feat!: deploy flux with helm #3481
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
smurf-bot
bot
added
area/kubernetes
--- kubernetes/main/apps/flux-system/addons/webhooks Kustomization: flux-system/flux-webhooks ExternalSecret: flux-system/github-webhook-token-secret
+++ kubernetes/main/apps/flux-system/addons/webhooks Kustomization: flux-system/flux-webhooks ExternalSecret: flux-system/github-webhook-token-secret
@@ -1,24 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- app.kubernetes.io/name: flux-webhooks
- kustomize.toolkit.fluxcd.io/name: flux-webhooks
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: github-webhook-token-secret
- namespace: flux-system
-spec:
- dataFrom:
- - extract:
- key: flux
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- name: github-webhook-token-secret
- template:
- data:
- token: '{{ .FLUX_GITHUB_WEBHOOK_TOKEN }}'
- engineVersion: v2
-
--- kubernetes/main/apps/flux-system/addons/webhooks Kustomization: flux-system/flux-webhooks Ingress: flux-system/webhook-receiver
+++ kubernetes/main/apps/flux-system/addons/webhooks Kustomization: flux-system/flux-webhooks Ingress: flux-system/webhook-receiver
@@ -1,24 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- labels:
- app.kubernetes.io/name: flux-webhooks
- kustomize.toolkit.fluxcd.io/name: flux-webhooks
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: webhook-receiver
- namespace: flux-system
-spec:
- ingressClassName: external
- rules:
- - host: flux-webhook...PLACEHOLDER_SECRET_DOMAIN..
- http:
- paths:
- - backend:
- service:
- name: webhook-receiver
- port:
- number: 80
- path: /hook/
- pathType: Prefix
-
--- kubernetes/main/apps/flux-system/addons/webhooks Kustomization: flux-system/flux-webhooks Receiver: flux-system/home-ops
+++ kubernetes/main/apps/flux-system/addons/webhooks Kustomization: flux-system/flux-webhooks Receiver: flux-system/home-ops
@@ -1,31 +0,0 @@
----
-apiVersion: notification.toolkit.fluxcd.io/v1
-kind: Receiver
-metadata:
- labels:
- app.kubernetes.io/name: flux-webhooks
- kustomize.toolkit.fluxcd.io/name: flux-webhooks
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: home-ops
- namespace: flux-system
-spec:
- events:
- - ping
- - push
- resources:
- - apiVersion: source.toolkit.fluxcd.io/v1
- kind: GitRepository
- name: home-kubernetes
- namespace: flux-system
- - apiVersion: kustomize.toolkit.fluxcd.io/v1
- kind: Kustomization
- name: cluster
- namespace: flux-system
- - apiVersion: kustomize.toolkit.fluxcd.io/v1
- kind: Kustomization
- name: cluster-apps
- namespace: flux-system
- secretRef:
- name: github-webhook-token-secret
- type: github
-
--- kubernetes/shared Kustomization: flux-system/cluster-shared HelmRepository: flux-system/fluxcd-community
+++ kubernetes/shared Kustomization: flux-system/cluster-shared HelmRepository: flux-system/fluxcd-community
@@ -0,0 +1,14 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-shared
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: fluxcd-community
+ namespace: flux-system
+spec:
+ interval: 5m
+ type: oci
+ url: oci://ghcr.io/fluxcd-community/charts
+
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-webhooks
+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-webhooks
@@ -1,41 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster-apps
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: flux-webhooks
- namespace: flux-system
-spec:
- commonMetadata:
- labels:
- app.kubernetes.io/name: flux-webhooks
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- interval: 30m
- path: ./kubernetes/main/apps/flux-system/addons/webhooks
- postBuild:
- substituteFrom:
- - kind: ConfigMap
- name: cluster-settings
- optional: true
- - kind: ConfigMap
- name: cluster-settings-main
- optional: true
- - kind: Secret
- name: cluster-secrets
- optional: true
- - kind: Secret
- name: cluster-secrets-main
- optional: true
- prune: true
- sourceRef:
- kind: GitRepository
- name: home-kubernetes
- targetNamespace: flux-system
- timeout: 5m
- wait: true
-
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux
+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux
@@ -0,0 +1,41 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: flux
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ interval: 30m
+ path: ./kubernetes/main/apps/flux-system/flux/app
+ postBuild:
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ optional: true
+ - kind: ConfigMap
+ name: cluster-settings-main
+ optional: true
+ - kind: Secret
+ name: cluster-secrets
+ optional: true
+ - kind: Secret
+ name: cluster-secrets-main
+ optional: true
+ prune: false
+ sourceRef:
+ kind: GitRepository
+ name: home-kubernetes
+ targetNamespace: flux-system
+ timeout: 5m
+ wait: false
+
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-github
+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-github
@@ -0,0 +1,43 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-github
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ dependsOn:
+ - name: external-secrets-stores
+ interval: 30m
+ path: ./kubernetes/main/apps/flux-system/flux/github
+ postBuild:
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ optional: true
+ - kind: ConfigMap
+ name: cluster-settings-main
+ optional: true
+ - kind: Secret
+ name: cluster-secrets
+ optional: true
+ - kind: Secret
+ name: cluster-secrets-main
+ optional: true
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-kubernetes
+ targetNamespace: flux-system
+ timeout: 5m
+ wait: false
+
--- kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux HelmRelease: flux-system/flux
+++ kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux HelmRelease: flux-system/flux
@@ -0,0 +1,32 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ app.kubernetes.io/name: flux
+ kustomize.toolkit.fluxcd.io/name: flux
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux
+ namespace: flux-system
+spec:
+ chart:
+ spec:
+ chart: flux2
+ sourceRef:
+ kind: HelmRepository
+ name: fluxcd-community
+ namespace: flux-system
+ version: 2.14.0
+ install:
+ remediation:
+ retries: 3
+ interval: 30m
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ strategy: rollback
+ valuesFrom:
+ - kind: ConfigMap
+ name: flux-helm-values-9bg766dm6d
+
--- kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux PrometheusRule: flux-system/flux-rules
+++ kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux PrometheusRule: flux-system/flux-rules
@@ -0,0 +1,35 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ labels:
+ app.kubernetes.io/name: flux
+ kustomize.toolkit.fluxcd.io/name: flux
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-rules
+ namespace: flux-system
+spec:
+ groups:
+ - name: flux.rules
+ rules:
+ - alert: FluxComponentAbsent
+ annotations:
+ summary: Flux component has disappeared from Prometheus target discovery.
