- +# CSI VolumeSnapshot Associated With Longhorn Snapshot +kind: VolumeSnapshotClass +apiVersion: snapshot.storage.k8s.io/v1 +metadata: + name: longhorn-snapshot-vsc +driver: driver.longhorn.io +deletionPolicy: Delete +parameters: + type: snap + +--- +# CSI VolumeSnapshot Associated With Longhorn Backup +kind: VolumeSnapshotClass +apiVersion: snapshot.storage.k8s.io/v1 +metadata: + name: longhorn-backup-vsc +driver: driver.longhorn.io +deletionPolicy: Delete +parameters: + type: bak \ No newline at end of file diff --git a/kubernetes/platform/longhorn/app/components/ingress/helm-patch.yaml b/kubernetes/platform/longhorn/app/components/ingress/helm-patch.yaml new file mode 100644 index 00000000..83cf6d0d --- /dev/null +++ b/kubernetes/platform/longhorn/app/components/ingress/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: longhorn-helm-values + valuesKey: ingress-values.yaml diff --git a/kubernetes/platform/longhorn/app/components/ingress/kustomization.yaml b/kubernetes/platform/longhorn/app/components/ingress/kustomization.yaml new file mode 100644 index 00000000..efbceb9c --- /dev/null +++ b/kubernetes/platform/longhorn/app/components/ingress/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# patch values.yaml? +configMapGenerator: + - name: longhorn-helm-values + behavior: merge + files: + - ingress-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: longhorn + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/longhorn/app/components/ingress/values.yaml b/kubernetes/platform/longhorn/app/components/ingress/values.yaml new file mode 100644 index 00000000..7702d0eb --- /dev/null +++ b/kubernetes/platform/longhorn/app/components/ingress/values.yaml @@ -0,0 +1,36 @@ +# longhorn helm values (ingress) + +# Ingress Resource. Longhorn dashboard. +ingress: + ## Enable creation of ingress resource + enabled: true + ## Add ingressClassName to the Ingress + ingressClassName: nginx + + # ingress host + host: longhorn.${CLUSTER_DOMAIN} + + ## Set this to true in order to enable TLS on the ingress record + tls: true + + ## TLS Secret Name + tlsSecret: longhorn-tls + + ## Default ingress path + path: / + + ## Ingress annotations + annotations: + + # Enable external authentication using Oauth2-proxy + nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy.${CLUSTER_DOMAIN}/oauth2/start?rd=https://$host$request_uri + nginx.ingress.kubernetes.io/auth-url: http://oauth2-proxy.oauth2-proxy.svc.cluster.local/oauth2/auth + nginx.ingress.kubernetes.io/proxy-buffer-size: "16k" + nginx.ingress.kubernetes.io/auth-response-headers: Authorization + + # Enable cert-manager to create automatically the SSL certificate and store in Secret + # Possible Cluster-Issuer values: + # * 'letsencrypt-issuer' (valid TLS certificate using Letsencrypt) + # * 'ca-issuer' (CA-signed certificate, not valid) + cert-manager.io/cluster-issuer: letsencrypt-issuer + cert-manager.io/common-name: longhorn.${CLUSTER_DOMAIN} \ No newline at end of file diff --git a/kubernetes/platform/longhorn/app/components/monitor/kustomization.yaml b/kubernetes/platform/longhorn/app/components/monitor/kustomization.yaml new file mode 100644 index 00000000..be587b14 --- /dev/null +++ b/kubernetes/platform/longhorn/app/components/monitor/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - service-monitor.yaml \ No newline at end of file diff --git a/kubernetes/platform/longhorn/app/components/monitor/service-monitor.yaml b/kubernetes/platform/longhorn/app/components/monitor/service-monitor.yaml new file mode 100644 index 00000000..7442fab0 --- /dev/null +++ b/kubernetes/platform/longhorn/app/components/monitor/service-monitor.yaml @@ -0,0 +1,18 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app: longhorn + release: kube-prometheus-stack + name: longhorn-prometheus-servicemonitor + namespace: longhorn-system +spec: + jobLabel: app.kubernetes.io/name + selector: + matchLabels: + app: longhorn-manager + namespaceSelector: + matchNames: + - longhorn-system + endpoints: + - port: manager \ No newline at end of file diff --git a/kubernetes/platform/longhorn/app/overlays/dev/helm-patch.yaml b/kubernetes/platform/longhorn/app/overlays/dev/helm-patch.yaml new file mode 100644 index 00000000..7cf50451 --- /dev/null +++ b/kubernetes/platform/longhorn/app/overlays/dev/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: longhorn-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/longhorn/app/overlays/dev/kustomization.yaml b/kubernetes/platform/longhorn/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..c1d1b709 --- /dev/null +++ b/kubernetes/platform/longhorn/app/overlays/dev/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: longhorn-system + +resources: + - ../../base + +configMapGenerator: + - name: longhorn-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: longhorn + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/longhorn/app/overlays/dev/values.yaml b/kubernetes/platform/longhorn/app/overlays/dev/values.yaml new file mode 100644 index 00000000..6e7ac149 --- /dev/null +++ b/kubernetes/platform/longhorn/app/overlays/dev/values.yaml @@ -0,0 +1 @@ +# longhorn helm values (dev overlay) diff --git a/kubernetes/platform/longhorn/app/overlays/prod/helm-patch.yaml b/kubernetes/platform/longhorn/app/overlays/prod/helm-patch.yaml new file mode 100644 index 00000000..7cf50451 --- /dev/null +++ b/kubernetes/platform/longhorn/app/overlays/prod/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: longhorn-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/longhorn/app/overlays/prod/kustomization.yaml b/kubernetes/platform/longhorn/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..d8e94ec5 --- /dev/null +++ b/kubernetes/platform/longhorn/app/overlays/prod/kustomization.yaml @@ -0,0 +1,24 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: longhorn-system + +resources: + - ../../base + +components: + - ../../components/ingress + - ../../components/backup + - ../../components/monitor + +configMapGenerator: + - name: longhorn-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: longhorn + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/longhorn/app/overlays/prod/values.yaml b/kubernetes/platform/longhorn/app/overlays/prod/values.yaml new file mode 100644 index 00000000..aa58d056 --- /dev/null +++ b/kubernetes/platform/longhorn/app/overlays/prod/values.yaml @@ -0,0 +1 @@ +# longhorn helm values (prod overlay) From 44e777c960848521486935fd6c498309183be0b5 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 25 Aug 2024 12:31:01 +0200 Subject: [PATCH 041/130] Fixing typo in dependency name --- kubernetes/clusters/prod/infra/longhorn-app.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/clusters/prod/infra/longhorn-app.yaml b/kubernetes/clusters/prod/infra/longhorn-app.yaml index 9091acc5..5cd692d0 100644 --- a/kubernetes/clusters/prod/infra/longhorn-app.yaml +++ b/kubernetes/clusters/prod/infra/longhorn-app.yaml @@ -11,7 +11,7 @@ spec: kind: GitRepository name: flux-system dependsOn: - - name: csi-external-snapshooter-app + - name: csi-external-snapshotter-app - name: external-secrets-config path: ./kubernetes/platform/longhorn/app/overlays/prod prune: true From 2323b9dc144899876482a77f1c35071c8cfd31ab Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 25 Aug 2024 13:16:38 +0200 Subject: [PATCH 042/130] Adding minio flux app --- kubernetes/clusters/prod/infra/minio-app.yaml | 23 ++++++++ kubernetes/platform/minio/app/base/helm.yaml | 37 +++++++++++++ .../minio/app/base/kustomization.yaml | 13 +++++ .../minio/app/base/kustomizeconfig.yaml | 11 ++++ .../app/base/minio-root-external-secret.yaml | 20 +++++++ kubernetes/platform/minio/app/base/ns.yaml | 4 ++ .../platform/minio/app/base/values.yaml | 22 ++++++++ .../app/components/config/helm-patch.yaml | 6 +++ .../app/components/config/kustomization.yaml | 19 +++++++ .../config/minio-users-external-secret.yaml | 20 +++++++ .../minio/app/components/config/values.yaml | 44 +++++++++++++++ .../app/components/ingress/helm-patch.yaml | 6 +++ .../app/components/ingress/kustomization.yaml | 16 ++++++ .../minio/app/components/ingress/values.yaml | 53 +++++++++++++++++++ .../app/components/monitor/helm-patch.yaml | 6 +++ .../app/components/monitor/kustomization.yaml | 16 ++++++ .../minio/app/components/monitor/values.yaml | 7 +++ .../minio/app/overlays/dev/helm-patch.yaml | 6 +++ .../minio/app/overlays/dev/kustomization.yaml | 19 +++++++ .../minio/app/overlays/dev/values.yaml | 1 + .../minio/app/overlays/prod/helm-patch.yaml | 6 +++ .../app/overlays/prod/kustomization.yaml | 24 +++++++++ .../minio/app/overlays/prod/values.yaml | 13 +++++ 23 files changed, 392 insertions(+) create mode 100644 kubernetes/clusters/prod/infra/minio-app.yaml create mode 100644 kubernetes/platform/minio/app/base/helm.yaml create mode 100644 kubernetes/platform/minio/app/base/kustomization.yaml create mode 100644 kubernetes/platform/minio/app/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/minio/app/base/minio-root-external-secret.yaml create mode 100644 kubernetes/platform/minio/app/base/ns.yaml create mode 100644 kubernetes/platform/minio/app/base/values.yaml create mode 100644 kubernetes/platform/minio/app/components/config/helm-patch.yaml create mode 100644 kubernetes/platform/minio/app/components/config/kustomization.yaml create mode 100644 kubernetes/platform/minio/app/components/config/minio-users-external-secret.yaml create mode 100644 kubernetes/platform/minio/app/components/config/values.yaml create mode 100644 kubernetes/platform/minio/app/components/ingress/helm-patch.yaml create mode 100644 kubernetes/platform/minio/app/components/ingress/kustomization.yaml create mode 100644 kubernetes/platform/minio/app/components/ingress/values.yaml create mode 100644 kubernetes/platform/minio/app/components/monitor/helm-patch.yaml create mode 100644 kubernetes/platform/minio/app/components/monitor/kustomization.yaml create mode 100644 kubernetes/platform/minio/app/components/monitor/values.yaml create mode 100644 kubernetes/platform/minio/app/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/minio/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/minio/app/overlays/dev/values.yaml create mode 100644 kubernetes/platform/minio/app/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/minio/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/minio/app/overlays/prod/values.yaml diff --git a/kubernetes/clusters/prod/infra/minio-app.yaml b/kubernetes/clusters/prod/infra/minio-app.yaml new file mode 100644 index 00000000..cb451cfb --- /dev/null +++ b/kubernetes/clusters/prod/infra/minio-app.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: minio-app + namespace: flux-system +spec: + interval: 5m + targetNamespace: minio + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: external-secrets-config + - name: longhorn-app + path: ./kubernetes/platform/minio/app/overlays/prod + prune: true + postBuild: + substituteFrom: + - kind: ConfigMap + name: cluster-settings + # Use this ConfigMap if it exists, but proceed if it doesn't. + optional: true diff --git a/kubernetes/platform/minio/app/base/helm.yaml b/kubernetes/platform/minio/app/base/helm.yaml new file mode 100644 index 00000000..2fefeedd --- /dev/null +++ b/kubernetes/platform/minio/app/base/helm.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: minio +spec: + url: https://charts.min.io/ + interval: 10m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: minio +spec: + interval: 5m + chart: + spec: + chart: minio + version: 5.2.0 + sourceRef: + kind: HelmRepository + name: minio + upgrade: + remediation: + retries: 3 + remediateLastFailure: true + install: + remediation: + retries: 3 + remediateLastFailure: true + dependsOn: + - name: longhorn-system + namespace: longhorn-system + valuesFrom: + - kind: ConfigMap + name: minio-helm-values + valuesKey: base-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/minio/app/base/kustomization.yaml b/kubernetes/platform/minio/app/base/kustomization.yaml new file mode 100644 index 00000000..598d765e --- /dev/null +++ b/kubernetes/platform/minio/app/base/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - minio-root-external-secret.yaml + - helm.yaml + +configMapGenerator: + - name: minio-helm-values + files: + - base-values.yaml=values.yaml +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/platform/minio/app/base/kustomizeconfig.yaml b/kubernetes/platform/minio/app/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/platform/minio/app/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/platform/minio/app/base/minio-root-external-secret.yaml b/kubernetes/platform/minio/app/base/minio-root-external-secret.yaml new file mode 100644 index 00000000..7b2783a5 --- /dev/null +++ b/kubernetes/platform/minio/app/base/minio-root-external-secret.yaml @@ -0,0 +1,20 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: minio-root-external-secret + namespace: minio +spec: + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: minio-root-secret + data: + - secretKey: rootUser + remoteRef: + key: minio/root + property: user + - secretKey: rootPassword + remoteRef: + key: minio/root + property: key diff --git a/kubernetes/platform/minio/app/base/ns.yaml b/kubernetes/platform/minio/app/base/ns.yaml new file mode 100644 index 00000000..7eb26130 --- /dev/null +++ b/kubernetes/platform/minio/app/base/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: minio diff --git a/kubernetes/platform/minio/app/base/values.yaml b/kubernetes/platform/minio/app/base/values.yaml new file mode 100644 index 00000000..62e54579 --- /dev/null +++ b/kubernetes/platform/minio/app/base/values.yaml @@ -0,0 +1,22 @@ +# minio helm values (base) +# Get root user/password from secret +existingSecret: minio-secret + +# Number of drives attached to a node +drivesPerNode: 1 +# Number of MinIO containers running +replicas: 3 +# Number of expanded MinIO clusters +pools: 1 + +# Persistence +persistence: + enabled: true + storageClass: "longhorn" + accessMode: ReadWriteOnce + size: 10Gi + +# Resource request +resources: + requests: + memory: 512Mi \ No newline at end of file diff --git a/kubernetes/platform/minio/app/components/config/helm-patch.yaml b/kubernetes/platform/minio/app/components/config/helm-patch.yaml new file mode 100644 index 00000000..af1112bf --- /dev/null +++ b/kubernetes/platform/minio/app/components/config/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: minio-helm-values + valuesKey: config-values.yaml diff --git a/kubernetes/platform/minio/app/components/config/kustomization.yaml b/kubernetes/platform/minio/app/components/config/kustomization.yaml new file mode 100644 index 00000000..c6d4c0fa --- /dev/null +++ b/kubernetes/platform/minio/app/components/config/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - minio-users-external-secret.yaml + +# patch values.yaml? +configMapGenerator: + - name: minio-helm-values + behavior: merge + files: + - config-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: minio + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/minio/app/components/config/minio-users-external-secret.yaml b/kubernetes/platform/minio/app/components/config/minio-users-external-secret.yaml new file mode 100644 index 00000000..dd7896ca --- /dev/null +++ b/kubernetes/platform/minio/app/components/config/minio-users-external-secret.yaml @@ -0,0 +1,20 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: minio-users-external-secret + namespace: minio +spec: + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: minio-users-secret + data: + - secretKey: lokiPassword + remoteRef: + key: minio/loki + property: key + - secretKey: tempoPassword + remoteRef: + key: minio/tempo + property: key diff --git a/kubernetes/platform/minio/app/components/config/values.yaml b/kubernetes/platform/minio/app/components/config/values.yaml new file mode 100644 index 00000000..943cf9b1 --- /dev/null +++ b/kubernetes/platform/minio/app/components/config/values.yaml @@ -0,0 +1,44 @@ +# minio helm values (config) + +# Minio Buckets +buckets: + - name: k3s-loki + policy: none + - name: k3s-tempo + policy: none + +# Minio Policies +policies: + - name: loki + statements: + - resources: + - 'arn:aws:s3:::k3s-loki' + - 'arn:aws:s3:::k3s-loki/*' + actions: + - "s3:DeleteObject" + - "s3:GetObject" + - "s3:ListBucket" + - "s3:PutObject" + - name: tempo + statements: + - resources: + - 'arn:aws:s3:::k3s-tempo' + - 'arn:aws:s3:::k3s-tempo/*' + actions: + - "s3:DeleteObject" + - "s3:GetObject" + - "s3:ListBucket" + - "s3:PutObject" + - "s3:GetObjectTagging" + - "s3:PutObjectTagging" + +# Minio Users +users: + - accessKey: loki + existingSecret: minio-users-secret + existingSecretKey: lokiPassword + policy: loki + - accessKey: tempo + existingSecret: minio-users-secret + existingSecretKey: tempoPassword + policy: tempo \ No newline at end of file diff --git a/kubernetes/platform/minio/app/components/ingress/helm-patch.yaml b/kubernetes/platform/minio/app/components/ingress/helm-patch.yaml new file mode 100644 index 00000000..07313cd9 --- /dev/null +++ b/kubernetes/platform/minio/app/components/ingress/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: minio-helm-values + valuesKey: ingress-values.yaml diff --git a/kubernetes/platform/minio/app/components/ingress/kustomization.yaml b/kubernetes/platform/minio/app/components/ingress/kustomization.yaml new file mode 100644 index 00000000..ac34c64a --- /dev/null +++ b/kubernetes/platform/minio/app/components/ingress/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# patch values.yaml? +configMapGenerator: + - name: minio-helm-values + behavior: merge + files: + - ingress-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: minio + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/minio/app/components/ingress/values.yaml b/kubernetes/platform/minio/app/components/ingress/values.yaml new file mode 100644 index 00000000..1e89aca3 --- /dev/null +++ b/kubernetes/platform/minio/app/components/ingress/values.yaml @@ -0,0 +1,53 @@ +# minio helm values (ingress) + +# Ingress resource +ingress: + ## Enable creation of ingress resource + enabled: true + ## Add ingressClassName to the Ingress + ingressClassName: nginx + # ingress host + hosts: + - s3.${CLUSTER_DOMAIN} + ## TLS Secret Name + tls: + - secretName: minio-tls + hosts: + - s3.${CLUSTER_DOMAIN} + ## Default ingress path + path: / + ## Ingress annotations + annotations: + # Linkerd configuration. Configure Service as Upstream + nginx.ingress.kubernetes.io/service-upstream: "true" + # Enable cert-manager to create automatically the SSL certificate and store in Secret + # Possible Cluster-Issuer values: + # * 'letsencrypt-issuer' (valid TLS certificate using IONOS API) + # * 'ca-issuer' (CA-signed certificate, not valid) + cert-manager.io/cluster-issuer: letsencrypt-issuer + cert-manager.io/common-name: s3.${CLUSTER_DOMAIN} + +# console Ingress +consoleIngress: + ## Enable creation of ingress resource + enabled: true + ## Add ingressClassName to the Ingress + ingressClassName: nginx + # ingress host + hosts: + - minio.${CLUSTER_DOMAIN} + ## TLS Secret Name + tls: + - secretName: minio-console-tls + hosts: + - minio.${CLUSTER_DOMAIN} + ## Default ingress path + path: / + ## Ingress annotations + annotations: + # Enable cert-manager to create automatically the SSL certificate and store in Secret + # Possible Cluster-Issuer values: + # * 'letsencrypt-issuer' (valid TLS certificate using IONOS API) + # * 'ca-issuer' (CA-signed certificate, not valid) + cert-manager.io/cluster-issuer: letsencrypt-issuer + cert-manager.io/common-name: minio.${CLUSTER_DOMAIN} diff --git a/kubernetes/platform/minio/app/components/monitor/helm-patch.yaml b/kubernetes/platform/minio/app/components/monitor/helm-patch.yaml new file mode 100644 index 00000000..9da3db6b --- /dev/null +++ b/kubernetes/platform/minio/app/components/monitor/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: minio-helm-values + valuesKey: monitor-values.yaml diff --git a/kubernetes/platform/minio/app/components/monitor/kustomization.yaml b/kubernetes/platform/minio/app/components/monitor/kustomization.yaml new file mode 100644 index 00000000..0396f865 --- /dev/null +++ b/kubernetes/platform/minio/app/components/monitor/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# patch values.yaml? +configMapGenerator: + - name: minio-helm-values + behavior: merge + files: + - monitor-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: minio + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/minio/app/components/monitor/values.yaml b/kubernetes/platform/minio/app/components/monitor/values.yaml new file mode 100644 index 00000000..cc0db193 --- /dev/null +++ b/kubernetes/platform/minio/app/components/monitor/values.yaml @@ -0,0 +1,7 @@ +# minio helm values (ingress) + +# Service Monitor +metrics: + serviceMonitor: + enabled: true + includeNode: true \ No newline at end of file diff --git a/kubernetes/platform/minio/app/overlays/dev/helm-patch.yaml b/kubernetes/platform/minio/app/overlays/dev/helm-patch.yaml new file mode 100644 index 00000000..ddebe60e --- /dev/null +++ b/kubernetes/platform/minio/app/overlays/dev/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: minio-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/minio/app/overlays/dev/kustomization.yaml b/kubernetes/platform/minio/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..adf4c566 --- /dev/null +++ b/kubernetes/platform/minio/app/overlays/dev/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: minio + +resources: + - ../../base + +configMapGenerator: + - name: minio-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: minio + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/minio/app/overlays/dev/values.yaml b/kubernetes/platform/minio/app/overlays/dev/values.yaml new file mode 100644 index 00000000..d58ec377 --- /dev/null +++ b/kubernetes/platform/minio/app/overlays/dev/values.yaml @@ -0,0 +1 @@ +# minio helm values (dev overlay) diff --git a/kubernetes/platform/minio/app/overlays/prod/helm-patch.yaml b/kubernetes/platform/minio/app/overlays/prod/helm-patch.yaml new file mode 100644 index 00000000..ddebe60e --- /dev/null +++ b/kubernetes/platform/minio/app/overlays/prod/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: minio-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/minio/app/overlays/prod/kustomization.yaml b/kubernetes/platform/minio/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..529e3e29 --- /dev/null +++ b/kubernetes/platform/minio/app/overlays/prod/kustomization.yaml @@ -0,0 +1,24 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: minio + +resources: + - ../../base + +components: + - ../../components/ingress + - ../../components/monitor + - ../../components/config + +configMapGenerator: + - name: minio-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: minio + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/minio/app/overlays/prod/values.yaml b/kubernetes/platform/minio/app/overlays/prod/values.yaml new file mode 100644 index 00000000..f4a41dfa --- /dev/null +++ b/kubernetes/platform/minio/app/overlays/prod/values.yaml @@ -0,0 +1,13 @@ +# minio helm values (prod overlay) + + +# Run minio server only on amd64 nodes +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 \ No newline at end of file From 75e204cb3864dd2036a29f5c7df69ea4b26d404f Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 25 Aug 2024 13:20:05 +0200 Subject: [PATCH 043/130] Fixing dependency name --- kubernetes/platform/minio/app/base/helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/platform/minio/app/base/helm.yaml b/kubernetes/platform/minio/app/base/helm.yaml index 2fefeedd..1c3768b4 100644 --- a/kubernetes/platform/minio/app/base/helm.yaml +++ b/kubernetes/platform/minio/app/base/helm.yaml @@ -29,7 +29,7 @@ spec: retries: 3 remediateLastFailure: true dependsOn: - - name: longhorn-system + - name: longhorn namespace: longhorn-system valuesFrom: - kind: ConfigMap From 0f965bd5f8c7243002568d044538b08a0f4fc4e8 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 25 Aug 2024 13:24:56 +0200 Subject: [PATCH 044/130] Fixing name referenced secret --- kubernetes/platform/minio/app/base/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/platform/minio/app/base/values.yaml b/kubernetes/platform/minio/app/base/values.yaml index 62e54579..fe1612f9 100644 --- a/kubernetes/platform/minio/app/base/values.yaml +++ b/kubernetes/platform/minio/app/base/values.yaml @@ -1,6 +1,6 @@ # minio helm values (base) # Get root user/password from secret -existingSecret: minio-secret +existingSecret: minio-root-secret # Number of drives attached to a node drivesPerNode: 1 From b2c11d79ef6a01104303e77e116afe3d29ebf205 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 25 Aug 2024 14:02:34 +0200 Subject: [PATCH 045/130] Adding velero flux app --- .../clusters/prod/infra/velero-app.yaml | 35 +++++++++++++++++++ kubernetes/platform/velero/app/base/helm.yaml | 34 ++++++++++++++++++ .../velero/app/base/kustomization.yaml | 13 +++++++ .../velero/app/base/kustomizeconfig.yaml | 11 ++++++ kubernetes/platform/velero/app/base/ns.yaml | 4 +++ .../platform/velero/app/base/values.yaml | 28 +++++++++++++++ .../app/base/velero-external-secret.yaml | 27 ++++++++++++++ .../velero/app/overlays/dev/helm-patch.yaml | 6 ++++ .../app/overlays/dev/kustomization.yaml | 19 ++++++++++ .../velero/app/overlays/dev/values.yaml | 1 + .../velero/app/overlays/prod/helm-patch.yaml | 6 ++++ .../app/overlays/prod/kustomization.yaml | 19 ++++++++++ .../velero/app/overlays/prod/values.yaml | 1 + .../velero/config/base/backup-schedule.yaml | 19 ++++++++++ .../velero/config/base/kustomization.yaml | 7 ++++ .../base/longhorn-volume-snapshot-class.yaml | 11 ++++++ .../velero/config/base/service-monitor.yaml | 20 +++++++++++ .../config/overlays/dev/kustomization.yaml | 6 ++++ .../config/overlays/prod/kustomization.yaml | 6 ++++ 19 files changed, 273 insertions(+) create mode 100644 kubernetes/clusters/prod/infra/velero-app.yaml create mode 100644 kubernetes/platform/velero/app/base/helm.yaml create mode 100644 kubernetes/platform/velero/app/base/kustomization.yaml create mode 100644 kubernetes/platform/velero/app/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/velero/app/base/ns.yaml create mode 100644 kubernetes/platform/velero/app/base/values.yaml create mode 100644 kubernetes/platform/velero/app/base/velero-external-secret.yaml create mode 100644 kubernetes/platform/velero/app/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/velero/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/velero/app/overlays/dev/values.yaml create mode 100644 kubernetes/platform/velero/app/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/velero/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/velero/app/overlays/prod/values.yaml create mode 100644 kubernetes/platform/velero/config/base/backup-schedule.yaml create mode 100644 kubernetes/platform/velero/config/base/kustomization.yaml create mode 100644 kubernetes/platform/velero/config/base/longhorn-volume-snapshot-class.yaml create mode 100644 kubernetes/platform/velero/config/base/service-monitor.yaml create mode 100644 kubernetes/platform/velero/config/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/velero/config/overlays/prod/kustomization.yaml diff --git a/kubernetes/clusters/prod/infra/velero-app.yaml b/kubernetes/clusters/prod/infra/velero-app.yaml new file mode 100644 index 00000000..57732682 --- /dev/null +++ b/kubernetes/clusters/prod/infra/velero-app.