From 94225a392737e1d542b887b2a4a20c1e8e45fba0 Mon Sep 17 00:00:00 2001 From: Jory Irving Date: Tue, 28 Jan 2025 15:09:45 -0700 Subject: [PATCH] Refactor bootstrap into shared dir --- .gitignore | 6 +- .taskfiles/bootstrap/Taskfile.yaml | 53 ++++++++--------- .taskfiles/talos/Taskfile.yaml | 58 +++++++++---------- .taskfiles/volsync/Taskfile.yaml | 2 +- .taskfiles/volsync/resources/unlock.yaml.j2 | 4 +- Taskfile.yaml | 3 +- .../pi5/apps/cert-manager/kustomization.yaml | 4 +- .../pi5/apps/default/kustomization.yaml | 4 +- .../apps/external-secrets/kustomization.yaml | 4 +- .../pi5/apps/flux-system/capacitor/ks.yaml | 2 +- .../pi5/apps/flux-system/kustomization.yaml | 4 +- .../pi5/apps/kube-system/kustomization.yaml | 4 +- .../pi5/apps/kube-tools/kustomization.yaml | 4 +- .../pi5/apps/network/kustomization.yaml | 4 +- .../pi5/apps/storage/kustomization.yaml | 4 +- kubernetes/pi5/bootstrap/.sourceignore | 1 - .../bootstrap/talos/clusterconfig/.gitignore | 3 - kubernetes/pi5/flux/cluster/ks.yaml | 10 ++-- .../pi5/{bootstrap => talos}/cluster.env | 0 .../pi5/{bootstrap => }/talos/talconfig.yaml | 0 .../{bootstrap => }/talos/talsecret.sops.yaml | 0 .../apps => shared/bootstrap}/.secrets.env | 4 +- .../apps => shared/bootstrap}/helmfile.yaml | 4 +- .../bootstrap}/templates/resources.yaml.j2 | 0 .../templates/wipe-rook.yaml.gotmpl | 0 .../components/alerts/alertmanager/alert.yaml | 0 .../alerts/alertmanager/kustomization.yaml | 0 .../alerts/alertmanager/provider.yaml | 0 .../components/alerts/github/alert.yaml | 0 .../alerts/github/externalsecret.yaml | 0 .../alerts/github/kustomization.yaml | 0 .../components/alerts/github/provider.yaml | 0 .../components/alerts/kustomization.yaml | 0 .../components/gatus/external/config.yaml | 0 .../gatus/external/kustomization.yaml | 0 .../components/gatus/guarded/config.yaml | 0 .../gatus/guarded/kustomization.yaml | 0 .../components/kustomization.yaml | 0 .../components/namespace/kustomization.yaml | 0 .../components/namespace/namespace.yaml | 0 .../components/volsync/kustomization.yaml | 0 .../volsync/local/externalsecret.yaml | 0 .../volsync/local/kustomization.yaml | 0 .../volsync/local/replicationdestination.yaml | 0 .../volsync/local/replicationsource.yaml | 0 .../components/volsync/pvc.yaml | 0 .../volsync/remote/externalsecret.yaml | 0 .../volsync/remote/kustomization.yaml | 0 .../volsync/remote/replicationsource.yaml | 0 .../repositories/git/kustomization.yaml | 0 .../helm/actions-runner-controller.yaml | 0 .../repositories/helm/backube.yaml | 0 .../repositories/helm/bjw-s.yaml | 0 .../repositories/helm/cilium.yaml | 0 .../repositories/helm/controlplaneio.yaml | 0 .../repositories/helm/coredns.yaml | 0 .../repositories/helm/descheduler.yaml | 0 .../repositories/helm/external-dns.yaml | 0 .../repositories/helm/external-secrets.yaml | 0 .../repositories/helm/fluxcd-community.yaml | 0 .../fluxcd-kustomize-mutating-webhook.yaml | 0 .../repositories/helm/grafana.yaml | 0 .../repositories/helm/ingress-nginx.yaml | 0 .../repositories/helm/intel.yaml | 0 .../repositories/helm/jetstack.yaml | 0 .../helm/kubernetes-sigs-nfd.yaml | 0 .../repositories/helm/kustomization.yaml | 0 .../repositories/helm/metrics-server.yaml | 0 .../repositories/helm/openebs.yaml | 0 .../repositories/helm/piraeus.yaml | 0 .../helm/prometheus-community.yaml | 0 .../repositories/helm/spegel.yaml | 0 .../repositories/helm/stakater.yaml | 0 .../repositories/helm/weave-gitops.yaml | 0 .../repositories/helm/wiremind.yaml | 0 .../repositories/kustomization.yaml | 0 .../repositories/oci/kustomization.yaml | 0 77 files changed, 90 insertions(+), 92 deletions(-) delete mode 100644 kubernetes/pi5/bootstrap/.sourceignore delete mode 100644 kubernetes/pi5/bootstrap/talos/clusterconfig/.gitignore rename kubernetes/pi5/{bootstrap => talos}/cluster.env (100%) rename kubernetes/pi5/{bootstrap => }/talos/talconfig.yaml (100%) rename kubernetes/pi5/{bootstrap => }/talos/talsecret.sops.yaml (100%) rename kubernetes/{pi5/bootstrap/apps => shared/bootstrap}/.secrets.env (59%) rename kubernetes/{pi5/bootstrap/apps => shared/bootstrap}/helmfile.yaml (96%) rename kubernetes/{pi5/bootstrap/apps => shared/bootstrap}/templates/resources.yaml.j2 (100%) rename kubernetes/{pi5/bootstrap/apps => shared/bootstrap}/templates/wipe-rook.yaml.gotmpl (100%) rename kubernetes/shared/{ => templates}/components/alerts/alertmanager/alert.yaml (100%) rename kubernetes/shared/{ => templates}/components/alerts/alertmanager/kustomization.yaml (100%) rename kubernetes/shared/{ => templates}/components/alerts/alertmanager/provider.yaml (100%) rename kubernetes/shared/{ => templates}/components/alerts/github/alert.yaml (100%) rename kubernetes/shared/{ => templates}/components/alerts/github/externalsecret.yaml (100%) rename kubernetes/shared/{ => templates}/components/alerts/github/kustomization.yaml (100%) rename kubernetes/shared/{ => templates}/components/alerts/github/provider.yaml (100%) rename kubernetes/shared/{ => templates}/components/alerts/kustomization.yaml (100%) rename kubernetes/shared/{ => templates}/components/gatus/external/config.yaml (100%) rename kubernetes/shared/{ => templates}/components/gatus/external/kustomization.yaml (100%) rename kubernetes/shared/{ => templates}/components/gatus/guarded/config.yaml (100%) rename kubernetes/shared/{ => templates}/components/gatus/guarded/kustomization.yaml (100%) rename kubernetes/shared/{ => templates}/components/kustomization.yaml (100%) rename kubernetes/shared/{ => templates}/components/namespace/kustomization.yaml (100%) rename kubernetes/shared/{ => templates}/components/namespace/namespace.yaml (100%) rename kubernetes/shared/{ => templates}/components/volsync/kustomization.yaml (100%) rename kubernetes/shared/{ => templates}/components/volsync/local/externalsecret.yaml (100%) rename kubernetes/shared/{ => templates}/components/volsync/local/kustomization.yaml (100%) rename kubernetes/shared/{ => templates}/components/volsync/local/replicationdestination.yaml (100%) rename kubernetes/shared/{ => templates}/components/volsync/local/replicationsource.yaml (100%) rename kubernetes/shared/{ => templates}/components/volsync/pvc.yaml (100%) rename kubernetes/shared/{ => templates}/components/volsync/remote/externalsecret.yaml (100%) rename kubernetes/shared/{ => templates}/components/volsync/remote/kustomization.yaml (100%) rename kubernetes/shared/{ => templates}/components/volsync/remote/replicationsource.