diff --git a/applications/appset-applications.yaml b/applications/appset-applications.yaml deleted file mode 100644 index 94dd60ad..00000000 --- a/applications/appset-applications.yaml +++ /dev/null @@ -1,51 +0,0 @@ -# AppSet for custom apps that don't necessarily follow the pattern of the others. -# Path structure is environments///config.yaml with namespace defined in config.yaml. -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: argocd-applications - namespace: argocd -spec: - goTemplate: true - # goTemplateOptions: ["missingkey=error"] - generators: - - git: - repoURL: https://github.com/bkonicek/gitops - revision: HEAD - files: - - path: environments/*/*/config.yaml - - path: environments/sandbox-oci/metrics-server/config.yaml - exclude: true - - path: environments/sandbox-oci/prometheus-operator/config.yaml - exclude: true - template: - metadata: - name: "{{index .path.segments 1}}-{{.path.basenameNormalized}}" - labels: - app_name: "{{.path.basenameNormalized}}" - environment: "{{index .path.segments 1}}" - spec: - project: default - destination: - namespace: "{{ .namespace }}" - server: https://kubernetes.default.svc - source: - repoURL: https://github.com/bkonicek/gitops - targetRevision: '{{ .targetRevision | default "HEAD" }}' - path: "{{ .path.path }}" - helm: - releaseName: '{{ .releaseName | default (printf "%s-%s" (index .path.segments 1) .path.basenameNormalized) }}' - valueFiles: - - ../../../base/{{ default (printf "%s.yaml" .path.basenameNormalized) .baseValuesFile }} - - values.yaml - ignoreMissingValueFiles: true - syncPolicy: - automated: - prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ). - selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ). - allowEmpty: true # Allows deleting all application resources during automatic syncing ( false by default ). - syncOptions: - - CreateNamespace=true - - ServerSideApply={{ .serverSideApply | default "false"}} - syncPolicy: - preserveResourcesOnDeletion: true diff --git a/applications/appset-ops-tools.yaml b/applications/appset-ops-tools.yaml index f05eb92a..e13a3e5b 100644 --- a/applications/appset-ops-tools.yaml +++ b/applications/appset-ops-tools.yaml @@ -13,8 +13,7 @@ spec: repoURL: https://github.com/bkonicek/gitops revision: HEAD files: - - path: environments/sandbox-oci/metrics-server/config.yaml - - path: environments/sandbox-oci/prometheus-operator/config.yaml + - path: environments/*/*/config.yaml template: metadata: name: "{{index .path.segments 1}}-{{.path.basenameNormalized}}" diff --git a/base/sealed-secrets-controller.yaml b/base/sealed-secrets-controller.yaml new file mode 100644 index 00000000..5dae6ad8 --- /dev/null +++ b/base/sealed-secrets-controller.yaml @@ -0,0 +1,8 @@ +metrics: + serviceMonitor: + enabled: true + dashboards: + create: true + namespace: monitoring + labels: + grafana_dashboard: "1" diff --git a/environments/sandbox-oci/cert-manager/Chart.yaml b/charts/cert-manager/Chart.yaml similarity index 100% rename from environments/sandbox-oci/cert-manager/Chart.yaml rename to charts/cert-manager/Chart.yaml diff --git a/environments/sandbox-oci/cert-manager/templates/clusterissuer-http-staging.yaml b/charts/cert-manager/templates/clusterissuer-http-staging.yaml similarity index 100% rename from environments/sandbox-oci/cert-manager/templates/clusterissuer-http-staging.yaml rename to charts/cert-manager/templates/clusterissuer-http-staging.yaml diff --git a/environments/sandbox-oci/cert-manager/templates/clusterissuer-http.yaml b/charts/cert-manager/templates/clusterissuer-http.yaml similarity index 100% rename from environments/sandbox-oci/cert-manager/templates/clusterissuer-http.yaml rename to charts/cert-manager/templates/clusterissuer-http.yaml diff --git a/environments/sandbox-oci/cert-manager/values.yaml