diff --git a/apps/base/podinfo/repository.yaml b/apps/base/podinfo/repository.yaml deleted file mode 100644 index 623423c..0000000 --- a/apps/base/podinfo/repository.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: podinfo -spec: - interval: 12h - type: oci - url: oci://ghcr.io/stefanprodan/charts diff --git a/clusters/staging/releases/kustomization.yaml b/apps/kustomization.yaml similarity index 74% rename from clusters/staging/releases/kustomization.yaml rename to apps/kustomization.yaml index ed44b6c..e9cd4f5 100644 --- a/clusters/staging/releases/kustomization.yaml +++ b/apps/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../../apps/staging + - podinfo.yaml diff --git a/apps/base/podinfo/release.yaml b/apps/podinfo.yaml similarity index 66% rename from apps/base/podinfo/release.yaml rename to apps/podinfo.yaml index 932f0b9..2a7587a 100644 --- a/apps/base/podinfo/release.yaml +++ b/apps/podinfo.yaml @@ -1,3 +1,13 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: podinfo +spec: + interval: 12h + type: oci + url: oci://ghcr.io/stefanprodan/charts +--- apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: @@ -19,4 +29,6 @@ spec: # Default values # https://github.com/stefanprodan/podinfo/blob/master/charts/podinfo/values.yaml values: - replicaCount: 1 + ingress: + enabled: true + className: nginx diff --git a/apps/production/kustomization.yaml b/apps/production/kustomization.yaml deleted file mode 100644 index c7c4eb1..0000000 --- a/apps/production/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ../base/podinfo -patches: - - path: podinfo-values.yaml - target: - kind: HelmRelease diff --git a/apps/production/podinfo-values.yaml b/apps/production/podinfo-values.yaml deleted file mode 100644 index ec16998..0000000 --- a/apps/production/podinfo-values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - name: podinfo - namespace: podinfo -spec: - chart: - spec: - version: ">=1.0.0" - test: - enable: false - values: - replicaCount: 2 diff --git a/apps/staging/kustomization.yaml b/clusters/staging/apps/kustomization.yaml similarity index 76% rename from apps/staging/kustomization.yaml rename to clusters/staging/apps/kustomization.yaml index c7c4eb1..cf1addd 100644 --- a/apps/staging/kustomization.yaml +++ b/clusters/staging/apps/kustomization.yaml @@ -1,8 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../base/podinfo + - ../../../apps/staging patches: - path: podinfo-values.yaml target: kind: HelmRelease + name: podinfo diff --git a/apps/staging/podinfo-values.yaml b/clusters/staging/apps/podinfo-values.yaml similarity index 55% rename from apps/staging/podinfo-values.yaml rename to clusters/staging/apps/podinfo-values.yaml index bfd6670..5a08cd3 100644 --- a/apps/staging/podinfo-values.yaml +++ b/clusters/staging/apps/podinfo-values.yaml @@ -2,7 +2,6 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: podinfo - namespace: podinfo spec: chart: spec: @@ -10,4 +9,9 @@ spec: test: enable: false values: - replicaCount: 2 + ingress: + hosts: + - host: podinfo.staging + paths: + - path: / + pathType: ImplementationSpecific diff --git a/clusters/staging/infrastructure/configs/kustomization.yaml b/clusters/staging/infrastructure/configs/kustomization.yaml new file mode 100644 index 0000000..cf852c2 --- /dev/null +++ b/clusters/staging/infrastructure/configs/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../../infrastructure/configs diff --git a/clusters/staging/infrastructure/controllers/kustomization.yaml b/clusters/staging/infrastructure/controllers/kustomization.yaml new file mode 100644 index 0000000..794fb08 --- /dev/null +++ b/clusters/staging/infrastructure/controllers/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../../infrastructure/controllers diff --git a/clusters/staging/tenants/cert-manager.yaml b/clusters/staging/tenants/cert-manager.yaml new file mode 100644 index 0000000..446feb5 --- /dev/null +++ b/clusters/staging/tenants/cert-manager.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager + labels: + toolkit.fluxcd.io/tenant: sre-team diff --git a/clusters/staging/tenants/ingress-nginx.yaml b/clusters/staging/tenants/ingress-nginx.yaml new file mode 100644 index 0000000..39d4316 --- /dev/null +++ b/clusters/staging/tenants/ingress-nginx.