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: velero-app + namespace: flux-system +spec: + interval: 5m + targetNamespace: velero + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: csi-external-snapshotter-app + - name: external-secrets-config + - name: longhorn-app + path: ./kubernetes/platform/velero/app/overlays/prod + prune: true + +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: velero-config + namespace: flux-system +spec: + interval: 5m + targetNamespace: velero + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: velero-app + path: ./kubernetes/platform/velero/config/overlays/prod + prune: true \ No newline at end of file diff --git a/kubernetes/platform/velero/app/base/helm.yaml b/kubernetes/platform/velero/app/base/helm.yaml new file mode 100644 index 00000000..63dcd0da --- /dev/null +++ b/kubernetes/platform/velero/app/base/helm.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: velero +spec: + url: https://vmware-tanzu.github.io/helm-charts + interval: 10m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: velero +spec: + interval: 5m + chart: + spec: + chart: velero + version: 7.1.0 + sourceRef: + kind: HelmRepository + name: velero + upgrade: + remediation: + retries: 3 + remediateLastFailure: true + install: + remediation: + retries: 3 + remediateLastFailure: true + valuesFrom: + - kind: ConfigMap + name: velero-helm-values + valuesKey: base-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/velero/app/base/kustomization.yaml b/kubernetes/platform/velero/app/base/kustomization.yaml new file mode 100644 index 00000000..e6d6b6eb --- /dev/null +++ b/kubernetes/platform/velero/app/base/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - velero-external-secret.yaml + - helm.yaml + +configMapGenerator: + - name: velero-helm-values + files: + - base-values.yaml=values.yaml +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/platform/velero/app/base/kustomizeconfig.yaml b/kubernetes/platform/velero/app/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/platform/velero/app/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/platform/velero/app/base/ns.yaml b/kubernetes/platform/velero/app/base/ns.yaml new file mode 100644 index 00000000..b442fae8 --- /dev/null +++ b/kubernetes/platform/velero/app/base/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: velero diff --git a/kubernetes/platform/velero/app/base/values.yaml b/kubernetes/platform/velero/app/base/values.yaml new file mode 100644 index 00000000..05f0452f --- /dev/null +++ b/kubernetes/platform/velero/app/base/values.yaml @@ -0,0 +1,28 @@ +# velero helm values (base) + +# AWS backend and CSI plugins configuration +initContainers: + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws:v1.10.0 + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /target + name: plugins + +# Velero Configuration +configuration: + # Configure Minio as backup backend + backupStorageLocation: + - provider: aws + bucket: k3s-velero + config: + region: eu-west-1 + s3ForcePathStyle: true + s3Url: https://${S3_BACKUP_SERVER}:9091 + # Enable CSI snapshot support + features: EnableCSI +credentials: + existingSecret: velero-secret + +# Disable VolumeSnapshotLocation CRD. It is not needed for CSI integration +snapshotsEnabled: false \ No newline at end of file diff --git a/kubernetes/platform/velero/app/base/velero-external-secret.yaml b/kubernetes/platform/velero/app/base/velero-external-secret.yaml new file mode 100644 index 00000000..4c5d6852 --- /dev/null +++ b/kubernetes/platform/velero/app/base/velero-external-secret.yaml @@ -0,0 +1,27 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: minio-externalsecret + namespace: velero +spec: + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: velero-secret + template: + engineVersion: v2 + data: + cloud: | + [default] + aws_access_key_id: "{{ .user | toString }}" + aws_secret_access_key: "{{ .key | toString }}" + data: + - secretKey: user + remoteRef: + key: minio/velero + property: user + - secretKey: key + remoteRef: + key: minio/velero + property: key diff --git a/kubernetes/platform/velero/app/overlays/dev/helm-patch.yaml b/kubernetes/platform/velero/app/overlays/dev/helm-patch.yaml new file mode 100644 index 00000000..813b14e5 --- /dev/null +++ b/kubernetes/platform/velero/app/overlays/dev/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: velero-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/velero/app/overlays/dev/kustomization.yaml b/kubernetes/platform/velero/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..12a9bb90 --- /dev/null +++ b/kubernetes/platform/velero/app/overlays/dev/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: velero + +resources: + - ../../base + +configMapGenerator: + - name: velero-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: velero + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/velero/app/overlays/dev/values.yaml b/kubernetes/platform/velero/app/overlays/dev/values.yaml new file mode 100644 index 00000000..8cb1beb1 --- /dev/null +++ b/kubernetes/platform/velero/app/overlays/dev/values.yaml @@ -0,0 +1 @@ +# velero helm values (dev overlay) diff --git a/kubernetes/platform/velero/app/overlays/prod/helm-patch.yaml b/kubernetes/platform/velero/app/overlays/prod/helm-patch.yaml new file mode 100644 index 00000000..813b14e5 --- /dev/null +++ b/kubernetes/platform/velero/app/overlays/prod/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: velero-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/velero/app/overlays/prod/kustomization.yaml b/kubernetes/platform/velero/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..12a9bb90 --- /dev/null +++ b/kubernetes/platform/velero/app/overlays/prod/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: velero + +resources: + - ../../base + +configMapGenerator: + - name: velero-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: velero + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/velero/app/overlays/prod/values.yaml b/kubernetes/platform/velero/app/overlays/prod/values.yaml new file mode 100644 index 00000000..3053e47f --- /dev/null +++ b/kubernetes/platform/velero/app/overlays/prod/values.yaml @@ -0,0 +1 @@ +# velero helm values (prod overlay) diff --git a/kubernetes/platform/velero/config/base/backup-schedule.yaml b/kubernetes/platform/velero/config/base/backup-schedule.yaml new file mode 100644 index 00000000..658e7064 --- /dev/null +++ b/kubernetes/platform/velero/config/base/backup-schedule.yaml @@ -0,0 +1,19 @@ +apiVersion: velero.io/v1 +kind: Schedule +metadata: + name: full + namespace: velero +spec: + schedule: 0 4 * * * + template: + hooks: {} + includedNamespaces: + - '*' + includedResources: + - '*' + includeClusterResources: true + metadata: + labels: + type: 'full' + schedule: 'daily' + ttl: 720h0m0s \ No newline at end of file diff --git a/kubernetes/platform/velero/config/base/kustomization.yaml b/kubernetes/platform/velero/config/base/kustomization.yaml new file mode 100644 index 00000000..57dc9666 --- /dev/null +++ b/kubernetes/platform/velero/config/base/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: velero + +resources: + - longhorn-volume-snapshot-class.yaml + - backup-schedule.yaml \ No newline at end of file diff --git a/kubernetes/platform/velero/config/base/longhorn-volume-snapshot-class.yaml b/kubernetes/platform/velero/config/base/longhorn-volume-snapshot-class.yaml new file mode 100644 index 00000000..7e9e6e35 --- /dev/null +++ b/kubernetes/platform/velero/config/base/longhorn-volume-snapshot-class.yaml @@ -0,0 +1,11 @@ +# CSI VolumeSnapshot Associated With Longhorn Backup +kind: VolumeSnapshotClass +apiVersion: snapshot.storage.k8s.io/v1 +metadata: + name: velero-longhorn-backup-vsc + labels: + velero.io/csi-volumesnapshot-class: "true" +driver: driver.longhorn.io +deletionPolicy: Retain +parameters: + type: bak diff --git a/kubernetes/platform/velero/config/base/service-monitor.yaml b/kubernetes/platform/velero/config/base/service-monitor.yaml new file mode 100644 index 00000000..b9ecd14a --- /dev/null +++ b/kubernetes/platform/velero/config/base/service-monitor.yaml @@ -0,0 +1,20 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app: velero + release: monitoring + name: velero-prometheus-servicemonitor + namespace: velero +spec: + jobLabel: app.kubernetes.io/name + endpoints: + - port: http-monitoring + path: /metrics + namespaceSelector: + matchNames: + - velero + selector: + matchLabels: + app.kubernetes.io/instance: velero + app.kubernetes.io/name: velero \ No newline at end of file diff --git a/kubernetes/platform/velero/config/overlays/dev/kustomization.yaml b/kubernetes/platform/velero/config/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..40033d10 --- /dev/null +++ b/kubernetes/platform/velero/config/overlays/dev/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: velero + +resources: + - ../../base \ No newline at end of file diff --git a/kubernetes/platform/velero/config/overlays/prod/kustomization.yaml b/kubernetes/platform/velero/config/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..40033d10 --- /dev/null +++ b/kubernetes/platform/velero/config/overlays/prod/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: velero + +resources: + - ../../base \ No newline at end of file From 1ee7278bfe16e2549a8fae57d786d0a70b52f274 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 25 Aug 2024 14:14:30 +0200 Subject: [PATCH 046/130] Fixing error with ionos cert-manager issuer --- .../config/overlays/prod/ionos-externalsecret.yaml | 6 ------ .../cert-manager/config/overlays/prod/ionos-issuer.yaml | 2 +- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/kubernetes/platform/cert-manager/config/overlays/prod/ionos-externalsecret.yaml b/kubernetes/platform/cert-manager/config/overlays/prod/ionos-externalsecret.yaml index a701775e..c8a44a26 100644 --- a/kubernetes/platform/cert-manager/config/overlays/prod/ionos-externalsecret.yaml +++ b/kubernetes/platform/cert-manager/config/overlays/prod/ionos-externalsecret.yaml @@ -14,13 +14,7 @@ spec: remoteRef: key: certmanager/ionos property: public_prefix - conversionStrategy: Default # ArgoCD sync issue - decodingStrategy: None # ArgoCD sync issue - metadataPolicy: None # ArgoCD sync issue - secretKey: IONOS_SECRET remoteRef: key: certmanager/ionos property: secret - conversionStrategy: Default # ArgoCD sync issue - decodingStrategy: None # ArgoCD sync issue - metadataPolicy: None # ArgoCD sync issue \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/config/overlays/prod/ionos-issuer.yaml b/kubernetes/platform/cert-manager/config/overlays/prod/ionos-issuer.yaml index 2c4fcb91..a4243437 100644 --- a/kubernetes/platform/cert-manager/config/overlays/prod/ionos-issuer.yaml +++ b/kubernetes/platform/cert-manager/config/overlays/prod/ionos-issuer.yaml @@ -16,7 +16,7 @@ spec: solvers: - dns01: webhook: - groupName: acme.fabmade.de + groupName: acme.ricsanfre.com solverName: ionos config: apiUrl: https://api.hosting.ionos.com/dns/v1 From f5ed997927d8d1975353634334348628405065c0 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 28 Aug 2024 09:31:09 +0200 Subject: [PATCH 047/130] Adding cloudnative-pg flux app --- .../prod/infra/cloudnative-pg-app.yaml | 16 ++++++++ .../cloudnative-pg/app/base/helm.yaml | 37 +++++++++++++++++++ .../app/base/kustomization.yaml | 12 ++++++ .../app/base/kustomizeconfig.yaml | 11 ++++++ .../platform/cloudnative-pg/app/base/ns.yaml | 4 ++ .../cloudnative-pg/app/base/values.yaml | 4 ++ .../app/components/monitor/helm-patch.yaml | 6 +++ .../app/components/monitor/kustomization.yaml | 16 ++++++++ .../app/components/monitor/values.yaml | 6 +++ .../app/overlays/dev/helm-patch.yaml | 6 +++ .../app/overlays/dev/kustomization.yaml | 19 ++++++++++ .../app/overlays/dev/values.yaml | 1 + .../app/overlays/prod/helm-patch.yaml | 6 +++ .../app/overlays/prod/kustomization.yaml | 22 +++++++++++ .../app/overlays/prod/values.yaml | 1 + 15 files changed, 167 insertions(+) create mode 100644 kubernetes/clusters/prod/infra/cloudnative-pg-app.yaml create mode 100644 kubernetes/platform/cloudnative-pg/app/base/helm.yaml create mode 100644 kubernetes/platform/cloudnative-pg/app/base/kustomization.yaml create mode 100644 kubernetes/platform/cloudnative-pg/app/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/cloudnative-pg/app/base/ns.yaml create mode 100644 kubernetes/platform/cloudnative-pg/app/base/values.yaml create mode 100644 kubernetes/platform/cloudnative-pg/app/components/monitor/helm-patch.yaml create mode 100644 kubernetes/platform/cloudnative-pg/app/components/monitor/kustomization.yaml create mode 100644 kubernetes/platform/cloudnative-pg/app/components/monitor/values.yaml create mode 100644 kubernetes/platform/cloudnative-pg/app/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/cloudnative-pg/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/cloudnative-pg/app/overlays/dev/values.yaml create mode 100644 kubernetes/platform/cloudnative-pg/app/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/cloudnative-pg/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/cloudnative-pg/app/overlays/prod/values.yaml diff --git a/kubernetes/clusters/prod/infra/cloudnative-pg-app.yaml b/kubernetes/clusters/prod/infra/cloudnative-pg-app.yaml new file mode 100644 index 00000000..46f6ff1a --- /dev/null +++ b/kubernetes/clusters/prod/infra/cloudnative-pg-app.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cloudnative-pg-app + namespace: flux-system +spec: + interval: 5m + targetNamespace: cnpg-system + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: longhorn-app + path: ./kubernetes/platform/cloudnative-pg/app/overlays/prod + prune: true diff --git a/kubernetes/platform/cloudnative-pg/app/base/helm.yaml b/kubernetes/platform/cloudnative-pg/app/base/helm.yaml new file mode 100644 index 00000000..d2ab32bb --- /dev/null +++ b/kubernetes/platform/cloudnative-pg/app/base/helm.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: cloudnative-pg +spec: + url: https://cloudnative-pg.github.io/charts + interval: 10m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cloudnative-pg +spec: + interval: 5m + chart: + spec: + chart: cloudnative-pg + version: 0.21.5 + sourceRef: + kind: HelmRepository + name: cloudnative-pg + upgrade: + remediation: + retries: 3 + remediateLastFailure: true + install: + remediation: + retries: 3 + remediateLastFailure: true + dependsOn: + - name: longhorn + namespace: longhorn-system + valuesFrom: + - kind: ConfigMap + name: cloudnative-pg-helm-values + valuesKey: base-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/cloudnative-pg/app/base/kustomization.yaml b/kubernetes/platform/cloudnative-pg/app/base/kustomization.yaml new file mode 100644 index 00000000..f1069a8b --- /dev/null +++ b/kubernetes/platform/cloudnative-pg/app/base/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - helm.yaml + +configMapGenerator: + - name: cloudnative-pg-helm-values + files: + - base-values.yaml=values.yaml +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/platform/cloudnative-pg/app/base/kustomizeconfig.yaml b/kubernetes/platform/cloudnative-pg/app/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/platform/cloudnative-pg/app/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/platform/cloudnative-pg/app/base/ns.yaml b/kubernetes/platform/cloudnative-pg/app/base/ns.yaml new file mode 100644 index 00000000..8deac4c7 --- /dev/null +++ b/kubernetes/platform/cloudnative-pg/app/base/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cnpg-system diff --git a/kubernetes/platform/cloudnative-pg/app/base/values.yaml b/kubernetes/platform/cloudnative-pg/app/base/values.yaml new file mode 100644 index 00000000..571322e6 --- /dev/null +++ b/kubernetes/platform/cloudnative-pg/app/base/values.yaml @@ -0,0 +1,4 @@ +# cloudnative-pg helm values (base) + +crds: + create: true \ No newline at end of file diff --git a/kubernetes/platform/cloudnative-pg/app/components/monitor/helm-patch.yaml b/kubernetes/platform/cloudnative-pg/app/components/monitor/helm-patch.yaml new file mode 100644 index 00000000..60745b15 --- /dev/null +++ b/kubernetes/platform/cloudnative-pg/app/components/monitor/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: cloudnative-pg-helm-values + valuesKey: monitor-values.yaml diff --git a/kubernetes/platform/cloudnative-pg/app/components/monitor/kustomization.yaml b/kubernetes/platform/cloudnative-pg/app/components/monitor/kustomization.yaml new file mode 100644 index 00000000..2e189803 --- /dev/null +++ b/kubernetes/platform/cloudnative-pg/app/components/monitor/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# patch values.yaml +configMapGenerator: + - name: cloudnative-pg-helm-values + behavior: merge + files: + - monitor-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: cloudnative-pg + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/cloudnative-pg/app/components/monitor/values.yaml b/kubernetes/platform/cloudnative-pg/app/components/monitor/values.yaml new file mode 100644 index 00000000..9042d694 --- /dev/null +++ b/kubernetes/platform/cloudnative-pg/app/components/monitor/values.yaml @@ -0,0 +1,6 @@ +# cloudnative-pg helm values (monitor) + +monitoring: + podMonitorEnabled: false + grafanaDashboard: + create: true \ No newline at end of file diff --git a/kubernetes/platform/cloudnative-pg/app/overlays/dev/helm-patch.yaml b/kubernetes/platform/cloudnative-pg/app/overlays/dev/helm-patch.yaml new file mode 100644 index 00000000..dba4d527 --- /dev/null +++ b/kubernetes/platform/cloudnative-pg/app/overlays/dev/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: cloudnative-pg-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/cloudnative-pg/app/overlays/dev/kustomization.yaml b/kubernetes/platform/cloudnative-pg/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..3eaf7aeb --- /dev/null +++ b/kubernetes/platform/cloudnative-pg/app/overlays/dev/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cnpg-system + +resources: + - ../../base + +configMapGenerator: + - name: cloudnative-pg-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: cloudnative-pg + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/cloudnative-pg/app/overlays/dev/values.yaml b/kubernetes/platform/cloudnative-pg/app/overlays/dev/values.yaml new file mode 100644 index 00000000..877a0162 --- /dev/null +++ b/kubernetes/platform/cloudnative-pg/app/overlays/dev/values.yaml @@ -0,0 +1 @@ +# cloudnative-pg helm values (dev overlay) diff --git a/kubernetes/platform/cloudnative-pg/app/overlays/prod/helm-patch.yaml b/kubernetes/platform/cloudnative-pg/app/overlays/prod/helm-patch.yaml new file mode 100644 index 00000000..dba4d527 --- /dev/null +++ b/kubernetes/platform/cloudnative-pg/app/overlays/prod/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: cloudnative-pg-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/cloudnative-pg/app/overlays/prod/kustomization.yaml b/kubernetes/platform/cloudnative-pg/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..9bce27a9 --- /dev/null +++ b/kubernetes/platform/cloudnative-pg/app/overlays/prod/kustomization.yaml @@ -0,0 +1,22 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cnpg-system + +resources: + - ../../base + +components: + - ../../components/monitor + +configMapGenerator: + - name: cloudnative-pg-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: cloudnative-pg + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/cloudnative-pg/app/overlays/prod/values.yaml b/kubernetes/platform/cloudnative-pg/app/overlays/prod/values.yaml new file mode 100644 index 00000000..62a69c97 --- /dev/null +++ b/kubernetes/platform/cloudnative-pg/app/overlays/prod/values.yaml @@ -0,0 +1 @@ +# cloudnative-pg helm values (prod overlay) From 253dc198220953f450ea83a26e16836b7349f7f3 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 28 Aug 2024 09:46:47 +0200 Subject: [PATCH 048/130] Adding mongodb-operator flux app --- .../prod/infra/mongodb-operator-app.yaml | 16 ++++++++ .../mongodb-operator/app/base/helm.yaml | 37 +++++++++++++++++++ .../app/base/kustomization.yaml | 12 ++++++ .../app/base/kustomizeconfig.yaml | 11 ++++++ .../mongodb-operator/app/base/ns.yaml | 4 ++ .../mongodb-operator/app/base/values.yaml | 1 + .../app/overlays/dev/helm-patch.yaml | 6 +++ .../app/overlays/dev/kustomization.yaml | 19 ++++++++++ .../app/overlays/dev/values.yaml | 1 + .../app/overlays/prod/helm-patch.yaml | 6 +++ .../app/overlays/prod/kustomization.yaml | 19 ++++++++++ .../app/overlays/prod/values.yaml | 1 + 12 files changed, 133 insertions(+) create mode 100644 kubernetes/clusters/prod/infra/mongodb-operator-app.yaml create mode 100644 kubernetes/platform/mongodb-operator/app/base/helm.yaml create mode 100644 kubernetes/platform/mongodb-operator/app/base/kustomization.yaml create mode 100644 kubernetes/platform/mongodb-operator/app/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/mongodb-operator/app/base/ns.yaml create mode 100644 kubernetes/platform/mongodb-operator/app/base/values.yaml create mode 100644 kubernetes/platform/mongodb-operator/app/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/mongodb-operator/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/mongodb-operator/app/overlays/dev/values.yaml create mode 100644 kubernetes/platform/mongodb-operator/app/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/mongodb-operator/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/mongodb-operator/app/overlays/prod/values.yaml diff --git a/kubernetes/clusters/prod/infra/mongodb-operator-app.yaml b/kubernetes/clusters/prod/infra/mongodb-operator-app.yaml new file mode 100644 index 00000000..fcd36455 --- /dev/null +++ b/kubernetes/clusters/prod/infra/mongodb-operator-app.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: mongodb-community-operator-app + namespace: flux-system +spec: + interval: 5m + targetNamespace: mongodb + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: longhorn-app + path: ./kubernetes/platform/mongodb-community-operator/app/overlays/prod + prune: true diff --git a/kubernetes/platform/mongodb-operator/app/base/helm.yaml b/kubernetes/platform/mongodb-operator/app/base/helm.yaml new file mode 100644 index 00000000..3f5dadcd --- /dev/null +++ b/kubernetes/platform/mongodb-operator/app/base/helm.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: mongodb-community-operator +spec: + url: https://mongodb.github.io/helm-charts + interval: 10m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mongodb-community-operator +spec: + interval: 5m + chart: + spec: + chart: community-operator + version: 0.10.0 + sourceRef: + kind: HelmRepository + name: mongodb-community-operator + upgrade: + remediation: + retries: 3 + remediateLastFailure: true + install: + remediation: + retries: 3 + remediateLastFailure: true + dependsOn: + - name: longhorn + namespace: longhorn-system + valuesFrom: + - kind: ConfigMap + name: mongodb-community-operator-helm-values + valuesKey: base-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/mongodb-operator/app/base/kustomization.yaml b/kubernetes/platform/mongodb-operator/app/base/kustomization.yaml new file mode 100644 index 00000000..ad07faa0 --- /dev/null +++ b/kubernetes/platform/mongodb-operator/app/base/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - helm.yaml + +configMapGenerator: + - name: mongodb-community-operator-helm-values + files: + - base-values.yaml=values.yaml +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/platform/mongodb-operator/app/base/kustomizeconfig.yaml b/kubernetes/platform/mongodb-operator/app/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/platform/mongodb-operator/app/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/platform/mongodb-operator/app/base/ns.yaml b/kubernetes/platform/mongodb-operator/app/base/ns.yaml new file mode 100644 index 00000000..4f58005f --- /dev/null +++ b/kubernetes/platform/mongodb-operator/app/base/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: mongodb diff --git a/kubernetes/platform/mongodb-operator/app/base/values.yaml b/kubernetes/platform/mongodb-operator/app/base/values.yaml new file mode 100644 index 00000000..d995b22e --- /dev/null +++ b/kubernetes/platform/mongodb-operator/app/base/values.yaml @@ -0,0 +1 @@ +# mongodb-community-operator helm values (base) diff --git a/kubernetes/platform/mongodb-operator/app/overlays/dev/helm-patch.yaml b/kubernetes/platform/mongodb-operator/app/overlays/dev/helm-patch.yaml new file mode 100644 index 00000000..4dd0fceb --- /dev/null +++ b/kubernetes/platform/mongodb-operator/app/overlays/dev/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: mongodb-community-operator-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/mongodb-operator/app/overlays/dev/kustomization.yaml b/kubernetes/platform/mongodb-operator/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..1ece111a --- /dev/null +++ b/kubernetes/platform/mongodb-operator/app/overlays/dev/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: mongodb + +resources: + - ../../base + +configMapGenerator: + - name: mongodb-community-operator-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: mongodb-community-operator + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/mongodb-operator/app/overlays/dev/values.yaml b/kubernetes/platform/mongodb-operator/app/overlays/dev/values.yaml new file mode 100644 index 00000000..d5ad9916 --- /dev/null +++ b/kubernetes/platform/mongodb-operator/app/overlays/dev/values.yaml @@ -0,0 +1 @@ +# mongodb-community-operator helm values (dev overlay) diff --git a/kubernetes/platform/mongodb-operator/app/overlays/prod/helm-patch.yaml b/kubernetes/platform/mongodb-operator/app/overlays/prod/helm-patch.yaml new file mode 100644 index 00000000..4dd0fceb --- /dev/null +++ b/kubernetes/platform/mongodb-operator/app/overlays/prod/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: mongodb-community-operator-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/mongodb-operator/app/overlays/prod/kustomization.yaml b/kubernetes/platform/mongodb-operator/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..1ece111a --- /dev/null +++ b/kubernetes/platform/mongodb-operator/app/overlays/prod/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: mongodb + +resources: + - ../../base + +configMapGenerator: + - name: mongodb-community-operator-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: mongodb-community-operator + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/mongodb-operator/app/overlays/prod/values.yaml b/kubernetes/platform/mongodb-operator/app/overlays/prod/values.yaml new file mode 100644 index 00000000..ddae00e9 --- /dev/null +++ b/kubernetes/platform/mongodb-operator/app/overlays/prod/values.yaml @@ -0,0 +1 @@ +# mongodb-community-operator helm values (prod overlay) From 92bad1ba40d68987e790fe7521bccaa316ef0985 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 