+ expr: |
+ absent(up{job=~".*flux-system.*"} == 1)
+ for: 15m
+ labels:
+ severity: critical
+ - alert: FluxReconciliationFailure
+ annotations:
+ summary: '{{ $labels.kind }} {{ $labels.namespace }}/{{ $labels.name }} reconciliation
+ has been failing for more than 15 minutes.'
+ expr: |
+ max(gotk_reconcile_condition{status="False",type="Ready"}) by (namespace, name, kind)
+ +
+ on(namespace, name, kind) (max(gotk_reconcile_condition{status="Deleted"})
+ by (namespace, name, kind)) * 2 == 1
+ for: 15m
+ labels:
+ severity: critical
+
--- kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux ConfigMap: flux-system/flux-helm-values-9bg766dm6d
+++ kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux ConfigMap: flux-system/flux-helm-values-9bg766dm6d
@@ -0,0 +1,86 @@
+---
+apiVersion: v1
+data:
+ values.yaml: |
+ ---
+ crds:
+ annotations:
+ helm.sh/resource-policy: keep
+
+ helmController:
+ container:
+ additionalArgs:
+ # Increase the number of workers and limits
+ # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits
+ - --concurrent=10
+ - --requeue-dependency=5s
+ # Flux near OOM detection for Helm
+ # Ref: https://fluxcd.io/flux/installation/configuration/helm-oom-detection/
+ - --feature-gates=OOMWatch=true
+ - --oom-watch-memory-threshold=95
+ - --oom-watch-interval=500ms
+ resources:
+ requests:
+ cpu: 100m
+ limits:
+ memory: 2Gi
+
+ imageAutomationController:
+ create: false
+
+ imageReflectionController:
+ create: false
+
+ kustomizeController:
+ container:
+ additionalArgs:
+ # Increase the number of workers and limits
+ # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits
+ - --concurrent=10
+ - --requeue-dependency=5s
+ resources:
+ requests:
+ cpu: 100m
+ limits:
+ memory: 2Gi
+
+ notificationController:
+ resources:
+ requests:
+ cpu: 100m
+ limits:
+ memory: 2Gi
+
+ sourceController:
+ container:
+ additionalArgs:
+ # Enable Helm repositories caching
+ # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-helm-repositories-caching
+ - --helm-cache-max-size=10
+ - --helm-cache-ttl=60m
+ - --helm-cache-purge-interval=5m
+ # Increase the number of workers and limits
+ # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits
+ - --concurrent=10
+ - --requeue-dependency=5s
+ resources:
+ requests:
+ cpu: 100m
+ limits:
+ memory: 2Gi
+
+ policies:
+ create: false
+
+ prometheus:
+ podMonitor:
+ create: true
+kind: ConfigMap
+metadata:
+ labels:
+ app.kubernetes.io/name: flux
+ kustomize.toolkit.fluxcd.io/name: flux
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-helm-values-9bg766dm6d
+ namespace: flux-system
+
--- kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github ExternalSecret: flux-system/github-webhook-token-secret
+++ kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github ExternalSecret: flux-system/github-webhook-token-secret
@@ -0,0 +1,24 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: github-webhook-token-secret
+ namespace: flux-system
+spec:
+ dataFrom:
+ - extract:
+ key: flux
+ secretStoreRef:
+ kind: ClusterSecretStore
+ name: onepassword-connect
+ target:
+ name: github-webhook-token-secret
+ template:
+ data:
+ token: '{{ .FLUX_GITHUB_WEBHOOK_TOKEN }}'
+ engineVersion: v2
+
--- kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github Ingress: flux-system/webhook-receiver
+++ kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github Ingress: flux-system/webhook-receiver
@@ -0,0 +1,24 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: webhook-receiver
+ namespace: flux-system
+spec:
+ ingressClassName: external
+ rules:
+ - host: flux-webhook...PLACEHOLDER_SECRET_DOMAIN..
