From 98a39c63a0db575e9a9c0d137a72a3ad112075b1 Mon Sep 17 00:00:00 2001
From: Jonathan Hardison <jmh@jonathanhardison.com>
Date: Wed, 11 Sep 2024 00:16:40 -0500
Subject: [PATCH] restructure and cleanup to overlays for core.

---
 bootstrap/00_1password/README.md              |  2 +-
 bootstrap/00_1password/kustomization.yaml     | 11 +--------
 bootstrap/01_certmanager/kustomization.yaml   |  9 +------
 .../01a_cloudflareoriginca/kustomization.yaml |  8 ++-----
 bootstrap/03_argocd/kustomization.yaml        | 19 +--------------
 bootstrap/README.md                           |  3 +++
 .../overlays/prod}/customvalues.yaml          |  0
 .../overlays/prod/kustomization.yaml          | 14 +++++++++++
 .../1password/overlays/prod}/namespace.yaml   |  0
 core/argo-rollouts/{ => base}/install.yaml    |  0
 .../{ => overlays/prod}/kustomization.yaml    |  3 +--
 .../{ => overlays/prod}/namespace.yaml        |  0
 core/argo-rollouts/update.sh                  |  2 +-
 .../base}/wf-install.yaml                     |  0
 .../overlays/prod/kustomization.yaml          |  8 +++++++
 .../overlays/prod/namespace.yaml              |  6 +++++
 .../workflow-update.sh                        |  2 +-
 .../argocd}/base/ha/ha-install.yaml           |  0
 .../argocd}/base/ha/kustomization.yaml        |  0
 .../argocd}/base/ha/namespace.yaml            |  0
 .../argocd}/base/non-ha/install.yaml          |  0
 .../argocd}/base/non-ha/kustomization.yaml    |  0
 .../argocd}/base/non-ha/namespace.yaml        |  0
 core/argocd/kustomization.yaml                | 15 ------------
 .../prod/appsets}/argocd-github-appsets.yaml  |  0
 .../prod/appsets}/argocd-github-core.yaml     |  6 ++---
 .../overlays/prod/appsets/kustomization.yaml  |  8 +++++++
 .../argocd/overlays/prod}/argocd-cm.yaml      |  0
 .../overlays/prod}/argocd-cmd-params-cm.yaml  |  0
 .../argocd/overlays/prod}/argocd-rbac-cm.yaml |  0
 .../prod}/argocd-ssh-known-hosts-cm.yaml      |  0
 .../cloudflare-ca-originissuer.yaml           |  0
 .../certificates/ingress-certificate.yaml     |  0
 .../overlays/prod}/ingress.yaml.disabled      |  0
 core/argocd/overlays/prod/kustomization.yaml  | 24 +++++++++++++++++++
 .../prod}/op-secrets/argo-secrets.yaml        |  0
 .../prod}/op-secrets/dex-githubapp.yaml       |  0
 .../prod}/op-secrets/github-repocreds.yaml    |  0
 ...e-cloudflare-api-token-secret_secrets.yaml |  0
 .../prod/projects}/argocd-project-core.yaml   |  0
 .../overlays/prod/projects/kustomization.yaml |  7 ++++++
 .../03_argocd => core/argocd}/update-ha.sh    |  0
 .../03_argocd => core/argocd}/update-nonha.sh |  0
 .../prod}/cloudflare-ca-originissuer.yaml     |  0
 ...e-cloudflare-api-token-secret_secrets.yaml |  0
 .../overlays/prod}/hhouse-clusterissuer.yaml  |  0
 ...use-lets-encrypt-priviate-key_secrets.yaml |  0
 .../overlays/prod/kustomization.yaml          | 12 ++++++++++
 .../overlays/prod}/namespace.yaml             |  0
 core/cfargotunnel/base/kustomization.yaml     |  8 +++++++
 .../{base => overlays/prod}/cf-configmap.yaml |  0
 .../{ => overlays/prod}/kustomization.yaml    |  5 ++--
 .../op-secrets/hhouse-cloudflare-json.yaml    |  0
 .../{ => overlays/prod}/addresspool.yaml      |  0
 .../{ => overlays/prod}/kustomization.yaml    |  0
 .../prod}/metallb-ingress-service.yaml        |  0
 .../overlays/prod}/0-namespace.yaml           |  0
 .../overlays/prod}/deployment.yaml            |  0
 .../overlays/prod/kustomization.yaml          | 10 ++++++++
 .../overlays/prod}/role-approver.yaml         |  0
 .../overlays/prod}/role-binding.yaml          |  0
 .../origin-ca-issuer/overlays/prod}/role.yaml |  0
 .../overlays/prod}/serviceaccount.yaml        |  0
 63 files changed, 114 insertions(+), 68 deletions(-)
 create mode 100644 bootstrap/README.md
 rename {bootstrap/00_1password => core/1password/overlays/prod}/customvalues.yaml (100%)
 create mode 100644 core/1password/overlays/prod/kustomization.yaml