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: ingress-nginx + labels: + toolkit.fluxcd.io/tenant: sre-team + diff --git a/clusters/staging/tenants/podinfo.yaml b/clusters/staging/tenants/podinfo.yaml index 72ef433..cd61502 100644 --- a/clusters/staging/tenants/podinfo.yaml +++ b/clusters/staging/tenants/podinfo.yaml @@ -15,7 +15,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - # This binding limits the access to the namespace + # This binding limits the access to the current namespace # being a RoleBinding instead of a ClusterRoleBinding name: cluster-admin subjects: diff --git a/hub/staging.yaml b/hub/staging.yaml index 329674f..9c10c10 100644 --- a/hub/staging.yaml +++ b/hub/staging.yaml @@ -26,7 +26,7 @@ spec: apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: releases-sync + name: infra-controllers-sync namespace: staging spec: dependsOn: @@ -37,7 +37,62 @@ spec: timeout: 5m prune: true wait: true - path: ./clusters/staging/releases + path: ./clusters/staging/infrastructure/controllers + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + patches: + - target: + kind: HelmRelease + patch: | + - op: add + path: /spec/kubeConfig + value: + secretRef: + name: cluster-kubeconfig + - op: add + path: /spec/serviceAccountName + value: flux-cluster-admin +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: infra-configs-sync + namespace: staging +spec: + dependsOn: + - name: infra-controllers-sync + targetNamespace: staging + interval: 1h + retryInterval: 3m + timeout: 5m + prune: true + wait: true + path: ./clusters/staging/infrastructure/configs + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + kubeConfig: + secretRef: + name: cluster-kubeconfig +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: apps-sync + namespace: staging +spec: + dependsOn: + - name: infra-configs-sync + targetNamespace: staging + interval: 1h + retryInterval: 3m + timeout: 5m + prune: true + wait: true + path: ./clusters/staging/apps sourceRef: kind: GitRepository name: flux-system diff --git a/infrastructure/configs/cluster-issuers.yaml b/infrastructure/configs/cluster-issuers.yaml new file mode 100644 index 0000000..5dd647f --- /dev/null +++ b/infrastructure/configs/cluster-issuers.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt +spec: + acme: + # Replace the email address with your own contact email + email: fluxcdbot@users.noreply.github.com + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-nginx + solvers: + - http01: + ingress: + class: nginx diff --git a/apps/base/podinfo/kustomization.yaml b/infrastructure/configs/kustomization.yaml similarity index 66% rename from apps/base/podinfo/kustomization.yaml rename to infrastructure/configs/kustomization.yaml index 74e7370..de1ebfa 100644 --- a/apps/base/podinfo/kustomization.yaml +++ b/infrastructure/configs/kustomization.yaml @@ -1,5 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - repository.yaml - - release.yaml + - cluster-issuers.yaml diff --git a/infrastructure/controllers/cert-manager.yaml b/infrastructure/controllers/cert-manager.yaml new file mode 100644 index 0000000..264b952 --- /dev/null +++ b/infrastructure/controllers/cert-manager.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: cert-manager +spec: + interval: 24h + url: https://charts.jetstack.io +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: cert-manager +spec: + targetNamespace: cert-manager + storageNamespace: cert-manager + releaseName: cert-manager + interval: 30m + chart: + spec: + chart: cert-manager + version: "1.x" + sourceRef: + kind: HelmRepository + name: cert-manager + namespace: cert-manager + interval: 12h + values: + installCRDs: true diff --git a/infrastructure/controllers/ingress-nginx.yaml b/infrastructure/controllers/ingress-nginx.yaml new file mode 100644 index 0000000..07608bc --- /dev/null +++ b/infrastructure/controllers/ingress-nginx.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: ingress-nginx +spec: + interval: 24h + url: https://kubernetes.github.io/ingress-nginx +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: ingress-nginx +spec: + targetNamespace: cert-manager + storageNamespace: cert-manager + releaseName: cert-manager + interval: 30m + chart: + spec: + chart: ingress-nginx + version: "*" + sourceRef: + kind: HelmRepository + name: ingress-nginx + namespace: ingress-nginx + interval: 12h + values: + controller: + service: + type: "NodePort" + admissionWebhooks: + enabled: false diff --git a/infrastructure/controllers/kustomization.yaml b/infrastructure/controllers/kustomization.yaml new file mode 100644 index 0000000..ef2de19 --- /dev/null +++ b/infrastructure/controllers/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - cert-manager.yaml + - ingress-nginx.yaml