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/git/kustomization.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/actions-runner-controller.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/backube.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/bjw-s.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/cilium.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/controlplaneio.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/coredns.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/descheduler.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/external-dns.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/external-secrets.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/fluxcd-community.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/fluxcd-kustomize-mutating-webhook.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/grafana.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/ingress-nginx.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/intel.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/jetstack.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/kubernetes-sigs-nfd.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/kustomization.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/metrics-server.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/openebs.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/piraeus.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/prometheus-community.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/spegel.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/stakater.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/weave-gitops.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/helm/wiremind.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/kustomization.yaml (100%) rename kubernetes/shared/{ => templates}/repositories/oci/kustomization.yaml (100%) diff --git a/.gitignore b/.gitignore index e134a7d93c..10a8b71d8d 100644 --- a/.gitignore +++ b/.gitignore @@ -4,7 +4,6 @@ Brewfile.lock.json # Kubernetes kubeconfig -talosconfig .decrypted~* *.secret.env *.secret.yaml @@ -17,6 +16,9 @@ talosconfig # Private .private .bin +#Talos +talosconfig +**/clusterconfig # Terraform .terraform .terraform.tfstate* @@ -26,5 +28,3 @@ terraform.tfstate* # Trash .DS_Store Thumbs.db -#Talos -**/clusterconfig diff --git a/.taskfiles/bootstrap/Taskfile.yaml b/.taskfiles/bootstrap/Taskfile.yaml index fc648897a4..2e888cb3a6 100644 --- a/.taskfiles/bootstrap/Taskfile.yaml +++ b/.taskfiles/bootstrap/Taskfile.yaml @@ -15,58 +15,58 @@ tasks: preconditions: - op user get --me - talosctl config info - - test -f {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig - - test -f {{.BOOTSTRAP_DIR}}/apps/helmfile.yaml - - test -f {{.BOOTSTRAP_DIR}}/apps/templates/resources.yaml.j2 - - test -f {{.BOOTSTRAP_DIR}}/apps/templates/wipe-rook.yaml.gotmpl + - test -f {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig + - test -f {{.BOOTSTRAP_DIR}}/helmfile.yaml + - test -f {{.BOOTSTRAP_DIR}}/templates/resources.yaml.j2 + - test -f {{.BOOTSTRAP_DIR}}/templates/wipe-rook.yaml.gotmpl - which curl jq helmfile kubectl op talosctl gen-secrets: desc: Generate the Talos secrets cmds: - - talhelper -f {{.BOOTSTRAP_DIR}}/talos/talconfig.yaml gensecret > {{.BOOTSTRAP_DIR}}/talos/talsecret.sops.yaml + - talhelper -f {{.BOOTSTRAP_TALOS_DIR}}/talconfig.yaml gensecret > {{.BOOTSTRAP_TALOS_DIR}}/talsecret.sops.yaml - task: :sops:.encrypt-file vars: - FILE: "{{.BOOTSTRAP_DIR}}/talos/talsecret.sops.yaml" + FILE: "{{.BOOTSTRAP_TALOS_DIR}}/talsecret.sops.yaml" requires: vars: [CLUSTER] preconditions: - - test -f {{.BOOTSTRAP_DIR}}/talos/talconfig.yaml + - test -f {{.BOOTSTRAP_TALOS_DIR}}/talconfig.yaml status: - - test -f "{{.BOOTSTRAP_DIR}}/talos/talsecret.sops.yaml" + - test -f "{{.BOOTSTRAP_TALOS_DIR}}/talsecret.sops.yaml" gen-config: desc: Generate the Talos configs - cmd: talhelper -c {{.BOOTSTRAP_DIR}}/talos/talconfig.yaml genconfig -s {{.BOOTSTRAP_DIR}}/talos/talsecret.sops.yaml -o {{.BOOTSTRAP_DIR}}/talos/clusterconfig + cmd: talhelper -c {{.BOOTSTRAP_TALOS_DIR}}/talconfig.yaml genconfig -s {{.BOOTSTRAP_TALOS_DIR}}/talsecret.sops.yaml -o {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig requires: vars: [CLUSTER] preconditions: - - test -f {{.BOOTSTRAP_DIR}}/talos/talconfig.yaml - - test -f {{.BOOTSTRAP_DIR}}/talos/talsecret.sops.yaml + - test -f {{.BOOTSTRAP_TALOS_DIR}}/talconfig.yaml + - test -f {{.BOOTSTRAP_TALOS_DIR}}/talsecret.sops.yaml apply-config: desc: Apply the Talos config on a nodes for a new cluster - dir: "{{.BOOTSTRAP_DIR}}/talos/" + dir: "{{.BOOTSTRAP_TALOS_DIR}}/" cmd: talhelper gencommand apply --extra-flags=--insecure | bash requires: vars: [CLUSTER] preconditions: - - test -f {{.BOOTSTRAP_DIR}}/talos/talconfig.yaml - - test -f {{.BOOTSTRAP_DIR}}/talos/talsecret.sops.yaml + - test -f {{.BOOTSTRAP_TALOS_DIR}}/talconfig.yaml + - test -f {{.BOOTSTRAP_TALOS_DIR}}/talsecret.sops.yaml talos: desc: Bootstrap Talos [CLUSTER=pi5] cmds: - - until talosctl --nodes {{.TALOS_CONTROLLER}} bootstrap --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig; do sleep 5; done - - talosctl kubeconfig --nodes {{.TALOS_CONTROLLER}} --force --force-context-name {{.CLUSTER}} {{.CLUSTER_DIR}} --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig + - until talosctl --nodes {{.TALOS_CONTROLLER}} bootstrap --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig; do sleep 5; done + - talosctl kubeconfig --nodes {{.TALOS_CONTROLLER}} --force --force-context-name {{.CLUSTER}} {{.CLUSTER_DIR}} --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig vars: TALOS_CONTROLLER: - sh: talosctl config info --output json --context {{.CLUSTER}} --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig | jq --raw-output '.endpoints[]' | shuf -n 1 + sh: talosctl config info --output json --context {{.CLUSTER}} --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig | jq --raw-output '.endpoints[]' | shuf -n 1 requires: vars: [CLUSTER] preconditions: - talosctl config info - - test -f {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig + - test -f {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig - which talosctl jq apps: @@ -74,24 +74,25 @@ tasks: prompt: Bootstrap apps into the Talos cluster? cmds: - until kubectl wait nodes --for=condition=Ready=False --all --timeout=10m; do sleep 5; done - - op run --env-file {{.BOOTSTRAP_DIR}}/apps/.secrets.env --no-masking -- minijinja-cli {{.BOOTSTRAP_DIR}}/apps/templates/resources.yaml.j2 | kubectl apply --server-side --filename - - - helmfile --quiet --file {{.BOOTSTRAP_DIR}}/apps/helmfile.yaml apply --skip-diff-on-install --suppress-diff - - helmfile --quiet --file {{.BOOTSTRAP_DIR}}/apps/helmfile.yaml destroy --selector name=wipe-rook || true + - op run --env-file {{.BOOTSTRAP_DIR}}/.secrets.env --no-masking -- minijinja-cli {{.BOOTSTRAP_DIR}}/templates/resources.yaml.j2 | kubectl apply --server-side --filename - + - helmfile --quiet --file {{.BOOTSTRAP_DIR}}/helmfile.yaml apply --skip-diff-on-install --suppress-diff + - helmfile --quiet --file {{.BOOTSTRAP_DIR}}/helmfile.yaml destroy --selector name=wipe-rook || true - '{{if eq .NODE_COUNT 1}}talosctl reboot -n {{.TALOS_CONTROLLER}}{{end}}' vars: TALOS_CONTROLLER: - sh: talosctl config info --output json --context {{.CLUSTER}} --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig | jq --raw-output '.endpoints[]' + sh: talosctl config info --output json --context {{.CLUSTER}} --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig | jq --raw-output '.endpoints[]' env: NODE_COUNT: sh: talosctl --context {{.CLUSTER}} config info --output json | jq --raw-output '.nodes | length' VAULT: kubernetes # ¯\_(ツ)_/¯ + CLUSTER: '{{.CLUSTER}}' requires: vars: [CLUSTER] preconditions: - op user get --me - talosctl config info - - test -f {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig - - test -f {{.BOOTSTRAP_DIR}}/apps/helmfile.yaml - - test -f {{.BOOTSTRAP_DIR}}/apps/templates/resources.yaml.j2 - - test -f {{.BOOTSTRAP_DIR}}/apps/templates/wipe-rook.yaml.gotmpl + - test -f {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig + - test -f {{.BOOTSTRAP_DIR}}/helmfile.yaml + - test -f {{.BOOTSTRAP_DIR}}/templates/resources.yaml.j2 + - test -f {{.BOOTSTRAP_DIR}}/templates/wipe-rook.yaml.gotmpl - which curl jq helmfile kubectl op talosctl diff --git a/.taskfiles/talos/Taskfile.yaml b/.taskfiles/talos/Taskfile.yaml index 8c435aeb3c..e8b3043026 100644 --- a/.taskfiles/talos/Taskfile.yaml +++ b/.taskfiles/talos/Taskfile.yaml @@ -5,30 +5,30 @@ version: "3" tasks: genconfig: desc: Generate the Talos configs - cmd: talhelper -c {{.BOOTSTRAP_DIR}}/talos/talconfig.yaml genconfig -s {{.BOOTSTRAP_DIR}}/talos/talsecret.sops.yaml -o {{.BOOTSTRAP_DIR}}/talos/clusterconfig + cmd: talhelper -c {{.BOOTSTRAP_TALOS_DIR}}/talconfig.yaml genconfig -s {{.BOOTSTRAP_TALOS_DIR}}/talsecret.sops.yaml -o {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig requires: vars: [CLUSTER] preconditions: - - test -f {{.BOOTSTRAP_DIR}}/talos/talconfig.yaml - - test -f {{.BOOTSTRAP_DIR}}/talos/talsecret.sops.yaml + - test -f {{.BOOTSTRAP_TALOS_DIR}}/talconfig.yaml + - test -f {{.BOOTSTRAP_TALOS_DIR}}/talsecret.sops.yaml apply-node: desc: Apply Talos config to a node [CLUSTER=pi5] [HOSTNAME=required] dotenv: ['{{.CLUSTER_DIR}}/cluster.env'] cmds: # - task: down - - talosctl apply-config --nodes {{.HOSTNAME}} --mode={{.MODE}} --file {{.BOOTSTRAP_DIR}}/talos/clusterconfig/{{.CLUSTER}}-{{.HOSTNAME}}.yaml --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig - - talosctl --nodes {{.HOSTNAME}} health --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig + - talosctl apply-config --nodes {{.HOSTNAME}} --mode={{.MODE}} --file {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/{{.CLUSTER}}-{{.HOSTNAME}}.yaml --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig + - talosctl --nodes {{.HOSTNAME}} health --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig # - task: up vars: MODE: '{{.MODE | default "auto"}}' requires: vars: [CLUSTER, HOSTNAME] preconditions: - - talosctl --nodes {{.HOSTNAME}} get machineconfig --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig + - talosctl --nodes {{.HOSTNAME}} get machineconfig --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig - test -f {{.BOOTSTRAP_DIR}}/cluster.env - - test -f {{.BOOTSTRAP_DIR}}/talos/talconfig.yaml - - test -f {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig + - test -f {{.BOOTSTRAP_TALOS_DIR}}/talconfig.yaml + - test -f {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig apply-cluster: ## This isn't working on utility cluster desc: Apply the Talos config on all nodes for an existing cluster [CLUSTER=pi5] @@ -44,22 +44,22 @@ tasks: requires: vars: [CLUSTER] preconditions: - - talosctl config info --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig + - talosctl config info --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig - test -f {{.CLUSTER_DIR}}/cluster.env - - test -f {{.BOOTSTRAP_DIR}}/talos/talconfig.yaml - - test -f {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig + - test -f {{.BOOTSTRAP_TALOS_DIR}}/talconfig.yaml + - test -f {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig soft-nuke: desc: Resets nodes back to maintenance mode so you can re-deploy again straight after prompt: This will destroy your cluster and reset the nodes back to maintenance mode... continue? - cmd: talhelper gencommand reset -o {{.BOOTSTRAP_DIR}}/talos/clusterconfig -c {{.BOOTSTRAP_DIR}}/talos/talconfig.yaml --extra-flags "--reboot --system-labels-to-wipe STATE --system-labels-to-wipe EPHEMERAL --graceful=false --wait=false" | bash + cmd: talhelper gencommand reset -o {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig -c {{.BOOTSTRAP_TALOS_DIR}}/talconfig.yaml --extra-flags "--reboot --system-labels-to-wipe STATE --system-labels-to-wipe EPHEMERAL --graceful=false --wait=false" | bash preconditions: - { msg: "Argument (CLUSTER) is required", sh: "test -n {{.CLUSTER}}" } hard-nuke: desc: Resets nodes back completely and reboots them prompt: This will destroy your cluster and reset the nodes... continue? - cmd: talhelper gencommand reset -o {{.BOOTSTRAP_DIR}}/talos/clusterconfig -c {{.BOOTSTRAP_DIR}}/talos/talconfig.yaml --extra-flags "--reboot --graceful=false --wait=false" | bash + cmd: talhelper gencommand reset -o {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig -c {{.BOOTSTRAP_TALOS_DIR}}/talconfig.yaml --extra-flags "--reboot --graceful=false --wait=false" | bash preconditions: - { msg: "Argument (CLUSTER) is required", sh: "test -n {{.CLUSTER}}" } @@ -67,16 +67,16 @@ tasks: desc: Reboot Talos on a single node [CLUSTER=pi5] [HOSTNAME=required] cmds: - task: down - - talosctl --nodes {{.HOSTNAME}} reboot --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig - - talosctl --nodes {{.HOSTNAME}} health --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig + - talosctl --nodes {{.HOSTNAME}} reboot --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig + - talosctl --nodes {{.HOSTNAME}} health --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig - task: up requires: vars: [CLUSTER, HOSTNAME] preconditions: - - talosctl --nodes {{.HOSTNAME}} get machineconfig --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig - - talosctl config info --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig + - talosctl --nodes {{.HOSTNAME}} get machineconfig --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig + - talosctl config info --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig - test -f {{.CLUSTER_DIR}}/cluster.env - - test -f {{.BOOTSTRAP_DIR}}/talos/talconfig.yaml + - test -f {{.BOOTSTRAP_TALOS_DIR}}/talconfig.yaml - which talosctl reboot-cluster: @@ -97,10 +97,10 @@ tasks: vars: CLUSTER: "{{.CLUSTER}}" preconditions: - - talosctl config info --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig + - talosctl config info --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig - test -f {{.CLUSTER_DIR}}/cluster.env - - test -f {{.BOOTSTRAP_DIR}}/talos/talconfig.yaml - - test -f {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig + - test -f {{.BOOTSTRAP_TALOS_DIR}}/talconfig.yaml + - test -f {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig shutdown-cluster: desc: Shutdown Talos across the whole cluster [CLUSTER=pi5] @@ -112,23 +112,23 @@ tasks: requires: vars: [CLUSTER] preconditions: - - talosctl --nodes {{.NODES}} get machineconfig --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig - - talosctl config info --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig - - test -f {{.BOOTSTRAP_DIR}}/talos/talconfig.yaml - - test -f {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig + - talosctl --nodes {{.NODES}} get machineconfig --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig + - talosctl config info --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig + - test -f {{.BOOTSTRAP_TALOS_DIR}}/talconfig.yaml + - test -f {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig - which talosctl kubeconfig: desc: Generate the kubeconfig for a Talos cluster [CLUSTER=pi5] - cmd: talosctl kubeconfig --nodes {{.TALOS_CONTROLLER}} --force --force-context-name {{.CLUSTER}} {{.CLUSTER_DIR}} --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig + cmd: talosctl kubeconfig --nodes {{.TALOS_CONTROLLER}} --force --force-context-name {{.CLUSTER}} {{.CLUSTER_DIR}} --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig vars: TALOS_CONTROLLER: - sh: talosctl config info --output json --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig | jq --raw-output '.endpoints[]' | shuf -n 1 + sh: talosctl config info --output json --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig | jq --raw-output '.endpoints[]' | shuf -n 1 requires: vars: [CLUSTER] preconditions: - - talosctl config info --talosconfig {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig - - test -f {{.BOOTSTRAP_DIR}}/talos/clusterconfig/talosconfig + - talosctl config info --talosconfig {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig + - test -f {{.BOOTSTRAP_TALOS_DIR}}/clusterconfig/talosconfig - which talosctl down: diff --git a/.taskfiles/volsync/Taskfile.yaml b/.taskfiles/volsync/Taskfile.yaml index eabc333682..a22232716a 100644 --- a/.taskfiles/volsync/Taskfile.yaml +++ b/.taskfiles/volsync/Taskfile.yaml @@ -56,7 +56,7 @@ tasks: cmd: kubectl --namespace {{splitList "," .ITEM | first}} patch --field-manager=flux-client-side-apply replicationsources {{splitList "," .ITEM | last}} --type merge --patch "{\"spec\":{\"restic\":{\"unlock\":\"{{now | unixEpoch}}\"}}}" vars: SOURCES: - sh: kubectl --context {{.CLUSTER}} get replicationsources --all-namespaces --no-headers --output=jsonpath='{range .items[*]}{.metadata.namespace},{.metadata.name}{"\n"}{end}' + sh: kubectl get replicationsources --all-namespaces --no-headers --output=jsonpath='{range .items[*]}{.metadata.namespace},{.metadata.name}{"\n"}{end}' requires: vars: [CLUSTER] preconditions: diff --git a/.taskfiles/volsync/resources/unlock.yaml.j2 b/.taskfiles/volsync/resources/unlock.yaml.j2 index fa14af309e..afad32349b 100644 --- a/.taskfiles/volsync/resources/unlock.yaml.j2 +++ b/.taskfiles/volsync/resources/unlock.yaml.j2 @@ -16,7 +16,7 @@ spec: args: ["unlock", "--remove-all"] envFrom: - secretRef: - name: {{ ENV.APP }}-volsync-secret + name: {{ ENV.APP }}-volsync volumeMounts: - name: repository mountPath: /repository @@ -26,7 +26,7 @@ spec: args: ["unlock", "--remove-all"] envFrom: - secretRef: - name: {{ ENV.APP }}-volsync-r2-secret + name: {{ ENV.APP }}-volsync-r2 resources: {} volumes: - name: repository diff --git a/Taskfile.yaml b/Taskfile.yaml index 5df139b96a..53c83c4696 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -8,7 +8,8 @@ shopt: [globstar] vars: CLUSTER: '{{.CLUSTER | default "pi5"}}' CLUSTER_DIR: '{{.ROOT_DIR}}/kubernetes/{{.CLUSTER}}' - BOOTSTRAP_DIR: '{{.CLUSTER_DIR}}/bootstrap' + BOOTSTRAP_TALOS_DIR: '{{.CLUSTER_DIR}}/talos' + BOOTSTRAP_DIR: '{{.ROOT_DIR}}/kubernetes/shared/bootstrap' env: KUBECONFIG: '{{.CLUSTER_DIR}}/kubeconfig' diff --git a/kubernetes/pi5/apps/cert-manager/kustomization.yaml b/kubernetes/pi5/apps/cert-manager/kustomization.yaml index ce79f31bb4..f8d60e46aa 100644 --- a/kubernetes/pi5/apps/cert-manager/kustomization.yaml +++ b/kubernetes/pi5/apps/cert-manager/kustomization.yaml @@ -6,5 +6,5 @@ namespace: cert-manager resources: - ./cert-manager/ks.yaml components: - - ../../../shared/components/alerts - - ../../../shared/components/namespace + - ../../../shared/meta/components/alerts + - ../../../shared/meta/components/namespace diff --git a/kubernetes/pi5/apps/default/kustomization.yaml b/kubernetes/pi5/apps/default/kustomization.yaml index 32aded3571..f0f9a2def5 100644 --- a/kubernetes/pi5/apps/default/kustomization.yaml +++ b/kubernetes/pi5/apps/default/kustomization.yaml @@ -5,5 +5,5 @@ kind: Kustomization namespace: default resources: [] components: - - ../../../shared/components/alerts - - ../../../shared/components/namespace + - ../../../shared/meta/components/alerts + - ../../../shared/meta/components/namespace diff --git a/kubernetes/pi5/apps/external-secrets/kustomization.yaml b/kubernetes/pi5/apps/external-secrets/kustomization.yaml index ce07be6b42..be90491db3 100644 --- a/kubernetes/pi5/apps/external-secrets/kustomization.yaml +++ b/kubernetes/pi5/apps/external-secrets/kustomization.yaml @@ -7,5 +7,5 @@ resources: - ./external-secrets/ks.yaml - ./onepassword/ks.yaml components: - - ../../../shared/components/alerts - - ../../../shared/components/namespace + - ../../../shared/meta/components/alerts + - ../../../shared/meta/components/namespace diff --git a/kubernetes/pi5/apps/flux-system/capacitor/ks.yaml b/kubernetes/pi5/apps/flux-system/capacitor/ks.yaml index e2fbd3f160..f40ed27f52 100644 --- a/kubernetes/pi5/apps/flux-system/capacitor/ks.yaml +++ b/kubernetes/pi5/apps/flux-system/capacitor/ks.yaml @@ -9,7 +9,7 @@ spec: labels: app.kubernetes.io/name: *app components: - - ../../../../../shared/components/gatus/guarded + - ../../../../../shared/meta/components/gatus/guarded interval: 30m path: ./kubernetes/pi5/apps/flux-system/capacitor/app postBuild: diff --git a/kubernetes/pi5/apps/flux-system/kustomization.yaml b/kubernetes/pi5/apps/flux-system/kustomization.yaml index 07a645dc21..e18c3428ff 100644 --- a/kubernetes/pi5/apps/flux-system/kustomization.yaml +++ b/kubernetes/pi5/apps/flux-system/kustomization.yaml @@ -9,5 +9,5 @@ resources: - ./kustomize-mutating-webhook/ks.yaml - ./weave-gitops/ks.yaml components: - - ../../../shared/components/alerts - - ../../../shared/components/namespace + - ../../../shared/meta/components/alerts + - ../../../shared/meta/components/namespace diff --git a/kubernetes/pi5/apps/kube-system/kustomization.yaml b/kubernetes/pi5/apps/kube-system/kustomization.yaml index 5bbad16449..a12fa3ae59 100644 --- a/kubernetes/pi5/apps/kube-system/kustomization.yaml +++ b/kubernetes/pi5/apps/kube-system/kustomization.yaml @@ -8,5 +8,5 @@ resources: - ./coredns/ks.yaml - ./metrics-server/ks.yaml components: - - ../../../shared/components/alerts - - ../../../shared/components/namespace + - ../../../shared/meta/components/alerts + - ../../../shared/meta/components/namespace diff --git a/kubernetes/pi5/apps/kube-tools/kustomization.yaml b/kubernetes/pi5/apps/kube-tools/kustomization.yaml index a383b3ac74..a660918a01 100644 --- a/kubernetes/pi5/apps/kube-tools/kustomization.yaml +++ b/kubernetes/pi5/apps/kube-tools/kustomization.yaml @@ -8,5 +8,5 @@ resources: - ./reloader/ks.yaml # - ./system-upgrade-controller/ks.yaml components: - - ../../../shared/components/alerts - - ../../../shared/components/namespace + - ../../../shared/meta/components/alerts + - ../../../shared/meta/components/namespace diff --git a/kubernetes/pi5/apps/network/kustomization.yaml b/kubernetes/pi5/apps/network/kustomization.yaml index b9aa21b194..d328dc516b 100644 --- a/kubernetes/pi5/apps/network/kustomization.yaml +++ b/kubernetes/pi5/apps/network/kustomization.yaml @@ -7,5 +7,5 @@ resources: - ./external/ks.yaml - ./internal/ks.yaml components: - - ../../../shared/components/alerts - - ../../../shared/components/namespace + - ../../../shared/meta/components/alerts + - ../../../shared/meta/components/namespace diff --git a/kubernetes/pi5/apps/storage/kustomization.yaml b/kubernetes/pi5/apps/storage/kustomization.yaml index fe09e3af79..3c77f61004 100644 --- a/kubernetes/pi5/apps/storage/kustomization.yaml +++ b/kubernetes/pi5/apps/storage/kustomization.yaml @@ -8,5 +8,5 @@ resources: - ./snapshot-controller/ks.yaml - ./volsync/ks.yaml components: - - ../../../shared/components/alerts - - ../../../shared/components/namespace + - ../../../shared/meta/components/alerts + - ../../../shared/meta/components/namespace diff --git a/kubernetes/pi5/bootstrap/.sourceignore b/kubernetes/pi5/bootstrap/.sourceignore deleted file mode 100644 index 72e8ffc0db..0000000000 --- a/kubernetes/pi5/bootstrap/.sourceignore +++ /dev/null @@ -1 +0,0 @@ -* diff --git a/kubernetes/pi5/bootstrap/talos/clusterconfig/.gitignore b/kubernetes/pi5/bootstrap/talos/clusterconfig/.gitignore deleted file mode 100644 index 1dfce24474..0000000000 --- a/kubernetes/pi5/bootstrap/talos/clusterconfig/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -talosconfig -pi5-layla.yaml -pi5-citlali.yaml diff --git a/kubernetes/pi5/flux/cluster/ks.yaml b/kubernetes/pi5/flux/cluster/ks.yaml index 88e758f273..febc5691e3 100644 --- a/kubernetes/pi5/flux/cluster/ks.yaml +++ b/kubernetes/pi5/flux/cluster/ks.yaml @@ -3,7 +3,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: cluster-shared + name: cluster-meta namespace: flux-system spec: decryption: @@ -11,7 +11,7 @@ spec: secretRef: name: sops-age interval: 30m - path: ./kubernetes/shared + path: ./kubernetes/pi5/flux/meta prune: true sourceRef: kind: GitRepository @@ -26,7 +26,7 @@ spec: apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: cluster-meta + name: cluster-shared-meta namespace: flux-system spec: decryption: @@ -34,7 +34,7 @@ spec: secretRef: name: sops-age interval: 30m - path: ./kubernetes/pi5/flux/meta + path: ./kubernetes/shared/meta prune: true sourceRef: kind: GitRepository @@ -58,7 +58,7 @@ spec: name: sops-age dependsOn: - name: cluster-meta - - name: cluster-shared + - name: cluster-shared-meta interval: 30m path: ./kubernetes/pi5/apps prune: true diff --git a/kubernetes/pi5/bootstrap/cluster.env b/kubernetes/pi5/talos/cluster.env similarity index 100% rename from kubernetes/pi5/bootstrap/cluster.env rename to kubernetes/pi5/talos/cluster.env diff --git a/kubernetes/pi5/bootstrap/talos/talconfig.yaml b/kubernetes/pi5/talos/talconfig.yaml similarity index 100% rename from kubernetes/pi5/bootstrap/talos/talconfig.yaml rename to kubernetes/pi5/talos/talconfig.yaml diff --git a/kubernetes/pi5/bootstrap/talos/talsecret.sops.yaml b/kubernetes/pi5/talos/talsecret.sops.yaml similarity index 100% rename from kubernetes/pi5/bootstrap/talos/talsecret.sops.yaml rename to kubernetes/pi5/talos/talsecret.sops.yaml diff --git a/kubernetes/pi5/bootstrap/apps/.secrets.env b/kubernetes/shared/bootstrap/.secrets.env similarity index 59% rename from kubernetes/pi5/bootstrap/apps/.secrets.env rename to kubernetes/shared/bootstrap/.secrets.env index af078da86e..049b485ed1 100644 --- a/kubernetes/pi5/bootstrap/apps/.secrets.env +++ b/kubernetes/shared/bootstrap/.secrets.env @@ -1,5 +1,5 @@ FLUX_SOPS_PRIVATE_KEY=op://$VAULT/sops/SOPS_PRIVATE_KEY ONEPASSWORD_CREDENTIALS=op://$VAULT/1password/OP_CREDENTIALS_JSON ONEPASSWORD_CONNECT_TOKEN=op://$VAULT/1password/OP_CONNECT_TOKEN -INGRESS_NGINX_TLS_CRT=op://$VAULT/pi5-cluster-tls/tls.crt -INGRESS_NGINX_TLS_KEY=op://$VAULT/pi5-cluster-tls/tls.key +INGRESS_NGINX_TLS_CRT=op://$VAULT/$CLUSTER-cluster-tls/tls.crt +INGRESS_NGINX_TLS_KEY=op://$VAULT/$CLUSTER-cluster-tls/tls.key diff --git a/kubernetes/pi5/bootstrap/apps/helmfile.yaml b/kubernetes/shared/bootstrap/helmfile.yaml similarity index 96% rename from kubernetes/pi5/bootstrap/apps/helmfile.yaml rename to kubernetes/shared/bootstrap/helmfile.yaml index 6996e202b0..1b9c685ac1 100644 --- a/kubernetes/pi5/bootstrap/apps/helmfile.yaml +++ b/kubernetes/shared/bootstrap/helmfile.yaml @@ -60,7 +60,7 @@ releases: values: - ../../apps/external-secrets/external-secrets/app/helm-values.yaml needs: - - kube-system/coredns + - cert-manager/cert-manager - name: kustomize-mutating-webhook namespace: flux-system @@ -69,7 +69,7 @@ releases: values: - ../../apps/flux-system/kustomize-mutating-webhook/app/helm-values.yaml needs: - - kube-system/coredns + - external-secrets/external-secrets - name: flux-operator namespace: flux-system diff --git a/kubernetes/pi5/bootstrap/apps/templates/resources.yaml.j2 b/kubernetes/shared/bootstrap/templates/resources.yaml.j2 similarity index 100% rename from kubernetes/pi5/bootstrap/apps/templates/resources.yaml.j2 rename to kubernetes/shared/bootstrap/templates/resources.yaml.j2 diff --git a/kubernetes/pi5/bootstrap/apps/templates/wipe-rook.yaml.gotmpl b/kubernetes/shared/bootstrap/templates/wipe-rook.yaml.gotmpl similarity index 100% rename from kubernetes/pi5/bootstrap/apps/templates/wipe-rook.yaml.gotmpl rename to kubernetes/shared/bootstrap/templates/wipe-rook.yaml.gotmpl diff --git a/kubernetes/shared/components/alerts/alertmanager/alert.yaml b/kubernetes/shared/templates/components/alerts/alertmanager/alert.yaml similarity index 100% rename from kubernetes/shared/components/alerts/alertmanager/alert.yaml rename to kubernetes/shared/templates/components/alerts/alertmanager/alert.yaml diff --git a/kubernetes/shared/components/alerts/alertmanager/kustomization.yaml b/kubernetes/shared/templates/components/alerts/alertmanager/kustomization.yaml similarity index 100% rename from kubernetes/shared/components/alerts/alertmanager/kustomization.yaml rename to kubernetes/shared/templates/components/alerts/alertmanager/kustomization.yaml diff --git a/kubernetes/shared/components/alerts/alertmanager/provider.yaml b/kubernetes/shared/templates/components/alerts/alertmanager/provider.yaml similarity index 100% rename from kubernetes/shared/components/alerts/alertmanager/provider.yaml rename to kubernetes/shared/templates/components/alerts/alertmanager/provider.yaml diff --git a/kubernetes/shared/components/alerts/github/alert.yaml b/kubernetes/shared/templates/components/alerts/github/alert.yaml similarity index 100% rename from kubernetes/shared/components/alerts/github/alert.yaml rename to kubernetes/shared/templates/components/alerts/github/alert.yaml diff --git a/kubernetes/shared/components/alerts/github/externalsecret.yaml b/kubernetes/shared/templates/components/alerts/github/externalsecret.yaml similarity index 100% rename from kubernetes/shared/components/alerts/github/externalsecret.yaml rename to kubernetes/shared/templates/components/alerts/github/externalsecret.yaml diff --git a/kubernetes/shared/components/alerts/github/kustomization.yaml b/kubernetes/shared/templates/components/alerts/github/kustomization.yaml similarity index 100% rename from kubernetes/shared/components/alerts/github/kustomization.yaml rename to kubernetes/shared/templates/components/alerts/github/kustomization.yaml diff --git a/kubernetes/shared/components/alerts/github/provider.yaml b/kubernetes/shared/templates/components/alerts/github/provider.yaml similarity index 100% rename from kubernetes/shared/components/alerts/github/provider.yaml rename to kubernetes/shared/templates/components/alerts/github/provider.yaml diff --git a/kubernetes/shared/components/alerts/kustomization.yaml b/kubernetes/shared/templates/components/alerts/kustomization.yaml similarity index 100% rename from kubernetes/shared/components/alerts/kustomization.yaml rename to kubernetes/shared/templates/components/alerts/kustomization.yaml diff --git a/kubernetes/shared/components/gatus/external/config.yaml b/kubernetes/shared/templates/components/gatus/external/config.yaml similarity index 100% rename from kubernetes/shared/components/gatus/external/config.yaml rename to kubernetes/shared/templates/components/gatus/external/config.yaml diff --git a/kubernetes/shared/components/gatus/external/kustomization.yaml b/kubernetes/shared/templates/components/gatus/external/kustomization.yaml similarity index 100% rename from kubernetes/shared/components/gatus/external/kustomization.yaml