use example
ci / build (push) Successful in 8s Details

This commit is contained in:
CJ_Clippy 2024-04-26 16:38:51 +00:00
parent 598361c695
commit 1f234f6cc1
30 changed files with 171 additions and 10005 deletions

View File

@ -4,4 +4,4 @@ namespace: podinfo
resources: resources:
- namespace.yaml - namespace.yaml
- repository.yaml - repository.yaml
- release.yaml - release.yaml

View File

@ -1,4 +1,6 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: podinfo name: podinfo
labels:
toolkit.fluxcd.io/tenant: dev-team

View File

@ -24,4 +24,4 @@ spec:
tag: 7.0.6 tag: 7.0.6
ingress: ingress:
enabled: true enabled: true
className: nginx className: nginx

View File

@ -1,6 +1,8 @@
apiVersion: v1 apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: Namespace kind: HelmRepository
metadata: metadata:
name: podinfo name: podinfo
labels: namespace: podinfo
toolkit.fluxcd.io/tenant: dev-team spec:
interval: 5m
url: https://stefanprodan.github.io/podinfo

View File

@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: windmill
resources:
- windmill.yaml

View File

@ -1,95 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: windmill
namespace: default
spec:
interval: 10m
url: https://windmill-labs.github.io/windmill-helm-charts
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: windmill
namespace: default
spec:
interval: 60m
chart:
spec:
chart: windmill
version: "2.0.170"
sourceRef:
kind: HelmRepository
name: windmill
values:
windmill:
# domain as shown in browser, this is used together with `baseProtocol` as part of the BASE_URL environment variable in app and worker container and in the ingress resource, if enabled
baseDomain: windmill2.sbtp.xyz
baseProtocol: https
# postgres URI, pods will crashloop if database is unreachable, sets DATABASE_URL environment variable in app and worker container
databaseUrl: postgres://postgres:windmill@windmill-postgresql/windmill?sslmode=disable
# replica for the application app
appReplicas: 2
# replicas for the workers, jobs are executed on the workers
lspReplicas: 2
workerGroups:
# The default worker group is the one that will execute jobs with any taggs except the native ones. Windmill has a default worker group configuration for it
- name: "default"
replicas: 3
# -- Annotations to apply to the pods
annotations: {}
# -- Labels to apply to the pods
labels: {}
# -- Node selector to use for scheduling the pods
nodeSelector: {}
# -- Tolerations to apply to the pods
tolerations: []
# -- Affinity rules to apply to the pods
affinity: {}
# -- Resource limits and requests for the pods
resources:
requests:
memory: "1028Mi"
cpu: "500m"
limits:
memory: "2048Mi"
cpu: "1000m"
# -- Extra environment variables to apply to the pods
extraEnv: []
# -- Extra sidecar containers
extraContainers: []
# -- Mode for workers, defaults to "worker" - alternative "agent" requires Enterprise license
mode: "worker"
# Thenative worker group will only execute native jobs. Windmill has a default worker group configuration for it
- name: "native"
replicas: 4
# -- Resource limits and requests for the pods
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"
# -- Extra environment variables to apply to the pods
extraEnv: []
# -- Extra sidecar containers
extraContainers: []
# -- Mode for workers, defaults to "worker" - alternative "agent" requires Enterprise license
mode: "worker"
- name: "gpu"
replicas: 0
# Use those to override the tag or image used for the app and worker containers. Windmill uses the same image for both.
# By default, if enterprise is enable, the image is set to ghcr.io/windmill-labs/windmill-ee, otherwise the image is set to ghcr.io/windmill-labs/windmill
#tag: "mytag"
#image: "ghcr.io/windmill-labs/windmill"
# enable postgres (bitnami) on kubernetes
postgresql:
enabled: true
# enable minio (bitnami) on kubernetes
minio:
enabled: false
ingress:
enabled: false
enterprise:
enable: false

