diff --git a/clusters/k8s-vms-daniele/apps.yaml b/clusters/k8s-vms-daniele/apps.yaml index 47722b87..00e3ebc9 100644 --- a/clusters/k8s-vms-daniele/apps.yaml +++ b/clusters/k8s-vms-daniele/apps.yaml @@ -10,7 +10,7 @@ spec: sourceRef: kind: GitRepository name: flux-system - path: ./apps/k8s-vms-daniele + path: ./clusters/k8s-vms-daniele/apps prune: true wait: true timeout: 5m0s diff --git a/clusters/k8s-vms-daniele/apps/awx/backup/backup.yml b/clusters/k8s-vms-daniele/apps/awx/backup/backup.yml new file mode 100644 index 00000000..20fb25cc --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/awx/backup/backup.yml @@ -0,0 +1,61 @@ +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: awx-backup + namespace: awx +spec: + schedule: "0 0 * * 0" + jobTemplate: + spec: + template: + spec: + containers: + - name: pgbackup + image: schickling/postgres-backup-s3 + imagePullPolicy: IfNotPresent + env: + - name: S3_REGION + value: "eu-south-1" + - name: POSTGRES_BACKUP_ALL + value: "false" + - name: POSTGRES_EXTRA_OPTS + value: "--schema=public --blobs" + - name: S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: awx-backup + key: S3_ACCESS_KEY_ID + - name: S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: awx-backup + key: S3_SECRET_ACCESS_KEY + - name: S3_BUCKET + valueFrom: + secretKeyRef: + name: awx-backup + key: S3_BUCKET + - name: S3_PREFIX + value: "awx-backup" + - name: POSTGRES_HOST + valueFrom: + secretKeyRef: + name: awx-postgres-configuration + key: host + - name: POSTGRES_DATABASE + valueFrom: + secretKeyRef: + name: awx-postgres-configuration + key: database + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: awx-postgres-configuration + key: username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: awx-postgres-configuration + key: password + restartPolicy: OnFailure diff --git a/clusters/k8s-vms-daniele/apps/awx/deploy.yaml b/clusters/k8s-vms-daniele/apps/awx/deploy.yaml new file mode 100644 index 00000000..9031c064 --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/awx/deploy.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: awx-secrets + namespace: flux-system +spec: + interval: 1m + sourceRef: + kind: GitRepository + name: flux-system + path: ./clusters/k8s-vms-daniele/apps/awx/secrets + prune: true +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: awx + namespace: flux-system +spec: + interval: 1m + sourceRef: + kind: GitRepository + name: flux-system + path: ./clusters/k8s-vms-daniele/apps/awx/manifests + prune: true diff --git a/clusters/k8s-vms-daniele/apps/awx/manifests/namespace.yml b/clusters/k8s-vms-daniele/apps/awx/manifests/namespace.yml new file mode 100644 index 00000000..0540a707 --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/awx/manifests/namespace.yml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: awx + annotations: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/clusters/k8s-vms-daniele/apps/awx/manifests/release.yml b/clusters/k8s-vms-daniele/apps/awx/manifests/release.yml new file mode 100644 index 00000000..0d63be64 --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/awx/manifests/release.yml @@ -0,0 +1,64 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: ansible-awx + namespace: awx +spec: + interval: 5m + chart: + spec: + chart: awx-operator + version: ">=0.25.0" + sourceRef: + kind: HelmRepository + name: awx-chart + namespace: flux-system + interval: 5m + install: + createNamespace: true + crds: CreateReplace + remediation: + retries: 10 + upgrade: + crds: CreateReplace + remediation: + retries: 10 + values: + AWX: + enabled: true + name: awx + spec: + ingress_type: ingress + hostname: ansible.fastnetserv.net + secret_key_secret: custom-awx-secret-key + projects_persistence: true + projects_storage_class: local-path + projects_storage_size: 8Gi + projects_storage_access_mode: ReadWriteOnce + extra_settings: + - setting: CSRF_TRUSTED_ORIGINS + value: + - https://localhost:3001 + - https://ansible.fastnetserv.net + web_resource_requirements: + requests: + cpu: 200m + memory: 512Mi + limits: + cpu: 500m + memory: 2Gi + task_resource_requirements: + requests: + cpu: 200m + memory: 512Mi + limits: + cpu: 300m + memory: 2Gi + ee_resource_requirements: + requests: + cpu: 200m + memory: 128Mi + limits: + cpu: 300m + memory: 256Mi diff --git a/clusters/k8s-vms-daniele/apps/awx/secrets/awx-secret.yml b/clusters/k8s-vms-daniele/apps/awx/secrets/awx-secret.yml new file mode 100644 index 00000000..47a0f2fa --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/awx/secrets/awx-secret.yml @@ -0,0 +1,20 @@ +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: awx-admin-secret +spec: + itemPath: "vaults/k8s_secrets/items/awx_admin" +--- +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: custom-awx-secret-key +spec: + itemPath: "vaults/k8s_secrets/items/awx_secret_key" +--- +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: awx-backup +spec: + itemPath: "vaults/k8s_secrets/items/awx_backup_key" diff --git a/clusters/k8s-vms-daniele/apps/awx/secrets/kustomization.yaml b/clusters/k8s-vms-daniele/apps/awx/secrets/kustomization.yaml new file mode 100644 index 00000000..62bd8993 --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/awx/secrets/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: awx +resources: +- awx-secret.yml diff --git a/clusters/k8s-vms-daniele/apps/blackbox/deploy.yaml b/clusters/k8s-vms-daniele/apps/blackbox/deploy.yaml new file mode 100644 index 00000000..9b76bd62 --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/blackbox/deploy.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: blackbox + namespace: flux-system +spec: + interval: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./clusters/k8s-vms-daniele/apps/blackbox/manifests + prune: true diff --git a/clusters/k8s-vms-daniele/apps/blackbox/manifests/namespace.yml b/clusters/k8s-vms-daniele/apps/blackbox/manifests/namespace.yml new file mode 100644 index 00000000..e92b3b07 --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/blackbox/manifests/namespace.yml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring + annotations: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/clusters/k8s-vms-daniele/apps/blackbox/manifests/release.yml b/clusters/k8s-vms-daniele/apps/blackbox/manifests/release.yml new file mode 100644 index 00000000..ed3b12db --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/blackbox/manifests/release.yml @@ -0,0 +1,28 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: blackbox + namespace: monitoring +spec: + interval: 5m + chart: + spec: + interval: 5m + chart: prometheus-blackbox-exporter + version: ">=7.1.0 <7.2.0" + sourceRef: + kind: HelmRepository + name: prometheus-community-charts + namespace: flux-system + values: + podAnnotations: {} + config: + modules: + http_2xx: + prober: http + timeout: 5s + http: + valid_http_versions: ["HTTP/1.1", "HTTP/2.0"] + follow_redirects: true + preferred_ip_protocol: "ip4" diff --git a/clusters/k8s-vms-daniele/kustomization.yaml b/clusters/k8s-vms-daniele/apps/fluxcd/kustomization.yaml similarity index 74% rename from clusters/k8s-vms-daniele/kustomization.yaml rename to clusters/k8s-vms-daniele/apps/fluxcd/kustomization.yaml index d94d6062..bfe10ba3 100644 --- a/clusters/k8s-vms-daniele/kustomization.yaml +++ b/clusters/k8s-vms-daniele/apps/fluxcd/kustomization.yaml @@ -1,7 +1,5 @@ ---- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: flux-system resources: - - apps.yaml - - charts.yaml +- notifications.yaml diff --git a/clusters/k8s-vms-daniele/apps/fluxcd/notifications.yaml b/clusters/k8s-vms-daniele/apps/fluxcd/notifications.yaml new file mode 100644 index 00000000..f9c8b0ea --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/fluxcd/notifications.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: notification.toolkit.fluxcd.io/v1beta3 +kind: Provider +metadata: + name: slack + namespace: flux-system +spec: + type: slack + channel: infrastructure + secretRef: + name: slack-url +--- +apiVersion: notification.toolkit.fluxcd.io/v1beta3 +kind: Alert +metadata: + name: fluxcd-notifications + namespace: flux-system +spec: + summary: "cluster status" + providerRef: + name: slack + eventMetadata: + env: "production" + cluster: "k8s-vms-daniele" + region: "switzerland" + eventSeverity: error + eventSources: + - kind: GitRepository + name: '*' + - kind: Kustomization + name: charts + - kind: HelmRelease + name: '*' +# - kind: Kustomization +# name: '*' + exclusionList: + - "error.