use example
ci / build (push) Successful in 8s
Details
ci / build (push) Successful in 8s
Details
This commit is contained in:
parent
598361c695
commit
1f234f6cc1
|
@ -2,3 +2,5 @@ apiVersion: v1
|
||||||
kind: Namespace
|
kind: Namespace
|
||||||
metadata:
|
metadata:
|
||||||
name: podinfo
|
name: podinfo
|
||||||
|
labels:
|
||||||
|
toolkit.fluxcd.io/tenant: dev-team
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
apiVersion: v1
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
kind: Namespace
|
kind: HelmRepository
|
||||||
metadata:
|
metadata:
|
||||||
name: podinfo
|
name: podinfo
|
||||||
labels:
|
namespace: podinfo
|
||||||
toolkit.fluxcd.io/tenant: dev-team
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
url: https://stefanprodan.github.io/podinfo
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
namespace: windmill
|
|
||||||
resources:
|
|
||||||
- windmill.yaml
|
|
|
@ -1,95 +0,0 @@
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
|
||||||
kind: HelmRepository
|
|
||||||
metadata:
|
|
||||||
name: windmill
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
interval: 10m
|
|
||||||
url: https://windmill-labs.github.io/windmill-helm-charts
|
|
||||||
---
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: windmill
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
interval: 60m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: windmill
|
|
||||||
version: "2.0.170"
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: windmill
|
|
||||||
values:
|
|
||||||
windmill:
|
|
||||||
# domain as shown in browser, this is used together with `baseProtocol` as part of the BASE_URL environment variable in app and worker container and in the ingress resource, if enabled
|
|
||||||
baseDomain: windmill2.sbtp.xyz
|
|
||||||
baseProtocol: https
|
|
||||||
# postgres URI, pods will crashloop if database is unreachable, sets DATABASE_URL environment variable in app and worker container
|
|
||||||
databaseUrl: postgres://postgres:windmill@windmill-postgresql/windmill?sslmode=disable
|
|
||||||
# replica for the application app
|
|
||||||
appReplicas: 2
|
|
||||||
# replicas for the workers, jobs are executed on the workers
|
|
||||||
lspReplicas: 2
|
|
||||||
workerGroups:
|
|
||||||
# The default worker group is the one that will execute jobs with any taggs except the native ones. Windmill has a default worker group configuration for it
|
|
||||||
- name: "default"
|
|
||||||
replicas: 3
|
|
||||||
# -- Annotations to apply to the pods
|
|
||||||
annotations: {}
|
|
||||||
# -- Labels to apply to the pods
|
|
||||||
labels: {}
|
|
||||||
# -- Node selector to use for scheduling the pods
|
|
||||||
nodeSelector: {}
|
|
||||||
# -- Tolerations to apply to the pods
|
|
||||||
tolerations: []
|
|
||||||
# -- Affinity rules to apply to the pods
|
|
||||||
affinity: {}
|
|
||||||
# -- Resource limits and requests for the pods
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
memory: "1028Mi"
|
|
||||||
cpu: "500m"
|
|
||||||
limits:
|
|
||||||
memory: "2048Mi"
|
|
||||||
cpu: "1000m"
|
|
||||||
# -- Extra environment variables to apply to the pods
|
|
||||||
extraEnv: []
|
|
||||||
# -- Extra sidecar containers
|
|
||||||
extraContainers: []
|
|
||||||
# -- Mode for workers, defaults to "worker" - alternative "agent" requires Enterprise license
|
|
||||||
mode: "worker"
|
|
||||||
# Thenative worker group will only execute native jobs. Windmill has a default worker group configuration for it
|
|
||||||
- name: "native"
|
|
||||||
replicas: 4
|
|
||||||
# -- Resource limits and requests for the pods
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
memory: "128Mi"
|
|
||||||
cpu: "100m"
|
|
||||||
limits:
|
|
||||||
memory: "256Mi"
|
|
||||||
cpu: "200m"
|
|
||||||
# -- Extra environment variables to apply to the pods
|
|
||||||
extraEnv: []
|
|
||||||
# -- Extra sidecar containers
|
|
||||||
extraContainers: []
|
|
||||||
# -- Mode for workers, defaults to "worker" - alternative "agent" requires Enterprise license
|
|
||||||
mode: "worker"
|
|
||||||
- name: "gpu"
