├── .github ├── actions │ └── tools │ │ ├── Dockerfile │ │ ├── action.yml │ │ └── entrypoint.sh └── workflows │ ├── .gitignore │ └── test.yaml ├── .gitignore ├── README.md ├── apps ├── argocd │ ├── apps │ │ ├── 00-cluster-api-secrets.yaml │ │ ├── 10-cert-manager.yaml │ │ ├── 11-certificates.yaml │ │ ├── 12-persistence.yaml │ │ ├── 20-my-secrets.yaml │ │ ├── 29-metallb.yaml │ │ ├── 30-ingress-nginx.yaml │ │ ├── 31-openvpn.yaml │ │ ├── 32-keycloak.yaml │ │ ├── 33-kube-oidc-proxy.yaml │ │ ├── 34-magalix.yaml │ │ ├── 40-routers.yaml │ │ ├── 50-metrics-server.yaml │ │ ├── 75-deis.yaml │ │ ├── 80-monitoring.yaml │ │ ├── 85-kuby-test.yaml │ │ ├── 90-minio-stage.yaml │ │ ├── 91-harbor.yaml │ │ ├── 92-chartmuseum.yaml │ │ ├── 93-scrob-prod-app.yaml │ │ ├── 95-flamingo.yaml │ │ ├── apps.yaml │ │ ├── flux-system-app.yaml │ │ ├── infrastructure.yaml │ │ ├── kustomization.yaml │ │ ├── monitoring-config.yaml │ │ ├── monitoring-stack.yaml │ │ └── traefik-api-crds.yaml │ ├── argocd-ingress.yaml │ ├── argocd-ingressroute.yaml │ ├── argocd-service-endpoints.yaml │ └── kustomization.yaml ├── base │ ├── hephy │ │ ├── helmrelease-deis-hephy.yaml │ │ ├── hephy-workflow-beta.yaml │ │ ├── kustomization.yaml │ │ └── teamhephy-repo.yaml │ ├── metallb │ │ ├── kustomization.yaml │ │ └── metallb-system.yaml │ ├── minio │ │ ├── kustomization.yaml │ │ └── minio-stage-ns.yaml │ ├── podinfo │ │ ├── 5.0.0 │ │ │ └── Dockerfile │ │ ├── 6.0.0 │ │ │ └── Dockerfile │ │ ├── ingressroute.yaml │ │ ├── kustomization.yaml │ │ └── podinfo-deployment.yaml │ ├── sintache │ │ ├── _example-pusher-sa.yaml │ │ ├── _ingress.yaml │ │ ├── _sinatra-example-deployment.yaml │ │ ├── example-image-flux-ks.yaml │ │ ├── example-image │ │ │ └── example-image.yaml │ │ └── kustomization.yaml │ ├── store │ │ ├── _ingress.yaml │ │ ├── _planetstore-deployment.yaml │ │ ├── _store-pusher-sa.yaml │ │ ├── kustomization.yaml │ │ ├── planet-image-flux-ks.yaml │ │ └── planet-image │ │ │ └── planet-image.yaml │ ├── traefik │ │ ├── kustomization.yaml │ │ ├── rbac.yaml │ │ ├── svc.yaml │ │ └── traefik.yaml │ └── whoami │ │ ├── deployment.yaml │ │ ├── ingressroute.yaml │ │ └── kustomization.yaml ├── cert-manager │ ├── 1.11.0 │ │ ├── cert-manager.crds.yaml │ │ ├── cert-manager.yaml │ │ └── kustomization.yaml │ ├── 1.14.5 │ │ ├── cert-manager.crds.yaml │ │ ├── cert-manager.yaml │ │ └── kustomization.yaml │ ├── howard-space │ │ └── kustomization.yaml │ └── moo-cluster-staging │ │ ├── example-clusterissuer.yaml │ │ ├── kustomization.yaml │ │ └── letsencrypt-production-clusterissuer.yaml ├── chartmuseum │ ├── charts-beta-ingressroute.yaml │ ├── helmrelease.yaml │ └── helmrepo.yaml ├── github-app-secret │ ├── default │ │ └── kustomization.yaml │ ├── flux-system │ │ └── kustomization.yaml │ ├── kustomization.yaml │ ├── test │ │ └── kustomization.yaml │ ├── vcluster-howard-moomboo-stage │ │ └── kustomization.yaml │ └── vcluster │ │ └── kustomization.yaml ├── harbor │ ├── harbor-ingress-stub.yaml │ ├── helmrelease.yaml │ ├── helmrepo.yaml │ └── kustomization.yaml ├── hephy │ ├── blog-ingressroute.yaml │ ├── hephy-patch.yaml │ └── kustomization.yaml ├── howard-infra │ └── cert-manager │ │ └── kustomization.yaml ├── howard-prod │ ├── .sops.pub.asc │ ├── .sops.yaml │ ├── bookstack │ │ ├── .gitignore │ │ ├── helmrelease.yaml │ │ ├── helmrepository.yaml │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ ├── persistent-volumes.yaml │ │ ├── pv-claims.yaml │ │ └── values.enc.yaml │ ├── botkube │ │ ├── .gitignore │ │ ├── botkube-values.enc.yaml │ │ ├── helmrelease.yaml │ │ ├── helmrepository.yaml │ │ ├── kustomization.yaml │ │ └── kustomizeconfig.yaml │ ├── capi-system │ │ ├── 1.3.2 │ │ │ ├── bootstrap-components.yaml │ │ │ ├── cluster-api-components.yaml │ │ │ └── kustomization.yaml │ │ ├── 1.5.3 │ │ │ ├── bootstrap-components.yaml │ │ │ ├── cluster-api-components.yaml │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ └── vcluster │ │ │ └── 0.1.3 │ │ │ └── infrastructure-components.yaml │ ├── configmap-example.yaml │ ├── dex │ │ ├── clusterroles.yaml │ │ ├── helm.yaml │ │ └── roles.yaml │ └── namespace.yaml ├── howard-wge │ └── weave-gitops │ │ ├── helm-artifacts.yaml │ │ └── weave-gitops-enterprise.yaml ├── ingress-nginx │ ├── helmrepo.yaml │ ├── internal-helmrelease.yaml │ └── public-helmrelease.yaml ├── keycloak │ ├── keycloak-db-user-configmap.yaml │ ├── keycloak-ingress.yaml │ └── kustomization.yaml ├── kpack │ ├── example-builder.yaml │ ├── kustomization.yaml │ └── planet-builder.yaml ├── kube-oidc-proxy │ ├── cluster-role-binding.yaml │ ├── gitrepo.yaml │ └── helmrelease.yaml ├── kuby-test │ ├── dashboard.yaml │ ├── flux-system-rw-gitrepo.yaml │ ├── gone-fishing-cm.yaml │ ├── image-webhook-recv.yaml │ ├── kuby-tester-assets-imagepol.yaml │ ├── kuby-tester-imageauto.yaml │ ├── kuby-tester-imagepol.yaml │ ├── kuby-tester-imagerepo.yaml │ ├── kustomization.yaml │ └── manifests.yaml ├── local-path-provisioner │ └── kustomization.yaml ├── magalix │ ├── deployment.yaml │ ├── kustomization.yaml │ └── validating.yaml ├── metallb │ └── REMOVED.md ├── metrics-server │ ├── kustomization.yaml │ └── v0.5.1 │ │ └── components.yaml ├── minio │ ├── kustomization.yaml │ ├── stage │ │ ├── kustomization.yaml │ │ ├── minio-helmrelease.yaml │ │ └── minio-ingressroute.yaml │ └── storage │ │ ├── juozas-helmrelease.yaml │ │ ├── juozas-ingressroute.yaml │ │ └── kustomization.yaml ├── monitoring │ ├── .gitignore │ ├── flux-kustomization-config.yaml │ ├── flux-kustomization.yaml │ ├── kustomization.yaml │ └── source.yaml ├── openvpn │ ├── helmrelease.yaml │ ├── helmrepo.yaml │ ├── kingdonb-helm-charts-1-gitrepo.yaml │ ├── kustomization.yaml │ ├── openvpn-openvpn-as-lb-udp.yaml │ └── vpn-ingressroute.yaml ├── podinfo │ └── configmap-test.yaml ├── production │ ├── podinfo │ │ ├── imagepolicy.yaml │ │ ├── imagerepo.yaml │ │ ├── ingressroute-patch.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── podinfo-patch.yaml │ ├── traefik │ │ ├── certificates-pvc.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── traefik-patch.yaml │ └── whoami │ │ ├── ingressroute-patch.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── whoami-patch.yaml ├── routers │ ├── democl-webhook │ │ ├── democl-cluster-escape.yaml │ │ ├── democl-webhook-ingress.yaml │ │ ├── democl-webhook-ingressroute.yaml │ │ └── democl-webhook-service-endpoints.yaml │ ├── planetstore-stg │ │ ├── stg-ingressroute.yaml │ │ └── stg-service-endpoints.yaml │ ├── scrob-dev │ │ ├── scrob-dev-cluster-escape.yaml │ │ ├── scrob-dev-ingress.yaml │ │ ├── scrob-dev-ingressroute.yaml │ │ └── scrob-dev-service-endpoints.yaml │ ├── scrob-web │ │ ├── scrob-ingressroute.yaml │ │ └── scrob-service-endpoints.yaml │ ├── sintache-stg │ │ ├── stg-ingressroute.yaml │ │ └── stg-service-endpoints.yaml │ ├── talos-related-routes │ │ ├── blog-https │ │ │ ├── blog-teamhephy-ingressroute.yaml │ │ │ └── blog-teamhephy-service-endpoints.yaml │ │ ├── commits-to-prod │ │ │ ├── commits-to-ingressroute.yaml │ │ │ └── commits-to-service-endpoints.yaml │ │ ├── commitstew-staging │ │ │ ├── commitstew-com-ingressroute.yaml │ │ │ └── commitstew-com-service-endpoints.yaml │ │ ├── docs-https │ │ │ ├── docs-teamhephy-ingressroute.yaml │ │ │ ├── docs-teamhephy-service-endpoints.yaml │ │ │ └── teamhephy-ingressroute.yaml │ │ ├── gitno-prod │ │ │ ├── gitno-prod-cluster-escape.yaml │ │ │ ├── gitno-prod-hephy-pro-ingress.yaml │ │ │ ├── gitno-prod-ingressroute.yaml │ │ │ └── gitno-prod-service-endpoints.yaml │ │ ├── harbor-certmanager │ │ │ ├── harbor-img-ingressroute.yaml │ │ │ ├── img-letsencrypt-service-endpoints.yaml │ │ │ └── img-service-endpoints.yaml │ │ ├── harvey │ │ │ └── moomboo │ │ │ │ ├── dex-harvey-moomboo-ingressroute.yaml │ │ │ │ ├── dex-harvey-moomboo-service-endpoints.yaml │ │ │ │ ├── harvey-moomboo-ingressroute.yaml │ │ │ │ └── harvey-moomboo-service-endpoints.yaml │ │ ├── howard │ │ │ ├── moomboo │ │ │ │ ├── dex-howard-moomboo-ingressroute.yaml │ │ │ │ ├── dex-howard-moomboo-service-endpoints.yaml │ │ │ │ ├── howard-moomboo-ingressroute.yaml │ │ │ │ ├── howard-moomboo-service-endpoints.yaml │ │ │ │ ├── promotions-howard-moomboo-ingressroute.yaml │ │ │ │ └── promotions-howard-moomboo-service-endpoints.yaml │ │ │ ├── talos-dev-webhook │ │ │ │ ├── talos-dev-cluster-escape.yaml │ │ │ │ ├── talos-dev-ingressroute.yaml │ │ │ │ ├── talos-dev-service-endpoints.yaml │ │ │ │ └── talos-dev-webhook-ingress.yaml │ │ │ └── test-webhook │ │ │ │ ├── webhook-test-howard-cluster-escape.yaml │ │ │ │ ├── webhook-test-howard-ingress.yaml │ │ │ │ ├── webhook-test-howard-ingressroute.yaml │ │ │ │ └── webhook-test-howard-service-endpoints.yaml │ │ ├── howto-kubeconfig │ │ │ ├── howto-kubeconfig-ingressroute.yaml │ │ │ └── howto-kubeconfig-service-endpoints.yaml │ │ ├── inactive │ │ │ ├── auth-essential │ │ │ │ ├── keycloak-ingressroute.yaml │ │ │ │ ├── keycloak-service-endpoints.yaml │ │ │ │ ├── kube-sso-ingressroute.yaml │ │ │ │ └── kube-sso-service-endpoints.yaml │ │ │ ├── bart-howard │ │ │ │ ├── bart-howard-ingressroute.yaml │ │ │ │ ├── bart-howard-service-endpoints.yaml │ │ │ │ ├── bart-stage-ingressroute.yaml │ │ │ │ └── bart-stage-service-endpoints.yaml │ │ │ ├── grafana-moomboo │ │ │ │ ├── grafana-moomboo-ingressroute.yaml │ │ │ │ └── grafana-moomboo-service-endpoints.yaml │ │ │ ├── grafana-test │ │ │ │ ├── grafana-moomboo-ingressroute.yaml │ │ │ │ └── grafana-moomboo-service-endpoints.yaml │ │ │ ├── howard-staging │ │ │ │ ├── howard-staging-ingressroute.yaml │ │ │ │ ├── howard-staging-service-endpoints.yaml │ │ │ │ ├── promotions-howard-staging-ingressroute.yaml │ │ │ │ └── promotions-howard-staging-service-endpoints.yaml │ │ │ ├── kingdonb-dev │ │ │ │ ├── kingdonb-dev-ingressroute.yaml │ │ │ │ └── kingdonb-dev-service-endpoints.yaml │ │ │ ├── newexample-howard-moomboo │ │ │ │ ├── howard-moomboo-ingressroute.yaml │ │ │ │ └── howard-moomboo-service-endpoints.yaml │ │ │ ├── ruby-stats │ │ │ │ ├── ruby-stats-ingressroute.yaml │ │ │ │ └── ruby-stats-service-endpoints.yaml │ │ │ ├── simple-test-moomboo │ │ │ │ ├── test-moomboo-ingressroute.yaml │ │ │ │ └── test-moomboo-service-endpoints.yaml │ │ │ ├── weave-gitops │ │ │ │ ├── gitops-howard-staging-ingressroute.yaml │ │ │ │ ├── gitops-howard-staging-service-endpoints.yaml │ │ │ │ ├── mccp-howard-moomboo-ingressroute.yaml │ │ │ │ ├── mccp-howard-moomboo-service-endpoints.yaml │ │ │ │ ├── mccp-howard-staging-ingressroute.yaml │ │ │ │ ├── mccp-howard-staging-service-endpoints.yaml │ │ │ │ ├── podinfo-ingressroute.yaml │ │ │ │ └── podinfo-service-endpoints.yaml │ │ │ └── yaateeh-dev │ │ │ │ ├── yaateeh-dev-ingressroute.yaml │ │ │ │ └── yaateeh-dev-service-endpoints.yaml │ │ ├── test-moomboo │ │ │ ├── test-moomboo-ingressroute.yaml │ │ │ └── test-moomboo-service-endpoints.yaml │ │ └── water-https │ │ │ ├── water-teamhephy-ingressroute.yaml │ │ │ └── water-teamhephy-service-endpoints.yaml │ ├── urbit-ships │ │ ├── socryx-topled-ingressroute.yaml │ │ └── socryx-topled-service-endpoints.yaml │ └── vpn-frontend │ │ ├── vpn-admin-ingressroute.yaml │ │ └── vpn-admin-service-endpoints.yaml └── staging │ ├── kustomization.yaml │ ├── podinfo │ ├── imagepolicy.yaml │ ├── imagerepo.yaml │ ├── ingressroute-patch.yaml │ ├── kustomization.yaml │ └── podinfo-patch.yaml │ ├── sintache │ ├── flux-system-rw-gitrepo.yaml │ ├── imageauto.yaml │ ├── imagepolicy.yaml │ ├── imagerepo.yaml │ ├── ingress-patch.yaml │ ├── kustomization.yaml │ └── sintache-patch.yaml │ ├── store │ ├── flux-system-rw-gitrepo.yaml │ ├── imageauto.yaml │ ├── imagepolicy.yaml │ ├── imagerepo.yaml │ ├── ingress-patch.yaml │ ├── kustomization.yaml │ └── planetstore-patch.yaml │ ├── traefik │ ├── kustomization.yaml │ ├── traefik-ingressclass.yaml │ └── traefik-patch.yaml │ └── whoami │ ├── ingressroute-patch.yaml │ ├── kustomization.yaml │ └── whoami-patch.yaml ├── base ├── production │ ├── apps.yaml │ ├── infrastructure.yaml │ └── kustomization.yaml └── staging │ ├── apps.yaml │ ├── infrastructure.yaml │ └── kustomization.yaml ├── certificates └── moo-cluster │ ├── .sops.pub.asc │ ├── .sops.yaml │ ├── argocd-secret-tls.yaml │ ├── gitno-prod-hephy-pro-tls.yaml │ ├── harbor-ingress-tls.yaml │ ├── keycloak-hephy-pro-tls.yaml │ ├── kubytest-tls.yaml │ ├── oidc-proxy-tls.yaml │ ├── planetstore-stg-tls.yaml │ ├── scrob-hephy-pro-tls.yaml │ ├── vpn-admin-hephy-pro-tls.yaml │ └── vpn-hephy-pro-tls.yaml ├── clusters ├── aks-kuberkingdon │ ├── apps │ │ └── podinfo │ │ │ ├── kustomization.yaml │ │ │ ├── kustomizeconfig.yaml │ │ │ ├── my-values.yaml │ │ │ ├── namespace.yaml │ │ │ ├── release.yaml │ │ │ └── repository.yaml │ ├── flux-sync │ │ ├── flux-gitrepo.yaml │ │ └── flux-kustomization.yaml │ ├── flux-system │ │ ├── gotk-components.yaml │ │ └── kustomization.yaml │ └── kustomization.yaml ├── amd64-test │ ├── configmap-example.yaml │ └── flux-system │ │ └── example-gitops-fluxconfig.yaml ├── bases │ └── rbac │ │ ├── kingdon-ci-weave-gitops.yaml │ │ └── wego-admin.yaml ├── capi-secrets │ └── hephy-stg │ │ └── flux-system │ │ ├── gotk-components.yaml │ │ ├── gotk-sync.yaml │ │ └── kustomization.yaml ├── default │ ├── cluster-01 │ │ ├── clusters-bases-kustomization.yaml │ │ └── flux-system │ │ │ ├── gotk-components.yaml │ │ │ ├── gotk-sync.yaml │ │ │ └── kustomization.yaml │ └── somtochi │ │ └── default-namespace.yaml ├── demo-cluster-1 │ ├── configmap-example.yaml │ └── operators │ │ ├── gotk-components.yaml │ │ ├── gotk-sync.yaml │ │ └── kustomization.yaml ├── demo-cluster-2 │ ├── configmap-example.yaml │ ├── flux-system │ │ ├── gotk-components.yaml │ │ ├── gotk-sync.yaml │ │ └── kustomization.yaml │ ├── kustomization.yaml │ ├── oci-stuff │ │ └── ocirepository.yaml │ ├── secrets │ │ └── crypted-secrets-fluxconfig.yaml │ ├── tenant-permissions │ │ ├── default-sa-dev-team.yaml │ │ └── list-ns-dev-team.yaml │ └── trash │ │ └── flux-system-fluxconfig.yaml ├── example-kingdon-personal │ └── configmap-example.yaml ├── full-ape-aks │ ├── flux-system │ │ ├── gotk-components.yaml │ │ ├── gotk-sync.yaml │ │ └── kustomization.yaml │ ├── kube-system │ │ └── coredns-configmap.yaml │ ├── production │ │ └── howard-kustomization.yaml │ ├── secrets │ │ └── my-secrets.yaml │ └── wg-system │ │ └── weave-gitops.yaml ├── gke-geekingdon │ ├── apps │ │ └── podinfo │ │ │ ├── kustomization.yaml │ │ │ ├── kustomizeconfig.yaml │ │ │ ├── my-values.yaml │ │ │ ├── namespace.yaml │ │ │ ├── release.yaml │ │ │ └── repository.yaml │ ├── artifact-imagerepo.yaml │ ├── flux-sync │ │ ├── flux-gitrepo.yaml │ │ └── flux-kustomization.yaml │ ├── flux-system │ │ ├── crd-controller-flux-system-clusterrole.yaml │ │ ├── flux-bootstrap-clusterrolebinding.yaml │ │ ├── flux-bootstrap-crd-clusterrolebinding.yaml │ │ ├── gotk-components.yaml │ │ └── kustomization.yaml │ ├── imagerepo.yaml │ └── kustomization.yaml ├── hephy-staging │ ├── _namespaces │ │ └── deis-ns.yaml │ ├── clusters-bases-kustomization.yaml │ ├── flux-operator.yaml │ ├── flux-stats │ │ ├── flux-kustomization.yaml │ │ ├── namespace.yaml │ │ └── ocirepo.yaml │ ├── hephy │ │ └── flux-kustomization.yaml │ ├── howto │ │ ├── flux-kustomization.yaml │ │ └── git-repository.yaml │ └── persistence │ │ └── flux-kustomization.yaml ├── howard-moomboo-space │ ├── clusters-bases-kustomization.yaml │ ├── clusters │ │ ├── .keep │ │ ├── clusters-alpha.yaml │ │ └── external-self-hosted │ │ │ ├── demo-cluster-2-gitopscluster.yaml │ │ │ ├── demo-cluster-gitopscluster.yaml │ │ │ ├── hephy-stg-gitopscluster.yaml │ │ │ ├── home-workers-gitopscluster.yaml │ │ │ ├── howard-moomboo-staging-gitopscluster.yaml │ │ │ └── moo-cluster-gitopscluster.yaml │ ├── configmap-example.yaml │ ├── examples │ │ └── howard-kustomization.yaml │ ├── flux-operator.yaml │ ├── kube-system │ │ └── coredns-configmap.yaml │ ├── load-balancers │ │ ├── vcluster-another-test-load-balancer.yaml │ │ ├── vcluster-botkube-demo-load-balancer.yaml │ │ ├── vcluster-cluster-01-load-balancer.yaml │ │ ├── vcluster-cluster-02-load-balancer.yaml │ │ ├── vcluster-cluster-03-load-balancer.yaml │ │ ├── vcluster-example-load-balancer.yaml │ │ ├── vcluster-limnocentral-load-balancer.yaml │ │ ├── vcluster-somtochi-load-balancer.yaml │ │ └── vcluster-vcluster-load-balancer.yaml │ ├── production │ │ ├── bookstack-ns.yaml │ │ ├── fleet-infra-gitrepo.yaml │ │ ├── howard-infra-kustomization.yaml │ │ └── howard-kustomization.yaml │ ├── secrets │ │ ├── github-app-secrets.yaml │ │ └── my-secrets.yaml │ ├── wg-system │ │ ├── weave-gitops.yaml │ │ └── weave-later.yaml │ └── zz-namespaces │ │ ├── dex-ns.yaml │ │ ├── external-self-hosted-ns.yaml │ │ ├── grafana-ns.yaml │ │ └── vcluster-ns.yaml ├── moo-cluster │ ├── cert-manager │ │ └── flux-kustomization.yaml │ ├── certificates │ │ └── flux-kustomization.yaml │ ├── chartmuseum │ │ └── flux-kustomization.yaml │ ├── cluster-api │ │ ├── aks-kuberkingdon2.yaml │ │ ├── flux-kustomization.yaml │ │ ├── gitrepository.yaml │ │ └── gke-cluster-1.yaml │ ├── flamingo │ │ └── flux-kustomization.yaml │ ├── flux-operator.yaml │ ├── flux-system-extras │ │ ├── cert-manager-network-policy.yaml │ │ ├── git-commit-status-alert-provider.yaml │ │ ├── git-webhook-receiver.yaml │ │ ├── gitno-hephy-pro-ingress.yaml │ │ ├── image-webhook-receiver.yaml │ │ ├── on-call-webapp-alert.yaml │ │ ├── podinfo-image-webhook-receiver.yaml │ │ └── slack-notification.yaml │ ├── flux-system │ │ ├── flux-sync.yaml │ │ ├── gotk-components.yaml │ │ ├── gotk-sync.yaml │ │ ├── helm.toolkit.fluxcd.io_helmreleases.yaml │ │ ├── kustomization.yaml │ │ └── source-controller.yaml │ ├── harbor │ │ └── flux-kustomization.yaml │ ├── ingress-nginx │ │ └── flux-kustomization.yaml │ ├── keycloak │ │ └── flux-kustomization.yaml │ ├── kingdon-ci-weave-gitops.yaml │ ├── kpack │ │ └── flux-kustomization.yaml │ ├── kube-oidc-proxy │ │ └── flux-kustomization.yaml │ ├── kuby-test │ │ ├── config.yaml │ │ └── flux-kustomization.yaml │ ├── magalix │ │ └── flux-kustomization.yaml │ ├── metallb │ │ └── flux-kustomization.yaml │ ├── metrics-server │ │ └── flux-kustomization.yaml │ ├── minecraft │ │ ├── minecraft-git.yaml │ │ └── minecraft-hr.yaml │ ├── minio-stage │ │ ├── flux-kustomization.yaml │ │ ├── juozas-namespace.yaml │ │ ├── namespace.yaml │ │ └── teamhephy-repo.yaml │ ├── monitoring │ │ └── flux-kustomization.yaml │ ├── my-secrets │ │ └── my-secrets-kustomization.yaml │ ├── openvpn-as │ │ └── flux-kustomization.yaml │ ├── persistence │ │ └── flux-kustomization.yaml │ ├── routers │ │ └── flux-kustomization.yaml │ ├── scrob │ │ ├── flux-kustomization.yaml │ │ ├── gitrepo.yaml │ │ ├── kustomization.yaml │ │ └── scrob-web-receiver.yaml │ ├── staging │ │ └── kustomization.yaml │ └── zznamespaces │ │ ├── argocd-ns.yaml │ │ ├── cert-manager-ns.yaml │ │ ├── chartmuseum-ns.yaml │ │ ├── deis-namespace.yaml │ │ ├── harbor-ns.yaml │ │ ├── ingress-nginx-ns.yaml │ │ ├── keycloak-ns.yaml │ │ ├── kpack-namespace.yaml │ │ ├── kube-oidc-proxy-ns.yaml │ │ ├── kubytest-production-namespace.yaml │ │ ├── metallb-system-ns.yaml │ │ ├── minecraft-ns.yaml │ │ ├── monitoring-ns.yaml │ │ ├── openvpn-as-ns.yaml │ │ ├── planet-store-ns.yaml │ │ ├── podinfo-namespace.yaml │ │ ├── scrob-production-namespace.yaml │ │ ├── sintache-namespace.yaml │ │ ├── traefik-staging-namespace.yaml │ │ └── whoami-namespace.yaml ├── my-test-cluster │ └── flux-system │ │ ├── gotk-components.yaml │ │ ├── gotk-sync.yaml │ │ └── kustomization.yaml ├── production │ ├── apps.yaml │ ├── flux-system │ │ ├── gotk-components.yaml │ │ ├── gotk-sync.yaml │ │ └── kustomization.yaml │ └── infrastructure.yaml ├── staging │ ├── apps.yaml │ ├── flux-system │ │ ├── gotk-components.yaml │ │ ├── gotk-sync.yaml │ │ └── kustomization.yaml │ └── infrastructure.yaml ├── talos-dev │ └── podinfo.yaml └── vcluster │ ├── flux-system │ ├── gotk-components.yaml │ ├── gotk-sync.yaml │ └── kustomization.yaml │ └── testing │ ├── helmrelease.yaml │ └── helmrepo.yaml ├── infrastructure ├── crds │ ├── kustomization.yaml │ └── traefik-crds.yaml ├── kpack-release-0.6.0.yaml ├── kustomization.yaml ├── planet-clusterstack.yaml └── planet-clusterstore.yaml ├── persistence-hephy-stg ├── deis-hephy-pvc-pv.yaml └── deis-hephy-pvc.yaml ├── persistence ├── harbor │ ├── harbor-db-postgres-pv.yaml │ ├── harbor-db-postgres.yaml │ ├── harbor-jobservice-pv.yaml │ ├── harbor-jobservice-scandata-pv.yaml │ ├── harbor-jobservice-scandata.yaml │ ├── harbor-jobservice.yaml │ ├── harbor-redis-pv.yaml │ ├── harbor-redis.yaml │ ├── harbor-registry-pv.yaml │ ├── harbor-registry.yaml │ ├── harbor-trivy-pv.yaml │ └── harbor-trivy.yaml ├── minecraft │ ├── my-first-minecraft-minecraft-datadir-pvc-pv.yaml │ └── my-first-minecraft-minecraft-datadir-pvc.yaml ├── minio-stage-pvc-pv.yaml ├── minio-stage-pvc.yaml ├── minio-storage-pvc-pv.yaml ├── minio-storage-pvc.yaml ├── openvpn-openvpn-as-state-pvc-pv.yaml ├── openvpn-openvpn-as-state-pvc.yaml ├── traefik-tls-pvc-pv.yaml └── traefik-tls-pvc.yaml ├── scripts └── validate.sh └── secrets ├── WARNING.md ├── cluster-api ├── .sops.pub.asc ├── .sops.yaml ├── aks-kuberkingdon-kubeconfig.yaml ├── aks-kuberkingdon2-kubeconfig.yaml ├── get-kubeconfig.sh ├── gke-cluster-1-kubeconfig.yaml └── identity.sh ├── demo-cluster-2 ├── .sops.pub.asc ├── .sops.yaml ├── kustomization.yaml ├── kustomizeconfig.yaml ├── values.enc.yaml └── weave-gitops.yaml ├── hephy-staging ├── deis-db-admin-password.yaml ├── example-kubeconfig-git-secret.yaml └── stats-tracker-secret.yaml ├── howard-prod ├── .sops.pub.asc ├── .sops.yaml ├── dex-client.yaml ├── flagger-webhook-url.yaml ├── fleet-infra-git-secret.yaml ├── github-app-private-key.yaml ├── github-client.yaml ├── grafana-secret.yaml ├── howard-stage-user-kubeconfig-secret.yaml └── limnocentral-user-kubeconfig-secret.yaml ├── moo-cluster ├── .sops.pub.asc ├── .sops.yaml ├── chartmuseum-minio-user.yaml ├── cluster-api-sops-gpg.yaml ├── default-minio-user.yaml ├── github-token-secret.yaml ├── harbor-admin-secret.yaml ├── harbor-minio-user.yaml ├── kuby-test-secret.yaml ├── kubytest-production-flux-system-rw.yaml ├── kubytest-production-webhook-token-secret.yaml ├── magalix-license.yaml ├── minecraft │ └── minecraft-rcon-password-secret.yaml ├── monitoring-slack-api-url.yaml ├── planet-store │ ├── planet-store-flux-system-rw-secret.yaml │ ├── planet-store-rails-master-key-secret.yaml │ ├── planetstore-db-password-secret.yaml │ └── read-only-secret.yaml ├── scrob-web-secrets.yaml ├── sintache-example │ ├── sintache-db-password-secret.yaml │ ├── sintache-flux-system-rw-secret.yaml │ ├── sintache-git-reader-secret.yaml │ ├── sintache-img-admin-secret.yaml │ └── sintache-rails-master-key-secret.yaml ├── slack-app-token-secret.yaml ├── sops-docker-test │ ├── creds.json │ ├── creds.txt │ └── kustomization.yaml ├── store-git-reader-secret.yaml ├── store-img-admin-secret.yaml ├── traefik-dashboard-auth-htpasswd.yaml ├── vpn-admin-superuser.yaml ├── vpn-user-kingdon.yaml └── webhook-token-secret.yaml └── unused └── keycloak-db-pass.yaml /.github/actions/tools/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM stefanprodan/alpine-base:latest 2 | 3 | COPY entrypoint.sh /entrypoint.sh 4 | RUN chmod +x /entrypoint.sh 5 | USER 1001 6 | ENTRYPOINT ["/entrypoint.sh"] 7 | -------------------------------------------------------------------------------- /.github/actions/tools/action.yml: -------------------------------------------------------------------------------- 1 | name: 'kustomize' 2 | description: 'A GitHub Action with Kubernetes tools' 3 | author: 'Stefan Prodan' 4 | branding: 5 | icon: 'command' 6 | color: 'blue' 7 | runs: 8 | using: 'docker' 9 | image: 'Dockerfile' 10 | -------------------------------------------------------------------------------- /.github/workflows/.gitignore: -------------------------------------------------------------------------------- 1 | e2e.yaml 2 | -------------------------------------------------------------------------------- /.github/workflows/test.yaml: -------------------------------------------------------------------------------- 1 | name: test 2 | 3 | on: 4 | pull_request: 5 | push: 6 | branches: 7 | - 'main' 8 | 9 | jobs: 10 | manifests: 11 | runs-on: ubuntu-latest 12 | steps: 13 | - name: Checkout 14 | uses: actions/checkout@v4 15 | - name: Setup tools 16 | uses: ./.github/actions/tools 17 | - name: Validate manifests 18 | run: ./scripts/validate.sh 19 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | **/admin.conf 2 | -------------------------------------------------------------------------------- /apps/argocd/apps/00-cluster-api-secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 00-cluster-api-secrets 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: flux-system 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./secrets/cluster-api 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: main 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/10-cert-manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 10-cert-manager 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: cert-manager 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/cert-manager 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/11-certificates.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 11-certificates 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: flux-system 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/certificates 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/12-persistence.