Merge pull request #545 from dark-vex/migrate-k8s-vms

chore(k8s-vms-daniele): Migrate app path for k8s-vms-daniele

clusters/k8s-vms-daniele/apps.yaml

@@ -10,7 +10,7 @@ spec:
   sourceRef:
     kind: GitRepository
     name: flux-system
-  path: ./apps/k8s-vms-daniele
+  path: ./clusters/k8s-vms-daniele/apps
   prune: true
   wait: true
   timeout: 5m0s

clusters/k8s-vms-daniele/apps/awx/backup/backup.yml

@@ -0,0 +1,61 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: awx-backup
+  namespace: awx
+spec:
+  schedule: "0 0 * * 0"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: pgbackup
+            image: schickling/postgres-backup-s3
+            imagePullPolicy: IfNotPresent
+            env:
+            - name: S3_REGION
+              value: "eu-south-1"
+            - name: POSTGRES_BACKUP_ALL
+              value: "false"
+            - name: POSTGRES_EXTRA_OPTS
+              value: "--schema=public --blobs"
+            - name: S3_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: awx-backup
+                  key: S3_ACCESS_KEY_ID
+            - name: S3_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: awx-backup
+                  key: S3_SECRET_ACCESS_KEY
+            - name: S3_BUCKET
+              valueFrom:
+                secretKeyRef:
+                  name: awx-backup
+                  key: S3_BUCKET
+            - name: S3_PREFIX
+              value: "awx-backup"
+            - name: POSTGRES_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: awx-postgres-configuration
+                  key: host
+            - name: POSTGRES_DATABASE
+              valueFrom:
+                secretKeyRef:
+                  name: awx-postgres-configuration
+                  key: database
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: awx-postgres-configuration
+                  key: username
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: awx-postgres-configuration
+                  key: password
+          restartPolicy: OnFailure

clusters/k8s-vms-daniele/apps/awx/deploy.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: awx-secrets
+  namespace: flux-system
+spec:
+  interval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./clusters/k8s-vms-daniele/apps/awx/secrets
+  prune: true
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: awx
+  namespace: flux-system
+spec:
+  interval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./clusters/k8s-vms-daniele/apps/awx/manifests
+  prune: true

clusters/k8s-vms-daniele/apps/awx/manifests/namespace.yml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: awx
+  annotations:
+    kustomize.toolkit.fluxcd.io/prune: disabled

clusters/k8s-vms-daniele/apps/awx/manifests/release.yml

@@ -0,0 +1,64 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: ansible-awx
+  namespace: awx
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: awx-operator
+      version: ">=0.25.0"
+      sourceRef:
+        kind: HelmRepository
+        name: awx-chart
+        namespace: flux-system
+      interval: 5m
+  install:
+    createNamespace: true
+    crds: CreateReplace
+    remediation:
+      retries: 10
+  upgrade:
+    crds: CreateReplace
+    remediation:
+      retries: 10
+  values:
+    AWX:
+      enabled: true
+      name: awx
+      spec:
+        ingress_type: ingress
+        hostname: ansible.fastnetserv.net
+        secret_key_secret: custom-awx-secret-key
+        projects_persistence: true
+        projects_storage_class: local-path
+        projects_storage_size: 8Gi
+        projects_storage_access_mode: ReadWriteOnce
+        extra_settings:
+        - setting: CSRF_TRUSTED_ORIGINS
+          value:
+          - https://localhost:3001
+          - https://ansible.fastnetserv.net
+        web_resource_requirements:
+          requests:
+            cpu: 200m
+            memory: 512Mi
+          limits:
+            cpu: 500m
+            memory: 2Gi
+        task_resource_requirements:
+          requests:
+            cpu: 200m
+            memory: 512Mi
+          limits:
+            cpu: 300m
+            memory: 2Gi
+        ee_resource_requirements:
+          requests:
+            cpu: 200m
+            memory: 128Mi
+          limits:
+            cpu: 300m
+            memory: 256Mi

clusters/k8s-vms-daniele/apps/awx/secrets/awx-secret.yml

@@ -0,0 +1,20 @@
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: awx-admin-secret
+spec:
+  itemPath: "vaults/k8s_secrets/items/awx_admin"
+---
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: custom-awx-secret-key
+spec:
+  itemPath: "vaults/k8s_secrets/items/awx_secret_key"
+---
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: awx-backup
+spec:
+  itemPath: "vaults/k8s_secrets/items/awx_backup_key"