 rename {bootstrap/00_1password => core/1password/overlays/prod}/namespace.yaml (100%)
 rename core/argo-rollouts/{ => base}/install.yaml (100%)
 rename core/argo-rollouts/{ => overlays/prod}/kustomization.yaml (78%)
 rename core/argo-rollouts/{ => overlays/prod}/namespace.yaml (100%)
 rename core/{argo-rollouts => argo-workflows/base}/wf-install.yaml (100%)
 create mode 100644 core/argo-workflows/overlays/prod/kustomization.yaml
 create mode 100644 core/argo-workflows/overlays/prod/namespace.yaml
 rename core/{argo-rollouts => argo-workflows}/workflow-update.sh (77%)
 rename {bootstrap/03_argocd => core/argocd}/base/ha/ha-install.yaml (100%)
 rename {bootstrap/03_argocd => core/argocd}/base/ha/kustomization.yaml (100%)
 rename {bootstrap/03_argocd => core/argocd}/base/ha/namespace.yaml (100%)
 rename {bootstrap/03_argocd => core/argocd}/base/non-ha/install.yaml (100%)
 rename {bootstrap/03_argocd => core/argocd}/base/non-ha/kustomization.yaml (100%)
 rename {bootstrap/03_argocd => core/argocd}/base/non-ha/namespace.yaml (100%)
 delete mode 100644 core/argocd/kustomization.yaml
 rename {bootstrap/03_argocd/overlays => core/argocd/overlays/prod/appsets}/argocd-github-appsets.yaml (100%)
 rename {bootstrap/03_argocd/overlays => core/argocd/overlays/prod/appsets}/argocd-github-core.yaml (84%)
 create mode 100644 core/argocd/overlays/prod/appsets/kustomization.yaml
 rename {bootstrap/03_argocd/overlays => core/argocd/overlays/prod}/argocd-cm.yaml (100%)
 rename {bootstrap/03_argocd/overlays => core/argocd/overlays/prod}/argocd-cmd-params-cm.yaml (100%)
 rename {bootstrap/03_argocd/overlays => core/argocd/overlays/prod}/argocd-rbac-cm.yaml (100%)
 rename {bootstrap/03_argocd/overlays => core/argocd/overlays/prod}/argocd-ssh-known-hosts-cm.yaml (100%)
 rename {bootstrap/03_argocd => core/argocd/overlays/prod}/certificates/cloudflare-ca-originissuer.yaml (100%)
 rename {bootstrap/03_argocd => core/argocd/overlays/prod}/certificates/ingress-certificate.yaml (100%)
 rename {bootstrap/03_argocd/overlays => core/argocd/overlays/prod}/ingress.yaml.disabled (100%)
 create mode 100644 core/argocd/overlays/prod/kustomization.yaml
 rename {bootstrap/03_argocd => core/argocd/overlays/prod}/op-secrets/argo-secrets.yaml (100%)
 rename {bootstrap/03_argocd => core/argocd/overlays/prod}/op-secrets/dex-githubapp.yaml (100%)
 rename {bootstrap/03_argocd => core/argocd/overlays/prod}/op-secrets/github-repocreds.yaml (100%)
 rename {bootstrap/03_argocd => core/argocd/overlays/prod}/op-secrets/hhouse-cloudflare-api-token-secret_secrets.yaml (100%)
 rename {bootstrap/03_argocd/overlays => core/argocd/overlays/prod/projects}/argocd-project-core.yaml (100%)
 create mode 100644 core/argocd/overlays/prod/projects/kustomization.yaml
 rename {bootstrap/03_argocd => core/argocd}/update-ha.sh (100%)
 rename {bootstrap/03_argocd => core/argocd}/update-nonha.sh (100%)
 rename {bootstrap/01_certmanager => core/cert-manager/overlays/prod}/cloudflare-ca-originissuer.yaml (100%)
 rename {bootstrap/01_certmanager => core/cert-manager/overlays/prod}/hhouse-cloudflare-api-token-secret_secrets.yaml (100%)
 rename {bootstrap/01_certmanager => core/cert-manager/overlays/prod}/hhouse-clusterissuer.yaml (100%)
 rename {bootstrap/01_certmanager => core/cert-manager/overlays/prod}/hhouse-lets-encrypt-priviate-key_secrets.yaml (100%)
 create mode 100644 core/cert-manager/overlays/prod/kustomization.yaml
 rename {bootstrap/01_certmanager => core/cert-manager/overlays/prod}/namespace.yaml (100%)
 create mode 100644 core/cfargotunnel/base/kustomization.yaml
 rename core/cfargotunnel/{base => overlays/prod}/cf-configmap.yaml (100%)
 rename core/cfargotunnel/{ => overlays/prod}/kustomization.yaml (80%)
 rename core/cfargotunnel/{ => overlays/prod}/op-secrets/hhouse-cloudflare-json.yaml (100%)
 rename core/metallb-system/{ => overlays/prod}/addresspool.yaml (100%)
 rename core/metallb-system/{ => overlays/prod}/kustomization.yaml (100%)