28 Aug 2024 10:15:36 +0200 Subject: [PATCH 049/130] Changing folder of mongodb operator --- .../app/base/helm.yaml | 0 .../app/base/kustomization.yaml | 0 .../app/base/kustomizeconfig.yaml | 0 .../app/base/ns.yaml | 0 .../app/base/values.yaml | 0 .../app/overlays/dev/helm-patch.yaml | 0 .../app/overlays/dev/kustomization.yaml | 0 .../app/overlays/dev/values.yaml | 0 .../app/overlays/prod/helm-patch.yaml | 0 .../app/overlays/prod/kustomization.yaml | 0 .../app/overlays/prod/values.yaml | 0 11 files changed, 0 insertions(+), 0 deletions(-) rename kubernetes/platform/{mongodb-operator => mongodb-community-operator}/app/base/helm.yaml (100%) rename kubernetes/platform/{mongodb-operator => mongodb-community-operator}/app/base/kustomization.yaml (100%) rename kubernetes/platform/{mongodb-operator => mongodb-community-operator}/app/base/kustomizeconfig.yaml (100%) rename kubernetes/platform/{mongodb-operator => mongodb-community-operator}/app/base/ns.yaml (100%) rename kubernetes/platform/{mongodb-operator => mongodb-community-operator}/app/base/values.yaml (100%) rename kubernetes/platform/{mongodb-operator => mongodb-community-operator}/app/overlays/dev/helm-patch.yaml (100%) rename kubernetes/platform/{mongodb-operator => mongodb-community-operator}/app/overlays/dev/kustomization.yaml (100%) rename kubernetes/platform/{mongodb-operator => mongodb-community-operator}/app/overlays/dev/values.yaml (100%) rename kubernetes/platform/{mongodb-operator => mongodb-community-operator}/app/overlays/prod/helm-patch.yaml (100%) rename kubernetes/platform/{mongodb-operator => mongodb-community-operator}/app/overlays/prod/kustomization.yaml (100%) rename kubernetes/platform/{mongodb-operator => mongodb-community-operator}/app/overlays/prod/values.yaml (100%) diff --git a/kubernetes/platform/mongodb-operator/app/base/helm.yaml b/kubernetes/platform/mongodb-community-operator/app/base/helm.yaml similarity index 100% rename from kubernetes/platform/mongodb-operator/app/base/helm.yaml rename to kubernetes/platform/mongodb-community-operator/app/base/helm.yaml diff --git a/kubernetes/platform/mongodb-operator/app/base/kustomization.yaml b/kubernetes/platform/mongodb-community-operator/app/base/kustomization.yaml similarity index 100% rename from kubernetes/platform/mongodb-operator/app/base/kustomization.yaml rename to kubernetes/platform/mongodb-community-operator/app/base/kustomization.yaml diff --git a/kubernetes/platform/mongodb-operator/app/base/kustomizeconfig.yaml b/kubernetes/platform/mongodb-community-operator/app/base/kustomizeconfig.yaml similarity index 100% rename from kubernetes/platform/mongodb-operator/app/base/kustomizeconfig.yaml rename to kubernetes/platform/mongodb-community-operator/app/base/kustomizeconfig.yaml diff --git a/kubernetes/platform/mongodb-operator/app/base/ns.yaml b/kubernetes/platform/mongodb-community-operator/app/base/ns.yaml similarity index 100% rename from kubernetes/platform/mongodb-operator/app/base/ns.yaml rename to kubernetes/platform/mongodb-community-operator/app/base/ns.yaml diff --git a/kubernetes/platform/mongodb-operator/app/base/values.yaml b/kubernetes/platform/mongodb-community-operator/app/base/values.yaml similarity index 100% rename from kubernetes/platform/mongodb-operator/app/base/values.yaml rename to kubernetes/platform/mongodb-community-operator/app/base/values.yaml diff --git a/kubernetes/platform/mongodb-operator/app/overlays/dev/helm-patch.yaml b/kubernetes/platform/mongodb-community-operator/app/overlays/dev/helm-patch.yaml similarity index 100% rename from kubernetes/platform/mongodb-operator/app/overlays/dev/helm-patch.yaml rename to kubernetes/platform/mongodb-community-operator/app/overlays/dev/helm-patch.yaml diff --git a/kubernetes/platform/mongodb-operator/app/overlays/dev/kustomization.yaml b/kubernetes/platform/mongodb-community-operator/app/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/platform/mongodb-operator/app/overlays/dev/kustomization.yaml rename to kubernetes/platform/mongodb-community-operator/app/overlays/dev/kustomization.yaml diff --git a/kubernetes/platform/mongodb-operator/app/overlays/dev/values.yaml b/kubernetes/platform/mongodb-community-operator/app/overlays/dev/values.yaml similarity index 100% rename from kubernetes/platform/mongodb-operator/app/overlays/dev/values.yaml rename to kubernetes/platform/mongodb-community-operator/app/overlays/dev/values.yaml diff --git a/kubernetes/platform/mongodb-operator/app/overlays/prod/helm-patch.yaml b/kubernetes/platform/mongodb-community-operator/app/overlays/prod/helm-patch.yaml similarity index 100% rename from kubernetes/platform/mongodb-operator/app/overlays/prod/helm-patch.yaml rename to kubernetes/platform/mongodb-community-operator/app/overlays/prod/helm-patch.yaml diff --git a/kubernetes/platform/mongodb-operator/app/overlays/prod/kustomization.yaml b/kubernetes/platform/mongodb-community-operator/app/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/platform/mongodb-operator/app/overlays/prod/kustomization.yaml rename to kubernetes/platform/mongodb-community-operator/app/overlays/prod/kustomization.yaml diff --git a/kubernetes/platform/mongodb-operator/app/overlays/prod/values.yaml b/kubernetes/platform/mongodb-community-operator/app/overlays/prod/values.yaml similarity index 100% rename from kubernetes/platform/mongodb-operator/app/overlays/prod/values.yaml rename to kubernetes/platform/mongodb-community-operator/app/overlays/prod/values.yaml From ec35f740835642f5fe00e513a6aae0718d0f9db8 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 28 Aug 2024 11:37:54 +0200 Subject: [PATCH 050/130] Adding keycloak flux app --- .../clusters/prod/infra/keycloak-app.yaml | 41 ++++ .../platform/keycloak/app/base/helm.yaml | 37 ++++ .../app/base/keycloak-externalsecret.yaml | 19 ++ .../keycloak/app/base/kustomization.yaml | 12 + .../keycloak/app/base/kustomizeconfig.yaml | 11 + .../platform/keycloak/app/base/values.yaml | 66 ++++++ .../components/external-db/helm-patch.yaml | 6 + .../components/external-db/kustomization.yaml | 16 ++ .../app/components/external-db/values.yaml | 13 ++ .../app/components/ingress/helm-patch.yaml | 6 + .../app/components/ingress/kustomization.yaml | 16 ++ .../app/components/ingress/values.yaml | 20 ++ .../components/realm-config/helm-patch.yaml | 6 + .../keycloak-env-externalsecret.yaml | 68 ++++++ .../realm-config/kustomization.yaml | 16 ++ .../realm-config/picluster-realm.json | 208 ++++++++++++++++++ .../app/components/realm-config/values.yaml | 15 ++ .../keycloak/app/overlays/dev/helm-patch.yaml | 6 + .../app/overlays/dev/kustomization.yaml | 19 ++ .../keycloak/app/overlays/dev/values.yaml | 1 + .../app/overlays/prod/helm-patch.yaml | 6 + .../app/overlays/prod/kustomization.yaml | 24 ++ .../keycloak/app/overlays/prod/values.yaml | 1 + .../db/base/keycloak-db-external-secret.yaml | 26 +++ .../keycloak-db-minio-external-secret.yaml | 26 +++ .../keycloak/db/base/keycloak-db.yaml | 35 +++ .../keycloak/db/base/kustomization.yaml | 9 + kubernetes/platform/keycloak/db/base/ns.yaml | 4 + .../db/overlays/dev/kustomization.yaml | 6 + .../db/overlays/prod/kustomization.yaml | 6 + 30 files changed, 745 insertions(+) create mode 100644 kubernetes/clusters/prod/infra/keycloak-app.yaml create mode 100644 kubernetes/platform/keycloak/app/base/helm.yaml create mode 100644 kubernetes/platform/keycloak/app/base/keycloak-externalsecret.yaml create mode 100644 kubernetes/platform/keycloak/app/base/kustomization.yaml create mode 100644 kubernetes/platform/keycloak/app/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/keycloak/app/base/values.yaml create mode 100644 kubernetes/platform/keycloak/app/components/external-db/helm-patch.yaml create mode 100644 kubernetes/platform/keycloak/app/components/external-db/kustomization.yaml create mode 100644 kubernetes/platform/keycloak/app/components/external-db/values.yaml create mode 100644 kubernetes/platform/keycloak/app/components/ingress/helm-patch.yaml create mode 100644 kubernetes/platform/keycloak/app/components/ingress/kustomization.yaml create mode 100644 kubernetes/platform/keycloak/app/components/ingress/values.yaml create mode 100644 kubernetes/platform/keycloak/app/components/realm-config/helm-patch.yaml create mode 100644 kubernetes/platform/keycloak/app/components/realm-config/keycloak-env-externalsecret.yaml create mode 100644 kubernetes/platform/keycloak/app/components/realm-config/kustomization.yaml create mode 100644 kubernetes/platform/keycloak/app/components/realm-config/picluster-realm.json create mode 100644 kubernetes/platform/keycloak/app/components/realm-config/values.yaml create mode 100644 kubernetes/platform/keycloak/app/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/keycloak/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/keycloak/app/overlays/dev/values.yaml create mode 100644 kubernetes/platform/keycloak/app/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/keycloak/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/keycloak/app/overlays/prod/values.yaml create mode 100644 kubernetes/platform/keycloak/db/base/keycloak-db-external-secret.yaml create mode 100644 kubernetes/platform/keycloak/db/base/keycloak-db-minio-external-secret.yaml create mode 100644 kubernetes/platform/keycloak/db/base/keycloak-db.yaml create mode 100644 kubernetes/platform/keycloak/db/base/kustomization.yaml create mode 100644 kubernetes/platform/keycloak/db/base/ns.yaml create mode 100644 kubernetes/platform/keycloak/db/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/keycloak/db/overlays/prod/kustomization.yaml diff --git a/kubernetes/clusters/prod/infra/keycloak-app.yaml b/kubernetes/clusters/prod/infra/keycloak-app.yaml new file mode 100644 index 00000000..503b7a85 --- /dev/null +++ b/kubernetes/clusters/prod/infra/keycloak-app.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: keycloak-db + namespace: flux-system +spec: + interval: 5m + targetNamespace: keycloak + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: cloudnative-pg-app + path: ./kubernetes/platform/keycloak/db/overlays/prod + prune: true + postBuild: + substituteFrom: + - kind: ConfigMap + name: cluster-settings + # Use this ConfigMap if it exists, but proceed if it doesn't. + optional: true + +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: keycloak-app + namespace: flux-system +spec: + interval: 5m + targetNamespace: keycloak + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: keycloak-app + path: ./kubernetes/platform/keycloak/app/overlays/prod + prune: true + + diff --git a/kubernetes/platform/keycloak/app/base/helm.yaml b/kubernetes/platform/keycloak/app/base/helm.yaml new file mode 100644 index 00000000..10dc763e --- /dev/null +++ b/kubernetes/platform/keycloak/app/base/helm.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: keycloak +spec: + url: https://charts.bitnami.com/bitnami + interval: 10m +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: keycloak +spec: + interval: 5m + chart: + spec: + chart: keycloak + version: 21.7.1 + sourceRef: + kind: HelmRepository + name: keycloak + upgrade: + remediation: + retries: 3 + remediateLastFailure: true + install: + remediation: + retries: 3 + remediateLastFailure: true + dependsOn: + - name: cloudnative-pg + namespace: cnpg-system + valuesFrom: + - kind: ConfigMap + name: keycloak-helm-values + valuesKey: base-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/keycloak/app/base/keycloak-externalsecret.yaml b/kubernetes/platform/keycloak/app/base/keycloak-externalsecret.yaml new file mode 100644 index 00000000..50718d95 --- /dev/null +++ b/kubernetes/platform/keycloak/app/base/keycloak-externalsecret.yaml @@ -0,0 +1,19 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: keycloak-externalsecret + namespace: keycloak +spec: + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: keycloak-secret + data: + - secretKey: admin-password + remoteRef: + key: keycloak/admin + property: password + conversionStrategy: Default # ArgoCD sync issue + decodingStrategy: None # ArgoCD sync issue + metadataPolicy: None # ArgoCD sync issue diff --git a/kubernetes/platform/keycloak/app/base/kustomization.yaml b/kubernetes/platform/keycloak/app/base/kustomization.yaml new file mode 100644 index 00000000..9588e199 --- /dev/null +++ b/kubernetes/platform/keycloak/app/base/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - keycloak-externalsecret.yaml + - helm.yaml + +configMapGenerator: + - name: keycloak-helm-values + files: + - base-values.yaml=values.yaml +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/platform/keycloak/app/base/kustomizeconfig.yaml b/kubernetes/platform/keycloak/app/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/platform/keycloak/app/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/platform/keycloak/app/base/values.yaml b/kubernetes/platform/keycloak/app/base/values.yaml new file mode 100644 index 00000000..3a69261e --- /dev/null +++ b/kubernetes/platform/keycloak/app/base/values.yaml @@ -0,0 +1,66 @@ +# keycloak helm values (base) +global: + storageClass: longhorn + +# Run in production mode behind NGINX proxy terminating TLS sessions +# ref: https://www.keycloak.org/server/reverseproxy +# edge proxy mode: Enables communication through HTTP between the proxy and Keycloak. +# This mode is suitable for deployments with a highly secure internal network where the reverse proxy keeps a secure connection (HTTP over TLS) with clients while communicating with Keycloak using HTTP. +production: true +proxy: edge + +# TEMP WORKAROUND +# https://github.com/bitnami/charts/issues/28154 +proxyHeaders: xforwarded +# + +# Admin user +auth: + existingSecret: keycloak-secret + adminUser: admin + + +# External DB: https://github.com/bitnami/charts/tree/main/bitnami/keycloak#use-an-external-database +postgresql: + enabled: false + +externalDatabase: + host: "keycloak-db-rw" + port: 5432 + database: keycloak + existingSecret: "keycloak-db-secret" + existingSecretUserKey: "username" + existingSecretPasswordKey: "password" + +# Adding additional secrets for realm configuration as environment variables +extraEnvVarsSecret: keycloak-env-secret + +# Importing realm on start-up +# https://www.keycloak.org/server/importExport#_importing_a_realm_during_startup +extraStartupArgs: "--import-realm" +extraVolumes: + - name: realm-config + configMap: + name: keycloak-realm-configmap +extraVolumeMounts: + - mountPath: /opt/bitnami/keycloak/data/import + name: realm-config + +# Ingress config +ingress: + enabled: true + ingressClassName: "nginx" + pathType: Prefix + annotations: + # Enable cert-manager to create automatically the SSL certificate and store in Secret + # Possible Cluster-Issuer values: + # * 'letsencrypt-issuer' (valid TLS certificate using IONOS API) + # * 'ca-issuer' (CA-signed certificate, not valid) + cert-manager.io/cluster-issuer: letsencrypt-issuer + cert-manager.io/common-name: sso.picluster.ricsanfre.com + # Increasing proxy buffer size to avoid + # https://stackoverflow.com/questions/57503590/upstream-sent-too-big-header-while-reading-response-header-from-upstream-in-keyc + nginx.ingress.kubernetes.io/proxy-buffers-number: "4" + nginx.ingress.kubernetes.io/proxy-buffer-size: "16k" + hostname: sso.picluster.ricsanfre.com + tls: true diff --git a/kubernetes/platform/keycloak/app/components/external-db/helm-patch.yaml b/kubernetes/platform/keycloak/app/components/external-db/helm-patch.yaml new file mode 100644 index 00000000..c8fa884a --- /dev/null +++ b/kubernetes/platform/keycloak/app/components/external-db/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: keycloak-helm-values + valuesKey: externaldb-values.yaml diff --git a/kubernetes/platform/keycloak/app/components/external-db/kustomization.yaml b/kubernetes/platform/keycloak/app/components/external-db/kustomization.yaml new file mode 100644 index 00000000..e2dd435e --- /dev/null +++ b/kubernetes/platform/keycloak/app/components/external-db/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# patch values.yaml +configMapGenerator: + - name: keycloak-helm-values + behavior: merge + files: + - external-db-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: keycloak + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/keycloak/app/components/external-db/values.yaml b/kubernetes/platform/keycloak/app/components/external-db/values.yaml new file mode 100644 index 00000000..09c1f206 --- /dev/null +++ b/kubernetes/platform/keycloak/app/components/external-db/values.yaml @@ -0,0 +1,13 @@ +# keycloak helm values (external-db) + +# External DB: https://github.com/bitnami/charts/tree/main/bitnami/keycloak#use-an-external-database +postgresql: + enabled: false + +externalDatabase: + host: "keycloak-db-rw" + port: 5432 + database: keycloak + existingSecret: "keycloak-db-secret" + existingSecretUserKey: "username" + existingSecretPasswordKey: "password" \ No newline at end of file diff --git a/kubernetes/platform/keycloak/app/components/ingress/helm-patch.yaml b/kubernetes/platform/keycloak/app/components/ingress/helm-patch.yaml new file mode 100644 index 00000000..8ca1ff58 --- /dev/null +++ b/kubernetes/platform/keycloak/app/components/ingress/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: keycloak-helm-values + valuesKey: ingress-values.yaml diff --git a/kubernetes/platform/keycloak/app/components/ingress/kustomization.yaml b/kubernetes/platform/keycloak/app/components/ingress/kustomization.yaml new file mode 100644 index 00000000..e47e0604 --- /dev/null +++ b/kubernetes/platform/keycloak/app/components/ingress/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# patch values.yaml? +configMapGenerator: + - name: keycloak-helm-values + behavior: merge + files: + - ingress-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: keycloak + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/keycloak/app/components/ingress/values.yaml b/kubernetes/platform/keycloak/app/components/ingress/values.yaml new file mode 100644 index 00000000..9dcb0a9c --- /dev/null +++ b/kubernetes/platform/keycloak/app/components/ingress/values.yaml @@ -0,0 +1,20 @@ +# keycloak helm values (ingress) + +# Ingress config +ingress: + enabled: true + ingressClassName: "nginx" + pathType: Prefix + annotations: + # Enable cert-manager to create automatically the SSL certificate and store in Secret + # Possible Cluster-Issuer values: + # * 'letsencrypt-issuer' (valid TLS certificate using IONOS API) + # * 'ca-issuer' (CA-signed certificate, not valid) + cert-manager.io/cluster-issuer: letsencrypt-issuer + cert-manager.io/common-name: sso.${CLUSTER_DOMAIN} + # Increasing proxy buffer size to avoid + # https://stackoverflow.com/questions/57503590/upstream-sent-too-big-header-while-reading-response-header-from-upstream-in-keyc + nginx.ingress.kubernetes.io/proxy-buffers-number: "4" + nginx.ingress.kubernetes.io/proxy-buffer-size: "16k" + hostname: sso.${CLUSTER_DOMAIN} + tls: true \ No newline at end of file diff --git a/kubernetes/platform/keycloak/app/components/realm-config/helm-patch.yaml b/kubernetes/platform/keycloak/app/components/realm-config/helm-patch.yaml new file mode 100644 index 00000000..707a1b1c --- /dev/null +++ b/kubernetes/platform/keycloak/app/components/realm-config/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: keycloak-helm-values + valuesKey: realm-config-values.yaml diff --git a/kubernetes/platform/keycloak/app/components/realm-config/keycloak-env-externalsecret.yaml b/kubernetes/platform/keycloak/app/components/realm-config/keycloak-env-externalsecret.yaml new file mode 100644 index 00000000..52b75023 --- /dev/null +++ b/kubernetes/platform/keycloak/app/components/realm-config/keycloak-env-externalsecret.yaml @@ -0,0 +1,68 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: keycloak-env-externalsecret + namespace: keycloak +spec: + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: keycloak-env-secret + data: + - secretKey: PROXY_OAUTH_CLIENT_ID + remoteRef: + key: oauth2-proxy/oauth2 + property: client-id + conversionStrategy: Default # ArgoCD sync issue + decodingStrategy: None # ArgoCD sync issue + metadataPolicy: None # ArgoCD sync issue + - secretKey: PROXY_OAUTH_CLIENT_SECRET + remoteRef: + key: oauth2-proxy/oauth2 + property: client-secret + conversionStrategy: Default # ArgoCD sync issue + decodingStrategy: None # ArgoCD sync issue + metadataPolicy: None # ArgoCD sync issue + - secretKey: GRAFANA_OAUTH_CLIENT_ID + remoteRef: + key: grafana/oauth2 + property: client-id + conversionStrategy: Default # ArgoCD sync issue + decodingStrategy: None # ArgoCD sync issue + metadataPolicy: None # ArgoCD sync issue + - secretKey: GRAFANA_OAUTH_CLIENT_SECRET + remoteRef: + key: grafana/oauth2 + property: client-secret + conversionStrategy: Default # ArgoCD sync issue + decodingStrategy: None # ArgoCD sync issue + metadataPolicy: None # ArgoCD sync issue + - secretKey: KIALI_OAUTH_CLIENT_ID + remoteRef: + key: kiali/oauth2 + property: client-id + conversionStrategy: Default # ArgoCD sync issue + decodingStrategy: None # ArgoCD sync issue + metadataPolicy: None # ArgoCD sync issue + - secretKey: KIALI_OAUTH_CLIENT_SECRET + remoteRef: + key: kiali/oauth2 + property: client-secret + conversionStrategy: Default # ArgoCD sync issue + decodingStrategy: None # ArgoCD sync issue + metadataPolicy: None # ArgoCD sync issue + - secretKey: PI_ADMIN_USERNAME + remoteRef: + key: keycloak/picluster-admin + property: user + conversionStrategy: Default # ArgoCD sync issue + decodingStrategy: None # ArgoCD sync issue + metadataPolicy: None # ArgoCD sync issue + - secretKey: PI_ADMIN_PASSWORD + remoteRef: + key: keycloak/picluster-admin + property: password + conversionStrategy: Default # ArgoCD sync issue + decodingStrategy: None # ArgoCD sync issue + metadataPolicy: None # ArgoCD sync issue \ No newline at end of file diff --git a/kubernetes/platform/keycloak/app/components/realm-config/kustomization.yaml b/kubernetes/platform/keycloak/app/components/realm-config/kustomization.yaml new file mode 100644 index 00000000..ab09a315 --- /dev/null +++ b/kubernetes/platform/keycloak/app/components/realm-config/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# patch values.yaml +configMapGenerator: + - name: keycloak-helm-values + behavior: merge + files: + - realm-config-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: keycloak + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/keycloak/app/components/realm-config/picluster-realm.json b/kubernetes/platform/keycloak/app/components/realm-config/picluster-realm.json new file mode 100644 index 00000000..c461ca36 --- /dev/null +++ b/kubernetes/platform/keycloak/app/components/realm-config/picluster-realm.json @@ -0,0 +1,208 @@ +{ + "realm": "picluster", + "accessTokenLifespan": 6000, + "enabled": true, + "rememberMe": true, + "resetPasswordAllowed": true, + "clients": [ + { + "clientId": "${PROXY_OAUTH_CLIENT_ID}", + "name": "Proxy OAuth 2.0", + "description": "Proxy OAuth 2.0", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "${PROXY_OAUTH_CLIENT_SECRET}", + "redirectUris": [ + "https://oauth2-proxy.picluster.ricsanfre.com/oauth2/callback" + ], + "webOrigins": [ + "https://oauth2-proxy.picluster.ricsanfre.com" + ], + "standardFlowEnabled": true, + "directAccessGrantsEnabled": false, + "protocol": "openid-connect", + "protocolMappers": [ + { + "name": "aud-mapper-proxy-oauth2", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-mapper", + "consentRequired": false, + "config": { + "included.client.audience": "${PROXY_OAUTH_CLIENT_ID}", + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ], + "access": { + "view": true, + "configure": true, + "manage": true + } + }, + { + "clientId": "${GRAFANA_OAUTH_CLIENT_ID}", + "name": "Grafana", + "description": "Grafana", + "rootUrl": "https://monitoring.picluster.ricsanfre.com/grafana", + "adminUrl": "https://monitoring.picluster.ricsanfre.com/grafana", + "baseUrl": "https://monitoring.picluster.ricsanfre.com/grafana", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": true, + "clientAuthenticatorType": "client-secret", + "secret": "${GRAFANA_OAUTH_CLIENT_SECRET}", + "redirectUris": [ + "https://monitoring.picluster.ricsanfre.com/grafana/login/generic_oauth" + ], + "webOrigins": [ + "https://monitoring.picluster.ricsanfre.com/grafana" + ], + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "protocol": "openid-connect", + "fullScopeAllowed": true, + "frontchannelLogout": true, + "protocolMappers": [ + { + "name": "roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "roles", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ], + "access": { + "view": true, + "configure": true, + "manage": true + } + }, + { + "clientId": "${KIALI_OAUTH_CLIENT_ID}", + "name": "Kiali", + "description": "Kiali - Istio Obervability platform", + "rootUrl": "https://kiali.picluster.ricsanfre.com/kiali/", + "adminUrl": "https://kiali.picluster.ricsanfre.com/kiali/", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": true, + "clientAuthenticatorType": "client-secret", + "secret": "${KIALI_OAUTH_CLIENT_SECRET}", + "redirectUris": [ + "https://kiali.picluster.ricsanfre.com/kiali/*" + ], + "webOrigins": [ + "https://kiali.picluster.ricsanfre.com" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": true, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "authorizationServicesEnabled": true, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ], + "access": { + "view": true, + "configure": true, + "manage": true + } + } + ], + "roles": { + "realm": [ + { + "name": "admin", + "composite": false + }, + { + "name": "viewer", + "composite": false + }, + { + "name": "editor", + "composite": false + }, + { + "name": "user", + "composite": false + } + ] + }, + "users": [ + { + "username": "${PI_ADMIN_USERNAME}", + "email": "admin@picluster.ricsanfre.com", + "enabled": true, + "emailVerified": true, + "credentials": [ + { + "type": "password", + "value": "${PI_ADMIN_PASSWORD}" + } + ], + "realmRoles": [ + "admin", + "default-roles-picluster" + ] + } + ] +} \ No newline at end of file diff --git a/kubernetes/platform/keycloak/app/components/realm-config/values.yaml b/kubernetes/platform/keycloak/app/components/realm-config/values.yaml new file mode 100644 index 00000000..b94d6842 --- /dev/null +++ b/kubernetes/platform/keycloak/app/components/realm-config/values.yaml @@ -0,0 +1,15 @@ +# keycloak helm values (realm-config) + +# Adding additional secrets for realm configuration as environment variables +extraEnvVarsSecret: keycloak-env-secret + +# Importing realm on start-up +# https://www.keycloak.org/server/importExport#_importing_a_realm_during_startup +extraStartupArgs: "--import-realm" +extraVolumes: + - name: realm-config + configMap: + name: keycloak-realm-configmap +extraVolumeMounts: + - mountPath: /opt/bitnami/keycloak/data/import + name: realm-config \ No newline at end of file diff --git a/kubernetes/platform/keycloak/app/overlays/dev/helm-patch.yaml b/kubernetes/platform/keycloak/app/overlays/dev/helm-patch.yaml new file mode 100644 index 00000000..ee17cd61 --- /dev/null +++ b/kubernetes/platform/keycloak/app/overlays/dev/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: keycloak-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/keycloak/app/overlays/dev/kustomization.yaml b/kubernetes/platform/keycloak/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..1be70452 --- /dev/null +++ b/kubernetes/platform/keycloak/app/overlays/dev/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: keycloak + +resources: + - ../../base + +configMapGenerator: + - name: keycloak-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: keycloak + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/keycloak/app/overlays/dev/values.yaml b/kubernetes/platform/keycloak/app/overlays/dev/values.yaml new file mode 100644 index 00000000..52d8b0b5 --- /dev/null +++ b/kubernetes/platform/keycloak/app/overlays/dev/values.yaml @@ -0,0 +1 @@ +# keycloak helm values (dev overlay) diff --git a/kubernetes/platform/keycloak/app/overlays/prod/helm-patch.yaml b/kubernetes/platform/keycloak/app/overlays/prod/helm-patch.yaml new file mode 100644 index 00000000..ee17cd61 --- /dev/null +++ b/kubernetes/platform/keycloak/app/overlays/prod/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: keycloak-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/keycloak/app/overlays/prod/kustomization.yaml b/kubernetes/platform/keycloak/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..146f6915 --- /dev/null +++ b/kubernetes/platform/keycloak/app/overlays/prod/kustomization.yaml @@ -0,0 +1,24 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: keycloak + +resources: + - ../../base + +components: + - ../../components/external-db + - ../../components/ingress + - ../../components/realm-config + +configMapGenerator: + - name: keycloak-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: keycloak + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/keycloak/app/overlays/prod/values.yaml b/kubernetes/platform/keycloak/app/overlays/prod/values.yaml new file mode 100644 index 00000000..d892a8ac --- /dev/null +++ b/kubernetes/platform/keycloak/app/overlays/prod/values.yaml @@ -0,0 +1 @@ +# keycloak helm values (prod overlay) diff --git a/kubernetes/platform/keycloak/db/base/keycloak-db-external-secret.yaml b/kubernetes/platform/keycloak/db/base/keycloak-db-external-secret.yaml new file mode 100644 index 00000000..a60e47af --- /dev/null +++ b/kubernetes/platform/keycloak/db/base/keycloak-db-external-secret.yaml @@ -0,0 +1,26 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: keycloak-db-externalsecret + namespace: keycloak +spec: + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: keycloak-db-secret + template: + engineVersion: v2 + type: kubernetes.io/basic-auth + metadata: + labels: + cnpg.io/reload: "true" + data: + username: "keycloak" + password: "{{ .password | toString }}" + + data: + - secretKey: password + remoteRef: + key: keycloak/postgresql + property: password diff --git a/kubernetes/platform/keycloak/db/base/keycloak-db-minio-external-secret.yaml b/kubernetes/platform/keycloak/db/base/keycloak-db-minio-external-secret.yaml new file mode 100644 index 00000000..19dbe236 --- /dev/null +++ b/kubernetes/platform/keycloak/db/base/keycloak-db-minio-external-secret.yaml @@ -0,0 +1,26 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: keycloadb-minio-externalsecret + namespace: keycloak +spec: + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: keycloak-db-minio-secret + template: + engineVersion: v2 + data: + AWS_ENDPOINTS: "https://${S3_BACKUP_SERVER}:9091" + AWS_ACCESS_KEY_ID: "{{ .user | toString }}" + AWS_SECRET_ACCESS_KEY: "{{ .key | toString }}" + data: + - secretKey: user + remoteRef: + key: minio/barman + property: user + - secretKey: key + remoteRef: + key: minio/barman + property: key diff --git a/kubernetes/platform/keycloak/db/base/keycloak-db.yaml b/kubernetes/platform/keycloak/db/base/keycloak-db.yaml new file mode 100644 index 00000000..36537aff --- /dev/null +++ b/kubernetes/platform/keycloak/db/base/keycloak-db.yaml @@ -0,0 +1,35 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: keycloak-db +spec: + instances: 3 + imageName: ghcr.io/cloudnative-pg/postgresql:16.3-4 + storage: + size: 10Gi + storageClass: longhorn + monitoring: + enablePodMonitor: true + bootstrap: + initdb: + database: keycloak + owner: keycloak + secret: + name: keycloak-db-secret + backup: + barmanObjectStore: + data: + compression: bzip2 + wal: + compression: bzip2 + maxParallel: 8 + destinationPath: s3://k3s-barman/keycloak-db + endpointURL: https://${S3_BACKUP_SERVER}:9091 + s3Credentials: + accessKeyId: + name: keycloak-db-minio-secret + key: AWS_ACCESS_KEY_ID + secretAccessKey: + name: keycloak-db-minio-secret + key: AWS_SECRET_ACCESS_KEY + retentionPolicy: "30d" diff --git a/kubernetes/platform/keycloak/db/base/kustomization.yaml b/kubernetes/platform/keycloak/db/base/kustomization.yaml new file mode 100644 index 00000000..bdff053a --- /dev/null +++ b/kubernetes/platform/keycloak/db/base/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: keycloak + +resources: + - ns.yaml + - keycloak-db-external-secret.yaml + - keycloak-db-minio-external-secret.yaml + - keycloak-db.yaml \ No newline at end of file diff --git a/kubernetes/platform/keycloak/db/base/ns.yaml b/kubernetes/platform/keycloak/db/base/ns.yaml new file mode 100644 index 00000000..5e8adbfe --- /dev/null +++ b/kubernetes/platform/keycloak/db/base/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: keycloak \ No newline at end of file diff --git a/kubernetes/platform/keycloak/db/overlays/dev/kustomization.yaml b/kubernetes/platform/keycloak/db/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..b3479c5f --- /dev/null +++ b/kubernetes/platform/keycloak/db/overlays/dev/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: keycloak + +resources: + - ../../base \ No newline at end of file diff --git a/kubernetes/platform/keycloak/db/overlays/prod/kustomization.yaml b/kubernetes/platform/keycloak/db/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..b3479c5f --- /dev/null +++ b/kubernetes/platform/keycloak/db/overlays/prod/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: keycloak + +resources: + - ../../base \ No newline at end of file From 541182f264f6b155c2c42f1adb94102bcd39cf78 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 28 Aug 2024 11:49:08 +0200 Subject: [PATCH 051/130] Fixing dependency in keycloak flux app --- kubernetes/clusters/prod/infra/keycloak-app.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/clusters/prod/infra/keycloak-app.yaml b/kubernetes/clusters/prod/infra/keycloak-app.yaml index 503b7a85..7269911c 100644 --- a/kubernetes/clusters/prod/infra/keycloak-app.yaml +++ b/kubernetes/clusters/prod/infra/keycloak-app.yaml @@ -34,7 +34,7 @@ spec: kind: GitRepository name: flux-system dependsOn: - - name: keycloak-app + - name: keycloak-db path: ./kubernetes/platform/keycloak/app/overlays/prod prune: true From 5e3a23522d6105c194565f7862e0ef92ad8f3141 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 28 Aug 2024 11:55:02 +0200 Subject: [PATCH 052/130] Fixing typo --- .../keycloak/app/components/external-db/helm-patch.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/platform/keycloak/app/components/external-db/helm-patch.yaml b/kubernetes/platform/keycloak/app/components/external-db/helm-patch.yaml index c8fa884a..bb49628a 100644 --- a/kubernetes/platform/keycloak/app/components/external-db/helm-patch.yaml +++ b/kubernetes/platform/keycloak/app/components/external-db/helm-patch.yaml @@ -3,4 +3,4 @@ value: kind: ConfigMap name: keycloak-helm-values - valuesKey: externaldb-values.yaml + valuesKey: external-db-values.yaml From 129432611c5776ec755ca3c3a7665628806a424d Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 28 Aug 2024 11:59:03 +0200 Subject: [PATCH 053/130] Add flux subtitution to keycloak-app --- kubernetes/clusters/prod/infra/keycloak-app.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/kubernetes/clusters/prod/infra/keycloak-app.yaml b/kubernetes/clusters/prod/infra/keycloak-app.yaml index 7269911c..7c3446c5 100644 --- a/kubernetes/clusters/prod/infra/keycloak-app.yaml +++ b/kubernetes/clusters/prod/infra/keycloak-app.yaml @@ -37,5 +37,10 @@ spec: - name: keycloak-db path: ./kubernetes/platform/keycloak/app/overlays/prod prune: true - + postBuild: + substituteFrom: + - kind: ConfigMap + name: cluster-settings + # Use this ConfigMap if it exists, but proceed if it doesn't. + optional: true From 3e7d9a4d2693f33fae2db13e21415e5a0a7785b2 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 28 Aug 2024 12:02:43 +0200 Subject: [PATCH 054/130] Adding missing config in keycloak app --- .../platform/keycloak/app/base/values.yaml | 42 ------------------- .../realm-config/kustomization.yaml | 7 ++++ 2 files changed, 7 insertions(+), 42 deletions(-) diff --git a/kubernetes/platform/keycloak/app/base/values.yaml b/kubernetes/platform/keycloak/app/base/values.yaml index 3a69261e..647a8777 100644 --- a/kubernetes/platform/keycloak/app/base/values.yaml +++ b/kubernetes/platform/keycloak/app/base/values.yaml @@ -20,47 +20,5 @@ auth: adminUser: admin -# External DB: https://github.com/bitnami/charts/tree/main/bitnami/keycloak#use-an-external-database -postgresql: - enabled: false -externalDatabase: - host: "keycloak-db-rw" - port: 5432 - database: keycloak - existingSecret: "keycloak-db-secret" - existingSecretUserKey: "username" - existingSecretPasswordKey: "password" -# Adding additional secrets for realm configuration as environment variables -extraEnvVarsSecret: keycloak-env-secret - -# Importing realm on start-up -# https://www.keycloak.org/server/importExport#_importing_a_realm_during_startup -extraStartupArgs: "--import-realm" -extraVolumes: - - name: realm-config - configMap: - name: keycloak-realm-configmap -extraVolumeMounts: - - mountPath: /opt/bitnami/keycloak/data/import - name: realm-config - -# Ingress config -ingress: - enabled: true - ingressClassName: "nginx" - pathType: Prefix - annotations: - # Enable cert-manager to create automatically the SSL certificate and store in Secret - # Possible Cluster-Issuer values: - # * 'letsencrypt-issuer' (valid TLS certificate using IONOS API) - # * 'ca-issuer' (CA-signed certificate, not valid) - cert-manager.io/cluster-issuer: letsencrypt-issuer - cert-manager.io/common-name: sso.picluster.ricsanfre.com - # Increasing proxy buffer size to avoid - # https://stackoverflow.com/questions/57503590/upstream-sent-too-big-header-while-reading-response-header-from-upstream-in-keyc - nginx.ingress.kubernetes.io/proxy-buffers-number: "4" - nginx.ingress.kubernetes.io/proxy-buffer-size: "16k" - hostname: sso.picluster.ricsanfre.com - tls: true diff --git a/kubernetes/platform/keycloak/app/components/realm-config/kustomization.yaml b/kubernetes/platform/keycloak/app/components/realm-config/kustomization.yaml index ab09a315..a1e2f31a 100644 --- a/kubernetes/platform/keycloak/app/components/realm-config/kustomization.yaml +++ b/kubernetes/platform/keycloak/app/components/realm-config/kustomization.yaml @@ -1,12 +1,19 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component +resources: + - keycloak-env-externalsecret.yaml + # patch values.yaml configMapGenerator: - name: keycloak-helm-values behavior: merge files: - realm-config-values.yaml=values.yaml + # Generate keycloak config realm + - name: keycloak-realm-configmap + files: + - picluster-realm.json patches: - target: From 1a45b90e591218f76a0daac9cae2b71664b37036 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 28 Aug 2024 12:41:01 +0200 Subject: [PATCH 055/130] Disabling hash suffix from keycloak-realm-configmap. hash cannot be susbtituted in values.yaml --- .../keycloak/app/components/realm-config/kustomization.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kubernetes/platform/keycloak/app/components/realm-config/kustomization.yaml b/kubernetes/platform/keycloak/app/components/realm-config/kustomization.yaml index a1e2f31a..e71a6149 100644 --- a/kubernetes/platform/keycloak/app/components/realm-config/kustomization.yaml +++ b/kubernetes/platform/keycloak/app/components/realm-config/kustomization.yaml @@ -12,6 +12,8 @@ configMapGenerator: - realm-config-values.yaml=values.yaml # Generate keycloak config realm - name: keycloak-realm-configmap + options: + disableNameSuffixHash: true files: - picluster-realm.json From ad4bc6378afeb65f145e1358687c1f702bec5bed Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 28 Aug 2024 13:22:29 +0200 Subject: [PATCH 056/130] Changing flux helmreleases configuration: interval and install/upgrade retry policies --- kubernetes/fluxcd-app-template/app/base/helm.yaml | 12 ++++++------ kubernetes/platform/cert-manager/app/base/helm.yaml | 12 ++++++------ kubernetes/platform/cilium/app/base/helm.yaml | 12 ++++++------ .../platform/cloudnative-pg/app/base/helm.yaml | 12 ++++++------ kubernetes/platform/coredns/app/base/helm.yaml | 12 ++++++------ .../platform/external-secrets/app/base/helm.yaml | 12 ++++++------ kubernetes/platform/keycloak/app/base/helm.yaml | 13 +++++++------ kubernetes/platform/longhorn/app/base/helm.yaml | 12 ++++++------ kubernetes/platform/minio/app/base/helm.yaml | 12 ++++++------ .../mongodb-community-operator/app/base/helm.yaml | 12 ++++++------ kubernetes/platform/nginx/app/base/helm.yaml | 12 ++++++------ kubernetes/platform/velero/app/base/helm.yaml | 12 ++++++------ 12 files changed, 73 insertions(+), 72 deletions(-) diff --git a/kubernetes/fluxcd-app-template/app/base/helm.yaml b/kubernetes/fluxcd-app-template/app/base/helm.yaml index 79e538bc..9ba87972 100644 --- a/kubernetes/fluxcd-app-template/app/base/helm.yaml +++ b/kubernetes/fluxcd-app-template/app/base/helm.yaml @@ -5,14 +5,14 @@ metadata: name: {{ .app_name }} spec: url: {{ .chart_repo_url }} - interval: 10m + interval: 1h --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: {{ .app_name }} spec: - interval: 5m + interval: 30m chart: spec: chart: {{ .chart_name }} @@ -20,14 +20,14 @@ spec: sourceRef: kind: HelmRepository name: {{ .app_name }} - upgrade: + install: remediation: retries: 3 - remediateLastFailure: true - install: + upgrade: + cleanupOnFail: true remediation: + strategy: rollback retries: 3 - remediateLastFailure: true valuesFrom: - kind: ConfigMap name: {{ .app_name }}-helm-values diff --git a/kubernetes/platform/cert-manager/app/base/helm.yaml b/kubernetes/platform/cert-manager/app/base/helm.yaml index 02ab9ce5..fff95d9a 100644 --- a/kubernetes/platform/cert-manager/app/base/helm.yaml +++ b/kubernetes/platform/cert-manager/app/base/helm.yaml @@ -5,14 +5,14 @@ metadata: name: cert-manager spec: url: https://charts.jetstack.io - interval: 10m + interval: 1h --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: cert-manager spec: - interval: 5m + interval: 30m chart: spec: chart: cert-manager @@ -20,14 +20,14 @@ spec: sourceRef: kind: HelmRepository name: cert-manager - upgrade: + install: remediation: retries: 3 - remediateLastFailure: true - install: + upgrade: + cleanupOnFail: true remediation: + strategy: rollback retries: 3 - remediateLastFailure: true valuesFrom: - kind: ConfigMap name: cert-manager-helm-values diff --git a/kubernetes/platform/cilium/app/base/helm.yaml b/kubernetes/platform/cilium/app/base/helm.yaml index 680165be..35e734e4 100644 --- a/kubernetes/platform/cilium/app/base/helm.yaml +++ b/kubernetes/platform/cilium/app/base/helm.yaml @@ -5,14 +5,14 @@ metadata: name: cilium spec: url: https://helm.cilium.io/ - interval: 10m + interval: 1h --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: cilium spec: - interval: 5m + interval: 30m chart: spec: chart: cilium @@ -20,14 +20,14 @@ spec: sourceRef: kind: HelmRepository name: cilium - upgrade: + install: remediation: retries: 3 - remediateLastFailure: true - install: + upgrade: + cleanupOnFail: true remediation: + strategy: rollback retries: 3 - remediateLastFailure: true valuesFrom: - kind: ConfigMap name: cilium-helm-values diff --git a/kubernetes/platform/cloudnative-pg/app/base/helm.yaml b/kubernetes/platform/cloudnative-pg/app/base/helm.yaml index d2ab32bb..c2b38b66 100644 --- a/kubernetes/platform/cloudnative-pg/app/base/helm.yaml +++ b/kubernetes/platform/cloudnative-pg/app/base/helm.yaml @@ -5,14 +5,14 @@ metadata: name: cloudnative-pg spec: url: https://cloudnative-pg.github.io/charts - interval: 10m + interval: 1h --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: cloudnative-pg spec: - interval: 5m + interval: 30m chart: spec: chart: cloudnative-pg @@ -20,14 +20,14 @@ spec: sourceRef: kind: HelmRepository name: cloudnative-pg - upgrade: + install: remediation: retries: 3 - remediateLastFailure: true - install: + upgrade: + cleanupOnFail: true remediation: + strategy: rollback retries: 3 - remediateLastFailure: true dependsOn: - name: longhorn namespace: longhorn-system diff --git a/kubernetes/platform/coredns/app/base/helm.yaml b/kubernetes/platform/coredns/app/base/helm.yaml index 36de3ab2..631c967e 100644 --- a/kubernetes/platform/coredns/app/base/helm.yaml +++ b/kubernetes/platform/coredns/app/base/helm.yaml @@ -5,14 +5,14 @@ metadata: name: coredns spec: url: https://coredns.github.io/helm - interval: 10m + interval: 1h --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: coredns spec: - interval: 5m + interval: 30m chart: spec: chart: coredns @@ -20,14 +20,14 @@ spec: sourceRef: kind: HelmRepository name: coredns - upgrade: + install: remediation: retries: 3 - remediateLastFailure: true - install: + upgrade: + cleanupOnFail: true remediation: + strategy: rollback retries: 3 - remediateLastFailure: true valuesFrom: - kind: ConfigMap name: coredns-helm-values diff --git a/kubernetes/platform/external-secrets/app/base/helm.yaml b/kubernetes/platform/external-secrets/app/base/helm.yaml index d0805c2d..72cab7dc 100644 --- a/kubernetes/platform/external-secrets/app/base/helm.yaml +++ b/kubernetes/platform/external-secrets/app/base/helm.yaml @@ -5,14 +5,14 @@ metadata: name: external-secrets spec: url: https://charts.external-secrets.io - interval: 10m + interval: 1h --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: external-secrets spec: - interval: 5m + interval: 30m chart: spec: chart: external-secrets @@ -20,14 +20,14 @@ spec: sourceRef: kind: HelmRepository name: external-secrets - upgrade: + install: remediation: retries: 3 - remediateLastFailure: true - install: + upgrade: + cleanupOnFail: true remediation: + strategy: rollback retries: 3 - remediateLastFailure: true valuesFrom: - kind: ConfigMap name: external-secrets-helm-values diff --git a/kubernetes/platform/keycloak/app/base/helm.yaml b/kubernetes/platform/keycloak/app/base/helm.yaml index 10dc763e..bc7ead7f 100644 --- a/kubernetes/platform/keycloak/app/base/helm.yaml +++ b/kubernetes/platform/keycloak/app/base/helm.yaml @@ -5,14 +5,15 @@ metadata: name: keycloak spec: url: https://charts.bitnami.com/bitnami - interval: 10m + interval: 1h --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: keycloak spec: - interval: 5m + interval: 30m + timeout: 15m chart: spec: chart: keycloak @@ -20,14 +21,14 @@ spec: sourceRef: kind: HelmRepository name: keycloak - upgrade: + install: remediation: retries: 3 - remediateLastFailure: true - install: + upgrade: + cleanupOnFail: true remediation: + strategy: rollback retries: 3 - remediateLastFailure: true dependsOn: - name: cloudnative-pg namespace: cnpg-system diff --git a/kubernetes/platform/longhorn/app/base/helm.yaml b/kubernetes/platform/longhorn/app/base/helm.yaml index 799e35b4..957a0cbb 100644 --- a/kubernetes/platform/longhorn/app/base/helm.yaml +++ b/kubernetes/platform/longhorn/app/base/helm.yaml @@ -5,14 +5,14 @@ metadata: name: longhorn spec: url: https://charts.longhorn.io - interval: 10m + interval: 1h --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: longhorn spec: - interval: 5m + interval: 30m chart: spec: chart: longhorn @@ -20,14 +20,14 @@ spec: sourceRef: kind: HelmRepository name: longhorn - upgrade: + install: remediation: retries: 3 - remediateLastFailure: true - install: + upgrade: + cleanupOnFail: true remediation: + strategy: rollback retries: 3 - remediateLastFailure: true valuesFrom: - kind: ConfigMap name: longhorn-helm-values diff --git a/kubernetes/platform/minio/app/base/helm.yaml b/kubernetes/platform/minio/app/base/helm.yaml index 1c3768b4..0905deed 100644 --- a/kubernetes/platform/minio/app/base/helm.yaml +++ b/kubernetes/platform/minio/app/base/helm.yaml @@ -5,14 +5,14 @@ metadata: name: minio spec: url: https://charts.min.io/ - interval: 10m + interval: 1h --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: minio spec: - interval: 5m + interval: 30m chart: spec: chart: minio @@ -20,14 +20,14 @@ spec: sourceRef: kind: HelmRepository name: minio - upgrade: + install: remediation: retries: 3 - remediateLastFailure: true - install: + upgrade: + cleanupOnFail: true remediation: + strategy: rollback retries: 3 - remediateLastFailure: true dependsOn: - name: longhorn namespace: longhorn-system diff --git a/kubernetes/platform/mongodb-community-operator/app/base/helm.yaml b/kubernetes/platform/mongodb-community-operator/app/base/helm.yaml index 3f5dadcd..9ac49c63 100644 --- a/kubernetes/platform/mongodb-community-operator/app/base/helm.yaml +++ b/kubernetes/platform/mongodb-community-operator/app/base/helm.yaml @@ -5,14 +5,14 @@ metadata: name: mongodb-community-operator spec: url: https://mongodb.github.io/helm-charts - interval: 10m + interval: 1h --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: mongodb-community-operator spec: - interval: 5m + interval: 30m chart: spec: chart: community-operator @@ -20,14 +20,14 @@ spec: sourceRef: kind: HelmRepository name: mongodb-community-operator - upgrade: + install: remediation: retries: 3 - remediateLastFailure: true - install: + upgrade: + cleanupOnFail: true remediation: + strategy: rollback retries: 3 - remediateLastFailure: true dependsOn: - name: longhorn namespace: longhorn-system diff --git a/kubernetes/platform/nginx/app/base/helm.yaml b/kubernetes/platform/nginx/app/base/helm.yaml index cced18a6..e24b0ce4 100644 --- a/kubernetes/platform/nginx/app/base/helm.yaml +++ b/kubernetes/platform/nginx/app/base/helm.yaml @@ -5,14 +5,14 @@ metadata: name: ingress-nginx spec: url: https://kubernetes.github.io/ingress-nginx - interval: 10m + interval: 1h --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: ingress-nginx spec: - interval: 5m + interval: 30m chart: spec: chart: ingress-nginx @@ -20,14 +20,14 @@ spec: sourceRef: kind: HelmRepository name: ingress-nginx - upgrade: + install: remediation: retries: 3 - remediateLastFailure: true - install: + upgrade: + cleanupOnFail: true remediation: + strategy: rollback retries: 3 - remediateLastFailure: true valuesFrom: - kind: ConfigMap name: ingress-nginx-helm-values diff --git a/kubernetes/platform/velero/app/base/helm.yaml b/kubernetes/platform/velero/app/base/helm.yaml index 63dcd0da..99d83399 100644 --- a/kubernetes/platform/velero/app/base/helm.yaml +++ b/kubernetes/platform/velero/app/base/helm.yaml @@ -5,14 +5,14 @@ metadata: name: velero spec: url: https://vmware-tanzu.github.io/helm-charts - interval: 10m + interval: 1h --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: velero spec: - interval: 5m + interval: 30m chart: spec: chart: velero @@ -20,14 +20,14 @@ spec: sourceRef: kind: HelmRepository name: velero - upgrade: + install: remediation: retries: 3 - remediateLastFailure: true - install: + upgrade: + cleanupOnFail: true remediation: + strategy: rollback retries: 3 - remediateLastFailure: true valuesFrom: - kind: ConfigMap name: velero-helm-values From 80f100283bfe44e685e0904fcd88a4306ca89569 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 28 Aug 2024 15:17:16 +0200 Subject: [PATCH 057/130] Extracting helm repo definitions to cluster configuration --- .../prod/repositories/helm/bitnami-helmrepo.yaml | 9 +++++++++ .../prod/repositories/helm/cilium-helmrepo.yaml | 9 +++++++++ .../repositories/helm/cloudnative-pg-helmrepo.yaml | 9 +++++++++ .../prod/repositories/helm/coredns-helmrepo.yaml | 9 +++++++++ .../helm/external-secrets-helmrepo.yaml | 9 +++++++++ .../repositories/helm/ingress-nginx-helmrepo.yaml | 9 +++++++++ .../prod/repositories/helm/jetstack-helmrepo.yaml | 9 +++++++++ .../prod/repositories/helm/kustomization.yaml | 14 ++++++++++++++ .../prod/repositories/helm/longhorn-helmrepo.yaml | 9 +++++++++ .../prod/repositories/helm/minio-helmrepo.yaml | 9 +++++++++ .../prod/repositories/helm/mongodb-helmrepo.yaml | 9 +++++++++ .../repositories/helm/vmware-tanzu-helmrepo.yaml | 9 +++++++++ .../clusters/prod/repositories/kustomization.yaml | 4 ++++ kubernetes/fluxcd-app-template/app/base/helm.yaml | 9 +-------- kubernetes/fluxcd-app-template/helmrepo.yaml | 9 +++++++++ .../platform/cert-manager/app/base/helm.yaml | 11 ++--------- kubernetes/platform/cilium/app/base/helm.yaml | 9 +-------- .../platform/cloudnative-pg/app/base/helm.yaml | 9 +-------- kubernetes/platform/coredns/app/base/helm.yaml | 9 +-------- .../platform/external-secrets/app/base/helm.yaml | 9 +-------- kubernetes/platform/keycloak/app/base/helm.yaml | 11 ++--------- kubernetes/platform/longhorn/app/base/helm.yaml | 9 +-------- kubernetes/platform/minio/app/base/helm.yaml | 9 +-------- .../mongodb-community-operator/app/base/helm.yaml | 11 ++--------- kubernetes/platform/nginx/app/base/helm.yaml | 9 +-------- kubernetes/platform/velero/app/base/helm.yaml | 11 ++--------- 26 files changed, 142 insertions(+), 100 deletions(-) create mode 100644 kubernetes/clusters/prod/repositories/helm/bitnami-helmrepo.yaml create mode 100644 kubernetes/clusters/prod/repositories/helm/cilium-helmrepo.yaml create mode 100644 kubernetes/clusters/prod/repositories/helm/cloudnative-pg-helmrepo.yaml create mode 100644 kubernetes/clusters/prod/repositories/helm/coredns-helmrepo.yaml create mode 100644 kubernetes/clusters/prod/repositories/helm/external-secrets-helmrepo.yaml create mode 100644 kubernetes/clusters/prod/repositories/helm/ingress-nginx-helmrepo.yaml create mode 100644 kubernetes/clusters/prod/repositories/helm/jetstack-helmrepo.yaml create mode 100644 kubernetes/clusters/prod/repositories/helm/kustomization.yaml create mode 100644 kubernetes/clusters/prod/repositories/helm/longhorn-helmrepo.yaml create mode 100644 kubernetes/clusters/prod/repositories/helm/minio-helmrepo.yaml create mode 100644 kubernetes/clusters/prod/repositories/helm/mongodb-helmrepo.yaml create mode 100644 kubernetes/clusters/prod/repositories/helm/vmware-tanzu-helmrepo.yaml create mode 100644 kubernetes/clusters/prod/repositories/kustomization.yaml create mode 100644 kubernetes/fluxcd-app-template/helmrepo.yaml diff --git a/kubernetes/clusters/prod/repositories/helm/bitnami-helmrepo.yaml b/kubernetes/clusters/prod/repositories/helm/bitnami-helmrepo.yaml new file mode 100644 index 00000000..2a19d6f4 --- /dev/null +++ b/kubernetes/clusters/prod/repositories/helm/bitnami-helmrepo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: bitnami + namespace: flux-system +spec: + url: https://charts.bitnami.com/bitnami + interval: 1h \ No newline at end of file diff --git a/kubernetes/clusters/prod/repositories/helm/cilium-helmrepo.yaml b/kubernetes/clusters/prod/repositories/helm/cilium-helmrepo.yaml new file mode 100644 index 00000000..7bcdcf33 --- /dev/null +++ b/kubernetes/clusters/prod/repositories/helm/cilium-helmrepo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: cilium + namespace: flux-system +spec: + url: https://helm.cilium.io/ + interval: 1h \ No newline at end of file diff --git a/kubernetes/clusters/prod/repositories/helm/cloudnative-pg-helmrepo.yaml b/kubernetes/clusters/prod/repositories/helm/cloudnative-pg-helmrepo.yaml new file mode 100644 index 00000000..a2633312 --- /dev/null +++ b/kubernetes/clusters/prod/repositories/helm/cloudnative-pg-helmrepo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: cloudnative-pg + namespace: flux-system +spec: + url: https://cloudnative-pg.github.io/charts + interval: 1h \ No newline at end of file diff --git a/kubernetes/clusters/prod/repositories/helm/coredns-helmrepo.yaml b/kubernetes/clusters/prod/repositories/helm/coredns-helmrepo.yaml new file mode 100644 index 00000000..6fc3a0d8 --- /dev/null +++ b/kubernetes/clusters/prod/repositories/helm/coredns-helmrepo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: coredns + namespace: flux-system +spec: + url: https://coredns.github.io/helm + interval: 1h \ No newline at end of file diff --git a/kubernetes/clusters/prod/repositories/helm/external-secrets-helmrepo.yaml b/kubernetes/clusters/prod/repositories/helm/external-secrets-helmrepo.yaml new file mode 100644 index 00000000..488e6ab6 --- /dev/null +++ b/kubernetes/clusters/prod/repositories/helm/external-secrets-helmrepo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: external-secrets + namespace: flux-system +spec: + url: https://charts.external-secrets.io + interval: 1h \ No newline at end of file diff --git a/kubernetes/clusters/prod/repositories/helm/ingress-nginx-helmrepo.yaml b/kubernetes/clusters/prod/repositories/helm/ingress-nginx-helmrepo.yaml new file mode 100644 index 00000000..e7683d64 --- /dev/null +++ b/kubernetes/clusters/prod/repositories/helm/ingress-nginx-helmrepo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: ingress-nginx + namespace: flux-system +spec: + url: https://kubernetes.github.io/ingress-nginx + interval: 1h \ No newline at end of file diff --git a/kubernetes/clusters/prod/repositories/helm/jetstack-helmrepo.yaml b/kubernetes/clusters/prod/repositories/helm/jetstack-helmrepo.yaml new file mode 100644 index 00000000..aa1e7351 --- /dev/null +++ b/kubernetes/clusters/prod/repositories/helm/jetstack-helmrepo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: jetstack + namespace: flux-system +spec: + url: https://charts.jetstack.io + interval: 1h \ No newline at end of file diff --git a/kubernetes/clusters/prod/repositories/helm/kustomization.yaml b/kubernetes/clusters/prod/repositories/helm/kustomization.yaml new file mode 100644 index 00000000..b0a74e12 --- /dev/null +++ b/kubernetes/clusters/prod/repositories/helm/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - bitnami-helmrepo.yaml + - cilium-helmrepo.yaml + - cloudnative-pg-helmrepo.yaml + - coredns-helmrepo.yaml + - external-secrets-helmrepo.yaml + - ingress-nginx-helmrepo.yaml + - jetstack-helmrepo.yaml + - longhorn-helmrepo.yaml + - minio-helmrepo.yaml + - mongodb-helmrepo.yaml + - vmware-tanzu-helmrepo.yaml \ No newline at end of file diff --git a/kubernetes/clusters/prod/repositories/helm/longhorn-helmrepo.yaml b/kubernetes/clusters/prod/repositories/helm/longhorn-helmrepo.yaml new file mode 100644 index 00000000..1ec5fcb5 --- /dev/null +++ b/kubernetes/clusters/prod/repositories/helm/longhorn-helmrepo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: longhorn + namespace: flux-system +spec: + url: https://charts.longhorn.io + interval: 1h \ No newline at end of file diff --git a/kubernetes/clusters/prod/repositories/helm/minio-helmrepo.yaml b/kubernetes/clusters/prod/repositories/helm/minio-helmrepo.yaml new file mode 100644 index 00000000..a1cdbdc7 --- /dev/null +++ b/kubernetes/clusters/prod/repositories/helm/minio-helmrepo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: minio + namespace: flux-system +spec: + url: https://charts.min.io/ + interval: 1h \ No newline at end of file diff --git a/kubernetes/clusters/prod/repositories/helm/mongodb-helmrepo.yaml b/kubernetes/clusters/prod/repositories/helm/mongodb-helmrepo.yaml new file mode 100644 index 00000000..a3374366 --- /dev/null +++ b/kubernetes/clusters/prod/repositories/helm/mongodb-helmrepo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: mongodb + namespace: flux-system +spec: + url: https://mongodb.github.io/helm-charts + interval: 1h \ No newline at end of file diff --git a/kubernetes/clusters/prod/repositories/helm/vmware-tanzu-helmrepo.yaml b/kubernetes/clusters/prod/repositories/helm/vmware-tanzu-helmrepo.yaml new file mode 100644 index 00000000..8032948a --- /dev/null +++ b/kubernetes/clusters/prod/repositories/helm/vmware-tanzu-helmrepo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: vmware-tanzu + namespace: flux-system +spec: + url: https://vmware-tanzu.github.io/helm-charts + interval: 1h \ No newline at end of file diff --git a/kubernetes/clusters/prod/repositories/kustomization.yaml b/kubernetes/clusters/prod/repositories/kustomization.yaml new file mode 100644 index 00000000..2e4109d5 --- /dev/null +++ b/kubernetes/clusters/prod/repositories/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helm diff --git a/kubernetes/fluxcd-app-template/app/base/helm.yaml b/kubernetes/fluxcd-app-template/app/base/helm.yaml index 9ba87972..6587ef91 100644 --- a/kubernetes/fluxcd-app-template/app/base/helm.yaml +++ b/kubernetes/fluxcd-app-template/app/base/helm.yaml @@ -1,12 +1,4 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: {{ .app_name }} -spec: - url: {{ .chart_repo_url }} - interval: 1h ---- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: @@ -20,6 +12,7 @@ spec: sourceRef: kind: HelmRepository name: {{ .app_name }} + namespace: flux-system install: remediation: retries: 3 diff --git a/kubernetes/fluxcd-app-template/helmrepo.yaml b/kubernetes/fluxcd-app-template/helmrepo.yaml new file mode 100644 index 00000000..ad8c24d1 --- /dev/null +++ b/kubernetes/fluxcd-app-template/helmrepo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: {{ .app_name }} + namespace: flux-system +spec: + url: {{ .chart_repo_url }} + interval: 1h \ No newline at end of file diff --git a/kubernetes/platform/cert-manager/app/base/helm.yaml b/kubernetes/platform/cert-manager/app/base/helm.yaml index fff95d9a..b033b859 100644 --- a/kubernetes/platform/cert-manager/app/base/helm.yaml +++ b/kubernetes/platform/cert-manager/app/base/helm.yaml @@ -1,12 +1,4 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: cert-manager -spec: - url: https://charts.jetstack.io - interval: 1h ---- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: @@ -19,7 +11,8 @@ spec: version: v1.15.1 sourceRef: kind: HelmRepository - name: cert-manager + name: jetstack + namespace: flux-system install: remediation: retries: 3 diff --git a/kubernetes/platform/cilium/app/base/helm.yaml b/kubernetes/platform/cilium/app/base/helm.yaml index 35e734e4..912cb306 100644 --- a/kubernetes/platform/cilium/app/base/helm.yaml +++ b/kubernetes/platform/cilium/app/base/helm.yaml @@ -1,12 +1,4 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: cilium -spec: - url: https://helm.cilium.io/ - interval: 1h ---- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: @@ -20,6 +12,7 @@ spec: sourceRef: kind: HelmRepository name: cilium + namespace: flux-system install: remediation: retries: 3 diff --git a/kubernetes/platform/cloudnative-pg/app/base/helm.yaml b/kubernetes/platform/cloudnative-pg/app/base/helm.yaml index c2b38b66..30da3311 100644 --- a/kubernetes/platform/cloudnative-pg/app/base/helm.yaml +++ b/kubernetes/platform/cloudnative-pg/app/base/helm.yaml @@ -1,12 +1,4 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: cloudnative-pg -spec: - url: https://cloudnative-pg.github.io/charts - interval: 1h ---- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: @@ -20,6 +12,7 @@ spec: sourceRef: kind: HelmRepository name: cloudnative-pg + namespace: flux-system install: remediation: retries: 3 diff --git a/kubernetes/platform/coredns/app/base/helm.yaml b/kubernetes/platform/coredns/app/base/helm.yaml index 631c967e..f234522d 100644 --- a/kubernetes/platform/coredns/app/base/helm.yaml +++ b/kubernetes/platform/coredns/app/base/helm.yaml @@ -1,12 +1,4 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: coredns -spec: - url: https://coredns.github.io/helm - interval: 1h ---- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: @@ -20,6 +12,7 @@ spec: sourceRef: kind: HelmRepository name: coredns + namespace: flux-system install: remediation: retries: 3 diff --git a/kubernetes/platform/external-secrets/app/base/helm.yaml b/kubernetes/platform/external-secrets/app/base/helm.yaml index 72cab7dc..b9bb6745 100644 --- a/kubernetes/platform/external-secrets/app/base/helm.yaml +++ b/kubernetes/platform/external-secrets/app/base/helm.yaml @@ -1,12 +1,4 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: external-secrets -spec: - url: https://charts.external-secrets.io - interval: 1h ---- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: @@ -20,6 +12,7 @@ spec: sourceRef: kind: HelmRepository name: external-secrets + namespace: flux-system install: remediation: retries: 3 diff --git a/kubernetes/platform/keycloak/app/base/helm.yaml b/kubernetes/platform/keycloak/app/base/helm.yaml index bc7ead7f..6a5bf96c 100644 --- a/kubernetes/platform/keycloak/app/base/helm.yaml +++ b/kubernetes/platform/keycloak/app/base/helm.yaml @@ -1,12 +1,4 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: keycloak -spec: - url: https://charts.bitnami.com/bitnami - interval: 1h ---- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: @@ -20,7 +12,8 @@ spec: version: 21.7.1 sourceRef: kind: HelmRepository - name: keycloak + name: bitnami + namespace: flux-system install: remediation: retries: 3 diff --git a/kubernetes/platform/longhorn/app/base/helm.yaml b/kubernetes/platform/longhorn/app/base/helm.yaml index 957a0cbb..6a1894ff 100644 --- a/kubernetes/platform/longhorn/app/base/helm.yaml +++ b/kubernetes/platform/longhorn/app/base/helm.yaml @@ -1,12 +1,4 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: longhorn -spec: - url: https://charts.longhorn.io - interval: 1h ---- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: @@ -20,6 +12,7 @@ spec: sourceRef: kind: HelmRepository name: longhorn + namespace: flux-system install: remediation: retries: 3 diff --git a/kubernetes/platform/minio/app/base/helm.yaml b/kubernetes/platform/minio/app/base/helm.yaml index 0905deed..01ebb46e 100644 --- a/kubernetes/platform/minio/app/base/helm.yaml +++ b/kubernetes/platform/minio/app/base/helm.yaml @@ -1,12 +1,4 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: minio -spec: - url: https://charts.min.io/ - interval: 1h ---- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: @@ -20,6 +12,7 @@ spec: sourceRef: kind: HelmRepository name: minio + namespace: flux-system install: remediation: retries: 3 diff --git a/kubernetes/platform/mongodb-community-operator/app/base/helm.yaml b/kubernetes/platform/mongodb-community-operator/app/base/helm.yaml index 9ac49c63..46b5ca1a 100644 --- a/kubernetes/platform/mongodb-community-operator/app/base/helm.yaml +++ b/kubernetes/platform/mongodb-community-operator/app/base/helm.yaml @@ -1,12 +1,4 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: mongodb-community-operator -spec: - url: https://mongodb.github.io/helm-charts - interval: 1h ---- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: @@ -19,7 +11,8 @@ spec: version: 0.10.0 sourceRef: kind: HelmRepository - name: mongodb-community-operator + name: mongodb + namespace: flux-system install: remediation: retries: 3 diff --git a/kubernetes/platform/nginx/app/base/helm.yaml b/kubernetes/platform/nginx/app/base/helm.yaml index e24b0ce4..ac773747 100644 --- a/kubernetes/platform/nginx/app/base/helm.yaml +++ b/kubernetes/platform/nginx/app/base/helm.yaml @@ -1,12 +1,4 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: ingress-nginx -spec: - url: https://kubernetes.github.io/ingress-nginx - interval: 1h ---- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: @@ -20,6 +12,7 @@ spec: sourceRef: kind: HelmRepository name: ingress-nginx + namespace: flux-system install: remediation: retries: 3 diff --git a/kubernetes/platform/velero/app/base/helm.yaml b/kubernetes/platform/velero/app/base/helm.yaml index 99d83399..ef5f1cd0 100644 --- a/kubernetes/platform/velero/app/base/helm.yaml +++ b/kubernetes/platform/velero/app/base/helm.yaml @@ -1,12 +1,4 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: velero -spec: - url: https://vmware-tanzu.github.io/helm-charts - interval: 1h ---- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: @@ -19,7 +11,8 @@ spec: version: 7.1.0 sourceRef: kind: HelmRepository - name: velero + name: vmware-tanzu + namespace: flux-system install: remediation: retries: 3 From b6ef6fd79fd5b1471b04ac265451437a11ead073 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Wed, 28 Aug 2024 16:22:55 +0200 Subject: [PATCH 058/130] Adding heath checks to flux kustomized apps --- .../clusters/prod/infra/cert-manager-app.yaml | 16 +++++++++++++--- kubernetes/clusters/prod/infra/cilium-app.yaml | 10 ++++++++-- .../clusters/prod/infra/cloudnative-pg-app.yaml | 7 ++++++- kubernetes/clusters/prod/infra/coredns-app.yaml | 7 ++++++- .../prod/infra/csi-external-snapshotter-app.yaml | 2 +- .../prod/infra/external-secrets-app.yaml | 9 +++++++-- kubernetes/clusters/prod/infra/keycloak-app.yaml | 10 ++++++++-- kubernetes/clusters/prod/infra/longhorn-app.yaml | 8 +++++++- kubernetes/clusters/prod/infra/minio-app.yaml | 7 ++++++- .../prod/infra/mongodb-operator-app.yaml | 7 ++++++- kubernetes/clusters/prod/infra/nginx-app.yaml | 7 ++++++- .../clusters/prod/infra/system-upgrade-app.yaml | 4 ++-- kubernetes/clusters/prod/infra/velero-app.yaml | 9 +++++++-- kubernetes/fluxcd-app-template/app.yaml | 9 +++++++-- kubernetes/platform/longhorn/app/base/helm.yaml | 1 + 15 files changed, 91 insertions(+), 22 deletions(-) diff --git a/kubernetes/clusters/prod/infra/cert-manager-app.yaml b/kubernetes/clusters/prod/infra/cert-manager-app.yaml index 45d05899..6cfe2e13 100644 --- a/kubernetes/clusters/prod/infra/cert-manager-app.yaml +++ b/kubernetes/clusters/prod/infra/cert-manager-app.yaml @@ -5,13 +5,18 @@ metadata: name: cert-manager-app namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: cert-manager sourceRef: kind: GitRepository name: flux-system path: ./kubernetes/platform/cert-manager/app/overlays/prod prune: true + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: cert-manager + namespace: cert-manager --- apiVersion: kustomize.toolkit.fluxcd.io/v1 @@ -20,7 +25,7 @@ metadata: name: cert-manager-webhook-ionos namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: cert-manager sourceRef: kind: GitRepository @@ -29,6 +34,11 @@ spec: - name: cert-manager-app path: ./kubernetes/platform/cert-manager/webhook-ionos/overlays/prod prune: true + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: cert-manager-webhook-ionos + namespace: cert-manager --- apiVersion: kustomize.toolkit.fluxcd.io/v1 @@ -37,7 +47,7 @@ metadata: name: cert-manager-config namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: cert-manager sourceRef: kind: GitRepository diff --git a/kubernetes/clusters/prod/infra/cilium-app.yaml b/kubernetes/clusters/prod/infra/cilium-app.yaml index 28894c09..9f2220ee 100644 --- a/kubernetes/clusters/prod/infra/cilium-app.yaml +++ b/kubernetes/clusters/prod/infra/cilium-app.yaml @@ -5,13 +5,19 @@ metadata: name: cilium-app namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: kube-system sourceRef: kind: GitRepository name: flux-system path: ./kubernetes/platform/cilium/app/overlays/prod prune: true + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: cilium + namespace: kube-system + --- apiVersion: kustomize.toolkit.fluxcd.io/v1 @@ -20,7 +26,7 @@ metadata: name: cilium-config namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: kube-system sourceRef: kind: GitRepository diff --git a/kubernetes/clusters/prod/infra/cloudnative-pg-app.yaml b/kubernetes/clusters/prod/infra/cloudnative-pg-app.yaml index 46f6ff1a..ea605644 100644 --- a/kubernetes/clusters/prod/infra/cloudnative-pg-app.yaml +++ b/kubernetes/clusters/prod/infra/cloudnative-pg-app.yaml @@ -5,7 +5,7 @@ metadata: name: cloudnative-pg-app namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: cnpg-system sourceRef: kind: GitRepository @@ -14,3 +14,8 @@ spec: - name: longhorn-app path: ./kubernetes/platform/cloudnative-pg/app/overlays/prod prune: true + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: cloudnative-pg + namespace: cnpg-system diff --git a/kubernetes/clusters/prod/infra/coredns-app.yaml b/kubernetes/clusters/prod/infra/coredns-app.yaml index b699ac33..7f81afb6 100644 --- a/kubernetes/clusters/prod/infra/coredns-app.yaml +++ b/kubernetes/clusters/prod/infra/coredns-app.yaml @@ -5,7 +5,7 @@ metadata: name: coredns-app namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: kube-system sourceRef: kind: GitRepository @@ -14,3 +14,8 @@ spec: - name: cilium-app path: ./kubernetes/platform/coredns/app/overlays/prod prune: true + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: coredns + namespace: kube-system diff --git a/kubernetes/clusters/prod/infra/csi-external-snapshotter-app.yaml b/kubernetes/clusters/prod/infra/csi-external-snapshotter-app.yaml index ab48a656..b3293a09 100644 --- a/kubernetes/clusters/prod/infra/csi-external-snapshotter-app.yaml +++ b/kubernetes/clusters/prod/infra/csi-external-snapshotter-app.yaml @@ -6,7 +6,7 @@ metadata: name: csi-external-snapshotter-app namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: kube-system sourceRef: kind: GitRepository diff --git a/kubernetes/clusters/prod/infra/external-secrets-app.yaml b/kubernetes/clusters/prod/infra/external-secrets-app.yaml index 8e32e2a3..9aa3d11f 100644 --- a/kubernetes/clusters/prod/infra/external-secrets-app.yaml +++ b/kubernetes/clusters/prod/infra/external-secrets-app.yaml @@ -5,13 +5,18 @@ metadata: name: external-secrets-app namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: external-secrets sourceRef: kind: GitRepository name: flux-system path: ./kubernetes/platform/external-secrets/app/overlays/prod prune: true + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: external-secrets + namespace: external-secrets --- apiVersion: kustomize.toolkit.fluxcd.io/v1 @@ -20,7 +25,7 @@ metadata: name: external-secrets-config namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: external-secrets sourceRef: kind: GitRepository diff --git a/kubernetes/clusters/prod/infra/keycloak-app.yaml b/kubernetes/clusters/prod/infra/keycloak-app.yaml index 7c3446c5..d33d7ea1 100644 --- a/kubernetes/clusters/prod/infra/keycloak-app.yaml +++ b/kubernetes/clusters/prod/infra/keycloak-app.yaml @@ -5,7 +5,7 @@ metadata: name: keycloak-db namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: keycloak sourceRef: kind: GitRepository @@ -28,7 +28,8 @@ metadata: name: keycloak-app namespace: flux-system spec: - interval: 5m + interval: 30m + timeout: 15m targetNamespace: keycloak sourceRef: kind: GitRepository @@ -37,6 +38,11 @@ spec: - name: keycloak-db path: ./kubernetes/platform/keycloak/app/overlays/prod prune: true + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: keycloak + namespace: keycloak postBuild: substituteFrom: - kind: ConfigMap diff --git a/kubernetes/clusters/prod/infra/longhorn-app.yaml b/kubernetes/clusters/prod/infra/longhorn-app.yaml index 5cd692d0..a76175ba 100644 --- a/kubernetes/clusters/prod/infra/longhorn-app.yaml +++ b/kubernetes/clusters/prod/infra/longhorn-app.yaml @@ -5,7 +5,8 @@ metadata: name: longhorn-app namespace: flux-system spec: - interval: 5m + interval: 30m + timeout: 15m targetNamespace: longhorn-system sourceRef: kind: GitRepository @@ -15,6 +16,11 @@ spec: - name: external-secrets-config path: ./kubernetes/platform/longhorn/app/overlays/prod prune: true + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: longhorn + namespace: longhorn-system postBuild: substituteFrom: - kind: ConfigMap diff --git a/kubernetes/clusters/prod/infra/minio-app.yaml b/kubernetes/clusters/prod/infra/minio-app.yaml index cb451cfb..a6d9db6d 100644 --- a/kubernetes/clusters/prod/infra/minio-app.yaml +++ b/kubernetes/clusters/prod/infra/minio-app.yaml @@ -5,7 +5,7 @@ metadata: name: minio-app namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: minio sourceRef: kind: GitRepository @@ -15,6 +15,11 @@ spec: - name: longhorn-app path: ./kubernetes/platform/minio/app/overlays/prod prune: true + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: minio + namespace: minio postBuild: substituteFrom: - kind: ConfigMap diff --git a/kubernetes/clusters/prod/infra/mongodb-operator-app.yaml b/kubernetes/clusters/prod/infra/mongodb-operator-app.yaml index fcd36455..7050fdc8 100644 --- a/kubernetes/clusters/prod/infra/mongodb-operator-app.yaml +++ b/kubernetes/clusters/prod/infra/mongodb-operator-app.yaml @@ -5,7 +5,7 @@ metadata: name: mongodb-community-operator-app namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: mongodb sourceRef: kind: GitRepository @@ -14,3 +14,8 @@ spec: - name: longhorn-app path: ./kubernetes/platform/mongodb-community-operator/app/overlays/prod prune: true + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: mongodb-community-operator + namespace: mongodb diff --git a/kubernetes/clusters/prod/infra/nginx-app.yaml b/kubernetes/clusters/prod/infra/nginx-app.yaml index 14efedf8..7cf1ee7a 100644 --- a/kubernetes/clusters/prod/infra/nginx-app.yaml +++ b/kubernetes/clusters/prod/infra/nginx-app.yaml @@ -6,13 +6,18 @@ metadata: name: ingress-nginx-app namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: nginx sourceRef: kind: GitRepository name: flux-system path: ./kubernetes/platform/nginx/app/overlays/prod prune: true + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: ingress-nginx + namespace: nginx postBuild: substitute: NGINX_LOAD_BALANCER_IP: "10.0.0.100" diff --git a/kubernetes/clusters/prod/infra/system-upgrade-app.yaml b/kubernetes/clusters/prod/infra/system-upgrade-app.yaml index e42aade4..946e715c 100644 --- a/kubernetes/clusters/prod/infra/system-upgrade-app.yaml +++ b/kubernetes/clusters/prod/infra/system-upgrade-app.yaml @@ -5,7 +5,7 @@ metadata: name: system-upgrade-app namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: system-upgrade sourceRef: kind: GitRepository @@ -20,7 +20,7 @@ metadata: name: system-upgrade-config namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: system-upgrade sourceRef: kind: GitRepository diff --git a/kubernetes/clusters/prod/infra/velero-app.yaml b/kubernetes/clusters/prod/infra/velero-app.yaml index 57732682..0348b5cc 100644 --- a/kubernetes/clusters/prod/infra/velero-app.yaml +++ b/kubernetes/clusters/prod/infra/velero-app.yaml @@ -5,7 +5,7 @@ metadata: name: velero-app namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: velero sourceRef: kind: GitRepository @@ -16,6 +16,11 @@ spec: - name: longhorn-app path: ./kubernetes/platform/velero/app/overlays/prod prune: true + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: velero + namespace: velero --- apiVersion: kustomize.toolkit.fluxcd.io/v1 @@ -24,7 +29,7 @@ metadata: name: velero-config namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: velero sourceRef: kind: GitRepository diff --git a/kubernetes/fluxcd-app-template/app.yaml b/kubernetes/fluxcd-app-template/app.yaml index 7d722927..532f7279 100644 --- a/kubernetes/fluxcd-app-template/app.yaml +++ b/kubernetes/fluxcd-app-template/app.yaml @@ -5,13 +5,18 @@ metadata: name: {{ .app_name }}-app namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: {{ .app_namespace }} sourceRef: kind: GitRepository name: flux-system path: ./kubernetes/platform/{{ .app_name }}/app/overlays/prod prune: true + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: {{ .app_name }} + namespace: {{ .app_namespace }} --- apiVersion: kustomize.toolkit.fluxcd.io/v1 @@ -20,7 +25,7 @@ metadata: name: {{ .app_name }}-config namespace: flux-system spec: - interval: 5m + interval: 30m targetNamespace: {{ .app_namespace }} sourceRef: kind: GitRepository diff --git a/kubernetes/platform/longhorn/app/base/helm.yaml b/kubernetes/platform/longhorn/app/base/helm.yaml index 6a1894ff..275b1b8f 100644 --- a/kubernetes/platform/longhorn/app/base/helm.yaml +++ b/kubernetes/platform/longhorn/app/base/helm.yaml @@ -5,6 +5,7 @@ metadata: name: longhorn spec: interval: 30m + timeout: 15m chart: spec: chart: longhorn From 2b75d4989d88610fa5060b401f4a131192380b21 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Fri, 30 Aug 2024 16:49:35 +0200 Subject: [PATCH 059/130] Adding health check to keycloak-db --- kubernetes/clusters/prod/infra/keycloak-app.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kubernetes/clusters/prod/infra/keycloak-app.yaml b/kubernetes/clusters/prod/infra/keycloak-app.yaml index d33d7ea1..14648da9 100644 --- a/kubernetes/clusters/prod/infra/keycloak-app.yaml +++ b/kubernetes/clusters/prod/infra/keycloak-app.yaml @@ -14,6 +14,11 @@ spec: - name: cloudnative-pg-app path: ./kubernetes/platform/keycloak/db/overlays/prod prune: true + healthChecks: + - apiVersion: postgresql.cnpg.io/v1 + kind: Cluster + name: keycloak-db + namespace: keycloak postBuild: substituteFrom: - kind: ConfigMap From 7e7b5c961458fc2d4772707f451375a145090e45 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Fri, 30 Aug 2024 17:08:27 +0200 Subject: [PATCH 060/130] Increase helmfile timeout configuration to 15 min --- kubernetes/clusters/bootstrap/helmfile.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/clusters/bootstrap/helmfile.yaml b/kubernetes/clusters/bootstrap/helmfile.yaml index da94f4e5..146dea71 100644 --- a/kubernetes/clusters/bootstrap/helmfile.yaml +++ b/kubernetes/clusters/bootstrap/helmfile.yaml @@ -1,7 +1,7 @@ helmDefaults: wait: true waitForJobs: true - timeout: 600 + timeout: 900 recreatePods: false force: true From 46986cd132931b809c8a11aaadb80bcbf0860bf8 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Fri, 30 Aug 2024 18:13:30 +0200 Subject: [PATCH 061/130] Avoid flux var substitution for environment variables defined in realm json file --- .../realm-config/picluster-realm.json | 42 +++++++++---------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/kubernetes/platform/keycloak/app/components/realm-config/picluster-realm.json b/kubernetes/platform/keycloak/app/components/realm-config/picluster-realm.json index c461ca36..a49f5fb0 100644 --- a/kubernetes/platform/keycloak/app/components/realm-config/picluster-realm.json +++ b/kubernetes/platform/keycloak/app/components/realm-config/picluster-realm.json @@ -6,18 +6,18 @@ "resetPasswordAllowed": true, "clients": [ { - "clientId": "${PROXY_OAUTH_CLIENT_ID}", + "clientId": "$PROXY_OAUTH_CLIENT_ID", "name": "Proxy OAuth 2.0", "description": "Proxy OAuth 2.0", "surrogateAuthRequired": false, "enabled": true, "clientAuthenticatorType": "client-secret", - "secret": "${PROXY_OAUTH_CLIENT_SECRET}", + "secret": "$PROXY_OAUTH_CLIENT_SECRET", "redirectUris": [ - "https://oauth2-proxy.picluster.ricsanfre.com/oauth2/callback" + "https://oauth2-proxy.