b/charts/cert-manager/values.yaml similarity index 100% rename from environments/sandbox-oci/cert-manager/values.yaml rename to charts/cert-manager/values.yaml diff --git a/environments/sandbox-oci/external-dns/Chart.yaml b/charts/external-dns/Chart.yaml similarity index 100% rename from environments/sandbox-oci/external-dns/Chart.yaml rename to charts/external-dns/Chart.yaml diff --git a/environments/sandbox-oci/external-dns/templates/cloudflare-sealed-secret.yaml b/charts/external-dns/templates/cloudflare-sealed-secret.yaml similarity index 100% rename from environments/sandbox-oci/external-dns/templates/cloudflare-sealed-secret.yaml rename to charts/external-dns/templates/cloudflare-sealed-secret.yaml diff --git a/environments/sandbox-oci/external-dns/templates/dnsendpoint.yaml b/charts/external-dns/templates/dnsendpoint.yaml similarity index 100% rename from environments/sandbox-oci/external-dns/templates/dnsendpoint.yaml rename to charts/external-dns/templates/dnsendpoint.yaml diff --git a/charts/external-dns/values.yaml b/charts/external-dns/values.yaml new file mode 100644 index 00000000..af9ac6fb --- /dev/null +++ b/charts/external-dns/values.yaml @@ -0,0 +1,19 @@ +external-dns: + provider: cloudflare + policy: sync + sources: + - ingress + - crd + txtOwnerId: external-dns + env: + - name: CF_API_TOKEN + valueFrom: + secretKeyRef: + name: cf-dns + key: API_TOKEN + + serviceMonitor: + enabled: true + +# DNS zone +dnsZone: benkonicek.com diff --git a/environments/sandbox-oci/external-secrets/Chart.yaml b/charts/external-secrets/Chart.yaml similarity index 100% rename from environments/sandbox-oci/external-secrets/Chart.yaml rename to charts/external-secrets/Chart.yaml diff --git a/environments/sandbox-oci/external-secrets/templates/1password-operator-service-account-sealed-secret.yaml b/charts/external-secrets/templates/1password-operator-service-account-sealed-secret.yaml similarity index 100% rename from environments/sandbox-oci/external-secrets/templates/1password-operator-service-account-sealed-secret.yaml rename to charts/external-secrets/templates/1password-operator-service-account-sealed-secret.yaml diff --git a/environments/sandbox-oci/external-secrets/templates/cluster-secret-store-1password.yaml b/charts/external-secrets/templates/cluster-secret-store-1password.yaml similarity index 100% rename from environments/sandbox-oci/external-secrets/templates/cluster-secret-store-1password.yaml rename to charts/external-secrets/templates/cluster-secret-store-1password.yaml diff --git a/environments/sandbox-oci/external-secrets/values.yaml b/charts/external-secrets/values.yaml similarity index 100% rename from environments/sandbox-oci/external-secrets/values.yaml rename to charts/external-secrets/values.yaml diff --git a/environments/sandbox-oci/pihole/Chart.yaml b/charts/pihole/Chart.yaml similarity index 100% rename from environments/sandbox-oci/pihole/Chart.yaml rename to charts/pihole/Chart.yaml diff --git a/environments/sandbox-oci/pihole/templates/externalsecret-admin-password.yaml b/charts/pihole/templates/externalsecret-admin-password.yaml similarity index 100% rename from environments/sandbox-oci/pihole/templates/externalsecret-admin-password.yaml rename to charts/pihole/templates/externalsecret-admin-password.yaml diff --git a/environments/sandbox-oci/pihole/values.yaml b/charts/pihole/values.yaml similarity index 100% rename from environments/sandbox-oci/pihole/values.yaml rename to charts/pihole/values.yaml diff --git a/environments/sandbox-oci/tailscale/Chart.yaml b/charts/tailscale/Chart.yaml similarity index 100% rename from environments/sandbox-oci/tailscale/Chart.yaml rename to charts/tailscale/Chart.yaml diff --git a/environments/sandbox-oci/tailscale/templates/app-connector.yaml b/charts/tailscale/templates/app-connector.yaml