 rename core/metallb-system/{ => overlays/prod}/metallb-ingress-service.yaml (100%)
 rename {bootstrap/01a_cloudflareoriginca => core/origin-ca-issuer/overlays/prod}/0-namespace.yaml (100%)
 rename {bootstrap/01a_cloudflareoriginca => core/origin-ca-issuer/overlays/prod}/deployment.yaml (100%)
 create mode 100644 core/origin-ca-issuer/overlays/prod/kustomization.yaml
 rename {bootstrap/01a_cloudflareoriginca => core/origin-ca-issuer/overlays/prod}/role-approver.yaml (100%)
 rename {bootstrap/01a_cloudflareoriginca => core/origin-ca-issuer/overlays/prod}/role-binding.yaml (100%)
 rename {bootstrap/01a_cloudflareoriginca => core/origin-ca-issuer/overlays/prod}/role.yaml (100%)
 rename {bootstrap/01a_cloudflareoriginca => core/origin-ca-issuer/overlays/prod}/serviceaccount.yaml (100%)

diff --git a/bootstrap/00_1password/README.md b/bootstrap/00_1password/README.md
index 0ac13bc..17d3531 100644
--- a/bootstrap/00_1password/README.md
+++ b/bootstrap/00_1password/README.md
@@ -24,5 +24,5 @@ kubectl -n 1password create secret generic onepassword-token --from-literal=toke
 The following is used to apply the bootstrapping for 1password connect.
 
 ```
-kubectl kustomize --enable-helm | kubectl apply -f -
+kubectl kustomize --enable-helm --load-restrictor='LoadRestrictionNone' | kubectl apply -f -
 ```
\ No newline at end of file
diff --git a/bootstrap/00_1password/kustomization.yaml b/bootstrap/00_1password/kustomization.yaml
index 2b6769e..794f63a 100644
--- a/bootstrap/00_1password/kustomization.yaml
+++ b/bootstrap/00_1password/kustomization.yaml
@@ -1,14 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: 1password
 
 resources:
-- namespace.yaml
-
-helmCharts:
-- name: connect
-  includeCRDs: true
-  releaseName: connect
-  version: 1.15.1
-  valuesFile: customvalues.yaml
-  repo: https://1password.github.io/connect-helm-charts
\ No newline at end of file
+- ../../core/1password/overlays/prod
diff --git a/bootstrap/01_certmanager/kustomization.yaml b/bootstrap/01_certmanager/kustomization.yaml
index 6aa3b95..50be7e8 100644
--- a/bootstrap/01_certmanager/kustomization.yaml
+++ b/bootstrap/01_certmanager/kustomization.yaml
@@ -1,12 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-#namespace: cert-manager
-
-bases:
-  - https://github.com/cert-manager/cert-manager/releases/download/v1.15.3/cert-manager.yaml
 
 resources:
-  - hhouse-cloudflare-api-token-secret_secrets.yaml
-  - hhouse-clusterissuer.yaml
-  - hhouse-lets-encrypt-priviate-key_secrets.yaml
-  - cloudflare-ca-originissuer.yaml
\ No newline at end of file
+- ../../core/cert-manager/overlays/prod
diff --git a/bootstrap/01a_cloudflareoriginca/kustomization.yaml b/bootstrap/01a_cloudflareoriginca/kustomization.yaml
index eef4bcc..91bdab3 100644
--- a/bootstrap/01a_cloudflareoriginca/kustomization.yaml
+++ b/bootstrap/01a_cloudflareoriginca/kustomization.yaml
@@ -2,9 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-  - 0-namespace.yaml
-  - https://raw.githubusercontent.com/cloudflare/origin-ca-issuer/v0.9.0/deploy/crds/cert-manager.k8s.cloudflare.com_originissuers.yaml
-  - deployment.yaml
-  - role-approver.yaml
-  - role.yaml
-  - serviceaccount.yaml
+#- overlays/ingress.yaml #ingress is now CFTunnel->Service
+- ../../core/origin-ca-issuer/overlays/prod
diff --git a/bootstrap/03_argocd/kustomization.yaml b/bootstrap/03_argocd/kustomization.yaml
index 4e08d78..73d10b4 100644
--- a/bootstrap/03_argocd/kustomization.yaml
+++ b/bootstrap/03_argocd/kustomization.yaml
@@ -2,24 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 namespace: argocd
-bases:
-  - base/non-ha #non-ha for temp microk8s small cluster
 
 resources:
 #- overlays/ingress.yaml #ingress is now CFTunnel->Service
-- op-secrets/dex-githubapp.yaml
-- op-secrets/github-repocreds.yaml
-- certificates/ingress-certificate.yaml
-- certificates/cloudflare-ca-originissuer.yaml
-- op-secrets/hhouse-cloudflare-api-token-secret_secrets.yaml