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 12-persistence 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: harbor 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/harbor 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/20-my-secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 20-my-secrets 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: flux-system 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./secrets/moo-cluster 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/29-metallb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 29-metallb 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: metallb-system 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/metallb 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/30-ingress-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 30-ingress-nginx 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: ingress-nginx 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/ingress-nginx 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/31-openvpn.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 31-openvpn 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: openvpn 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/openvpn 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/32-keycloak.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 32-keycloak 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: keycloak 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/keycloak 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/33-kube-oidc-proxy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 33-kube-oidc-proxy 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: kube-oidc-proxy 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/kube-oidc-proxy 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/34-magalix.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 34-magalix 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: kube-system 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/magalix 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/40-routers.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 40-routers 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: traefik-staging 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/routers 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/50-metrics-server.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 50-metrics-server 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: kube-system 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/metrics-server 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/75-deis.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 75-deis 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: deis 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/hephy 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/80-monitoring.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 80-monitoring 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: monitoring 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/monitoring 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/85-kuby-test.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 85-kuby-test 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: kubytest-production 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/kuby-test 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/90-minio-stage.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 90-minio-stage 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: minio-stage 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/minio 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/91-harbor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 91-harbor 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: harbor 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/harbor 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/92-chartmuseum.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 92-chartmuseum 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: chartmuseum 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/chartmuseum 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/93-scrob-prod-app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 93-scrob-prod 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: scrob-production 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./manifests 13 | repoURL: https://github.com/kingdonb/scrob-web 14 | targetRevision: main 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/95-flamingo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: 95-flamingo 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: argocd 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/argocd 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/apps.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: apps 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: podinfo-staging 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./apps/staging 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/flux-system-app.yaml: -------------------------------------------------------------------------------- 1 | ### This was based on the instructions at https://github.com/chanwit/flamingo/releases/tag/v2.2.5-fl.0 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: Application 4 | metadata: 5 | name: flux-system 6 | namespace: argocd 7 | spec: 8 | destination: 9 | namespace: flux-system 10 | server: https://kubernetes.default.svc 11 | project: default 12 | source: 13 | path: ./clusters/moo-cluster 14 | repoURL: https://github.com/kingdonb/bootstrap-repo 15 | targetRevision: staging 16 | syncPolicy: 17 | syncOptions: 18 | - ApplyOutOfSyncOnly=true 19 | - FluxSubsystem=true 20 | -------------------------------------------------------------------------------- /apps/argocd/apps/infrastructure.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: infrastructure 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: flux-system 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./infrastructure 13 | repoURL: https://github.com/kingdonb/bootstrap-repo 14 | targetRevision: staging 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - 00-cluster-api-secrets.yaml 5 | - 10-cert-manager.yaml 6 | - 11-certificates.yaml 7 | - 12-persistence.yaml 8 | - 20-my-secrets.yaml 9 | - 29-metallb.yaml 10 | - 30-ingress-nginx.yaml 11 | - 31-openvpn.yaml 12 | - 32-keycloak.yaml 13 | - 33-kube-oidc-proxy.yaml 14 | - 34-magalix.yaml 15 | - 40-routers.yaml 16 | - 50-metrics-server.yaml 17 | - 75-deis.yaml 18 | - 80-monitoring.yaml 19 | - 85-kuby-test.yaml 20 | - 90-minio-stage.yaml 21 | - 91-harbor.yaml 22 | - 92-chartmuseum.yaml 23 | - 93-scrob-prod-app.yaml 24 | - 95-flamingo.yaml 25 | - apps.yaml 26 | - flux-system-app.yaml 27 | - infrastructure.yaml 28 | - monitoring-config.yaml 29 | - monitoring-stack.yaml 30 | - traefik-api-crds.yaml 31 | -------------------------------------------------------------------------------- /apps/argocd/apps/monitoring-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: monitoring-config 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: flux-system 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./manifests/monitoring/monitoring-config 13 | repoURL: https://github.com/kingdonb/flux2 14 | targetRevision: monitoring 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/monitoring-stack.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: monitoring-stack 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: monitoring 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./manifests/monitoring/kube-prometheus-stack 13 | repoURL: https://github.com/kingdonb/flux2 14 | targetRevision: monitoring 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/apps/traefik-api-crds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: traefik-api-crds 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: flux-system 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | path: ./traefik/crds/ 13 | repoURL: https://github.com/traefik/traefik-helm-chart.git 14 | targetRevision: v10.3.0 15 | syncPolicy: 16 | syncOptions: 17 | - ApplyOutOfSyncOnly=true 18 | - FluxSubsystem=true 19 | -------------------------------------------------------------------------------- /apps/argocd/argocd-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: argocd 5 | annotations: 6 | #cert-manager.io/cluster-issuer: letsencrypt-production 7 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 8 | nginx.ingress.kubernetes.io/ssl-passthrough: "true" 9 | spec: 10 | ingressClassName: internal 11 | tls: 12 | - hosts: 13 | - argocd.hephy.pro 14 | secretName: argocd-secret 15 | rules: 16 | - host: argocd.hephy.pro 17 | http: 18 | paths: 19 | - path: / 20 | pathType: Prefix 21 | backend: 22 | service: 23 | name: argocd-server 24 | port: 25 | name: https 26 | -------------------------------------------------------------------------------- /apps/argocd/argocd-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | ### There is no TLS backend for the HTTP-01 challenge, only plain-text HTTP 2 | kind: Service 3 | apiVersion: v1 4 | metadata: 5 | name: argocd-public-challenge 6 | namespace: argocd 7 | spec: 8 | ports: 9 | - name: argocd-not-found 10 | protocol: TCP 11 | port: 443 12 | targetPort: 443 13 | nodePort: 0 14 | - name: argocd-http-challenge 15 | protocol: TCP 16 | port: 80 17 | targetPort: 80 18 | nodePort: 0 19 | --- 20 | kind: Endpoints 21 | apiVersion: v1 22 | metadata: 23 | name: argocd-public-challenge 24 | namespace: argocd 25 | subsets: 26 | - addresses: 27 | - ip: 10.17.12.202 28 | ports: 29 | - port: 443 30 | name: argocd-not-found 31 | - port: 80 32 | name: argocd-http-challenge 33 | -------------------------------------------------------------------------------- /apps/base/hephy/hephy-workflow-beta.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: hephy-workflow-beta 6 | namespace: deis 7 | spec: 8 | type: oci 9 | interval: 1m0s 10 | url: oci://ghcr.io/kingdonb/hephy-workflow-beta 11 | --- 12 | apiVersion: source.toolkit.fluxcd.io/v1 13 | kind: GitRepository 14 | metadata: 15 | name: hephy-workflow-beta 16 | namespace: deis 17 | spec: 18 | interval: 1m0s 19 | ref: 20 | branch: main 21 | url: https://github.com/kingdonb/hephy-workflow-beta 22 | -------------------------------------------------------------------------------- /apps/base/hephy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helmrelease-deis-hephy.yaml 5 | - teamhephy-repo.yaml 6 | - hephy-workflow-beta.yaml 7 | -------------------------------------------------------------------------------- /apps/base/hephy/teamhephy-repo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: teamhephy 6 | spec: 7 | interval: 10m0s 8 | url: https://charts.teamhephy.com 9 | -------------------------------------------------------------------------------- /apps/base/metallb/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - github.com/metallb/metallb-operator//config/default?ref=v0.10.2 5 | - github.com/metallb/metallb-operator//config/metallb_rbac?ref=v0.10.2 6 | - metallb-system.yaml 7 | -------------------------------------------------------------------------------- /apps/base/metallb/metallb-system.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: metallb.io/v1beta1 2 | kind: MetalLB 3 | metadata: 4 | name: metallb 5 | -------------------------------------------------------------------------------- /apps/base/minio/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - minio-stage-ns.yaml 5 | -------------------------------------------------------------------------------- /apps/base/minio/minio-stage-ns.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: v1 2 | # kind: Namespace 3 | # metadata: 4 | # name: minio-stage 5 | -------------------------------------------------------------------------------- /apps/base/podinfo/5.0.0/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/stefanprodan/podinfo:5.0.0 2 | -------------------------------------------------------------------------------- /apps/base/podinfo/6.0.0/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/stefanprodan/podinfo:6.0.0 2 | -------------------------------------------------------------------------------- /apps/base/podinfo/ingressroute.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: traefik.io/v1alpha1 2 | kind: IngressRoute 3 | metadata: 4 | name: simplepodinfo 5 | spec: 6 | entryPoints: 7 | - web 8 | routes: 9 | - match: Host(`fix.me`) && PathPrefix(`/notls`) 10 | kind: Rule 11 | services: 12 | - kind: Service 13 | name: podinfo 14 | port: 9898 15 | 16 | --- 17 | apiVersion: traefik.io/v1alpha1 18 | kind: IngressRoute 19 | metadata: 20 | name: podinfotls 21 | spec: 22 | entryPoints: 23 | - websecure 24 | routes: 25 | - match: Host(`fix.me`) && PathPrefix(`/tls`) 26 | kind: Rule 27 | services: 28 | - kind: Service 29 | name: podinfo 30 | port: 9898 31 | tls: 32 | certResolver: myresolver 33 | -------------------------------------------------------------------------------- /apps/base/podinfo/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - podinfo-deployment.yaml 6 | - ingressroute.yaml 7 | -------------------------------------------------------------------------------- /apps/base/podinfo/podinfo-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: podinfo 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: podinfo 9 | template: 10 | metadata: 11 | labels: 12 | app: podinfo 13 | spec: 14 | containers: 15 | - name: podinfod 16 | image: ghcr.io/stefanprodan/podinfo:5.0.0 17 | imagePullPolicy: IfNotPresent 18 | ports: 19 | - name: http 20 | containerPort: 9898 21 | protocol: TCP 22 | 23 | --- 24 | 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: podinfo 29 | namespace: app 30 | spec: 31 | ports: 32 | - name: http 33 | port: 9898 34 | selector: 35 | app: podinfo 36 | -------------------------------------------------------------------------------- /apps/base/sintache/_example-pusher-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: example-pusher 5 | namespace: sintache 6 | secrets: 7 | - name: example-pusher 8 | - name: example-git-reader 9 | imagePullSecrets: 10 | - name: example-pusher 11 | -------------------------------------------------------------------------------- /apps/base/sintache/_ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: sintache 5 | spec: 6 | rules: 7 | - host: fix.me 8 | http: 9 | paths: 10 | - backend: 11 | service: 12 | name: sintache 13 | port: 14 | number: 9292 15 | path: / 16 | pathType: Prefix 17 | -------------------------------------------------------------------------------- /apps/base/sintache/example-image-flux-ks.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | # kind: Kustomization 3 | # metadata: 4 | # name: 97-example-image-build 5 | # namespace: sintache 6 | # spec: 7 | # interval: 60m0s 8 | # retryInterval: 1m0s 9 | # timeout: 5m0s 10 | # sourceRef: 11 | # kind: GitRepository 12 | # name: flux-sync 13 | # namespace: flux-system 14 | # path: ./apps/base/sintache/example-image 15 | # dependsOn: 16 | # - name: 85-kpack 17 | # namespace: kpack 18 | # prune: true 19 | # wait: true 20 | # #suspend: false 21 | -------------------------------------------------------------------------------- /apps/base/sintache/example-image/example-image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kpack.io/v1alpha2 2 | kind: Image 3 | metadata: 4 | name: example-image 5 | namespace: sintache 6 | spec: 7 | tag: img.hephy.pro/examples/sinatra-mustache 8 | imageTaggingStrategy: BuildNumber 9 | serviceAccountName: example-pusher 10 | builder: 11 | name: example-builder 12 | kind: Builder 13 | source: 14 | git: 15 | url: git@github.com:yebyen/mustache-sinatra-example.git 16 | revision: master 17 | build: 18 | env: 19 | - name: EXAMPLE_BUILD_VAR 20 | value: asdf1234 21 | -------------------------------------------------------------------------------- /apps/base/sintache/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - example-image-flux-ks.yaml 5 | - _example-pusher-sa.yaml 6 | - _sinatra-example-deployment.yaml 7 | - _ingress.yaml 8 | -------------------------------------------------------------------------------- /apps/base/store/_ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: planetstore 5 | spec: 6 | rules: 7 | - host: fix.me 8 | http: 9 | paths: 10 | - backend: 11 | service: 12 | name: planet-store 13 | port: 14 | number: 9292 15 | path: / 16 | pathType: Prefix 17 | -------------------------------------------------------------------------------- /apps/base/store/_store-pusher-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: store-pusher 5 | namespace: planet-store 6 | secrets: 7 | - name: planet-pusher 8 | - name: store-git-reader 9 | imagePullSecrets: 10 | - name: planet-pusher 11 | -------------------------------------------------------------------------------- /apps/base/store/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - planet-image-flux-ks.yaml 5 | - _store-pusher-sa.yaml 6 | - _planetstore-deployment.yaml 7 | - _ingress.yaml 8 | -------------------------------------------------------------------------------- /apps/base/store/planet-image-flux-ks.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | # kind: Kustomization 3 | # metadata: 4 | # name: 96-planet-image-build 5 | # namespace: planet-store 6 | # spec: 7 | # interval: 60m0s 8 | # retryInterval: 1m0s 9 | # timeout: 5m0s 10 | # sourceRef: 11 | # kind: GitRepository 12 | # name: flux-sync 13 | # namespace: flux-system 14 | # path: ./apps/base/store/planet-image 15 | # dependsOn: 16 | # - name: 85-kpack 17 | # namespace: kpack 18 | # prune: true 19 | # wait: true 20 | # #suspend: false 21 | -------------------------------------------------------------------------------- /apps/base/store/planet-image/planet-image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kpack.io/v1alpha2 2 | kind: Image 3 | metadata: 4 | name: planet-image 5 | namespace: planet-store 6 | spec: 7 | tag: img.hephy.pro/planetstore/web 8 | imageTaggingStrategy: BuildNumber 9 | serviceAccountName: store-pusher 10 | builder: 11 | name: planet-builder 12 | kind: Builder 13 | source: 14 | git: 15 | url: git@github.com:yebyen/planet-store.git 16 | revision: production 17 | #revision: c090ccca4a41096cc1155d20e05ddf9999211754 18 | build: 19 | env: 20 | - name: SECRET_KEY_BASE 21 | value: asdf1234 22 | -------------------------------------------------------------------------------- /apps/base/traefik/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - rbac.yaml 5 | - traefik.yaml 6 | - svc.yaml 7 | -------------------------------------------------------------------------------- /apps/base/traefik/svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: traefik 7 | labels: 8 | app.kubernetes.io/instance: traefik 9 | app.kubernetes.io/name: traefik 10 | spec: 11 | selector: 12 | app.kubernetes.io/instance: traefik 13 | app.kubernetes.io/name: traefik 14 | type: LoadBalancer 15 | externalTrafficPolicy: Local 16 | ports: 17 | - port: 80 18 | name: web 19 | targetPort: web 20 | protocol: TCP 21 | - port: 443 22 | name: websecure 23 | targetPort: websecure 24 | protocol: TCP 25 | - port: 8080 26 | name: webnonpriv 27 | targetPort: webnonpriv 28 | protocol: TCP 29 | - port: 8443 30 | name: websecnonpriv 31 | targetPort: websecnonpriv 32 | protocol: TCP 33 | -------------------------------------------------------------------------------- /apps/base/whoami/ingressroute.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: traefik.io/v1alpha1 2 | kind: IngressRoute 3 | metadata: 4 | name: simplewhoami 5 | spec: 6 | entryPoints: 7 | - web 8 | routes: 9 | - match: Host(`fix.me`) && PathPrefix(`/notls`) 10 | kind: Rule 11 | services: 12 | - kind: Service 13 | name: whoamiv1 14 | port: 80 15 | 16 | --- 17 | apiVersion: traefik.io/v1alpha1 18 | kind: IngressRoute 19 | metadata: 20 | name: whoamitls 21 | spec: 22 | entryPoints: 23 | - websecure 24 | routes: 25 | - match: Host(`fix.me`) && PathPrefix(`/tls`) 26 | kind: Rule 27 | services: 28 | - kind: Service 29 | name: whoamiv1 30 | port: 80 31 | tls: 32 | certResolver: myresolver 33 | -------------------------------------------------------------------------------- /apps/base/whoami/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - deployment.yaml 6 | - ingressroute.yaml 7 | -------------------------------------------------------------------------------- /apps/cert-manager/1.11.0/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | #- cert-manager.crds.yaml 5 | - cert-manager.yaml 6 | -------------------------------------------------------------------------------- /apps/cert-manager/1.14.5/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | #- cert-manager.crds.yaml 5 | - cert-manager.yaml 6 | -------------------------------------------------------------------------------- /apps/cert-manager/howard-space/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../1.11.0/ 5 | patchesStrategicMerge: 6 | # - |- 7 | # apiVersion: v1 8 | # kind: Namespace 9 | # metadata: 10 | # name: cert-manager 11 | # $patch: delete 12 | -------------------------------------------------------------------------------- /apps/cert-manager/moo-cluster-staging/example-clusterissuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: ClusterIssuer 3 | metadata: 4 | name: example-clusterissuer 5 | spec: 6 | acme: 7 | email: acme@teamhephy.info 8 | server: https://acme-staging-v02.api.letsencrypt.org/directory 9 | privateKeySecretRef: 10 | name: example-clusterissuer-account-key 11 | solvers: 12 | - http01: 13 | ingress: 14 | ingressClassName: public 15 | -------------------------------------------------------------------------------- /apps/cert-manager/moo-cluster-staging/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../1.14.5/ 5 | - example-clusterissuer.yaml 6 | - letsencrypt-production-clusterissuer.yaml 7 | patchesStrategicMerge: 8 | - |- 9 | apiVersion: v1 10 | kind: Namespace 11 | metadata: 12 | name: cert-manager 13 | $patch: delete 14 | -------------------------------------------------------------------------------- /apps/cert-manager/moo-cluster-staging/letsencrypt-production-clusterissuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: ClusterIssuer 3 | metadata: 4 | name: letsencrypt-production 5 | spec: 6 | acme: 7 | email: acme@teamhephy.info 8 | server: https://acme-v02.api.letsencrypt.org/directory 9 | privateKeySecretRef: 10 | name: production-clusterissuer-account-key 11 | solvers: 12 | - http01: 13 | ingress: 14 | ingressClassName: public 15 | -------------------------------------------------------------------------------- /apps/chartmuseum/helmrepo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta1 3 | kind: HelmRepository 4 | metadata: 5 | name: chartmuseum 6 | namespace: chartmuseum 7 | spec: 8 | interval: 1h1m49s 9 | url: https://chartmuseum.github.io/charts 10 | -------------------------------------------------------------------------------- /apps/github-app-secret/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | namespace: default 2 | resources: [] 3 | # - ../../basic 4 | -------------------------------------------------------------------------------- /apps/github-app-secret/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | namespace: flux-system 2 | resources: [] 3 | # - ../../basic 4 | -------------------------------------------------------------------------------- /apps/github-app-secret/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - default 3 | - test 4 | - vcluster 5 | - vcluster-howard-moomboo-stage 6 | - flux-system 7 | -------------------------------------------------------------------------------- /apps/github-app-secret/test/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # namespace: test 2 | # resources: 3 | # - ../../basic 4 | resources: [] 5 | -------------------------------------------------------------------------------- /apps/github-app-secret/vcluster-howard-moomboo-stage/kustomization.yaml: -------------------------------------------------------------------------------- 1 | namespace: vcluster-howard-moomboo-stage 2 | resources: [] 3 | # - ../../basic 4 | -------------------------------------------------------------------------------- /apps/github-app-secret/vcluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | namespace: vcluster 2 | resources: [] 3 | # - ../../basic 4 | -------------------------------------------------------------------------------- /apps/harbor/helmrepo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: harbor 6 | spec: 7 | interval: 1h1m49s 8 | url: https://helm.goharbor.io 9 | -------------------------------------------------------------------------------- /apps/harbor/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: harbor 4 | resources: 5 | - helmrelease.yaml 6 | - helmrepo.yaml 7 | - harbor-ingress-stub.yaml 8 | -------------------------------------------------------------------------------- /apps/hephy/blog-ingressroute.yaml: -------------------------------------------------------------------------------- 1 | # --- 2 | # apiVersion: traefik.io/v1alpha1 3 | # kind: IngressRoute 4 | # metadata: 5 | # name: blog-insecure 6 | # spec: 7 | # entryPoints: 8 | # - web 9 | # routes: 10 | # - match: Host(`blog.teamhephy.info`) 11 | # kind: Rule 12 | # services: 13 | # - kind: Service 14 | # name: blog 15 | # namespace: blog 16 | # port: 80 17 | # --- 18 | # apiVersion: traefik.io/v1alpha1 19 | # kind: IngressRoute 20 | # metadata: 21 | # name: blog 22 | # spec: 23 | # entryPoints: 24 | # - websecure 25 | # routes: 26 | # - match: Host(`blog.teamhephy.info`) 27 | # kind: Rule 28 | # services: 29 | # - kind: Service 30 | # name: blog 31 | # namespace: blog 32 | # port: 80 33 | # tls: 34 | # certResolver: prodresolver 35 | -------------------------------------------------------------------------------- /apps/hephy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: deis 4 | resources: 5 | - ../base/hephy 6 | - blog-ingressroute.yaml 7 | 8 | patchesStrategicMerge: 9 | - hephy-patch.yaml 10 | -------------------------------------------------------------------------------- /apps/howard-infra/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../../cert-manager/howard-space 3 | -------------------------------------------------------------------------------- /apps/howard-prod/.sops.yaml: -------------------------------------------------------------------------------- 1 | creation_rules: 2 | - path_regex: .