diff --git a/.taskfiles/Flux/Taskfile.yaml b/.taskfiles/Flux/Taskfile.yaml index 10a1392..0460846 100644 --- a/.taskfiles/Flux/Taskfile.yaml +++ b/.taskfiles/Flux/Taskfile.yaml @@ -3,17 +3,17 @@ version: "3" vars: - CLUSTER_SECRET_SOPS_FILE: "{{.CLUSTER_DIR}}/bootstrap/flux/sops-key.sops.yaml" - GITHUB_DEPLOY_KEY_FILE: "{{.CLUSTER_DIR}}/bootstrap/flux/forgejo-deploy-key.sops.yaml" + CLUSTER_SECRET_SOPS_FILE: "{{.CLUSTERS_DIR}}/common/bootstrap/flux/sops-key.sops.yaml" + GITHUB_DEPLOY_KEY_FILE: "{{.CLUSTERS_DIR}}/common/bootstrap/flux/forgejo-deploy-key.sops.yaml" tasks: bootstrap: desc: Bootstrap Flux into a Kubernetes cluster cmds: - - kubectl apply --server-side --kustomize {{.CLUSTER_DIR}}/bootstrap/flux + - kubectl apply --server-side --kustomize {{.CLUSTERS_DIR}}/common/bootstrap/flux - sops --decrypt {{.CLUSTER_SECRET_SOPS_FILE}} | kubectl apply --server-side --filename - - sops --decrypt {{.GITHUB_DEPLOY_KEY_FILE}} | kubectl apply --server-side --filename - - - kubectl apply --server-side --kustomize {{.CLUSTER_DIR}}/flux/config + - kubectl apply --server-side --kustomize {{.CLUSTERS_DIR}}/{{.CLUSTER}}/flux/config preconditions: - { msg: "Missing cluster sops key", sh: "gpg -K 687802D4DFD8AA82EA55666CF7DADAC782D7663D" } diff --git a/Taskfile.yaml b/Taskfile.yaml index 32f674e..9002946 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -3,7 +3,7 @@ version: "3" vars: - CLUSTER_DIR: "{{.ROOT_DIR}}/cluster" + CLUSTERS_DIR: "{{.ROOT_DIR}}/kubernetes" includes: flux: .taskfiles/Flux/Taskfile.yaml diff --git a/kubernetes/main/core/intel-gpu/files/gpu-plugin.yaml b/kubernetes/common/apps/intel-gpu/files/gpu-plugin.yaml similarity index 100% rename from kubernetes/main/core/intel-gpu/files/gpu-plugin.yaml rename to kubernetes/common/apps/intel-gpu/files/gpu-plugin.yaml diff --git a/kubernetes/main/core/intel-gpu/files/helm-repos.yaml b/kubernetes/common/apps/intel-gpu/files/helm-repos.yaml similarity index 100% rename from kubernetes/main/core/intel-gpu/files/helm-repos.yaml rename to kubernetes/common/apps/intel-gpu/files/helm-repos.yaml diff --git a/kubernetes/main/core/intel-gpu/files/intel-device-plugins-operator.yaml b/kubernetes/common/apps/intel-gpu/files/intel-device-plugins-operator.yaml similarity index 100% rename from kubernetes/main/core/intel-gpu/files/intel-device-plugins-operator.yaml rename to kubernetes/common/apps/intel-gpu/files/intel-device-plugins-operator.yaml diff --git a/kubernetes/main/core/intel-gpu/files/kustomization.yaml b/kubernetes/common/apps/intel-gpu/files/kustomization.yaml similarity index 100% rename from kubernetes/main/core/intel-gpu/files/kustomization.yaml rename to kubernetes/common/apps/intel-gpu/files/kustomization.yaml diff --git a/kubernetes/main/core/intel-gpu/files/namespace.yaml b/kubernetes/common/apps/intel-gpu/files/namespace.yaml similarity index 100% rename from kubernetes/main/core/intel-gpu/files/namespace.yaml rename to kubernetes/common/apps/intel-gpu/files/namespace.yaml diff --git a/kubernetes/main/core/intel-gpu/ks.yaml b/kubernetes/common/apps/intel-gpu/ks.yaml similarity index 100% rename from kubernetes/main/core/intel-gpu/ks.yaml rename to kubernetes/common/apps/intel-gpu/ks.yaml diff --git a/kubernetes/main/core/networking/metallb/helm-release.yaml