+ http:
+ paths:
+ - backend:
+ service:
+ name: webhook-receiver
+ port:
+ number: 80
+ path: /hook/
+ pathType: Prefix
+
--- kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github Receiver: flux-system/home-ops
+++ kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github Receiver: flux-system/home-ops
@@ -0,0 +1,31 @@
+---
+apiVersion: notification.toolkit.fluxcd.io/v1
+kind: Receiver
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: home-ops
+ namespace: flux-system
+spec:
+ events:
+ - ping
+ - push
+ resources:
+ - apiVersion: source.toolkit.fluxcd.io/v1
+ kind: GitRepository
+ name: home-kubernetes
+ namespace: flux-system
+ - apiVersion: kustomize.toolkit.fluxcd.io/v1
+ kind: Kustomization
+ name: cluster
+ namespace: flux-system
+ - apiVersion: kustomize.toolkit.fluxcd.io/v1
+ kind: Kustomization
+ name: cluster-apps
+ namespace: flux-system
+ secretRef:
+ name: github-webhook-token-secret
+ type: github
+ |
--- kubernetes/main/apps/flux-system/addons/webhooks Kustomization: flux-system/flux-webhooks ExternalSecret: flux-system/github-webhook-token-secret
+++ kubernetes/main/apps/flux-system/addons/webhooks Kustomization: flux-system/flux-webhooks ExternalSecret: flux-system/github-webhook-token-secret
@@ -1,24 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- app.kubernetes.io/name: flux-webhooks
- kustomize.toolkit.fluxcd.io/name: flux-webhooks
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: github-webhook-token-secret
- namespace: flux-system
-spec:
- dataFrom:
- - extract:
- key: flux
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- name: github-webhook-token-secret
- template:
- data:
- token: '{{ .FLUX_GITHUB_WEBHOOK_TOKEN }}'
- engineVersion: v2
-
--- kubernetes/main/apps/flux-system/addons/webhooks Kustomization: flux-system/flux-webhooks Ingress: flux-system/webhook-receiver
+++ kubernetes/main/apps/flux-system/addons/webhooks Kustomization: flux-system/flux-webhooks Ingress: flux-system/webhook-receiver
@@ -1,24 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- labels:
- app.kubernetes.io/name: flux-webhooks
- kustomize.toolkit.fluxcd.io/name: flux-webhooks
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: webhook-receiver
- namespace: flux-system
-spec:
- ingressClassName: external
- rules:
- - host: flux-webhook...PLACEHOLDER_SECRET_DOMAIN..
- http:
- paths:
- - backend:
- service:
- name: webhook-receiver
- port:
- number: 80
- path: /hook/
- pathType: Prefix
-
--- kubernetes/main/apps/flux-system/addons/webhooks Kustomization: flux-system/flux-webhooks Receiver: flux-system/home-ops
+++ kubernetes/main/apps/flux-system/addons/webhooks Kustomization: flux-system/flux-webhooks Receiver: flux-system/home-ops
@@ -1,31 +0,0 @@
----
-apiVersion: notification.toolkit.fluxcd.io/v1
-kind: Receiver
-metadata:
- labels:
- app.kubernetes.io/name: flux-webhooks
- kustomize.toolkit.fluxcd.io/name: flux-webhooks
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: home-ops
- namespace: flux-system
-spec:
- events:
- - ping
- - push
- resources:
- - apiVersion: source.toolkit.fluxcd.io/v1
- kind: GitRepository
- name: home-kubernetes
- namespace: flux-system
- - apiVersion: kustomize.toolkit.fluxcd.io/v1
- kind: Kustomization
- name: cluster
- namespace: flux-system
- - apiVersion: kustomize.toolkit.fluxcd.io/v1
- kind: Kustomization
- name: cluster-apps
- namespace: flux-system
- secretRef:
- name: github-webhook-token-secret
- type: github
-
--- kubernetes/shared Kustomization: flux-system/cluster-shared HelmRepository: flux-system/fluxcd-community
+++ kubernetes/shared Kustomization: flux-system/cluster-shared HelmRepository: flux-system/fluxcd-community
@@ -0,0 +1,14 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-shared
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: fluxcd-community
+ namespace: flux-system
+spec:
+ interval: 5m
+ type: oci
+ url: oci://ghcr.io/fluxcd-community/charts
+
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-webhooks
+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-webhooks
@@ -1,41 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster-apps
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: flux-webhooks
- namespace: flux-system
-spec:
- commonMetadata:
- labels:
- app.kubernetes.io/name: flux-webhooks
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- interval: 30m
- path: ./kubernetes/main/apps/flux-system/addons/webhooks
- postBuild:
- substituteFrom:
- - kind: ConfigMap
- name: cluster-settings
- optional: true
- - kind: ConfigMap
- name: cluster-settings-main
- optional: true
- - kind: Secret
- name: cluster-secrets
- optional: true
- - kind: Secret
- name: cluster-secrets-main
- optional: true
- prune: true
- sourceRef:
- kind: GitRepository
- name: home-kubernetes
- targetNamespace: flux-system
- timeout: 5m
- wait: true
-
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux
+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux
@@ -0,0 +1,41 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: flux
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ interval: 30m
+ path: ./kubernetes/main/apps/flux-system/flux/app
+ postBuild:
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ optional: true
+ - kind: ConfigMap
+ name: cluster-settings-main
+ optional: true
+ - kind: Secret
+ name: cluster-secrets
+ optional: true
+ - kind: Secret
+ name: cluster-secrets-main
+ optional: true
+ prune: false
+ sourceRef:
+ kind: GitRepository
+ name: home-kubernetes
+ targetNamespace: flux-system
+ timeout: 5m
+ wait: false
+
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-github
+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-github
