add Kubernaut secrets

2025-05-10 17:37:46 -05:00
16 changed files with 123 additions and 60 deletions
--- a/apps/kubernaut/ingress.yaml
+++ b/apps/kubernaut/ingress.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: traefik
+  name: kubernaut-ingress
+  namespace: kubernaut
+spec:
+  rules:
+    - http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: kubernaut
+                port:
+                  name: web
--- a/apps/kubernaut/kustomization.yaml
+++ b/apps/kubernaut/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kubernaut
+resources:
+  - secrets.yaml
+  - https://git.kill0.net/ryanc/kubernaut/kustomize?ref=v0.2.1
+  - https://git.kill0.net/ryanc/caas/kustomize?timeout=300
+  - ingress.yaml
--- a/apps/kubernaut/secrets.yaml
+++ b/apps/kubernaut/secrets.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: kubernaut-session-secret
+  namespace: kubernaut
+spec:
+  encryptedData:
+    KUBERNAUT_JWT_SECRET: AgA1G1EAuAyt3IqtpxO/lwnKEOg4pzMtmSaGdoAbupwdrL0dy94iY7xJ4Pa4MbZVBZsmQcy4HYB1V1CJ4huM5DyXOP5l20WrTSAm2+/BCGcf4KfZ12qgZzprzsOZ3ann2XozWJ0Z75R20C33/a1p87npKH/nAuKEyVbk0hUxgRe9IkKlKrxk8nZWJNg3GvJrvrgZ1HA45noG1hgK9P5BwAqVnIPmoFL7YLABnycxs+50flMNCFw3QL0knix5Hi2bKfmpU8OqjeExcbmNjjMVNMU4RMo0JxqJ2XAxearKdr6y7cso3GYpsNiyywmKXQxmR/KCoqWN/hVh/skRS5EJ0D72edo7rcIbj+XJ7GBm1YSk/FXwDs00dsHLFfcauAmRkEj9mn4L3InHmWalnbJzHJbFhfEethOfSBcM6cKWEX4sg2VRpwc8Nyl/QivMz10YNhuaEg+k4kfl96b0muUZYYd9ZR+vvjqtYBfILhA3Bt2Rr7S1/3uXjR0K0Vm3flu3hy9HZbISc0ep+KujlOa/V7FTUudbTdzFHSRoJw7B0gVs561kLbcbEHx7weODVs1UnRS1v72culAkGfa1qdHq5PvywWulqb5ktsFXN7XjWJxK3vvt1+oZJG3Jh7DsTbTfMVieqkBvv2Lpq/VzIJX4q+eWX0BimPFKeFoiV6kItITs5Zpm8QY1JWx+wnm9pJGVuAW81Wz0wVB4XouIrqMnAUhcEcCenE0EBB835ENMbwl2m0e+Da5wvxlfg3rRYpKhxwf+YAeeYSaz6Fq0olgnL5wAnpeJb/IhUWv7a7LnCAXW1OMQvMnZyLGpVuVnuZHQgJCnXOzDYsKxU4hl1Vu58obLMC3TztWmTnTn/QN0eSiL9O0=
+    SESSION_SECRET: AgCYULxAS3Ph2y1wR1I/YCO6+LCv90zNcSbFSs+lKnjwTm3+yIrmGYC/53rfAiFfzsVcZf1BL5h+OgvroTH0998sdfSs+p1EXKfrJSsQsrZl2cVSAbou6V4R21B2p6Rs1qe0s9cmfnVFA2i3a9WPtEEcrmpXY6Ljs4NcAv6rpXACImKPHhl3YKOJkONUwbVzRvv2/ekMwbUTcJAyPNGBlqSGUhUdMHn9KD8wpl3ZtxUah0P8HsMuNzUyyFBHt1l9I+Wei2pAZC6Wg+HPfGrdJuwPuyvehaswIKlDYizBKdAoMHrdl9wwcKGmyvjmARGOlI71wnmgxAmw1af6MAYZLm5LKJgaLLhcAcoxerHMXAsE3y/NE3Yc+qKiGLqzhktEhKoQEE6sFhJi8S2fgacZDe1XOGlY/8vJo+FCTVIimVEdWsLZbEhC7T/fAHTc4N6bNTsvK2lsVh4fNH0xPQYsPeurHsmzE0R6yaRj63UQ07sZOj0hsOeJdxEe4NbHjysfT/ITyH87rEQefyC8G/FGfVGiZwPa1txTA0PAODW05UNhPzN65EK4j87ym76qYzB7BCM8lnYCBD0SVEDrjsTGvvkWEryk9OR+FIoaurQQoO1BLIGRuOEKf3sT7lLys3+cWelQY98tDGKUCsOMhCvmP88NMxW8fIUq1slOQjzkGniCev6iCD2TraEFxwnPZ+ZYECqp12nN4nJ1u8wxlTLLYZmAyH0B683wmWuIPdzZXmcEE4Hh6IKoVCuTIhK14iZ8Z6S6j0r4CHS2KosxoNkmGCt+KCauPNFHqw1Z/C4lWyL/dkPBOSJIqZ7LaXJuJvvzZ6Ln9Y7QjV3iQ6SGJAXY1hmkStOwwF5UxybP8wjfS6IB6DE=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: kubernaut-session-secret
+      namespace: kubernaut
--- a/clusters/k3s-cluster/apps.yaml
+++ b/clusters/k3s-cluster/apps.yaml
--- a/clusters/my-cluster/argo-rollouts/kustomization.yaml
+++ b/clusters/my-cluster/argo-rollouts/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: argo-rollouts
+resources:
+  - namespace.yaml
+  - https://github.com/argoproj/argo-rollouts/releases/download/v1.7.2/install.yaml
--- a/clusters/my-cluster/argo-rollouts/namespace.yaml
+++ b/clusters/my-cluster/argo-rollouts/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: argo-rollouts
--- a/clusters/my-cluster/argocd/kustomization.yaml
+++ b/clusters/my-cluster/argocd/kustomization.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: argocd
+resources:
+  - namespace.yaml