b/kubernetes/common/apps/metallb/helm-release.yaml similarity index 100% rename from kubernetes/main/core/networking/metallb/helm-release.yaml rename to kubernetes/common/apps/metallb/helm-release.yaml diff --git a/kubernetes/main/core/networking/metallb/kustomization.yaml b/kubernetes/common/apps/metallb/kustomization.yaml similarity index 100% rename from kubernetes/main/core/networking/metallb/kustomization.yaml rename to kubernetes/common/apps/metallb/kustomization.yaml diff --git a/kubernetes/main/core/networking/metallb/metallb-static-ips.yaml b/kubernetes/common/apps/metallb/metallb-static-ips.yaml similarity index 100% rename from kubernetes/main/core/networking/metallb/metallb-static-ips.yaml rename to kubernetes/common/apps/metallb/metallb-static-ips.yaml diff --git a/kubernetes/main/core/networking/metallb/namespace.yaml b/kubernetes/common/apps/metallb/namespace.yaml similarity index 100% rename from kubernetes/main/core/networking/metallb/namespace.yaml rename to kubernetes/common/apps/metallb/namespace.yaml diff --git a/kubernetes/main/core/nfd/files/helm-repos.yaml b/kubernetes/common/apps/nfd/files/helm-repos.yaml similarity index 100% rename from kubernetes/main/core/nfd/files/helm-repos.yaml rename to kubernetes/common/apps/nfd/files/helm-repos.yaml diff --git a/kubernetes/main/core/nfd/files/kustomization.yaml b/kubernetes/common/apps/nfd/files/kustomization.yaml similarity index 100% rename from kubernetes/main/core/nfd/files/kustomization.yaml rename to kubernetes/common/apps/nfd/files/kustomization.yaml diff --git a/kubernetes/main/core/nfd/files/nfd.yaml b/kubernetes/common/apps/nfd/files/nfd.yaml similarity index 100% rename from kubernetes/main/core/nfd/files/nfd.yaml rename to kubernetes/common/apps/nfd/files/nfd.yaml diff --git a/kubernetes/main/core/nfd/ks.yaml b/kubernetes/common/apps/nfd/ks.yaml similarity index 100% rename from kubernetes/main/core/nfd/ks.yaml rename to kubernetes/common/apps/nfd/ks.yaml diff --git a/kubernetes/main/core/storage/openebs/helm-release.yaml b/kubernetes/common/apps/openebs/helm-release.yaml similarity index 100% rename from kubernetes/main/core/storage/openebs/helm-release.yaml rename to kubernetes/common/apps/openebs/helm-release.yaml diff --git a/kubernetes/main/core/storage/openebs/helm-repository.yaml b/kubernetes/common/apps/openebs/helm-repository.yaml similarity index 100% rename from kubernetes/main/core/storage/openebs/helm-repository.yaml rename to kubernetes/common/apps/openebs/helm-repository.yaml diff --git a/kubernetes/main/core/storage/openebs/kustomization.yaml b/kubernetes/common/apps/openebs/kustomization.yaml similarity index 72% rename from kubernetes/main/core/storage/openebs/kustomization.yaml rename to kubernetes/common/apps/openebs/kustomization.yaml index 3989888..dec9b5f 100644 --- a/kubernetes/main/core/storage/openebs/kustomization.yaml +++ b/kubernetes/common/apps/openebs/kustomization.yaml @@ -4,5 +4,4 @@ resources: - ./namespace.yaml - ./helm-repository.yaml - ./helm-release.yaml -- ./mainpool-sc.yaml - ./monitoring-helm-release.yaml \ No newline at end of file diff --git a/kubernetes/main/core/storage/openebs/monitoring-helm-release.yaml b/kubernetes/common/apps/openebs/monitoring-helm-release.yaml similarity