@@ -0,0 +1,43 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-github
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ dependsOn:
+ - name: external-secrets-stores
+ interval: 30m
+ path: ./kubernetes/main/apps/flux-system/flux/github
+ postBuild:
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ optional: true
+ - kind: ConfigMap
+ name: cluster-settings-main
+ optional: true
+ - kind: Secret
+ name: cluster-secrets
+ optional: true
+ - kind: Secret
+ name: cluster-secrets-main
+ optional: true
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: home-kubernetes
+ targetNamespace: flux-system
+ timeout: 5m
+ wait: false
+
--- kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux HelmRelease: flux-system/flux
+++ kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux HelmRelease: flux-system/flux
@@ -0,0 +1,32 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ app.kubernetes.io/name: flux
+ kustomize.toolkit.fluxcd.io/name: flux
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux
+ namespace: flux-system
+spec:
+ chart:
+ spec:
+ chart: flux2
+ sourceRef:
+ kind: HelmRepository
+ name: fluxcd-community
+ namespace: flux-system
+ version: 2.14.0
+ install:
+ remediation:
+ retries: 3
+ interval: 30m
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ strategy: rollback
+ valuesFrom:
+ - kind: ConfigMap
+ name: flux-helm-values-9bg766dm6d
+
--- kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux PrometheusRule: flux-system/flux-rules
+++ kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux PrometheusRule: flux-system/flux-rules
@@ -0,0 +1,35 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ labels:
+ app.kubernetes.io/name: flux
+ kustomize.toolkit.fluxcd.io/name: flux
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-rules
+ namespace: flux-system
+spec:
+ groups:
+ - name: flux.rules
+ rules:
+ - alert: FluxComponentAbsent
+ annotations:
+ summary: Flux component has disappeared from Prometheus target discovery.
+ expr: |
+ absent(up{job=~".*flux-system.*"} == 1)
+ for: 15m
+ labels:
+ severity: critical
+ - alert: FluxReconciliationFailure
+ annotations:
+ summary: '{{ $labels.kind }} {{ $labels.namespace }}/{{ $labels.name }} reconciliation
+ has been failing for more than 15 minutes.'
+ expr: |
+ max(gotk_reconcile_condition{status="False",type="Ready"}) by (namespace, name, kind)
+ +
+ on(namespace, name, kind) (max(gotk_reconcile_condition{status="Deleted"})
+ by (namespace, name, kind)) * 2 == 1
+ for: 15m
+ labels:
+ severity: critical
+
--- kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux ConfigMap: flux-system/flux-helm-values-9bg766dm6d
+++ kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux ConfigMap: flux-system/flux-helm-values-9bg766dm6d
@@ -0,0 +1,86 @@
+---
+apiVersion: v1
+data:
+ values.yaml: |
+ ---
+ crds:
+ annotations:
+ helm.sh/resource-policy: keep
+
+ helmController:
+ container:
+ additionalArgs:
+ # Increase the number of workers and limits
+ # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits
+ - --concurrent=10
+ - --requeue-dependency=5s
+ # Flux near OOM detection for Helm
+ # Ref: https://fluxcd.io/flux/installation/configuration/helm-oom-detection/
+ - --feature-gates=OOMWatch=true
+ - --oom-watch-memory-threshold=95
+ - --oom-watch-interval=500ms
+ resources:
+ requests:
+ cpu: 100m
+ limits:
+ memory: 2Gi
+
+ imageAutomationController:
+ create: false
+
+ imageReflectionController:
+ create: false
+
+ kustomizeController:
+ container:
+ additionalArgs:
+ # Increase the number of workers and limits
+ # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits
+ - --concurrent=10
+ - --requeue-dependency=5s
+ resources:
+ requests:
+ cpu: 100m
+ limits:
+ memory: 2Gi
+
+ notificationController:
+ resources:
+ requests:
+ cpu: 100m
+ limits:
+ memory: 2Gi
+
+ sourceController:
+ container:
+ additionalArgs:
+ # Enable Helm repositories caching
+ # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-helm-repositories-caching
+ - --helm-cache-max-size=10
+ - --helm-cache-ttl=60m
+ - --helm-cache-purge-interval=5m
+ # Increase the number of workers and limits
+ # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits
+ - --concurrent=10
+ - --requeue-dependency=5s
+ resources:
+ requests:
+ cpu: 100m
+ limits:
+ memory: 2Gi
+
+ policies:
+ create: false
+
+ prometheus:
+ podMonitor:
+ create: true
+kind: ConfigMap
+metadata:
+ labels:
+ app.kubernetes.io/name: flux
+ kustomize.toolkit.fluxcd.io/name: flux
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-helm-values-9bg766dm6d
+ namespace: flux-system
+
--- kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github ExternalSecret: flux-system/github-webhook-token-secret
+++ kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github ExternalSecret: flux-system/github-webhook-token-secret
@@ -0,0 +1,24 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: github-webhook-token-secret
+ namespace: flux-system
+spec:
+ dataFrom:
+ - extract:
+ key: flux
+ secretStoreRef:
+ kind: ClusterSecretStore
+ name: onepassword-connect
+ target:
+ name: github-webhook-token-secret
+ template:
+ data:
+ token: '{{ .FLUX_GITHUB_WEBHOOK_TOKEN }}'
+ engineVersion: v2
+
--- kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github Ingress: flux-system/webhook-receiver
+++ kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github Ingress: flux-system/webhook-receiver
@@ -0,0 +1,24 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: webhook-receiver
+ namespace: flux-system
+spec:
+ ingressClassName: external
+ rules:
+ - host: flux-webhook...PLACEHOLDER_SECRET_DOMAIN..
