fluxcd : adding repo example with some apps

fluxcd/repo/apps/base/http-broadcaster/app/hr-http-broadcaster.yaml

@@ -0,0 +1,122 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: http-broadcaster
+spec:
+  chart:
+    spec:
+      chart: myChart
+      reconcileStrategy: ChartVersion
+      version: "2.x.x"
+      sourceRef:
+        kind: HelmRepository
+        name: myChart
+        namespace: infrastructure
+  interval: 10m0s
+  values:
+    environment:
+    fullnameOverride: "http-broadcaster"
+
+    app:
+      name: "app"
+
+      image:
+        repository: gitlabregistry.example.com/infrastructure/http-broadcaster
+        pullPolicy: IfNotPresent
+        tag:
+
+      labels:
+        technology: "go"
+        role: "api"
+
+      resources:
+        requests:
+          memory: 64Mi
+          cpu: 200m
+        limits:
+          memory: 64Mi
+          cpu: 400m
+
+      containerPort:
+        broadcaster: 6081
+
+      readinessProbe:
+        exec:
+          command:
+            - curl
+            - -f
+            - -L
+            - -m
+            - "5"
+            - "127.0.0.1:6081/healthcheck"
+
+      livenessProbe:
+        exec:
+          command:
+            - curl
+            - -f
+            - -L
+            - -m
+            - "5"
+            - "127.0.0.1:6081/healthcheck"
+
+      command:
+        - "/bin/sh"
+        - "-c"
+        - "[ -f /vault/secrets/.env ] && http-broadcaster --metrics"
+
+      lifecycle: {}
+
+      securityContext:
+        capabilities:
+          drop:
+            - ALL
+        allowPrivilegeEscalation: false
+        runAsNonRoot: true
+        runAsUser: 1000
+        seccompProfile:
+          type: RuntimeDefault
+
+    # Generic sidecars
+    nginx:
+      enabled: false
+
+    fpmExporter:
+      enabled: false
+
+    elasticAgent:
+      enabled: false
+
+    logrotate:
+      enabled: false
+
+    imagePullSecrets:
+      - name: registry-credentials
+
+    vault:
+      enabled: true
+
+    serviceAccount:
+      create: true
+
+    service:
+      extraPorts:
+        - name: web
+          port: 6081
+          targetPort: 6081
+
+    ingress:
+      enabled: true
+      autoIngress:
+        enabled: true
+        path: "/"
+        port: 6081
+
+    replicaCount: 2
+
+    autoscaling:
+      enabled: false
+      minReplicas: 1
+      maxReplicas: 1
+      targetCPUUtilizationPercentage: 40

fluxcd/repo/apps/base/http-broadcaster/app/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - hr-http-broadcaster.yaml

fluxcd/repo/apps/base/k6-operator/hr-k6-operator.yaml

@@ -0,0 +1,59 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: k6-operator
+spec:
+  chart:
+    spec:
+      # https://github.com/grafana/k6-operator/blob/main/charts/k6-operator/values.yaml
+      chart: k6-operator
+      reconcileStrategy: ChartVersion
+      version: "3.x.x"
+      sourceRef:
+        kind: HelmRepository
+        name: grafana
+        namespace: infrastructure
+  interval: 10m0s
+
+  values:
+    fullnameOverride: "k6-operator"
+    customLabels:
+      team: "infrastructure"
+
+    manager:
+      replicas: 1
+      serviceAccount:
+        name: "k6-operator-controller"
+        create: true
+      image:
+        registry: ghcr.io
+        repository: grafana/k6-operator
+        tag: controller-v0.0.19
+        pullPolicy: IfNotPresent
+
+      livenessProbe: {}
+      readinessProbe: {}
+
+      resources:
+        limits:
+          cpu: 100m
+          memory: 100Mi
+        requests:
+          cpu: 100m
+          memory: 100Mi
+      env:
+        # Indique que seul le namespace infrastructure est surveille.
+        - name: WATCH_NAMESPACE
+          value: 'infrastructure'
+
+    authProxy:
+      # Disable/Enable authentication on metric endpoint
+      enabled: false
+
+    installCRDs: true
+    namespace:
+      create: false
+
+    prometheus:
+      enabled: false

