diff --git a/cluster/base/cluster-secrets.sops.yaml b/cluster/base/cluster-secrets.sops.yaml new file mode 100644 index 0000000..66d8e6c --- /dev/null +++ b/cluster/base/cluster-secrets.sops.yaml @@ -0,0 +1,61 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cluster-secrets + namespace: flux-system +stringData: + SECRET_MY_EMAIL: ENC[AES256_GCM,data:o1mpa9VUFdZOepjGKkD76/Px,iv:u+2VUsHGP0O0Qw5ojE4zuSd80iGTDxB95rXB6JO2CJs=,tag:5xvoFP96iOoYSjbZ9NVX0A==,type:str] + SECRET_LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:J3Q3okoZ4APVwMXcl00pCPnO,iv:F0L/cRRy5FWMqCF+lpQbZwytSl2OqVOLmVtS0B4jRvU=,tag:cnxZCYcFLDFjKNlbMz+dsg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-04-05T02:32:38Z" + mac: ENC[AES256_GCM,data:2O89WN/cDwxmT0bisGGmIDjtuhFF2m7ZIGH33qUH1PdRjGAKGsPgp4NZtkZ6b5G1uvF2bJzzs8BQZty1VFHGm0fbIeoqXDNN1xhQJOOMu9ZhfsKpLSB06Owh+3QTxxRNF3TAIT7wRHr4SDEVwh5vLZhwUHWbJJPaFPX3w+YRqaE=,iv:Co3oTTwuEPdarOsm/NVjhaQmq6ntqVmjyfKpgemVmI8=,tag:jRcGlvu+1mWziskoxV1Zyg==,type:str] + pgp: + - created_at: "2023-04-05T02:28:36Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMAzKleRwoSoixARAAiNv/krMCYHIP95bxfJnuTNYvtBPDBIm6Bn5J6OWlS6Rz + DIEo/MUOvI5MjLYYDttHjasFLComWYD3FvzIt4/Tr2cvpe2gbqNZmlQt6GzBPZ7b + /BDmkXssAtY9s66ai9Vv/HV/iHedjQowK2JP0SCdeWazMPGuayoLxPc+SbsMYABe + IHff98sqF0JMaled3ScGy4b1nUuvt49ZViQ4lgj1Sx6S6AvDW6F3SVIYb7iysQ6E + CPBeUq7MTFyUwFzJyNy2imKj+sljghevRClPeJrMh4I+IDt8dS9rZVDIpgZJk8Tc + gB5bH8eoGwnsK9+Mr/dXCc3k9kTD/jlOVd6L8oHE8SDX3BiyQCuL8voDW2z/pq2A + lc/jsdlXhCuvZSd5+Cm3s9/PppMGqjH7b5o7Yu3d1lK7cuRm/Qvo8aualD10fix0 + z9y5ZnI71VNjPEOyGV+P5GXCZ8XHH4rpfiO/03SkRNkiNvSrYazNGQqZsDtAEWW2 + DdLcWQ/C7MtvD5sLC0ljkBBaMJ19OyZO+rG3UtkZGo47LM04089ToFYLU0g6PGB3 + s3sFDkpZvME5Sl98Dky/ACLhzcEPNwIKejd12+MP0geYB61HJ+WP09EiAio303Xs + OPWQ+Zds8qdwukTD6HQsDcF4hz8uLH1nV9jvHRDRvd3prMYhHmOrNPNRxjrHxFjU + aAEJAhBNL3DpPI0uMNATER9iXVhTkc3RdXGXSwqWwwI2eXn3VHxX445RregyktbG + GQztnqkV7+DYjr0jMn1+saA8wbz6L11/ZmtXr/MVO991ol+FrxbrLYaWEpTK86au + NLtrwFimyMiQ + =fvF1 + -----END PGP MESSAGE----- + fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5 + - created_at: "2023-04-05T02:28:36Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4WLYkVpP8xtAQ//e7yj0vwd62fut5lLAor1A9hpt2aNG5PCPagECJRowbwl + KNH/aEt/kmLSUYPDS8nMGY3OP+y2mBw00yV0IosgkmBIf5rjY4BsaiT1gOZv6LJQ + tK/L8PgoIx1DJtTti2C4gOJadyqtNRi2pe8/bM6jBjkkj56ggv/pP/QQHSIWJv4z + RMA/7M2DNXbuMHDVbcp1PbnT8xPoxcfNRoFS/JDxqXs41yAUvI6xU9SFwzOLrSlU + prj5M/4TGVBqPh9V7vEjl0n2Z/lLHNr4herqM9tQ7MZggVQO0Q9MUGpz0ZpbwO5i + kN4rtvL9YPWPYf8YwTUWknQ7Ug70AD7JpGJm73HQ+bJWmvTVWaZN8g7mPKfBe9wU + k7p9/GT0gCbJ9CSdBI7XUb4pBIvClmYzcyxlFuC5UmDk31oVRBnHMe9LYwSaX9tQ + D1WQzUBAa4bt9C7JfDHBk13QM/8eTElGA4z6sIykj8mJDI2hCDeVoJRJFl3GukUO + YAWO05UtMNSaFGY5pAi+uPlGxzyJJGW6566BGstSHZMKQIMw6pyiqO/nTItFsq+d + e2OsEFqyTdKLJZVDNAjT2XRVzrTmcszG/SDuJLybnqbzzsI6RYfRz53KALnEhXDx + IPUH8U8kErSTHFwgs0q7cwx86IxYaKjKf18Rp5MExiE8FXz30gi5nrGAtBraYfbU + aAEJAhCdE5InRdRdqfF+ADxo2lDZL42j4PTK34Co3a4wpbVDJkCVZjK2DGKFm0co + kz3XEERvN4/hjs+4/MxNZkDijDpnVlGEfzYNiKDmHqgbjZaEQO90OH1D10OjMsqb + aaYyQYYKqtYJ + =3VJM + -----END PGP MESSAGE----- + fp: 8DF31C9F48A24F525FFB1815FC96C52B59328E95 + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/cluster/base/cluster-settings.yaml b/cluster/base/cluster-settings.yaml new file mode 100644 index 0000000..fa73202 --- /dev/null +++ b/cluster/base/cluster-settings.