clusters/k8s-vms-daniele/apps/awx/secrets/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: awx
+resources:
+- awx-secret.yml

clusters/k8s-vms-daniele/apps/blackbox/deploy.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: blackbox
+  namespace: flux-system
+spec:
+  interval: 5m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./clusters/k8s-vms-daniele/apps/blackbox/manifests
+  prune: true

clusters/k8s-vms-daniele/apps/blackbox/manifests/namespace.yml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring
+  annotations:
+    kustomize.toolkit.fluxcd.io/prune: disabled

clusters/k8s-vms-daniele/apps/blackbox/manifests/release.yml

@@ -0,0 +1,28 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: blackbox
+  namespace: monitoring
+spec:
+  interval: 5m
+  chart:
+    spec:
+      interval: 5m
+      chart: prometheus-blackbox-exporter
+      version: ">=7.1.0 <7.2.0"
+      sourceRef:
+        kind: HelmRepository
+        name: prometheus-community-charts
+        namespace: flux-system
+  values:
+    podAnnotations: {}
+    config:
+      modules:
+        http_2xx:
+          prober: http
+          timeout: 5s
+          http:
+            valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
+            follow_redirects: true
+            preferred_ip_protocol: "ip4"

clusters/k8s-vms-daniele/kustomization.yaml → clusters/k8s-vms-daniele/apps/fluxcd/kustomization.yaml

@@ -1,7 +1,5 @@
----
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: flux-system
 resources:
-  - apps.yaml
-  - charts.yaml
+- notifications.yaml

clusters/k8s-vms-daniele/apps/fluxcd/notifications.yaml

@@ -0,0 +1,40 @@
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Provider
+metadata:
+  name: slack
+  namespace: flux-system
+spec:
+  type: slack
+  channel: infrastructure
+  secretRef:
+    name: slack-url
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Alert
+metadata:
+  name: fluxcd-notifications
+  namespace: flux-system
+spec:
+  summary: "cluster status"
+  providerRef:
+    name: slack
+  eventMetadata:
+    env: "production"
+    cluster: "k8s-vms-daniele"
+    region: "switzerland"
+  eventSeverity: error
+  eventSources:
+    - kind: GitRepository
+      name: '*'
+    - kind: Kustomization
+      name: charts
+    - kind: HelmRelease
+      name: '*'
+#    - kind: Kustomization
+#      name: '*'
+  exclusionList:
+    - "error.*lookup github\\.com"
+    - "error.*lookup raw\\.githubusercontent\\.com"
+    - "dial.*tcp.*timeout"
+    - "waiting.*socket"

clusters/k8s-vms-daniele/apps/fluxcd/secrets.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: slack-secrets
+  namespace: flux-system
+spec:
+  interval: 5m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./apps/k8s-vms-daniele/fluxcd/secrets
+  prune: true

clusters/k8s-vms-daniele/apps/fluxcd/secrets/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: flux-system
+resources:
+- slack-secret.yml

clusters/k8s-vms-daniele/apps/fluxcd/secrets/slack-secret.yml

@@ -0,0 +1,6 @@
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: slack-url
+spec:
+  itemPath: "vaults/k8s_secrets/items/slack-url"

clusters/k8s-vms-daniele/apps/sysdig-agent/deploy.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: sysdig-agent-secrets
+  namespace: flux-system
+spec:
+  targetNamespace: sysdig-agent
+  interval: 15m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./clusters/k8s-vms-daniele/apps/sysdig-agent/secrets
+  prune: true
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: sysdig-agent
+  namespace: flux-system
+spec:
+  targetNamespace: sysdig-agent
+  path: ./clusters/k8s-vms-daniele/apps/sysdig-agent/manifests
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  interval: 15m

clusters/k8s-vms-daniele/apps/sysdig-agent/manifests/kustomization.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: sysdig-agent
+resources:
+  - ../../../../common/sysdig-agent
+patchesStrategicMerge:
+  - release.yml

clusters/k8s-vms-daniele/apps/sysdig-agent/manifests/namespace.yml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: sysdig-agent
+  annotations:
+    kustomize.toolkit.fluxcd.io/prune: disabled