-- op-secrets/argo-secrets.yaml
-- overlays/argocd-github-appsets.yaml
-- overlays/argocd-github-core.yaml
-- overlays/argocd-project-core.yaml
-
-
-patchesStrategicMerge:
-  - overlays/argocd-cm.yaml
-  - overlays/argocd-cmd-params-cm.yaml
-  - overlays/argocd-ssh-known-hosts-cm.yaml
-  - overlays/argocd-rbac-cm.yaml
+- ../../core/argocd/overlays/prod
diff --git a/bootstrap/README.md b/bootstrap/README.md
new file mode 100644
index 0000000..3e9def9
--- /dev/null
+++ b/bootstrap/README.md
@@ -0,0 +1,3 @@
+# Bootstrap Process
+
+ `kubectl kustomize --enable-helm --load-restrictor='LoadRestrictionsNone'`
\ No newline at end of file
diff --git a/bootstrap/00_1password/customvalues.yaml b/core/1password/overlays/prod/customvalues.yaml
similarity index 100%
rename from bootstrap/00_1password/customvalues.yaml
rename to core/1password/overlays/prod/customvalues.yaml
diff --git a/core/1password/overlays/prod/kustomization.yaml b/core/1password/overlays/prod/kustomization.yaml
new file mode 100644
index 0000000..2b6769e
--- /dev/null
+++ b/core/1password/overlays/prod/kustomization.yaml
@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: 1password
+
+resources:
+- namespace.yaml
+
+helmCharts:
+- name: connect
+  includeCRDs: true
+  releaseName: connect
+  version: 1.15.1
+  valuesFile: customvalues.yaml
+  repo: https://1password.github.io/connect-helm-charts
\ No newline at end of file
diff --git a/bootstrap/00_1password/namespace.yaml b/core/1password/overlays/prod/namespace.yaml
similarity index 100%
rename from bootstrap/00_1password/namespace.yaml
rename to core/1password/overlays/prod/namespace.yaml
diff --git a/core/argo-rollouts/install.yaml b/core/argo-rollouts/base/install.yaml
similarity index 100%
rename from core/argo-rollouts/install.yaml
rename to core/argo-rollouts/base/install.yaml
diff --git a/core/argo-rollouts/kustomization.yaml b/core/argo-rollouts/overlays/prod/kustomization.yaml
similarity index 78%
rename from core/argo-rollouts/kustomization.yaml
rename to core/argo-rollouts/overlays/prod/kustomization.yaml
index e70aa92..2410fb9 100644
--- a/core/argo-rollouts/kustomization.yaml
+++ b/core/argo-rollouts/overlays/prod/kustomization.yaml
@@ -5,5 +5,4 @@ namespace: argo-rollouts
 
 resources:
 - namespace.yaml
-- install.yaml
-- wf-install.yaml
+- ../../base/install.yaml
diff --git a/core/argo-rollouts/namespace.yaml b/core/argo-rollouts/overlays/prod/namespace.yaml
similarity index 100%
rename from core/argo-rollouts/namespace.yaml
rename to core/argo-rollouts/overlays/prod/namespace.yaml
diff --git a/core/argo-rollouts/update.sh b/core/argo-rollouts/update.sh
index 53181a9..757d0c9 100644
--- a/core/argo-rollouts/update.sh
+++ b/core/argo-rollouts/update.sh
@@ -1,3 +1,3 @@
 #!/bin/sh
 
-wget https://raw.githubusercontent.com/argoproj/argo-rollouts/master/manifests/install.yaml -O install.yaml
\ No newline at end of file
+wget https://raw.githubusercontent.com/argoproj/argo-rollouts/master/manifests/install.yaml -O base/install.yaml
\ No newline at end of file
diff --git a/core/argo-rollouts/wf-install.yaml b/core/argo-workflows/base/wf-install.yaml
similarity index 100%
rename from core/argo-rollouts/wf-install.yaml
rename to core/argo-workflows/base/wf-install.yaml
diff --git a/core/argo-workflows/overlays/prod/kustomization.yaml b/core/argo-workflows/overlays/prod/kustomization.yaml
new file mode 100644
index 0000000..9e14174
--- /dev/null
+++ b/core/argo-workflows/overlays/prod/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: argo-workflows
+
+resources:
+- namespace.yaml
+- ../../base/wf-install.yaml
diff --git a/core/argo-workflows/overlays/prod/namespace.yaml b/core/argo-workflows/overlays/prod/namespace.yaml
new file mode 100644
index 0000000..41f57c3
--- /dev/null
+++ b/core/argo-workflows/overlays/prod/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    operator.1password.io/auto-restart: "true"
+  name: argo-workflows