${CLUSTER_DOMAIN}/oauth2/callback" ], "webOrigins": [ - "https://oauth2-proxy.picluster.ricsanfre.com" + "https://oauth2-proxy.${CLUSTER_DOMAIN}" ], "standardFlowEnabled": true, "directAccessGrantsEnabled": false, @@ -29,7 +29,7 @@ "protocolMapper": "oidc-audience-mapper", "consentRequired": false, "config": { - "included.client.audience": "${PROXY_OAUTH_CLIENT_ID}", + "included.client.audience": "$PROXY_OAUTH_CLIENT_ID", "id.token.claim": "true", "access.token.claim": "true" } @@ -55,22 +55,22 @@ } }, { - "clientId": "${GRAFANA_OAUTH_CLIENT_ID}", + "clientId": "$GRAFANA_OAUTH_CLIENT_ID", "name": "Grafana", "description": "Grafana", - "rootUrl": "https://monitoring.picluster.ricsanfre.com/grafana", - "adminUrl": "https://monitoring.picluster.ricsanfre.com/grafana", - "baseUrl": "https://monitoring.picluster.ricsanfre.com/grafana", + "rootUrl": "https://monitoring.${CLUSTER_DOMAIN}/grafana", + "adminUrl": "https://monitoring.${CLUSTER_DOMAIN}/grafana", + "baseUrl": "https://monitoring.${CLUSTER_DOMAIN}/grafana", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": true, "clientAuthenticatorType": "client-secret", - "secret": "${GRAFANA_OAUTH_CLIENT_SECRET}", + "secret": "$GRAFANA_OAUTH_CLIENT_SECRET", "redirectUris": [ - "https://monitoring.picluster.ricsanfre.com/grafana/login/generic_oauth" + "https://monitoring.${CLUSTER_DOMAIN}/grafana/login/generic_oauth" ], "webOrigins": [ - "https://monitoring.picluster.ricsanfre.com/grafana" + "https://monitoring.${CLUSTER_DOMAIN}/grafana" ], "standardFlowEnabled": true, "implicitFlowEnabled": false, @@ -116,22 +116,22 @@ } }, { - "clientId": "${KIALI_OAUTH_CLIENT_ID}", + "clientId": "$KIALI_OAUTH_CLIENT_ID", "name": "Kiali", "description": "Kiali - Istio Obervability platform", - "rootUrl": "https://kiali.picluster.ricsanfre.com/kiali/", - "adminUrl": "https://kiali.picluster.ricsanfre.com/kiali/", + "rootUrl": "https://kiali.${CLUSTER_DOMAIN}/kiali/", + "adminUrl": "https://kiali.${CLUSTER_DOMAIN}/kiali/", "baseUrl": "", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": true, "clientAuthenticatorType": "client-secret", - "secret": "${KIALI_OAUTH_CLIENT_SECRET}", + "secret": "$KIALI_OAUTH_CLIENT_SECRET", "redirectUris": [ - "https://kiali.picluster.ricsanfre.com/kiali/*" + "https://kiali.${CLUSTER_DOMAIN}/kiali/*" ], "webOrigins": [ - "https://kiali.picluster.ricsanfre.com" + "https://kiali.${CLUSTER_DOMAIN}" ], "notBefore": 0, "bearerOnly": false, @@ -189,14 +189,14 @@ }, "users": [ { - "username": "${PI_ADMIN_USERNAME}", - "email": "admin@picluster.ricsanfre.com", + "username": "$PI_ADMIN_USERNAME", + "email": "admin@${CLUSTER_DOMAIN}", "enabled": true, "emailVerified": true, "credentials": [ { "type": "password", - "value": "${PI_ADMIN_PASSWORD}" + "value": "$PI_ADMIN_PASSWORD" } ], "realmRoles": [ From ba92091c31bdd704f5df0766d00e40ce5d0c633a Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Fri, 30 Aug 2024 18:25:21 +0200 Subject: [PATCH 062/130] Adding comment to realm config generator --- .../keycloak/app/components/realm-config/kustomization.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kubernetes/platform/keycloak/app/components/realm-config/kustomization.yaml b/kubernetes/platform/keycloak/app/components/realm-config/kustomization.yaml index e71a6149..4974c790 100644 --- a/kubernetes/platform/keycloak/app/components/realm-config/kustomization.yaml +++ b/kubernetes/platform/keycloak/app/components/realm-config/kustomization.yaml @@ -13,6 +13,8 @@ configMapGenerator: # Generate keycloak config realm - name: keycloak-realm-configmap options: + # Disable hashing. + # Automatic replacement does not work with configMaps references in values.yaml disableNameSuffixHash: true files: - picluster-realm.json From e2155df4816d1e7b67349d6fae5a9b4d6756ef90 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sat, 31 Aug 2024 10:46:28 +0200 Subject: [PATCH 063/130] Adding oauth2-proxy flux app --- .../clusters/prod/infra/oauth2-proxy-app.yaml | 27 +++++++++ .../prod/repositories/helm/kustomization.yaml | 3 +- .../helm/oauth2-proxy-helmrepo.yaml | 9 +++ .../platform/oauth2-proxy/app/base/helm.yaml | 27 +++++++++ .../oauth2-proxy/app/base/kustomization.yaml | 13 +++++ .../app/base/kustomizeconfig.yaml | 11 ++++ .../platform/oauth2-proxy/app/base/ns.yaml | 4 ++ .../base/oauth2-proxy-external-secret.yaml | 28 ++++++++++ .../oauth2-proxy/app/base/values.yaml | 55 +++++++++++++++++++ .../app/components/ingress/helm-patch.yaml | 6 ++ .../app/components/ingress/kustomization.yaml | 16 ++++++ .../app/components/ingress/values.yaml | 20 +++++++ .../app/overlays/dev/helm-patch.yaml | 6 ++ .../app/overlays/dev/kustomization.yaml | 19 +++++++ .../oauth2-proxy/app/overlays/dev/values.yaml | 1 + .../app/overlays/prod/helm-patch.yaml | 6 ++ .../app/overlays/prod/kustomization.yaml | 22 ++++++++ .../app/overlays/prod/values.yaml | 1 + 18 files changed, 273 insertions(+), 1 deletion(-) create mode 100644 kubernetes/clusters/prod/infra/oauth2-proxy-app.yaml create mode 100644 kubernetes/clusters/prod/repositories/helm/oauth2-proxy-helmrepo.yaml create mode 100644 kubernetes/platform/oauth2-proxy/app/base/helm.yaml create mode 100644 kubernetes/platform/oauth2-proxy/app/base/kustomization.yaml create mode 100644 kubernetes/platform/oauth2-proxy/app/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/oauth2-proxy/app/base/ns.yaml create mode 100644 kubernetes/platform/oauth2-proxy/app/base/oauth2-proxy-external-secret.yaml create mode 100644 kubernetes/platform/oauth2-proxy/app/base/values.yaml create mode 100644 kubernetes/platform/oauth2-proxy/app/components/ingress/helm-patch.yaml create mode 100644 kubernetes/platform/oauth2-proxy/app/components/ingress/kustomization.yaml create mode 100644 kubernetes/platform/oauth2-proxy/app/components/ingress/values.yaml create mode 100644 kubernetes/platform/oauth2-proxy/app/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/oauth2-proxy/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/oauth2-proxy/app/overlays/dev/values.yaml create mode 100644 kubernetes/platform/oauth2-proxy/app/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/oauth2-proxy/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/oauth2-proxy/app/overlays/prod/values.yaml diff --git a/kubernetes/clusters/prod/infra/oauth2-proxy-app.yaml b/kubernetes/clusters/prod/infra/oauth2-proxy-app.yaml new file mode 100644 index 00000000..a2beb820 --- /dev/null +++ b/kubernetes/clusters/prod/infra/oauth2-proxy-app.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: oauth2-proxy-app + namespace: flux-system +spec: + interval: 30m + targetNamespace: oauth2-proxy + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: keycloak-app + path: ./kubernetes/platform/oauth2-proxy/app/overlays/prod + prune: true + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: oauth2-proxy + namespace: oauth2-proxy + postBuild: + substituteFrom: + - kind: ConfigMap + name: cluster-settings + # Use this ConfigMap if it exists, but proceed if it doesn't. + optional: true diff --git a/kubernetes/clusters/prod/repositories/helm/kustomization.yaml b/kubernetes/clusters/prod/repositories/helm/kustomization.yaml index b0a74e12..525dd7c7 100644 --- a/kubernetes/clusters/prod/repositories/helm/kustomization.yaml +++ b/kubernetes/clusters/prod/repositories/helm/kustomization.yaml @@ -11,4 +11,5 @@ resources: - longhorn-helmrepo.yaml - minio-helmrepo.yaml - mongodb-helmrepo.yaml - - vmware-tanzu-helmrepo.yaml \ No newline at end of file + - vmware-tanzu-helmrepo.yaml + - oauth2-proxy-helmrepo.yaml \ No newline at end of file diff --git a/kubernetes/clusters/prod/repositories/helm/oauth2-proxy-helmrepo.yaml b/kubernetes/clusters/prod/repositories/helm/oauth2-proxy-helmrepo.yaml new file mode 100644 index 00000000..0f259bec --- /dev/null +++ b/kubernetes/clusters/prod/repositories/helm/oauth2-proxy-helmrepo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: oauth2-proxy + namespace: flux-system +spec: + url: https://oauth2-proxy.github.io/manifests + interval: 1h \ No newline at end of file diff --git a/kubernetes/platform/oauth2-proxy/app/base/helm.yaml b/kubernetes/platform/oauth2-proxy/app/base/helm.yaml new file mode 100644 index 00000000..2bb82548 --- /dev/null +++ b/kubernetes/platform/oauth2-proxy/app/base/helm.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: oauth2-proxy +spec: + interval: 30m + chart: + spec: + chart: oauth2-proxy + version: 7.7.9 + sourceRef: + kind: HelmRepository + name: oauth2-proxy + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + valuesFrom: + - kind: ConfigMap + name: oauth2-proxy-helm-values + valuesKey: base-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/oauth2-proxy/app/base/kustomization.yaml b/kubernetes/platform/oauth2-proxy/app/base/kustomization.yaml new file mode 100644 index 00000000..31f6456b --- /dev/null +++ b/kubernetes/platform/oauth2-proxy/app/base/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - oauth2-proxy-external-secret.yaml + - helm.yaml + +configMapGenerator: + - name: oauth2-proxy-helm-values + files: + - base-values.yaml=values.yaml +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/platform/oauth2-proxy/app/base/kustomizeconfig.yaml b/kubernetes/platform/oauth2-proxy/app/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/platform/oauth2-proxy/app/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/platform/oauth2-proxy/app/base/ns.yaml b/kubernetes/platform/oauth2-proxy/app/base/ns.yaml new file mode 100644 index 00000000..ded8ae87 --- /dev/null +++ b/kubernetes/platform/oauth2-proxy/app/base/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: oauth2-proxy diff --git a/kubernetes/platform/oauth2-proxy/app/base/oauth2-proxy-external-secret.yaml b/kubernetes/platform/oauth2-proxy/app/base/oauth2-proxy-external-secret.yaml new file mode 100644 index 00000000..37e63bef --- /dev/null +++ b/kubernetes/platform/oauth2-proxy/app/base/oauth2-proxy-external-secret.yaml @@ -0,0 +1,28 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: oauth2-proxy-externalsecret + namespace: oauth2-proxy +spec: + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: oauth2-proxy-secret + data: + - secretKey: cookie-secret + remoteRef: + key: oauth2-proxy/cookie + property: cookie-secret + - secretKey: client-id + remoteRef: + key: oauth2-proxy/oauth2 + property: client-id + - secretKey: client-secret + remoteRef: + key: oauth2-proxy/oauth2 + property: client-secret + - secretKey: redis-password + remoteRef: + key: oauth2-proxy/redis + property: redis-password diff --git a/kubernetes/platform/oauth2-proxy/app/base/values.yaml b/kubernetes/platform/oauth2-proxy/app/base/values.yaml new file mode 100644 index 00000000..5dff5115 --- /dev/null +++ b/kubernetes/platform/oauth2-proxy/app/base/values.yaml @@ -0,0 +1,55 @@ +# oauth2-proxy helm values (base) +config: + # Add config annotations + annotations: {} + # OAuth client ID + # Follow instructions to configure Keycloak client + # https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/keycloak_oidc + + # clientID, clientSecret and cookieSecret stored in a Secret + existingSecret: oauth2-proxy-secret + # clientID: "proxy-oauth2" + # # OAuth client secret + # clientSecret: "Au03YXpH2wVGexoEtkrNoYCPQDEEFATr" + # # Create a new secret with the following command + # # openssl rand -base64 32 | head -c 32 | base64 + # cookieSecret: "bG5pRDBvL0VaWis3dksrZ05vYnJLclRFb2VNcVZJYkg=" + # The name of the cookie that oauth2-proxy will create + # If left empty, it will default to the release name + cookieName: "oauth2-proxy" + + # Config file + configFile: |- + # Provider config + provider="keycloak-oidc" + provider_display_name="Keycloak" + redirect_url="https://oauth2-proxy.${CLUSTER_DOMAIN}/oauth2/callback" + oidc_issuer_url="https://sso.${CLUSTER_DOMAIN}/realms/picluster" + code_challenge_method="S256" + ssl_insecure_skip_verify=true + # Upstream config + http_address="0.0.0.0:4180" + upstreams="file:///dev/null" + email_domains=["*"] + cookie_domains=["${CLUSTER_DOMAIN}"] + cookie_secure=false + scope="openid" + whitelist_domains=[".${CLUSTER_DOMAIN}"] + insecure_oidc_allow_unverified_email="true" + +sessionStorage: + # Can be one of the supported session storage cookie|redis + type: redis + redis: + existingSecret: oauth2-proxy-secret + passwordKey: redis-password +# Enabling redis backend installation +redis: + enabled: true + # standalone redis. No cluster + architecture: standalone + auth: + existingSecret: oauth2-proxy-secret + existingSecretPasswordKey: redis-password + + diff --git a/kubernetes/platform/oauth2-proxy/app/components/ingress/helm-patch.yaml b/kubernetes/platform/oauth2-proxy/app/components/ingress/helm-patch.yaml new file mode 100644 index 00000000..ca9569aa --- /dev/null +++ b/kubernetes/platform/oauth2-proxy/app/components/ingress/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: oauth2-proxy-helm-values + valuesKey: ingress-values.yaml diff --git a/kubernetes/platform/oauth2-proxy/app/components/ingress/kustomization.yaml b/kubernetes/platform/oauth2-proxy/app/components/ingress/kustomization.yaml new file mode 100644 index 00000000..53c07adf --- /dev/null +++ b/kubernetes/platform/oauth2-proxy/app/components/ingress/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# patch values.yaml? +configMapGenerator: + - name: oauth2-proxy-helm-values + behavior: merge + files: + - ingress-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: oauth2-proxy + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/oauth2-proxy/app/components/ingress/values.yaml b/kubernetes/platform/oauth2-proxy/app/components/ingress/values.yaml new file mode 100644 index 00000000..9e29912f --- /dev/null +++ b/kubernetes/platform/oauth2-proxy/app/components/ingress/values.yaml @@ -0,0 +1,20 @@ +# oauth2-proxy helm values (ingress) +ingress: + enabled: true + className: "nginx" + pathType: Prefix + path: /oauth2 + annotations: + # Enable cert-manager to create automatically the SSL certificate and store in Secret + # Possible Cluster-Issuer values: + # * 'letsencrypt-issuer' (valid TLS certificate using IONOS API) + # * 'ca-issuer' (CA-signed certificate, not valid) + cert-manager.io/cluster-issuer: letsencrypt-issuer + cert-manager.io/common-name: oauth2-proxy.${CLUSTER_DOMAIN} + nginx.ingress.kubernetes.io/proxy-buffer-size: "16k" + hosts: + - oauth2-proxy.${CLUSTER_DOMAIN} + tls: + - hosts: + - oauth2-proxy.${CLUSTER_DOMAIN} + secretName: oauth2-proxy-tls \ No newline at end of file diff --git a/kubernetes/platform/oauth2-proxy/app/overlays/dev/helm-patch.yaml b/kubernetes/platform/oauth2-proxy/app/overlays/dev/helm-patch.yaml new file mode 100644 index 00000000..a032514a --- /dev/null +++ b/kubernetes/platform/oauth2-proxy/app/overlays/dev/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: oauth2-proxy-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/oauth2-proxy/app/overlays/dev/kustomization.yaml b/kubernetes/platform/oauth2-proxy/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..30756b05 --- /dev/null +++ b/kubernetes/platform/oauth2-proxy/app/overlays/dev/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: oauth2-proxy + +resources: + - ../../base + +configMapGenerator: + - name: oauth2-proxy-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: oauth2-proxy + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/oauth2-proxy/app/overlays/dev/values.yaml b/kubernetes/platform/oauth2-proxy/app/overlays/dev/values.yaml new file mode 100644 index 00000000..f05daf5f --- /dev/null +++ b/kubernetes/platform/oauth2-proxy/app/overlays/dev/values.yaml @@ -0,0 +1 @@ +# oauth2-proxy helm values (dev overlay) diff --git a/kubernetes/platform/oauth2-proxy/app/overlays/prod/helm-patch.yaml b/kubernetes/platform/oauth2-proxy/app/overlays/prod/helm-patch.yaml new file mode 100644 index 00000000..a032514a --- /dev/null +++ b/kubernetes/platform/oauth2-proxy/app/overlays/prod/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: oauth2-proxy-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/oauth2-proxy/app/overlays/prod/kustomization.yaml b/kubernetes/platform/oauth2-proxy/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..8f188be0 --- /dev/null +++ b/kubernetes/platform/oauth2-proxy/app/overlays/prod/kustomization.yaml @@ -0,0 +1,22 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: oauth2-proxy + +resources: + - ../../base + +components: + - ../../components/ingress + +configMapGenerator: + - name: oauth2-proxy-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: oauth2-proxy + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/oauth2-proxy/app/overlays/prod/values.yaml b/kubernetes/platform/oauth2-proxy/app/overlays/prod/values.yaml new file mode 100644 index 00000000..5954d681 --- /dev/null +++ b/kubernetes/platform/oauth2-proxy/app/overlays/prod/values.yaml @@ -0,0 +1 @@ +# oauth2-proxy helm values (prod overlay) From 5ffab237760c65369114271814eac9baf14a2fc6 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 1 Sep 2024 13:05:18 +0200 Subject: [PATCH 064/130] Adding helmReleaseName and TargetNamespace to flux application template --- kubernetes/fluxcd-app-template/app/base/helm.yaml | 2 ++ kubernetes/fluxcd-app-template/boilerplate.yml | 3 +++ 2 files changed, 5 insertions(+) diff --git a/kubernetes/fluxcd-app-template/app/base/helm.yaml b/kubernetes/fluxcd-app-template/app/base/helm.yaml index 6587ef91..cda49c10 100644 --- a/kubernetes/fluxcd-app-template/app/base/helm.yaml +++ b/kubernetes/fluxcd-app-template/app/base/helm.yaml @@ -13,6 +13,8 @@ spec: kind: HelmRepository name: {{ .app_name }} namespace: flux-system + releaseName: {{ .chart_release_name }} + targetNamespace: {{ .app_namespace }} install: remediation: retries: 3 diff --git a/kubernetes/fluxcd-app-template/boilerplate.yml b/kubernetes/fluxcd-app-template/boilerplate.yml index 15ca2df2..751155d9 100644 --- a/kubernetes/fluxcd-app-template/boilerplate.yml +++ b/kubernetes/fluxcd-app-template/boilerplate.yml @@ -14,4 +14,7 @@ variables: - name: chart_version description: Enter chart version + - name: chart_release_name + description: Enter chart release name + From 9eacab4602911d0194d208e52bed67fd5d96cd6c Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 1 Sep 2024 17:52:46 +0200 Subject: [PATCH 065/130] Adding elastic-stack flux app --- .../prod/infra/elastic-stack-app.yaml | 75 +++++++++++++++++++ .../repositories/helm/elastic-helmrepo.yaml | 9 +++ .../helm/prometheus-community-helmrepo.yaml | 9 +++ .../platform/eck-operator/app/base/helm.yaml | 29 +++++++ .../eck-operator/app/base/kustomization.yaml | 12 +++ .../app/base/kustomizeconfig.yaml | 11 +++ .../platform/eck-operator/app/base/ns.yaml | 4 + .../eck-operator/app/base/values.yaml | 1 + .../app/overlays/dev/helm-patch.yaml | 6 ++ .../app/overlays/dev/kustomization.yaml | 19 +++++ .../eck-operator/app/overlays/dev/values.yaml | 1 + .../app/overlays/prod/helm-patch.yaml | 6 ++ .../app/overlays/prod/kustomization.yaml | 20 +++++ .../app/overlays/prod/values.yaml | 1 + .../elastic-stack/app/base/elasticsearch.yaml | 34 +++++++++ .../elastic-stack/app/base/kibana.yaml | 22 ++++++ .../elastic-stack/app/base/kustomization.yaml | 7 ++ .../elasticsearch-admin-externalsecret.yaml | 26 +++++++ .../elasticsearch-fluentd-externalsecret.yaml | 26 +++++++ .../elasticsearch-fluentd-role.yaml | 20 +++++ .../authentication/elasticsearch-patch.yaml | 10 +++ ...asticsearch-prometheus-externalsecret.yaml | 26 +++++++ .../elasticsearch-prometheus-role.yaml | 18 +++++ .../authentication/kustomization.yaml | 14 ++++ .../ingress/elasticsearch-ingress.yaml | 29 +++++++ .../ingress/elasticsearch-patch.yaml | 8 ++ .../app/components/ingress/helm-patch.yaml | 6 ++ .../components/ingress/kibana-ingress.yaml | 28 +++++++ .../app/components/ingress/kustomization.yaml | 18 +++++ .../components/istio/elasticsearch-patch.yaml | 12 +++ .../app/components/istio/kibana-patch.yaml | 12 +++ .../app/components/istio/kustomization.yaml | 14 ++++ .../app/overlays/dev/kustomization.yaml | 6 ++ .../app/overlays/prod/kustomization.yaml | 11 +++ .../elasticsearh-exporter-externalsecret.yaml | 20 +++++ .../base/helm.yaml | 29 +++++++ .../base/kustomization.yaml | 13 ++++ .../base/kustomizeconfig.yaml | 11 +++ .../base/servicemonitor.yaml | 20 +++++ .../base/values.yaml | 14 ++++ .../overlays/dev/helm-patch.yaml | 6 ++ .../overlays/dev/kustomization.yaml | 19 +++++ .../overlays/dev/values.yaml | 1 + .../overlays/prod/helm-patch.yaml | 6 ++ .../overlays/prod/kustomization.yaml | 19 +++++ .../overlays/prod/values.yaml | 1 + 46 files changed, 709 insertions(+) create mode 100644 kubernetes/clusters/prod/infra/elastic-stack-app.yaml create mode 100644 kubernetes/clusters/prod/repositories/helm/elastic-helmrepo.yaml create mode 100644 kubernetes/clusters/prod/repositories/helm/prometheus-community-helmrepo.yaml create mode 100644 kubernetes/platform/eck-operator/app/base/helm.yaml create mode 100644 kubernetes/platform/eck-operator/app/base/kustomization.yaml create mode 100644 kubernetes/platform/eck-operator/app/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/eck-operator/app/base/ns.yaml create mode 100644 kubernetes/platform/eck-operator/app/base/values.yaml create mode 100644 kubernetes/platform/eck-operator/app/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/eck-operator/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/eck-operator/app/overlays/dev/values.yaml create mode 100644 kubernetes/platform/eck-operator/app/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/eck-operator/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/eck-operator/app/overlays/prod/values.yaml create mode 100644 kubernetes/platform/elastic-stack/app/base/elasticsearch.yaml create mode 100644 kubernetes/platform/elastic-stack/app/base/kibana.yaml create mode 100644 kubernetes/platform/elastic-stack/app/base/kustomization.yaml create mode 100644 kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-admin-externalsecret.yaml create mode 100644 kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-fluentd-externalsecret.yaml create mode 100644 kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-fluentd-role.yaml create mode 100644 kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-patch.yaml create mode 100644 kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-prometheus-externalsecret.yaml create mode 100644 kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-prometheus-role.yaml create mode 100644 kubernetes/platform/elastic-stack/app/components/authentication/kustomization.yaml create mode 100644 kubernetes/platform/elastic-stack/app/components/ingress/elasticsearch-ingress.yaml create mode 100644 kubernetes/platform/elastic-stack/app/components/ingress/elasticsearch-patch.yaml create mode 100644 kubernetes/platform/elastic-stack/app/components/ingress/helm-patch.yaml create mode 100644 kubernetes/platform/elastic-stack/app/components/ingress/kibana-ingress.yaml create mode 100644 kubernetes/platform/elastic-stack/app/components/ingress/kustomization.yaml create mode 100644 kubernetes/platform/elastic-stack/app/components/istio/elasticsearch-patch.yaml create mode 100644 kubernetes/platform/elastic-stack/app/components/istio/kibana-patch.yaml create mode 100644 kubernetes/platform/elastic-stack/app/components/istio/kustomization.yaml create mode 100644 kubernetes/platform/elastic-stack/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/elastic-stack/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/elasticsearh-exporter-externalsecret.yaml create mode 100644 kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/helm.yaml create mode 100644 kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/kustomization.yaml create mode 100644 kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/servicemonitor.yaml create mode 100644 kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/values.yaml create mode 100644 kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/values.yaml create mode 100644 kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/values.yaml diff --git a/kubernetes/clusters/prod/infra/elastic-stack-app.yaml b/kubernetes/clusters/prod/infra/elastic-stack-app.yaml new file mode 100644 index 00000000..cce5dc0a --- /dev/null +++ b/kubernetes/clusters/prod/infra/elastic-stack-app.yaml @@ -0,0 +1,75 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: eck-operator-app + namespace: flux-system +spec: + interval: 30m + targetNamespace: elastic + sourceRef: + kind: GitRepository + name: flux-system + path: ./kubernetes/platform/eck-operator/app/overlays/prod + prune: true + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: eck-operator + namespace: elastic + +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: elastic-stack-app + namespace: flux-system +spec: + interval: 30m + targetNamespace: elastic + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: eck-operator-app + - name: longhorn-app + - name: external-secrets-config + path: ./kubernetes/platform/elastic-stack/app/overlays/prod + prune: true + healthChecks: + - apiVersion: elasticsearch.k8s.elastic.co/v1 + kind: Elasticsearch + name: efk + namespace: elastic + - apiVersion: kibana.k8s.elastic.co/v1 + kind: Kibana + name: efk + namespace: elastic + postBuild: + substituteFrom: + - kind: ConfigMap + name: cluster-settings + # Use this ConfigMap if it exists, but proceed if it doesn't. + optional: true + +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: prometheus-elasticsearch-exporter-app + namespace: flux-system +spec: + interval: 30m + targetNamespace: elastic + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: elastic-stack-app + path: ./kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/overlays/prod + prune: true + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: prometheus-elasticsearch-exporter + namespace: elastic \ No newline at end of file diff --git a/kubernetes/clusters/prod/repositories/helm/elastic-helmrepo.yaml b/kubernetes/clusters/prod/repositories/helm/elastic-helmrepo.yaml new file mode 100644 index 00000000..80563c8e --- /dev/null +++ b/kubernetes/clusters/prod/repositories/helm/elastic-helmrepo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: elastic + namespace: flux-system +spec: + url: https://helm.elastic.co + interval: 1h \ No newline at end of file diff --git a/kubernetes/clusters/prod/repositories/helm/prometheus-community-helmrepo.yaml b/kubernetes/clusters/prod/repositories/helm/prometheus-community-helmrepo.yaml new file mode 100644 index 00000000..b2831617 --- /dev/null +++ b/kubernetes/clusters/prod/repositories/helm/prometheus-community-helmrepo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: prometheus-community + namespace: flux-system +spec: + url: https://prometheus-community.github.io/helm-charts + interval: 1h \ No newline at end of file diff --git a/kubernetes/platform/eck-operator/app/base/helm.yaml b/kubernetes/platform/eck-operator/app/base/helm.yaml new file mode 100644 index 00000000..e2a51176 --- /dev/null +++ b/kubernetes/platform/eck-operator/app/base/helm.