*lookup github\\.com" + - "error.*lookup raw\\.githubusercontent\\.com" + - "dial.*tcp.*timeout" + - "waiting.*socket" diff --git a/clusters/k8s-vms-daniele/apps/fluxcd/secrets.yaml b/clusters/k8s-vms-daniele/apps/fluxcd/secrets.yaml new file mode 100644 index 00000000..60c29727 --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/fluxcd/secrets.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: slack-secrets + namespace: flux-system +spec: + interval: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./apps/k8s-vms-daniele/fluxcd/secrets + prune: true diff --git a/clusters/k8s-vms-daniele/apps/fluxcd/secrets/kustomization.yaml b/clusters/k8s-vms-daniele/apps/fluxcd/secrets/kustomization.yaml new file mode 100644 index 00000000..7f211358 --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/fluxcd/secrets/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: flux-system +resources: +- slack-secret.yml diff --git a/clusters/k8s-vms-daniele/apps/fluxcd/secrets/slack-secret.yml b/clusters/k8s-vms-daniele/apps/fluxcd/secrets/slack-secret.yml new file mode 100644 index 00000000..b9085ffa --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/fluxcd/secrets/slack-secret.yml @@ -0,0 +1,6 @@ +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: slack-url +spec: + itemPath: "vaults/k8s_secrets/items/slack-url" diff --git a/clusters/k8s-vms-daniele/apps/sysdig-agent/deploy.yaml b/clusters/k8s-vms-daniele/apps/sysdig-agent/deploy.yaml new file mode 100644 index 00000000..87a3143e --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/sysdig-agent/deploy.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: sysdig-agent-secrets + namespace: flux-system +spec: + targetNamespace: sysdig-agent + interval: 15m + sourceRef: + kind: GitRepository + name: flux-system + path: ./clusters/k8s-vms-daniele/apps/sysdig-agent/secrets + prune: true +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: sysdig-agent + namespace: flux-system +spec: + targetNamespace: sysdig-agent + path: ./clusters/k8s-vms-daniele/apps/sysdig-agent/manifests + prune: true + sourceRef: + kind: GitRepository + name: flux-system + interval: 15m diff --git a/clusters/k8s-vms-daniele/apps/sysdig-agent/manifests/kustomization.yaml b/clusters/k8s-vms-daniele/apps/sysdig-agent/manifests/kustomization.yaml new file mode 100644 index 00000000..79fd3ca0 --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/sysdig-agent/manifests/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: sysdig-agent +resources: + - ../../../../common/sysdig-agent +patchesStrategicMerge: + - release.yml diff --git a/clusters/k8s-vms-daniele/apps/sysdig-agent/manifests/namespace.yml b/clusters/k8s-vms-daniele/apps/sysdig-agent/manifests/namespace.yml new file mode 100644 index 00000000..4aad6843 --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/sysdig-agent/manifests/namespace.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: sysdig-agent + annotations: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/clusters/k8s-vms-daniele/apps/sysdig-agent/manifests/release.yml b/clusters/k8s-vms-daniele/apps/sysdig-agent/manifests/release.yml new file mode 100644 index 00000000..c9739fdc --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/sysdig-agent/manifests/release.yml @@ -0,0 +1,159 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: sysdig-deploy + namespace: sysdig-agent +spec: + chart: + spec: + chart: sysdig-deploy + version: ">=1.3.29" + values: + global: + clusterConfig: + name: "k8s-daniele-vms" + sysdig: + region: "us1" + kspm: + deploy: true + + kspmCollector: + probes: + initialDelay: 30 + + agent: + slim: + resources: + requests: + cpu: 300m + memory: 600Mi + limits: + cpu: 500m + memory: 1Gi + resourceProfile: custom + resources: + requests: + cpu: 300m + memory: 600Mi + limits: + cpu: 500m + memory: 1Gi + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: "NoSchedule" + key: "CriticalAddonsOnly" + operator: "Equal" + value: "true" + sysdig: + settings: + tags: cluster:k8s-daniele-vms,location:Swiss + cri: + socket_path: /run/k3s/containerd/containerd.sock + log: + file_priority: warning + console_priority: info + event_priority: warning + prometheus: + file: true + yaml: + global: + scrape_interval: 10s + scrape_configs: + - job_name: blackbox + metrics_path: /probe + params: + module: + - http_2xx + relabel_configs: + - source_labels: + - __address__ + target_label: __param_target + - source_labels: + - __param_target + target_label: instance + - replacement: blackbox-prometheus-blackbox-exporter.monitoring.svc.cluster.local:9115 # Blackbox hostname:port + target_label: __address__ + static_configs: + - targets: + - https://harbor.ddlns.net + labels: + kube_namespace_name: 'ciccio' + - job_name: kubernetes-blackbox-services + kubernetes_sd_configs: + - role: service + metrics_path: /probe + params: + module: + - http_2xx + relabel_configs: + - action: keep + regex: true + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_probe + - source_labels: + - __address__ + target_label: __param_target + - replacement: blackbox-prometheus-blackbox-exporter.monitoring.svc.cluster.local:9115 # Blackbox hostname:port + target_label: __address__ + - source_labels: + - __param_target + target_label: instance + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: + - __meta_kubernetes_namespace + target_label: kube_namespace_name + - source_labels: + - __meta_kubernetes_service_name + target_label: kube_service_name + + nodeAnalyzer: + nodeAnalyzer: + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: "NoSchedule" + key: "CriticalAddonsOnly" + operator: "Equal" + value: "true" + imageAnalyzer: + extraVolumes: + volumes: + - name: socketpath + hostPath: + path: /run/k3s/containerd/containerd.sock + type: "" + benchmarkRunner: + deploy: false + runtimeScanner: + deploy: false + resources: + limits: + cpu: 300m + settings: + eveEnabled: true + extraMounts: + - name: socketpath + mountPath: /var/run/containerd/containerd.sock + hostScanner: + deploy: true + secure: + vulnerabilityManagement: + newEngineOnly: true + + rapidResponse: + enabled: true + + clusterScanner: + enabled: true + eveEnabled: true + scannerMode: "local" + replicaCount: 1 + runtimeStatusIntegrator: + env: + USE_MAINDB_V2: "true" + imageSbomExtractor: + env: + USE_MAINDB_V2: "true" diff --git a/clusters/k8s-vms-daniele/apps/sysdig-agent/secrets/agent-secret.yml b/clusters/k8s-vms-daniele/apps/sysdig-agent/secrets/agent-secret.yml new file mode 100644 index 00000000..71448cab --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/sysdig-agent/secrets/agent-secret.yml @@ -0,0 +1,20 @@ +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: sysdig-agent +spec: + itemPath: "vaults/k8s_secrets/items/Agent_US-East" +--- +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: sysdig-rapid-response +spec: + itemPath: "vaults/k8s_secrets/items/Rapid_Response_US-East" +--- +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: sysdig-agent-api +spec: + itemPath: "vaults/k8s_secrets/items/API_Secure_US-East" diff --git a/clusters/k8s-vms-daniele/apps/sysdig-agent/secrets/kustomization.yaml b/clusters/k8s-vms-daniele/apps/sysdig-agent/secrets/kustomization.yaml new file mode 100644 index 00000000..c2943496 --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/sysdig-agent/secrets/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: sysdig-agent +resources: +- agent-secret.yml diff --git a/clusters/k8s-vms-daniele/apps/system-upgrade-controller/deploy.yaml b/clusters/k8s-vms-daniele/apps/system-upgrade-controller/deploy.yaml new file mode 100644 index 00000000..26062569 --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/system-upgrade-controller/deploy.