rename to kubernetes/shared/templates/components/gatus/external/kustomization.yaml diff --git a/kubernetes/shared/components/gatus/guarded/config.yaml b/kubernetes/shared/templates/components/gatus/guarded/config.yaml similarity index 100% rename from kubernetes/shared/components/gatus/guarded/config.yaml rename to kubernetes/shared/templates/components/gatus/guarded/config.yaml diff --git a/kubernetes/shared/components/gatus/guarded/kustomization.yaml b/kubernetes/shared/templates/components/gatus/guarded/kustomization.yaml similarity index 100% rename from kubernetes/shared/components/gatus/guarded/kustomization.yaml rename to kubernetes/shared/templates/components/gatus/guarded/kustomization.yaml diff --git a/kubernetes/shared/components/kustomization.yaml b/kubernetes/shared/templates/components/kustomization.yaml similarity index 100% rename from kubernetes/shared/components/kustomization.yaml rename to kubernetes/shared/templates/components/kustomization.yaml diff --git a/kubernetes/shared/components/namespace/kustomization.yaml b/kubernetes/shared/templates/components/namespace/kustomization.yaml similarity index 100% rename from kubernetes/shared/components/namespace/kustomization.yaml rename to kubernetes/shared/templates/components/namespace/kustomization.yaml diff --git a/kubernetes/shared/components/namespace/namespace.yaml b/kubernetes/shared/templates/components/namespace/namespace.yaml similarity index 100% rename from kubernetes/shared/components/namespace/namespace.yaml rename to kubernetes/shared/templates/components/namespace/namespace.yaml diff --git a/kubernetes/shared/components/volsync/kustomization.yaml b/kubernetes/shared/templates/components/volsync/kustomization.yaml similarity index 100% rename from kubernetes/shared/components/volsync/kustomization.yaml rename to kubernetes/shared/templates/components/volsync/kustomization.yaml diff --git a/kubernetes/shared/components/volsync/local/externalsecret.yaml b/kubernetes/shared/templates/components/volsync/local/externalsecret.yaml similarity index 100% rename from kubernetes/shared/components/volsync/local/externalsecret.yaml rename to kubernetes/shared/templates/components/volsync/local/externalsecret.yaml diff --git a/kubernetes/shared/components/volsync/local/kustomization.yaml b/kubernetes/shared/templates/components/volsync/local/kustomization.yaml similarity index 100% rename from kubernetes/shared/components/volsync/local/kustomization.yaml rename to kubernetes/shared/templates/components/volsync/local/kustomization.yaml diff --git a/kubernetes/shared/components/volsync/local/replicationdestination.yaml b/kubernetes/shared/templates/components/volsync/local/replicationdestination.yaml similarity index 100% rename from kubernetes/shared/components/volsync/local/replicationdestination.yaml rename to kubernetes/shared/templates/components/volsync/local/replicationdestination.yaml diff --git a/kubernetes/shared/components/volsync/local/replicationsource.yaml b/kubernetes/shared/templates/components/volsync/local/replicationsource.yaml similarity index 100% rename from kubernetes/shared/components/volsync/local/replicationsource.yaml rename to kubernetes/shared/templates/components/volsync/local/replicationsource.yaml diff --git a/kubernetes/shared/components/volsync/pvc.yaml b/kubernetes/shared/templates/components/volsync/pvc.yaml similarity index 100% rename from kubernetes/shared/components/volsync/pvc.yaml rename to kubernetes/shared/templates/components/volsync/pvc.yaml diff --git a/kubernetes/shared/components/volsync/remote/externalsecret.yaml b/kubernetes/shared/templates/components/volsync/remote/externalsecret.yaml similarity index 100% rename from kubernetes/shared/components/volsync/remote/externalsecret.yaml rename to kubernetes/shared/templates/components/volsync/remote/externalsecret.yaml diff --git a/kubernetes/shared/components/volsync/remote/kustomization.yaml b/kubernetes/shared/templates/components/volsync/remote/kustomization.yaml similarity index 100% rename from kubernetes/shared/components/volsync/remote/kustomization.yaml rename to kubernetes/shared/templates/components/volsync/remote/kustomization.yaml diff --git a/kubernetes/shared/components/volsync/remote/replicationsource.yaml b/kubernetes/shared/templates/components/volsync/remote/replicationsource.yaml similarity index 100% rename from kubernetes/shared/components/volsync/remote/replicationsource.yaml rename to kubernetes/shared/templates/components/volsync/remote/replicationsource.yaml diff --git a/kubernetes/shared/repositories/git/kustomization.yaml b/kubernetes/shared/templates/repositories/git/kustomization.yaml similarity index 100% rename from kubernetes/shared/repositories/git/kustomization.yaml rename to kubernetes/shared/templates/repositories/git/kustomization.yaml diff --git a/kubernetes/shared/repositories/helm/actions-runner-controller.yaml b/kubernetes/shared/templates/repositories/helm/actions-runner-controller.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/actions-runner-controller.yaml rename to kubernetes/shared/templates/repositories/helm/actions-runner-controller.yaml diff --git a/kubernetes/shared/repositories/helm/backube.yaml b/kubernetes/shared/templates/repositories/helm/backube.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/backube.yaml rename to kubernetes/shared/templates/repositories/helm/backube.yaml diff --git a/kubernetes/shared/repositories/helm/bjw-s.yaml b/kubernetes/shared/templates/repositories/helm/bjw-s.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/bjw-s.yaml rename to kubernetes/shared/templates/repositories/helm/bjw-s.yaml diff --git a/kubernetes/shared/repositories/helm/cilium.yaml b/kubernetes/shared/templates/repositories/helm/cilium.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/cilium.yaml rename to kubernetes/shared/templates/repositories/helm/cilium.yaml diff --git a/kubernetes/shared/repositories/helm/controlplaneio.yaml b/kubernetes/shared/templates/repositories/helm/controlplaneio.