fluxcd/repo/apps/base/k6-operator/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - hr-k6-operator.yaml

fluxcd/repo/apps/production/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - remote
+  - system

fluxcd/repo/apps/production/system/http-broadcaster/app/hr-http-broadcaster.yaml

@@ -0,0 +1,31 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: http-broadcaster
+spec:
+  chart:
+    spec:
+      chart: myChart
+      reconcileStrategy: ChartVersion
+      version: "2.x.x"
+      sourceRef:
+        kind: HelmRepository
+        name: myChart
+        namespace: infrastructure
+  interval: 10m0s
+  values:
+    environment: "prd"
+    app:
+      image:
+        tag: 2.1.5 # {"$imagepolicy": "system:http-broadcaster:tag"}
+    autoscaling:
+      enabled: false
+    vault:
+      path: "app/data/http-broadcaster/prd/envVars"
+    ingress:
+      autoIngress:
+        host: "purgatory.example.com"
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: true

fluxcd/repo/apps/production/system/http-broadcaster/app/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../base/http-broadcaster/app
+patches:
+  - path: hr-http-broadcaster.yaml

fluxcd/repo/apps/production/system/http-broadcaster/automations/iua-http-broadcaster.yaml

@@ -0,0 +1,28 @@
+---
+
+apiVersion: image.toolkit.fluxcd.io/v1beta2
+kind: ImageUpdateAutomation
+metadata:
+  name: http-broadcaster
+  labels:
+    team: system
+spec:
+  git:
+    checkout:
+      ref:
+        branch: main
+    commit:
+      author:
+        email: fluxcdbot@example.com
+        name: fluxcdbot
+      messageTemplate: 'deps(apps/production): {{ .AutomationObject }} ImageUpdateAutomation'
+    push:
+      branch: main
+  interval: 3m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  update:
+    path: ./apps/production/system/http-broadcaster
+    strategy: Setters

fluxcd/repo/apps/production/system/http-broadcaster/automations/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - iua-http-broadcaster.yaml
+  - policy-http-broadcaster.yaml
+  - registry-http-broadcaster.yaml

fluxcd/repo/apps/production/system/http-broadcaster/automations/policy-http-broadcaster.yaml

@@ -0,0 +1,15 @@
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImagePolicy
+metadata:
+  name: http-broadcaster
+  labels:
+    team: system
+spec:
+  imageRepositoryRef:
+    name: http-broadcaster
+  filterTags:
+    pattern: '^v?(?P<rv>[0-9]+\.[0-9]+\.[0-9]+)$'
+    extract: '$rv'
+  policy:
+    semver:
+      range: '^2.x.x-0'

fluxcd/repo/apps/production/system/http-broadcaster/automations/registry-http-broadcaster.yaml

@@ -0,0 +1,13 @@
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImageRepository
+metadata:
+  name: http-broadcaster
+  labels:
+    team: system
+spec:
+  secretRef:
+    name: registry-credentials
+  image: gitlabregistry.example.com/infrastructure/http-broadcaster
+  interval: 5m0s
+  exclusionList:
+    - "_dev$"

fluxcd/repo/apps/production/system/http-broadcaster/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: system
+resources:
+  - app
+  - automations

fluxcd/repo/apps/production/system/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - http-broadcaster

fluxcd/repo/apps/staging/infrastructure/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../k6-operator

fluxcd/repo/apps/staging/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - remote
+  - system
+  - infrastructure