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: system-upgrade + namespace: flux-system +spec: + interval: 15m + sourceRef: + kind: GitRepository + name: flux-system + path: ./clusters/k8s-vms-daniele/apps/system-upgrade-controller/manifests + prune: true diff --git a/clusters/k8s-vms-daniele/apps/system-upgrade-controller/manifests/kustomization.yaml b/clusters/k8s-vms-daniele/apps/system-upgrade-controller/manifests/kustomization.yaml new file mode 100644 index 00000000..33cb262c --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/system-upgrade-controller/manifests/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: system-upgrade +resources: +- plan.yml diff --git a/clusters/k8s-vms-daniele/apps/system-upgrade-controller/manifests/plan.yml b/clusters/k8s-vms-daniele/apps/system-upgrade-controller/manifests/plan.yml new file mode 100644 index 00000000..9a86c15f --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/system-upgrade-controller/manifests/plan.yml @@ -0,0 +1,42 @@ +# Server plan +apiVersion: upgrade.cattle.io/v1 +kind: Plan +metadata: + name: server-plan + namespace: system-upgrade +spec: + concurrency: 1 + cordon: true + nodeSelector: + matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: In + values: + - "true" + serviceAccountName: system-upgrade + upgrade: + image: rancher/k3s-upgrade + version: v1.27.8+k3s2 +--- +# Agent plan +apiVersion: upgrade.cattle.io/v1 +kind: Plan +metadata: + name: agent-plan + namespace: system-upgrade +spec: + concurrency: 1 + cordon: true + nodeSelector: + matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: DoesNotExist + prepare: + args: + - prepare + - server-plan + image: rancher/k3s-upgrade + serviceAccountName: system-upgrade + upgrade: + image: rancher/k3s-upgrade + version: v1.27.8+k3s2 diff --git a/clusters/k8s-vms-daniele/apps/teleport-agent/deploy.yaml b/clusters/k8s-vms-daniele/apps/teleport-agent/deploy.yaml new file mode 100644 index 00000000..bbf2566d --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/teleport-agent/deploy.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: teleport-kube-agent-join-token + namespace: flux-system +spec: + interval: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./clusters/k8s-vms-daniele/apps/awx/secrets + prune: true +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: teleport-kube-agent + namespace: flux-system +spec: + interval: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./clusters/k8s-vms-daniele/apps/awx/manifests + prune: true diff --git a/clusters/k8s-vms-daniele/apps/teleport-agent/manifests/namespace.yml b/clusters/k8s-vms-daniele/apps/teleport-agent/manifests/namespace.yml new file mode 100644 index 00000000..28cbd132 --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/teleport-agent/manifests/namespace.yml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: teleport-agent + annotations: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/clusters/k8s-vms-daniele/apps/teleport-agent/manifests/release.yml b/clusters/k8s-vms-daniele/apps/teleport-agent/manifests/release.yml new file mode 100644 index 00000000..84c8edfa --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/teleport-agent/manifests/release.yml @@ -0,0 +1,30 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: teleport-agent + namespace: teleport-agent +spec: + interval: 5m + chart: + spec: + chart: teleport-kube-agent + version: ">=12.0.0" + sourceRef: + kind: HelmRepository + name: teleport-charts + namespace: flux-system + interval: 5m + install: + createNamespace: true + remediation: + retries: 6 + upgrade: + remediation: + retries: 6 + values: + proxyAddr: teleport.fastnetserv.cloud:443 + kubeClusterName: "k8s-vms-daniele" + joinTokenSecret: + create: false + name: "teleport-kube-agent-join-token" diff --git a/clusters/k8s-vms-daniele/apps/teleport-agent/secrets/kustomization.yaml b/clusters/k8s-vms-daniele/apps/teleport-agent/secrets/kustomization.yaml new file mode 100644 index 00000000..6d926170 --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/teleport-agent/secrets/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: teleport-agent +resources: +- teleport-agent-secret.yml diff --git a/clusters/k8s-vms-daniele/apps/teleport-agent/secrets/teleport-agent-secret.yml b/clusters/k8s-vms-daniele/apps/teleport-agent/secrets/teleport-agent-secret.yml new file mode 100644 index 00000000..b602bf7b --- /dev/null +++ b/clusters/k8s-vms-daniele/apps/teleport-agent/secrets/teleport-agent-secret.yml @@ -0,0 +1,6 @@ +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: teleport-kube-agent-join-token +spec: + itemPath: "vaults/k8s_secrets/items/teleport-k3s-agent-token" diff --git a/clusters/k8s-vms-daniele/charts.yaml b/clusters/k8s-vms-daniele/charts.yaml index afcd0849..ae8f36d9 100644 --- a/clusters/k8s-vms-daniele/charts.yaml +++ b/clusters/k8s-vms-daniele/charts.yaml @@ -1,4 +1,4 @@ ---- + apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -9,5 +9,5 @@ spec: sourceRef: kind: GitRepository name: flux-system - path: ./charts + path: ./clusters/k8s-vms-daniele/charts prune: true diff --git a/clusters/k8s-vms-daniele/charts/awx.yml b/clusters/k8s-vms-daniele/charts/awx.yml new file mode 100644 index 00000000..5d66f4e1 --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/awx.