View File

@ -1,24 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: futureporn
namespace: futureporn
spec:
chart:
spec:
version: ">=1.0.0"
values:
storageClassName: vultr-block-storage-hdd
link2cid:
containerName: gitea.futureporn.net/futureporn/link2cid:latest
next:
containerName: sjc.vultrcr.com/fpcontainers/next
strapi:
containerName: sjc.vultrcr.com/fpcontainers/strapi
port: 1337
url: https://portal.futureporn.net
managedBy: Helm
extraArgs:
- --dns01-recursive-nameservers-only
- --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53

View File

@ -1,8 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ../base/futureporn - ../base/podinfo
patches: patches:
- path: futureporn-values.yaml - path: podinfo-values.yaml
target: target:
kind: HelmRelease kind: HelmRelease

View File

@ -0,0 +1,16 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: podinfo
namespace: podinfo
spec:
chart:
spec:
version: ">=1.0.0"
values:
ingress:
hosts:
- host: podinfo.production
paths:
- path: /
pathType: ImplementationSpecific

View File

@ -1,4 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: podinfo
resources: resources:
- ../base/futureporn - ../base/podinfo
patches:
- path: podinfo-values.yaml
target:
kind: HelmRelease

View File

@ -0,0 +1,18 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: podinfo
namespace: podinfo
spec:
chart:
spec:
version: ">=1.0.0-alpha"
test:
enable: false
values:
ingress:
hosts:
- host: podinfo.staging
paths:
- path: /
pathType: ImplementationSpecific

View File

@ -14,4 +14,4 @@ spec:
path: ./apps/production path: ./apps/production
prune: true prune: true
wait: true wait: true
timeout: 5m0s timeout: 5m0s

File diff suppressed because it is too large Load Diff

View File

@ -1,27 +1 @@
# This manifest was generated by flux. DO NOT EDIT. # This file will be generated automatically by flux boostrap.
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 1m0s
ref:
branch: main
secretRef:
name: flux-system
url: ssh://git@gitea.futureporn.net:2222/futureporn/fp
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 10m0s
path: ./clusters/production
prune: true
sourceRef:
kind: GitRepository
name: flux-system

View File

@ -1,5 +1,19 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- gotk-components.yaml - gotk-components.yaml
- gotk-sync.yaml - gotk-sync.yaml
labels:
- pairs:
toolkit.fluxcd.io/tenant: sre-team
patches:
- patch: |
- op: add
path: /spec/template/spec/containers/0/args/-
value: --concurrent=20
- op: add
path: /spec/template/spec/containers/0/args/-
value: --requeue-dependency=5s
target:
kind: Deployment
name: "(kustomize-controller|helm-controller|source-controller)"

View File

@ -31,3 +31,11 @@ spec:
name: flux-system name: flux-system
path: ./infrastructure/configs path: ./infrastructure/configs
prune: true prune: true
patches:
- patch: |
- op: replace
path: /spec/acme/server
value: https://acme-v02.api.letsencrypt.org/directory
target:
kind: ClusterIssuer
name: letsencrypt

View File

@ -0,0 +1,16 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: apps
namespace: flux-system
spec:
interval: 10m0s
dependsOn:
- name: infra-configs
sourceRef:
kind: GitRepository
name: flux-system
path: ./apps/staging
prune: true
wait: true
timeout: 5m0s

View File

@ -0,0 +1 @@
# This file will be generated automatically by flux boostrap.

View File

@ -0,0 +1 @@
# This file will be generated automatically by flux boostrap.