*values.yaml$ 3 | pgp: 4524E49D3C40FB2D0E130205C769E1FE14ADE97A 4 | - path_regex: ".*\\.yaml" 5 | encrypted_regex: ^(data|stringData)$ 6 | pgp: 4524E49D3C40FB2D0E130205C769E1FE14ADE97A 7 | -------------------------------------------------------------------------------- /apps/howard-prod/bookstack/.gitignore: -------------------------------------------------------------------------------- 1 | values.yaml 2 | -------------------------------------------------------------------------------- /apps/howard-prod/bookstack/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 3 | kind: HelmRelease 4 | metadata: 5 | name: bookstack 6 | namespace: flux-system 7 | spec: 8 | chart: 9 | spec: 10 | chart: bookstack 11 | reconcileStrategy: ChartVersion 12 | sourceRef: 13 | kind: HelmRepository 14 | name: stable-deprecated 15 | interval: 10m0s 16 | timeout: 3m0s 17 | releaseName: my-bookstack-wiki 18 | targetNamespace: bookstack 19 | storageNamespace: bookstack 20 | valuesFrom: 21 | - kind: Secret 22 | name: bookstack-values 23 | -------------------------------------------------------------------------------- /apps/howard-prod/bookstack/helmrepository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: stable-deprecated 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | provider: generic 10 | timeout: 2m0s 11 | url: https://charts.helm.sh/stable 12 | -------------------------------------------------------------------------------- /apps/howard-prod/bookstack/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: default 4 | resources: [] 5 | # resources: 6 | # - helmrepository.yaml 7 | # # - helmrelease.yaml 8 | # # - persistent-volumes.yaml 9 | # # - pv-claims.yaml 10 | # secretGenerator: 11 | # - name: bookstack-values 12 | # files: 13 | # - values.yaml=values.enc.yaml 14 | # configurations: 15 | # - kustomizeconfig.yaml 16 | -------------------------------------------------------------------------------- /apps/howard-prod/bookstack/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | nameReference: 2 | - kind: Secret 3 | version: v1 4 | fieldSpecs: 5 | - path: spec/valuesFrom/name 6 | kind: HelmRelease 7 | -------------------------------------------------------------------------------- /apps/howard-prod/botkube/.gitignore: -------------------------------------------------------------------------------- 1 | values.yaml 2 | -------------------------------------------------------------------------------- /apps/howard-prod/botkube/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 3 | kind: HelmRelease 4 | metadata: 5 | name: botkube 6 | namespace: flux-system 7 | spec: 8 | targetNamespace: botkube 9 | storageNamespace: botkube 10 | releaseName: botkube 11 | chart: 12 | spec: 13 | chart: botkube 14 | reconcileStrategy: ChartVersion 15 | sourceRef: 16 | kind: HelmRepository 17 | name: botkube 18 | version: ">=v1.0.0" 19 | interval: 10m0s 20 | timeout: 1m0s 21 | install: 22 | createNamespace: true 23 | valuesFrom: 24 | - kind: Secret 25 | name: botkube-values 26 | -------------------------------------------------------------------------------- /apps/howard-prod/botkube/helmrepository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: botkube 6 | namespace: flux-system 7 | spec: 8 | interval: 10m0s 9 | url: https://charts.botkube.io 10 | -------------------------------------------------------------------------------- /apps/howard-prod/botkube/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: default 4 | resources: 5 | - helmrepository.yaml 6 | # - helmrelease.yaml 7 | secretGenerator: 8 | - name: botkube-values 9 | files: 10 | - values.yaml=botkube-values.enc.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /apps/howard-prod/botkube/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | nameReference: 2 | - kind: Secret 3 | version: v1 4 | fieldSpecs: 5 | - path: spec/valuesFrom/name 6 | kind: HelmRelease 7 | -------------------------------------------------------------------------------- /apps/howard-prod/capi-system/1.3.2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | #- bootstrap-components.yaml 5 | - cluster-api-components.yaml 6 | -------------------------------------------------------------------------------- /apps/howard-prod/capi-system/1.5.3/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | #- bootstrap-components.yaml 5 | - cluster-api-components.yaml 6 | -------------------------------------------------------------------------------- /apps/howard-prod/capi-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - 1.5.3 5 | - vcluster/0.1.3/infrastructure-components.yaml 6 | -------------------------------------------------------------------------------- /apps/howard-prod/configmap-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: foobar-prod 5 | namespace: default 6 | data: 7 | TEXT: something 8 | -------------------------------------------------------------------------------- /apps/howard-prod/dex/clusterroles.yaml: -------------------------------------------------------------------------------- 1 | # --- 2 | # apiVersion: rbac.authorization.k8s.io/v1 3 | # kind: ClusterRoleBinding 4 | # metadata: 5 | # name: kingdon-ci:weave-gitops 6 | # subjects: 7 | # - kind: Group 8 | # name: kingdon-ci:weave-gitops 9 | # apiGroup: rbac.authorization.k8s.io 10 | # roleRef: 11 | # kind: ClusterRole 12 | # name: cluster-admin 13 | # apiGroup: rbac.authorization.k8s.io 14 | -------------------------------------------------------------------------------- /apps/howard-prod/namespace.yaml: -------------------------------------------------------------------------------- 1 | kind: Namespace 2 | apiVersion: v1 3 | metadata: 4 | name: default 5 | -------------------------------------------------------------------------------- /apps/ingress-nginx/helmrepo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1beta2 2 | kind: HelmRepository 3 | metadata: 4 | name: ingress-nginx 5 | namespace: flux-system 6 | spec: 7 | interval: 1h 8 | url: https://kubernetes.github.io/ingress-nginx 9 | -------------------------------------------------------------------------------- /apps/keycloak/keycloak-db-user-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | DB_ADDR: keycloak-db.turkey.local 4 | DB_DATABASE: keycloak 5 | DB_PORT: "3306" 6 | DB_USER: keycloak_admin 7 | DB_VENDOR: mariadb 8 | kind: ConfigMap 9 | metadata: 10 | name: keycloak-db-user 11 | -------------------------------------------------------------------------------- /apps/keycloak/keycloak-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: keycloak 5 | annotations: 6 | cert-manager.io/cluster-issuer: letsencrypt-production 7 | spec: 8 | ingressClassName: internal 9 | tls: 10 | - hosts: 11 | - keycloak.hephy.pro 12 | secretName: keycloak-hephy-pro 13 | rules: 14 | - host: keycloak.hephy.pro 15 | http: 16 | paths: 17 | - path: / 18 | pathType: Prefix 19 | backend: 20 | service: 21 | name: keycloak 22 | port: 23 | number: 8080 24 | -------------------------------------------------------------------------------- /apps/kpack/example-builder.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kpack.io/v1alpha2 2 | kind: Builder 3 | metadata: 4 | name: example-builder 5 | namespace: sintache 6 | spec: 7 | serviceAccountName: example-pusher 8 | tag: img.hephy.pro/examples/ruby-builder 9 | stack: 10 | name: full 11 | kind: ClusterStack 12 | store: 13 | name: default 14 | kind: ClusterStore 15 | order: 16 | - group: 17 | - id: paketo-buildpacks/ruby 18 | -------------------------------------------------------------------------------- /apps/kpack/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: [] 2 | -------------------------------------------------------------------------------- /apps/kpack/planet-builder.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kpack.io/v1alpha2 2 | kind: Builder 3 | metadata: 4 | name: planet-builder 5 | namespace: planet-store 6 | spec: 7 | serviceAccountName: store-pusher 8 | tag: img.hephy.pro/planetstore/web-builder 9 | stack: 10 | name: full 11 | kind: ClusterStack 12 | store: 13 | name: default 14 | kind: ClusterStore 15 | order: 16 | - group: 17 | - id: paketo-buildpacks/ruby 18 | -------------------------------------------------------------------------------- /apps/kube-oidc-proxy/cluster-role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: oidc-admin-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: cluster-admin 9 | subjects: 10 | - apiGroup: rbac.authorization.k8s.io 11 | kind: User 12 | name: 1be50ca1-c777-4295-841e-8d5841a70c10 13 | - apiGroup: rbac.authorization.k8s.io 14 | kind: User 15 | name: 18533dbd-0526-466c-b5ea-c8bb6725a18d 16 | -------------------------------------------------------------------------------- /apps/kube-oidc-proxy/gitrepo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1beta2 2 | kind: GitRepository 3 | metadata: 4 | name: tremolo-kube-oidc-proxy 5 | namespace: flux-system 6 | spec: 7 | interval: 1h 8 | url: https://github.com/kingdonb/kube-oidc-proxy 9 | ref: 10 | branch: ingress-v1 11 | ignore: | 12 | # exclude all 13 | /* 14 | # include charts directory 15 | !/deploy/charts/ 16 | -------------------------------------------------------------------------------- /apps/kuby-test/dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: traefik.io/v1alpha1 2 | kind: IngressRoute 3 | metadata: 4 | name: traefik-dashboard 5 | namespace: traefik-staging 6 | spec: 7 | routes: 8 | - match: Host(`dashboard.hephy.pro`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`)) 9 | kind: Rule 10 | services: 11 | - name: api@internal 12 | kind: TraefikService 13 | middlewares: 14 | - name: auth 15 | entryPoints: 16 | - websecure 17 | tls: 18 | certResolver: myresolver 19 | --- 20 | apiVersion: traefik.io/v1alpha1 21 | kind: Middleware 22 | metadata: 23 | name: auth 24 | namespace: traefik-staging 25 | spec: 26 | basicAuth: 27 | secret: traefik-dashboard-auth-htpasswd 28 | -------------------------------------------------------------------------------- /apps/kuby-test/flux-system-rw-gitrepo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: GitRepository 4 | metadata: 5 | name: flux-system-rw 6 | namespace: kubytest-production 7 | spec: 8 | gitImplementation: go-git 9 | interval: 30m0s 10 | ref: 11 | branch: staging 12 | secretRef: 13 | name: flux-system-rw 14 | timeout: 20s 15 | url: ssh://git@github.com/kingdonb/bootstrap-repo 16 | -------------------------------------------------------------------------------- /apps/kuby-test/gone-fishing-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | back: later 4 | kind: ConfigMap 5 | metadata: 6 | name: gone-fishing 7 | namespace: kubytest-production 8 | -------------------------------------------------------------------------------- /apps/kuby-test/image-webhook-recv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: notification.toolkit.fluxcd.io/v1beta2 2 | kind: Receiver 3 | metadata: 4 | name: image-webhook 5 | namespace: kubytest-production 6 | spec: 7 | type: harbor 8 | secretRef: 9 | name: webhook-token 10 | resources: 11 | - apiVersion: image.toolkit.fluxcd.io/v1alpha1 12 | kind: ImageRepository 13 | name: kuby-tester 14 | #--- 15 | #apiVersion: notification.toolkit.fluxcd.io/v1beta2 16 | #kind: Receiver 17 | #metadata: 18 | # name: image-webhook 19 | # namespace: kubytest-production 20 | #spec: 21 | # resources: 22 | # - apiVersion: image.toolkit.fluxcd.io/v1alpha1 23 | # kind: ImageRepository 24 | # name: kuby-tester 25 | # secretRef: 26 | # name: webhook-token 27 | # type: generic 28 | -------------------------------------------------------------------------------- /apps/kuby-test/kuby-tester-assets-imagepol.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.toolkit.fluxcd.io/v1beta1 3 | kind: ImagePolicy 4 | metadata: 5 | name: kuby-tester-assets 6 | namespace: kubytest-production 7 | spec: 8 | filterTags: 9 | extract: $ts 10 | pattern: ^(?P[0-9]+)-assets$ 11 | imageRepositoryRef: 12 | name: kuby-tester 13 | policy: 14 | numerical: 15 | order: asc 16 | -------------------------------------------------------------------------------- /apps/kuby-test/kuby-tester-imageauto.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.toolkit.fluxcd.io/v1beta1 3 | kind: ImageUpdateAutomation 4 | metadata: 5 | name: kuby-tester 6 | namespace: kubytest-production 7 | spec: 8 | git: 9 | checkout: 10 | ref: 11 | branch: staging 12 | commit: 13 | author: 14 | email: fluxcdbot@users.noreply.github.com 15 | name: fluxcdbot 16 | messageTemplate: '{{range .Updated.Images}}{{println .}}{{end}}' 17 | push: 18 | branch: staging 19 | interval: 1m0s 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system-rw 23 | update: 24 | path: ./clusters/moo-cluster/kuby-test 25 | strategy: Setters 26 | -------------------------------------------------------------------------------- /apps/kuby-test/kuby-tester-imagepol.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.toolkit.fluxcd.io/v1beta1 3 | kind: ImagePolicy 4 | metadata: 5 | name: kuby-tester 6 | namespace: kubytest-production 7 | spec: 8 | filterTags: 9 | extract: $ts 10 | pattern: ^(?P[0-9]+)$ 11 | imageRepositoryRef: 12 | name: kuby-tester 13 | policy: 14 | numerical: 15 | order: asc 16 | -------------------------------------------------------------------------------- /apps/kuby-test/kuby-tester-imagerepo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.toolkit.fluxcd.io/v1beta1 3 | kind: ImageRepository 4 | metadata: 5 | name: kuby-tester 6 | namespace: kubytest-production 7 | spec: 8 | image: img.hephy.pro/kuby-tester/kuby_test 9 | interval: 2m0s 10 | #secretRef: 11 | # name: kubytest-registry-secret 12 | -------------------------------------------------------------------------------- /apps/kuby-test/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - gone-fishing-cm.yaml 3 | -------------------------------------------------------------------------------- /apps/local-path-provisioner/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - https://raw.githubusercontent.com/rancher/local-path-provisioner/v0.0.22/deploy/local-path-storage.yaml 5 | patchesStrategicMerge: 6 | - |- 7 | apiVersion: storage.k8s.io/v1 8 | kind: StorageClass 9 | metadata: 10 | name: local-path 11 | annotations: 12 | storageclass.kubernetes.io/is-default-class: "true" 13 | -------------------------------------------------------------------------------- /apps/magalix/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kube-system 4 | resources: 5 | #- deployment.yaml 6 | #- validating.yaml 7 | -------------------------------------------------------------------------------- /apps/metallb/REMOVED.md: -------------------------------------------------------------------------------- 1 | Check out: 2 | 3 | * [kingdonb/csh-flux//clusters/home-workers/metallb: Overlay](https://github.com/kingdonb/csh-flux/blob/main/clusters/home-workers/metallb/kustomization.yaml) 4 | * [kingdonb/csh-flux//clusters/home-workers/metallb: Configuration](https://github.com/kingdonb/csh-flux/blob/main/clusters/home-workers/metallb/resources.yaml) 5 | 6 | where this is maintained now. 7 | -------------------------------------------------------------------------------- /apps/minio/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - stage 5 | - storage 6 | -------------------------------------------------------------------------------- /apps/minio/stage/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: minio-stage 4 | resources: 5 | - minio-helmrelease.yaml 6 | - minio-ingressroute.yaml 7 | -------------------------------------------------------------------------------- /apps/minio/storage/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: minio-juozas 4 | resources: 5 | - juozas-helmrelease.yaml 6 | - juozas-ingressroute.yaml 7 | -------------------------------------------------------------------------------- /apps/monitoring/.gitignore: -------------------------------------------------------------------------------- 1 | monitoring/ 2 | -------------------------------------------------------------------------------- /apps/monitoring/flux-kustomization-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 3 | kind: Kustomization 4 | metadata: 5 | name: monitoring-config 6 | namespace: flux-system 7 | spec: 8 | interval: 10m0s 9 | timeout: 2m0s 10 | path: ./manifests/monitoring/monitoring-config 11 | prune: true 12 | dependsOn: 13 | - name: monitoring-stack 14 | namespace: monitoring 15 | sourceRef: 16 | kind: GitRepository 17 | name: monitoring 18 | namespace: monitoring 19 | -------------------------------------------------------------------------------- /apps/monitoring/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - flux-kustomization-config.yaml 5 | - flux-kustomization.yaml 6 | - source.yaml 7 | -------------------------------------------------------------------------------- /apps/monitoring/source.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: GitRepository 4 | metadata: 5 | name: monitoring 6 | namespace: monitoring 7 | spec: 8 | interval: 30m0s 9 | ref: 10 | branch: monitoring 11 | url: https://github.com/kingdonb/flux2 12 | -------------------------------------------------------------------------------- /apps/openvpn/helmrepo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1beta2 2 | kind: HelmRepository 3 | metadata: 4 | name: stenic 5 | namespace: flux-system 6 | spec: 7 | interval: 111h2m0s 8 | url: https://stenic.github.io/helm-charts 9 | -------------------------------------------------------------------------------- /apps/openvpn/kingdonb-helm-charts-1-gitrepo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: GitRepository 4 | metadata: 5 | name: kingdonb-helm-charts-1 6 | namespace: flux-system 7 | spec: 8 | interval: 19h38m0s 9 | ref: 10 | branch: helm-single-lb-only 11 | url: https://github.com/kingdonb/helm-charts-1 12 | -------------------------------------------------------------------------------- /apps/openvpn/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - helmrepo.yaml 5 | ## WARNING - OpenVPN does not work 6 | # - helmrelease.yaml 7 | # - kingdonb-helm-charts-1-gitrepo.yaml 8 | # - openvpn-openvpn-as-lb-udp.yaml 9 | # - vpn-ingressroute.yaml 10 | -------------------------------------------------------------------------------- /apps/openvpn/openvpn-openvpn-as-lb-udp.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: openvpn-openvpn-as-lb-udp 5 | namespace: openvpn 6 | spec: 7 | type: LoadBalancer 8 | loadBalancerIP: 10.17.12.206 9 | selector: 10 | app.kubernetes.io/instance: openvpn 11 | app.kubernetes.io/name: openvpn-as 12 | ports: 13 | - name: vpn-udp 14 | port: 1194 15 | targetPort: vpn-udp 16 | protocol: UDP 17 | -------------------------------------------------------------------------------- /apps/podinfo/configmap-test.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: test 5 | -------------------------------------------------------------------------------- /apps/production/podinfo/imagepolicy.yaml: -------------------------------------------------------------------------------- 1 | #--- 2 | #apiVersion: image.toolkit.fluxcd.io/v1beta1 3 | #kind: ImagePolicy 4 | #metadata: 5 | # name: podinfo 6 | # namespace: flux-system 7 | #spec: 8 | # imageRepositoryRef: 9 | # name: podinfo 10 | # policy: 11 | # semver: 12 | # range: 5.0.x 13 | # 14 | -------------------------------------------------------------------------------- /apps/production/podinfo/imagerepo.yaml: -------------------------------------------------------------------------------- 1 | #--- 2 | #apiVersion: image.toolkit.fluxcd.io/v1beta1 3 | #kind: ImageRepository 4 | #metadata: 5 | # name: podinfo 6 | # namespace: flux-system 7 | #spec: 8 | # image: us-central1-docker.pkg.dev/dx-kingdon/geekingdon-images/podinfo 9 | # interval: 1m0s 10 | # 11 | -------------------------------------------------------------------------------- /apps/production/podinfo/ingressroute-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: traefik.io/v1alpha1 2 | kind: IngressRoute 3 | metadata: 4 | name: simplepodinfo 5 | spec: 6 | routes: 7 | - kind: Rule 8 | match: Host(`podinfo.prod.hephy.pro`) 9 | services: 10 | - kind: Service 11 | name: podinfo 12 | port: 9898 13 | --- 14 | apiVersion: traefik.io/v1alpha1 15 | kind: IngressRoute 16 | metadata: 17 | name: podinfotls 18 | spec: 19 | routes: 20 | - kind: Rule 21 | match: Host(`podinfo.prod.hephy.pro`) 22 | services: 23 | - kind: Service 24 | name: podinfo 25 | port: 9898 26 | -------------------------------------------------------------------------------- /apps/production/podinfo/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: podinfo-production 5 | resources: 6 | - namespace.yaml 7 | - ../../base/podinfo 8 | #- imagerepo.yaml 9 | #- imagepolicy.yaml 10 | 11 | patchesStrategicMerge: 12 | - podinfo-patch.yaml 13 | - ingressroute-patch.yaml 14 | -------------------------------------------------------------------------------- /apps/production/podinfo/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: podinfo-production 7 | -------------------------------------------------------------------------------- /apps/production/podinfo/podinfo-patch.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Deployment 3 | apiVersion: apps/v1 4 | metadata: 5 | name: podinfo 6 | spec: 7 | replicas: 4 8 | template: 9 | spec: 10 | containers: 11 | - name: podinfod 12 | image: gcr.io/dx-kingdon/podinfo:5.0.0 13 | # args: 14 | # - -ascii 15 | # - -name=PRODUCTION 16 | -------------------------------------------------------------------------------- /apps/production/traefik/certificates-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: traefik-tls 5 | namespace: traefik-production 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 1Gi 12 | -------------------------------------------------------------------------------- /apps/production/traefik/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: traefik-production 5 | resources: 6 | - namespace.yaml 7 | - ../../base/traefik 8 | - certificates-pvc.yaml 9 | 10 | patchesStrategicMerge: 11 | - traefik-patch.yaml 12 | -------------------------------------------------------------------------------- /apps/production/traefik/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: traefik-production 7 | -------------------------------------------------------------------------------- /apps/production/whoami/ingressroute-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: traefik.io/v1alpha1 2 | kind: IngressRoute 3 | metadata: 4 | name: simplewhoami 5 | spec: 6 | routes: 7 | - kind: Rule 8 | match: Host(`whoami.prod.hephy.pro`) 9 | services: 10 | - kind: Service 11 | name: whoamiv1 12 | port: 80 13 | --- 14 | apiVersion: traefik.io/v1alpha1 15 | kind: IngressRoute 16 | metadata: 17 | name: whoamitls 18 | spec: 19 | routes: 20 | - kind: Rule 21 | match: Host(`whoami.prod.hephy.pro`) 22 | services: 23 | - kind: Service 24 | name: whoamiv1 25 | port: 80 26 | -------------------------------------------------------------------------------- /apps/production/whoami/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: whoami-production 5 | resources: 6 | - namespace.yaml 7 | - ../../base/whoami 8 | 9 | patchesStrategicMerge: 10 | - whoami-patch.yaml 11 | - ingressroute-patch.yaml 12 | -------------------------------------------------------------------------------- /apps/production/whoami/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: whoami-production 7 | -------------------------------------------------------------------------------- /apps/production/whoami/whoami-patch.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Deployment 3 | apiVersion: apps/v1 4 | metadata: 5 | name: whoamiv1 6 | spec: 7 | replicas: 8 8 | template: 9 | spec: 10 | containers: 11 | - name: whoamiv1 12 | args: 13 | - -ascii 14 | - -name=PRODUCTION 15 | -------------------------------------------------------------------------------- /apps/routers/democl-webhook/democl-cluster-escape.