|
|
||||||
replicas: 0
|
|
||||||
# Use those to override the tag or image used for the app and worker containers. Windmill uses the same image for both.
|
|
||||||
# By default, if enterprise is enable, the image is set to ghcr.io/windmill-labs/windmill-ee, otherwise the image is set to ghcr.io/windmill-labs/windmill
|
|
||||||
#tag: "mytag"
|
|
||||||
#image: "ghcr.io/windmill-labs/windmill"
|
|
||||||
# enable postgres (bitnami) on kubernetes
|
|
||||||
postgresql:
|
|
||||||
enabled: true
|
|
||||||
# enable minio (bitnami) on kubernetes
|
|
||||||
minio:
|
|
||||||
enabled: false
|
|
||||||
ingress:
|
|
||||||
enabled: false
|
|
||||||
enterprise:
|
|
||||||
enable: false
|
|
|
@ -1,24 +0,0 @@
|
||||||
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: futureporn
|
|
||||||
namespace: futureporn
|
|
||||||
spec:
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
version: ">=1.0.0"
|
|
||||||
values:
|
|
||||||
storageClassName: vultr-block-storage-hdd
|
|
||||||
link2cid:
|
|
||||||
containerName: gitea.futureporn.net/futureporn/link2cid:latest
|
|
||||||
next:
|
|
||||||
containerName: sjc.vultrcr.com/fpcontainers/next
|
|
||||||
strapi:
|
|
||||||
containerName: sjc.vultrcr.com/fpcontainers/strapi
|
|
||||||
port: 1337
|
|
||||||
url: https://portal.futureporn.net
|
|
||||||
managedBy: Helm
|
|
||||||
extraArgs:
|
|
||||||
- --dns01-recursive-nameservers-only
|
|
||||||
- --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
|
|
|
@ -1,8 +1,8 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ../base/futureporn
|
- ../base/podinfo
|
||||||
patches:
|
patches:
|
||||||
- path: futureporn-values.yaml
|
- path: podinfo-values.yaml
|
||||||
target:
|
target:
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
|
@ -0,0 +1,16 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: podinfo
|
||||||
|
namespace: podinfo
|
||||||
|
spec:
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
version: ">=1.0.0"
|
||||||
|
values:
|
||||||
|
ingress:
|
||||||
|
hosts:
|
||||||
|
- host: podinfo.production
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: ImplementationSpecific
|
|
@ -1,4 +1,9 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
namespace: podinfo
|
||||||
resources:
|
resources:
|
||||||
- ../base/futureporn
|
- ../base/podinfo
|
||||||
|
patches:
|
||||||
|
- path: podinfo-values.yaml
|
||||||
|
target:
|
||||||
|
kind: HelmRelease
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: podinfo
|
||||||
|
namespace: podinfo
|
||||||
|
spec:
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
version: ">=1.0.0-alpha"
|
||||||
|
test:
|
||||||
|
enable: false
|
||||||
|
values:
|
||||||
|
ingress:
|
||||||
|
hosts:
|
||||||
|
- host: podinfo.staging
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: ImplementationSpecific
|
File diff suppressed because it is too large
Load Diff
|
@ -1,27 +1 @@
|
||||||
# This manifest was generated by flux. DO NOT EDIT.
|
# This file will be generated automatically by flux boostrap.
|
||||||
---
|
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1
|
|
||||||
kind: GitRepository
|
|
||||||
metadata:
|
|
||||||
name: flux-system
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
interval: 1m0s
|
|
||||||
ref:
|
|
||||||
branch: main
|
|
||||||
secretRef:
|
|
||||||
name: flux-system
|
|
||||||
url: ssh://git@gitea.futureporn.net:2222/futureporn/fp
|
|
||||||
---
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: flux-system
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
interval: 10m0s
|
|
||||||
path: ./clusters/production
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: flux-system
|
|
||||||
|
|
|
@ -1,5 +1,19 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- gotk-components.yaml
|
- gotk-components.yaml
|
||||||
- gotk-sync.yaml
|
- gotk-sync.yaml
|
||||||
|
labels:
|
||||||
|
- pairs:
|
||||||
|
toolkit.fluxcd.io/tenant: sre-team
|
||||||
|
patches:
|
||||||
|
- patch: |
|
||||||
|
- op: add
|
||||||
|
path: /spec/template/spec/containers/0/args/-
|
||||||
|
value: --concurrent=20
|
||||||
|
- op: add
|
||||||
|
path: /spec/template/spec/containers/0/args/-
|
||||||
|
value: --requeue-dependency=5s
|
||||||
|
target:
|
||||||
|
kind: Deployment
|
||||||
|
name: "(kustomize-controller|helm-controller|source-controller)"
|
||||||
|
|
|
@ -31,3 +31,11 @@ spec:
|
||||||
name: flux-system
|
name: flux-system
|
||||||
path: ./infrastructure/configs
|
path: ./infrastructure/configs
|
||||||
prune: true
|
prune: true
|
||||||
|
patches:
|
||||||
|
- patch: |
|
||||||
|
- op: replace
|
||||||
|
path: /spec/acme/server
|
||||||
|
value: https://acme-v02.api.letsencrypt.org/directory
|
||||||
|
target:
|
||||||
|
kind: ClusterIssuer
|
||||||
|
name: letsencrypt
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: apps
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
dependsOn:
|
||||||
|
- name: infra-configs
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
path: ./apps/staging
|
||||||
|
prune: true
|
||||||
|
wait: true
|
||||||
|
timeout: 5m0s
|
|
@ -0,0 +1 @@
|
||||||
|
# This file will be generated automatically by flux boostrap.
|
|
@ -0,0 +1 @@
|
||||||
|
# This file will be generated automatically by flux boostrap.
|
|
@ -0,0 +1,19 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- gotk-components.yaml
|
||||||
|
- gotk-sync.yaml
|
||||||
|
labels:
|
||||||
|
- pairs:
|
||||||
|
toolkit.fluxcd.io/tenant: sre-team
|
||||||
|
patches:
|
||||||
|
- patch: |
|
||||||
|
- op: add
|
||||||
|
path: /spec/template/spec/containers/0/args/-
|
||||||
|
value: --concurrent=20
|
||||||
|
- op: add
|
||||||
|
path: /spec/template/spec/containers/0/args/-
|
||||||
|
value: --requeue-dependency=5s
|
||||||
|
target:
|
||||||
|
kind: Deployment
|
||||||
|
name: "(kustomize-controller|helm-controller|source-controller)"
|
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: infra-controllers
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 1h
|
||||||
|
retryInterval: 1m
|
||||||
|
timeout: 5m
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
path: ./infrastructure/controllers
|
||||||
|
prune: true
|
||||||
|
wait: true
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: infra-configs
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
dependsOn:
|
||||||
|
- name: infra-controllers
|
||||||
|
interval: 1h
|
||||||
|
retryInterval: 1m
|
||||||
|
timeout: 5m
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
path: ./infrastructure/configs
|
||||||
|
prune: true
|
||||||
|
patches:
|
||||||
|
- patch: |
|
||||||
|
- op: replace
|
||||||
|
path: /spec/acme/server
|
||||||
|
value: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
|
target:
|
||||||
|
kind: ClusterIssuer
|
||||||
|
name: letsencrypt
|
|
@ -2,44 +2,16 @@
|
||||||
apiVersion: cert-manager.io/v1
|
apiVersion: cert-manager.io/v1
|
||||||
kind: ClusterIssuer
|
kind: ClusterIssuer
|
||||||
metadata:
|
metadata:
|
||||||
name: letsencrypt-prod
|
name: letsencrypt
|
||||||
spec:
|
spec:
|
||||||
acme:
|
acme:
|
||||||
# server: https://acme-staging-v02.api.letsencrypt.org/directory
|
# Replace the email address with your own contact email
|
||||||
server: https://acme-v02.api.letsencrypt.org/directory
|
email: fluxcdbot@users.noreply.github.com
|
||||||
email: cj@futureporn.net
|
# The server is replaced in /clusters/production/infrastructure.yaml
|
||||||
privateKeySecretRef:
|
|
||||||
name: letsencrypt-prod
|
|
||||||
solvers:
|
|
||||||
- dns01:
|
|
||||||
webhook:
|
|
||||||
groupName: acme.vultr.com
|
|
||||||
solverName: vultr
|
|
||||||
config:
|
|
||||||
apiKeySecretRef:
|
|
||||||
key: apiKey
|
|
||||||
name: vultr
|
|
||||||
---
|
|
||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: ClusterIssuer
|
|
||||||
metadata:
|
|
||||||
name: letsencrypt-staging
|
|
||||||
spec:
|
|
||||||
acme:
|
|
||||||
# You must replace this email address with your own.
|
|
||||||
# Let's Encrypt will use this to contact you about expiring
|
|
||||||
# certificates, and issues related to your account.
|
|
||||||
email: cj@futureporn.net
|
|
||||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
privateKeySecretRef:
|
privateKeySecretRef:
|
||||||
# Secret resource that will be used to store the account's private key.
|
name: letsencrypt-nginx
|
||||||
name: letsencrypt-staging
|
|
||||||
solvers:
|
solvers:
|
||||||
- dns01:
|
- http01:
|
||||||
webhook:
|
ingress:
|
||||||
groupName: acme.vultr.com
|
class: nginx
|
||||||
solverName: vultr
|
|
||||||
config:
|
|
||||||
apiKeySecretRef:
|
|
||||||
key: apiKey
|
|
||||||
name: vultr-credentials
|
|
||||||
|
|
|
@ -1,25 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
|
||||||
kind: HelmRepository
|
|
||||||
metadata:
|
|
||||||
name: vultr
|
|
||||||
namespace: cert-manager
|
|
||||||
spec:
|
|
||||||
interval: 1m
|
|
||||||
url: https://vultr.github.io/helm-charts
|
|
||||||
|
|
||||||
---
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: cert-manager-webhook-vultr
|
|
||||||
namespace: cert-manager
|
|
||||||
spec:
|
|
||||||
interval: 60m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: cert-manager-webhook-vultr
|
|
||||||
version: "1.0.0"
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: vultr
|
|
|
@ -1,69 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
name: external-dns
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: external-dns
|
|
||||||
rules:
|
|
||||||
- apiGroups: [""]
|
|
||||||
resources: ["services","endpoints","pods"]
|
|
||||||
verbs: ["get","watch","list"]
|
|
||||||
- apiGroups: ["extensions","networking.k8s.io"]
|
|
||||||
resources: ["ingresses"]
|
|
||||||
verbs: ["get","watch","list"]
|
|
||||||
- apiGroups: [""]
|
|
||||||
resources: ["nodes"]
|
|
||||||
verbs: ["list"]
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: external-dns-viewer
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: external-dns
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: external-dns
|
|
||||||
namespace: default
|
|
||||||
---
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: external-dns
|
|
||||||
spec:
|
|
||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: external-dns
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: external-dns
|
|
||||||
spec:
|
|
||||||
serviceAccountName: external-dns
|
|
||||||
containers:
|
|
||||||
- name: external-dns
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
memory: "64Mi"
|
|
||||||
cpu: "250m"
|
|
||||||
limits:
|
|
||||||
memory: "128Mi"
|
|
||||||
cpu: "500m"
|
|
||||||
image: registry.k8s.io/external-dns/external-dns:v0.14.1
|
|
||||||
args:
|
|
||||||
- --source=ingress
|
|
||||||
- --domain-filter=sbtp.xyz
|
|
||||||
- --provider=vultr
|
|
||||||
env:
|
|
||||||
- name: VULTR_API_KEY
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: vultr
|
|
||||||
key: apiKey
|
|
|
@ -1,25 +0,0 @@
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: Role
|
|
||||||
metadata:
|
|
||||||
name: cert-manager-webhook-vultr-secret-reader
|
|
||||||
namespace: cert-manager
|
|
||||||
rules:
|
|
||||||
- apiGroups: [""]
|
|
||||||
resources: ["secrets"]
|
|
||||||
verbs: ["get", "watch", "list"]
|
|
||||||
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
name: cert-manager-webhook-vultr-secret-reader-binding
|
|
||||||
namespace: cert-manager
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: cert-manager-webhook-vultr
|
|
||||||
namespace: cert-manager
|
|
||||||
roleRef:
|
|
||||||
kind: Role
|
|
||||||
name: cert-manager-webhook-vultr-secret-reader
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
|
|
Loading…
Reference in New Issue