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-settings + namespace: flux-system +data: + # MetalLB + METALLB_LB_RANGE: 192.168.87.10-192.168.87.29 \ No newline at end of file diff --git a/cluster/flux-system/gotk-components.yaml b/cluster/base/flux-system/gotk-components.yaml similarity index 100% rename from cluster/flux-system/gotk-components.yaml rename to cluster/base/flux-system/gotk-components.yaml diff --git a/cluster/flux-system/gotk-sync.yaml b/cluster/base/flux-system/gotk-sync.yaml similarity index 100% rename from cluster/flux-system/gotk-sync.yaml rename to cluster/base/flux-system/gotk-sync.yaml diff --git a/cluster/flux-system/kustomization.yaml b/cluster/base/flux-system/kustomization.yaml similarity index 100% rename from cluster/flux-system/kustomization.yaml rename to cluster/base/flux-system/kustomization.yaml diff --git a/cluster/base/ks.yaml b/cluster/base/ks.yaml new file mode 100644 index 0000000..6f62c10 --- /dev/null +++ b/cluster/base/ks.yaml @@ -0,0 +1,67 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: crds + namespace: flux-system +spec: + timeout: 5m + interval: 10m + path: ./cluster/crds + prune: false + sourceRef: + kind: GitRepository + name: flux-system +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: core + namespace: flux-system +spec: + timeout: 5m + interval: 10m + dependsOn: + - name: crds + path: ./cluster/core + prune: false + sourceRef: + kind: GitRepository + name: flux-system + decryption: + provider: sops + secretRef: + name: sops-gpg + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: apps + namespace: flux-system +spec: + timeout: 5m + interval: 10m + dependsOn: + - name: core + path: ./cluster/apps + prune: true + sourceRef: + kind: GitRepository + name: flux-system + decryption: + provider: sops + secretRef: + name: sops-gpg + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets \ No newline at end of file diff --git a/cluster/core/cert-manager/cloudflare-cred.sops.yaml b/cluster/core/cert-manager/cloudflare-cred.sops.yaml new file mode 100644 index 0000000..d91418e --- /dev/null +++ b/cluster/core/cert-manager/cloudflare-cred.sops.yaml @@ -0,0 +1,62 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cloudflare-credentials + namespace: cert-manager +type: Opaque +stringData: + api-token: ENC[AES256_GCM,data:qA+gnSJHnGx+4IpoAHVzMx2oDfYl9n4cgK9TTEABynDITUYUSkxgnw==,iv:sumwgvvxupp+aDfbS0QrOgLIV5ncivO8dh9sWzZkROI=,tag:c2nOAIZPD1XMEozPNFoayQ==,type:str] + email: ENC[AES256_GCM,data:hd9vZ3ubTLMxJbbR38LjGHQQ,iv:9BvLfefAvzjd1aGLaTe/U3R1NLw/gdeNMF0yu/kDRH8=,tag:V40IrOkyTuUVawrl03p+qw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-04-05T02:16:12Z" + mac: ENC[AES256_GCM,data:DiCXc5CB3mjhM4EsnOWgPYlCyGOU+J1LNSNZ2dbisOy945G/9usANnljLu30gk0KE9TYyMeVxj2mHvp8Q05TgRJwU8g9sJvD2GEqokWxuVPpaWxK/CG7KEBLRGtdcpt8++vulT3/Npo4EwQsqIFzVreIOJ17kBpBtTTJZ51O+Ms=,iv:B1/NVCvx0SnC6k50TeLlyhi4z6cUHGff0R/+WMdGDEA=,tag:8C68isdbGpXuyGJFsnQkDA==,type:str] + pgp: + - created_at: "2023-04-05T02:16:11Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMAzKleRwoSoixAQ//fZKQ1+IE77dpxFTkwkmFTR3NmsTtgYV3YfQBjzH22Drf + 3VWC9PFwQa0Ki9e4gtCzDbvfoSrq9DudmR2iUdk6asJO/kJtJbMxaZ1MyOL8Ld20 + HIBnogTlEsQ3URMVhH6DFWa79bEPMAR38douKudahqg1e/H3D25EAGpE7a79YzIs + j8nZWFsO64am7uW+K/r5ziqD8uSgc6AEykARqnzmWgfQJwiSK6tTBp2Fl/P0atn5 + N3hfvcQ5RX8RkP7QUczEN33Clfhxu/KERwmjG1tqbDUvgL64q7V2u2OG4G0KEnHa + iy4nf+I8Ec0z10me7r/uDu25L18KxctT9y+XDyAG8lnsyOUi1Tk1K9WMU6Z5HAeF + CG3BuR883DGx/wFocvjLYQ84x/VM8B/TAhVM3pP99fwrxoT4ZlTCZdPZmJvP4AcT + CVTHJfxNBZWZoSVfjNgurcRwFRXavxay0msbtIBSueVBYjIohflWNDT7HH1SnRUt + fkLRqg66wi/GfpLQF4ZThtK7hrrYAIh18DhAGbT+au6hqaOfTUT2FFA2IYrxJJoa + pHHeeGmlPgbNUJ/U7IO2mklP/qSx8ilkZ3gwrMtMOL9gr0C4OJ3Xzr5HKgnOzpIr + ZQya7FXZwL+Q8SPKBL47IhnMRwvsE1VTndh7KoCR2H8f609osxHsCQj3i88c+WfU + aAEJAhCGHJeg5y+BRa9nS8ivLc72DuThI6XoEaATBlJ+FJpwdS3NUVgNQ5NtJeRN + zFHBCTUDWJmEgnGpeRU3YgSCcyrUeNQ9zud5Hy+sE29hBEh+aqeg+2O/IGNAtnj0 + 2RYiogHfihb8 + =vTlu + -----END PGP MESSAGE----- + fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5 + - created_at: "2023-04-05T02:16:11Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4WLYkVpP8xtAQ/5Ae2agQj48SprxW7r7boDHRPYhzjI/vCCYnNLFMPLL4zN + pXQx0yb4wBWSh3cgXhNoaaAQIS4MWGF2FXL6Jo51iniLju9YxZN7uq0mXza896Ew + ldBitVQtPD1+naCdQ60ncmWCyVF8XuORUycJsIkubrPgHAiEQlHUGtx2shzliLCn + 7bIKEhAm88J/l6Z1r4VETv/DrIblG0cpHCM/zbRckqvDX/g3Nq/KbcIohx+t04h8 + iyMpugfRzSkC0GaBwphXFAcpTXP+obAbe9Pnsh0etC0280/3hbEgoWPpYQ5J8BWb + faIFwUfSVCIDEU0JwefOM40kXJhJq8M3p7+LO7IiT1ye/O8N/T5wjFGX9b9yXPzc + ZGaK/0rL9NukOtFj5B3VdggGrEzO7Aquijo8XvKfnnOZro/jo/l7XeXU5fnvpVjT + e4e8Caxq75E0/YmHWyq3XdvLWF8UlspCEm6MHh/AL3CibB1ZUwE1IyM3ohD1x0QP + tUp+HsyOu96UTnYe6zccQ+GvV5IfZV4sG9mYJe/QIyasw5AiNsTyHuomsG3W0eXP + I9tT6bWFQvivNFlGrUEX3hYai3CAXtalx4Vj4dvnQ+pJRFVMC/iS4nfVhakMxZHm + A6rKklRw+EEOXkgME/uNND0Y7ZbgpzJP9MW5ql+Qao0vXWCbXLnSya6qA7fU9dfU + aAEJAhC687QE1QUv4I2yPJUFCxsY7JGSsIellfE0nDjLJoOn1yWvRGOxHDv99aWP + FMMNwW7kpQkxMwqtQOEkCkBxTTrSBmkpxIhmmNbXh42rhd6nLlcbMV3rfyRIeyF8 + v06tPzAqkfd5 + =Y4JA + -----END PGP MESSAGE----- + fp: 8DF31C9F48A24F525FFB1815FC96C52B59328E95 + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/cluster/core/cert-manager/helm-release.yaml b/cluster/core/cert-manager/helm-release.yaml new file mode 100644 index 0000000..9f14278 --- /dev/null +++ b/cluster/core/cert-manager/helm-release.