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: democl-webhook-cluster-escape 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: democl-webhook-http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | --- 14 | kind: Endpoints 15 | apiVersion: v1 16 | metadata: 17 | name: democl-webhook-cluster-escape 18 | namespace: traefik-staging 19 | subsets: 20 | - addresses: 21 | - ip: 10.103.57.244 22 | ports: 23 | - port: 80 24 | name: democl-webhook-http 25 | -------------------------------------------------------------------------------- /apps/routers/democl-webhook/democl-webhook-ingress.yaml: -------------------------------------------------------------------------------- 1 | # provided by in-cluster 2 | -------------------------------------------------------------------------------- /apps/routers/democl-webhook/democl-webhook-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: democl-webhook-public-ingress 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: democl-webhook-http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | - name: democl-webhook-https 14 | protocol: TCP 15 | port: 443 16 | targetPort: 443 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: democl-webhook-public-ingress 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.12.202 27 | ports: 28 | - port: 80 29 | name: democl-webhook-http 30 | - port: 443 31 | name: democl-webhook-https 32 | -------------------------------------------------------------------------------- /apps/routers/planetstore-stg/stg-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: stg-public-ingress 5 | namespace: planet-store 6 | spec: 7 | ports: 8 | - name: planet-store-http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | - name: planet-store-https 14 | protocol: TCP 15 | port: 443 16 | targetPort: 443 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: stg-public-ingress 23 | namespace: planet-store 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.12.202 27 | ports: 28 | - port: 80 29 | name: planet-store-http 30 | - port: 443 31 | name: planet-store-https 32 | -------------------------------------------------------------------------------- /apps/routers/scrob-dev/scrob-dev-cluster-escape.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: scrob-dev-cluster-escape 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: scrob-dev-public-https 9 | protocol: TCP 10 | port: 443 11 | targetPort: 443 12 | nodePort: 0 13 | --- 14 | kind: Endpoints 15 | apiVersion: v1 16 | metadata: 17 | name: scrob-dev-cluster-escape 18 | namespace: traefik-staging 19 | subsets: 20 | - addresses: 21 | - ip: 10.17.12.202 22 | ports: 23 | - port: 443 24 | name: scrob-dev-public-https 25 | -------------------------------------------------------------------------------- /apps/routers/scrob-dev/scrob-dev-ingress.yaml: -------------------------------------------------------------------------------- 1 | # provided by in-cluster 2 | -------------------------------------------------------------------------------- /apps/routers/scrob-dev/scrob-dev-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: scrob-dev-public-ingress 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: scrob-dev-http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | - name: scrob-dev-https 14 | protocol: TCP 15 | port: 443 16 | targetPort: 443 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: scrob-dev-public-ingress 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.12.202 27 | ports: 28 | - port: 80 29 | name: scrob-dev-http 30 | - port: 443 31 | name: scrob-dev-https 32 | -------------------------------------------------------------------------------- /apps/routers/scrob-web/scrob-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: scrob-public-ingress 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: scrob-http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | - name: scrob-https 14 | protocol: TCP 15 | port: 443 16 | targetPort: 443 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: scrob-public-ingress 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.12.202 27 | ports: 28 | - port: 80 29 | name: scrob-http 30 | - port: 443 31 | name: scrob-https 32 | -------------------------------------------------------------------------------- /apps/routers/sintache-stg/stg-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: stg-public-ingress 5 | namespace: sintache 6 | spec: 7 | ports: 8 | - name: sintache-http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | - name: sintache-https 14 | protocol: TCP 15 | port: 443 16 | targetPort: 443 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: stg-public-ingress 23 | namespace: sintache 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.12.202 27 | ports: 28 | - port: 80 29 | name: sintache-http 30 | - port: 443 31 | name: sintache-https 32 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/blog-https/blog-teamhephy-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: blog-teamhephy 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: blog-https 9 | protocol: TCP 10 | port: 443 11 | targetPort: 443 12 | nodePort: 0 13 | - name: blog-http 14 | protocol: TCP 15 | port: 80 16 | targetPort: 80 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: blog-teamhephy 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.12.208 27 | ports: 28 | - port: 443 29 | name: blog-https 30 | - port: 80 31 | name: blog-http 32 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/commits-to-prod/commits-to-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: commits-to 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | - name: https 14 | protocol: TCP 15 | port: 443 16 | targetPort: 443 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: commits-to 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.12.208 27 | ports: 28 | - port: 80 29 | name: http 30 | - port: 443 31 | name: https 32 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/commitstew-staging/commitstew-com-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: commitstew-com 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: k8s-https 9 | protocol: TCP 10 | port: 443 11 | targetPort: 443 12 | nodePort: 0 13 | --- 14 | kind: Endpoints 15 | apiVersion: v1 16 | metadata: 17 | name: commitstew-com 18 | namespace: traefik-staging 19 | subsets: 20 | - addresses: 21 | - ip: 10.17.12.208 22 | ports: 23 | - port: 443 24 | name: k8s-https 25 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/docs-https/docs-teamhephy-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: docs-teamhephy 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: https 9 | protocol: TCP 10 | port: 443 11 | targetPort: 443 12 | nodePort: 0 13 | - name: http 14 | protocol: TCP 15 | port: 80 16 | targetPort: 80 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: docs-teamhephy 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.12.202 27 | ports: 28 | - port: 443 29 | name: https 30 | - port: 80 31 | name: http 32 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/gitno-prod/gitno-prod-cluster-escape.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: gitno-prod-cluster-escape 5 | namespace: flux-system 6 | spec: 7 | ports: 8 | - name: gitno-prod-http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | --- 14 | kind: Endpoints 15 | apiVersion: v1 16 | metadata: 17 | name: gitno-prod-cluster-escape 18 | namespace: flux-system 19 | subsets: 20 | - addresses: 21 | - ip: 10.110.150.176 22 | ports: 23 | - port: 80 24 | name: gitno-prod-http 25 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/gitno-prod/gitno-prod-hephy-pro-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: webhook-receiver-prod 5 | namespace: flux-system 6 | annotations: 7 | cert-manager.io/cluster-issuer: letsencrypt-production 8 | nginx.ingress.kubernetes.io/force-ssl-redirect: "false" 9 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 10 | spec: 11 | ingressClassName: public 12 | rules: 13 | - host: gitno-prod.hephy.pro 14 | http: 15 | paths: 16 | - path: / 17 | pathType: Prefix 18 | backend: 19 | service: 20 | name: gitno-prod-cluster-escape 21 | port: 22 | number: 80 23 | tls: 24 | - hosts: 25 | - gitno-prod.hephy.pro 26 | secretName: gitno-prod-hephy-pro-tls 27 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/gitno-prod/gitno-prod-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: gitno-prod-public-ingress 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: gitno-prod-http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | - name: gitno-prod-https 14 | protocol: TCP 15 | port: 443 16 | targetPort: 443 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: gitno-prod-public-ingress 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.12.202 27 | ports: 28 | - port: 80 29 | name: gitno-prod-http 30 | - port: 443 31 | name: gitno-prod-https 32 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/harbor-certmanager/img-letsencrypt-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: img-public-challenge 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: img-not-found 9 | protocol: TCP 10 | port: 443 11 | targetPort: 443 12 | nodePort: 0 13 | - name: img-http-challenge 14 | protocol: TCP 15 | port: 80 16 | targetPort: 80 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: img-public-challenge 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.12.202 27 | ports: 28 | - port: 443 29 | name: img-not-found 30 | - port: 80 31 | name: img-http-challenge 32 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/harbor-certmanager/img-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: img-nginx-backend 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: img-nginx-backend 9 | protocol: TCP 10 | port: 443 11 | targetPort: 443 12 | nodePort: 0 13 | - name: img-not-found-http 14 | protocol: TCP 15 | port: 80 16 | targetPort: 80 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: img-nginx-backend 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.12.231 27 | ports: 28 | - port: 443 29 | name: img-nginx-backend 30 | - port: 80 31 | name: img-not-found-http 32 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/harvey/moomboo/harvey-moomboo-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: harvey-moomboo 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: k8s-http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | - name: k8s-https 14 | protocol: TCP 15 | port: 443 16 | targetPort: 443 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: harvey-moomboo 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.13.241 27 | ports: 28 | - port: 80 29 | name: k8s-http 30 | - port: 443 31 | name: k8s-https 32 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/howard/moomboo/howard-moomboo-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: howard-moomboo 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: k8s-http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | - name: k8s-https 14 | protocol: TCP 15 | port: 443 16 | targetPort: 443 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: howard-moomboo 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.12.235 27 | ports: 28 | - port: 80 29 | name: k8s-http 30 | - port: 443 31 | name: k8s-https 32 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/howard/talos-dev-webhook/talos-dev-cluster-escape.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: talos-dev-cluster-escape 5 | namespace: flux-system 6 | spec: 7 | ports: 8 | - name: talos-dev-http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | --- 14 | kind: Endpoints 15 | apiVersion: v1 16 | metadata: 17 | name: talos-dev-cluster-escape 18 | namespace: flux-system 19 | subsets: 20 | - addresses: 21 | - ip: 10.17.13.242 22 | ports: 23 | - port: 80 24 | name: talos-dev-http 25 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/howard/test-webhook/webhook-test-howard-cluster-escape.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: webhook-test-howard-cluster-escape 5 | namespace: flux-system 6 | spec: 7 | ports: 8 | - name: webhook-http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | --- 14 | kind: Endpoints 15 | apiVersion: v1 16 | metadata: 17 | name: webhook-test-howard-cluster-escape 18 | namespace: flux-system 19 | subsets: 20 | - addresses: 21 | - ip: 10.17.13.242 22 | ports: 23 | - port: 80 24 | name: webhook-http 25 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/howto-kubeconfig/howto-kubeconfig-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: howto-kubeconfig 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: howto-https 9 | protocol: TCP 10 | port: 443 11 | targetPort: 443 12 | nodePort: 0 13 | - name: howto-http 14 | protocol: TCP 15 | port: 80 16 | targetPort: 80 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: howto-kubeconfig 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.12.202 27 | ports: 28 | - port: 443 29 | name: howto-https 30 | - port: 80 31 | name: howto-http 32 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/inactive/bart-howard/bart-howard-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: bart-howard 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: bart-https 9 | protocol: TCP 10 | port: 443 11 | targetPort: 443 12 | nodePort: 0 13 | - name: bart-http 14 | protocol: TCP 15 | port: 80 16 | targetPort: 80 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: bart-howard 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.12.202 27 | ports: 28 | - port: 443 29 | name: bart-https 30 | - port: 80 31 | name: bart-http 32 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/inactive/bart-howard/bart-stage-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: bart-stage 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: bart-https 9 | protocol: TCP 10 | port: 443 11 | targetPort: 443 12 | nodePort: 0 13 | - name: bart-http 14 | protocol: TCP 15 | port: 80 16 | targetPort: 80 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: bart-stage 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.12.202 27 | ports: 28 | - port: 443 29 | name: bart-https 30 | - port: 80 31 | name: bart-http 32 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/inactive/grafana-moomboo/grafana-moomboo-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: grafana-moomboo 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | - name: https 14 | protocol: TCP 15 | port: 443 16 | targetPort: 443 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: grafana-moomboo 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.13.241 27 | ports: 28 | - port: 80 29 | name: http 30 | - port: 443 31 | name: https 32 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/inactive/grafana-test/grafana-moomboo-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: grafana-test 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | - name: https 14 | protocol: TCP 15 | port: 443 16 | targetPort: 443 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: grafana-test 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.13.242 27 | ports: 28 | - port: 80 29 | name: http 30 | - port: 443 31 | name: https 32 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/inactive/howard-staging/howard-staging-ingressroute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: IngressRouteTCP 4 | metadata: 5 | name: howard-staging 6 | namespace: traefik-staging 7 | spec: 8 | entryPoints: 9 | - websecure 10 | routes: 11 | - match: HostSNI(`howard.moomboo.stage`) 12 | services: 13 | - name: howard-staging 14 | namespace: traefik-staging 15 | port: 443 16 | tls: 17 | passthrough: true 18 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/inactive/howard-staging/howard-staging-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: howard-staging 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: k8s-https 9 | protocol: TCP 10 | port: 443 11 | targetPort: 443 12 | nodePort: 0 13 | --- 14 | kind: Endpoints 15 | apiVersion: v1 16 | metadata: 17 | name: howard-staging 18 | namespace: traefik-staging 19 | subsets: 20 | - addresses: 21 | - ip: 10.17.12.210 22 | ports: 23 | - port: 443 24 | name: k8s-https 25 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/inactive/kingdonb-dev/kingdonb-dev-ingressroute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: IngressRouteTCP 4 | metadata: 5 | name: kingdonb-dev 6 | namespace: traefik-staging 7 | spec: 8 | entryPoints: 9 | - websecure 10 | routes: 11 | - match: HostSNI(`kingdonb.dev`) 12 | services: 13 | - name: kingdonb-dev 14 | namespace: traefik-staging 15 | port: 443 16 | - match: HostSNI(`kb.kingdonb.dev`) 17 | services: 18 | - name: kingdonb-dev 19 | namespace: traefik-staging 20 | port: 443 21 | tls: 22 | passthrough: true 23 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/inactive/kingdonb-dev/kingdonb-dev-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: kingdonb-dev 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: k8s-https 9 | protocol: TCP 10 | port: 443 11 | targetPort: 443 12 | nodePort: 0 13 | --- 14 | kind: Endpoints 15 | apiVersion: v1 16 | metadata: 17 | name: kingdonb-dev 18 | namespace: traefik-staging 19 | subsets: 20 | - addresses: 21 | - ip: 10.17.12.208 22 | ports: 23 | - port: 443 24 | name: k8s-https 25 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/inactive/newexample-howard-moomboo/howard-moomboo-ingressroute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: traefik.io/v1alpha1 3 | kind: IngressRouteTCP 4 | metadata: 5 | name: newexample-howard-moomboo 6 | namespace: traefik-staging 7 | spec: 8 | entryPoints: 9 | - websecure 10 | routes: 11 | - match: HostSNI(`newexample.howard.moomboo.space`) 12 | services: 13 | - name: newexample-howard-moomboo 14 | namespace: traefik-staging 15 | port: 443 16 | tls: 17 | passthrough: true 18 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/inactive/newexample-howard-moomboo/howard-moomboo-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: newexample-howard-moomboo 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: k8s-https 9 | protocol: TCP 10 | port: 443 11 | targetPort: 443 12 | nodePort: 0 13 | --- 14 | kind: Endpoints 15 | apiVersion: v1 16 | metadata: 17 | name: newexample-howard-moomboo 18 | namespace: traefik-staging 19 | subsets: 20 | - addresses: 21 | - ip: 10.17.12.213 22 | ports: 23 | - port: 443 24 | name: k8s-https 25 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/inactive/ruby-stats/ruby-stats-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: ruby-stats 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: public-http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | - name: public-https 14 | protocol: TCP 15 | port: 443 16 | targetPort: 443 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: ruby-stats 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.12.202 27 | ports: 28 | - port: 80 29 | name: public-http 30 | - port: 443 31 | name: public-https 32 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/inactive/simple-test-moomboo/test-moomboo-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: simple-test-moomboo 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: k8s-http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | - name: k8s-https 14 | protocol: TCP 15 | port: 443 16 | targetPort: 443 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: simple-test-moomboo 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.13.242 27 | ports: 28 | - port: 80 29 | name: k8s-http 30 | - port: 443 31 | name: k8s-https 32 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/inactive/yaateeh-dev/yaateeh-dev-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: yaateeh-dev 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: k8s-https 9 | protocol: TCP 10 | port: 443 11 | targetPort: 443 12 | nodePort: 0 13 | --- 14 | kind: Endpoints 15 | apiVersion: v1 16 | metadata: 17 | name: yaateeh-dev 18 | namespace: traefik-staging 19 | subsets: 20 | - addresses: 21 | - ip: 10.17.12.208 22 | ports: 23 | - port: 443 24 | name: k8s-https 25 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/test-moomboo/test-moomboo-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: test-moomboo 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: k8s-http 9 | protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | nodePort: 0 13 | - name: k8s-https 14 | protocol: TCP 15 | port: 443 16 | targetPort: 443 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: test-moomboo 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.13.244 27 | ports: 28 | - port: 80 29 | name: k8s-http 30 | - port: 443 31 | name: k8s-https 32 | -------------------------------------------------------------------------------- /apps/routers/talos-related-routes/water-https/water-teamhephy-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: water-teamhephy 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: water-https 9 | protocol: TCP 10 | port: 443 11 | targetPort: 443 12 | nodePort: 0 13 | - name: water-http 14 | protocol: TCP 15 | port: 80 16 | targetPort: 80 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: water-teamhephy 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.13.245 27 | ports: 28 | - port: 443 29 | name: water-https 30 | - port: 80 31 | name: water-http 32 | -------------------------------------------------------------------------------- /apps/routers/vpn-frontend/vpn-admin-service-endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: vpn-admin-public-challenge 5 | namespace: traefik-staging 6 | spec: 7 | ports: 8 | - name: vpn-admin-not-found 9 | protocol: TCP 10 | port: 443 11 | targetPort: 443 12 | nodePort: 0 13 | - name: vpn-admin-http-challenge 14 | protocol: TCP 15 | port: 80 16 | targetPort: 80 17 | nodePort: 0 18 | --- 19 | kind: Endpoints 20 | apiVersion: v1 21 | metadata: 22 | name: vpn-admin-public-challenge 23 | namespace: traefik-staging 24 | subsets: 25 | - addresses: 26 | - ip: 10.17.12.202 27 | ports: 28 | - port: 443 29 | name: vpn-admin-not-found 30 | - port: 80 31 | name: vpn-admin-http-challenge 32 | -------------------------------------------------------------------------------- /apps/staging/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - traefik 3 | - store 4 | -------------------------------------------------------------------------------- /apps/staging/podinfo/imagepolicy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.toolkit.fluxcd.io/v1beta1 3 | kind: ImagePolicy 4 | metadata: 5 | name: podinfo 6 | namespace: flux-system 7 | spec: 8 | imageRepositoryRef: 9 | name: podinfo 10 | policy: 11 | semver: 12 | range: 5.0.x 13 | -------------------------------------------------------------------------------- /apps/staging/podinfo/imagerepo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.toolkit.fluxcd.io/v1beta1 3 | kind: ImageRepository 4 | metadata: 5 | name: podinfo 6 | namespace: flux-system 7 | spec: 8 | image: ghcr.io/stefanprodan/podinfo 9 | interval: 1m0s 10 | -------------------------------------------------------------------------------- /apps/staging/podinfo/ingressroute-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: traefik.io/v1alpha1 2 | kind: IngressRoute 3 | metadata: 4 | name: simplepodinfo 5 | spec: 6 | routes: 7 | - kind: Rule 8 | match: Host(`podinfo.staging.hephy.pro`) 9 | services: 10 | - kind: Service 11 | name: podinfo 12 | port: 9898 13 | --- 14 | apiVersion: traefik.io/v1alpha1 15 | kind: IngressRoute 16 | metadata: 17 | name: podinfotls 18 | spec: 19 | routes: 20 | - kind: Rule 21 | match: Host(`podinfo.staging.hephy.pro`) 22 | services: 23 | - kind: Service 24 | name: podinfo 25 | port: 9898 26 | -------------------------------------------------------------------------------- /apps/staging/podinfo/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: podinfo-staging 5 | resources: 6 | #- namespace.yaml 7 | - ../../base/podinfo 8 | - imagerepo.yaml 9 | - imagepolicy.yaml 10 | 11 | patchesStrategicMerge: 12 | - podinfo-patch.yaml 13 | - ingressroute-patch.yaml 14 | -------------------------------------------------------------------------------- /apps/staging/podinfo/podinfo-patch.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Deployment 3 | apiVersion: apps/v1 4 | metadata: 5 | name: podinfo 6 | spec: 7 | replicas: 4 8 | #template: 9 | # spec: 10 | # containers: 11 | # - name: podinfo 12 | # args: 13 | # - -ascii 14 | # - -name=STAGING 15 | -------------------------------------------------------------------------------- /apps/staging/sintache/flux-system-rw-gitrepo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: GitRepository 4 | metadata: 5 | name: flux-system-rw 6 | namespace: sintache 7 | spec: 8 | gitImplementation: go-git 9 | interval: 30m0s 10 | ref: 11 | branch: staging 12 | secretRef: 13 | name: flux-system-rw 14 | timeout: 20s 15 | url: ssh://git@github.com/kingdonb/bootstrap-repo 16 | -------------------------------------------------------------------------------- /apps/staging/sintache/imageauto.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.toolkit.fluxcd.io/v1beta1 3 | kind: ImageUpdateAutomation 4 | metadata: 5 | name: sintache-stg 6 | namespace: sintache 7 | spec: 8 | git: 9 | checkout: 10 | ref: 11 | branch: staging 12 | commit: 13 | author: 14 | email: yebyen+fluxcd@gmail.com 15 | name: fluxcdbot 16 | messageTemplate: '{{range .Updated.Images}}{{println .