+ http:
+ paths:
+ - backend:
+ service:
+ name: webhook-receiver
+ port:
+ number: 80
+ path: /hook/
+ pathType: Prefix
+
--- kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github Receiver: flux-system/home-ops
+++ kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github Receiver: flux-system/home-ops
@@ -0,0 +1,31 @@
+---
+apiVersion: notification.toolkit.fluxcd.io/v1
+kind: Receiver
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: home-ops
+ namespace: flux-system
+spec:
+ events:
+ - ping
+ - push
+ resources:
+ - apiVersion: source.toolkit.fluxcd.io/v1
+ kind: GitRepository
+ name: home-kubernetes
+ namespace: flux-system
+ - apiVersion: kustomize.toolkit.fluxcd.io/v1
+ kind: Kustomization
+ name: cluster
+ namespace: flux-system
+ - apiVersion: kustomize.toolkit.fluxcd.io/v1
+ kind: Kustomization
+ name: cluster-apps
+ namespace: flux-system
+ secretRef:
+ name: github-webhook-token-secret
+ type: github
+ |
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/helm-controller
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/helm-controller
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: helm-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ name: helm-controller
+
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/kustomize-controller
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/kustomize-controller
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: kustomize-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ name: kustomize-controller
+
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/notification-controller
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/notification-controller
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: notification-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ name: notification-controller
+
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/source-controller
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/source-controller
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: source-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ name: source-controller
+
--- HelmRelease: flux-system/flux ClusterRole: flux-system/flux-edit
+++ HelmRelease: flux-system/flux ClusterRole: flux-system/flux-edit
@@ -0,0 +1,24 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: flux-edit
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-edit: 'true'
+ rbac.authorization.k8s.io/aggregate-to-admin: 'true'
+rules:
+- apiGroups:
+ - notification.toolkit.fluxcd.io
+ - source.toolkit.fluxcd.io
+ - helm.toolkit.fluxcd.io
+ - image.toolkit.fluxcd.io
+ - kustomize.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - patch
+ - update
+
--- HelmRelease: flux-system/flux ClusterRole: flux-system/flux-view
+++ HelmRelease: flux-system/flux ClusterRole: flux-system/flux-view
@@ -0,0 +1,23 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: flux-view
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-admin: 'true'
+ rbac.authorization.k8s.io/aggregate-to-edit: 'true'
+ rbac.authorization.k8s.io/aggregate-to-view: 'true'
+rules:
+- apiGroups:
+ - notification.toolkit.fluxcd.io
+ - source.toolkit.fluxcd.io
+ - helm.toolkit.fluxcd.io
+ - image.toolkit.fluxcd.io
+ - kustomize.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - get
+ - list
+ - watch
+
--- HelmRelease: flux-system/flux ClusterRole: flux-system/crd-controller
+++ HelmRelease: flux-system/flux ClusterRole: flux-system/crd-controller
@@ -0,0 +1,91 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: crd-controller
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+rules:
+- apiGroups:
+ - source.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - kustomize.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - helm.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - notification.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - image.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - ''
+ resources:
+ - namespaces
+ - secrets
+ - configmaps
+ - serviceaccounts
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ''
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - ''
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ''
+ resources:
+ - configmaps/status
+ verbs:
+ - get
+ - update
+ - patch
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+
--- HelmRelease: flux-system/flux ClusterRoleBinding: flux-system/cluster-reconciler
+++ HelmRelease: flux-system/flux ClusterRoleBinding: flux-system/cluster-reconciler
@@ -0,0 +1,21 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ name: cluster-reconciler
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+- kind: ServiceAccount
+ name: kustomize-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: helm-controller
+ namespace: flux-system
+
--- HelmRelease: flux-system/flux ClusterRoleBinding: flux-system/crd-controller
+++ HelmRelease: flux-system/flux ClusterRoleBinding: flux-system/crd-controller
@@ -0,0 +1,33 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: crd-controller
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: crd-controller
+subjects:
+- kind: ServiceAccount
+ name: kustomize-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: helm-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: source-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: notification-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: image-reflector-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: image-automation-controller
+ namespace: flux-system
+
--- HelmRelease: flux-system/flux Service: flux-system/notification-controller
+++ HelmRelease: flux-system/flux Service: flux-system/notification-controller
@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ control-plane: controller
+ name: notification-controller
+spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http
+ selector:
+ app: notification-controller
+ type: ClusterIP
+
--- HelmRelease: flux-system/flux Service: flux-system/webhook-receiver
+++ HelmRelease: flux-system/flux Service: flux-system/webhook-receiver
@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ control-plane: controller
+ name: webhook-receiver
+spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 9292
+ selector:
+ app: notification-controller
+ type: ClusterIP
+
--- HelmRelease: flux-system/flux Service: flux-system/source-controller
+++ HelmRelease: flux-system/flux Service: flux-system/source-controller
@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ control-plane: controller
+ name: source-controller
+spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http
+ selector:
+ app: source-controller
+ type: ClusterIP
+
--- HelmRelease: flux-system/flux Deployment: flux-system/helm-controller