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: cert-manager + namespace: cert-manager +spec: + interval: 5m + chart: + spec: + chart: cert-manager + version: v1.11.0 + sourceRef: + kind: HelmRepository + name: jetstack-charts + namespace: flux-system + values: + installCRDs: true + webhook: + enabled: true + extraArgs: + - --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53 + - --dns01-recursive-nameservers-only + replicaCount: 1 + podDnsPolicy: "None" + podDnsConfig: + nameservers: + - "1.1.1.1" + - "9.9.9.9" \ No newline at end of file diff --git a/cluster/core/cert-manager/helm-repository.yaml b/cluster/core/cert-manager/helm-repository.yaml new file mode 100644 index 0000000..d6c3473 --- /dev/null +++ b/cluster/core/cert-manager/helm-repository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: jetstack-charts + namespace: flux-system +spec: + interval: 1m + url: https://charts.jetstack.io diff --git a/cluster/core/cert-manager/kustomization.yaml b/cluster/core/cert-manager/kustomization.yaml new file mode 100644 index 0000000..24b23d5 --- /dev/null +++ b/cluster/core/cert-manager/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./namespace.yaml +- ./cloudflare-cred.sops.yaml +- ./helm-repository.yaml +- ./helm-release.yaml +- ./letsencrypt-prod.yaml +#- ./dashboard-ingress.yaml diff --git a/cluster/core/cert-manager/letsencrypt-prod.yaml b/cluster/core/cert-manager/letsencrypt-prod.yaml new file mode 100644 index 0000000..0503a82 --- /dev/null +++ b/cluster/core/cert-manager/letsencrypt-prod.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-production +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: "${SECRET_LETSENCRYPT_EMAIL}" + privateKeySecretRef: + name: letsencrypt-production + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: cloudflare-api-token-secret + key: api-token \ No newline at end of file diff --git a/cluster/core/networking/kustomization.yaml b/cluster/core/networking/kustomization.yaml index cad1d52..dd737ff 100644 --- a/cluster/core/networking/kustomization.yaml +++ b/cluster/core/networking/kustomization.yaml @@ -1,6 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: +- ./cert-manager - ./traefik - ./calico - ./metallb diff --git a/cluster/core/networking/metallb/helm-release.yaml b/cluster/core/networking/metallb/helm-release.yaml index 6042781..5431318 100644 --- a/cluster/core/networking/metallb/helm-release.yaml +++ b/cluster/core/networking/metallb/helm-release.yaml @@ -17,7 +17,7 @@ spec: chart: spec: chart: metallb - version: 0.13.x + version: 0.13.9 sourceRef: kind: HelmRepository name: metallb-charts diff --git a/cluster/core/networking/traefik/dashboard-ingress.yaml b/cluster/core/networking/traefik/dashboard-ingress.yaml index d2fb384..a405c20 100644 --- a/cluster/core/networking/traefik/dashboard-ingress.yaml +++ b/cluster/core/networking/traefik/dashboard-ingress.yaml @@ -25,6 +25,7 @@ metadata: name: traefik-dashboard-ingress namespace: traefik annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.entrypoints: websecure spec: rules: @@ -35,6 +36,6 @@ spec: pathType: Prefix backend: service: - name: traefik-helm + name: traefik port: number: 9000 \ No newline at end of