Add ingress for Longhorn

allowed_signers

@@ -1,2 +0,0 @@
-ryan@cavi.cc namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGznaofIstAxYsX1MH8xQiZU4aOO4SUw9OlRbyFMfQTx ryan@workstation
-ryan@cavi.cc namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICndorpp/6aKlLq2K1YP81r8zA80VGp1qAUeCZtdVhAw lappy486

clusters/k3s-cluster/apps.yaml

@@ -1,17 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: apps
-  namespace: flux-system
-spec:
-  interval: 10m0s
-  dependsOn:
-    - name: infra-configs
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./apps
-  prune: true
-  wait: true
-  timeout: 5m0s

clusters/k3s-cluster/flux-system/gotk-sync.yaml

@@ -1,27 +0,0 @@
-# This manifest was generated by flux. DO NOT EDIT.
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: flux-system
-  namespace: flux-system
-spec:
-  interval: 1m0s
-  ref:
-    branch: main
-  secretRef:
-    name: flux-system
-  url: https://git.kill0.net/ryanc/fleet-infra.git
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: flux-system
-  namespace: flux-system
-spec:
-  interval: 10m0s
-  path: ./clusters/k3s-cluster
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: flux-system

clusters/k3s-cluster/infrastructure.yaml

@@ -1,60 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: infra-loadbalancer
-  namespace: flux-system
-spec:
-  interval: 1h
-  retryInterval: 1m
-  timeout: 5m
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./infrastructure/loadbalancer
-  prune: true
-  wait: true
-  patches:
-    - patch: |
-        - op: replace
-          path: /spec/addresses
-          value:
-            - 10.100.101.16/28
-      target:
-        kind: IPAddressPool
-        name: first-pool
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: infra-controllers
-  namespace: flux-system
-spec:
-  dependsOn:
-    - name: infra-loadbalancer
-  interval: 1h
-  retryInterval: 1m
-  timeout: 5m
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./infrastructure/controllers
-  prune: true
-  wait: true
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: infra-configs
-  namespace: flux-system
-spec:
-  dependsOn:
-    - name: infra-controllers
-  interval: 1h
-  retryInterval: 1m
-  timeout: 5m
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./infrastructure/configs
-  prune: true

clusters/k8s-cluster/apps.yaml

@@ -1,17 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: apps
-  namespace: flux-system
-spec:
-  interval: 10m0s
-  dependsOn:
-    - name: infra-configs
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./apps
-  prune: true
-  wait: true
-  timeout: 5m0s

clusters/k8s-cluster/flux-system/kustomization.yaml

@@ -1,25 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - gotk-components.yaml
-  - gotk-sync.yaml
-patches:
-  - patch: |
-      apiVersion: apps/v1
-      kind: Deployment
-      metadata:
-        name: all
-      spec:
-        template:
-          spec:
-            containers:
-              - name: manager
-                env:
-                  - name: "https_proxy"
-                    value: "http://proxy-lb.lab.kill0.net.:3128"
-                  - name: "no_proxy"
-                    value: ".cluster.local., .cluster.local, .svc, 10.0.0.0/8, 127.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, k8s-ctrl-lb.lab.kill0.net, localhost, registry.lab.kill0.net"
-    target:
-      kind: Deployment
-      labelSelector: app.kubernetes.io/part-of=flux

clusters/k8s-cluster/infrastructure.yaml

@@ -1,33 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: infra-controllers
-  namespace: flux-system
-spec:
-  interval: 1h
-  retryInterval: 1m
-  timeout: 5m
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./infrastructure/controllers
-  prune: true
-  wait: true
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: infra-configs
-  namespace: flux-system
-spec:
-  dependsOn:
-    - name: infra-controllers
-  interval: 1h
-  retryInterval: 1m
-  timeout: 5m
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./infrastructure/configs
-  prune: true

clusters/k8s-cluster/kube-vip-cloud-controller/configmap.yaml

@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: kubevip
-  namespace: kube-system
-data:
-  cidr-global: 10.99.99.10-10.99.99.254