+++ HelmRelease: flux-system/flux Deployment: flux-system/helm-controller
@@ -0,0 +1,83 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: helm-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ control-plane: controller
+ name: helm-controller
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: helm-controller
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: '8080'
+ prometheus.io/scrape: 'true'
+ labels:
+ app: helm-controller
+ spec:
+ automountServiceAccountToken: true
+ containers:
+ - args:
+ - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ - --concurrent=10
+ - --requeue-dependency=5s
+ - --feature-gates=OOMWatch=true
+ - --oom-watch-memory-threshold=95
+ - --oom-watch-interval=500ms
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: ghcr.io/fluxcd/helm-controller:v1.1.0
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 8080
+ name: http-prom
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources:
+ limits:
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - mountPath: /tmp
+ name: temp
+ serviceAccountName: helm-controller
+ terminationGracePeriodSeconds: 600
+ volumes:
+ - emptyDir: {}
+ name: temp
+
--- HelmRelease: flux-system/flux Deployment: flux-system/kustomize-controller
+++ HelmRelease: flux-system/flux Deployment: flux-system/kustomize-controller
@@ -0,0 +1,82 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: kustomize-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ control-plane: controller
+ name: kustomize-controller
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: kustomize-controller
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: '8080'
+ prometheus.io/scrape: 'true'
+ labels:
+ app: kustomize-controller
+ spec:
+ automountServiceAccountToken: true
+ containers:
+ - args:
+ - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ - --concurrent=10
+ - --requeue-dependency=5s
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: ghcr.io/fluxcd/kustomize-controller:v1.4.0
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 8080
+ name: http-prom
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources:
+ limits:
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - mountPath: /tmp
+ name: temp
+ securityContext:
+ fsGroup: 1337
+ serviceAccountName: kustomize-controller
+ terminationGracePeriodSeconds: 60
+ volumes:
+ - emptyDir: {}
+ name: temp
+
--- HelmRelease: flux-system/flux Deployment: flux-system/notification-controller
+++ HelmRelease: flux-system/flux Deployment: flux-system/notification-controller
@@ -0,0 +1,84 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: notification-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ control-plane: controller
+ name: notification-controller
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: notification-controller
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: '8080'
+ prometheus.io/scrape: 'true'
+ labels:
+ app: notification-controller
+ spec:
+ automountServiceAccountToken: true
+ containers:
+ - args:
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: ghcr.io/fluxcd/notification-controller:v1.4.0
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9090
+ name: http
+ protocol: TCP
+ - containerPort: 9292
+ name: http-webhook
+ protocol: TCP
+ - containerPort: 8080
+ name: http-prom
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources:
+ limits:
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - mountPath: /tmp
+ name: temp
+ serviceAccountName: notification-controller
+ terminationGracePeriodSeconds: 10
+ volumes:
+ - emptyDir: {}
+ name: temp
+
--- HelmRelease: flux-system/flux Deployment: flux-system/source-controller
+++ HelmRelease: flux-system/flux Deployment: flux-system/source-controller
@@ -0,0 +1,97 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: source-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ control-plane: controller
+ name: source-controller
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: source-controller
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: '8080'
+ prometheus.io/scrape: 'true'
+ labels:
+ app: source-controller
+ spec:
+ automountServiceAccountToken: true
+ containers:
+ - args:
+ - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ - --storage-path=/data
+ - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
+ - --helm-cache-max-size=10
+ - --helm-cache-ttl=60m
+ - --helm-cache-purge-interval=5m
+ - --concurrent=10
+ - --requeue-dependency=5s
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: ghcr.io/fluxcd/source-controller:v1.4.1
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9090
+ name: http
+ protocol: TCP
+ - containerPort: 8080
+ name: http-prom
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /
+ port: http
+ resources:
+ limits:
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - mountPath: /data
+ name: data
+ - mountPath: /tmp
+ name: tmp
+ securityContext:
+ fsGroup: 1337
+ serviceAccountName: source-controller
+ terminationGracePeriodSeconds: 10
+ volumes:
+ - emptyDir: {}
+ name: data
+ - emptyDir: {}
+ name: tmp
+
--- HelmRelease: flux-system/flux PodMonitor: flux-system/flux
+++ HelmRelease: flux-system/flux PodMonitor: flux-system/flux
@@ -0,0 +1,32 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+ name: flux
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+spec:
+ namespaceSelector:
+ matchNames:
+ - flux-system
+ selector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - helm-controller
+ - source-controller
+ - kustomize-controller
+ - notification-controller
+ - image-automation-controller
+ - image-reflector-controller
+ podMetricsEndpoints:
+ - port: http-prom
+ relabelings:
+ - action: keep
+ regex: Running
+ sourceLabels:
+ - __meta_kubernetes_pod_phase
+
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/flux-flux-check
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/flux-flux-check
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ name: flux-flux-check
+ annotations:
+ helm.sh/hook: pre-install
+ helm.sh/hook-weight: '-10'
+ helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+
--- HelmRelease: flux-system/flux Job: flux-system/flux-flux-check
+++ HelmRelease: flux-system/flux Job: flux-system/flux-flux-check
@@ -0,0 +1,45 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: flux-flux-check
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ annotations:
+ helm.sh/hook: pre-install
+ helm.sh/hook-weight: '-5'
+ helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+spec:
+ backoffLimit: 1
+ template:
+ metadata:
+ name: flux
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ spec:
+ restartPolicy: Never