}}{{end}}' 17 | push: 18 | branch: staging 19 | interval: 1m0s 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system-rw 23 | update: 24 | path: ./apps/staging/sintache 25 | strategy: Setters 26 | -------------------------------------------------------------------------------- /apps/staging/sintache/imagepolicy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.toolkit.fluxcd.io/v1beta1 3 | kind: ImagePolicy 4 | metadata: 5 | name: example 6 | namespace: sintache 7 | spec: 8 | imageRepositoryRef: 9 | name: mustache-sinatra-example 10 | filterTags: 11 | pattern: '^b[0-9]+\.(?P[0-9]{8}\.[0-9]{6})' 12 | extract: '$ts' 13 | policy: 14 | numerical: 15 | order: asc 16 | -------------------------------------------------------------------------------- /apps/staging/sintache/imagerepo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.toolkit.fluxcd.io/v1beta1 3 | kind: ImageRepository 4 | metadata: 5 | name: mustache-sinatra-example 6 | namespace: sintache 7 | spec: 8 | image: img.hephy.pro/examples/sinatra-mustache 9 | interval: 1m0s 10 | -------------------------------------------------------------------------------- /apps/staging/sintache/ingress-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: sintache 5 | annotations: 6 | cert-manager.io/cluster-issuer: letsencrypt-production 7 | spec: 8 | ingressClassName: internal 9 | rules: 10 | - host: sintache.staging.hephy.pro 11 | http: 12 | paths: 13 | - backend: 14 | service: 15 | name: sintache 16 | port: 17 | number: 9292 18 | path: / 19 | pathType: Prefix 20 | tls: 21 | - hosts: 22 | - sintache.staging.hephy.pro 23 | secretName: sintache-stg-tls 24 | -------------------------------------------------------------------------------- /apps/staging/sintache/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: sintache 5 | resources: 6 | #- namespace.yaml 7 | - ../../base/sintache 8 | - imagerepo.yaml 9 | - imagepolicy.yaml 10 | # read-write for image update automation 11 | - imageauto.yaml 12 | - flux-system-rw-gitrepo.yaml 13 | 14 | patchesStrategicMerge: 15 | - sintache-patch.yaml 16 | #- ingressroute-patch.yaml 17 | - ingress-patch.yaml 18 | -------------------------------------------------------------------------------- /apps/staging/sintache/sintache-patch.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | name: sintache 5 | spec: 6 | replicas: 0 7 | template: 8 | spec: 9 | containers: 10 | - name: sintache 11 | image: img.hephy.pro/examples/sinatra-mustache:b22.20220712.042140 # {"$imagepolicy": "sintache:example"} 12 | -------------------------------------------------------------------------------- /apps/staging/store/flux-system-rw-gitrepo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: GitRepository 4 | metadata: 5 | name: flux-system-rw 6 | namespace: planet-store 7 | spec: 8 | gitImplementation: go-git 9 | interval: 30m0s 10 | ref: 11 | branch: staging 12 | secretRef: 13 | name: flux-system-rw 14 | timeout: 20s 15 | url: ssh://git@github.com/kingdonb/bootstrap-repo 16 | -------------------------------------------------------------------------------- /apps/staging/store/imageauto.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.toolkit.fluxcd.io/v1beta1 3 | kind: ImageUpdateAutomation 4 | metadata: 5 | name: planet-store-stg 6 | namespace: planet-store 7 | spec: 8 | git: 9 | checkout: 10 | ref: 11 | branch: staging 12 | commit: 13 | author: 14 | email: yebyen+fluxcd@gmail.com 15 | name: fluxcdbot 16 | messageTemplate: '{{range .Updated.Images}}{{println .}}{{end}}' 17 | push: 18 | branch: staging 19 | interval: 1m0s 20 | sourceRef: 21 | kind: GitRepository 22 | name: flux-system-rw 23 | update: 24 | path: ./apps/staging/store 25 | strategy: Setters 26 | -------------------------------------------------------------------------------- /apps/staging/store/imagepolicy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.toolkit.fluxcd.io/v1beta1 3 | kind: ImagePolicy 4 | metadata: 5 | name: web 6 | namespace: planet-store 7 | spec: 8 | imageRepositoryRef: 9 | name: planet-store-web 10 | filterTags: 11 | pattern: '^b[0-9]+\.(?P[0-9]{8}\.[0-9]{6})' 12 | extract: '$ts' 13 | policy: 14 | numerical: 15 | order: asc 16 | -------------------------------------------------------------------------------- /apps/staging/store/imagerepo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.toolkit.fluxcd.io/v1beta1 3 | kind: ImageRepository 4 | metadata: 5 | name: planet-store-web 6 | namespace: planet-store 7 | spec: 8 | image: img.hephy.pro/planetstore/web 9 | interval: 1m0s 10 | secretRef: 11 | name: planet-readonly 12 | -------------------------------------------------------------------------------- /apps/staging/store/ingress-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: planetstore 5 | annotations: 6 | cert-manager.io/cluster-issuer: letsencrypt-production 7 | spec: 8 | ingressClassName: internal 9 | rules: 10 | - host: planetstore.staging.hephy.pro 11 | http: 12 | paths: 13 | - backend: 14 | service: 15 | name: planet-store 16 | port: 17 | number: 9292 18 | path: / 19 | pathType: Prefix 20 | tls: 21 | - hosts: 22 | - planetstore.staging.hephy.pro 23 | secretName: planetstore-stg-tls 24 | -------------------------------------------------------------------------------- /apps/staging/store/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: planet-store 5 | resources: [] 6 | # #- namespace.yaml 7 | # - ../../base/store 8 | # - imagerepo.yaml 9 | # - imagepolicy.yaml 10 | # # read-write for image update automation 11 | # - imageauto.yaml 12 | # - flux-system-rw-gitrepo.yaml 13 | # 14 | # patchesStrategicMerge: 15 | # - planetstore-patch.yaml 16 | # #- ingressroute-patch.yaml 17 | # - ingress-patch.yaml 18 | -------------------------------------------------------------------------------- /apps/staging/store/planetstore-patch.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | name: planet-store 5 | spec: 6 | replicas: 1 7 | template: 8 | spec: 9 | containers: 10 | - name: planet-store 11 | image: img.hephy.pro/planetstore/web:b11.20220627.192934 # {"$imagepolicy": "planet-store:web"} 12 | -------------------------------------------------------------------------------- /apps/staging/traefik/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: traefik-staging 5 | resources: 6 | #- namespace.yaml 7 | - traefik-ingressclass.yaml 8 | - ../../base/traefik 9 | 10 | patchesStrategicMerge: 11 | - traefik-patch.yaml 12 | -------------------------------------------------------------------------------- /apps/staging/traefik/traefik-ingressclass.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: IngressClass 3 | metadata: 4 | annotations: 5 | ingressclass.kubernetes.io/is-default-class: "false" 6 | name: traefik 7 | spec: 8 | controller: traefik.io/ingress-controller 9 | -------------------------------------------------------------------------------- /apps/staging/whoami/ingressroute-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: traefik.io/v1alpha1 2 | kind: IngressRoute 3 | metadata: 4 | name: simplewhoami 5 | spec: 6 | routes: 7 | - kind: Rule 8 | match: Host(`whoami.staging.hephy.pro`) 9 | services: 10 | - kind: Service 11 | name: whoamiv1 12 | port: 80 13 | --- 14 | apiVersion: traefik.io/v1alpha1 15 | kind: IngressRoute 16 | metadata: 17 | name: whoamitls 18 | spec: 19 | routes: 20 | - kind: Rule 21 | match: Host(`whoami.staging.hephy.pro`) 22 | services: 23 | - kind: Service 24 | name: whoamiv1 25 | port: 80 26 | -------------------------------------------------------------------------------- /apps/staging/whoami/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: whoami-staging 5 | resources: 6 | #- namespace.yaml 7 | - ../../base/whoami 8 | 9 | patchesStrategicMerge: 10 | - whoami-patch.yaml 11 | - ingressroute-patch.yaml 12 | -------------------------------------------------------------------------------- /apps/staging/whoami/whoami-patch.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Deployment 3 | apiVersion: apps/v1 4 | metadata: 5 | name: whoamiv1 6 | spec: 7 | replicas: 4 8 | template: 9 | spec: 10 | containers: 11 | - name: whoamiv1 12 | args: 13 | - -ascii 14 | - -name=STAGING 15 | -------------------------------------------------------------------------------- /base/production/apps.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: apps 5 | namespace: flux-system 6 | spec: 7 | interval: 10m0s 8 | timeout: 1m30s 9 | retryInterval: 2m0s 10 | dependsOn: 11 | - name: infrastructure 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-sync 15 | path: ./apps/production 16 | prune: true 17 | #wait: true 18 | -------------------------------------------------------------------------------- /base/production/infrastructure.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: infrastructure 5 | namespace: flux-system 6 | spec: 7 | interval: 10m0s 8 | timeout: 2m0s 9 | sourceRef: 10 | kind: GitRepository 11 | name: flux-sync 12 | path: ./infrastructure 13 | prune: true 14 | #wait: true 15 | -------------------------------------------------------------------------------- /base/production/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - apps.yaml 5 | - infrastructure.yaml 6 | -------------------------------------------------------------------------------- /base/staging/apps.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: apps 5 | namespace: podinfo-staging 6 | spec: 7 | interval: 10m0s 8 | timeout: 2m30s 9 | retryInterval: 2m0s 10 | dependsOn: 11 | - name: infrastructure 12 | namespace: flux-system 13 | - name: 11-certificates 14 | namespace: flux-system 15 | - name: 20-my-secrets 16 | namespace: flux-system 17 | # - name: 30-ingress-nginx 18 | # namespace: ingress-nginx 19 | - name: 91-harbor 20 | namespace: harbor 21 | sourceRef: 22 | kind: GitRepository 23 | name: flux-sync 24 | namespace: flux-system 25 | path: ./apps/staging 26 | prune: true 27 | # Setting wait: true here causes all sorts of havoc 28 | wait: false 29 | -------------------------------------------------------------------------------- /base/staging/infrastructure.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: infrastructure 5 | namespace: flux-system 6 | spec: 7 | interval: 10m0s 8 | retryInterval: 45s 9 | timeout: 2m0s 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-sync 13 | namespace: flux-system 14 | path: ./infrastructure 15 | prune: true 16 | wait: true 17 | -------------------------------------------------------------------------------- /base/staging/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - apps.yaml 5 | - infrastructure.yaml 6 | -------------------------------------------------------------------------------- /certificates/moo-cluster/.sops.yaml: -------------------------------------------------------------------------------- 1 | creation_rules: 2 | - path_regex: .*.yaml 3 | encrypted_regex: ^(data|stringData)$ 4 | pgp: A883B02E14B7EAF0A6BDAF69ECD23C5916E31D4F 5 | - path_regex: .*.env 6 | pgp: A883B02E14B7EAF0A6BDAF69ECD23C5916E31D4F 7 | -------------------------------------------------------------------------------- /certificates/moo-cluster/gitno-prod-hephy-pro-tls.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: v1 2 | # kind: Secret 3 | # metadata: 4 | # annotations: 5 | # kustomize.toolkit.fluxcd.io/ssa: IfNotPresent 6 | # cert-manager.io/alt-names: gitno-prod.hephy.pro 7 | # cert-manager.io/certificate-name: gitno-prod-hephy-pro-tls 8 | # cert-manager.io/common-name: gitno-prod.hephy.pro 9 | # cert-manager.io/ip-sans: "" 10 | # cert-manager.io/issuer-group: cert-manager.io 11 | # cert-manager.io/issuer-kind: ClusterIssuer 12 | # cert-manager.io/issuer-name: letsencrypt-production 13 | # cert-manager.io/uri-sans: "" 14 | # labels: 15 | # controller.cert-manager.io/fao: "true" 16 | # name: gitno-prod-hephy-pro-tls 17 | # namespace: flux-system 18 | # type: kubernetes.io/tls 19 | -------------------------------------------------------------------------------- /clusters/aks-kuberkingdon/apps/podinfo/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: podinfo 4 | resources: 5 | - namespace.yaml 6 | - repository.yaml 7 | - release.yaml 8 | configMapGenerator: 9 | - name: podinfo-values 10 | files: 11 | - values.yaml=my-values.yaml 12 | configurations: 13 | - kustomizeconfig.yaml 14 | -------------------------------------------------------------------------------- /clusters/aks-kuberkingdon/apps/podinfo/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | nameReference: 2 | - kind: ConfigMap 3 | version: v1 4 | fieldSpecs: 5 | - path: spec/valuesFrom/name 6 | kind: HelmRelease 7 | -------------------------------------------------------------------------------- /clusters/aks-kuberkingdon/apps/podinfo/my-values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 2 2 | -------------------------------------------------------------------------------- /clusters/aks-kuberkingdon/apps/podinfo/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: podinfo 5 | -------------------------------------------------------------------------------- /clusters/aks-kuberkingdon/apps/podinfo/release.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: podinfo 5 | namespace: podinfo 6 | spec: 7 | interval: 5m 8 | releaseName: podinfo 9 | chart: 10 | spec: 11 | chart: podinfo 12 | sourceRef: 13 | kind: HelmRepository 14 | name: podinfo 15 | valuesFrom: 16 | - kind: ConfigMap 17 | name: podinfo-values 18 | -------------------------------------------------------------------------------- /clusters/aks-kuberkingdon/apps/podinfo/repository.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1beta2 2 | kind: HelmRepository 3 | metadata: 4 | name: podinfo 5 | namespace: podinfo 6 | spec: 7 | interval: 25m0s 8 | url: https://stefanprodan.github.io/podinfo 9 | -------------------------------------------------------------------------------- /clusters/aks-kuberkingdon/flux-sync/flux-gitrepo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1beta2 2 | kind: GitRepository 3 | metadata: 4 | name: flux-sync 5 | namespace: flux-system 6 | spec: 7 | interval: 30s 8 | ref: 9 | branch: main 10 | url: https://github.com/kingdonb/bootstrap-repo 11 | -------------------------------------------------------------------------------- /clusters/aks-kuberkingdon/flux-sync/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: flux-sync 5 | namespace: flux-system 6 | spec: 7 | interval: 40m0s 8 | timeout: 2m0s 9 | path: ./clusters/aks-kuberkingdon 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: flux-sync 14 | -------------------------------------------------------------------------------- /clusters/aks-kuberkingdon/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - gotk-components.yaml 5 | #- gotk-sync.yaml 6 | patches: 7 | - target: 8 | version: v1 9 | group: apps 10 | kind: Deployment 11 | name: image-reflector-controller 12 | namespace: flux-system 13 | patch: |- 14 | - op: add 15 | path: /spec/template/spec/containers/0/args/- 16 | value: --azure-autologin-for-acr 17 | images: # [] 18 | - name: ghcr.io/fluxcd/image-reflector-controller 19 | newName: docker.io/somma/image-reflector-controller 20 | newTag: test-autologin-c34c7cf34b1 21 | -------------------------------------------------------------------------------- /clusters/aks-kuberkingdon/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - apps/podinfo 5 | - flux-sync/flux-gitrepo.yaml 6 | - flux-sync/flux-kustomization.yaml 7 | - ../../base/staging 8 | #- flux-system 9 | -------------------------------------------------------------------------------- /clusters/amd64-test/configmap-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: foobar 5 | namespace: default 6 | data: 7 | TEXT: new-updated-example 8 | -------------------------------------------------------------------------------- /clusters/bases/rbac/kingdon-ci-weave-gitops.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: kingdon-ci:home-workers 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: cluster-admin 9 | subjects: 10 | - apiGroup: rbac.authorization.k8s.io 11 | kind: Group 12 | name: kingdon-ci:home-workers 13 | -------------------------------------------------------------------------------- /clusters/capi-secrets/hephy-stg/flux-system/gotk-sync.yaml: -------------------------------------------------------------------------------- 1 | # This manifest was generated by flux. DO NOT EDIT. 2 | --- 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: GitRepository 5 | metadata: 6 | name: flux-system 7 | namespace: flux-system 8 | spec: 9 | interval: 1m0s 10 | ref: 11 | branch: main 12 | secretRef: 13 | name: flux-system 14 | url: ssh://git@github.com/kingdonb/bootstrap-repo 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 17 | kind: Kustomization 18 | metadata: 19 | name: flux-system 20 | namespace: flux-system 21 | spec: 22 | interval: 10m0s 23 | path: ./clusters/capi-secrets/hephy-stg 24 | prune: true 25 | sourceRef: 26 | kind: GitRepository 27 | name: flux-system 28 | -------------------------------------------------------------------------------- /clusters/capi-secrets/hephy-stg/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - gotk-components.yaml 5 | - gotk-sync.yaml 6 | -------------------------------------------------------------------------------- /clusters/default/cluster-01/clusters-bases-kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | creationTimestamp: null 5 | name: clusters-bases-kustomization 6 | namespace: flux-system 7 | spec: 8 | interval: 10m0s 9 | path: clusters/bases 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: flux-system 14 | status: {} 15 | -------------------------------------------------------------------------------- /clusters/default/cluster-01/flux-system/gotk-sync.yaml: -------------------------------------------------------------------------------- 1 | # This manifest was generated by flux. DO NOT EDIT. 2 | --- 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: GitRepository 5 | metadata: 6 | name: flux-system 7 | namespace: flux-system 8 | spec: 9 | interval: 1m0s 10 | ref: 11 | branch: main 12 | secretRef: 13 | name: flux-system 14 | url: ssh://git@github.com/kingdonb/bootstrap-repo 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 17 | kind: Kustomization 18 | metadata: 19 | name: flux-system 20 | namespace: flux-system 21 | spec: 22 | interval: 10m0s 23 | path: ./clusters/default/cluster-01 24 | prune: true 25 | sourceRef: 26 | kind: GitRepository 27 | name: flux-system 28 | -------------------------------------------------------------------------------- /clusters/default/cluster-01/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - gotk-components.yaml 5 | - gotk-sync.yaml 6 | -------------------------------------------------------------------------------- /clusters/default/somtochi/default-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: default 5 | -------------------------------------------------------------------------------- /clusters/demo-cluster-1/configmap-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: foobar 5 | namespace: default 6 | data: 7 | TEXT: example 8 | -------------------------------------------------------------------------------- /clusters/demo-cluster-1/operators/gotk-sync.yaml: -------------------------------------------------------------------------------- 1 | # This manifest was generated by flux. DO NOT EDIT. 2 | --- 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: GitRepository 5 | metadata: 6 | name: operators 7 | namespace: operators 8 | spec: 9 | interval: 10s 10 | ref: 11 | branch: staging 12 | secretRef: 13 | name: flux-system 14 | url: ssh://git@github.com/kingdonb/bootstrap-repo 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 17 | kind: Kustomization 18 | metadata: 19 | name: operators 20 | namespace: operators 21 | spec: 22 | interval: 10m0s 23 | path: ./clusters/demo-cluster-1 24 | prune: true 25 | sourceRef: 26 | kind: GitRepository 27 | name: operators 28 | -------------------------------------------------------------------------------- /clusters/demo-cluster-1/operators/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - gotk-components.yaml 5 | - gotk-sync.yaml 6 | -------------------------------------------------------------------------------- /clusters/demo-cluster-2/configmap-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: foobar 5 | namespace: default 6 | data: 7 | TEXT: example 8 | -------------------------------------------------------------------------------- /clusters/demo-cluster-2/flux-system/gotk-sync.yaml: -------------------------------------------------------------------------------- 1 | # This manifest was generated by flux. DO NOT EDIT. 2 | --- 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: GitRepository 5 | metadata: 6 | name: flux-system 7 | namespace: flux-system 8 | spec: 9 | interval: 10s 10 | ref: 11 | branch: main 12 | secretRef: 13 | name: flux-system 14 | url: ssh://git@github.com/kingdonb/bootstrap-repo 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 17 | kind: Kustomization 18 | metadata: 19 | name: flux-system 20 | namespace: flux-system 21 | spec: 22 | interval: 10m0s 23 | path: ./clusters/demo-cluster-2 24 | prune: true 25 | sourceRef: 26 | kind: GitRepository 27 | name: flux-system 28 | -------------------------------------------------------------------------------- /clusters/demo-cluster-2/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - gotk-components.yaml 5 | - gotk-sync.yaml 6 | -------------------------------------------------------------------------------- /clusters/demo-cluster-2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - configmap-example.yaml 5 | - flux-system/ 6 | - secrets/crypted-secrets-fluxconfig.yaml 7 | #- tenant-permissions/ 8 | #- trash/ 9 | # - weave-gitops 10 | -------------------------------------------------------------------------------- /clusters/demo-cluster-2/oci-stuff/ocirepository.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1beta2 2 | kind: OCIRepository 3 | metadata: 4 | name: podinfo 5 | namespace: flux-system 6 | spec: 7 | interval: 5m 8 | url: oci://ghcr.io/stefanprodan/manifests/podinfo 9 | ref: 10 | semver: ">=1.0.0" 11 | -------------------------------------------------------------------------------- /clusters/demo-cluster-2/secrets/crypted-secrets-fluxconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 3 | kind: Kustomization 4 | metadata: 5 | name: my-secrets 6 | namespace: default 7 | spec: 8 | decryption: 9 | provider: sops 10 | secretRef: 11 | name: sops-gpg 12 | interval: 10m0s 13 | timeout: 1m0s 14 | path: ./secrets/demo-cluster-2 15 | prune: true 16 | serviceAccountName: dev-team 17 | sourceRef: 18 | kind: GitRepository 19 | name: my-secrets 20 | --- 21 | apiVersion: source.toolkit.fluxcd.io/v1beta2 22 | kind: GitRepository 23 | metadata: 24 | name: my-secrets 25 | namespace: default 26 | spec: 27 | gitImplementation: go-git 28 | interval: 1m0s 29 | ref: 30 | branch: staging 31 | timeout: 1m0s 32 | url: https://github.com/kingdonb/bootstrap-repo 33 | -------------------------------------------------------------------------------- /clusters/demo-cluster-2/tenant-permissions/list-ns-dev-team.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: dev-team 6 | rules: 7 | - apiGroups: [""] 8 | resources: ["namespaces"] 9 | verbs: ["get", "list"] 10 | --- 11 | apiVersion: rbac.authorization.k8s.io/v1 12 | kind: ClusterRoleBinding 13 | metadata: 14 | name: dev-team 15 | subjects: 16 | - kind: ServiceAccount 17 | name: dev-team 18 | namespace: default 19 | roleRef: 20 | kind: ClusterRole 21 | name: dev-team 22 | apiGroup: rbac.authorization.k8s.io 23 | -------------------------------------------------------------------------------- /clusters/demo-cluster-2/trash/flux-system-fluxconfig.