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: eck-operator +spec: + interval: 30m + chart: + spec: + chart: eck-operator + version: 2.13.0 + sourceRef: + kind: HelmRepository + name: eck-operator + namespace: flux-system + releaseName: eck-operator + targetNamespace: elastic + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + valuesFrom: + - kind: ConfigMap + name: eck-operator-helm-values + valuesKey: base-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/eck-operator/app/base/kustomization.yaml b/kubernetes/platform/eck-operator/app/base/kustomization.yaml new file mode 100644 index 00000000..d4b74536 --- /dev/null +++ b/kubernetes/platform/eck-operator/app/base/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - helm.yaml + +configMapGenerator: + - name: eck-operator-helm-values + files: + - base-values.yaml=values.yaml +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/platform/eck-operator/app/base/kustomizeconfig.yaml b/kubernetes/platform/eck-operator/app/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/platform/eck-operator/app/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/platform/eck-operator/app/base/ns.yaml b/kubernetes/platform/eck-operator/app/base/ns.yaml new file mode 100644 index 00000000..e07cd7b5 --- /dev/null +++ b/kubernetes/platform/eck-operator/app/base/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: elastic diff --git a/kubernetes/platform/eck-operator/app/base/values.yaml b/kubernetes/platform/eck-operator/app/base/values.yaml new file mode 100644 index 00000000..13368edd --- /dev/null +++ b/kubernetes/platform/eck-operator/app/base/values.yaml @@ -0,0 +1 @@ +# eck-operator helm values (base) diff --git a/kubernetes/platform/eck-operator/app/overlays/dev/helm-patch.yaml b/kubernetes/platform/eck-operator/app/overlays/dev/helm-patch.yaml new file mode 100644 index 00000000..b8f5cd66 --- /dev/null +++ b/kubernetes/platform/eck-operator/app/overlays/dev/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: eck-operator-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/eck-operator/app/overlays/dev/kustomization.yaml b/kubernetes/platform/eck-operator/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..683c7a55 --- /dev/null +++ b/kubernetes/platform/eck-operator/app/overlays/dev/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: elastic + +resources: + - ../../base + +configMapGenerator: + - name: eck-operator-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: eck-operator + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/eck-operator/app/overlays/dev/values.yaml b/kubernetes/platform/eck-operator/app/overlays/dev/values.yaml new file mode 100644 index 00000000..38091c78 --- /dev/null +++ b/kubernetes/platform/eck-operator/app/overlays/dev/values.yaml @@ -0,0 +1 @@ +# eck-operator helm values (dev overlay) diff --git a/kubernetes/platform/eck-operator/app/overlays/prod/helm-patch.yaml b/kubernetes/platform/eck-operator/app/overlays/prod/helm-patch.yaml new file mode 100644 index 00000000..b8f5cd66 --- /dev/null +++ b/kubernetes/platform/eck-operator/app/overlays/prod/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: eck-operator-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/eck-operator/app/overlays/prod/kustomization.yaml b/kubernetes/platform/eck-operator/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..e779f108 --- /dev/null +++ b/kubernetes/platform/eck-operator/app/overlays/prod/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: elastic + +resources: + - ../../base + + +configMapGenerator: + - name: eck-operator-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: eck-operator + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/eck-operator/app/overlays/prod/values.yaml b/kubernetes/platform/eck-operator/app/overlays/prod/values.yaml new file mode 100644 index 00000000..ba1d7f3c --- /dev/null +++ b/kubernetes/platform/eck-operator/app/overlays/prod/values.yaml @@ -0,0 +1 @@ +# eck-operator helm values (prod overlay) diff --git a/kubernetes/platform/elastic-stack/app/base/elasticsearch.yaml b/kubernetes/platform/elastic-stack/app/base/elasticsearch.yaml new file mode 100644 index 00000000..c67f1635 --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/base/elasticsearch.yaml @@ -0,0 +1,34 @@ +apiVersion: elasticsearch.k8s.elastic.co/v1 +kind: Elasticsearch +metadata: + name: efk + namespace: elastic + # annotations: + # "helm.sh/hook": post-install,post-upgrade +spec: + version: 8.13.0 + nodeSets: + - name: default + count: 1 + config: + node.store.allow_mmap: false + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + storageClassName: longhorn + podTemplate: + spec: + # Limiting Resources consumption + containers: + - name: elasticsearch + resources: + requests: + memory: "1Gi" + limits: + memory: "1Gi" diff --git a/kubernetes/platform/elastic-stack/app/base/kibana.yaml b/kubernetes/platform/elastic-stack/app/base/kibana.yaml new file mode 100644 index 00000000..51ac2449 --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/base/kibana.yaml @@ -0,0 +1,22 @@ +apiVersion: kibana.k8s.elastic.co/v1 +kind: Kibana +metadata: + name: efk + namespace: elastic + # annotations: + # "helm.sh/hook": post-install,post-upgrade +spec: + version: 8.13.0 + count: 1 + elasticsearchRef: + name: efk + podTemplate: + spec: + # Limiting Resources consumption + containers: + - name: kibana + resources: + requests: + memory: "1Gi" + limits: + memory: "1Gi" diff --git a/kubernetes/platform/elastic-stack/app/base/kustomization.yaml b/kubernetes/platform/elastic-stack/app/base/kustomization.yaml new file mode 100644 index 00000000..34de15b3 --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/base/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: elastic + +resources: + - elasticsearch.yaml + - kibana.yaml \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-admin-externalsecret.yaml b/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-admin-externalsecret.yaml new file mode 100644 index 00000000..b4ab6367 --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-admin-externalsecret.yaml @@ -0,0 +1,26 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: elasticsearch-admin-externalsecret + namespace: elastic +spec: + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: es-admin-user-file-realm + template: + type: kubernetes.io/basic-auth + data: + username: "{{ .username | toString }}" + password: "{{ .password | toString }}" + roles: superuser + data: + - secretKey: username + remoteRef: + key: logging/es-admin + property: user + - secretKey: password + remoteRef: + key: logging/es-admin + property: password diff --git a/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-fluentd-externalsecret.yaml b/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-fluentd-externalsecret.yaml new file mode 100644 index 00000000..06c88d0c --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-fluentd-externalsecret.yaml @@ -0,0 +1,26 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: elasticsearch-fluentd-externalsecret + namespace: elastic +spec: + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: es-fluentd-user-file-realm + template: + type: kubernetes.io/basic-auth + data: + username: "{{ .username | toString }}" + password: "{{ .password | toString }}" + roles: fluentd_role + data: + - secretKey: username + remoteRef: + key: logging/es-fluentd + property: user + - secretKey: password + remoteRef: + key: logging/es-fluentd + property: password diff --git a/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-fluentd-role.yaml b/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-fluentd-role.yaml new file mode 100644 index 00000000..e7eac332 --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-fluentd-role.yaml @@ -0,0 +1,20 @@ +kind: Secret +apiVersion: v1 +metadata: + name: es-fluentd-roles-secret + namespace: elastic +stringData: + roles.yml: |- + fluentd_role: + cluster: ['manage_index_templates', 'monitor', 'manage_ilm'] + indices: + - names: [ '*' ] + privileges: [ + 'indices:admin/create', + 'write', + 'create', + 'delete', + 'create_index', + 'manage', + 'manage_ilm' + ] \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-patch.yaml b/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-patch.yaml new file mode 100644 index 00000000..04110ad3 --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-patch.yaml @@ -0,0 +1,10 @@ +- op: add + path: /spec/auth + value: + roles: + - secretName: es-fluentd-roles-secret + - secretName: es-prometheus-roles-secret + fileRealm: + - secretName: es-admin-user-file-realm + - secretName: es-fluentd-user-file-realm + - secretName: es-prometheus-user-file-realm \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-prometheus-externalsecret.yaml b/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-prometheus-externalsecret.yaml new file mode 100644 index 00000000..0c0f9813 --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-prometheus-externalsecret.yaml @@ -0,0 +1,26 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: elasticsearch-prometheus-externalsecret + namespace: elastic +spec: + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: es-prometheus-user-file-realm + template: + type: kubernetes.io/basic-auth + data: + username: "{{ .username | toString }}" + password: "{{ .password | toString }}" + roles: prometheus_role + data: + - secretKey: username + remoteRef: + key: logging/es-prometheus + property: user + - secretKey: password + remoteRef: + key: logging/es-prometheus + property: password diff --git a/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-prometheus-role.yaml b/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-prometheus-role.yaml new file mode 100644 index 00000000..1227497d --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/components/authentication/elasticsearch-prometheus-role.yaml @@ -0,0 +1,18 @@ +kind: Secret +apiVersion: v1 +metadata: + name: es-prometheus-roles-secret + namespace: elastic +stringData: + roles.yml: |- + prometheus_role: + cluster: [ + 'cluster:monitor/health', + 'cluster:monitor/nodes/stats', + 'cluster:monitor/state', + 'cluster:monitor/nodes/info', + 'cluster:monitor/prometheus/metrics' + ] + indices: + - names: [ '*' ] + privileges: [ 'indices:admin/aliases/get', 'indices:admin/mappings/get', 'indices:monitor/stats', 'indices:data/read/search' ] \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/app/components/authentication/kustomization.yaml b/kubernetes/platform/elastic-stack/app/components/authentication/kustomization.yaml new file mode 100644 index 00000000..d2cc54ce --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/components/authentication/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - elasticsearch-admin-externalsecret.yaml + - elasticsearch-fluentd-externalsecret.yaml + - elasticsearch-prometheus-externalsecret.yaml + +patches: +- target: + group: elasticsearch.k8s.elastic.co + kind: Elasticsearch + name: efk + path: elasticsearch-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/app/components/ingress/elasticsearch-ingress.yaml b/kubernetes/platform/elastic-stack/app/components/ingress/elasticsearch-ingress.yaml new file mode 100644 index 00000000..08eb06ce --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/components/ingress/elasticsearch-ingress.yaml @@ -0,0 +1,29 @@ +# HTTPS Ingress +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: elasticsearch-ingress + namespace: elastic + annotations: + # Linkerd configuration. Configure Service as Upstream + nginx.ingress.kubernetes.io/service-upstream: "true" + # Enable cert-manager to create automatically the SSL certificate and store in Secret + cert-manager.io/cluster-issuer: letsencrypt-issuer + cert-manager.io/common-name: elasticsearch.${CLUSTER_DOMAIN} +spec: + ingressClassName: nginx + tls: + - hosts: + - elasticsearch.${CLUSTER_DOMAIN} + secretName: elasticsearch-tls + rules: + - host: elasticsearch.${CLUSTER_DOMAIN} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: efk-es-http + port: + number: 9200 diff --git a/kubernetes/platform/elastic-stack/app/components/ingress/elasticsearch-patch.yaml b/kubernetes/platform/elastic-stack/app/components/ingress/elasticsearch-patch.yaml new file mode 100644 index 00000000..91662fb3 --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/components/ingress/elasticsearch-patch.yaml @@ -0,0 +1,8 @@ + # Disable TLS endpoints +- op: add + path: /spec/http + value: + tls: + selfSignedCertificate: + disabled: true + \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/app/components/ingress/helm-patch.yaml b/kubernetes/platform/elastic-stack/app/components/ingress/helm-patch.yaml new file mode 100644 index 00000000..83cf6d0d --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/components/ingress/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: longhorn-helm-values + valuesKey: ingress-values.yaml diff --git a/kubernetes/platform/elastic-stack/app/components/ingress/kibana-ingress.yaml b/kubernetes/platform/elastic-stack/app/components/ingress/kibana-ingress.yaml new file mode 100644 index 00000000..58db4344 --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/components/ingress/kibana-ingress.yaml @@ -0,0 +1,28 @@ +--- +# HTTPS Ingress +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kibana-ingress + namespace: elastic + annotations: + # Enable cert-manager to create automatically the SSL certificate and store in Secret + cert-manager.io/cluster-issuer: letsencrypt-issuer + cert-manager.io/common-name: kibana.${CLUSTER_DOMAIN} +spec: + ingressClassName: nginx + tls: + - hosts: + - kibana.${CLUSTER_DOMAIN} + secretName: kibana-tls + rules: + - host: kibana.${CLUSTER_DOMAIN} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: efk-kb-http + port: + number: 5601 diff --git a/kubernetes/platform/elastic-stack/app/components/ingress/kustomization.yaml b/kubernetes/platform/elastic-stack/app/components/ingress/kustomization.yaml new file mode 100644 index 00000000..d6152c01 --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/components/ingress/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - elasticsearch-ingress.yaml + - kibana-ingress.yaml + +patches: +- target: + group: elasticsearch.k8s.elastic.co + kind: Elasticsearch + name: efk + path: elasticsearch-patch.yaml +- target: + group: kibana.k8s.elastic.co + kind: Kibana + name: efk + path: elasticsearch-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/app/components/istio/elasticsearch-patch.yaml b/kubernetes/platform/elastic-stack/app/components/istio/elasticsearch-patch.yaml new file mode 100644 index 00000000..8d778c8d --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/components/istio/elasticsearch-patch.yaml @@ -0,0 +1,12 @@ + # Disable TLS endpoints +- op: add + path: /spec/http + value: + tls: + selfSignedCertificate: + disabled: true + # Enabling service account token +- op: add + path: /spec/nodeSets/0/podTemplate/spec/automountServiceAccountToken + value: + true \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/app/components/istio/kibana-patch.yaml b/kubernetes/platform/elastic-stack/app/components/istio/kibana-patch.yaml new file mode 100644 index 00000000..38178c5c --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/components/istio/kibana-patch.yaml @@ -0,0 +1,12 @@ + # Disable TLS endpoints +- op: add + path: /spec/http + value: + tls: + selfSignedCertificate: + disabled: true + # Enabling service account token +- op: add + path: /spec/podTemplate/spec/automountServiceAccountToken + value: + true \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/app/components/istio/kustomization.yaml b/kubernetes/platform/elastic-stack/app/components/istio/kustomization.yaml new file mode 100644 index 00000000..bfd0c47d --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/components/istio/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +patches: +- target: + group: elasticsearch.k8s.elastic.co + kind: Elasticsearch + name: efk + path: elasticsearch-patch.yaml +- target: + group: kibana.k8s.elastic.co + kind: Kibana + name: efk + path: kibana-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/app/overlays/dev/kustomization.yaml b/kubernetes/platform/elastic-stack/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..6d916724 --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/overlays/dev/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: elastic + +resources: + - ../../base \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/app/overlays/prod/kustomization.yaml b/kubernetes/platform/elastic-stack/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..593cb88c --- /dev/null +++ b/kubernetes/platform/elastic-stack/app/overlays/prod/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: elastic + +resources: + - ../../base + +components: + - ../../components/authentication + - ../../components/ingress + - ../../components/istio \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/elasticsearh-exporter-externalsecret.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/elasticsearh-exporter-externalsecret.yaml new file mode 100644 index 00000000..2834aebd --- /dev/null +++ b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/elasticsearh-exporter-externalsecret.yaml @@ -0,0 +1,20 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: prom-elasticsearch-exporter-externalsecret + namespace: fluent +spec: + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: elasticsearch-exporter-secrets + data: + - secretKey: username + remoteRef: + key: logging/es-prometheus + property: user + - secretKey: password + remoteRef: + key: logging/es-prometheus + property: password diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/helm.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/helm.yaml new file mode 100644 index 00000000..5bfb8e88 --- /dev/null +++ b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/helm.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: prometheus-elasticsearch-exporter +spec: + interval: 30m + chart: + spec: + chart: prometheus-elasticsearch-exporter + version: 6.0.0 + sourceRef: + kind: HelmRepository + name: prometheus-community + namespace: flux-system + releaseName: prometheus-elasticsearch-exporter + targetNamespace: elastic + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + valuesFrom: + - kind: ConfigMap + name: prometheus-elasticsearch-exporter-helm-values + valuesKey: base-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/kustomization.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/kustomization.yaml new file mode 100644 index 00000000..0c6f3a87 --- /dev/null +++ b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - elasticsearch-exporter-externalsecret.yaml + - helm.yaml + - servicemonitor.yaml + +configMapGenerator: + - name: prometheus-elasticsearch-exporter-helm-values + files: + - base-values.yaml=values.yaml +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/kustomizeconfig.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/servicemonitor.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/servicemonitor.yaml new file mode 100644 index 00000000..2c32cf6f --- /dev/null +++ b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/servicemonitor.yaml @@ -0,0 +1,20 @@ +# Elasticsearch ServiceMonitor +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app: prometheus-elasticsearch-exporter + release: kube-prometheus-stack + name: elasticsearch-prometheus-servicemonitor + namespace: elastic +spec: + endpoints: + - port: http + path: /metrics + namespaceSelector: + matchNames: + - elastic + selector: + matchLabels: + app: prometheus-elasticsearch-exporter + diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/values.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/values.yaml new file mode 100644 index 00000000..bfaee4d9 --- /dev/null +++ b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/values.yaml @@ -0,0 +1,14 @@ +# prometheus-elasticsearch-exporter helm values (base) + +# Elastic search passord from secret +extraEnvSecrets: + ES_USERNAME: + secret: elasticsearch-exporter-secrets + key: username + ES_PASSWORD: + secret: elasticsearch-exporter-secrets + key: password + +# Elastic search URI +es: + uri: http://efk-es-http:9200 diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/helm-patch.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/helm-patch.yaml new file mode 100644 index 00000000..704358f3 --- /dev/null +++ b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: prometheus-elasticsearch-exporter-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/kustomization.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..4bc62ec0 --- /dev/null +++ b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: elastic + +resources: + - ../../base + +configMapGenerator: + - name: prometheus-elasticsearch-exporter-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: prometheus-elasticsearch-exporter + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/values.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/values.yaml new file mode 100644 index 00000000..adee9a70 --- /dev/null +++ b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/values.yaml @@ -0,0 +1 @@ +# prometheus-elasticsearch-exporter helm values (dev overlay) diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/helm-patch.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/helm-patch.yaml new file mode 100644 index 00000000..704358f3 --- /dev/null +++ b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: prometheus-elasticsearch-exporter-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/kustomization.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..4bc62ec0 --- /dev/null +++ b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: elastic + +resources: + - ../../base + +configMapGenerator: + - name: prometheus-elasticsearch-exporter-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: prometheus-elasticsearch-exporter + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/values.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/values.yaml new file mode 100644 index 00000000..de3fc6a3 --- /dev/null +++ b/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/values.yaml @@ -0,0 +1 @@ +# prometheus-elasticsearch-exporter helm values (prod overlay) From 0ae1436b076c8df004c7cc588a65dc82ba6b15a3 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 1 Sep 2024 18:02:00 +0200 Subject: [PATCH 066/130] Adding missing repos --- .../clusters/prod/repositories/helm/fluent-helmrepo.yaml | 9 +++++++++ .../prod/repositories/helm/grafana-helmrepo.yaml | 9 +++++++++ .../clusters/prod/repositories/helm/kustomization.yaml | 6 +++++- kubernetes/platform/eck-operator/app/base/helm.yaml | 2 +- 4 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 kubernetes/clusters/prod/repositories/helm/fluent-helmrepo.yaml create mode 100644 kubernetes/clusters/prod/repositories/helm/grafana-helmrepo.yaml diff --git a/kubernetes/clusters/prod/repositories/helm/fluent-helmrepo.yaml b/kubernetes/clusters/prod/repositories/helm/fluent-helmrepo.yaml new file mode 100644 index 00000000..5310a4ab --- /dev/null +++ b/kubernetes/clusters/prod/repositories/helm/fluent-helmrepo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: fluent + namespace: flux-system +spec: + url: https://fluent.github.io/helm-charts + interval: 1h \ No newline at end of file diff --git a/kubernetes/clusters/prod/repositories/helm/grafana-helmrepo.yaml b/kubernetes/clusters/prod/repositories/helm/grafana-helmrepo.yaml new file mode 100644 index 00000000..41ed9a09 --- /dev/null +++ b/kubernetes/clusters/prod/repositories/helm/grafana-helmrepo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: grafana + namespace: flux-system +spec: + url: https://grafana.github.io/helm-charts + interval: 1h \ No newline at end of file diff --git a/kubernetes/clusters/prod/repositories/helm/kustomization.yaml b/kubernetes/clusters/prod/repositories/helm/kustomization.yaml index 525dd7c7..e3efed5e 100644 --- a/kubernetes/clusters/prod/repositories/helm/kustomization.yaml +++ b/kubernetes/clusters/prod/repositories/helm/kustomization.yaml @@ -12,4 +12,8 @@ resources: - minio-helmrepo.yaml - mongodb-helmrepo.yaml - vmware-tanzu-helmrepo.yaml - - oauth2-proxy-helmrepo.yaml \ No newline at end of file + - oauth2-proxy-helmrepo.yaml + - elastic-helmrepo.yaml + - prometheus-community-helmrepo.yaml + - grafana-helmrepo.yaml + - fluent-helmrepo.yaml \ No newline at end of file diff --git a/kubernetes/platform/eck-operator/app/base/helm.yaml b/kubernetes/platform/eck-operator/app/base/helm.yaml index e2a51176..742ad9f1 100644 --- a/kubernetes/platform/eck-operator/app/base/helm.yaml +++ b/kubernetes/platform/eck-operator/app/base/helm.yaml @@ -11,7 +11,7 @@ spec: version: 2.13.0 sourceRef: kind: HelmRepository - name: eck-operator + name: elastic namespace: flux-system releaseName: eck-operator targetNamespace: elastic From 4f78eae05230325990d73f22367bcd08908e8288 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 1 Sep 2024 19:06:51 +0200 Subject: [PATCH 067/130] Fixing typo --- .../base/elasticsearh-exporter-externalsecret.yaml | 0 .../base/helm.yaml | 0 .../base/kustomization.yaml | 0 .../base/kustomizeconfig.yaml | 0 .../base/servicemonitor.yaml | 0 .../base/values.yaml | 0 .../overlays/dev/helm-patch.yaml | 0 .../overlays/dev/kustomization.yaml | 0 .../overlays/dev/values.yaml | 0 .../overlays/prod/helm-patch.yaml | 0 .../overlays/prod/kustomization.yaml | 0 .../overlays/prod/values.yaml | 0 12 files changed, 0 insertions(+), 0 deletions(-) rename kubernetes/platform/elastic-stack/{prometheus-elasticsearh-exporter => prometheus-elasticsearch-exporter}/base/elasticsearh-exporter-externalsecret.yaml (100%) rename kubernetes/platform/elastic-stack/{prometheus-elasticsearh-exporter => prometheus-elasticsearch-exporter}/base/helm.yaml (100%) rename kubernetes/platform/elastic-stack/{prometheus-elasticsearh-exporter => prometheus-elasticsearch-exporter}/base/kustomization.yaml (100%) rename kubernetes/platform/elastic-stack/{prometheus-elasticsearh-exporter => prometheus-elasticsearch-exporter}/base/kustomizeconfig.yaml (100%) rename kubernetes/platform/elastic-stack/{prometheus-elasticsearh-exporter => prometheus-elasticsearch-exporter}/base/servicemonitor.yaml (100%) rename kubernetes/platform/elastic-stack/{prometheus-elasticsearh-exporter => prometheus-elasticsearch-exporter}/base/values.yaml (100%) rename kubernetes/platform/elastic-stack/{prometheus-elasticsearh-exporter => prometheus-elasticsearch-exporter}/overlays/dev/helm-patch.yaml (100%) rename kubernetes/platform/elastic-stack/{prometheus-elasticsearh-exporter => prometheus-elasticsearch-exporter}/overlays/dev/kustomization.yaml (100%) rename kubernetes/platform/elastic-stack/{prometheus-elasticsearh-exporter => prometheus-elasticsearch-exporter}/overlays/dev/values.yaml (100%) rename kubernetes/platform/elastic-stack/{prometheus-elasticsearh-exporter => prometheus-elasticsearch-exporter}/overlays/prod/helm-patch.yaml (100%) rename kubernetes/platform/elastic-stack/{prometheus-elasticsearh-exporter => prometheus-elasticsearch-exporter}/overlays/prod/kustomization.yaml (100%) rename kubernetes/platform/elastic-stack/{prometheus-elasticsearh-exporter => prometheus-elasticsearch-exporter}/overlays/prod/values.yaml (100%) diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/elasticsearh-exporter-externalsecret.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/base/elasticsearh-exporter-externalsecret.yaml similarity index 100% rename from kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/elasticsearh-exporter-externalsecret.yaml rename to kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/base/elasticsearh-exporter-externalsecret.yaml diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/helm.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/base/helm.yaml similarity index 100% rename from kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/helm.yaml rename to kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/base/helm.yaml diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/kustomization.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/base/kustomization.yaml similarity index 100% rename from kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/kustomization.yaml rename to kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/base/kustomization.yaml diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/kustomizeconfig.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/base/kustomizeconfig.yaml similarity index 100% rename from kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/kustomizeconfig.yaml rename to kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/base/kustomizeconfig.yaml diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/servicemonitor.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/base/servicemonitor.yaml similarity index 100% rename from kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/servicemonitor.yaml rename to kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/base/servicemonitor.yaml diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/values.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/base/values.yaml similarity index 100% rename from kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/base/values.yaml rename to kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/base/values.yaml diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/helm-patch.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/overlays/dev/helm-patch.yaml similarity index 100% rename from kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/helm-patch.yaml rename to kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/overlays/dev/helm-patch.yaml diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/kustomization.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/overlays/dev/kustomization.yaml similarity index 100% rename from kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/kustomization.yaml rename to kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/overlays/dev/kustomization.yaml diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/values.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/overlays/dev/values.yaml similarity index 100% rename from kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/dev/values.yaml rename to kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/overlays/dev/values.yaml diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/helm-patch.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/overlays/prod/helm-patch.yaml similarity index 100% rename from kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/helm-patch.yaml rename to kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/overlays/prod/helm-patch.yaml diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/kustomization.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/overlays/prod/kustomization.yaml similarity index 100% rename from kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/kustomization.yaml rename to kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/overlays/prod/kustomization.yaml diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/values.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/overlays/prod/values.yaml similarity index 100% rename from kubernetes/platform/elastic-stack/prometheus-elasticsearh-exporter/overlays/prod/values.yaml rename to kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/overlays/prod/values.yaml From 7b51ed3b4a314834fc8024cccb6ffb4337101b6e Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 1 Sep 2024 19:11:45 +0200 Subject: [PATCH 068/130] fixing typo --- ...rnalsecret.yaml => elasticsearch-exporter-externalsecret.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/base/{elasticsearh-exporter-externalsecret.yaml => elasticsearch-exporter-externalsecret.yaml} (100%) diff --git a/kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/base/elasticsearh-exporter-externalsecret.yaml b/kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/base/elasticsearch-exporter-externalsecret.yaml similarity index 100% rename from kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/base/elasticsearh-exporter-externalsecret.yaml rename to kubernetes/platform/elastic-stack/prometheus-elasticsearch-exporter/base/elasticsearch-exporter-externalsecret.yaml From 1aa25a9f40e30e86a9869e871bf1e524b2cb0cc2 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 1 Sep 2024 19:18:15 +0200 Subject: [PATCH 069/130] Adding loki flux app --- kubernetes/clusters/prod/infra/loki-app.yaml | 22 +++ kubernetes/platform/loki/app/base/helm.yaml | 32 ++++ .../platform/loki/app/base/kustomization.yaml | 13 ++ .../loki/app/base/kustomizeconfig.yaml | 11 ++ .../loki/app/base/loki-externalsecret.yaml | 25 ++++ kubernetes/platform/loki/app/base/ns.yaml | 4 + kubernetes/platform/loki/app/base/values.yaml | 137 ++++++++++++++++++ .../loki/app/overlays/dev/helm-patch.yaml | 6 + .../loki/app/overlays/dev/kustomization.yaml | 19 +++ .../loki/app/overlays/dev/values.yaml | 1 + .../loki/app/overlays/prod/helm-patch.yaml | 6 + .../loki/app/overlays/prod/kustomization.yaml | 20 +++ .../loki/app/overlays/prod/values.yaml | 1 + 13 files changed, 297 insertions(+) create mode 100644 kubernetes/clusters/prod/infra/loki-app.yaml create mode 100644 kubernetes/platform/loki/app/base/helm.yaml create mode 100644 kubernetes/platform/loki/app/base/kustomization.yaml create mode 100644 kubernetes/platform/loki/app/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/loki/app/base/loki-externalsecret.yaml create mode 100644 kubernetes/platform/loki/app/base/ns.yaml create mode 100644 kubernetes/platform/loki/app/base/values.yaml create mode 100644 kubernetes/platform/loki/app/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/loki/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/loki/app/overlays/dev/values.yaml create mode 100644 kubernetes/platform/loki/app/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/loki/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/loki/app/overlays/prod/values.yaml diff --git a/kubernetes/clusters/prod/infra/loki-app.yaml b/kubernetes/clusters/prod/infra/loki-app.yaml new file mode 100644 index 00000000..b9992ff2 --- /dev/null +++ b/kubernetes/clusters/prod/infra/loki-app.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: loki-app + namespace: flux-system +spec: + interval: 30m + targetNamespace: loki + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: external-secrets-config + - name: minio-app + path: ./kubernetes/platform/loki/app/overlays/prod + prune: true + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: loki + namespace: loki \ No newline at end of file diff --git a/kubernetes/platform/loki/app/base/helm.yaml b/kubernetes/platform/loki/app/base/helm.yaml new file mode 100644 index 00000000..a071c1e8 --- /dev/null +++ b/kubernetes/platform/loki/app/base/helm.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: loki +spec: + interval: 30m + chart: + spec: + chart: loki + version: 6.7.1 + sourceRef: + kind: HelmRepository + name: grafana + namespace: flux-system + releaseName: loki + targetNamespace: loki + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + dependsOn: + - name: minio + namespace: minio + valuesFrom: + - kind: ConfigMap + name: loki-helm-values + valuesKey: base-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/loki/app/base/kustomization.yaml b/kubernetes/platform/loki/app/base/kustomization.yaml new file mode 100644 index 00000000..b7daf883 --- /dev/null +++ b/kubernetes/platform/loki/app/base/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - loki-externalsecret.yaml + - helm.yaml + +configMapGenerator: + - name: loki-helm-values + files: + - base-values.yaml=values.yaml +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/platform/loki/app/base/kustomizeconfig.yaml b/kubernetes/platform/loki/app/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/platform/loki/app/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/platform/loki/app/base/loki-externalsecret.yaml b/kubernetes/platform/loki/app/base/loki-externalsecret.yaml new file mode 100644 index 00000000..f75bbfeb --- /dev/null +++ b/kubernetes/platform/loki/app/base/loki-externalsecret.yaml @@ -0,0 +1,25 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: loki-externalsecret + namespace: loki +spec: + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: loki-minio-secret + template: + engineVersion: v2 + data: + MINIO_ACCESS_KEY_ID: "{{ .user | toString }}" + MINIO_SECRET_ACCESS_KEY: "{{ .key | toString }}" + data: + - secretKey: user + remoteRef: + key: minio/loki + property: user + - secretKey: key + remoteRef: + key: minio/loki + property: key diff --git a/kubernetes/platform/loki/app/base/ns.yaml b/kubernetes/platform/loki/app/base/ns.yaml new file mode 100644 index 00000000..df625364 --- /dev/null +++ b/kubernetes/platform/loki/app/base/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: loki diff --git a/kubernetes/platform/loki/app/base/values.yaml b/kubernetes/platform/loki/app/base/values.yaml new file mode 100644 index 00000000..a4103019 --- /dev/null +++ b/kubernetes/platform/loki/app/base/values.yaml @@ -0,0 +1,137 @@ +# loki helm values (base) + +# Setting simple scalable deployment mode +deploymentMode: SimpleScalable + +loki: + # Disable multi-tenant support + auth_enabled: false + + # S3 backend storage configuration + storage: + bucketNames: + chunks: k3s-loki + ruler: k3s-loki + type: s3 + s3: + endpoint: minio.minio:9000 + secretAccessKey: $MINIO_SECRET_ACCESS_KEY + accessKeyId: $MINIO_ACCESS_KEY_ID + s3ForcePathStyle: true + insecure: true + http_config: + idle_conn_timeout: 90s + response_header_timeout: 0s + insecure_skip_verify: false + # Storage Schema + schemaConfig: + configs: + - from: 2024-04-01 + store: tsdb + index: + prefix: loki_index_ + period: 24h + object_store: s3 + schema: v13 + +# Configuration for the write +write: + # Number of replicas for the write + replicas: 2 + persistence: + # -- Size of persistent disk + size: 10Gi + # -- Storage class to be used. + storageClass: longhorn + + # Enable environment variables in config file + # https://grafana.com/docs/loki/latest/configuration/#use-environment-variables-in-the-configuration + extraArgs: + - '-config.expand-env=true' + extraEnv: + - name: MINIO_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: loki-minio-secret + key: MINIO_ACCESS_KEY_ID + - name: MINIO_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: loki-minio-secret + key: MINIO_SECRET_ACCESS_KEY + +# Configuration for the read +read: + # Number of replicas for the read + replicas: 2 + persistence: + # -- Size of persistent disk + size: 10Gi + # -- Storage class to be used. + storageClass: longhorn + + # Enable environment variables in config file + # https://grafana.com/docs/loki/latest/configuration/#use-environment-variables-in-the-configuration + extraArgs: + - '-config.expand-env=true' + extraEnv: + - name: MINIO_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: loki-minio-secret + key: MINIO_ACCESS_KEY_ID + - name: MINIO_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: loki-minio-secret + key: MINIO_SECRET_ACCESS_KEY + +# Configuration for the backend +backend: + # Number of replicas for the backend + replicas: 3 + persistence: + # -- Size of persistent disk + size: 10Gi + # -- Storage class to be used. + storageClass: longhorn + + # Enable environment variables in config file + # https://grafana.com/docs/loki/latest/configuration/#use-environment-variables-in-the-configuration + extraArgs: + - '-config.expand-env=true' + extraEnv: + - name: MINIO_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: loki-minio-secret + key: MINIO_ACCESS_KEY_ID + - name: MINIO_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: loki-minio-secret + key: MINIO_SECRET_ACCESS_KEY + +# Configuration for the gateway +gateway: + # -- Specifies whether the gateway should be enabled + enabled: true + # -- Number of replicas for the gateway + replicas: 1 + +# Disable mino installation +minio: + enabled: false + +# Disable self-monitoring +monitoring: + selfMonitoring: + enabled: false + grafanaAgent: + installOperator: false + lokiCanary: + enabled: false + +# Disable helm-test +test: + enabled: false \ No newline at end of file diff --git a/kubernetes/platform/loki/app/overlays/dev/helm-patch.yaml b/kubernetes/platform/loki/app/overlays/dev/helm-patch.yaml new file mode 100644 index 00000000..752d75cb --- /dev/null +++ b/kubernetes/platform/loki/app/overlays/dev/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: loki-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/loki/app/overlays/dev/kustomization.yaml b/kubernetes/platform/loki/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..9e85b61c --- /dev/null +++ b/kubernetes/platform/loki/app/overlays/dev/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: loki + +resources: + - ../../base + +configMapGenerator: + - name: loki-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: loki + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/loki/app/overlays/dev/values.yaml b/kubernetes/platform/loki/app/overlays/dev/values.yaml new file mode 100644 index 00000000..71ae2928 --- /dev/null +++ b/kubernetes/platform/loki/app/overlays/dev/values.yaml @@ -0,0 +1 @@ +# loki helm values (dev overlay) diff --git a/kubernetes/platform/loki/app/overlays/prod/helm-patch.yaml b/kubernetes/platform/loki/app/overlays/prod/helm-patch.yaml new file mode 100644 index 00000000..752d75cb --- /dev/null +++ b/kubernetes/platform/loki/app/overlays/prod/helm-patch.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/valuesFrom/- + value: + kind: ConfigMap + name: loki-helm-values + valuesKey: overlay-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/loki/app/overlays/prod/kustomization.yaml b/kubernetes/platform/loki/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..2cfd42d3 --- /dev/null +++ b/kubernetes/platform/loki/app/overlays/prod/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: loki + +resources: + - ../../base + + +configMapGenerator: + - name: loki-helm-values + behavior: merge + files: + - overlay-values.yaml=values.yaml + +patches: +- target: + group: helm.toolkit.fluxcd.io + kind: HelmRelease + name: loki + path: helm-patch.yaml \ No newline at end of file diff --git a/kubernetes/platform/loki/app/overlays/prod/values.yaml b/kubernetes/platform/loki/app/overlays/prod/values.yaml new file mode 100644 index 00000000..3caf71d9 --- /dev/null +++ b/kubernetes/platform/loki/app/overlays/prod/values.yaml @@ -0,0 +1 @@ +# loki helm values (prod overlay) From 2119412d0821ab2a7375612d895866f29c07f861 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sun, 1 Sep 2024 19:23:02 +0200 Subject: [PATCH 070/130] Adding fluentd/fluent-bit flux app --- .../clusters/prod/infra/fluent-app.yaml | 48 +++ .../app/base/fluent-bit-externalsecret.yaml | 24 ++ .../platform/fluent-bit/app/base/helm.yaml | 29 ++ .../fluent-bit/app/base/kustomization.yaml | 21 ++ .../fluent-bit/app/base/kustomizeconfig.yaml | 11 + .../platform/fluent-bit/app/base/ns.yaml | 4 + .../fluent-bit/app/base/servicemonitor.yaml | 27 ++ .../platform/fluent-bit/app/base/values.yaml | 183 ++++++++++ .../app/components/componentX/helm-patch.yaml | 6 + .../components/componentX/kustomization.yaml | 16 + .../app/components/componentX/values.yaml | 1 + .../app/overlays/dev/helm-patch.yaml | 6 + .../app/overlays/dev/kustomization.yaml | 19 + .../fluent-bit/app/overlays/dev/values.yaml | 1 + .../app/overlays/prod/helm-patch.yaml | 6 + .../app/overlays/prod/kustomization.yaml | 22 ++ .../fluent-bit/app/overlays/prod/values.yaml | 1 + kubernetes/platform/fluentd/app.yaml | 48 +++ .../fluentd/app/base/fluentd-certificate.yaml | 25 ++ .../base/fluentd-elastic-templates-cm.yaml | 52 +++ .../app/base/fluentd-externalsecret.yaml | 24 ++ .../fluentd/app/base/fluentd-extservice.yaml | 20 ++ .../platform/fluentd/app/base/helm.yaml | 29 ++ .../fluentd/app/base/kustomization.yaml | 26 ++ .../fluentd/app/base/kustomizeconfig.yaml | 11 + kubernetes/platform/fluentd/app/base/ns.yaml | 4 + .../fluentd/app/base/servicemonitor.yaml | 23 ++ .../platform/fluentd/app/base/values.yaml | 326 ++++++++++++++++++ .../fluentd/app/overlays/dev/helm-patch.yaml | 6 + .../app/overlays/dev/kustomization.yaml | 19 + .../fluentd/app/overlays/dev/values.yaml | 1 + .../fluentd/app/overlays/prod/helm-patch.yaml | 6 + .../app/overlays/prod/kustomization.yaml | 20 ++ .../fluentd/app/overlays/prod/values.yaml | 1 + 34 files changed, 1066 insertions(+) create mode 100644 kubernetes/clusters/prod/infra/fluent-app.yaml create mode 100644 kubernetes/platform/fluent-bit/app/base/fluent-bit-externalsecret.yaml create mode 100644 kubernetes/platform/fluent-bit/app/base/helm.yaml create mode 100644 kubernetes/platform/fluent-bit/app/base/kustomization.yaml create mode 100644 kubernetes/platform/fluent-bit/app/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/fluent-bit/app/base/ns.yaml create mode 100644 kubernetes/platform/fluent-bit/app/base/servicemonitor.yaml create mode 100644 kubernetes/platform/fluent-bit/app/base/values.yaml create mode 100644 kubernetes/platform/fluent-bit/app/components/componentX/helm-patch.yaml create mode 100644 kubernetes/platform/fluent-bit/app/components/componentX/kustomization.yaml create mode 100644 kubernetes/platform/fluent-bit/app/components/componentX/values.yaml create mode 100644 kubernetes/platform/fluent-bit/app/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/fluent-bit/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/fluent-bit/app/overlays/dev/values.yaml create mode 100644 kubernetes/platform/fluent-bit/app/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/fluent-bit/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/fluent-bit/app/overlays/prod/values.yaml create mode 100644 kubernetes/platform/fluentd/app.yaml create mode 100644 kubernetes/platform/fluentd/app/base/fluentd-certificate.yaml create mode 100644 kubernetes/platform/fluentd/app/base/fluentd-elastic-templates-cm.yaml create mode 100644 kubernetes/platform/fluentd/app/base/fluentd-externalsecret.yaml create mode 100644 kubernetes/platform/fluentd/app/base/fluentd-extservice.yaml create mode 100644 kubernetes/platform/fluentd/app/base/helm.yaml create mode 100644 kubernetes/platform/fluentd/app/base/kustomization.yaml create mode 100644 kubernetes/platform/fluentd/app/base/kustomizeconfig.yaml create mode 100644 kubernetes/platform/fluentd/app/base/ns.yaml create mode 100644 kubernetes/platform/fluentd/app/base/servicemonitor.yaml create mode 100644 kubernetes/platform/fluentd/app/base/values.yaml create mode 100644 kubernetes/platform/fluentd/app/overlays/dev/helm-patch.yaml create mode 100644 kubernetes/platform/fluentd/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/platform/fluentd/app/overlays/dev/values.yaml create mode 100644 kubernetes/platform/fluentd/app/overlays/prod/helm-patch.yaml create mode 100644 kubernetes/platform/fluentd/app/overlays/prod/kustomization.yaml create mode 100644 kubernetes/platform/fluentd/app/overlays/prod/values.yaml diff --git a/kubernetes/clusters/prod/infra/fluent-app.yaml b/kubernetes/clusters/prod/infra/fluent-app.yaml new file mode 100644 index 00000000..995a9421 --- /dev/null +++ b/kubernetes/clusters/prod/infra/fluent-app.yaml @@ -0,0 +1,48 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: fluentd-app + namespace: flux-system +spec: + interval: 30m + targetNamespace: fluent + sourceRef: + kind: GitRepository + name: flux-system + path: ./kubernetes/platform/fluentd/app/overlays/prod + prune: true + dependsOn: + - name: cert-manager-config + - name: external-secrets-config + - name: elastic-stack-app + - name: loki-app + + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: fluentd + namespace: fluent + +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: fluent-bit-app + namespace: flux-system +spec: + interval: 30m + targetNamespace: fluent + sourceRef: + kind: GitRepository + name: flux-system + path: ./kubernetes/platform/fluent-bit/app/overlays/prod + prune: true + dependsOn: + - name: fluentd-app + - name: external-secrets-config + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + name: fluent-bit + namespace: fluent \ No newline at end of file diff --git a/kubernetes/platform/fluent-bit/app/base/fluent-bit-externalsecret.yaml b/kubernetes/platform/fluent-bit/app/base/fluent-bit-externalsecret.yaml new file mode 100644 index 00000000..5f252e27 --- /dev/null +++ b/kubernetes/platform/fluent-bit/app/base/fluent-bit-externalsecret.yaml @@ -0,0 +1,24 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: fluent-bit-externalsecret + namespace: fluent +spec: + secretStoreRef: + name: vault-backend + kind: ClusterSecretStore + target: + name: fluent-bit-secrets + data: + - secretKey: fluentd-shared-key + remoteRef: + key: logging/fluentd + property: shared_key + - secretKey: es-username + remoteRef: + key: logging/es-fluentd + property: user + - secretKey: es-password + remoteRef: + key: logging/es-fluentd + property: password diff --git a/kubernetes/platform/fluent-bit/app/base/helm.yaml b/kubernetes/platform/fluent-bit/app/base/helm.yaml new file mode 100644 index 00000000..367ea382 --- /dev/null +++ b/kubernetes/platform/fluent-bit/app/base/helm.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: fluent-bit +spec: + interval: 30m + chart: + spec: + chart: fluent-bit + version: 0.46.11 + sourceRef: + kind: HelmRepository + name: fluent + namespace: flux-system + releaseName: fluent-bit + targetNamespace: fluent + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + valuesFrom: + - kind: ConfigMap + name: fluent-bit-helm-values + valuesKey: base-values.yaml \ No newline at end of file diff --git a/kubernetes/platform/fluent-bit/app/base/kustomization.yaml b/kubernetes/platform/fluent-bit/app/base/kustomization.yaml new file mode 100644 index 00000000..20831c38 --- /dev/null +++ b/kubernetes/platform/fluent-bit/app/base/kustomization.yaml @@ -0,0 +1,21 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ns.yaml + - fluent-bit-externalsecret.yaml + - helm.yaml + - servicemonitor.yaml + +configMapGenerator: + - name: fluent-bit-helm-values + files: + - base-values.yaml=values.yaml + - name: fluent-bit-env + options: + # Disable hashing. + # Automatic replacement does not work with configMaps references in values.yaml + disableNameSuffixHash: true + literals: + - fluentdHost=fluentd +configurations: + - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/platform/fluent-bit/app/base/kustomizeconfig.yaml b/kubernetes/platform/fluent-bit/app/base/kustomizeconfig.yaml new file mode 100644 index 00000000..9469f4ef --- /dev/null +++ b/kubernetes/platform/fluent-bit/app/base/kustomizeconfig.yaml @@ -0,0 +1,11 @@ +nameReference: +- kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease +- kind: Secret + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/platform/fluent-bit/app/base/ns.yaml b/kubernetes/platform/fluent-bit/app/base/ns.yaml new file mode 100644 index 00000000..243bf5ad --- /dev/null +++ b/kubernetes/platform/fluent-bit/app/base/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: fluent diff --git a/kubernetes/platform/fluent-bit/app/base/servicemonitor.yaml b/kubernetes/platform/fluent-bit/app/base/servicemonitor.yaml new file mode 100644 index 00000000..5e4db778 --- /dev/null +++ b/kubernetes/platform/fluent-bit/app/base/servicemonitor.yaml @@ -0,0 +1,27 @@ +--- +# Fluent-bit ServiceMonitor +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app: fluent-bit + release: kube-prometheus-stack + name: fluentbit-prometheus-servicemonitor + namespace: fluent +spec: + jobLabel: app.kubernetes.io/name + endpoints: + - path: /api/v1/metrics/prometheus + targetPort: 2020 + - params: + target: + - http://127.0.0.1:2020/api/v1/storage + path: /probe + targetPort: 7979 + namespaceSelector: + matchNames: + - fluent + selector: + matchLabels: + app.kubernetes.io/instance: fluent-bit + app.kubernetes.io/name: fluent-bit diff --git a/kubernetes/platform/fluent-bit/app/base/values.yaml b/kubernetes/platform/fluent-bit/app/base/values.yaml new file mode 100644 index 00000000..7b9d9b2c --- /dev/null +++ b/kubernetes/platform/fluent-bit/app/base/values.yaml @@ -0,0 +1,183 @@ +# fluent-bit helm values (base) +#fluentbit-container environment variables: +env: + # Fluentd deployment service + - name: FLUENT_AGGREGATOR_HOST + valueFrom: + configMapKeyRef: + name: fluent-bit-env + key: fluentdHost + # Default fluentd forward port + - name: FLUENT_AGGREGATOR_PORT + value: "24224" + - name: FLUENT_AGGREGATOR_SHARED_KEY + valueFrom: + secretKeyRef: + name: fluent-bit-secrets + key: fluentd-shared-key + - name: FLUENT_SELFHOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # Specify TZ + - name: TZ + value: "Europe/Madrid" +# Fluentbit config +config: + # Helm chart combines service, inputs, outputs, custom_parsers and filters section + # fluent-bit.config SERVICE + service: | + + [SERVICE] + Daemon Off + Flush 1 + Log_Level info + Parsers_File parsers.conf + Parsers_File custom_parsers.conf + HTTP_Server On + HTTP_Listen 0.0.0.0 + HTTP_Port 2020 + Health_Check On + storage.path /var/log/fluentbit/storage + storage.sync normal + storage.checksum off + storage.backlog.mem_limit 5M + storage.metrics on + + # fluent-bit.config INPUT: + inputs: | + + [INPUT] + Name tail + Alias input.kube + Path /var/log/containers/*.log + Path_Key filename + multiline.parser docker, cri + DB /var/log/fluentbit/flb_kube.db + Tag kube.* + Mem_Buf_Limit 5MB + storage.type filesystem + Skip_Long_Lines On + + [INPUT] + Name tail + Alias input.host + Tag host.* + DB /var/log/fluentbit/flb_host.db + Path /var/log/auth.log,/var/log/syslog + Path_Key filename + Mem_Buf_Limit 5MB + storage.type filesystem + Parser syslog-rfc3164-nopri + + # fluent-bit.config OUTPUT + outputs: | + + [OUTPUT] + Name forward + Alias output.aggregator + match * + Host ${FLUENT_AGGREGATOR_HOST} + Port ${FLUENT_AGGREGATOR_PORT} + Self_Hostname ${FLUENT_SELFHOSTNAME} + Shared_Key ${FLUENT_AGGREGATOR_SHARED_KEY} + tls On + tls.verify Off + + # fluent-bit.config PARSERS: + customParsers: | + + [PARSER] + Name syslog-rfc3164-nopri + Format regex + Regex /^(?