Add infra controllers

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>

apps/base/podinfo/repository.yaml

@@ -1,8 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: HelmRepository
-metadata:
-  name: podinfo
-spec:
-  interval: 12h
-  type: oci
-  url: oci://ghcr.io/stefanprodan/charts

apps/kustomization.yaml

@@ -1,4 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ../../../apps/staging
+  - podinfo.yaml

apps/podinfo.yaml

@@ -1,3 +1,13 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: podinfo
+spec:
+  interval: 12h
+  type: oci
+  url: oci://ghcr.io/stefanprodan/charts
+---
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
@@ -19,4 +29,6 @@ spec:
   # Default values
   # https://github.com/stefanprodan/podinfo/blob/master/charts/podinfo/values.yaml
   values:
-    replicaCount: 1
+    ingress:
+      enabled: true
+      className: nginx

apps/production/kustomization.yaml

@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ../base/podinfo
-patches:
-  - path: podinfo-values.yaml
-    target:
-      kind: HelmRelease

apps/production/podinfo-values.yaml

@@ -1,13 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
-kind: HelmRelease
-metadata:
-  name: podinfo
-  namespace: podinfo
-spec:
-  chart:
-    spec:
-      version: ">=1.0.0"
-  test:
-    enable: false
-  values:
-    replicaCount: 2

clusters/staging/apps/kustomization.yaml

@@ -1,8 +1,9 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ../base/podinfo
+  - ../../../apps/staging
 patches:
   - path: podinfo-values.yaml
     target:
       kind: HelmRelease
+      name: podinfo

clusters/staging/apps/podinfo-values.yaml

@@ -2,7 +2,6 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
   name: podinfo
-  namespace: podinfo
 spec:
   chart:
     spec:
@@ -10,4 +9,9 @@ spec:
   test:
     enable: false
   values:
-    replicaCount: 2
+    ingress:
+      hosts:
+        - host: podinfo.staging
+          paths:
+            - path: /
+              pathType: ImplementationSpecific

clusters/staging/infrastructure/configs/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../infrastructure/configs

clusters/staging/infrastructure/controllers/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../infrastructure/controllers

clusters/staging/tenants/cert-manager.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
+  labels:
+    toolkit.fluxcd.io/tenant: sre-team

clusters/staging/tenants/ingress-nginx.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ingress-nginx
+  labels:
+    toolkit.fluxcd.io/tenant: sre-team
+

clusters/staging/tenants/podinfo.yaml

@@ -15,7 +15,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  # This binding limits the access to the namespace
+  # This binding limits the access to the current namespace
   # being a RoleBinding instead of a ClusterRoleBinding
   name: cluster-admin
 subjects:

hub/staging.yaml

@@ -26,7 +26,7 @@ spec:
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
-  name: releases-sync
+  name: infra-controllers-sync
   namespace: staging
 spec:
   dependsOn:
@@ -37,7 +37,62 @@ spec:
   timeout: 5m
   prune: true
   wait: true
-  path: ./clusters/staging/releases
+  path: ./clusters/staging/infrastructure/controllers
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  patches:
+    - target:
+        kind: HelmRelease
+      patch: |
+        - op: add
+          path: /spec/kubeConfig
+          value:
+            secretRef:
+              name: cluster-kubeconfig
+        - op: add
+          path: /spec/serviceAccountName
+          value: flux-cluster-admin
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: infra-configs-sync
+  namespace: staging
+spec:
+  dependsOn:
+    - name: infra-controllers-sync
+  targetNamespace: staging
+  interval: 1h
+  retryInterval: 3m
+  timeout: 5m
+  prune: true
+  wait: true
+  path: ./clusters/staging/infrastructure/configs
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  kubeConfig:
+    secretRef:
+      name: cluster-kubeconfig
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: apps-sync
+  namespace: staging
+spec:
+  dependsOn:
+    - name: infra-configs-sync
+  targetNamespace: staging
+  interval: 1h
+  retryInterval: 3m
+  timeout: 5m
+  prune: true
+  wait: true
+  path: ./clusters/staging/apps
   sourceRef:
     kind: GitRepository
     name: flux-system

infrastructure/configs/cluster-issuers.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    # Replace the email address with your own contact email
+    email: fluxcdbot@users.noreply.github.com
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-nginx
+    solvers:
+      - http01:
+          ingress:
+            class: nginx

infrastructure/configs/kustomization.yaml

@@ -1,5 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - repository.yaml
-  - release.yaml
+  - cluster-issuers.yaml

infrastructure/controllers/cert-manager.yaml

@@ -0,0 +1,29 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: cert-manager
+spec:
+  interval: 24h
+  url: https://charts.jetstack.io
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: cert-manager
+spec:
+  targetNamespace: cert-manager
+  storageNamespace: cert-manager
+  releaseName: cert-manager
+  interval: 30m
+  chart:
+    spec:
+      chart: cert-manager
+      version: "1.x"
+      sourceRef:
+        kind: HelmRepository
+        name: cert-manager
+        namespace: cert-manager
+      interval: 12h
+  values:
+    installCRDs: true

infrastructure/controllers/ingress-nginx.yaml

@@ -0,0 +1,33 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: ingress-nginx
+spec:
+  interval: 24h
+  url: https://kubernetes.github.io/ingress-nginx
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: ingress-nginx
+spec:
+  targetNamespace: cert-manager
+  storageNamespace: cert-manager
+  releaseName: cert-manager
+  interval: 30m
+  chart:
+    spec:
+      chart: ingress-nginx
+      version: "*"
+      sourceRef:
+        kind: HelmRepository
+        name: ingress-nginx
+        namespace: ingress-nginx
+      interval: 12h
+  values:
+    controller:
+      service:
+        type: "NodePort"
+    admissionWebhooks:
+      enabled: false

infrastructure/controllers/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - cert-manager.yaml
+  - ingress-nginx.yaml