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: clusterconfig.azure.com/v1alpha1 2 | kind: FluxConfig 3 | metadata: 4 | name: flux-system 5 | namespace: flux-system 6 | spec: 7 | gitRepository: 8 | ref: 9 | branch: staging 10 | syncInterval: 1m0s 11 | timeout: 1m0s 12 | url: https://github.com/kingdonb/bootstrap-repo 13 | kustomizations: 14 | - name: flux-system 15 | path: ./clusters/demo-cluster-2 16 | prune: true 17 | retryInterval: 2m0s 18 | syncInterval: 10m0s 19 | timeout: 1m0s 20 | validation: none 21 | scope: cluster 22 | sourceKind: GitRepository 23 | -------------------------------------------------------------------------------- /clusters/example-kingdon-personal/configmap-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: foobar 5 | namespace: default 6 | data: 7 | TEXT: example 8 | -------------------------------------------------------------------------------- /clusters/full-ape-aks/flux-system/gotk-sync.yaml: -------------------------------------------------------------------------------- 1 | # This manifest was generated by flux. DO NOT EDIT. 2 | --- 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: GitRepository 5 | metadata: 6 | name: flux-system 7 | namespace: flux-system 8 | spec: 9 | interval: 30s 10 | ref: 11 | branch: main 12 | secretRef: 13 | name: flux-system 14 | url: ssh://git@github.com/kingdonb/bootstrap-repo 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 17 | kind: Kustomization 18 | metadata: 19 | name: flux-system 20 | namespace: flux-system 21 | spec: 22 | interval: 10m0s 23 | path: ./clusters/full-ape-aks 24 | prune: true 25 | sourceRef: 26 | kind: GitRepository 27 | name: flux-system 28 | -------------------------------------------------------------------------------- /clusters/full-ape-aks/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - gotk-components.yaml 5 | - gotk-sync.yaml 6 | -------------------------------------------------------------------------------- /clusters/full-ape-aks/kube-system/coredns-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: coredns 5 | namespace: kube-system 6 | data: 7 | Corefile: | 8 | .:53 { 9 | errors 10 | ready 11 | health 12 | rewrite name podinfo.demo.test ingress-nginx-controller.ingress-nginx.svc.cluster.local 13 | kubernetes cluster.local in-addr.arpa ip6.arpa { 14 | pods insecure 15 | fallthrough in-addr.arpa ip6.arpa 16 | } 17 | prometheus :9153 18 | forward . /etc/resolv.conf 19 | cache 30 20 | loop 21 | reload 22 | loadbalance 23 | import custom/*.override 24 | } 25 | import custom/*.server 26 | -------------------------------------------------------------------------------- /clusters/full-ape-aks/production/howard-kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 3 | kind: Kustomization 4 | metadata: 5 | name: howard-production 6 | namespace: flux-system 7 | spec: 8 | interval: 10m0s 9 | retryInterval: 1m0s 10 | # targetNamespace: default 11 | path: ./apps/howard-prod 12 | prune: true 13 | serviceAccountName: kustomize-controller 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | decryption: 18 | provider: sops 19 | secretRef: 20 | name: sops-gpg 21 | -------------------------------------------------------------------------------- /clusters/full-ape-aks/secrets/my-secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: GitRepository 4 | metadata: 5 | name: my-secrets 6 | namespace: flux-system 7 | spec: 8 | interval: 1m0s 9 | ref: 10 | branch: main 11 | url: https://github.com/kingdonb/bootstrap-repo 12 | --- 13 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 14 | kind: Kustomization 15 | metadata: 16 | name: my-secrets 17 | namespace: flux-system 18 | spec: 19 | decryption: 20 | provider: sops 21 | secretRef: 22 | name: sops-gpg 23 | interval: 10m0s 24 | path: ./secrets/howard-prod 25 | prune: true 26 | sourceRef: 27 | kind: GitRepository 28 | name: my-secrets 29 | -------------------------------------------------------------------------------- /clusters/full-ape-aks/wg-system/weave-gitops.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 3 | kind: Kustomization 4 | metadata: 5 | name: weave-gitops 6 | namespace: flux-system 7 | spec: 8 | interval: 10m0s 9 | path: ./apps/howard-wge 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: flux-system 14 | -------------------------------------------------------------------------------- /clusters/gke-geekingdon/apps/podinfo/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: podinfo 4 | resources: 5 | - namespace.yaml 6 | - repository.yaml 7 | - release.yaml 8 | configMapGenerator: 9 | - name: podinfo-values 10 | files: 11 | - values.yaml=my-values.yaml 12 | configurations: 13 | - kustomizeconfig.yaml 14 | -------------------------------------------------------------------------------- /clusters/gke-geekingdon/apps/podinfo/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | nameReference: 2 | - kind: ConfigMap 3 | version: v1 4 | fieldSpecs: 5 | - path: spec/valuesFrom/name 6 | kind: HelmRelease 7 | -------------------------------------------------------------------------------- /clusters/gke-geekingdon/apps/podinfo/my-values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 2 2 | -------------------------------------------------------------------------------- /clusters/gke-geekingdon/apps/podinfo/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: podinfo 5 | -------------------------------------------------------------------------------- /clusters/gke-geekingdon/apps/podinfo/release.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: podinfo 5 | namespace: podinfo 6 | spec: 7 | interval: 5m 8 | releaseName: podinfo 9 | chart: 10 | spec: 11 | chart: podinfo 12 | sourceRef: 13 | kind: HelmRepository 14 | name: podinfo 15 | valuesFrom: 16 | - kind: ConfigMap 17 | name: podinfo-values 18 | -------------------------------------------------------------------------------- /clusters/gke-geekingdon/apps/podinfo/repository.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1beta2 2 | kind: HelmRepository 3 | metadata: 4 | name: podinfo 5 | namespace: podinfo 6 | spec: 7 | interval: 25m0s 8 | url: https://stefanprodan.github.io/podinfo 9 | -------------------------------------------------------------------------------- /clusters/gke-geekingdon/artifact-imagerepo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.toolkit.fluxcd.io/v1beta1 3 | kind: ImageRepository 4 | metadata: 5 | name: podinfo-artifact-registry 6 | namespace: flux-system 7 | spec: 8 | image: us-central1-docker.pkg.dev/dx-kingdon/geekingdon-images/podinfo 9 | interval: 1m0s 10 | -------------------------------------------------------------------------------- /clusters/gke-geekingdon/flux-sync/flux-gitrepo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1beta2 2 | kind: GitRepository 3 | metadata: 4 | name: flux-sync 5 | namespace: flux-system 6 | spec: 7 | interval: 30s 8 | ref: 9 | branch: main 10 | url: https://github.com/kingdonb/bootstrap-repo 11 | -------------------------------------------------------------------------------- /clusters/gke-geekingdon/flux-sync/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: flux-sync 5 | namespace: flux-system 6 | spec: 7 | interval: 40m0s 8 | timeout: 2m0s 9 | path: ./clusters/gke-geekingdon 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: flux-sync 14 | -------------------------------------------------------------------------------- /clusters/gke-geekingdon/flux-system/flux-bootstrap-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: flux-bootstrap 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: cluster-admin 9 | subjects: 10 | - kind: ServiceAccount 11 | name: flux-bootstrap 12 | namespace: flux-system 13 | -------------------------------------------------------------------------------- /clusters/gke-geekingdon/flux-system/flux-bootstrap-crd-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: flux-bootstrap-crd 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: crd-controller-flux-system 9 | subjects: 10 | - kind: ServiceAccount 11 | name: flux-bootstrap 12 | namespace: flux-system 13 | -------------------------------------------------------------------------------- /clusters/gke-geekingdon/imagerepo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: image.toolkit.fluxcd.io/v1beta1 3 | kind: ImageRepository 4 | metadata: 5 | name: podinfo 6 | namespace: flux-system 7 | spec: 8 | image: gcr.io/dx-kingdon/podinfo 9 | interval: 1m0s 10 | -------------------------------------------------------------------------------- /clusters/gke-geekingdon/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - apps/podinfo 5 | - flux-sync/flux-gitrepo.yaml 6 | - flux-sync/flux-kustomization.yaml 7 | - imagerepo.yaml 8 | - artifact-imagerepo.yaml 9 | - ../../base/production 10 | #- flux-system 11 | -------------------------------------------------------------------------------- /clusters/hephy-staging/_namespaces/deis-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: deis 5 | -------------------------------------------------------------------------------- /clusters/hephy-staging/clusters-bases-kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: clusters-bases-kustomization 5 | namespace: flux-system 6 | spec: 7 | interval: 10m0s 8 | path: clusters/bases 9 | prune: true 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | -------------------------------------------------------------------------------- /clusters/hephy-staging/flux-stats/namespace.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: v1 2 | # kind: Namespace 3 | # metadata: 4 | # name: default 5 | -------------------------------------------------------------------------------- /clusters/hephy-staging/flux-stats/ocirepo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: OCIRepository 4 | metadata: 5 | name: stats-prod 6 | namespace: default 7 | spec: 8 | interval: 1m0s 9 | provider: generic 10 | ref: 11 | semver: ^0.1.1 12 | url: oci://ghcr.io/kingdonb/manifests/stats-tracker 13 | verify: 14 | provider: cosign 15 | -------------------------------------------------------------------------------- /clusters/hephy-staging/hephy/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: 75-deis 5 | namespace: deis 6 | spec: 7 | interval: 60m0s 8 | retryInterval: 6m0s 9 | timeout: 4m0s 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | namespace: flux-system 14 | path: ./apps/hephy 15 | dependsOn: 16 | - name: 12-persistence 17 | namespace: deis 18 | prune: true 19 | #wait: false 20 | #suspend: false 21 | -------------------------------------------------------------------------------- /clusters/hephy-staging/howto/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 3 | kind: Kustomization 4 | metadata: 5 | name: example-kubeconfig 6 | namespace: default 7 | spec: 8 | interval: 10m0s 9 | path: ./manifests/moomboo.space 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: example-kubeconfig 14 | 15 | -------------------------------------------------------------------------------- /clusters/hephy-staging/howto/git-repository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: GitRepository 4 | metadata: 5 | name: example-kubeconfig 6 | namespace: default 7 | spec: 8 | interval: 1m0s 9 | ref: 10 | branch: dev-branch 11 | secretRef: 12 | name: example-kubeconfig 13 | url: ssh://git@github.com/kingdon-ci/example-kubeconfig.git 14 | 15 | -------------------------------------------------------------------------------- /clusters/hephy-staging/persistence/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: 12-persistence 5 | namespace: deis 6 | spec: 7 | interval: 10m0s 8 | retryInterval: 40s 9 | timeout: 4m0s 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | namespace: flux-system 14 | path: ./persistence-hephy-stg 15 | dependsOn: [] 16 | prune: false 17 | wait: false 18 | #suspend: false 19 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/clusters-bases-kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1 2 | kind: Kustomization 3 | metadata: 4 | name: clusters-bases-kustomization 5 | namespace: flux-system 6 | spec: 7 | interval: 10m0s 8 | path: clusters/bases 9 | prune: true 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/clusters/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kingdonb/bootstrap-repo/b051395b7263b2b752205caf6cd2d70436e05a6b/clusters/howard-moomboo-space/clusters/.keep -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/clusters/external-self-hosted/demo-cluster-2-gitopscluster.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: gitops.weave.works/v1alpha1 2 | # kind: GitopsCluster 3 | # metadata: 4 | # name: demo-cluster-2 5 | # namespace: ext 6 | # # Signals that this cluster should be bootstrapped. 7 | # # labels: 8 | # # weave.works/capi: bootstrap 9 | # spec: 10 | # secretRef: 11 | # name: demo-cluster-2-kubeconfig 12 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/clusters/external-self-hosted/demo-cluster-gitopscluster.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: gitops.weave.works/v1alpha1 2 | # kind: GitopsCluster 3 | # metadata: 4 | # name: demo-cluster 5 | # namespace: ext 6 | # # Signals that this cluster should be bootstrapped. 7 | # # labels: 8 | # # weave.works/capi: bootstrap 9 | # spec: 10 | # secretRef: 11 | # name: demo-cluster-kubeconfig 12 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/clusters/external-self-hosted/hephy-stg-gitopscluster.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: gitops.weave.works/v1alpha1 2 | # kind: GitopsCluster 3 | # metadata: 4 | # name: hephy-stg 5 | # namespace: ext 6 | # # Signals that this cluster should be bootstrapped. 7 | # # labels: 8 | # # weave.works/capi: bootstrap 9 | # spec: 10 | # secretRef: 11 | # name: hephy-stg-kubeconfig 12 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/clusters/external-self-hosted/home-workers-gitopscluster.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: gitops.weave.works/v1alpha1 2 | # kind: GitopsCluster 3 | # metadata: 4 | # name: home-workers 5 | # namespace: ext 6 | # # Signals that this cluster should be bootstrapped. 7 | # # labels: 8 | # # weave.works/capi: bootstrap 9 | # spec: 10 | # secretRef: 11 | # name: home-workers-kubeconfig 12 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/clusters/external-self-hosted/howard-moomboo-staging-gitopscluster.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: gitops.weave.works/v1alpha1 2 | # kind: GitopsCluster 3 | # metadata: 4 | # name: howard-moomboo-staging 5 | # namespace: vcluster-howard-moomboo-stage 6 | # # Signals that this cluster should be bootstrapped. 7 | # labels: 8 | # weave.works/capi: bootstrap 9 | # spec: 10 | # secretRef: 11 | # name: howard-moomboo-staging-kubeconfig 12 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/clusters/external-self-hosted/moo-cluster-gitopscluster.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: gitops.weave.works/v1alpha1 2 | # kind: GitopsCluster 3 | # metadata: 4 | # name: moo-cluster 5 | # namespace: ext 6 | # # Signals that this cluster should be bootstrapped. 7 | # # labels: 8 | # # weave.works/capi: bootstrap 9 | # spec: 10 | # secretRef: 11 | # name: moo-cluster-kubeconfig 12 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/configmap-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: foobar 5 | namespace: default 6 | data: 7 | TEXT: example 8 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/examples/howard-kustomization.yaml: -------------------------------------------------------------------------------- 1 | # --- 2 | # apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 3 | # kind: Kustomization 4 | # metadata: 5 | # name: howard-examples 6 | # namespace: flux-system 7 | # spec: 8 | # interval: 10m0s 9 | # timeout: 1m30s 10 | # retryInterval: 1m0s 11 | # path: ./clusters/howard-moomboo-space/examples 12 | # prune: true 13 | # wait: true 14 | # serviceAccountName: kustomize-controller 15 | # sourceRef: 16 | # kind: GitRepository 17 | # name: flux-system 18 | # # decryption: 19 | # # provider: sops 20 | # # secretRef: 21 | # # name: sops-gpg 22 | # dependsOn: 23 | # - name: my-secrets 24 | # - name: howard-infra 25 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/kube-system/coredns-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: coredns 5 | namespace: kube-system 6 | data: 7 | Corefile: | 8 | .:1053 { 9 | errors 10 | health { 11 | lameduck 5s 12 | } 13 | ready 14 | rewrite name podinfo.demo.test ingress-nginx-controller.ingress-nginx.svc.cluster.local 15 | rewrite name howard.moomboo.stage howard.moomboo.space 16 | kubernetes cluster.local in-addr.arpa ip6.arpa { 17 | pods insecure 18 | fallthrough in-addr.arpa ip6.arpa 19 | ttl 30 20 | } 21 | prometheus :9153 22 | forward . /etc/resolv.conf 23 | cache 30 24 | loop 25 | reload 26 | loadbalance 27 | } 28 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/load-balancers/vcluster-another-test-load-balancer.yaml: -------------------------------------------------------------------------------- 1 | # to be applied on the leaf: howard-moomboo-cluster 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: another-test-loadbalancer 6 | namespace: vcluster 7 | spec: 8 | loadBalancerIP: 10.17.12.238 9 | selector: 10 | app: vcluster 11 | release: another-test 12 | ports: 13 | - name: https 14 | port: 443 15 | targetPort: 8443 16 | protocol: TCP 17 | type: LoadBalancer 18 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/load-balancers/vcluster-botkube-demo-load-balancer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: vcluster-botkube-demo 5 | namespace: default 6 | spec: 7 | loadBalancerIP: 10.17.12.214 8 | selector: 9 | app: vcluster 10 | release: botkube-demo 11 | ports: 12 | - name: https 13 | port: 443 14 | targetPort: 8443 15 | protocol: TCP 16 | type: LoadBalancer 17 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/load-balancers/vcluster-cluster-01-load-balancer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: vcluster-cluster-01 5 | namespace: default 6 | spec: 7 | loadBalancerIP: 10.17.12.211 8 | selector: 9 | app: vcluster 10 | release: cluster-01 11 | ports: 12 | - name: https 13 | port: 443 14 | targetPort: 8443 15 | protocol: TCP 16 | type: LoadBalancer 17 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/load-balancers/vcluster-cluster-02-load-balancer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: vcluster-cluster-02 5 | namespace: default 6 | spec: 7 | loadBalancerIP: 10.17.12.219 8 | selector: 9 | app: vcluster 10 | release: cluster-02 11 | ports: 12 | - name: https 13 | port: 443 14 | targetPort: 8443 15 | protocol: TCP 16 | type: LoadBalancer 17 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/load-balancers/vcluster-cluster-03-load-balancer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: vcluster-cluster-03 5 | namespace: default 6 | spec: 7 | loadBalancerIP: 10.17.12.213 8 | selector: 9 | app: vcluster 10 | release: cluster-03 11 | ports: 12 | - name: https 13 | port: 443 14 | targetPort: 8443 15 | protocol: TCP 16 | type: LoadBalancer 17 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/load-balancers/vcluster-example-load-balancer.yaml: -------------------------------------------------------------------------------- 1 | # to be applied on the leaf: howard-moomboo-cluster 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: test 6 | --- 7 | apiVersion: v1 8 | kind: Service 9 | metadata: 10 | name: example-loadbalancer 11 | namespace: test 12 | spec: 13 | loadBalancerIP: 10.17.12.236 14 | selector: 15 | app: vcluster 16 | release: example 17 | ports: 18 | - name: https 19 | port: 443 20 | targetPort: 8443 21 | protocol: TCP 22 | type: LoadBalancer 23 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/load-balancers/vcluster-limnocentral-load-balancer.yaml: -------------------------------------------------------------------------------- 1 | # to be applied on the leaf: howard-moomboo-cluster 2 | #apiVersion: v1 3 | #kind: Namespace 4 | #metadata: 5 | # name: test 6 | --- 7 | apiVersion: v1 8 | kind: Service 9 | metadata: 10 | name: limnocentral-loadbalancer 11 | namespace: test 12 | spec: 13 | loadBalancerIP: 10.17.12.237 14 | selector: 15 | app: vcluster 16 | release: limnocentral 17 | ports: 18 | - name: https 19 | port: 443 20 | targetPort: 8443 21 | protocol: TCP 22 | type: LoadBalancer 23 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/load-balancers/vcluster-somtochi-load-balancer.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: v1 2 | # kind: Service 3 | # metadata: 4 | # name: vcluster-somtochi 5 | # namespace: default 6 | # spec: 7 | # loadBalancerIP: 10.17.12.212 8 | # selector: 9 | # app: vcluster 10 | # release: somtochi 11 | # ports: 12 | # - name: https 13 | # port: 443 14 | # targetPort: 8443 15 | # protocol: TCP 16 | # type: LoadBalancer 17 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/load-balancers/vcluster-vcluster-load-balancer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: vcluster-loadbalancer-vcluster 5 | namespace: vcluster 6 | spec: 7 | loadBalancerIP: 10.17.12.234 8 | selector: 9 | app: vcluster 10 | release: vcluster 11 | ports: 12 | - name: https 13 | port: 443 14 | targetPort: 8443 15 | protocol: TCP 16 | type: LoadBalancer 17 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/production/bookstack-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: bookstack 5 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/production/fleet-infra-gitrepo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: GitRepository 4 | metadata: 5 | name: fleet-infra 6 | namespace: flux-system 7 | spec: 8 | interval: 1m0s 9 | ref: 10 | branch: main 11 | secretRef: 12 | name: my-app-secret 13 | url: https://github.com/kingdon-ci/fleet-infra 14 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/production/howard-infra-kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 3 | kind: Kustomization 4 | metadata: 5 | name: howard-infra 6 | namespace: flux-system 7 | spec: 8 | interval: 10m0s 9 | retryInterval: 1m0s 10 | # targetNamespace: default 11 | path: ./apps/howard-infra 12 | prune: true 13 | wait: true 14 | serviceAccountName: kustomize-controller 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/production/howard-kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 3 | kind: Kustomization 4 | metadata: 5 | name: howard-production 6 | namespace: flux-system 7 | spec: 8 | interval: 10m0s 9 | timeout: 1m30s 10 | retryInterval: 1m0s 11 | path: ./apps/howard-prod 12 | prune: true 13 | wait: true 14 | serviceAccountName: kustomize-controller 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | decryption: 19 | provider: sops 20 | secretRef: 21 | name: sops-gpg 22 | dependsOn: 23 | - name: my-secrets 24 | - name: howard-infra 25 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/secrets/github-app-secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: GitRepository 4 | metadata: 5 | name: github-app-secret 6 | namespace: flux-system 7 | spec: 8 | interval: 1m0s 9 | ref: 10 | branch: vcluster-test 11 | url: https://github.com/kingdon-ci/github-app-secret 12 | # include: 13 | # - repository: 14 | # name: flux-system 15 | # fromPath: apps/github-app-secret 16 | # toPath: deploy/magic 17 | --- 18 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 19 | kind: Kustomization 20 | metadata: 21 | name: github-app-secret 22 | namespace: flux-system 23 | spec: 24 | interval: 10m0s 25 | retryInterval: 1m0s 26 | path: ./deploy/magic 27 | prune: true 28 | sourceRef: 29 | kind: GitRepository 30 | name: github-app-secret 31 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/secrets/my-secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: GitRepository 4 | metadata: 5 | name: my-secrets 6 | namespace: flux-system 7 | spec: 8 | interval: 1m0s 9 | ref: 10 | branch: main 11 | url: https://github.com/kingdonb/bootstrap-repo 12 | --- 13 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 14 | kind: Kustomization 15 | metadata: 16 | name: my-secrets 17 | namespace: flux-system 18 | spec: 19 | decryption: 20 | provider: sops 21 | secretRef: 22 | name: sops-gpg 23 | interval: 10m0s 24 | path: ./secrets/howard-prod 25 | prune: true 26 | sourceRef: 27 | kind: GitRepository 28 | name: my-secrets 29 | dependsOn: 30 | - name: flux-system 31 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/wg-system/weave-gitops.yaml: -------------------------------------------------------------------------------- 1 | # --- 2 | # apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 3 | # kind: Kustomization 4 | # metadata: 5 | # name: weave-gitops 6 | # namespace: flux-system 7 | # spec: 8 | # interval: 10m0s 9 | # timeout: 1m30s 10 | # retryInterval: 1m0s 11 | # path: ./apps/howard-wge 12 | # prune: true 13 | # wait: true 14 | # sourceRef: 15 | # kind: GitRepository 16 | # name: flux-system 17 | # dependsOn: 18 | # - name: howard-production 19 | # healthChecks: 20 | # - apiVersion: apiextensions.k8s.io/v1 21 | # kind: CustomResourceDefinition 22 | # name: gitopsclusters.gitops.weave.works 23 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/wg-system/weave-later.yaml: -------------------------------------------------------------------------------- 1 | # --- 2 | # apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 3 | # kind: Kustomization 4 | # metadata: 5 | # name: weave-capi-resources 6 | # namespace: flux-system 7 | # spec: 8 | # interval: 10m0s 9 | # timeout: 1m30s 10 | # retryInterval: 2m0s 11 | # path: ./examples/weave-gitops-capi/howard-later 12 | # prune: true 13 | # wait: false 14 | # sourceRef: 15 | # kind: GitRepository 16 | # name: fleet-infra 17 | # dependsOn: 18 | # - name: weave-gitops 19 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/zz-namespaces/dex-ns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: dex 6 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/zz-namespaces/external-self-hosted-ns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: ext 6 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/zz-namespaces/grafana-ns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: grafana 6 | -------------------------------------------------------------------------------- /clusters/howard-moomboo-space/zz-namespaces/vcluster-ns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: vcluster 6 | -------------------------------------------------------------------------------- /clusters/moo-cluster/certificates/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: 11-certificates 5 | namespace: flux-system 6 | spec: 7 | interval: 33h36m0s # 1.4*24*60*60 = 120960s - to sync less frequently than 5 times per 7 