View File

@ -0,0 +1,19 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- gotk-components.yaml
- gotk-sync.yaml
labels:
- pairs:
toolkit.fluxcd.io/tenant: sre-team
patches:
- patch: |
- op: add
path: /spec/template/spec/containers/0/args/-
value: --concurrent=20
- op: add
path: /spec/template/spec/containers/0/args/-
value: --requeue-dependency=5s
target:
kind: Deployment
name: "(kustomize-controller|helm-controller|source-controller)"

View File

@ -0,0 +1,41 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: infra-controllers
namespace: flux-system
spec:
interval: 1h
retryInterval: 1m
timeout: 5m
sourceRef:
kind: GitRepository
name: flux-system
path: ./infrastructure/controllers
prune: true
wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: infra-configs
namespace: flux-system
spec:
dependsOn:
- name: infra-controllers
interval: 1h
retryInterval: 1m
timeout: 5m
sourceRef:
kind: GitRepository
name: flux-system
path: ./infrastructure/configs
prune: true
patches:
- patch: |
- op: replace
path: /spec/acme/server
value: https://acme-staging-v02.api.letsencrypt.org/directory
target:
kind: ClusterIssuer
name: letsencrypt

View File

@ -2,44 +2,16 @@
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: ClusterIssuer kind: ClusterIssuer
metadata: metadata:
name: letsencrypt-prod name: letsencrypt
spec: spec:
acme: acme:
# server: https://acme-staging-v02.api.letsencrypt.org/directory # Replace the email address with your own contact email
server: https://acme-v02.api.letsencrypt.org/directory email: fluxcdbot@users.noreply.github.com
email: cj@futureporn.net # The server is replaced in /clusters/production/infrastructure.yaml
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- dns01:
webhook:
groupName: acme.vultr.com
solverName: vultr
config:
apiKeySecretRef:
key: apiKey
name: vultr
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
# You must replace this email address with your own.
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: cj@futureporn.net
server: https://acme-staging-v02.api.letsencrypt.org/directory server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef: privateKeySecretRef:
# Secret resource that will be used to store the account's private key. name: letsencrypt-nginx
name: letsencrypt-staging
solvers: solvers:
- dns01: - http01:
webhook: ingress:
groupName: acme.vultr.com class: nginx
solverName: vultr
config:
apiKeySecretRef:
key: apiKey
name: vultr-credentials

View File

@ -1,4 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- cluster-issuers.yaml - cluster-issuers.yaml

View File

@ -1,25 +0,0 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: vultr
namespace: cert-manager
spec:
interval: 1m
url: https://vultr.github.io/helm-charts
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: cert-manager-webhook-vultr
namespace: cert-manager
spec:
interval: 60m
chart:
spec:
chart: cert-manager-webhook-vultr
version: "1.0.0"
sourceRef:
kind: HelmRepository
name: vultr

View File

@ -32,4 +32,4 @@ spec:
namespace: cert-manager namespace: cert-manager
interval: 12h interval: 12h
values: values:
installCRDs: true installCRDs: true

View File

@ -1,69 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-dns
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-dns
rules:
- apiGroups: [""]
resources: ["services","endpoints","pods"]
verbs: ["get","watch","list"]
- apiGroups: ["extensions","networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get","watch","list"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-dns
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: external-dns
template:
metadata:
labels:
app: external-dns
spec:
serviceAccountName: external-dns
containers:
- name: external-dns
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
image: registry.k8s.io/external-dns/external-dns:v0.14.1
args:
- --source=ingress
- --domain-filter=sbtp.xyz
- --provider=vultr
env:
- name: VULTR_API_KEY
valueFrom:
secretKeyRef:
name: vultr
key: apiKey

View File

@ -36,4 +36,4 @@ spec:
service: service:
type: "NodePort" type: "NodePort"
admissionWebhooks: admissionWebhooks:
enabled: false enabled: false

View File

@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- cert-manager.yaml - cert-manager.yaml
- ingress-nginx.yaml - ingress-nginx.yaml

View File

@ -1,25 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: cert-manager-webhook-vultr-secret-reader
namespace: cert-manager
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: cert-manager-webhook-vultr-secret-reader-binding
namespace: cert-manager
subjects:
- kind: ServiceAccount
name: cert-manager-webhook-vultr
namespace: cert-manager
roleRef:
kind: Role
name: cert-manager-webhook-vultr-secret-reader
apiGroup: rbac.authorization.k8s.io