fluxcd/repo/apps/staging/system/http-broadcaster/app/hr-http-broadcaster.yaml

@@ -0,0 +1,37 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: http-broadcaster
+spec:
+  chart:
+    spec:
+      chart: myChart
+      reconcileStrategy: ChartVersion
+      version: "2.x.x"
+      sourceRef:
+        kind: HelmRepository
+        name: myChart
+        namespace: infrastructure
+  interval: 10m0s
+  values:
+    environment: "stg"
+    app:
+      image:
+        tag: 2.2.0-rc.1 # {"$imagepolicy": "system:http-broadcaster:tag"}
+    autoscaling:
+      enabled: false
+    vault:
+      path: "app/data/http-broadcaster/stg/envVars"
+    # Test to verify that Traefik is not rejecting requests for being
+    # outside limit size.
+    ingress:
+      middlewares:
+        buffering:
+          enabled: false
+      autoIngress:
+        host: "purgatory.stg.example.com"
+    # Telling the chart that we want the service to be scrape.
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: true

fluxcd/repo/apps/staging/system/http-broadcaster/app/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../base/http-broadcaster/app
+patches:
+  - path: hr-http-broadcaster.yaml

fluxcd/repo/apps/staging/system/http-broadcaster/automations/iua-http-broadcaster.yaml

@@ -0,0 +1,28 @@
+---
+
+apiVersion: image.toolkit.fluxcd.io/v1beta2
+kind: ImageUpdateAutomation
+metadata:
+  name: http-broadcaster
+  labels:
+    team: system
+spec:
+  git:
+    checkout:
+      ref:
+        branch: main
+    commit:
+      author:
+        email: fluxcdbot@example.com
+        name: fluxcdbot
+      messageTemplate: 'deps(apps/staging): {{ .AutomationObject }} ImageUpdateAutomation'
+    push:
+      branch: main
+  interval: 3m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  update:
+    path: ./apps/staging/system/http-broadcaster
+    strategy: Setters

fluxcd/repo/apps/staging/system/http-broadcaster/automations/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - iua-http-broadcaster.yaml
+  - policy-http-broadcaster.yaml
+  - registry-http-broadcaster.yaml
+  - receiver-http-broadcaster.yaml

fluxcd/repo/apps/staging/system/http-broadcaster/automations/policy-http-broadcaster.yaml

@@ -0,0 +1,15 @@
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImagePolicy
+metadata:
+  name: http-broadcaster
+  labels:
+    team: system
+spec:
+  imageRepositoryRef:
+    name: http-broadcaster
+  filterTags:
+    pattern: '^v?(?P<rv>[0-9]+\.[0-9]+\.[0-9]+-(?:alpha|beta|rc)\.[0-9]+)$'
+    extract: '$rv'
+  policy:
+    semver:
+      range: '^2.x.x-0'

fluxcd/repo/apps/staging/system/http-broadcaster/automations/receiver-http-broadcaster.yaml

@@ -0,0 +1,15 @@
+apiVersion: notification.toolkit.fluxcd.io/v1
+kind: Receiver
+metadata:
+  name: http-broadcaster-app
+spec:
+  type: generic
+  secretRef:
+    name: webhook-receiver-token
+  resources:
+    - apiVersion: image.toolkit.fluxcd.io/v1beta1
+      kind: ImageRepository
+      name: http-broadcaster-app
+    - apiVersion: image.toolkit.fluxcd.io/v1beta2
+      kind: ImageUpdateAutomation
+      name: http-broadcaster

fluxcd/repo/apps/staging/system/http-broadcaster/automations/registry-http-broadcaster.yaml

@@ -0,0 +1,13 @@
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImageRepository
+metadata:
+  name: http-broadcaster
+  labels:
+    team: system
+spec:
+  secretRef:
+    name: registry-credentials
+  image: gitlabregistry.example.com/infrastructure/http-broadcaster
+  interval: 5m0s
+  exclusionList:
+    - "_dev$"

fluxcd/repo/apps/staging/system/http-broadcaster/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: system
+resources:
+  - app
+  - automations

fluxcd/repo/apps/staging/system/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - http-broadcaster