From 720a6d1c66675aa196295793edb93d73730d4d16 Mon Sep 17 00:00:00 2001 From: Jory Irving Date: Thu, 30 Jan 2025 14:27:36 -0700 Subject: [PATCH] feat: add weave-gitops --- .mise.toml | 2 +- .../main/apps/flux-system/kustomization.yaml | 2 +- .../main/apps/flux-system/weave-gitops.yaml | 39 +++++++++++++ .../weave-gitops/app/helmrelease.yaml | 55 ------------------- .../flux-system/weave-gitops/app/rbac.yaml | 13 ----- .../apps/flux-system/weave-gitops/ks.yaml | 25 --------- .../weave-gitops/app/externalsecret.yaml | 0 .../weave-gitops/app/helmrelease.yaml | 3 +- .../weave-gitops/app/kustomization.yaml | 1 - .../apps/flux-system/kustomization.yaml | 2 +- .../apps/flux-system/weave-gitops.yaml | 35 ++++++++++++ .../weave-gitops/app/kustomization.yaml | 7 --- .../weave-gitops/app/secret.sops.yaml | 28 ---------- .../apps/flux-system/weave-gitops/ks.yaml | 20 ------- 14 files changed, 78 insertions(+), 154 deletions(-) create mode 100644 kubernetes/main/apps/flux-system/weave-gitops.yaml delete mode 100644 kubernetes/main/apps/flux-system/weave-gitops/app/helmrelease.yaml delete mode 100644 kubernetes/main/apps/flux-system/weave-gitops/app/rbac.yaml delete mode 100644 kubernetes/main/apps/flux-system/weave-gitops/ks.yaml rename kubernetes/{main => shared}/apps/flux-system/weave-gitops/app/externalsecret.yaml (100%) rename kubernetes/{utility => shared}/apps/flux-system/weave-gitops/app/helmrelease.yaml (91%) rename kubernetes/{main => shared}/apps/flux-system/weave-gitops/app/kustomization.yaml (92%) create mode 100644 kubernetes/utility/apps/flux-system/weave-gitops.yaml delete mode 100644 kubernetes/utility/apps/flux-system/weave-gitops/app/kustomization.yaml delete mode 100644 kubernetes/utility/apps/flux-system/weave-gitops/app/secret.sops.yaml delete mode 100644 kubernetes/utility/apps/flux-system/weave-gitops/ks.yaml diff --git a/.mise.toml b/.mise.toml index 3f600d35e3..78684491db 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,5 +1,5 @@ [env] -KUBECONFIG = '{{config_root}}/kubernetes/main/kubeconfig:{{config_root}}/kubernetes/utility/kubeconfig:{{config_root}}/kubernetes/pi5/kubeconfig' +KUBECONFIG = '{{config_root}}/kubernetes/main/kubeconfig:{{config_root}}/kubernetes/utility/kubeconfig' MINIJINJA_CONFIG_FILE = '{{config_root}}/.minijinja.toml' SOPS_AGE_KEY_FILE = '{{config_root}}/age.key' #TALOSCONFIG = '{{config_root}}/kubernetes/main/bootstrap/talos/clusterconfig/talosconfig:{{config_root}}/kubernetes/utility/bootstrap/talos/clusterconfig/talosconfig:{{config_root}}/kubernetes/pi5/bootstrap/talos/clusterconfig/talosconfig' diff --git a/kubernetes/main/apps/flux-system/kustomization.yaml b/kubernetes/main/apps/flux-system/kustomization.yaml index c8bd54dc1b..8ce0b90ec9 100644 --- a/kubernetes/main/apps/flux-system/kustomization.yaml +++ b/kubernetes/main/apps/flux-system/kustomization.yaml @@ -6,7 +6,7 @@ namespace: flux-system resources: - ./flux-operator.yaml - ./kustomize-mutating-webhook/ks.yaml - - ./weave-gitops/ks.yaml + - ./weave-gitops.yaml components: - ../../../shared/meta/components/alerts - ../../../shared/meta/components/namespace diff --git a/kubernetes/main/apps/flux-system/weave-gitops.yaml b/kubernetes/main/apps/flux-system/weave-gitops.yaml new file mode 100644 index 0000000000..40c55f97a8 --- /dev/null +++ b/kubernetes/main/apps/flux-system/weave-gitops.yaml @@ -0,0 +1,39 @@ +--- +# yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app weave-gitops +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: onepassword-store + namespace: external-secrets + interval: 30m + path: ./kubernetes/shared/apps/flux-system/weave-gitops/app + prune: true + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + targetNamespace: flux-system + timeout: 5m + wait: false + patches: + - patch: |- + apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + metadata: + name: weave-gitops + spec: + ingress: + annotations: + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Infrastructure + gethomepage.dev/name: Weave-gitops + gethomepage.dev/icon: https://raw.githubusercontent.com/joryirving/home-ops/main/docs/src/assets/icons/weave.png + gethomepage.dev/description: Flux Dashboard + hosts: + - host: gitops.jory.dev diff --git