kirby/documentation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fluxcd : adding repo example with some apps

Browse Source
This commit is contained in:
kirby
2025-05-28 16:00:46 +02:00
parent 00a5e56c27
commit e5738c5c3f
111 changed files with 18051 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
fluxcd/repo/infrastructure/base/external-secrets/core/hr-external-secrets.yaml Normal file
View File

@@ -0,0 +1,117 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: external-secrets
spec:
chart:
spec:
chart: external-secrets
reconcileStrategy: ChartVersion
version: "0.14.x"
sourceRef:
kind: HelmRepository
name: external-secrets-operator
namespace: infrastructure
interval: 10m0s
values:
replicaCount: 3
affinity: {}
installCRDs: true
crds:
createClusterExternalSecret: true
createClusterSecretStore: true
createPushSecret: true
leaderElect: true
concurrent: 3
serviceAccount:
create: true
automount: true
rbac:
create: true
resources:
requests:
cpu: 10m
memory: 32Mi
serviceMonitor:
enabled: false
interval: 30s
scrapeTimeout: 25s
metrics:
service:
enabled: false
podDisruptionBudget:
enabled: true
minAvailable: 1
# maxUnavailable: 1
webhook:
create: true
replicaCount: 1
rbac:
create: true
serviceAccount:
create: true
automount: true
podDisruptionBudget:
enabled: true
minAvailable: 1
# maxUnavailable: 1
serviceMonitor:
enabled: false
interval: 30s
scrapeTimeout: 25s
metrics:
service:
enabled: false
resources:
requests:
cpu: 10m
memory: 32Mi
affinity: {}
certController:
create: true
requeueInterval: "5m"
replicaCount: 1
rbac:
create: true
serviceAccount:
create: true
automount: true
podDisruptionBudget:
enabled: true
minAvailable: 1
# maxUnavailable: 1
serviceMonitor:
enabled: false
interval: 30s
scrapeTimeout: 25s
metrics:
service:
enabled: false
resources:
requests:
cpu: 10m
memory: 32Mi
affinity: {}

5
fluxcd/repo/infrastructure/base/external-secrets/core/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: infrastructure
resources:
- hr-external-secrets.yaml

29
fluxcd/repo/infrastructure/base/external-secrets/dependencies.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: inf-external-secrets-core
namespace: flux-system
spec:
interval: 5m
path: ./infrastructure/base/external-secrets/core
prune: true
sourceRef:
kind: GitRepository
name: flux-system
namespace: flux-system
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: inf-external-secrets-resources
namespace: flux-system
spec:
dependsOn:
- name: inf-external-secrets-core
interval: 5m
path: ./infrastructure/base/external-secrets/resources
prune: true
sourceRef:
kind: GitRepository
name: flux-system
namespace: flux-system

4
fluxcd/repo/infrastructure/base/external-secrets/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- dependencies.yaml

9
fluxcd/repo/infrastructure/base/external-secrets/resources/kustomization.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: infrastructure
resources:
- vault-secret-store.yaml
- vault-secret-store-app.yaml
- registry-credentials.yaml
- longhorn-s3-backup-secret.yaml

24
fluxcd/repo/infrastructure/base/external-secrets/resources/longhorn-s3-backup-secret.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: external-secrets.io/v1beta1
kind: ClusterExternalSecret
metadata:
name: longhorn-s3-backup-secret
spec:
externalSecretName: "longhorn-s3-backup-secret"
refreshTime: "1h"
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: In
values:
- infrastructure
externalSecretSpec:
secretStoreRef:
name: vault-secret-store
kind: ClusterSecretStore
refreshInterval: "72h"
target:
name: longhorn-s3-backup-secret
deletionPolicy: Retain
dataFrom:
- extract:
key: kubernetes-secrets/longhorn/s3-backup-secret

31
fluxcd/repo/infrastructure/base/external-secrets/resources/registry-credentials.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: external-secrets.io/v1beta1
kind: ClusterExternalSecret
metadata:
name: registry-credentials
spec:
externalSecretName: "registry-credentials"
refreshTime: "1h"
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: In
values:
- system
- flux-system
- namespace1
externalSecretSpec:
secretStoreRef:
name: vault-secret-store
kind: ClusterSecretStore
refreshInterval: "1h"
target:
name: registry-credentials
deletionPolicy: Retain
template:
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: "{{ .auths }}"
data:
- secretKey: auths
remoteRef:
key: kubernetes-secrets/registry-credentials

18
fluxcd/repo/infrastructure/base/external-secrets/resources/vault-secret-store-app.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: vault-secret-store-app
spec:
provider:
vault:
server: "https://vault.example.com"
path: "app"
version: "v2"
auth:
appRole:
path: "approle"
roleId: "" # k8s-external-secrets
secretRef:
name: "vault-k8s-external-secrets"
namespace: infrastructure
key: "secret-id"

18
fluxcd/repo/infrastructure/base/external-secrets/resources/vault-secret-store.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: vault-secret-store
spec:
provider:
vault:
server: "https://vault.example.com"
path: "kubernetes-secrets"
version: "v2"
auth:
appRole:
path: "approle"
roleId: ""
secretRef:
name: "vault-k8s-external-secrets"
namespace: infrastructure
key: "secret-id"