diff --git a/core/argo-rollouts/workflow-update.sh b/core/argo-workflows/workflow-update.sh
similarity index 77%
rename from core/argo-rollouts/workflow-update.sh
rename to core/argo-workflows/workflow-update.sh
index 0fb972d..b9d0b55 100644
--- a/core/argo-rollouts/workflow-update.sh
+++ b/core/argo-workflows/workflow-update.sh
@@ -1,4 +1,4 @@
 #!/bin/sh
 
 #change the following version string to appropriate version to download
-wget https://github.com/argoproj/argo-workflows/releases/download/v3.4.5/install.yaml -O install.yaml
\ No newline at end of file
+wget https://github.com/argoproj/argo-workflows/releases/download/v3.4.5/install.yaml -O base/install.yaml
\ No newline at end of file
diff --git a/bootstrap/03_argocd/base/ha/ha-install.yaml b/core/argocd/base/ha/ha-install.yaml
similarity index 100%
rename from bootstrap/03_argocd/base/ha/ha-install.yaml
rename to core/argocd/base/ha/ha-install.yaml
diff --git a/bootstrap/03_argocd/base/ha/kustomization.yaml b/core/argocd/base/ha/kustomization.yaml
similarity index 100%
rename from bootstrap/03_argocd/base/ha/kustomization.yaml
rename to core/argocd/base/ha/kustomization.yaml
diff --git a/bootstrap/03_argocd/base/ha/namespace.yaml b/core/argocd/base/ha/namespace.yaml
similarity index 100%
rename from bootstrap/03_argocd/base/ha/namespace.yaml
rename to core/argocd/base/ha/namespace.yaml
diff --git a/bootstrap/03_argocd/base/non-ha/install.yaml b/core/argocd/base/non-ha/install.yaml
similarity index 100%
rename from bootstrap/03_argocd/base/non-ha/install.yaml
rename to core/argocd/base/non-ha/install.yaml
diff --git a/bootstrap/03_argocd/base/non-ha/kustomization.yaml b/core/argocd/base/non-ha/kustomization.yaml
similarity index 100%
rename from bootstrap/03_argocd/base/non-ha/kustomization.yaml
rename to core/argocd/base/non-ha/kustomization.yaml
diff --git a/bootstrap/03_argocd/base/non-ha/namespace.yaml b/core/argocd/base/non-ha/namespace.yaml
similarity index 100%
rename from bootstrap/03_argocd/base/non-ha/namespace.yaml
rename to core/argocd/base/non-ha/namespace.yaml
diff --git a/core/argocd/kustomization.yaml b/core/argocd/kustomization.yaml
deleted file mode 100644
index 4ba144d..0000000
--- a/core/argocd/kustomization.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-- ../../bootstrap/03_argocd
-
-#images:
-#- name: quay.io/argoproj/argocd
-#  newTag: v2.7.6
-#- name: ghcr.io/dexidp/dex
-#  newTag: v2.36.0
-#- name: haproxy
-#  newTag: 2.6.14-alpine
-#- name: redis
-#  newTag: 7.0.11-alpine
\ No newline at end of file
diff --git a/bootstrap/03_argocd/overlays/argocd-github-appsets.yaml b/core/argocd/overlays/prod/appsets/argocd-github-appsets.yaml
similarity index 100%
rename from bootstrap/03_argocd/overlays/argocd-github-appsets.yaml
rename to core/argocd/overlays/prod/appsets/argocd-github-appsets.yaml
diff --git a/bootstrap/03_argocd/overlays/argocd-github-core.yaml b/core/argocd/overlays/prod/appsets/argocd-github-core.yaml
similarity index 84%
rename from bootstrap/03_argocd/overlays/argocd-github-core.yaml
rename to core/argocd/overlays/prod/appsets/argocd-github-core.yaml
index fd57069..4c962c9 100644
--- a/bootstrap/03_argocd/overlays/argocd-github-core.yaml
+++ b/core/argocd/overlays/prod/appsets/argocd-github-core.yaml
@@ -10,10 +10,10 @@ spec:
       repoURL: https://github.com/jmhardison/hhouse-apps.git
       revision: HEAD
       directories:
-      - path: core/*
+      - path: core/*/overlays/prod
   template:
     metadata:
-      name: '{{path.basename}}'
+      name: '{{path[1]}}'
     spec:
       project: core
       source:
@@ -22,4 +22,4 @@ spec:
         path: '{{path}}'
       destination:
         server: https://kubernetes.default.svc
-        namespace: '{{path.basename}}'
\ No newline at end of file
+        namespace: '{{path[1]}}'
\ No newline at end of file
diff --git a/core/argocd/overlays/prod/appsets/kustomization.yaml b/core/argocd/overlays/prod/appsets/kustomization.yaml