+ serviceAccountName: flux-flux-check
+ automountServiceAccountToken: true
+ containers:
+ - name: flux-cli
+ image: ghcr.io/fluxcd/flux-cli:v2.4.0
+ command:
+ - /usr/local/bin/flux
+ - check
+ - --pre
+ - --namespace
+ - flux-system
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ |
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/helm-controller
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/helm-controller
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: helm-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ name: helm-controller
+
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/kustomize-controller
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/kustomize-controller
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: kustomize-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ name: kustomize-controller
+
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/notification-controller
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/notification-controller
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: notification-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ name: notification-controller
+
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/source-controller
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/source-controller
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: source-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ name: source-controller
+
--- HelmRelease: flux-system/flux ClusterRole: flux-system/flux-edit
+++ HelmRelease: flux-system/flux ClusterRole: flux-system/flux-edit
@@ -0,0 +1,24 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: flux-edit
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-edit: 'true'
+ rbac.authorization.k8s.io/aggregate-to-admin: 'true'
+rules:
+- apiGroups:
+ - notification.toolkit.fluxcd.io
+ - source.toolkit.fluxcd.io
+ - helm.toolkit.fluxcd.io
+ - image.toolkit.fluxcd.io
+ - kustomize.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - patch
+ - update
+
--- HelmRelease: flux-system/flux ClusterRole: flux-system/flux-view
+++ HelmRelease: flux-system/flux ClusterRole: flux-system/flux-view
@@ -0,0 +1,23 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: flux-view
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-admin: 'true'
+ rbac.authorization.k8s.io/aggregate-to-edit: 'true'
+ rbac.authorization.k8s.io/aggregate-to-view: 'true'
+rules:
+- apiGroups:
+ - notification.toolkit.fluxcd.io
+ - source.toolkit.fluxcd.io
+ - helm.toolkit.fluxcd.io
+ - image.toolkit.fluxcd.io
+ - kustomize.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - get
+ - list
+ - watch
+
--- HelmRelease: flux-system/flux ClusterRole: flux-system/crd-controller
+++ HelmRelease: flux-system/flux ClusterRole: flux-system/crd-controller
@@ -0,0 +1,91 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: crd-controller
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+rules:
+- apiGroups:
+ - source.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - kustomize.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - helm.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - notification.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - image.toolkit.fluxcd.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - ''
+ resources:
+ - namespaces
+ - secrets
+ - configmaps
+ - serviceaccounts
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ''
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - ''
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ''
+ resources:
+ - configmaps/status
+ verbs:
+ - get
+ - update
+ - patch
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+
--- HelmRelease: flux-system/flux ClusterRoleBinding: flux-system/cluster-reconciler
+++ HelmRelease: flux-system/flux ClusterRoleBinding: flux-system/cluster-reconciler
@@ -0,0 +1,21 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ name: cluster-reconciler
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+- kind: ServiceAccount
+ name: kustomize-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: helm-controller
+ namespace: flux-system
+
--- HelmRelease: flux-system/flux ClusterRoleBinding: flux-system/crd-controller
+++ HelmRelease: flux-system/flux ClusterRoleBinding: flux-system/crd-controller
@@ -0,0 +1,33 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: crd-controller
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: crd-controller
+subjects:
+- kind: ServiceAccount
+ name: kustomize-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: helm-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: source-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: notification-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: image-reflector-controller
+ namespace: flux-system
+- kind: ServiceAccount
+ name: image-automation-controller
+ namespace: flux-system
+
--- HelmRelease: flux-system/flux Service: flux-system/notification-controller
+++ HelmRelease: flux-system/flux Service: flux-system/notification-controller
@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ control-plane: controller
+ name: notification-controller
+spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http
+ selector:
+ app: notification-controller
+ type: ClusterIP
+
--- HelmRelease: flux-system/flux Service: flux-system/webhook-receiver
+++ HelmRelease: flux-system/flux Service: flux-system/webhook-receiver
@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ control-plane: controller
+ name: webhook-receiver
+spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 9292
+ selector:
+ app: notification-controller
+ type: ClusterIP
+
--- HelmRelease: flux-system/flux Service: flux-system/source-controller
+++ HelmRelease: flux-system/flux Service: flux-system/source-controller
@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ control-plane: controller
+ name: source-controller
+spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: http
+ selector:
+ app: source-controller
+ type: ClusterIP
+
--- HelmRelease: flux-system/flux Deployment: flux-system/helm-controller
+++ HelmRelease: flux-system/flux Deployment: flux-system/helm-controller
@@ -0,0 +1,83 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: helm-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ control-plane: controller
+ name: helm-controller
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: helm-controller
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: '8080'
+ prometheus.io/scrape: 'true'
+ labels:
+ app: helm-controller
+ spec:
+ automountServiceAccountToken: true
+ containers:
+ - args:
+ - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ - --concurrent=10
+ - --requeue-dependency=5s