+  - https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.3/manifests/install.yaml
+patches:
+  - patch: |
+      apiVersion: v1
+      kind: Service
+      metadata:
+        name: argocd-server
+      spec:
+        type: LoadBalancer
+    target:
+      kind: Service
+      labelSelector: app.kubernetes.io/name=argocd-server
--- a/clusters/my-cluster/argocd/namespace.yaml
+++ b/clusters/my-cluster/argocd/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: argocd
--- a/clusters/k3s-cluster/flux-system/gotk-components.yaml
+++ b/clusters/k3s-cluster/flux-system/gotk-components.yaml
@@ -13,65 +13,6 @@ metadata:
    pod-security.kubernetes.io/warn-version: latest
  name: flux-system
 ---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  labels:
-    app.kubernetes.io/instance: flux-system
-    app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.4.0
-  name: allow-egress
-  namespace: flux-system
-spec:
-  egress:
-  - {}
-  ingress:
-  - from:
-    - podSelector: {}
-  podSelector: {}
-  policyTypes:
-  - Ingress
-  - Egress
---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  labels:
-    app.kubernetes.io/instance: flux-system
-    app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.4.0
-  name: allow-scraping
-  namespace: flux-system
-spec:
-  ingress:
-  - from:
-    - namespaceSelector: {}
-    ports:
-    - port: 8080
-      protocol: TCP
-  podSelector: {}
-  policyTypes:
-  - Ingress
---
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  labels:
-    app.kubernetes.io/instance: flux-system
-    app.kubernetes.io/part-of: flux
-    app.kubernetes.io/version: v2.4.0
-  name: allow-webhooks
-  namespace: flux-system
-spec:
-  ingress:
-  - from:
-    - namespaceSelector: {}
-  podSelector:
-    matchLabels:
-      app: notification-controller
-  policyTypes:
-  - Ingress
---
 apiVersion: v1
 kind: ResourceQuota
 metadata:
--- a/clusters/k3s-cluster/flux-system/gotk-sync.yaml
+++ b/clusters/k3s-cluster/flux-system/gotk-sync.yaml
@@ -20,7 +20,7 @@ metadata:
  namespace: flux-system
 spec:
  interval: 10m0s
-  path: ./clusters/k3s-cluster
+  path: ./clusters/my-cluster
  prune: true
  sourceRef:
    kind: GitRepository
--- a/clusters/k3s-cluster/flux-system/kustomization.yaml
+++ b/clusters/k3s-cluster/flux-system/kustomization.yaml
--- a/clusters/my-cluster/goldpinger/kustomization.yaml
+++ b/clusters/my-cluster/goldpinger/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: goldpinger
+resources:
+  - namespace.yaml
+  - repository.yaml
+  - release.yaml
--- a/clusters/my-cluster/goldpinger/namespace.yaml
+++ b/clusters/my-cluster/goldpinger/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: goldpinger
--- a/clusters/my-cluster/goldpinger/release.yaml
+++ b/clusters/my-cluster/goldpinger/release.yaml
@@ -0,0 +1,21 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: goldpinger
+  namespace: goldpinger
+spec:
+  chart:
+    spec:
+      chart: goldpinger
+      sourceRef:
+        kind: HelmRepository
+        name: goldpinger
+  interval: 50m
+  install:
+    remediation:
+      retries: 3
+  values:
+    goldpinger:
+      isArgoRollouts: true
+      reloadStrategy: annotations
--- a/clusters/my-cluster/goldpinger/repository.yaml
+++ b/clusters/my-cluster/goldpinger/repository.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: goldpinger
+  namespace: goldpinger
+spec:
+  interval: 5m
+  url: https://bloomberg.github.io/goldpinger
--- a/clusters/k3s-cluster/infrastructure.yaml
+++ b/clusters/k3s-cluster/infrastructure.yaml