file diff --git a/cluster/core/networking/traefik/helm-release.yaml b/cluster/core/networking/traefik/helm-release.yaml index 81280db..8ace357 100644 --- a/cluster/core/networking/traefik/helm-release.yaml +++ b/cluster/core/networking/traefik/helm-release.yaml @@ -8,7 +8,7 @@ spec: chart: spec: chart: traefik - version: '22.x.x' + version: '22.0.0' sourceRef: kind: HelmRepository name: traefik-charts @@ -18,13 +18,14 @@ spec: # - ./traefik-values.yaml values: additionalArguments: - - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare - - --certificatesresolvers.cloudflare.acme.email=seanomik@gmail.com - - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1 - - --certificatesresolvers.cloudflare.acme.storage=/ssl-certs/acme-cloudflare.json +# - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare +# - --certificatesresolvers.cloudflare.acme.email=seanomik@gmail.com +# - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1 +# - --certificatesresolvers.cloudflare.acme.storage=/ssl-certs/acme-cloudflare.json - --api.insecure - --providers.kubernetesingress + - --providers.kubernetescrd logs: general: @@ -65,19 +66,19 @@ spec: # externalIPs: # - 192.168.87.10 - env: - - name: CF_DNS_API_TOKEN - valueFrom: - secretKeyRef: - key: apiToken - name: cloudflare-credentials +# env: +# - name: CF_DNS_API_TOKEN +# valueFrom: +# secretKeyRef: +# key: apiToken +# name: cloudflare-credentials # Disable Dashboard ingressRoute: dashboard: - enabled: true - matchRule: Host(`k3st.***REMOVED***`) && (PathPrefix(`/dashboard/`) || PathPrefix(`/api`)) - entryPoints: ["websecure"] + enabled: false +# matchRule: Host(`k3st.***REMOVED***`) && (PathPrefix(`/dashboard/`) || PathPrefix(`/api`)) +# entryPoints: ["websecure"] # Persistent Storage persistence: diff --git a/cluster/core/networking/traefik/kustomization.yaml b/cluster/core/networking/traefik/kustomization.yaml index 52bc2de..6ee2e3a 100644 --- a/cluster/core/networking/traefik/kustomization.yaml +++ b/cluster/core/networking/traefik/kustomization.yaml @@ -5,4 +5,4 @@ resources: - ./traefik-secrets.sops.yaml - ./helm-repository.yaml - ./helm-release.yaml -#- ./dashboard-ingress.yaml +- ./dashboard-ingress.yaml diff --git a/cluster/core/networking/traefik/traefik-secrets.sops.yaml b/cluster/core/networking/traefik/traefik-secrets.sops.yaml deleted file mode 100644 index 240a4d4..0000000 --- a/cluster/core/networking/traefik/traefik-secrets.sops.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: cloudflare-credentials - namespace: traefik -type: Opaque -stringData: - apiToken: ENC[AES256_GCM,data:2ofq1q6ZJ08RfWtb7KAkiLbTGuY0XX+YNOprSLPVf42MmcHk1AwIaw==,iv:TzSqE3UP8KeASgQeJmQJPOo0Gq4Qx5t7oPqXYr451sg=,tag:eumfMTxotVGmVdY5FmUhjQ==,type:str] - email: ENC[AES256_GCM,data:3SLMvJWYY/rCESO24AujCtdc,iv:bMvI+p8lL7UrkxdB+qCXhn+I3t99Kxx2uIoKv8WGJOE=,tag:c+3aqPigO1hUNEnTQih+7A==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-04-02T18:05:11Z" - mac: ENC[AES256_GCM,data:6e5z7+3l0Sn+Lw9vibQ//SgYMskY+TiRbMYX18JuIT+dCJHN3fz0FZCIUSTJXDIXv0SqHSEAgVpMCvyWwPoSgfeIc/3sKKKZ33yP4tv8rdpYBaDz7zXXY3NYqOk8BFeIdl6mzU6traIyzxAQ27rjO6AI0fEFSu5bY4uP9lFPtdc=,iv:sJ2iTk3P83NM9I3atYZvkYJg42IAIO29L7nMt37Lazk=,tag:1UtotsQ9VqBC66fI6kVr0g==,type:str] - pgp: - - created_at: "2023-04-02T17:33:57Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hQIMAzKleRwoSoixAQ//SGQIuAWmFUmI1DR1MpbDwjOg+s+YvbEbIcLv4iMTn6rM - vtNIpo5I183JJUxRcCKerpW9fIhMSqov7OlvS2c3cLNp2PapHWKR0av0r3Zk0D95 - mcMjlpp6j8l9kXFnbGJBX8UkaCJ6jgm79xHhZjODa3A6WB1kQJ3kcXN0sQuZ61qH - UD2QKwPUnTR9cWURdBt4L1aX4+abEwKfLE+XygBTq/2sXOchEU6sKZ88ieGAt2te - 8PQ3zWTTUBC2o+AVMnZ3CNCQrdvKKQ4vSEW6+jFsJLgloMThDcf83owvWNDfZwVS - O62k0Wsb9N7ZXScPp8A0VoPa4Qb6WVMJ7BpizUZcSmzC/qNz+CDk7u769xjHyBHC - 8kS0JpCWDpozeqcXZjhMpC2MsgfU/FjB0dxy9vyhf910ZlM/TkXnrduJu8p20NQe - Mf1le0/kNoJiUzk0PZcG3l1osafvEChj7owGi1Tnjs1Z/Tz/7GpyDPUWwuxJi37A - ssMKFpuedckQlV6oTTvthX0YGGGF0lCoyLAUBqi81IX7b7GHxn/n8hP30oOGrljL - k77vpX/GDrK+3TtZdjAoQz079Go+AqyxKcgOfF0UJ6z88iYdBnPugHxCXXvMNHhF - HQxzlpFdqJ7P6XXDIFGm5G1oJCVzQyb5fSlh07NphNC6TTDUahkpYJz7qJoWwqPU - aAEJAhCXIy1CD5IdGnE16agicIw1VFhT1F7C4/zH7zBITyYXNTrZ4/5S0SdaT6Fi - XDVC7Eza3UTOIV6l4mJq5xOrGkV0mNi6hwPBJt334MDidNH3AaivUQgpCJX0hSTC - raho1DevzjCp - =vlaG - -----END PGP MESSAGE----- - fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5 - - created_at: "2023-04-02T17:33:57Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hQIMA4WLYkVpP8xtAQ/7BW9zYpflHgi9WOyjyWjybWzsWbLDlHOXPSNMqcpKcsz1 - uCp+ReZdsAbnPHRagpnpg5Wj2J9GfY1t8vgfQB4YwGfd0cfjTjumcCd7Lhd0iJjF - oJROOh2CD4B9MPxS0lbjFSUkMnS+8/M4mNdc1TzIRZNYJN0zgcFg51N7hg83d4K7 - a2Jev4tCiaXkBLCPFUdTJfsL3BbR9sGt3+ip6qPJKf1fMQqQ8i/yHvzqVZWEtsI0 - aD92ypqI32Jd+BFKKER1bxOA1QbsklkqLRLRIJtX0wA6SSH4Q0fRtUfvem4xSIei - m+8iQSSu1TSt65lRVXLmDUseKJcELv+DyKvDPnCZquLW3swYtWSGmv4ULAN8+bB2 - W4+ZEi9XNouPTvYCG9rnS2PSsUigZ7lSwgL2y/Qe6h4UZgNibQ/nxGaESGik3dt6 - igj9aJIbgF++QFQfHBfLxe3T+cbFyjw6WitrZPmksK3cKea3gx/33HBWu3VGL51x - nMkrjA9K4vu+7jec51HnuevXBhMMvRFrLZowogJy2usOBm2axfAIRJRJA9F/FSnT - ZNmq+PR3OuQZ6ytllSHnXDID+uCyAprVtqDKn3Nvw2WDK8Y8z8ssk24Nw1OmLZWo - 6cCE1SJ1DBzsFOXjIhwkPD00gzYzyKYEbZLWAVF6aWPmvbdKIWorkdqiRcwcT/3U - aAEJAhBteUna4cfGfCufYAwi1SsNQ02KUb4kLDIr/OkzVkNUXOHxXJcvz/ACKwDI - gzPM91ZC5tslyR7K4171iEy2CbQWwZvoFqnKiCtXn4d0WunpArdc4XyfqWYoMUbA - Y58UlX+qac0F - =exhB - -----END PGP MESSAGE----- - fp: 8DF31C9F48A24F525FFB1815FC96C52B59328E95 - encrypted_regex: ^(data|stringData)$ - version: 3.7.3 diff --git a/cluster/crds/cert-manager/kustomization.yaml b/cluster/crds/cert-manager/kustomization.yaml new file mode 100644 index 0000000..abc5ab3 --- /dev/null +++ b/cluster/crds/cert-manager/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - https://github.com/jetstack/cert-manager/releases/download/v1.11.0/cert-manager.crds.yaml diff --git a/cluster/crds/kustomization.yaml b/cluster/crds/kustomization.yaml new file mode 100644 index 0000000..a924b80 --- /dev/null +++ b/cluster/crds/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - cert-manager + - traefik + - metallb diff --git a/cluster/crds/metallb/crds.yaml b/cluster/crds/metallb/crds.yaml new file mode 100644 index 0000000..be6eb9a --- /dev/null +++ b/cluster/crds/metallb/crds.