new file mode 100644
index 0000000..ae68181
--- /dev/null
+++ b/core/argocd/overlays/prod/appsets/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: argocd
+
+resources:
+- argocd-github-appsets.yaml
+- argocd-github-core.yaml
diff --git a/bootstrap/03_argocd/overlays/argocd-cm.yaml b/core/argocd/overlays/prod/argocd-cm.yaml
similarity index 100%
rename from bootstrap/03_argocd/overlays/argocd-cm.yaml
rename to core/argocd/overlays/prod/argocd-cm.yaml
diff --git a/bootstrap/03_argocd/overlays/argocd-cmd-params-cm.yaml b/core/argocd/overlays/prod/argocd-cmd-params-cm.yaml
similarity index 100%
rename from bootstrap/03_argocd/overlays/argocd-cmd-params-cm.yaml
rename to core/argocd/overlays/prod/argocd-cmd-params-cm.yaml
diff --git a/bootstrap/03_argocd/overlays/argocd-rbac-cm.yaml b/core/argocd/overlays/prod/argocd-rbac-cm.yaml
similarity index 100%
rename from bootstrap/03_argocd/overlays/argocd-rbac-cm.yaml
rename to core/argocd/overlays/prod/argocd-rbac-cm.yaml
diff --git a/bootstrap/03_argocd/overlays/argocd-ssh-known-hosts-cm.yaml b/core/argocd/overlays/prod/argocd-ssh-known-hosts-cm.yaml
similarity index 100%
rename from bootstrap/03_argocd/overlays/argocd-ssh-known-hosts-cm.yaml
rename to core/argocd/overlays/prod/argocd-ssh-known-hosts-cm.yaml
diff --git a/bootstrap/03_argocd/certificates/cloudflare-ca-originissuer.yaml b/core/argocd/overlays/prod/certificates/cloudflare-ca-originissuer.yaml
similarity index 100%
rename from bootstrap/03_argocd/certificates/cloudflare-ca-originissuer.yaml
rename to core/argocd/overlays/prod/certificates/cloudflare-ca-originissuer.yaml
diff --git a/bootstrap/03_argocd/certificates/ingress-certificate.yaml b/core/argocd/overlays/prod/certificates/ingress-certificate.yaml
similarity index 100%
rename from bootstrap/03_argocd/certificates/ingress-certificate.yaml
rename to core/argocd/overlays/prod/certificates/ingress-certificate.yaml
diff --git a/bootstrap/03_argocd/overlays/ingress.yaml.disabled b/core/argocd/overlays/prod/ingress.yaml.disabled
similarity index 100%
rename from bootstrap/03_argocd/overlays/ingress.yaml.disabled
rename to core/argocd/overlays/prod/ingress.yaml.disabled
diff --git a/core/argocd/overlays/prod/kustomization.yaml b/core/argocd/overlays/prod/kustomization.yaml
new file mode 100644
index 0000000..61cff79
--- /dev/null
+++ b/core/argocd/overlays/prod/kustomization.yaml
@@ -0,0 +1,24 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: argocd
+bases:
+  - ../../base/non-ha #non-ha for temp microk8s small cluster
+
+resources:
+#- overlays/ingress.yaml #ingress is now CFTunnel->Service
+- op-secrets/dex-githubapp.yaml
+- op-secrets/github-repocreds.yaml
+- certificates/ingress-certificate.yaml
+- certificates/cloudflare-ca-originissuer.yaml
+- op-secrets/hhouse-cloudflare-api-token-secret_secrets.yaml
+- op-secrets/argo-secrets.yaml
+- appsets/
+- projects/
+
+
+patchesStrategicMerge:
+  - argocd-cm.yaml
+  - argocd-cmd-params-cm.yaml
+  - argocd-ssh-known-hosts-cm.yaml
+  - argocd-rbac-cm.yaml
diff --git a/bootstrap/03_argocd/op-secrets/argo-secrets.yaml b/core/argocd/overlays/prod/op-secrets/argo-secrets.yaml
similarity index 100%
rename from bootstrap/03_argocd/op-secrets/argo-secrets.yaml
rename to core/argocd/overlays/prod/op-secrets/argo-secrets.yaml
diff --git a/bootstrap/03_argocd/op-secrets/dex-githubapp.yaml b/core/argocd/overlays/prod/op-secrets/dex-githubapp.yaml
similarity index 100%
rename from bootstrap/03_argocd/op-secrets/dex-githubapp.yaml
rename to core/argocd/overlays/prod/op-secrets/dex-githubapp.yaml
diff --git a/bootstrap/03_argocd/op-secrets/github-repocreds.yaml b/core/argocd/overlays/prod/op-secrets/github-repocreds.yaml
similarity index 100%
rename from bootstrap/03_argocd/op-secrets/github-repocreds.yaml
rename to core/argocd/overlays/prod/op-secrets/github-repocreds.yaml
diff --git a/bootstrap/03_argocd/op-secrets/hhouse-cloudflare-api-token-secret_secrets.yaml b/core/argocd/overlays/prod/op-secrets/hhouse-cloudflare-api-token-secret_secrets.yaml