a/kubernetes/main/apps/flux-system/weave-gitops/app/helmrelease.yaml b/kubernetes/main/apps/flux-system/weave-gitops/app/helmrelease.yaml deleted file mode 100644 index 777dbeebd1..0000000000 --- a/kubernetes/main/apps/flux-system/weave-gitops/app/helmrelease.yaml +++ /dev/null @@ -1,55 +0,0 @@ ---- -# yaml-language-server: $schema=https://kube-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: weave-gitops -spec: - interval: 30m - chart: - spec: - chart: weave-gitops - version: 4.0.36 - sourceRef: - kind: HelmRepository - name: weave-gitops - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - strategy: rollback - retries: 3 - values: - adminUser: - create: true - createSecret: false - username: admin - ingress: - enabled: true - className: internal - annotations: - gethomepage.dev/enabled: "true" - gethomepage.dev/group: Infrastructure - gethomepage.dev/name: Weave-gitops - gethomepage.dev/icon: https://raw.githubusercontent.com/joryirving/home-ops/main/docs/src/assets/icons/weave.png - gethomepage.dev/description: Flux Dashboard - hosts: - - host: "gitops.jory.dev" - paths: - - path: / - pathType: Prefix - networkPolicy: - create: false - metrics: - enabled: true - rbac: - create: true - additionalRules: - - apiGroups: [ "infra.contrib.fluxcd.io" ] - resources: [ "terraforms" ] - verbs: [ "get", "list", "patch" ] - podAnnotations: - secret.reloader.stakater.com/reload: cluster-user-auth,oidc-auth diff --git a/kubernetes/main/apps/flux-system/weave-gitops/app/rbac.yaml b/kubernetes/main/apps/flux-system/weave-gitops/app/rbac.yaml deleted file mode 100644 index e4031dc012..0000000000 --- a/kubernetes/main/apps/flux-system/weave-gitops/app/rbac.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: wego-admin-oidc -subjects: - - kind: Group - name: Infrastructure - apiGroup: rbac.authorization.k8s.io -roleRef: - kind: ClusterRole - name: wego-admin-cluster-role - apiGroup: rbac.authorization.k8s.io diff --git a/kubernetes/main/apps/flux-system/weave-gitops/ks.yaml b/kubernetes/main/apps/flux-system/weave-gitops/ks.yaml deleted file mode 100644 index 49d7d7be21..0000000000 --- a/kubernetes/main/apps/flux-system/weave-gitops/ks.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app weave-gitops -spec: - commonMetadata: - labels: - app.kubernetes.io/name: *app - dependsOn: - - name: authentik - namespace: security - - name: onepassword-store - namespace: external-secrets - interval: 30m - path: ./kubernetes/main/apps/flux-system/weave-gitops/app - prune: true - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - targetNamespace: flux-system - timeout: 5m - wait: false diff --git a/kubernetes/main/apps/flux-system/weave-gitops/app/externalsecret.yaml b/kubernetes/shared/apps/flux-system/weave-gitops/app/externalsecret.yaml similarity index 100% rename from kubernetes/main/apps/flux-system/weave-gitops/app/externalsecret.yaml rename to kubernetes/shared/apps/flux-system/weave-gitops/app/externalsecret.yaml diff --git a/kubernetes/utility/apps/flux-system/weave-gitops/app/helmrelease.yaml b/kubernetes/shared/apps/flux-system/weave-gitops/app/helmrelease.yaml similarity index 91% rename from kubernetes/utility/apps/flux-system/weave-gitops/app/helmrelease.yaml rename to kubernetes/shared/apps/flux-system/weave-gitops/app/helmrelease.yaml index 019b34ff81..09348a075a 100644 --- a/kubernetes/utility/apps/flux-system/weave-gitops/app/helmrelease.yaml +++ b/kubernetes/shared/apps/flux-system/weave-gitops/app/helmrelease.yaml @@ -31,7 +31,7 @@ spec: enabled: true className: internal hosts: - - host: gitops-utility.jory.dev + - host: gitops.jory.dev paths: - path: / pathType: Prefix @@ -41,6 +41,5 @@ spec: enabled: true rbac: create: true - impersonationResourceNames: ["admin"] podAnnotations: secret.reloader.stakater.com/reload: cluster-user-auth diff --git a/kubernetes/main/apps/flux-system/weave-gitops/app/kustomization.yaml b/kubernetes/shared/apps/flux-system/weave-gitops/app/kustomization.yaml similarity index 92% rename from kubernetes/main/apps/flux-system/weave-gitops/app/kustomization.yaml rename to kubernetes/shared/apps/flux-system/weave-gitops/app/kustomization.yaml index 28f85df75f..4eed917b96 100644 --- a/kubernetes/main/apps/flux-system/weave-gitops/app/kustomization.yaml +++ b/kubernetes/shared/apps/flux-system/weave-gitops/app/kustomization.yaml @@ -5,4 +5,3 @@ kind: Kustomization resources: - ./externalsecret.yaml - ./helmrelease.yaml - - ./rbac.yaml diff --git a/kubernetes/utility/apps/flux-system/kustomization.yaml b/kubernetes/utility/apps/flux-system/kustomization.yaml index abbd4bb416..b27a66506a 100644 --- a/kubernetes/utility/apps/flux-system/kustomization.yaml +++ b/kubernetes/utility/apps/flux-system/kustomization.yaml @@ -7,7 +7,7 @@ resources: - ./flux-operator.yaml - ./kustomize-mutating-webhook/ks.yaml - ./tofu-controller/ks.yaml - - ./weave-gitops/ks.yaml + - ./weave-gitops.yaml components: - ../../../shared/meta/components/alerts - ../../../shared/meta/components/namespace diff --git a/kubernetes/utility/apps/flux-system/weave-gitops.yaml b/kubernetes/utility/apps/flux-system/weave-gitops.yaml new file mode 100644 index 0000000000..e3b87eeb48 --- /dev/null +++ b/kubernetes/utility/apps/flux-system/weave-gitops.yaml @@ -0,0 +1,35 @@ +--- +# yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app weave-gitops +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + interval: 30m + path: ./kubernetes/shared/apps/flux-system/weave-gitops/app + prune: true + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + targetNamespace: flux-system + timeout: 5m + wait: false + patches: + - patch: |- + apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + metadata: + name: weave-gitops + spec: + ingress: + hosts: + - host: gitops-utility.jory.dev + rbac: + additionalRules: + - apiGroups: [ "infra.contrib.fluxcd.io" ] + resources: [ "terraforms" ] + verbs: [ "get", "list", "patch" ] diff --git a/kubernetes/utility/apps/flux-system/weave-gitops/app/kustomization.yaml b/kubernetes/utility/apps/flux-system/weave-gitops/app/kustomization.yaml deleted file mode 100644 index 16a6ce304f..0000000000 --- a/kubernetes/utility/apps/flux-system/weave-gitops/app/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./secret.sops.yaml - - ./helmrelease.yaml diff --git a/kubernetes/utility/apps/flux-system/weave-gitops/app/secret.sops.yaml b/kubernetes/utility/apps/flux-system/weave-gitops/app/secret.sops.yaml deleted file mode 100644 index d735d99cb5..0000000000 --- a/kubernetes/utility/apps/flux-system/weave-gitops/app/secret.sops.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: cluster-user-auth -stringData: - password: ENC[AES256_GCM,data:upcJzFZhxU6LtUh3OvNnH9HNDeVHWzmGA2y63v5Gnn3ANw9C1DddTRoNL/8TSd7/RO0tqsBGxPGv38L5,iv:SrzMmDDpdSmQBExZlHSveQT/39lnZGBTl/SKv0hPjGA=,tag:8Vzab7nyMgWyo1Z29UjI9g==,type:str] - username: ENC[AES256_GCM,data:E/CjSdk=,iv:0Zi52KdM4Q3VpdTsKZPFDcPOmeQht22NGLHpR/KIjk0=,tag:WKiQgVRi8KgdTRDRL9O1cQ==,type:str] -type: Opaque -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age12v9uw8k6myrr49z9aq6jmcwa79aepu0p6p462nrv968qcae72pcspwldec - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3dFVqSEc3S240UG9xRVdn - OTFiRnZJbzErVkxDNzNsWjlnbXlWb0lQa0hVCmU4NEhwZUZsN3paQ3J1RUk4UlJa - ZHRVQnlZSHUwM21uTlN6bDBOZ0NmWTgKLS0tIEtiZytySDZ4S1E1VGJaY0s2ZEVQ - Y2RzV3RaTHl2a01GeXUxWDRLTHVkWkUKUZ1W56matCaEBsAxu3aCvcaxRgvuqdCE - Tol9XroeYG92tjXzk05MFCZepVCtar50OKRYWpVKVPk6wzWRA+TcNw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-24T16:09:59Z" - mac: ENC[AES256_GCM,data:UwhDJUXcKn8vYga/JQKWYliulsOm/NiwAu1jlAjUYxidTUjEAG3sjLu92z839XjOv3JObMQiFKhthRKeyiccQv4sCWJ/hUvj5Fe6EeTh4XrUL/brr3OHCyK8bmkmyC7epKqalGIP7TQFWr545T8NV8JbckyFwNY1sDNJPP2JuFI=,iv:DOtinI+bCOx3UGMZrj1vYhV3zrCsjSg7EYT6eV6Jxlo=,tag:8d1/JXXLfHk0RYcjR2Xjfg==,type:str] - pgp: [] - encrypted_regex: ^(data|stringData)$ - version: 3.8.1 diff --git a/kubernetes/utility/apps/flux-system/weave-gitops/ks.yaml b/kubernetes/utility/apps/flux-system/weave-gitops/ks.yaml deleted file mode 100644 index dd2a8e034f..0000000000 --- a/kubernetes/utility/apps/flux-system/weave-gitops/ks.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app weave-gitops -spec: - commonMetadata: - labels: - app.kubernetes.io/name: *app - interval: 30m - path: ./kubernetes/utility/apps/flux-system/weave-gitops/app - prune: true - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - targetNamespace: flux-system - timeout: 5m - wait: false