+ - --feature-gates=OOMWatch=true
+ - --oom-watch-memory-threshold=95
+ - --oom-watch-interval=500ms
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: ghcr.io/fluxcd/helm-controller:v1.1.0
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 8080
+ name: http-prom
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources:
+ limits:
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - mountPath: /tmp
+ name: temp
+ serviceAccountName: helm-controller
+ terminationGracePeriodSeconds: 600
+ volumes:
+ - emptyDir: {}
+ name: temp
+
--- HelmRelease: flux-system/flux Deployment: flux-system/kustomize-controller
+++ HelmRelease: flux-system/flux Deployment: flux-system/kustomize-controller
@@ -0,0 +1,82 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: kustomize-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ control-plane: controller
+ name: kustomize-controller
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: kustomize-controller
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: '8080'
+ prometheus.io/scrape: 'true'
+ labels:
+ app: kustomize-controller
+ spec:
+ automountServiceAccountToken: true
+ containers:
+ - args:
+ - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ - --concurrent=10
+ - --requeue-dependency=5s
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: ghcr.io/fluxcd/kustomize-controller:v1.4.0
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 8080
+ name: http-prom
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources:
+ limits:
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - mountPath: /tmp
+ name: temp
+ securityContext:
+ fsGroup: 1337
+ serviceAccountName: kustomize-controller
+ terminationGracePeriodSeconds: 60
+ volumes:
+ - emptyDir: {}
+ name: temp
+
--- HelmRelease: flux-system/flux Deployment: flux-system/notification-controller
+++ HelmRelease: flux-system/flux Deployment: flux-system/notification-controller
@@ -0,0 +1,84 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: notification-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ control-plane: controller
+ name: notification-controller
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: notification-controller
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: '8080'
+ prometheus.io/scrape: 'true'
+ labels:
+ app: notification-controller
+ spec:
+ automountServiceAccountToken: true
+ containers:
+ - args:
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: ghcr.io/fluxcd/notification-controller:v1.4.0
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9090
+ name: http
+ protocol: TCP
+ - containerPort: 9292
+ name: http-webhook
+ protocol: TCP
+ - containerPort: 8080
+ name: http-prom
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources:
+ limits:
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - mountPath: /tmp
+ name: temp
+ serviceAccountName: notification-controller
+ terminationGracePeriodSeconds: 10
+ volumes:
+ - emptyDir: {}
+ name: temp
+
--- HelmRelease: flux-system/flux Deployment: flux-system/source-controller
+++ HelmRelease: flux-system/flux Deployment: flux-system/source-controller
@@ -0,0 +1,97 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: source-controller
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ control-plane: controller
+ name: source-controller
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: source-controller
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: '8080'
+ prometheus.io/scrape: 'true'
+ labels:
+ app: source-controller
+ spec:
+ automountServiceAccountToken: true
+ containers:
+ - args:
+ - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
+ - --watch-all-namespaces=true
+ - --log-level=info
+ - --log-encoding=json
+ - --enable-leader-election
+ - --storage-path=/data
+ - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
+ - --helm-cache-max-size=10
+ - --helm-cache-ttl=60m
+ - --helm-cache-purge-interval=5m
+ - --concurrent=10
+ - --requeue-dependency=5s
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: ghcr.io/fluxcd/source-controller:v1.4.1
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9090
+ name: http
+ protocol: TCP
+ - containerPort: 8080
+ name: http-prom
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /
+ port: http
+ resources:
+ limits:
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - mountPath: /data
+ name: data
+ - mountPath: /tmp
+ name: tmp
+ securityContext:
+ fsGroup: 1337
+ serviceAccountName: source-controller
+ terminationGracePeriodSeconds: 10
+ volumes:
+ - emptyDir: {}
+ name: data
+ - emptyDir: {}
+ name: tmp
+
--- HelmRelease: flux-system/flux PodMonitor: flux-system/flux
+++ HelmRelease: flux-system/flux PodMonitor: flux-system/flux
@@ -0,0 +1,32 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+ name: flux
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+spec:
+ namespaceSelector:
+ matchNames:
+ - flux-system
+ selector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - helm-controller
+ - source-controller
+ - kustomize-controller
+ - notification-controller
+ - image-automation-controller
+ - image-reflector-controller
+ podMetricsEndpoints:
+ - port: http-prom
+ relabelings:
+ - action: keep
+ regex: Running
+ sourceLabels:
+ - __meta_kubernetes_pod_phase
+
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/flux-flux-check
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/flux-flux-check
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ name: flux-flux-check
+ annotations:
+ helm.sh/hook: pre-install
+ helm.sh/hook-weight: '-10'
+ helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+
--- HelmRelease: flux-system/flux Job: flux-system/flux-flux-check
+++ HelmRelease: flux-system/flux Job: flux-system/flux-flux-check
@@ -0,0 +1,45 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: flux-flux-check
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ annotations:
+ helm.sh/hook: pre-install
+ helm.sh/hook-weight: '-5'
+ helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+spec:
+ backoffLimit: 1
+ template:
+ metadata:
+ name: flux
+ labels:
+ app.kubernetes.io/instance: flux-system
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/part-of: flux
+ spec:
+ restartPolicy: Never
+ serviceAccountName: flux-flux-check
+ automountServiceAccountToken: true
+ containers:
+ - name: flux-cli
+ image: ghcr.io/fluxcd/flux-cli:v2.4.0
+ command:
+ - /usr/local/bin/flux
+ - check
+ - --pre
+ - --namespace
+ - flux-system
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ |
joryirving
added a commit
that referenced
this pull request
Jan 7, 2025
feat!: deploy flux with helm
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
onedr0p/home-ops#8619