similarity index 100%
rename from bootstrap/03_argocd/op-secrets/hhouse-cloudflare-api-token-secret_secrets.yaml
rename to core/argocd/overlays/prod/op-secrets/hhouse-cloudflare-api-token-secret_secrets.yaml
diff --git a/bootstrap/03_argocd/overlays/argocd-project-core.yaml b/core/argocd/overlays/prod/projects/argocd-project-core.yaml
similarity index 100%
rename from bootstrap/03_argocd/overlays/argocd-project-core.yaml
rename to core/argocd/overlays/prod/projects/argocd-project-core.yaml
diff --git a/core/argocd/overlays/prod/projects/kustomization.yaml b/core/argocd/overlays/prod/projects/kustomization.yaml
new file mode 100644
index 0000000..3937741
--- /dev/null
+++ b/core/argocd/overlays/prod/projects/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: argocd
+
+resources:
+- argocd-project-core.yaml
diff --git a/bootstrap/03_argocd/update-ha.sh b/core/argocd/update-ha.sh
similarity index 100%
rename from bootstrap/03_argocd/update-ha.sh
rename to core/argocd/update-ha.sh
diff --git a/bootstrap/03_argocd/update-nonha.sh b/core/argocd/update-nonha.sh
similarity index 100%
rename from bootstrap/03_argocd/update-nonha.sh
rename to core/argocd/update-nonha.sh
diff --git a/bootstrap/01_certmanager/cloudflare-ca-originissuer.yaml b/core/cert-manager/overlays/prod/cloudflare-ca-originissuer.yaml
similarity index 100%
rename from bootstrap/01_certmanager/cloudflare-ca-originissuer.yaml
rename to core/cert-manager/overlays/prod/cloudflare-ca-originissuer.yaml
diff --git a/bootstrap/01_certmanager/hhouse-cloudflare-api-token-secret_secrets.yaml b/core/cert-manager/overlays/prod/hhouse-cloudflare-api-token-secret_secrets.yaml
similarity index 100%
rename from bootstrap/01_certmanager/hhouse-cloudflare-api-token-secret_secrets.yaml
rename to core/cert-manager/overlays/prod/hhouse-cloudflare-api-token-secret_secrets.yaml
diff --git a/bootstrap/01_certmanager/hhouse-clusterissuer.yaml b/core/cert-manager/overlays/prod/hhouse-clusterissuer.yaml
similarity index 100%
rename from bootstrap/01_certmanager/hhouse-clusterissuer.yaml
rename to core/cert-manager/overlays/prod/hhouse-clusterissuer.yaml
diff --git a/bootstrap/01_certmanager/hhouse-lets-encrypt-priviate-key_secrets.yaml b/core/cert-manager/overlays/prod/hhouse-lets-encrypt-priviate-key_secrets.yaml
similarity index 100%
rename from bootstrap/01_certmanager/hhouse-lets-encrypt-priviate-key_secrets.yaml
rename to core/cert-manager/overlays/prod/hhouse-lets-encrypt-priviate-key_secrets.yaml
diff --git a/core/cert-manager/overlays/prod/kustomization.yaml b/core/cert-manager/overlays/prod/kustomization.yaml
new file mode 100644
index 0000000..6aa3b95
--- /dev/null
+++ b/core/cert-manager/overlays/prod/kustomization.yaml
@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+#namespace: cert-manager
+
+bases:
+  - https://github.com/cert-manager/cert-manager/releases/download/v1.15.3/cert-manager.yaml
+
+resources:
+  - hhouse-cloudflare-api-token-secret_secrets.yaml
+  - hhouse-clusterissuer.yaml
+  - hhouse-lets-encrypt-priviate-key_secrets.yaml
+  - cloudflare-ca-originissuer.yaml
\ No newline at end of file
diff --git a/bootstrap/01_certmanager/namespace.yaml b/core/cert-manager/overlays/prod/namespace.yaml
similarity index 100%
rename from bootstrap/01_certmanager/namespace.yaml
rename to core/cert-manager/overlays/prod/namespace.yaml
diff --git a/core/cfargotunnel/base/kustomization.yaml b/core/cfargotunnel/base/kustomization.yaml
new file mode 100644
index 0000000..80ff353
--- /dev/null
+++ b/core/cfargotunnel/base/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: cfargotunnel
+
+resources:
+  - deployment.yaml
+  - namespace.yaml
+
diff --git a/core/cfargotunnel/base/cf-configmap.yaml b/core/cfargotunnel/overlays/prod/cf-configmap.yaml
similarity index 100%
rename from core/cfargotunnel/base/cf-configmap.yaml