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: awx-chart + namespace: flux-system +spec: + interval: 1h + url: https://ansible.github.io/awx-operator/ + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/bitnami.yml b/clusters/k8s-vms-daniele/charts/bitnami.yml new file mode 100644 index 00000000..1f79a92f --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/bitnami.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: bitnami-chart + namespace: flux-system +spec: + interval: 1h + url: https://charts.bitnami.com/bitnami + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/cetic.yml b/clusters/k8s-vms-daniele/charts/cetic.yml new file mode 100644 index 00000000..5f582ae3 --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/cetic.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: cetic-charts + namespace: flux-system +spec: + interval: 1h + url: https://cetic.github.io/helm-charts + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/crowdsec.yml b/clusters/k8s-vms-daniele/charts/crowdsec.yml new file mode 100644 index 00000000..0a51ef8c --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/crowdsec.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: crowdsec + namespace: flux-system +spec: + interval: 1h + url: https://crowdsecurity.github.io/helm-charts + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/datawire.yml b/clusters/k8s-vms-daniele/charts/datawire.yml new file mode 100644 index 00000000..07b6281c --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/datawire.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: datawire + namespace: flux-system +spec: + interval: 1h + url: https://app.getambassador.io + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/goauthentik.yml b/clusters/k8s-vms-daniele/charts/goauthentik.yml new file mode 100644 index 00000000..d3387dd0 --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/goauthentik.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: goauthentik-chart + namespace: flux-system +spec: + interval: 1h + url: https://charts.goauthentik.io + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/harbor.yml b/clusters/k8s-vms-daniele/charts/harbor.yml new file mode 100644 index 00000000..3ac8e1f4 --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/harbor.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: harbor-charts + namespace: flux-system +spec: + interval: 1h + url: https://helm.goharbor.io + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/ingress-nginx.yml b/clusters/k8s-vms-daniele/charts/ingress-nginx.yml new file mode 100644 index 00000000..020bbbaa --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/ingress-nginx.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: ingress-nginx + namespace: flux-system +spec: + interval: 1h + url: https://kubernetes.github.io/ingress-nginx + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/k8s-at-home.yml b/clusters/k8s-vms-daniele/charts/k8s-at-home.yml new file mode 100644 index 00000000..c696afb8 --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/k8s-at-home.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: k8s-at-home-charts + namespace: flux-system +spec: + interval: 1h + url: https://k8s-at-home.com/charts/ + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/kubernetes-sigs.yml b/clusters/k8s-vms-daniele/charts/kubernetes-sigs.yml new file mode 100644 index 00000000..f9b454ae --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/kubernetes-sigs.