diff --git a/clusters/hlcl1/apps/ff/externalsecret-deploy-key.yaml b/clusters/hlcl1/apps/ff/externalsecret-deploy-key.yaml new file mode 100644 index 0000000..24cca0a --- /dev/null +++ b/clusters/hlcl1/apps/ff/externalsecret-deploy-key.yaml @@ -0,0 +1,26 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: flux-ff-deploy-key + namespace: flux-system +spec: + refreshInterval: 1h + secretStoreRef: + name: openbao + kind: ClusterSecretStore + target: + name: flux-ff-deploy-key + creationPolicy: Owner + data: + - secretKey: identity # pragma: allowlist secret + remoteRef: + key: ff/deploy-key + property: identity + - secretKey: identity.pub # pragma: allowlist secret + remoteRef: + key: ff/deploy-key + property: identity_pub + - secretKey: known_hosts + remoteRef: + key: ff/deploy-key + property: known_hosts diff --git a/clusters/hlcl1/apps/ff/externalsecret-registry-auth.yaml b/clusters/hlcl1/apps/ff/externalsecret-registry-auth.yaml new file mode 100644 index 0000000..a2f1a7b --- /dev/null +++ b/clusters/hlcl1/apps/ff/externalsecret-registry-auth.yaml @@ -0,0 +1,27 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: flux-ff-registry-auth + namespace: flux-system +spec: + refreshInterval: 1h + secretStoreRef: + name: openbao + kind: ClusterSecretStore + target: + name: flux-ff-registry-auth + creationPolicy: Owner + template: + type: kubernetes.io/dockerconfigjson + data: + .dockerconfigjson: | + {"auths":{"ghcr.io":{"username":"{{ .username }}","password":"{{ .password }}","auth":"{{ printf "%s:%s" .username .password | b64enc }}"}}} + data: + - secretKey: username # pragma: allowlist secret + remoteRef: + key: ff/registry-auth + property: username + - secretKey: password # pragma: allowlist secret + remoteRef: + key: ff/registry-auth + property: password diff --git a/clusters/hlcl1/apps/ff/gitrepository-dev.yaml b/clusters/hlcl1/apps/ff/gitrepository-dev.yaml new file mode 100644 index 0000000..e290c07 --- /dev/null +++ b/clusters/hlcl1/apps/ff/gitrepository-dev.yaml @@ -0,0 +1,12 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: ff-dev + namespace: flux-system +spec: + interval: 1m + url: ssh://git@github.com/rgardner4012/flockfeed + ref: + branch: dev + secretRef: + name: flux-ff-deploy-key diff --git a/clusters/hlcl1/apps/ff/gitrepository-main.yaml b/clusters/hlcl1/apps/ff/gitrepository-main.yaml new file mode 100644 index 0000000..554e8f1 --- /dev/null +++ b/clusters/hlcl1/apps/ff/gitrepository-main.yaml @@ -0,0 +1,12 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: ff-main + namespace: flux-system +spec: + interval: 1m + url: ssh://git@github.com/rgardner4012/flockfeed + ref: + branch: main + secretRef: + name: flux-ff-deploy-key diff --git a/clusters/hlcl1/apps/ff/imagepolicy-dev.yaml b/clusters/hlcl1/apps/ff/imagepolicy-dev.yaml new file mode 100644 index 0000000..b7b5b4a --- /dev/null +++ b/clusters/hlcl1/apps/ff/imagepolicy-dev.yaml @@ -0,0 +1,13 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImagePolicy +metadata: + name: ff-dev + namespace: flux-system +spec: + imageRepositoryRef: + name: ff + filterTags: + pattern: '^dev-[0-9]{14}$' + policy: + alphabetical: + order: asc diff --git a/clusters/hlcl1/apps/ff/imagepolicy-production.yaml b/clusters/hlcl1/apps/ff/imagepolicy-production.yaml new file mode 100644 index 0000000..96f69d1 --- /dev/null +++ b/clusters/hlcl1/apps/ff/imagepolicy-production.yaml @@ -0,0 +1,13 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImagePolicy +metadata: + name: ff-production + namespace: flux-system +spec: + imageRepositoryRef: + name: ff + filterTags: + pattern: '^main-[0-9]{14}$' + policy: + alphabetical: + order: asc diff --git a/clusters/hlcl1/apps/ff/imagerepository.yaml b/clusters/hlcl1/apps/ff/imagerepository.yaml new file mode 100644 index 0000000..4457588 --- /dev/null +++ b/clusters/hlcl1/apps/ff/imagerepository.yaml @@ -0,0 +1,10 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageRepository +metadata: + name: ff + namespace: flux-system +spec: + image: ghcr.io/rgardner4012/flockfeed + interval: 1m + secretRef: + name: flux-ff-registry-auth diff --git a/clusters/hlcl1/apps/ff/imageupdateautomation-dev.yaml b/clusters/hlcl1/apps/ff/imageupdateautomation-dev.yaml new file mode 100644 index 0000000..cbfb5b0 --- /dev/null +++ b/clusters/hlcl1/apps/ff/imageupdateautomation-dev.yaml @@ -0,0 +1,24 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageUpdateAutomation +metadata: + name: ff-dev + namespace: flux-system +spec: + interval: 1m + sourceRef: + kind: GitRepository + name: ff-dev + git: + checkout: + ref: + branch: dev + commit: + author: + email: fluxcdbot@users.noreply.github.com + name: fluxcdbot + messageTemplate: 'chore: update ff dev image to {{range .Updated.Images}}{{println .}}{{end}}' + push: + branch: dev + update: + path: ./k8s/overlays/dev + strategy: Setters diff --git a/clusters/hlcl1/apps/ff/imageupdateautomation-production.yaml b/clusters/hlcl1/apps/ff/imageupdateautomation-production.yaml new file mode 100644 index 0000000..708aefb --- /dev/null +++ b/clusters/hlcl1/apps/ff/imageupdateautomation-production.yaml @@ -0,0 +1,24 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageUpdateAutomation +metadata: + name: ff-production + namespace: flux-system +spec: + interval: 1m + sourceRef: + kind: GitRepository + name: ff-main + git: + checkout: + ref: + branch: main + commit: + author: + email: fluxcdbot@users.noreply.github.com + name: fluxcdbot + messageTemplate: 'chore: update ff production image to {{range .Updated.Images}}{{println .}}{{end}}' + push: + branch: main + update: + path: ./k8s/overlays/production + strategy: Setters diff --git a/clusters/hlcl1/apps/ff/ks-dev.yaml b/clusters/hlcl1/apps/ff/ks-dev.yaml new file mode 100644 index 0000000..a5a924e --- /dev/null +++ b/clusters/hlcl1/apps/ff/ks-dev.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: apps-ff-dev + namespace: flux-system +spec: + interval: 10m + retryInterval: 1m + path: ./k8s/overlays/dev + prune: true + sourceRef: + kind: GitRepository + name: ff-dev + dependsOn: + - name: infra-ff-postgres + timeout: 5m diff --git a/clusters/hlcl1/apps/ff/ks-production.yaml b/clusters/hlcl1/apps/ff/ks-production.yaml new file mode 100644 index 0000000..b930508 --- /dev/null +++ b/clusters/hlcl1/apps/ff/ks-production.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: apps-ff-production + namespace: flux-system +spec: + interval: 10m + retryInterval: 1m + path: ./k8s/overlays/production + prune: true + sourceRef: + kind: GitRepository + name: ff-main + dependsOn: + - name: infra-ff-postgres + timeout: 5m diff --git a/clusters/hlcl1/apps/ff/kustomization.yaml b/clusters/hlcl1/apps/ff/kustomization.yaml new file mode 100644 index 0000000..a862c3f --- /dev/null +++ b/clusters/hlcl1/apps/ff/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - externalsecret-deploy-key.yaml + - externalsecret-registry-auth.yaml + - gitrepository-main.yaml + - gitrepository-dev.yaml + - imagerepository.yaml + - imagepolicy-dev.yaml + - imagepolicy-production.yaml + - imageupdateautomation-dev.yaml + - imageupdateautomation-production.yaml + - ks-dev.yaml + - ks-production.yaml diff --git a/clusters/hlcl1/infra/databases/postgres/ks-config.yaml b/clusters/hlcl1/infra/databases/postgres/ks-config.yaml index ac4bdc3..409a8d9 100644 --- a/clusters/hlcl1/infra/databases/postgres/ks-config.yaml +++ b/clusters/hlcl1/infra/databases/postgres/ks-config.yaml @@ -14,4 +14,5 @@ spec: dependsOn: - name: infra-shared-namespaces - name: infra-cloudnativepg + wait: true timeout: 10m diff --git a/clusters/hlcl1/kustomization.yaml b/clusters/hlcl1/kustomization.yaml index b43a267..21502e6 100644 --- a/clusters/hlcl1/kustomization.yaml +++ b/clusters/hlcl1/kustomization.yaml @@ -9,3 +9,4 @@ resources: - infra/databases - apps/pihole - apps/monitoring + - apps/ff