clusters/k8s-cluster/kube-vip-cloud-controller/kube-vip-cloud-controller.yaml

@@ -1,88 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kube-vip-cloud-controller
-  namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  annotations:
-    rbac.authorization.kubernetes.io/autoupdate: "true"
-  name: system:kube-vip-cloud-controller-role
-rules:
-  - apiGroups: ["coordination.k8s.io"]
-    resources: ["leases"]
-    verbs: ["get", "create", "update", "list", "put"]
-  - apiGroups: [""]
-    resources: ["configmaps", "endpoints","events","services/status", "leases"]
-    verbs: ["*"]
-  - apiGroups: [""]
-    resources: ["nodes", "services"]
-    verbs: ["list","get","watch","update"]
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: system:kube-vip-cloud-controller-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:kube-vip-cloud-controller-role
-subjects:
-- kind: ServiceAccount
-  name: kube-vip-cloud-controller
-  namespace: kube-system
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: kube-vip-cloud-provider
-  namespace: kube-system
-spec:
-  replicas: 1
-  revisionHistoryLimit: 10
-  selector:
-    matchLabels:
-      app: kube-vip
-      component: kube-vip-cloud-provider
-  strategy:
-    rollingUpdate:
-      maxSurge: 25%
-      maxUnavailable: 25%
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        app: kube-vip
-        component: kube-vip-cloud-provider
-    spec:
-      containers:
-      - command:
-        - /kube-vip-cloud-provider
-        - --leader-elect-resource-name=kube-vip-cloud-controller
-        image: ghcr.io/kube-vip/kube-vip-cloud-provider:v0.0.11
-        name: kube-vip-cloud-provider
-        imagePullPolicy: Always
-      dnsPolicy: ClusterFirst
-      restartPolicy: Always
-      terminationGracePeriodSeconds: 30
-      serviceAccountName: kube-vip-cloud-controller
-      tolerations:
-      - key: node-role.kubernetes.io/master
-        effect: NoSchedule
-      - key: node-role.kubernetes.io/control-plane
-        effect: NoSchedule
-      affinity:
-        nodeAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - weight: 10
-            preference:
-              matchExpressions:
-              - key: node-role.kubernetes.io/control-plane
-                operator: Exists
-          - weight: 10
-            preference:
-              matchExpressions:
-              - key: node-role.kubernetes.io/master
-                operator: Exists

clusters/k8s-cluster/kube-vip-cloud-controller/kustomization.yaml

@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - kube-vip-cloud-controller.yaml
-  - configmap.yaml

clusters/k8s-cluster/kube-vip/daemonset.yaml

@@ -1,71 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  creationTimestamp: null
-  labels:
-    app.kubernetes.io/name: kube-vip-ds
-    app.kubernetes.io/version: v0.8.9
-  name: kube-vip-ds
-  namespace: kube-system
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: kube-vip-ds
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        app.kubernetes.io/name: kube-vip-ds
-        app.kubernetes.io/version: v0.8.9
-    spec:
-      containers:
-      - args:
-        - manager
-        env:
-        - name: vip_arp
-          value: "false"
-        - name: port
-          value: "6443"
-        - name: vip_nodename
-          valueFrom:
-            fieldRef:
-              fieldPath: spec.nodeName
-        - name: vip_interface
-          value: lo
-        - name: bgp_routerinterface
-          value: "eth0"
-        - name: dns_mode
-          value: first
-        - name: svc_enable
-          value: "true"
-        - name: svc_leasename
-          value: plndr-svcs-lock
-        - name: bgp_enable
-          value: "true"
-        - name: bgp_routerid
-        - name: bgp_as
-          value: "4206942069"
-        - name: bgp_peeraddress
-        - name: bgp_peerpass
-        - name: bgp_peeras
-          value: "65000"
-        - name: bgp_peers
-          value: 10.100.100.1:4206942069::false
-        - name: vip_address
-        - name: vip_cidr
-          value: "32"
-        - name: prometheus_server
-          value: :2112
-        image: ghcr.io/kube-vip/kube-vip:v0.8.9
-        imagePullPolicy: IfNotPresent
-        name: kube-vip
-        resources: {}
-        securityContext:
-          capabilities:
-            add:
-            - NET_ADMIN
-            - NET_RAW
-      hostNetwork: true
-      serviceAccountName: kube-vip
-  updateStrategy: {}
-