similarity index 100% rename from environments/sandbox-oci/tailscale/templates/app-connector.yaml rename to charts/tailscale/templates/app-connector.yaml diff --git a/environments/sandbox-oci/tailscale/templates/connector-exit-node.yaml b/charts/tailscale/templates/connector-exit-node.yaml similarity index 100% rename from environments/sandbox-oci/tailscale/templates/connector-exit-node.yaml rename to charts/tailscale/templates/connector-exit-node.yaml diff --git a/environments/sandbox-oci/tailscale/templates/namespace.yaml b/charts/tailscale/templates/namespace.yaml similarity index 100% rename from environments/sandbox-oci/tailscale/templates/namespace.yaml rename to charts/tailscale/templates/namespace.yaml diff --git a/environments/sandbox-oci/tailscale/templates/operator-oauth-sealed-secret.yaml b/charts/tailscale/templates/operator-oauth-sealed-secret.yaml similarity index 100% rename from environments/sandbox-oci/tailscale/templates/operator-oauth-sealed-secret.yaml rename to charts/tailscale/templates/operator-oauth-sealed-secret.yaml diff --git a/charts/tailscale/values.yaml b/charts/tailscale/values.yaml new file mode 100644 index 00000000..1bb4ad2a --- /dev/null +++ b/charts/tailscale/values.yaml @@ -0,0 +1,21 @@ +tailscale-operator: + operatorConfig: + resources: + requests: + cpu: 500m + memory: 100Mi + limits: + memory: 100Mi + image: + repository: docker.io/tailscale/k8s-operator + proxyConfig: + image: + repository: docker.io/tailscale/tailscale + apiServerProxyConfig: + mode: true + +appConnector: + enabled: false + image: + repository: docker.io/tailscale/tailscale + tag: v1.96.5 diff --git a/environments/sandbox-oci/traefik/Chart.yaml b/charts/traefik/Chart.yaml similarity index 100% rename from environments/sandbox-oci/traefik/Chart.yaml rename to charts/traefik/Chart.yaml diff --git a/charts/traefik/config.yaml b/charts/traefik/config.yaml new file mode 100644 index 00000000..b1e8cb8e --- /dev/null +++ b/charts/traefik/config.yaml @@ -0,0 +1,2 @@ +namespace: traefik +targetRevision: HEAD diff --git a/environments/sandbox-oci/traefik/templates/middleware-default-headers.yaml b/charts/traefik/templates/middleware-default-headers.yaml similarity index 100% rename from environments/sandbox-oci/traefik/templates/middleware-default-headers.yaml rename to charts/traefik/templates/middleware-default-headers.yaml diff --git a/environments/sandbox-oci/traefik/templates/middleware-redirect.yaml b/charts/traefik/templates/middleware-redirect.yaml similarity index 100% rename from environments/sandbox-oci/traefik/templates/middleware-redirect.yaml rename to charts/traefik/templates/middleware-redirect.yaml diff --git a/environments/sandbox-oci/traefik/templates/tls-options.yaml b/charts/traefik/templates/tls-options.yaml similarity index 100% rename from environments/sandbox-oci/traefik/templates/tls-options.yaml rename to charts/traefik/templates/tls-options.yaml diff --git a/charts/traefik/values.yaml b/charts/traefik/values.yaml new file mode 100644 index 00000000..12759f01 --- /dev/null +++ b/charts/traefik/values.yaml @@ -0,0 +1,21 @@ +traefik: + providers: + kubernetesIngressNGINX: + enabled: true + kubernetesCRD: + allowCrossNamespace: true + service: + spec: + externalTrafficPolicy: Local + metrics: + prometheus: + disableAPICheck: true + serviceMonitor: + enabled: true + ingressClass: + name: traefik + logs: + access: + enabled: true + additionalArguments: + - "--entrypoints.websecure.http.middlewares=traefik-default-headers@kubernetescrd" diff --git a/environments/sandbox-oci/external-dns/values.yaml b/environments/sandbox-oci/external-dns/values.yaml index 445416fa..acb82f4b 100644 --- a/environments/sandbox-oci/external-dns/values.yaml +++ b/environments/sandbox-oci/external-dns/values.yaml @@ -1,38 +1,9 @@ external-dns: - provider: cloudflare - policy: sync - sources: - - ingress - - crd - txtOwnerId: external-dns - env: - - name: CF_API_TOKEN - valueFrom: - secretKeyRef: - name: cf-dns - key: API_TOKEN extraArgs: - "--exclude-target-net=10.0.0.0/8" - - serviceMonitor: - enabled: true - -# DNS zone -dnsZone: benkonicek.com - + # Create DNSEndpoint resources dnsEndpoints: - # YAML map of DNSEndpoints to create - # www: - # # DNS record type - # type: CNAME - # # List of targets to point the record to - # targets: - # - example.com - # # Enable proxying the record through cloudflare - # proxy: true - # # TTL for the record - # ttl: 180 blog: type: CNAME targets: diff --git a/environments/sandbox-oci/sealed-secrets-controller/.helmignore b/environments/sandbox-oci/sealed-secrets-controller/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/environments/sandbox-oci/sealed-secrets-controller/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/environments/sandbox-oci/sealed-secrets-controller/Chart.yaml b/environments/sandbox-oci/sealed-secrets-controller/Chart.yaml deleted file mode 100644 index c54351e0..00000000 --- a/environments/sandbox-oci/sealed-secrets-controller/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v2 -name: sealed-secrets -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.0" - -dependencies: - - name: sealed-secrets - repository: https://bitnami-labs.github.io/sealed-secrets - version: 2.18.5 diff --git a/environments/sandbox-oci/sealed-secrets-controller/config.yaml b/environments/sandbox-oci/sealed-secrets-controller/config.yaml index ff64a018..7b305685 100644 --- a/environments/sandbox-oci/sealed-secrets-controller/config.yaml +++ b/environments/sandbox-oci/sealed-secrets-controller/config.yaml @@ -1,2 +1,4 @@ namespace: kube-system -targetRevision: HEAD +targetRevision: 2.18.5 +repoURL: https://bitnami-labs.github.io/sealed-secrets +chartName: sealed-secrets diff --git a/environments/sandbox-oci/sealed-secrets-controller/values.yaml b/environments/sandbox-oci/sealed-secrets-controller/values.yaml deleted file mode 100644 index becb0a3b..00000000 --- a/environments/sandbox-oci/sealed-secrets-controller/values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -sealed-secrets: - metrics: - serviceMonitor: - enabled: true - dashboards: - create: true - namespace: monitoring - labels: - grafana_dashboard: "1" diff --git a/environments/sandbox-oci/tailscale/values.yaml b/environments/sandbox-oci/tailscale/values.yaml index 3665fff1..2fac08ec 100644 --- a/environments/sandbox-oci/tailscale/values.yaml +++ b/environments/sandbox-oci/tailscale/values.yaml @@ -1,22 +1,3 @@ tailscale-operator: operatorConfig: hostname: sandbox-oci-cluster - resources: - requests: - cpu: 500m - memory: 100Mi - limits: - memory: 100Mi - image: - repository: docker.io/tailscale/k8s-operator - proxyConfig: - image: - repository: docker.io/tailscale/tailscale - apiServerProxyConfig: - mode: true - -appConnector: - enabled: false - image: - repository: docker.io/tailscale/tailscale - tag: v1.96.5 diff --git a/environments/sandbox-oci/traefik/values.yaml b/environments/sandbox-oci/traefik/values.yaml index 00f71fd5..40af783b 100644 --- a/environments/sandbox-oci/traefik/values.yaml +++ b/environments/sandbox-oci/traefik/values.yaml @@ -1,23 +1,4 @@ traefik: - providers: - kubernetesIngressNGINX: - enabled: true - kubernetesCRD: - allowCrossNamespace: true service: annotations: oci.oraclecloud.com/load-balancer-type: "nlb" - spec: - externalTrafficPolicy: Local - metrics: - prometheus: - disableAPICheck: true - serviceMonitor: - enabled: true - ingressClass: - name: traefik - logs: - access: - enabled: true - additionalArguments: - - "--entrypoints.websecure.http.middlewares=traefik-default-headers@kubernetescrd"