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: kubernetes-sigs-chart + namespace: flux-system +spec: + interval: 1h + url: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/kustomization.yaml b/clusters/k8s-vms-daniele/charts/kustomization.yaml new file mode 100644 index 00000000..125051c5 --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/kustomization.yaml @@ -0,0 +1,22 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: flux-system +resources: + - awx.yml + - bitnami.yml + - cetic.yml + - crowdsec.yml + - goauthentik.yml + - harbor.yml + - ingress-nginx.yml + - longhorn.yml + - minio.yml + - k8s-at-home.yml + - kubernetes-sigs.yml + - nextcloud.yml + - portainer.yml + - prometheus-community.yml + - sysdig.yml + - teleport.yml + - zabbix-community.yml + - zalando.yml diff --git a/clusters/k8s-vms-daniele/charts/longhorn.yml b/clusters/k8s-vms-daniele/charts/longhorn.yml new file mode 100644 index 00000000..31b6aa6c --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/longhorn.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: longhorn + namespace: flux-system +spec: + interval: 1h + url: https://charts.longhorn.io + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/minio.yml b/clusters/k8s-vms-daniele/charts/minio.yml new file mode 100644 index 00000000..4d12f17f --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/minio.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: minio-operator + namespace: flux-system +spec: + interval: 1h + url: https://operator.min.io + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/nextcloud.yml b/clusters/k8s-vms-daniele/charts/nextcloud.yml new file mode 100644 index 00000000..ff61b84e --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/nextcloud.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: nextcloud + namespace: flux-system +spec: + interval: 1h + url: https://nextcloud.github.io/helm/ + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/portainer.yml b/clusters/k8s-vms-daniele/charts/portainer.yml new file mode 100644 index 00000000..b81111ac --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/portainer.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: portainer-charts + namespace: flux-system +spec: + interval: 1h + url: https://portainer.github.io/k8s + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/prometheus-community.yml b/clusters/k8s-vms-daniele/charts/prometheus-community.yml new file mode 100644 index 00000000..42d36ee6 --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/prometheus-community.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: prometheus-community-charts + namespace: flux-system +spec: + interval: 1h + url: https://prometheus-community.github.io/helm-charts + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/sysdig.yml b/clusters/k8s-vms-daniele/charts/sysdig.yml new file mode 100644 index 00000000..a573c09b --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/sysdig.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: sysdig-charts + namespace: flux-system +spec: + interval: 1h + url: https://charts.sysdig.com + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/teleport.yml b/clusters/k8s-vms-daniele/charts/teleport.yml new file mode 100644 index 00000000..90efa4bd --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/teleport.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: teleport-charts + namespace: flux-system +spec: + interval: 1h + url: https://charts.releases.teleport.dev + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/zabbix-community.yml b/clusters/k8s-vms-daniele/charts/zabbix-community.yml new file mode 100644 index 00000000..119602e4 --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/zabbix-community.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: zabbix-community-charts + namespace: flux-system +spec: + interval: 1h + url: https://zabbix-community.github.io/helm-zabbix + timeout: 3m diff --git a/clusters/k8s-vms-daniele/charts/zalando.yml b/clusters/k8s-vms-daniele/charts/zalando.yml new file mode 100644 index 00000000..5714974e --- /dev/null +++ b/clusters/k8s-vms-daniele/charts/zalando.yml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: postgres-operator-charts + namespace: flux-system +spec: + interval: 1h + url: https://opensource.zalando.com/postgres-operator/charts/postgres-operator + timeout: 3m