clusters/k8s-cluster/kube-vip/kustomization.yaml

@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - rbac.yaml
-  - daemonset.yaml

clusters/k8s-cluster/kube-vip/rbac.yaml

@@ -1,45 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kube-vip
-  namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  annotations:
-    rbac.authorization.kubernetes.io/autoupdate: "true"
-  name: system:kube-vip-role
-rules:
-  - apiGroups: [""]
-    resources: ["services/status"]
-    verbs: ["update"]
-  - apiGroups: [""]
-    resources: ["services", "endpoints"]
-    verbs: ["list","get","watch", "update"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["list","get","watch", "update", "patch"]
-  - apiGroups: ["coordination.k8s.io"]
-    resources: ["leases"]
-    verbs: ["list", "get", "watch", "update", "create"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["list","get","watch", "update"]
-  - apiGroups: [""]
-    resources: ["pods"]
-    verbs: ["list"]
-
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: system:kube-vip-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:kube-vip-role
-subjects:
-- kind: ServiceAccount
-  name: kube-vip
-  namespace: kube-system

clusters/k8s-cluster/spegel/kustomization.yaml

@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: spegel
-resources:
-  - namespace.yaml
-  - repository.yaml
-  - release.yaml

clusters/k8s-cluster/spegel/release.yaml

@@ -1,16 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: spegel
-  namespace: spegel
-spec:
-  interval: 1m
-  chart:
-    spec:
-      chart: spegel
-      version: v0.0.30
-      interval: 5m
-      sourceRef:
-        kind: HelmRepository
-        name: spegel

clusters/k8s-cluster/spegel/repository.yaml

@@ -1,10 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: HelmRepository
-metadata:
-  name: spegel
-  namespace: spegel
-spec:
-  type: "oci"
-  interval: 5m0s
-  url: oci://ghcr.io/spegel-org/helm-charts

clusters/my-cluster/argocd/kustomization.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: argocd
+resources:
+  - namespace.yaml
+  - https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
+patches:
+  - patch: |
+      apiVersion: v1
+      kind: Service
+      metadata:
+        name: argocd-server
+      spec:
+        type: LoadBalancer
+    target:
+      kind: Service
+      labelSelector: app.kubernetes.io/name=argocd-server

clusters/my-cluster/argocd/namespace.yaml

@@ -2,4 +2,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: spegel
+  name: argocd

clusters/my-cluster/flux-system/gotk-sync.yaml

@@ -20,7 +20,7 @@ metadata:
   namespace: flux-system
 spec:
   interval: 10m0s
-  path: ./clusters/k8s-cluster
+  path: ./clusters/my-cluster
   prune: true
   sourceRef:
     kind: GitRepository

clusters/my-cluster/flux-system/kustomization.yaml

@@ -17,7 +17,7 @@ patches:
               - name: manager
                 env:
                   - name: "HTTPS_PROXY"
-                    value: "http://proxy-lb.lab.kill0.net.:3128"
+                    value: "http://proxy-lb.lab.kill0.net:3128"
                   - name: "NO_PROXY"
                     value: ".cluster.local.,.cluster.local,.svc,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
     target:

clusters/my-cluster/longhorn/ingress.yaml

@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: longhorn-ingress
+  namespace: longhorn-system
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    # type of authentication
+    nginx.ingress.kubernetes.io/auth-type: basic
+    # prevent the controller from redirecting (308) to HTTPS
+    nginx.ingress.kubernetes.io/ssl-redirect: 'false'
+    # name of the secret that contains the user/password definitions
+    nginx.ingress.kubernetes.io/auth-secret: basic-auth
+    # message to display with an appropriate context why the authentication is required
+    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required '
+    # custom max body size for file uploading like backing image uploading
+    nginx.ingress.kubernetes.io/proxy-body-size: 10000m
+spec:
+  rules:
+    - host: longhorn-ui.lab.kill0.net
+      http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: longhorn-frontend
+            port:
+              number: 80
+  ingressClassName: nginx

clusters/my-cluster/longhorn/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - https://raw.githubusercontent.com/longhorn/longhorn/v1.6.2/deploy/longhorn.yaml
+  - ingress.yaml

clusters/my-cluster/metallb-system/metallb-native.yaml

@@ -11,7 +11,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.3
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: bfdprofiles.metallb.io
 spec:
   group: metallb.io
@@ -132,7 +132,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.3
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: bgpadvertisements.metallb.io
 spec:
   group: metallb.io
@@ -349,7 +349,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.3
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: bgppeers.metallb.io
 spec:
   conversion:
@@ -385,8 +385,6 @@ spec:
     - jsonPath: .spec.ebgpMultiHop
       name: Multi Hops
       type: string
-    deprecated: true
-    deprecationWarning: v1beta1 is deprecated, please use v1beta2
     name: v1beta1
     schema:
       openAPIV3Schema:
@@ -554,27 +552,16 @@ spec:
                 description: To set if we want to disable MP BGP that will separate
                   IPv4 and IPv6 route exchanges into distinct BGP sessions.
                 type: boolean
-              dynamicASN:
-                description: |-
-                  DynamicASN detects the AS number to use for the remote end of the session
-                  without explicitly setting it via the ASN field. Limited to:
-                  internal - if the neighbor's ASN is different than MyASN connection is denied.
-                  external - if the neighbor's ASN is the same as MyASN the connection is denied.
-                  ASN and DynamicASN are mutually exclusive and one of them must be specified.
-                enum:
-                - internal
-                - external
-                type: string
               ebgpMultiHop:
                 description: To set if the BGPPeer is multi-hops away. Needed for
                   FRR mode only.
                 type: boolean
               enableGracefulRestart:
                 description: |-
-                  EnableGracefulRestart allows BGP peer to continue to forward data packets
-                  along known routes while the routing protocol information is being
-                  restored. This field is immutable because it requires restart of the BGP
-                  session. Supported for FRR mode only.
+                  EnableGracefulRestart allows BGP peer to continue to forward data packets along
+                  known routes while the routing protocol information is being restored.
+                  This field is immutable because it requires restart of the BGP session
+                  Supported for FRR mode only.
                 type: boolean
                 x-kubernetes-validations:
                 - message: EnableGracefulRestart cannot be changed after creation
@@ -667,9 +654,7 @@ spec:
                 type: object
                 x-kubernetes-map-type: atomic
               peerASN:
-                description: |-
-                  AS number to expect from the remote end of the session.
-                  ASN and DynamicASN are mutually exclusive and one of them must be specified.
+                description: AS number to expect from the remote end of the session.
                 format: int32
                 maximum: 4294967295
                 minimum: 0
@@ -696,6 +681,7 @@ spec:
                 type: string
             required:
             - myASN
+            - peerASN
             - peerAddress
             type: object
           status:
@@ -711,7 +697,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.3
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: communities.metallb.io
 spec:
   group: metallb.io
@@ -776,7 +762,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.3
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: ipaddresspools.metallb.io
 spec:
   group: metallb.io
@@ -992,7 +978,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.3
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: l2advertisements.metallb.io
 spec:
   group: metallb.io
@@ -1179,7 +1165,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.3
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: servicel2statuses.metallb.io
 spec:
   group: metallb.io
@@ -1494,6 +1480,7 @@ rules:
   - metallb-webhook-configuration
   resources:
   - validatingwebhookconfigurations
+  - mutatingwebhookconfigurations
   verbs:
   - create
   - delete
@@ -1506,6 +1493,7 @@ rules:
   - admissionregistration.k8s.io
   resources:
   - validatingwebhookconfigurations
+  - mutatingwebhookconfigurations
   verbs:
   - list
   - watch
@@ -1707,7 +1695,7 @@ spec:
           value: memberlist
         - name: METALLB_DEPLOYMENT
           value: controller
-        image: quay.io/metallb/controller:v0.14.9
+        image: quay.io/metallb/controller:v0.14.8
         livenessProbe:
           failureThreshold: 3
           httpGet:
@@ -1804,7 +1792,7 @@ spec:
           value: app=metallb,component=speaker
         - name: METALLB_ML_SECRET_KEY_PATH
           value: /etc/ml_secret_key
-        image: quay.io/metallb/speaker:v0.14.9
+        image: quay.io/metallb/speaker:v0.14.8
         livenessProbe:
           failureThreshold: 3
           httpGet:

clusters/my-cluster/nginx-ingress/release.yaml

@@ -5,11 +5,11 @@ metadata:
   name: ingress-nginx
   namespace: ingress-nginx
 spec:
-  interval: 30m
   chart:
     spec:
       chart: ingress-nginx
       sourceRef:
         kind: HelmRepository
         name: ingress-nginx
-      version: 4.12.0
+      version: 1.11.1
+  interval: 50m

clusters/my-cluster/sealedsecrets/kustomization.yaml

@@ -2,4 +2,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.29.0/controller.yaml
+  - https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.27.1/controller.yaml

clusters/my-cluster/traefik/release.yaml

@@ -16,7 +16,3 @@ spec:
   install:
     remediation:
       retries: 3
-  values:
-    ingressClass:
-      enabled: true
-      isDefaultClass: false

infrastructure/controllers/envoy-gateway/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: envoy-gateway-system

infrastructure/controllers/envoy-gateway/release.yaml

@@ -1,12 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: eg
-  namespace: envoy-gateway-system
-spec:
-  interval: 10m
-  releaseName: eg
-  chartRef:
-    kind: OCIRepository
-    name: envoy-gateway

infrastructure/controllers/envoy-gateway/repository.yaml

@@ -1,11 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: OCIRepository
-metadata:
-  name: envoy-gateway
-  namespace: envoy-gateway-system
-spec:
-  interval: 10m
-  url: oci://docker.io/envoyproxy/gateway-helm
-  ref:
-    semver: ">=1.3.2"

infrastructure/controllers/flagger/kustomization.yaml

@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - namespace.yaml
-  - repository.yaml
-  - release.yaml

infrastructure/controllers/flagger/namespace.yaml

@@ -1,7 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: flagger-system
-  labels:
-    toolkit.fluxcd.io/tenant: sre-team

infrastructure/controllers/flagger/release.yaml

@@ -1,26 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: flagger
-  namespace: flagger-system
-spec:
-  interval: 1h
-  releaseName: flagger
-  install: # override existing Flagger CRDs
-    crds: CreateReplace
-  upgrade: # update Flagger CRDs
-    crds: CreateReplace
-  chart:
-    spec:
-      chart: flagger
-      version: 1.x # update Flagger to the latest minor version
-      interval: 6h # scan for new versions every six hours
-      sourceRef:
-        kind: HelmRepository
-        name: flagger
-      verify: # verify the chart signature with Cosign keyless
-        provider: cosign 
-  values:
-    nodeSelector:
-      kubernetes.io/os: linux

infrastructure/controllers/flagger/repository.yaml

@@ -1,9 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: flagger
-  namespace: flagger-system
-spec:
-  interval: 1h
-  url: oci://ghcr.io/fluxcd/charts
-  type: oci

infrastructure/controllers/gateway-api/kustomization.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml

infrastructure/controllers/metrics-server/components.yaml

@@ -1,201 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: metrics-server
-  namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    k8s-app: metrics-server
-    rbac.authorization.k8s.io/aggregate-to-admin: "true"
-    rbac.authorization.k8s.io/aggregate-to-edit: "true"
-    rbac.authorization.k8s.io/aggregate-to-view: "true"
-  name: system:aggregated-metrics-reader
-rules:
-- apiGroups:
-  - metrics.k8s.io
-  resources:
-  - pods
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: system:metrics-server
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - nodes/metrics
-  verbs:
-  - get
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: metrics-server-auth-reader
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: extension-apiserver-authentication-reader
-subjects:
-- kind: ServiceAccount
-  name: metrics-server
-  namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: metrics-server:system:auth-delegator
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:auth-delegator
-subjects:
-- kind: ServiceAccount
-  name: metrics-server
-  namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: system:metrics-server
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:metrics-server
-subjects:
-- kind: ServiceAccount
-  name: metrics-server
-  namespace: kube-system
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: metrics-server
-  namespace: kube-system
-spec:
-  ports:
-  - name: https
-    port: 443
-    protocol: TCP
-    targetPort: https
-  selector:
-    k8s-app: metrics-server
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: metrics-server
-  namespace: kube-system
-spec:
-  selector:
-    matchLabels:
-      k8s-app: metrics-server
-  strategy:
-    rollingUpdate:
-      maxUnavailable: 0
-  template:
-    metadata:
-      labels:
-        k8s-app: metrics-server
-    spec:
-      containers:
-      - args:
-        - --cert-dir=/tmp
-        - --secure-port=10250
-        - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
-        - --kubelet-use-node-status-port
-        - --metric-resolution=15s
-        image: registry.k8s.io/metrics-server/metrics-server:v0.7.2
-        imagePullPolicy: IfNotPresent
-        livenessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /livez
-            port: https
-            scheme: HTTPS
-          periodSeconds: 10
-        name: metrics-server
-        ports:
-        - containerPort: 10250
-          name: https
-          protocol: TCP
-        readinessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /readyz
-            port: https
-            scheme: HTTPS
-          initialDelaySeconds: 20
-          periodSeconds: 10
-        resources:
-          requests:
-            cpu: 100m
-            memory: 200Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          readOnlyRootFilesystem: true
-          runAsNonRoot: true
-          runAsUser: 1000
-          seccompProfile:
-            type: RuntimeDefault
-        volumeMounts:
-        - mountPath: /tmp
-          name: tmp-dir
-      nodeSelector:
-        kubernetes.io/os: linux
-      priorityClassName: system-cluster-critical
-      serviceAccountName: metrics-server
-      volumes:
-      - emptyDir: {}
-        name: tmp-dir
----
-apiVersion: apiregistration.k8s.io/v1
-kind: APIService
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: v1beta1.metrics.k8s.io
-spec:
-  group: metrics.k8s.io
-  groupPriorityMinimum: 100
-  insecureSkipTLSVerify: true
-  service:
-    name: metrics-server
-    namespace: kube-system
-  version: v1beta1
-  versionPriority: 100

infrastructure/controllers/metrics-server/kustomization.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - components.yaml

infrastructure/controllers/reloader/kustomization.yaml

@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: reloader
-resources:
-  - namespace.yaml
-  - repository.yaml
-  - release.yaml

infrastructure/controllers/reloader/namespace.yaml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: reloader

infrastructure/controllers/reloader/release.yaml

@@ -1,21 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: reloader
-  namespace: reloader
-spec:
-  chart:
-    spec:
-      chart: reloader
-      sourceRef:
-        kind: HelmRepository
-        name: stakater
-  interval: 50m
-  install:
-    remediation:
-      retries: 3
-  values:
-    reloader:
-      isArgoRollouts: true
-      reloadStrategy: annotations

infrastructure/controllers/reloader/repository.yaml

@@ -1,9 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: stakater
-  namespace: reloader
-spec:
-  interval: 5m
-  url: https://stakater.github.io/stakater-charts