rename to core/cfargotunnel/overlays/prod/cf-configmap.yaml
diff --git a/core/cfargotunnel/kustomization.yaml b/core/cfargotunnel/overlays/prod/kustomization.yaml
similarity index 80%
rename from core/cfargotunnel/kustomization.yaml
rename to core/cfargotunnel/overlays/prod/kustomization.yaml
index a33fb4c..4b6b4de 100644
--- a/core/cfargotunnel/kustomization.yaml
+++ b/core/cfargotunnel/overlays/prod/kustomization.yaml
@@ -3,9 +3,8 @@ kind: Kustomization
 namespace: cfargotunnel
 
 resources:
-  - base/deployment.yaml
-  - base/cf-configmap.yaml
-  - base/namespace.yaml
+  - ../../base/deployment.yaml
+  - cf-configmap.yaml
   - op-secrets/hhouse-cloudflare-json.yaml
 
 #get latest versions from https://github.com/cloudflare/cloudflared/releases
diff --git a/core/cfargotunnel/op-secrets/hhouse-cloudflare-json.yaml b/core/cfargotunnel/overlays/prod/op-secrets/hhouse-cloudflare-json.yaml
similarity index 100%
rename from core/cfargotunnel/op-secrets/hhouse-cloudflare-json.yaml
rename to core/cfargotunnel/overlays/prod/op-secrets/hhouse-cloudflare-json.yaml
diff --git a/core/metallb-system/addresspool.yaml b/core/metallb-system/overlays/prod/addresspool.yaml
similarity index 100%
rename from core/metallb-system/addresspool.yaml
rename to core/metallb-system/overlays/prod/addresspool.yaml
diff --git a/core/metallb-system/kustomization.yaml b/core/metallb-system/overlays/prod/kustomization.yaml
similarity index 100%
rename from core/metallb-system/kustomization.yaml
rename to core/metallb-system/overlays/prod/kustomization.yaml
diff --git a/core/metallb-system/metallb-ingress-service.yaml b/core/metallb-system/overlays/prod/metallb-ingress-service.yaml
similarity index 100%
rename from core/metallb-system/metallb-ingress-service.yaml
rename to core/metallb-system/overlays/prod/metallb-ingress-service.yaml
diff --git a/bootstrap/01a_cloudflareoriginca/0-namespace.yaml b/core/origin-ca-issuer/overlays/prod/0-namespace.yaml
similarity index 100%
rename from bootstrap/01a_cloudflareoriginca/0-namespace.yaml
rename to core/origin-ca-issuer/overlays/prod/0-namespace.yaml
diff --git a/bootstrap/01a_cloudflareoriginca/deployment.yaml b/core/origin-ca-issuer/overlays/prod/deployment.yaml
similarity index 100%
rename from bootstrap/01a_cloudflareoriginca/deployment.yaml
rename to core/origin-ca-issuer/overlays/prod/deployment.yaml
diff --git a/core/origin-ca-issuer/overlays/prod/kustomization.yaml b/core/origin-ca-issuer/overlays/prod/kustomization.yaml
new file mode 100644
index 0000000..eef4bcc
--- /dev/null
+++ b/core/origin-ca-issuer/overlays/prod/kustomization.yaml
@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - 0-namespace.yaml
+  - https://raw.githubusercontent.com/cloudflare/origin-ca-issuer/v0.9.0/deploy/crds/cert-manager.k8s.cloudflare.com_originissuers.yaml
+  - deployment.yaml
+  - role-approver.yaml
+  - role.yaml
+  - serviceaccount.yaml
diff --git a/bootstrap/01a_cloudflareoriginca/role-approver.yaml b/core/origin-ca-issuer/overlays/prod/role-approver.yaml
similarity index 100%
rename from bootstrap/01a_cloudflareoriginca/role-approver.yaml
rename to core/origin-ca-issuer/overlays/prod/role-approver.yaml
diff --git a/bootstrap/01a_cloudflareoriginca/role-binding.yaml b/core/origin-ca-issuer/overlays/prod/role-binding.yaml
similarity index 100%
rename from bootstrap/01a_cloudflareoriginca/role-binding.yaml
rename to core/origin-ca-issuer/overlays/prod/role-binding.yaml
diff --git a/bootstrap/01a_cloudflareoriginca/role.yaml b/core/origin-ca-issuer/overlays/prod/role.yaml
similarity index 100%
rename from bootstrap/01a_cloudflareoriginca/role.yaml
rename to core/origin-ca-issuer/overlays/prod/role.yaml
diff --git a/bootstrap/01a_cloudflareoriginca/serviceaccount.yaml b/core/origin-ca-issuer/overlays/prod/serviceaccount.yaml
similarity index 100%
rename from bootstrap/01a_cloudflareoriginca/serviceaccount.yaml
rename to core/origin-ca-issuer/overlays/prod/serviceaccount.yaml