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: GitRepository +metadata: + name: metallb-source + namespace: flux-system +spec: + interval: 12h + url: https://github.com/metallb/metallb.git + ref: + # renovate: registryUrl=https://metallb.github.io/metallb chart=metallb + tag: v0.13.9 + ignore: | + # exclude all + /* + # include crd directory + !/config/crd +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: crds-metallb + namespace: flux-system +spec: + interval: 30m + prune: false + wait: true + sourceRef: + kind: GitRepository + name: metallb-source diff --git a/cluster/crds/metallb/kustomization.yaml b/cluster/crds/metallb/kustomization.yaml new file mode 100644 index 0000000..2ed3b35 --- /dev/null +++ b/cluster/crds/metallb/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - crds.yaml diff --git a/cluster/crds/traefik/crds.yaml b/cluster/crds/traefik/crds.yaml new file mode 100644 index 0000000..8e4134d --- /dev/null +++ b/cluster/crds/traefik/crds.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: GitRepository +metadata: + name: traefik-crd-source + namespace: flux-system +spec: + interval: 30m + url: https://github.com/traefik/traefik-helm-chart.git + ref: + # renovate: registryUrl=https://helm.traefik.io/traefik chart=traefik + tag: v22.0.0 + ignore: | + # exclude all + /* + # path to crds + !/traefik/crds/ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: traefik-crds + namespace: flux-system +spec: + timeout: 5m0s + interval: 15m + prune: false + sourceRef: + kind: GitRepository + name: traefik-crd-source + healthChecks: + - apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + name: ingressroutes.traefik.containo.us + - apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + name: ingressroutetcps.traefik.containo.us + - apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + name: ingressrouteudps.traefik.containo.us + - apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + name: middlewares.traefik.containo.us + - apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + name: middlewaretcps.traefik.containo.us + - apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + name: serverstransports.traefik.containo.us + - apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + name: tlsoptions.traefik.containo.us + - apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + name: tlsstores.traefik.containo.us + - apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + name: traefikservices.traefik.containo.us diff --git a/cluster/crds/traefik/kustomization.yaml b/cluster/crds/traefik/kustomization.yaml new file mode 100644 index 0000000..2ed3b35 --- /dev/null +++ b/cluster/crds/traefik/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - crds.yaml