days 8 | retryInterval: 1m0s 9 | timeout: 4m0s 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | decryption: 14 | provider: sops 15 | secretRef: 16 | name: sops-gpg 17 | path: ./certificates/moo-cluster 18 | dependsOn: 19 | - name: 20-my-secrets 20 | prune: false 21 | wait: false 22 | #suspend: false 23 | -------------------------------------------------------------------------------- /clusters/moo-cluster/chartmuseum/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | # kind: Kustomization 3 | # metadata: 4 | # name: 92-chartmuseum 5 | # namespace: chartmuseum 6 | # spec: 7 | # interval: 60m0s 8 | # retryInterval: 6m0s 9 | # timeout: 4m0s 10 | # sourceRef: 11 | # kind: GitRepository 12 | # name: flux-sync 13 | # namespace: flux-system 14 | # path: ./apps/chartmuseum 15 | # dependsOn: 16 | # - name: 90-minio-stage 17 | # namespace: minio-stage 18 | # prune: true 19 | # #wait: false 20 | # #suspend: false 21 | -------------------------------------------------------------------------------- /clusters/moo-cluster/cluster-api/aks-kuberkingdon2.yaml: -------------------------------------------------------------------------------- 1 | #apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | #kind: Kustomization 3 | #metadata: 4 | # name: 01-aks-kuberkingdon 5 | # namespace: flux-system 6 | #spec: 7 | # interval: 10m0s 8 | # kubeConfig: 9 | # secretRef: 10 | # name: aks-kuberkingdon-kubeconfig 11 | # timeout: 2m10s 12 | # path: ./clusters/aks-kuberkingdon/flux-system 13 | # prune: true 14 | # dependsOn: 15 | # - name: 00-cluster-api-secrets 16 | # sourceRef: 17 | # kind: GitRepository 18 | # name: cluster-api-bootstrap-repo 19 | -------------------------------------------------------------------------------- /clusters/moo-cluster/cluster-api/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: 00-cluster-api-secrets 5 | namespace: flux-system 6 | spec: 7 | decryption: 8 | provider: sops 9 | secretRef: 10 | name: cluster-api-sops-gpg 11 | interval: 10m0s 12 | timeout: 30s 13 | path: ./secrets/cluster-api 14 | prune: true 15 | dependsOn: # N.b. (this is not circular) 16 | - name: 20-my-secrets 17 | sourceRef: 18 | kind: GitRepository 19 | name: cluster-api-bootstrap-repo 20 | -------------------------------------------------------------------------------- /clusters/moo-cluster/cluster-api/gitrepository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: GitRepository 4 | metadata: 5 | name: cluster-api-bootstrap-repo 6 | namespace: flux-system 7 | spec: 8 | interval: 1m0s 9 | ref: 10 | branch: main 11 | url: https://github.com/kingdonb/bootstrap-repo 12 | -------------------------------------------------------------------------------- /clusters/moo-cluster/cluster-api/gke-cluster-1.yaml: -------------------------------------------------------------------------------- 1 | #apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | #kind: Kustomization 3 | #metadata: 4 | # name: 02-gke-cluster-1 5 | # namespace: flux-system 6 | #spec: 7 | # interval: 10m0s 8 | # kubeConfig: 9 | # secretRef: 10 | # name: gke-cluster-1 11 | # timeout: 2m10s 12 | # path: ./clusters/gke-geekingdon/flux-system 13 | # prune: true 14 | # dependsOn: 15 | # - name: 00-cluster-api-secrets 16 | # sourceRef: 17 | # kind: GitRepository 18 | # name: cluster-api-bootstrap-repo 19 | -------------------------------------------------------------------------------- /clusters/moo-cluster/flamingo/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | # kind: Kustomization 3 | # metadata: 4 | # name: 95-flamingo 5 | # namespace: argocd 6 | # spec: 7 | # interval: 60m0s 8 | # retryInterval: 3m10s 9 | # timeout: 3m0s 10 | # sourceRef: 11 | # kind: GitRepository 12 | # name: flux-sync 13 | # namespace: flux-system 14 | # #dependsOn: 15 | # # - name: 30-ingress-nginx 16 | # # namespace: ingress-nginx 17 | # path: ./apps/argocd 18 | # prune: true 19 | # #wait: false 20 | # #suspend: false 21 | -------------------------------------------------------------------------------- /clusters/moo-cluster/flux-system-extras/git-webhook-receiver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: notification.toolkit.fluxcd.io/v1beta2 2 | kind: Receiver 3 | metadata: 4 | name: git-webhook 5 | namespace: flux-system 6 | spec: 7 | type: github 8 | events: 9 | - "ping" 10 | - "push" 11 | secretRef: 12 | name: webhook-token 13 | resources: 14 | - kind: GitRepository 15 | name: flux-system 16 | - kind: GitRepository 17 | name: flux-sync 18 | - kind: GitRepository 19 | name: cluster-api-bootstrap-repo 20 | #- kind: GitRepository 21 | # name: flux-system-rw 22 | #- kind: GitRepository 23 | # name: my-secrets-branch 24 | -------------------------------------------------------------------------------- /clusters/moo-cluster/flux-system-extras/gitno-hephy-pro-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: webhook-receiver 5 | namespace: flux-system 6 | annotations: {} 7 | #cert-manager.io/cluster-issuer: letsencrypt-production 8 | #nginx.ingress.kubernetes.io/force-ssl-redirect: "false" 9 | #nginx.ingress.kubernetes.io/ssl-redirect: "false" 10 | spec: 11 | ingressClassName: traefik 12 | rules: 13 | - host: gitno.hephy.pro 14 | http: 15 | paths: 16 | - path: / 17 | pathType: Prefix 18 | backend: 19 | service: 20 | name: webhook-receiver 21 | port: 22 | number: 80 23 | #tls: 24 | #- hosts: 25 | # - gitno.hephy.pro 26 | # secretName: gitno-hephy-pro-tls 27 | -------------------------------------------------------------------------------- /clusters/moo-cluster/flux-system-extras/image-webhook-receiver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: notification.toolkit.fluxcd.io/v1beta2 2 | kind: Receiver 3 | metadata: 4 | name: image-webhook 5 | namespace: flux-system 6 | spec: 7 | type: dockerhub 8 | secretRef: 9 | name: webhook-token 10 | resources: 11 | - kind: ImageRepository 12 | name: kingdonb-jenkins 13 | -------------------------------------------------------------------------------- /clusters/moo-cluster/flux-system-extras/podinfo-image-webhook-receiver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: notification.toolkit.fluxcd.io/v1beta2 2 | kind: Receiver 3 | metadata: 4 | name: podinfo-image-webhook 5 | namespace: flux-system 6 | spec: 7 | type: dockerhub 8 | secretRef: 9 | name: webhook-token 10 | resources: 11 | - kind: ImageRepository 12 | name: kingdonb-podinfo 13 | -------------------------------------------------------------------------------- /clusters/moo-cluster/flux-system-extras/slack-notification.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: notification.toolkit.fluxcd.io/v1beta2 2 | kind: Provider 3 | metadata: 4 | name: slack 5 | namespace: flux-system 6 | spec: 7 | type: slack 8 | channel: gitops 9 | secretRef: 10 | name: slack-token 11 | -------------------------------------------------------------------------------- /clusters/moo-cluster/flux-system/flux-sync.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: GitRepository 4 | metadata: 5 | name: flux-sync 6 | namespace: flux-system 7 | spec: 8 | interval: 15m 9 | ref: 10 | branch: main 11 | url: https://github.com/kingdonb/bootstrap-repo 12 | -------------------------------------------------------------------------------- /clusters/moo-cluster/flux-system/gotk-sync.yaml: -------------------------------------------------------------------------------- 1 | # This manifest was generated by flux. DO NOT EDIT. 2 | --- 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: GitRepository 5 | metadata: 6 | name: flux-system 7 | namespace: flux-system 8 | spec: 9 | interval: 40m0s 10 | ref: 11 | branch: main 12 | url: https://github.com/kingdonb/bootstrap-repo 13 | --- 14 | apiVersion: kustomize.toolkit.fluxcd.io/v1 15 | kind: Kustomization 16 | metadata: 17 | name: flux-system 18 | namespace: flux-system 19 | spec: 20 | interval: 10m0s 21 | path: ./clusters/moo-cluster 22 | prune: true 23 | sourceRef: 24 | kind: GitRepository 25 | name: flux-system 26 | -------------------------------------------------------------------------------- /clusters/moo-cluster/harbor/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: 91-harbor 5 | namespace: harbor 6 | spec: 7 | interval: 60m0s 8 | retryInterval: 6m0s 9 | timeout: 4m45s 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-sync 13 | namespace: flux-system 14 | path: ./apps/harbor 15 | dependsOn: 16 | - name: 11-certificates 17 | namespace: flux-system 18 | - name: 12-persistence 19 | namespace: harbor 20 | # - name: 30-ingress-nginx 21 | # namespace: ingress-nginx 22 | - name: 90-minio-stage 23 | namespace: minio-stage 24 | # - name: traefik-api-crds 25 | prune: true 26 | wait: true 27 | # suspend: false 28 | -------------------------------------------------------------------------------- /clusters/moo-cluster/keycloak/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | # kind: Kustomization 3 | # metadata: 4 | # name: 32-keycloak 5 | # namespace: keycloak 6 | # spec: 7 | # interval: 10m 8 | # retryInterval: 1m30s 9 | # timeout: 4m0s 10 | # sourceRef: 11 | # kind: GitRepository 12 | # name: flux-system 13 | # namespace: flux-system 14 | # path: ./apps/keycloak 15 | # dependsOn: 16 | # - name: 11-certificates 17 | # namespace: flux-system 18 | # - name: 20-my-secrets 19 | # namespace: flux-system 20 | # # - name: 30-ingress-nginx 21 | # # namespace: ingress-nginx 22 | # prune: true 23 | # wait: true 24 | # suspend: true 25 | -------------------------------------------------------------------------------- /clusters/moo-cluster/kingdon-ci-weave-gitops.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: kingdon-ci:home-workers 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: cluster-admin 9 | subjects: 10 | - apiGroup: rbac.authorization.k8s.io 11 | kind: Group 12 | name: kingdon-ci:home-workers 13 | -------------------------------------------------------------------------------- /clusters/moo-cluster/kpack/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: 85-kpack 5 | namespace: kpack 6 | spec: 7 | interval: 60m0s 8 | retryInterval: 6m0s 9 | timeout: 4m0s 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-sync 13 | namespace: flux-system 14 | path: ./apps/kpack 15 | dependsOn: 16 | - name: apps 17 | namespace: podinfo-staging 18 | - name: infrastructure 19 | namespace: flux-system 20 | - name: 91-harbor 21 | namespace: harbor 22 | prune: true 23 | wait: true 24 | suspend: false 25 | -------------------------------------------------------------------------------- /clusters/moo-cluster/kube-oidc-proxy/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | # kind: Kustomization 3 | # metadata: 4 | # name: 33-kube-oidc-proxy 5 | # namespace: kube-oidc-proxy 6 | # spec: 7 | # interval: 10m 8 | # retryInterval: 3m 9 | # timeout: 2m0s 10 | # sourceRef: 11 | # kind: GitRepository 12 | # name: flux-system 13 | # namespace: flux-system 14 | # path: ./apps/kube-oidc-proxy 15 | # dependsOn: 16 | # - name: 11-certificates 17 | # namespace: flux-system 18 | # - name: 20-my-secrets 19 | # namespace: flux-system 20 | # # - name: 30-ingress-nginx 21 | # # namespace: ingress-nginx 22 | # - name: 32-keycloak 23 | # namespace: keycloak 24 | # prune: true 25 | # wait: true 26 | # suspend: false 27 | -------------------------------------------------------------------------------- /clusters/moo-cluster/kuby-test/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | current_release: "20220811130939" # {"$imagepolicy": "kubytest-production:kuby-tester:tag"} 4 | # current_assets_release: "20211231051654-assets" # --- XXX : "kubytest-production:kuby-tester-assets:tag" 5 | kind: ConfigMap 6 | metadata: 7 | name: kubytest-release-config 8 | namespace: kubytest-production 9 | -------------------------------------------------------------------------------- /clusters/moo-cluster/magalix/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: 34-magalix 5 | namespace: kube-system 6 | spec: 7 | interval: 2h0m0s 8 | retryInterval: 1m30s 9 | timeout: 4m0s 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | namespace: flux-system 14 | path: ./apps/magalix 15 | dependsOn: 16 | - name: 20-my-secrets 17 | namespace: flux-system 18 | prune: true 19 | wait: true 20 | suspend: false 21 | -------------------------------------------------------------------------------- /clusters/moo-cluster/metallb/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | # kind: Kustomization 3 | # metadata: 4 | # name: 29-metallb 5 | # namespace: metallb-system 6 | # spec: 7 | # interval: 10m0s 8 | # retryInterval: 1m0s 9 | # timeout: 4m0s 10 | # #suspend: false 11 | # path: ./apps/metallb 12 | # prune: true 13 | # wait: true 14 | # sourceRef: 15 | # kind: GitRepository 16 | # name: flux-sync 17 | # namespace: flux-system 18 | -------------------------------------------------------------------------------- /clusters/moo-cluster/metrics-server/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | # kind: Kustomization 3 | # metadata: 4 | # name: 50-metrics-server 5 | # namespace: kube-system 6 | # spec: 7 | # interval: 60m0s 8 | # retryInterval: 6m0s 9 | # timeout: 4m0s 10 | # #suspend: false 11 | # path: ./apps/metrics-server 12 | # prune: true 13 | # wait: true 14 | # sourceRef: 15 | # kind: GitRepository 16 | # name: flux-sync 17 | # namespace: flux-system 18 | -------------------------------------------------------------------------------- /clusters/moo-cluster/minecraft/minecraft-git.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: GitRepository 4 | metadata: 5 | name: minecraft-public-chart 6 | namespace: minecraft 7 | spec: 8 | interval: 1m0s 9 | ref: 10 | branch: main 11 | url: https://github.com/kingdonb/minecraft-public-chart 12 | -------------------------------------------------------------------------------- /clusters/moo-cluster/minio-stage/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: 90-minio-stage 5 | namespace: minio-stage 6 | spec: 7 | interval: 60m0s 8 | retryInterval: 6m0s 9 | timeout: 4m0s 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-sync 13 | namespace: flux-system 14 | path: ./apps/minio 15 | dependsOn: 16 | # - name: 11-certificates 17 | - name: 12-persistence 18 | namespace: harbor 19 | - name: infrastructure 20 | namespace: flux-system 21 | - name: traefik-api-crds 22 | namespace: flux-system 23 | prune: true 24 | wait: false 25 | #suspend: false 26 | -------------------------------------------------------------------------------- /clusters/moo-cluster/minio-stage/juozas-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: minio-juozas 5 | -------------------------------------------------------------------------------- /clusters/moo-cluster/minio-stage/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: minio-stage 5 | -------------------------------------------------------------------------------- /clusters/moo-cluster/minio-stage/teamhephy-repo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: HelmRepository 4 | metadata: 5 | name: hephy-workflow-beta 6 | namespace: deis 7 | spec: 8 | interval: 10m0s 9 | type: oci 10 | url: oci://ghcr.io/kingdonb/hephy-workflow-beta 11 | -------------------------------------------------------------------------------- /clusters/moo-cluster/monitoring/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | # kind: Kustomization 3 | # metadata: 4 | # name: 80-monitoring 5 | # namespace: monitoring 6 | # spec: 7 | # interval: 10m0s 8 | # retryInterval: 6m0s 9 | # timeout: 4m0s 10 | # sourceRef: 11 | # kind: GitRepository 12 | # name: flux-system 13 | # namespace: flux-system 14 | # path: ./apps/monitoring 15 | # prune: true 16 | # wait: false 17 | # suspend: false 18 | -------------------------------------------------------------------------------- /clusters/moo-cluster/my-secrets/my-secrets-kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: 20-my-secrets 5 | namespace: flux-system 6 | spec: 7 | interval: 9m26s 8 | retryInterval: 10s 9 | timeout: 4m0s 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-sync 13 | decryption: 14 | provider: sops 15 | secretRef: 16 | name: sops-gpg 17 | path: ./secrets/moo-cluster 18 | prune: false 19 | wait: true 20 | #suspend: false 21 | -------------------------------------------------------------------------------- /clusters/moo-cluster/persistence/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: 12-persistence 5 | namespace: harbor 6 | spec: 7 | interval: 10m0s 8 | retryInterval: 40s 9 | timeout: 4m0s 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | namespace: flux-system 14 | path: ./persistence 15 | dependsOn: [] 16 | prune: false 17 | wait: false 18 | #suspend: false 19 | -------------------------------------------------------------------------------- /clusters/moo-cluster/routers/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 2 | kind: Kustomization 3 | metadata: 4 | name: 40-routers 5 | namespace: traefik-staging 6 | spec: 7 | interval: 60m0s 8 | retryInterval: 1m10s 9 | timeout: 1m0s 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-sync 13 | namespace: flux-system 14 | path: ./apps/routers 15 | dependsOn: 16 | - name: infrastructure 17 | namespace: flux-system 18 | - name: traefik-api-crds 19 | namespace: flux-system 20 | prune: true 21 | wait: true 22 | #suspend: false 23 | -------------------------------------------------------------------------------- /clusters/moo-cluster/scrob/flux-kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 3 | kind: Kustomization 4 | metadata: 5 | name: 93-scrob-prod 6 | namespace: scrob-production 7 | spec: 8 | interval: 7m44s 9 | timeout: 2m0s 10 | retryInterval: 30s 11 | path: ./manifests 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: scrob-web 16 | namespace: scrob-production 17 | dependsOn: 18 | - name: infrastructure 19 | namespace: flux-system 20 | - name: 11-certificates 21 | namespace: flux-system 22 | - name: 20-my-secrets 23 | namespace: flux-system 24 | # - name: 30-ingress-nginx 25 | # namespace: ingress-nginx 26 | -------------------------------------------------------------------------------- /clusters/moo-cluster/scrob/gitrepo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: GitRepository 4 | metadata: 5 | name: scrob-web 6 | namespace: scrob-production 7 | spec: 8 | interval: 30m0s 9 | ref: 10 | branch: main 11 | url: https://github.com/kingdonb/scrob-web 12 | -------------------------------------------------------------------------------- /clusters/moo-cluster/scrob/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - flux-kustomization.yaml 5 | - gitrepo.yaml 6 | - scrob-web-receiver.yaml 7 | -------------------------------------------------------------------------------- /clusters/moo-cluster/scrob/scrob-web-receiver.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: notification.toolkit.fluxcd.io/v1beta2 3 | kind: Receiver 4 | metadata: 5 | name: scrob-web 6 | namespace: flux-system 7 | spec: 8 | events: 9 | - push 10 | - ping 11 | resources: 12 | - kind: GitRepository 13 | name: scrob-web 14 | namespace: scrob-production 15 | secretRef: 16 | name: webhook-token 17 | type: github 18 | -------------------------------------------------------------------------------- /clusters/moo-cluster/staging/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../../base/staging 5 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/argocd-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: argocd 5 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/cert-manager-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: cert-manager 5 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/chartmuseum-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: chartmuseum 5 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/deis-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: deis 5 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/harbor-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: harbor 5 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/ingress-nginx-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: ingress-nginx 5 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/keycloak-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: keycloak 5 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/kpack-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: kpack 5 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/kube-oidc-proxy-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: kube-oidc-proxy 5 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/kubytest-production-namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Namespace 3 | apiVersion: v1 4 | metadata: 5 | name: kubytest-production 6 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/metallb-system-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: metallb-system 7 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/minecraft-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: minecraft 5 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/monitoring-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: monitoring 5 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/openvpn-as-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: openvpn 5 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/planet-store-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: planet-store 5 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/podinfo-namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: podinfo-staging 7 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/scrob-production-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: scrob-production 5 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/sintache-namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: sintache 6 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/traefik-staging-namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: traefik-staging 6 | -------------------------------------------------------------------------------- /clusters/moo-cluster/zznamespaces/whoami-namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: whoami-staging 7 | -------------------------------------------------------------------------------- /clusters/my-test-cluster/flux-system/gotk-sync.yaml: -------------------------------------------------------------------------------- 1 | # This manifest was generated by flux. DO NOT EDIT. 2 | --- 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: GitRepository 5 | metadata: 6 | name: flux-system 7 | namespace: flux-system 8 | spec: 9 | interval: 1m0s 10 | ref: 11 | branch: main 12 | secretRef: 13 | name: flux-system 14 | url: ssh://git@github.com/kingdonb/bootstrap-repo 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 17 | kind: Kustomization 18 | metadata: 19 | name: flux-system 20 | namespace: flux-system 21 | spec: 22 | interval: 10m0s 23 | path: ./clusters/my-test-cluster 24 | prune: true 25 | sourceRef: 26 | kind: GitRepository 27 | name: flux-system 28 | -------------------------------------------------------------------------------- /clusters/my-test-cluster/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - gotk-components.yaml 5 | - gotk-sync.yaml 6 | -------------------------------------------------------------------------------- /clusters/production/apps.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 4 | kind: Kustomization 5 | metadata: 6 | name: apps 7 | namespace: flux-system 8 | spec: 9 | interval: 10m0s 10 | dependsOn: 11 | - name: infrastructure 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | path: ./apps/production 16 | prune: true 17 | wait: true 18 | -------------------------------------------------------------------------------- /clusters/production/flux-system/gotk-sync.yaml: -------------------------------------------------------------------------------- 1 | # This manifest was generated by flux. DO NOT EDIT. 2 | --- 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: GitRepository 5 | metadata: 6 | name: flux-system 7 | namespace: flux-system 8 | spec: 9 | interval: 1m0s 10 | ref: 11 | branch: main 12 | secretRef: 13 | name: flux-system 14 | url: ssh://git@github.com/kingdonb/bootstrap-repo 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 17 | kind: Kustomization 18 | metadata: 19 | name: flux-system 20 | namespace: flux-system 21 | spec: 22 | interval: 10m0s 23 | path: ./clusters/production 24 | prune: true 25 | sourceRef: 26 | kind: GitRepository 27 | name: flux-system 28 | -------------------------------------------------------------------------------- /clusters/production/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - gotk-components.yaml 5 | - gotk-sync.yaml 6 | -------------------------------------------------------------------------------- /clusters/production/infrastructure.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 4 | kind: Kustomization 5 | metadata: 6 | name: infrastructure 7 | namespace: flux-system 8 | spec: 9 | interval: 10m0s 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | path: ./infrastructure 14 | prune: true 15 | wait: true 16 | -------------------------------------------------------------------------------- /clusters/staging/apps.