index 100% rename from kubernetes/main/core/storage/openebs/monitoring-helm-release.yaml rename to kubernetes/common/apps/openebs/monitoring-helm-release.yaml diff --git a/kubernetes/main/core/storage/openebs/namespace.yaml b/kubernetes/common/apps/openebs/namespace.yaml similarity index 100% rename from kubernetes/main/core/storage/openebs/namespace.yaml rename to kubernetes/common/apps/openebs/namespace.yaml diff --git a/kubernetes/main/core/networking/traefik/dashboard-ingress.yaml b/kubernetes/common/apps/traefik/dashboard-ingress.yaml similarity index 100% rename from kubernetes/main/core/networking/traefik/dashboard-ingress.yaml rename to kubernetes/common/apps/traefik/dashboard-ingress.yaml diff --git a/kubernetes/main/core/networking/traefik/default-tls-store.yaml b/kubernetes/common/apps/traefik/default-tls-store.yaml similarity index 100% rename from kubernetes/main/core/networking/traefik/default-tls-store.yaml rename to kubernetes/common/apps/traefik/default-tls-store.yaml diff --git a/kubernetes/main/core/networking/traefik/helm-release.yaml b/kubernetes/common/apps/traefik/helm-release.yaml similarity index 100% rename from kubernetes/main/core/networking/traefik/helm-release.yaml rename to kubernetes/common/apps/traefik/helm-release.yaml diff --git a/kubernetes/main/core/networking/traefik/helm-repository.yaml b/kubernetes/common/apps/traefik/helm-repository.yaml similarity index 100% rename from kubernetes/main/core/networking/traefik/helm-repository.yaml rename to kubernetes/common/apps/traefik/helm-repository.yaml diff --git a/kubernetes/main/core/networking/traefik/kustomization.yaml b/kubernetes/common/apps/traefik/kustomization.yaml similarity index 100% rename from kubernetes/main/core/networking/traefik/kustomization.yaml rename to kubernetes/common/apps/traefik/kustomization.yaml diff --git a/kubernetes/main/core/networking/traefik/namespace.yaml b/kubernetes/common/apps/traefik/namespace.yaml similarity index 100% rename from kubernetes/main/core/networking/traefik/namespace.yaml rename to kubernetes/common/apps/traefik/namespace.yaml diff --git a/kubernetes/main/bootstrap/flux/forgejo-deploy-key.sops.yaml b/kubernetes/common/bootstrap/flux/forgejo-deploy-key.sops.yaml similarity index 100% rename from kubernetes/main/bootstrap/flux/forgejo-deploy-key.sops.yaml rename to kubernetes/common/bootstrap/flux/forgejo-deploy-key.sops.yaml diff --git a/kubernetes/main/bootstrap/flux/kustomization.yaml b/kubernetes/common/bootstrap/flux/kustomization.yaml similarity index 100% rename from kubernetes/main/bootstrap/flux/kustomization.yaml rename to kubernetes/common/bootstrap/flux/kustomization.yaml diff --git a/kubernetes/main/bootstrap/flux/sops-key.sops.yaml b/kubernetes/common/bootstrap/flux/sops-key.sops.yaml similarity index 100% rename from kubernetes/main/bootstrap/flux/sops-key.sops.yaml rename to kubernetes/common/bootstrap/flux/sops-key.sops.yaml diff --git a/kubernetes/main/core/kustomization.yaml b/kubernetes/main/core/kustomization.yaml index c4557a3..991316d 100644 --- a/kubernetes/main/core/kustomization.yaml +++ b/kubernetes/main/core/kustomization.yaml @@ -4,8 +4,13 @@ resources: - ./kube-system - ./helm-repositories.yaml - ./cert-manager -- ./networking -- ./storage +- ../../common/apps/metallb +- ../../common/apps/traefik +# storage +- ./longhorn +- ./openebs + - ./kube-replicator -- ./nfd/ks.yaml -- ./intel-gpu/ks.yaml \ No newline at end of file + +- ../../common/apps/nfd/ks.yaml +- ../../common/apps/intel-gpu/ks.yaml \ No newline at end of file diff --git a/kubernetes/main/core/storage/longhorn/alerts.yaml b/kubernetes/main/core/longhorn/alerts.yaml similarity index 100% rename from kubernetes/main/core/storage/longhorn/alerts.yaml rename to kubernetes/main/core/longhorn/alerts.yaml diff --git a/kubernetes/main/core/storage/longhorn/helm-release.yaml b/kubernetes/main/core/longhorn/helm-release.yaml similarity index 100% rename from kubernetes/main/core/storage/longhorn/helm-release.yaml rename to kubernetes/main/core/longhorn/helm-release.yaml diff --git a/kubernetes/main/core/storage/longhorn/helm-repository.yaml b/kubernetes/main/core/longhorn/helm-repository.yaml similarity index 100% rename from kubernetes/main/core/storage/longhorn/helm-repository.yaml rename to kubernetes/main/core/longhorn/helm-repository.yaml diff --git a/kubernetes/main/core/storage/longhorn/kustomization.yaml b/kubernetes/main/core/longhorn/kustomization.yaml similarity index 100% rename from kubernetes/main/core/storage/longhorn/kustomization.yaml rename to kubernetes/main/core/longhorn/kustomization.yaml diff --git a/kubernetes/main/core/storage/longhorn/namespace.yaml b/kubernetes/main/core/longhorn/namespace.yaml similarity index 100% rename from kubernetes/main/core/storage/longhorn/namespace.yaml rename to kubernetes/main/core/longhorn/namespace.yaml diff --git a/kubernetes/main/core/storage/longhorn/service-monitor.yaml b/kubernetes/main/core/longhorn/service-monitor.yaml similarity index 100% rename from kubernetes/main/core/storage/longhorn/service-monitor.yaml rename to kubernetes/main/core/longhorn/service-monitor.yaml diff --git a/kubernetes/main/core/storage/kustomization.yaml b/kubernetes/main/core/openebs/kustomization.yaml similarity index 59% rename from kubernetes/main/core/storage/kustomization.yaml rename to kubernetes/main/core/openebs/kustomization.yaml index 56090e7..334016a 100644 --- a/kubernetes/main/core/storage/kustomization.yaml +++ b/kubernetes/main/core/openebs/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ./longhorn -- ./openebs -#- ./local-path-provisioner \ No newline at end of file +- ../../../common/apps/openebs +- ./mainpool-sc.yaml \ No newline at end of file diff --git a/kubernetes/main/core/storage/openebs/mainpool-sc.yaml b/kubernetes/main/core/openebs/mainpool-sc.yaml similarity index 100% rename from kubernetes/main/core/storage/openebs/mainpool-sc.yaml rename to kubernetes/main/core/openebs/mainpool-sc.yaml diff --git a/kubernetes/main/core/storage/local-path-provisioner/helm.yaml b/kubernetes/main/core/storage/local-path-provisioner/helm.yaml deleted file mode 100644 index a6966ef..0000000 --- a/kubernetes/main/core/storage/local-path-provisioner/helm.yaml +++ /dev/null @@ -1,82 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: local-path-provisioner - namespace: flux-system -spec: - interval: 1m - url: https://github.com/rancher/local-path-provisioner.git - ref: - tag: v0.0.29 ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: local-path-provisioner - namespace: kube-system -spec: - interval: 15m - chart: - spec: - chart: ./deploy/chart/local-path-provisioner - sourceRef: - kind: GitRepository - name: local-path-provisioner - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - helperImage: - repository: public.ecr.aws/docker/library/busybox - tag: latest - storageClass: - defaultClass: false - nodePathMap: - - node: DEFAULT_PATH_FOR_NON_LISTED_NODES - paths: ["/var/lib/rancher/k3s/storage"] - # Note: Do not enable Flux variable substitution on this HelmRelease - configmap: - setup: |- - #!/bin/sh - while getopts "m:s:p:" opt - do - case $opt in - p) - absolutePath=$OPTARG - ;; - s) - sizeInBytes=$OPTARG - ;; - m) - volMode=$OPTARG - ;; - esac - done - mkdir -m 0777 -p ${absolutePath} - chmod 701 ${absolutePath}/.. - teardown: |- - #!/bin/sh - while getopts "m:s:p:" opt - do - case $opt in - p) - absolutePath=$OPTARG - ;; - s) - sizeInBytes=$OPTARG - ;; - m) - volMode=$OPTARG - ;; - esac - done - rm -rf ${absolutePath} \ No newline at end of file diff --git a/kubernetes/main/secrets/kustomization.yaml b/kubernetes/main/secrets/kustomization.yaml index 69c610d..970b3ed 100644 --- a/kubernetes/main/secrets/kustomization.yaml +++ b/kubernetes/main/secrets/kustomization.yaml @@ -2,5 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./cluster-secrets.sops.yaml -- ./orca-registry-puller.sops.yaml - ./cluster-settings.yaml \ No newline at end of file diff --git a/kubernetes/main/secrets/orca-registry-puller.sops.yaml b/kubernetes/main/secrets/orca-registry-puller.sops.yaml deleted file mode 100644 index c1af45f..0000000 --- a/kubernetes/main/secrets/orca-registry-puller.sops.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: orca-puller - namespace: default - annotations: - replicator.v1.mittwald.de/replication-allowed: "true" - replicator.v1.mittwald.de/replication-allowed-namespaces: '*' -data: - .dockerconfigjson: ENC[AES256_GCM,data:g58h5rYAEZu2W3CYnYHgajsp7wvnFdhyRCt1qWPHbVDC+nwD1TVqTGDga1b2/RTR5tdobqZ9FdP41/1dzZeNBe2lfXOsWhQYd87EhpchFYRgsb9u7ZL32sxERhAxSg+0/AaoIYSHbuBLgRwxqnHOojS7Hcg956L+6Kgh/uiaOGsUrKRjlMAI0aN4agx+n/nU,iv:ichMs+o/3ld90VVq/UatXpAtpD6qjrEIdt0ZRwyh0Gg=,tag:lxvZy9U6sGsndz3sAy3DTQ==,type:str] -type: kubernetes.io/dockerconfigjson -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-07-22T02:12:00Z" - mac: ENC[AES256_GCM,data:yFHVGwFdi2n4Ju6SqqxXDxqxZaHKROIsQZtF+AtJY52f0XJif9jP2fi05dnxULnQ+wWOq4FPwVXc/9GiCiYMItecEApS0+6C7sWxKCWzYYAiFyxSajECzNtr4/XN5yoZBJCgsgFAf42jy9Nr5xLHOAVomnNfmDheS/Pe+Uq9v9E=,iv:oFKca0hHR7ERNgJqDp3pOxzQDBlTCF9Fx1yIl3HCj2o=,tag:107vU6pOFE6Na4BO5C5tiA==,type:str] - pgp: - - created_at: "2023-07-22T02:12:00Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hQIMAzKleRwoSoixAQ//QEVgmHtcIVC1afYtQMgD3Kwb+n0nZid3d/enKN64D+fJ - bw0xXX9tjO4sy3To49k0EDETLW5paxcNApFYL+zajxNfa+EAZfdYxQqKWraQcxvL - /p8bNDyzYDrecWcIdcq4RqrVEA4Ga0K6MmPM0t5l+J/PgguDJWmAxEzlmTb/CdqI - MpUmO0RoLHb6m0vfAkEI0LT5E/37pTdqjAq4eMT9n7zxeHr3NmJBIetahENxTKDk - Ymw7DhBCLZBPvHyxw/kU7hS/yhJMxmLw9mjHuzWkYVYmZQDB/TwqWsL4cVLFNAVu - LqZBHtl2HmaeGefhDij4SfxCj3qTi1e3z1T5wch97XmFanabNizb2oezHYou4h5k - AVqWuxUd13am9YhmRMQ32TPPxyAWpV4W87C/XnIrMrfePH2xy54S2ISyL5lQ1I3K - 5/a4ZMU8hBdCw7FxX6OSAXUd5cCfelJEaRopvwgXF5ZfQjARjQ7iGCedqBQbOsZM - vsf5WQvYxp8uivj7gKxhn+KkqJoM225OQKlSwCQ2bj20WsZ3SrjBuK41iO88urej - SJLAqG42e+nUjHXn/ql794kCHHG59uRES1wWLvgQ6Siu8TxJK6B+fjOrHBMOeSiD - oMKyqWIvziXN5KczkIpOWFCJzHb+AGTUn/a/jCLAqAxAqkWHwwbLdMiUv1053vHS - XgHkdbFnWqSekHCdLXu6q1lJhY+VAyzI55Ex2HvdxzBxWQKZAD4c1fFN/88j/Fb4 - 6/IVZvSU45coCyUR3O+py0s6XvBjrJL6W4haNXMl6nVcTxHgby1JTX5vickv400= - =cqEc - -----END PGP MESSAGE----- - fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5 - - created_at: "2023-07-22T02:12:00Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hQIMAy5t8IMoPu4VAQ//RAyoi7oTNza3klhojjvUXum9iH3pOl1eqNu3qdJc9L4A - rGeo7Q9NTgywAaHQA4N0WPjJfFNkKSFLBxbtRpzlVCNrfontoGoFr5fGFWDh2Kfe - LydY3Zz9yUfcQYuGm8onVM6B6ImYUtM9ZPix808jxfiuz7rvqNmxqTdCa9o5oMHK - TqQ5u26MBR9cFf+W7bxKdDsqm4vEhxxWpEf5wgX+iZboA4O/J8LCVwrp6pb2pJ1q - nMA5ElKk/WZbsB6C20DYNXJRsdHjC1Huye6NDt1Em2XY9qcfWkQskVtohlYCdDCp - TciHgOF32rmN7h1i4j5Ae58AaSQmNRpKZFc192z8+dHdiSlzQEno6XXV11pezz/i - 0ALvy2Q+r7xFA8xXyrOf7xOU/j9T8XCEAeidtQoZzEcINtg93tKItakzqacxRa2C - 4Yj3Wic3LGSX13dZ5cpQNT6P3F6UMVAlVEEu1lHdsAjShbmuFWSFNXVo473O3Nwu - 1imHmfb1xnqbiWS0tKdUX9jMQg+xYPrsAXQESq/9PmPJxl4tsGPzzCu+rMKf9pmF - XqGBASdcf9WaB4Hojm6+4UKb7pPDKAC2vLnOV9ilGv/0z+DwxU0x9swPkAYBm9M9 - KkcaEh8petqyU2J8f91ESU3OafMo2h5OsJvzB2Zte2XIZIZV0h0y8mo6LKOJ1hzS - XgFiMVicO02DFcMkSJXA7ZVnV+1qfJl5vPW6Sa0vDikz/k8jYoRSv2skwZcpFIYf - Kr6LbZskq2QVBDS50HdpbOfyF+N8/mYuSfjKkuVH8oOq0KrZ38eJROiygPgpUYk= - =i9P2 - -----END PGP MESSAGE----- - fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D - encrypted_regex: ^(data|stringData)$ - version: 3.7.3 diff --git a/kubernetes/thin/apps/helm-repositories.yaml b/kubernetes/thin/apps/helm-repositories.yaml new file mode 100644 index 0000000..20eac2d --- /dev/null +++ b/kubernetes/thin/apps/helm-repositories.yaml @@ -0,0 +1,17 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: bitnami-charts + namespace: flux-system +spec: + interval: 1m + url: https://charts.bitnami.com/bitnami +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: bjws-charts + namespace: flux-system +spec: + interval: 1m + url: https://bjw-s.github.io/helm-charts \ No newline at end of file diff --git a/kubernetes/thin/apps/kustomization.yaml b/kubernetes/thin/apps/kustomization.yaml new file mode 100644 index 0000000..5d31a55 --- /dev/null +++ b/kubernetes/thin/apps/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./helm-repositories.yaml +- ../../common/apps/metallb +- ../../common/apps/traefik +# storage +#- ./longhorn +#- ../../common/apps/openebs + +#- ./kube-replicator + +- ../../common/apps/nfd/ks.yaml +- ../../common/apps/intel-gpu/ks.yaml \ No newline at end of file diff --git a/kubernetes/thin/flux/config/cluster.yaml b/kubernetes/thin/flux/config/cluster.yaml new file mode 100644 index 0000000..aed7572 --- /dev/null +++ b/kubernetes/thin/flux/config/cluster.yaml @@ -0,0 +1,62 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: home-cluster + namespace: flux-system +spec: + interval: 1m0s + ref: + branch: feat/thin-cluster + secretRef: + name: forgejo-deploy-key + url: ssh://git@git.seanomik.net/seanomik/k3s-cluster +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cluster-secrets + namespace: flux-system +spec: + timeout: 5m + interval: 10m + path: ./kubernetes/thin/secrets + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: apps + namespace: flux-system +spec: + timeout: 5m + interval: 10m + dependsOn: + - name: cluster-secrets + - name: core + path: ./kubernetes/thin/apps + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets \ No newline at end of file diff --git a/kubernetes/main/core/networking/kustomization.yaml b/kubernetes/thin/flux/config/kustomization.yaml similarity index 76% rename from kubernetes/main/core/networking/kustomization.yaml rename to kubernetes/thin/flux/config/kustomization.yaml index 37a9b9a..00ec3c9 100644 --- a/kubernetes/main/core/networking/kustomization.yaml +++ b/kubernetes/thin/flux/config/kustomization.yaml @@ -1,5 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ./traefik -- ./metallb \ No newline at end of file + - ./cluster.yaml \ No newline at end of file diff --git a/kubernetes/thin/secrets/cluster-secrets.sops.yaml b/kubernetes/thin/secrets/cluster-secrets.sops.yaml new file mode 100644 index 0000000..3e3c2ca --- /dev/null +++ b/kubernetes/thin/secrets/cluster-secrets.sops.yaml @@ -0,0 +1,79 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cluster-secrets + namespace: flux-system +type: Opaque +stringData: + SECRET_MY_EMAIL: ENC[AES256_GCM,data:rNyzxxuVq/1dII5m8OKexQsH,iv:+i/h+iXhBNM7qxDyK7/3pQqp8l7hXDHhnZOwyuwcC3k=,tag:RM3svsBJXpFafRzoLp2NOg==,type:str] + SECRET_LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:uUinHshJ3aUNzJDRQNVNWwNJ,iv:s8kggffO33/E04aUdZvxmgNhoPVKh+HnjX+k0o0DTNc=,tag:qreqEiN28i26OpsagQP5hQ==,type:str] + SECRET_DOMAIN: ENC[AES256_GCM,data:3zCSigeMzhC4H2SDVjqV6Q==,iv:OtUj2mDzmv9afBf4NcDSwZgGdKLJY3WG8qqSbI/NNog=,tag:buWUYjBMtfAVQADN2EREvQ==,type:str] + SECRET_NEW_DOMAIN: ENC[AES256_GCM,data:BDuzEYN7KOlqDUbJyFwHWCQ=,iv:DHrkALxuuEiZhjdLeFArgaORR8ZlsUuW2BT/joEFQGo=,tag:u1zVa2SA4xpgjNcO9iXtiw==,type:str] + SECRET_AUTHENTIK_SECRET_KEY: ENC[AES256_GCM,data:A2S9VBNLw2m6IEEGunHo8T/4v0tp0RvByYc6FIJdx1Q=,iv:Mu+TbsN2Ci2/7LvKhb8XWm6SPJe5ZxS8Z8YWjLwdT1c=,tag:uoatWIMDRLT4XaP0f0kpiQ==,type:str] + SECRET_DATABASE_PGSQL_USER_PASS: ENC[AES256_GCM,data:A++t+kACJthb9w6yml5KJo9Eqc/wp/BFadLzwOQhkhc=,iv:7mA6zCaC360dyJkC5wybh3PnGWjr12q0R/aGKi2D5Rc=,tag:h3BVuMH8VvnSc8LEM85wlQ==,type:str] + SECRET_DATABASE_PGSQL_ADMIN_PASS: ENC[AES256_GCM,data:UyFKnNw20KiJZj/Y5Jba6uFhDU/N+Dijl1mJlCcBgJk=,iv:Il50aBOHREDCDYeXmZks9DVBkq1+z1ZLo2KfibbiWmk=,tag:y/DBhdWLToD30tqVGD3uRg==,type:str] + SECRET_DATABASE_REDIS_PASS: ENC[AES256_GCM,data:ePEMWYYpXF5lv4+RAScXxArlKXq8U21XUYsSWBf8TG0=,iv:Lr9qq1fVuyzleC3oU7izKP/YHoSrtXADl9efz3iWgEw=,tag:73XjcnTWr1wPYFEROznz+A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-09-07T01:46:20Z" + mac: ENC[AES256_GCM,data:vdG/QHWHQge+m6YCBqtAfRsXdWvMLiZQ6DOnaxgaUNpslPvQuHml1kWBsSKrmNmB79jxqB2M6HwEY7ljOMf6ZlTeMs7mW6i0oj368IS6gQGfOHSJ4d34shyXujO9JHEnmL7O0tnOs1bp4ZHxdd/t4Wmq/ii+W/Kbta3/VLtOj/A=,iv:aB8Y4Y0t4ncViBAvH2WAAGgzbrzUSvL3/RRY+VVUKlk=,tag:0BSFABPxUxgRG1fDrDHXug==,type:str] + pgp: + - created_at: "2024-09-07T01:46:20Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAyqlIeyoxYovAQ//XsBS23tIBniGlJAVG7gBJRclDr4ecXUH3LTkVPSaQ4r6 + gLPL19dZaYcs4hkvOOgm0u7tXXPMFHuIWvLLPKwAbZMOGcvhqgSWmVDIFRKOtAKt + mdNeVEWARwf2/3JsVSyh8pyxbdtC1dlY6BB8Cxd95n70ZQdrAbGewAK6sVWWAiRr + uSLiYO/HUdyoP38q77dwG4p8up1qchND92Ie04zowWbiquMq+V/2pgJ3dd51Z5Gn + oD1oNZZZeZaBJ+G3mea5QSzduE7x8R56YyGyBcDOn6gmMxJF8adDBsQfdH2bQCWQ + I2QstgQwXAvvwqexow8x/wEAkUXksB/dZKWOu3QhlFq7vLJ9RXGTaKCg0FCcu8/U + h7x4njNLA2/aidAVL4ufRohiONss2fjcDhpiJ7uyBM/horq2SmABzwoCtmRS/4du + oE/Ygfh+OPa6+SuQmwB+BH255HPsDNeikC/F3XJ/LXKO6460L7yQAdYnKAR3EqVL + KcfrVNIaFAIxLQ7SQ3DaU2ddc18pzPbBDnLwwFoO+mM2u6wwaKZkyjAK/1NlNs/O + WGXjPzBvpjWTQmSL4PhwGmtaolNpE9j3zpLHUs3TcKUKXyzV1f5p2pxXBBo/IYZy + rVkKm2zPR0rgkVjJMWiZ+uazGy3mVbsDj3y/5c+CRYTuNoHk/AuWz3x8KSEz/JCF + AgwDXjg0p2IN1X8BEADFHtP/WpUDejsej2gXlWYJkT6N9IiZqfMKbejk3yAQr9+L + 9J1c5UkDT6MeQpIFs04cZMAVmQRg+Q5D9ipgp8t4PMBNCT6xuQYIvfkdoESQG4Rt + 6FpQHkeKkooXWJJzCppexkKzXeHjfMFm7KPd0jea46uwh+Qx2MbDaoiGK+YCzb82 + mWCpgPfguOdbLaGI2aSYiWTrmMnNZv4cthv4Z/u1ph6NB2X/SbG3ot5O569epLpq + Al9bVUb2ZCEfrRUmqC9eWTr3p+GFRF77u7PVBwOjYItI4Paz+M7EKUmUqvMoj4EF + X+I9Oaac2t9nlIMLKNtq14LkncvdW+xuy83M2dN708ceo0+HxUeHCFyqbogKG8l9 + vQa9OFGleLyeoWlVlBqKco2cQe4xI8UkJryxsBC+36OaeqrCFAhbYpCn5QL/Ij/4 + 8ZPg1RCh9oeFvfripRpQ9G6UNtmvloK8LA/73uHnkztAYx2AFMaI6zQr75F7S8IH + tSGNEUA3MHOU7pIrCp9KnGjjfsChD6J9d0EoOOQfP1nDxVkXrL1afiuFtieJOiru + pyr1LJonGBdBxDDSrfPj6tc1moqIjgiZiDBcImEPv076Wro9EZdTi53CNj9rtEln + hUpFDcNMdwccumMslDl8qNdAKJgFGEORtRqFs+n7nywjAnxqd7gVGKDO4RrjsdRm + AQkCEFhM1Krfrf1RAJz/fnEeg21yvhg47SCgBiNGizLXgyCgK1kGuxB+SpJVMkAg + rdBo5t2UfXkVyJQ00K77you1N17NtPnyKr8xfItd7JRmDpJn40f9MFR2AOyVFC5B + lVleELeG + =bKFu + -----END PGP MESSAGE----- + fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD + - created_at: "2024-09-07T01:46:20Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAy5t8IMoPu4VARAAo2y6IQJlsEAswykjpfDzvQw3TCyTiZWe6duhmnDoXKjK + 8A66oDpQcfl0ubjIj6/FJICLr2PGPb1bgKUEz+vBsp1bv+txUtLwUXJTqFKnCS1H + CRKfEmDSNaAtNEtpOGnCeMffB0ghLvs42mlTUUi7u240FJ6MgD7AvV4UlM5IYOLx + +yZyjzYzgNibyh7rOun2E/df2VhDX0Ns6n9ZPZ3TFSdqsXGJ4bqn8+0MhJYeOMNc + ap3dMMhUuUoH5krvocNymJ6WH8x4LwUJrlQsTdr0edA6BhNYC35a2JcAkOGblaCP + er845gN/iCRhl6i/XFYcz7mhMheYmiVf5TEuMvFsdjBl0yNi65wJz5EX3U01Y63+ + G+UeWCLt9+qDnAG3CN45Hgp46xIXocBvUhqdrg4Srtd+h/12Xlg8vV0jcdezWNm5 + pqWVeLDGjDFZNLvG/p+dWF+EDN/Zv9V3Axb1ChYeRCbue0POqr7X6OS5lWZmuUwa + oaiE2vYFkUCcdZtQANDDluh36Bk2pHAOELcttPa4OO4F0mCopAtg6uDp07WQUUwR + TkELlxQvOQYtTJZkTiiOe7ogr3jXWuz6hp80WN/ZVdh6UtO9cNem3d5+hECUA0LY + NuEPYAAyZxfpvRRIrkV768AS+USqA6VDjistIFc/qTG0L3WeDyP6h0plAJr9OKvU + ZgEJAhCQhjQZwIG7xvkuK2EzSePmMMUl+DEbq1GzgCuzh3Y+X/3pryvEjh+002pe + 55FSHnIZn+nD8Z1jAcRI+6mEZWfNYUXecF98+JBGIe73J/xjNUSWJZpSiYLIMnR6 + 6SKCYH9ORA== + =jqMe + -----END PGP MESSAGE----- + fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D + encrypted_regex: ^(data|stringData)$ + version: 3.9.0 diff --git a/kubernetes/thin/secrets/cluster-settings.yaml b/kubernetes/thin/secrets/cluster-settings.yaml new file mode 100644 index 0000000..cea7f5c --- /dev/null +++ b/kubernetes/thin/secrets/cluster-settings.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-settings + namespace: flux-system +data: + # MetalLB + METALLB_LB_RANGE: 192.168.1.60-192.168.1.70 + SERVER_TIMEZONE: America/New_York \ No newline at end of file diff --git a/kubernetes/thin/secrets/kustomization.yaml b/kubernetes/thin/secrets/kustomization.yaml new file mode 100644 index 0000000..970b3ed --- /dev/null +++ b/kubernetes/thin/secrets/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./cluster-secrets.sops.yaml +- ./cluster-settings.yaml \ No newline at end of file