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/controlplaneio.yaml rename to kubernetes/shared/templates/repositories/helm/controlplaneio.yaml diff --git a/kubernetes/shared/repositories/helm/coredns.yaml b/kubernetes/shared/templates/repositories/helm/coredns.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/coredns.yaml rename to kubernetes/shared/templates/repositories/helm/coredns.yaml diff --git a/kubernetes/shared/repositories/helm/descheduler.yaml b/kubernetes/shared/templates/repositories/helm/descheduler.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/descheduler.yaml rename to kubernetes/shared/templates/repositories/helm/descheduler.yaml diff --git a/kubernetes/shared/repositories/helm/external-dns.yaml b/kubernetes/shared/templates/repositories/helm/external-dns.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/external-dns.yaml rename to kubernetes/shared/templates/repositories/helm/external-dns.yaml diff --git a/kubernetes/shared/repositories/helm/external-secrets.yaml b/kubernetes/shared/templates/repositories/helm/external-secrets.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/external-secrets.yaml rename to kubernetes/shared/templates/repositories/helm/external-secrets.yaml diff --git a/kubernetes/shared/repositories/helm/fluxcd-community.yaml b/kubernetes/shared/templates/repositories/helm/fluxcd-community.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/fluxcd-community.yaml rename to kubernetes/shared/templates/repositories/helm/fluxcd-community.yaml diff --git a/kubernetes/shared/repositories/helm/fluxcd-kustomize-mutating-webhook.yaml b/kubernetes/shared/templates/repositories/helm/fluxcd-kustomize-mutating-webhook.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/fluxcd-kustomize-mutating-webhook.yaml rename to kubernetes/shared/templates/repositories/helm/fluxcd-kustomize-mutating-webhook.yaml diff --git a/kubernetes/shared/repositories/helm/grafana.yaml b/kubernetes/shared/templates/repositories/helm/grafana.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/grafana.yaml rename to kubernetes/shared/templates/repositories/helm/grafana.yaml diff --git a/kubernetes/shared/repositories/helm/ingress-nginx.yaml b/kubernetes/shared/templates/repositories/helm/ingress-nginx.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/ingress-nginx.yaml rename to kubernetes/shared/templates/repositories/helm/ingress-nginx.yaml diff --git a/kubernetes/shared/repositories/helm/intel.yaml b/kubernetes/shared/templates/repositories/helm/intel.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/intel.yaml rename to kubernetes/shared/templates/repositories/helm/intel.yaml diff --git a/kubernetes/shared/repositories/helm/jetstack.yaml b/kubernetes/shared/templates/repositories/helm/jetstack.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/jetstack.yaml rename to kubernetes/shared/templates/repositories/helm/jetstack.yaml diff --git a/kubernetes/shared/repositories/helm/kubernetes-sigs-nfd.yaml b/kubernetes/shared/templates/repositories/helm/kubernetes-sigs-nfd.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/kubernetes-sigs-nfd.yaml rename to kubernetes/shared/templates/repositories/helm/kubernetes-sigs-nfd.yaml diff --git a/kubernetes/shared/repositories/helm/kustomization.yaml b/kubernetes/shared/templates/repositories/helm/kustomization.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/kustomization.yaml rename to kubernetes/shared/templates/repositories/helm/kustomization.yaml diff --git a/kubernetes/shared/repositories/helm/metrics-server.yaml b/kubernetes/shared/templates/repositories/helm/metrics-server.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/metrics-server.yaml rename to kubernetes/shared/templates/repositories/helm/metrics-server.yaml diff --git a/kubernetes/shared/repositories/helm/openebs.yaml b/kubernetes/shared/templates/repositories/helm/openebs.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/openebs.yaml rename to kubernetes/shared/templates/repositories/helm/openebs.yaml diff --git a/kubernetes/shared/repositories/helm/piraeus.yaml b/kubernetes/shared/templates/repositories/helm/piraeus.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/piraeus.yaml rename to kubernetes/shared/templates/repositories/helm/piraeus.yaml diff --git a/kubernetes/shared/repositories/helm/prometheus-community.yaml b/kubernetes/shared/templates/repositories/helm/prometheus-community.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/prometheus-community.yaml rename to kubernetes/shared/templates/repositories/helm/prometheus-community.yaml diff --git a/kubernetes/shared/repositories/helm/spegel.yaml b/kubernetes/shared/templates/repositories/helm/spegel.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/spegel.yaml rename to kubernetes/shared/templates/repositories/helm/spegel.yaml diff --git a/kubernetes/shared/repositories/helm/stakater.yaml b/kubernetes/shared/templates/repositories/helm/stakater.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/stakater.yaml rename to kubernetes/shared/templates/repositories/helm/stakater.yaml diff --git a/kubernetes/shared/repositories/helm/weave-gitops.yaml b/kubernetes/shared/templates/repositories/helm/weave-gitops.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/weave-gitops.yaml rename to kubernetes/shared/templates/repositories/helm/weave-gitops.yaml diff --git a/kubernetes/shared/repositories/helm/wiremind.yaml b/kubernetes/shared/templates/repositories/helm/wiremind.yaml similarity index 100% rename from kubernetes/shared/repositories/helm/wiremind.yaml rename to kubernetes/shared/templates/repositories/helm/wiremind.yaml diff --git a/kubernetes/shared/repositories/kustomization.yaml b/kubernetes/shared/templates/repositories/kustomization.yaml similarity index 100% rename from kubernetes/shared/repositories/kustomization.yaml rename to kubernetes/shared/templates/repositories/kustomization.yaml diff --git a/kubernetes/shared/repositories/oci/kustomization.yaml b/kubernetes/shared/templates/repositories/oci/kustomization.yaml similarity index 100% rename from kubernetes/shared/repositories/oci/kustomization.yaml rename to kubernetes/shared/templates/repositories/oci/kustomization.yaml