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 4 | kind: Kustomization 5 | metadata: 6 | name: apps 7 | namespace: flux-system 8 | spec: 9 | interval: 10m0s 10 | timeout: 2m0s 11 | retryInterval: 2m30s 12 | dependsOn: 13 | - name: infrastructure 14 | - name: 12-persistence # traefik depends on traefik-tls pvc for persistence 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | path: ./apps/staging 19 | prune: true 20 | wait: true 21 | -------------------------------------------------------------------------------- /clusters/staging/flux-system/gotk-sync.yaml: -------------------------------------------------------------------------------- 1 | # This manifest was generated by flux. DO NOT EDIT. 2 | --- 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: GitRepository 5 | metadata: 6 | name: flux-system 7 | namespace: flux-system 8 | spec: 9 | interval: 1m0s 10 | ref: 11 | branch: staging 12 | secretRef: 13 | name: flux-system 14 | url: ssh://git@github.com/kingdonb/bootstrap-repo 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 17 | kind: Kustomization 18 | metadata: 19 | name: flux-system 20 | namespace: flux-system 21 | spec: 22 | interval: 10m0s 23 | path: ./clusters/staging 24 | prune: true 25 | sourceRef: 26 | kind: GitRepository 27 | name: flux-system 28 | -------------------------------------------------------------------------------- /clusters/staging/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - gotk-components.yaml 5 | - gotk-sync.yaml 6 | -------------------------------------------------------------------------------- /clusters/staging/infrastructure.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 4 | kind: Kustomization 5 | metadata: 6 | name: infrastructure 7 | namespace: flux-system 8 | spec: 9 | interval: 10m0s 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | path: ./infrastructure 14 | prune: true 15 | wait: true 16 | -------------------------------------------------------------------------------- /clusters/talos-dev/podinfo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: podinfo 5 | namespace: default 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: podinfo 10 | template: 11 | metadata: 12 | labels: 13 | app: podinfo 14 | spec: 15 | containers: 16 | - name: podinfod 17 | image: ghcr.io/stefanprodan/podinfo:5.0.3 # {"$imagepolicy": "default:podinfo"} 18 | imagePullPolicy: IfNotPresent 19 | ports: 20 | - name: http 21 | containerPort: 9898 22 | protocol: TCP 23 | -------------------------------------------------------------------------------- /clusters/vcluster/flux-system/gotk-sync.yaml: -------------------------------------------------------------------------------- 1 | # This manifest was generated by flux. DO NOT EDIT. 2 | --- 3 | apiVersion: source.toolkit.fluxcd.io/v1beta2 4 | kind: GitRepository 5 | metadata: 6 | name: flux-system 7 | namespace: flux-system 8 | spec: 9 | interval: 1m0s 10 | ref: 11 | branch: main 12 | secretRef: 13 | name: flux-system 14 | url: ssh://git@github.com/kingdonb/bootstrap-repo 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 17 | kind: Kustomization 18 | metadata: 19 | name: flux-system 20 | namespace: flux-system 21 | spec: 22 | interval: 10m0s 23 | path: ./clusters/vcluster 24 | prune: false 25 | suspend: true 26 | sourceRef: 27 | kind: GitRepository 28 | name: flux-system 29 | -------------------------------------------------------------------------------- /clusters/vcluster/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - gotk-components.yaml 5 | - gotk-sync.yaml 6 | -------------------------------------------------------------------------------- /clusters/vcluster/testing/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: bad-podinfo 5 | namespace: default 6 | spec: 7 | interval: 5m 8 | releaseName: web-miles-web-sofico-customer-support-design-200-desi 9 | chart: 10 | spec: 11 | chart: podinfo 12 | version: '*' 13 | sourceRef: 14 | kind: HelmRepository 15 | name: podinfo 16 | namespace: default 17 | interval: 1m 18 | values: 19 | replicaCount: 2 20 | -------------------------------------------------------------------------------- /clusters/vcluster/testing/helmrepo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1beta2 2 | kind: HelmRepository 3 | metadata: 4 | name: podinfo 5 | namespace: default 6 | spec: 7 | interval: 1m 8 | url: https://stefanprodan.github.io/podinfo 9 | -------------------------------------------------------------------------------- /infrastructure/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: flux-system 4 | resources: 5 | - traefik-crds.yaml 6 | -------------------------------------------------------------------------------- /infrastructure/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - crds 6 | # - kpack-release-0.6.0.yaml 7 | # - planet-clusterstack.yaml 8 | # - planet-clusterstore.yaml 9 | -------------------------------------------------------------------------------- /infrastructure/planet-clusterstack.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kpack.io/v1alpha2 2 | kind: ClusterStack 3 | metadata: 4 | name: full 5 | spec: 6 | id: "io.buildpacks.stacks.bionic" 7 | buildImage: 8 | image: "paketobuildpacks/build:full-cnb" 9 | runImage: 10 | image: "paketobuildpacks/run:full-cnb" 11 | -------------------------------------------------------------------------------- /infrastructure/planet-clusterstore.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kpack.io/v1alpha2 2 | kind: ClusterStore 3 | metadata: 4 | name: default 5 | spec: 6 | sources: 7 | - image: gcr.io/paketo-buildpacks/ruby 8 | -------------------------------------------------------------------------------- /persistence-hephy-stg/deis-hephy-pvc-pv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | annotations: 5 | pv.kubernetes.io/provisioned-by: rancher.io/local-path 6 | name: pvc-c2160e8b-eed1-417e-851e-e27ba3fde324 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | capacity: 11 | storage: 10Gi 12 | hostPath: 13 | path: /opt/local-path-provisioner/pvc-c2160e8b-eed1-417e-851e-e27ba3fde324_deis_deis-hephy 14 | type: DirectoryOrCreate 15 | nodeAffinity: 16 | required: 17 | nodeSelectorTerms: 18 | - matchExpressions: 19 | - key: kubernetes.io/hostname 20 | operator: In 21 | values: 22 | - msigaming 23 | persistentVolumeReclaimPolicy: Retain 24 | storageClassName: local-path 25 | -------------------------------------------------------------------------------- /persistence-hephy-stg/deis-hephy-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | annotations: 5 | volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path 6 | volume.kubernetes.io/selected-node: msigaming 7 | labels: 8 | app.kubernetes.io/instance: deis-hephy 9 | app.kubernetes.io/name: deis-hephy 10 | name: deis-hephy 11 | namespace: deis 12 | spec: 13 | accessModes: 14 | - ReadWriteOnce 15 | resources: 16 | requests: 17 | storage: 10Gi 18 | storageClassName: local-path 19 | volumeName: pvc-c2160e8b-eed1-417e-851e-e27ba3fde324 20 | -------------------------------------------------------------------------------- /persistence/harbor/harbor-db-postgres-pv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | annotations: 5 | pv.kubernetes.io/provisioned-by: rancher.io/local-path 6 | name: pvc-6ec6cb5c-6e7d-4d20-bb86-8e50046d3f38 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | capacity: 11 | storage: 1Gi 12 | hostPath: 13 | path: /opt/local-path-provisioner/pvc-6ec6cb5c-6e7d-4d20-bb86-8e50046d3f38_harbor_database-data-harbor-database-0 14 | type: DirectoryOrCreate 15 | nodeAffinity: 16 | required: 17 | nodeSelectorTerms: 18 | - matchExpressions: 19 | - key: kubernetes.io/hostname 20 | operator: In 21 | values: 22 | - msigaming 23 | persistentVolumeReclaimPolicy: Retain 24 | storageClassName: local-path 25 | -------------------------------------------------------------------------------- /persistence/harbor/harbor-db-postgres.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | annotations: 5 | volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path 6 | volume.kubernetes.io/selected-node: msigaming 7 | volume.kubernetes.io/storage-provisioner: rancher.io/local-path 8 | labels: 9 | app: harbor 10 | chart: harbor 11 | component: database 12 | heritage: Helm 13 | release: harbor 14 | name: database-data-harbor-database-0 15 | namespace: harbor 16 | spec: 17 | accessModes: 18 | - ReadWriteOnce 19 | resources: 20 | requests: 21 | storage: 1Gi 22 | storageClassName: local-path 23 | volumeName: pvc-6ec6cb5c-6e7d-4d20-bb86-8e50046d3f38 24 | -------------------------------------------------------------------------------- /persistence/harbor/harbor-jobservice-pv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | annotations: 5 | pv.kubernetes.io/provisioned-by: rancher.io/local-path 6 | name: pvc-7f0f4586-d250-40b6-b149-758ba9c0c8a9 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | capacity: 11 | storage: 1Gi 12 | hostPath: 13 | path: /opt/local-path-provisioner/pvc-7f0f4586-d250-40b6-b149-758ba9c0c8a9_harbor_harbor-jobservice 14 | type: DirectoryOrCreate 15 | nodeAffinity: 16 | required: 17 | nodeSelectorTerms: 18 | - matchExpressions: 19 | - key: kubernetes.io/hostname 20 | operator: In 21 | values: 22 | - msigaming 23 | persistentVolumeReclaimPolicy: Retain 24 | storageClassName: local-path 25 | -------------------------------------------------------------------------------- /persistence/harbor/harbor-redis-pv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | annotations: 5 | pv.kubernetes.io/provisioned-by: rancher.io/local-path 6 | name: pvc-78670a3b-c0ea-4130-9740-ae48eec43bbd 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | capacity: 11 | storage: 1Gi 12 | hostPath: 13 | path: /opt/local-path-provisioner/pvc-78670a3b-c0ea-4130-9740-ae48eec43bbd_harbor_data-harbor-redis-0 14 | type: DirectoryOrCreate 15 | nodeAffinity: 16 | required: 17 | nodeSelectorTerms: 18 | - matchExpressions: 19 | - key: kubernetes.io/hostname 20 | operator: In 21 | values: 22 | - msigaming 23 | persistentVolumeReclaimPolicy: Retain 24 | storageClassName: local-path 25 | -------------------------------------------------------------------------------- /persistence/harbor/harbor-redis.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | annotations: 5 | volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path 6 | volume.kubernetes.io/selected-node: msigaming 7 | volume.kubernetes.io/storage-provisioner: rancher.io/local-path 8 | labels: 9 | app: harbor 10 | chart: harbor 11 | component: redis 12 | heritage: Helm 13 | release: harbor 14 | name: data-harbor-redis-0 15 | namespace: harbor 16 | spec: 17 | accessModes: 18 | - ReadWriteOnce 19 | resources: 20 | requests: 21 | storage: 1Gi 22 | storageClassName: local-path 23 | volumeName: pvc-78670a3b-c0ea-4130-9740-ae48eec43bbd 24 | -------------------------------------------------------------------------------- /persistence/harbor/harbor-registry-pv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | annotations: 5 | pv.kubernetes.io/provisioned-by: rancher.io/local-path 6 | name: pvc-f6c57a73-91d5-4bac-b7a2-0bd3d11bec16 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | capacity: 11 | storage: 5Gi 12 | hostPath: 13 | path: /opt/local-path-provisioner/pvc-f6c57a73-91d5-4bac-b7a2-0bd3d11bec16_harbor_harbor-registry 14 | type: DirectoryOrCreate 15 | nodeAffinity: 16 | required: 17 | nodeSelectorTerms: 18 | - matchExpressions: 19 | - key: kubernetes.io/hostname 20 | operator: In 21 | values: 22 | - msigaming 23 | persistentVolumeReclaimPolicy: Retain 24 | storageClassName: local-path 25 | -------------------------------------------------------------------------------- /persistence/harbor/harbor-trivy-pv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | annotations: 5 | pv.kubernetes.io/provisioned-by: rancher.io/local-path 6 | name: pvc-e0215d50-9977-48ea-8e36-29e8b60e5620 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | capacity: 11 | storage: 5Gi 12 | hostPath: 13 | path: /opt/local-path-provisioner/pvc-e0215d50-9977-48ea-8e36-29e8b60e5620_harbor_data-harbor-trivy-0 14 | type: DirectoryOrCreate 15 | nodeAffinity: 16 | required: 17 | nodeSelectorTerms: 18 | - matchExpressions: 19 | - key: kubernetes.io/hostname 20 | operator: In 21 | values: 22 | - msigaming 23 | persistentVolumeReclaimPolicy: Retain 24 | storageClassName: local-path 25 | -------------------------------------------------------------------------------- /persistence/harbor/harbor-trivy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | annotations: 5 | volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path 6 | volume.kubernetes.io/selected-node: msigaming 7 | volume.kubernetes.io/storage-provisioner: rancher.io/local-path 8 | labels: 9 | app: harbor 10 | chart: harbor 11 | component: trivy 12 | heritage: Helm 13 | release: harbor 14 | name: data-harbor-trivy-0 15 | namespace: harbor 16 | spec: 17 | accessModes: 18 | - ReadWriteOnce 19 | resources: 20 | requests: 21 | storage: 5Gi 22 | storageClassName: local-path 23 | volumeName: pvc-e0215d50-9977-48ea-8e36-29e8b60e5620 24 | -------------------------------------------------------------------------------- /persistence/minecraft/my-first-minecraft-minecraft-datadir-pvc-pv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: pvc-31a35ad1-1cbb-4f59-bc11-24dc710934bf 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | capacity: 9 | storage: 1Gi 10 | hostPath: 11 | path: /opt/local-path-provisioner/pvc-31a35ad1-1cbb-4f59-bc11-24dc710934bf_vcluster-moo-cluster-mgorr_my-first-minecraft-minecraft-datadir-x-minecraft-x-moo-cluster 12 | type: DirectoryOrCreate 13 | nodeAffinity: 14 | required: 15 | nodeSelectorTerms: 16 | - matchExpressions: 17 | - key: kubernetes.io/hostname 18 | operator: In 19 | values: 20 | - hpworker01 21 | storageClassName: local-path 22 | -------------------------------------------------------------------------------- /persistence/minecraft/my-first-minecraft-minecraft-datadir-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | annotations: 5 | volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path 6 | labels: 7 | app: my-first-minecraft-minecraft 8 | name: my-first-minecraft-minecraft-datadir 9 | namespace: minecraft 10 | spec: 11 | accessModes: 12 | - ReadWriteOnce 13 | resources: 14 | requests: 15 | storage: 1Gi 16 | storageClassName: local-path 17 | volumeName: pvc-31a35ad1-1cbb-4f59-bc11-24dc710934bf 18 | -------------------------------------------------------------------------------- /persistence/minio-stage-pvc-pv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | annotations: 5 | pv.kubernetes.io/provisioned-by: rancher.io/local-path 6 | name: pvc-61decf71-3bed-406f-8836-18dcbb3ef89e 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | capacity: 11 | storage: 10Gi 12 | hostPath: 13 | path: /opt/local-path-provisioner/pvc-61decf71-3bed-406f-8836-18dcbb3ef89e_minio-stage_minio-stage 14 | type: DirectoryOrCreate 15 | nodeAffinity: 16 | required: 17 | nodeSelectorTerms: 18 | - matchExpressions: 19 | - key: kubernetes.io/hostname 20 | operator: In 21 | values: 22 | - msigaming 23 | persistentVolumeReclaimPolicy: Retain 24 | storageClassName: local-path 25 | -------------------------------------------------------------------------------- /persistence/minio-stage-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | annotations: 5 | volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path 6 | volume.kubernetes.io/selected-node: msigaming 7 | labels: 8 | app.kubernetes.io/instance: minio-stage 9 | app.kubernetes.io/name: minio-stage 10 | name: minio-stage 11 | namespace: minio-stage 12 | spec: 13 | accessModes: 14 | - ReadWriteOnce 15 | resources: 16 | requests: 17 | storage: 10Gi 18 | storageClassName: local-path 19 | volumeName: pvc-61decf71-3bed-406f-8836-18dcbb3ef89e 20 | -------------------------------------------------------------------------------- /persistence/minio-storage-pvc-pv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | annotations: 5 | pv.kubernetes.io/provisioned-by: rancher.io/local-path 6 | name: pvc-2478ba23-430c-41b3-a73f-7838a7e2cb84 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | capacity: 11 | storage: 10Gi 12 | hostPath: 13 | path: /opt/local-path-provisioner/pvc-2478ba23-430c-41b3-a73f-7838a7e2cb84_minio-juozas_minio-storage 14 | type: DirectoryOrCreate 15 | nodeAffinity: 16 | required: 17 | nodeSelectorTerms: 18 | - matchExpressions: 19 | - key: kubernetes.io/hostname 20 | operator: In 21 | values: 22 | - msigaming 23 | persistentVolumeReclaimPolicy: Retain 24 | storageClassName: local-path 25 | -------------------------------------------------------------------------------- /persistence/minio-storage-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | annotations: 5 | volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path 6 | volume.kubernetes.io/selected-node: msigaming 7 | labels: 8 | app.kubernetes.io/instance: minio-storage 9 | app.kubernetes.io/name: minio-storage 10 | name: minio-storage 11 | namespace: minio-juozas 12 | spec: 13 | accessModes: 14 | - ReadWriteOnce 15 | resources: 16 | requests: 17 | storage: 10Gi 18 | storageClassName: local-path 19 | volumeName: pvc-2478ba23-430c-41b3-a73f-7838a7e2cb84 20 | -------------------------------------------------------------------------------- /persistence/openvpn-openvpn-as-state-pvc-pv.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: v1 2 | # kind: PersistentVolume 3 | # metadata: 4 | # annotations: 5 | # pv.kubernetes.io/provisioned-by: rancher.io/local-path 6 | # name: pvc-a29afaac-3a43-4a0c-bbe0-f9f907e4c7d4 7 | # spec: 8 | # accessModes: 9 | # - ReadWriteOnce 10 | # capacity: 11 | # storage: 8Gi 12 | # persistentVolumeReclaimPolicy: Retain 13 | # hostPath: 14 | # path: /opt/local-path-provisioner/pvc-a29afaac-3a43-4a0c-bbe0-f9f907e4c7d4_openvpn_openvpn-openvpn-as-state 15 | # type: DirectoryOrCreate 16 | # nodeAffinity: 17 | # required: 18 | # nodeSelectorTerms: 19 | # - matchExpressions: 20 | # - key: kubernetes.io/hostname 21 | # operator: In 22 | # values: 23 | # - moo 24 | # storageClassName: local-path 25 | -------------------------------------------------------------------------------- /persistence/openvpn-openvpn-as-state-pvc.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: v1 2 | # kind: PersistentVolumeClaim 3 | # metadata: 4 | # annotations: 5 | # volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path 6 | # volume.kubernetes.io/selected-node: moo 7 | # labels: 8 | # app.kubernetes.io/instance: openvpn 9 | # app.kubernetes.io/name: openvpn-as 10 | # name: openvpn-openvpn-as-state 11 | # namespace: openvpn 12 | # spec: 13 | # accessModes: 14 | # - ReadWriteOnce 15 | # resources: 16 | # requests: 17 | # storage: 8Gi 18 | # storageClassName: local-path 19 | # volumeName: pvc-a29afaac-3a43-4a0c-bbe0-f9f907e4c7d4 20 | -------------------------------------------------------------------------------- /persistence/traefik-tls-pvc-pv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | annotations: 5 | pv.kubernetes.io/provisioned-by: rancher.io/local-path 6 | name: pvc-65d3ca0d-7ba1-481a-9b5a-1f0f0fb9e453 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | capacity: 11 | storage: 10Gi 12 | hostPath: 13 | path: /opt/local-path-provisioner/pvc-65d3ca0d-7ba1-481a-9b5a-1f0f0fb9e453_traefik-staging_traefik-tls 14 | type: DirectoryOrCreate 15 | nodeAffinity: 16 | required: 17 | nodeSelectorTerms: 18 | - matchExpressions: 19 | - key: kubernetes.io/hostname 20 | operator: In 21 | values: 22 | - msigaming 23 | persistentVolumeReclaimPolicy: Retain 24 | storageClassName: local-path 25 | -------------------------------------------------------------------------------- /persistence/traefik-tls-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | annotations: 5 | volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path 6 | volume.kubernetes.io/selected-node: msigaming 7 | labels: 8 | app.kubernetes.io/instance: traefik-tls 9 | app.kubernetes.io/name: traefik-tls 10 | name: traefik-tls 11 | namespace: traefik-staging 12 | spec: 13 | accessModes: 14 | - ReadWriteOnce 15 | resources: 16 | requests: 17 | storage: 10Gi 18 | storageClassName: local-path 19 | volumeName: pvc-65d3ca0d-7ba1-481a-9b5a-1f0f0fb9e453 20 | -------------------------------------------------------------------------------- /secrets/WARNING.md: -------------------------------------------------------------------------------- 1 | README - WARNING - README 2 | 3 | Do not do what I have done here. Secrets should not be in a public repo. 4 | How can we have a good example that isn't in public? I don't know, but it's 5 | a bad idea to put (even encrypted) secrets in a public repository like this. 6 | 7 | We're going to have to delete this, and replace it with a reference to show 8 | how secrets are meant to be handled in a more reasonable way (with a private 9 | repository, say) and put up one of those "not a place of honor" do not dig 10 | radioactive materials warning indicators. Do not store sensitive credentials 11 | in a public place, even encrypted like this. 12 | 13 | WARNING - README - WARNING 14 | -------------------------------------------------------------------------------- /secrets/cluster-api/.sops.yaml: -------------------------------------------------------------------------------- 1 | creation_rules: 2 | - path_regex: .*.yaml 3 | encrypted_regex: ^(data|stringData)$ 4 | pgp: 90EADBC43730E3189C4556F4F43FB3BBDF8C134A 5 | -------------------------------------------------------------------------------- /secrets/cluster-api/identity.sh: -------------------------------------------------------------------------------- 1 | 2 | export KEY_NAME="cluster-api.turkey.local" 3 | export KEY_COMMENT="flux secrets" 4 | 5 | # gpg --export-secret-keys --armor "${KEY_FP}" | 6 | # kubectl create secret generic cluster-api-sops-gpg \ 7 | # --namespace=flux-system \ 8 | # --from-file=sops.asc=/dev/stdin 9 | -------------------------------------------------------------------------------- /secrets/demo-cluster-2/.sops.yaml: -------------------------------------------------------------------------------- 1 | creation_rules: 2 | - path_regex: .*values.yaml$ 3 | pgp: 79FD1F571145F9C311F19621B629389F44594604 4 | - path_regex: .*\.yaml$ 5 | encrypted_regex: ^(data|stringData)$ 6 | pgp: 79FD1F571145F9C311F19621B629389F44594604 7 | -------------------------------------------------------------------------------- /secrets/demo-cluster-2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: default 4 | resources: 5 | - weave-gitops.yaml 6 | secretGenerator: 7 | - name: weave-gitops-values 8 | files: 9 | - values.yaml=values.enc.yaml 10 | configurations: 11 | - kustomizeconfig.yaml 12 | -------------------------------------------------------------------------------- /secrets/demo-cluster-2/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | nameReference: 2 | - kind: Secret 3 | version: v1 4 | fieldSpecs: 5 | - path: spec/valuesFrom/name 6 | kind: HelmRelease 7 | -------------------------------------------------------------------------------- /secrets/demo-cluster-2/weave-gitops.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: ww-gitops 5 | namespace: default 6 | spec: 7 | targetNamespace: default 8 | chart: 9 | spec: 10 | chart: weave-gitops 11 | sourceRef: 12 | kind: HelmRepository 13 | name: ww-gitops 14 | interval: 1h0m0s 15 | valuesFrom: 16 | - kind: Secret 17 | name: weave-gitops-values 18 | --- 19 | apiVersion: source.toolkit.fluxcd.io/v1beta2 20 | kind: HelmRepository 21 | metadata: 22 | name: ww-gitops 23 | namespace: default 24 | spec: 25 | interval: 1h0m0s 26 | type: oci 27 | url: oci://ghcr.io/weaveworks/charts 28 | -------------------------------------------------------------------------------- /secrets/howard-prod/.sops.yaml: -------------------------------------------------------------------------------- 1 | creation_rules: 2 | - path_regex: ".*\\.yaml" 3 | encrypted_regex: ^(data|stringData)$ 4 | pgp: 4524E49D3C40FB2D0E130205C769E1FE14ADE97A 5 | -------------------------------------------------------------------------------- /secrets/moo-cluster/.sops.yaml: -------------------------------------------------------------------------------- 1 | creation_rules: 2 | - path_regex: .*.yaml 3 | encrypted_regex: ^(data|stringData)$ 4 | pgp: A883B02E14B7EAF0A6BDAF69ECD23C5916E31D4F 5 | - path_regex: .*.env 6 | pgp: A883B02E14B7EAF0A6BDAF69ECD23C5916E31D4F 7 | # - path_regex: .*.json 8 | # pgp: A883B02E14B7EAF0A6BDAF69ECD23C5916E31D4F 9 | # - path_regex: dev\/stdin 10 | # pgp: A883B02E14B7EAF0A6BDAF69ECD23C5916E31D4F 11 | -------------------------------------------------------------------------------- /secrets/moo-cluster/sops-docker-test/creds.txt: -------------------------------------------------------------------------------- 1 | { 2 | "auths": { 3 | "quay.io": { 4 | "auth": "XXX", 5 | "email": "" 6 | } 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /secrets/moo-cluster/sops-docker-test/kustomization.yaml: -------------------------------------------------------------------------------- 1 | namespace: default 2 | secretGenerator: 3 | - name: quay.io 4 | type: kubernetes.io/dockerconfigjson 5 | options: 6 | disableNameSuffixHash: true 7 | files: 8 | - .dockerconfigjson=creds.json 9 | --------------------------------------------------------------------------------