feat!: deploy flux with helm (#8619)

.taskfiles/bootstrap/Taskfile.yaml

@@ -65,7 +65,6 @@ tasks:
   flux:
     desc: Bootstrap Flux [CLUSTER=main]
     cmds:
-      - kubectl apply --server-side --kustomize {{.CLUSTER_DIR}}/bootstrap/apps
       - for: { var: TEMPLATES }
         cmd: op run --env-file {{.CLUSTER_DIR}}/bootstrap/bootstrap.env --no-masking -- minijinja-cli {{.ITEM}} | kubectl apply --server-side --filename -
       - kubectl apply --server-side --kustomize {{.CLUSTER_DIR}}/flux/config

kubernetes/main/apps/flux-system/flux/app/helm-values.yaml

@@ -0,0 +1,69 @@
+---
+helmController:
+  container:
+    additionalArgs:
+      # Increase the number of workers and limits
+      # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits
+      - --concurrent=10
+      - --requeue-dependency=5s
+      # Flux near OOM detection for Helm
+      # Ref: https://fluxcd.io/flux/installation/configuration/helm-oom-detection/
+      - --feature-gates=OOMWatch=true
+      - --oom-watch-memory-threshold=95
+      - --oom-watch-interval=500ms
+  resources:
+    requests:
+      cpu: 100m
+    limits:
+      memory: 2Gi
+
+imageAutomationController:
+  create: false
+
+imageReflectionController:
+  create: false
+
+kustomizeController:
+  container:
+    additionalArgs:
+      # Increase the number of workers and limits
+      # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits
+      - --concurrent=10
+      - --requeue-dependency=5s
+  resources:
+    requests:
+      cpu: 100m
+    limits:
+      memory: 2Gi
+
+notificationController:
+  resources:
+    requests:
+      cpu: 100m
+    limits:
+      memory: 2Gi
+
+sourceController:
+  container:
+    additionalArgs:
+      # Enable Helm repositories caching
+      # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-helm-repositories-caching
+      - --helm-cache-max-size=10
+      - --helm-cache-ttl=60m
+      - --helm-cache-purge-interval=5m
+      # Increase the number of workers and limits
+      # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits
+      - --concurrent=10
+      - --requeue-dependency=5s
+  resources:
+    requests:
+      cpu: 100m
+    limits:
+      memory: 2Gi
+
+policies:
+  create: false
+
+prometheus:
+  podMonitor:
+    create: true

kubernetes/main/apps/flux-system/flux/app/helmrelease.yaml

@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: flux
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: flux2
+      version: 2.14.0
+      sourceRef:
+        kind: HelmRepository
+        name: fluxcd-community
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  valuesFrom:
+    - kind: ConfigMap
+      name: flux-helm-values

kubernetes/main/apps/flux-system/flux/app/kustomization.yaml

@@ -0,0 +1,12 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml
+configMapGenerator:
+  - name: flux-helm-values
+    files:
+      - values.yaml=./helm-values.yaml
+configurations:
+  - kustomizeconfig.yaml

kubernetes/main/apps/flux-system/flux/app/kustomizeconfig.yaml

@@ -0,0 +1,7 @@
+---
+nameReference:
+  - kind: ConfigMap
+    version: v1
+    fieldSpecs:
+      - path: spec/valuesFrom/name
+        kind: HelmRelease

kubernetes/main/apps/flux-system/addons/app/kustomization.yaml → kubernetes/main/apps/flux-system/flux/github/kustomization.yaml

@@ -3,6 +3,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./monitoring
   - ./notifications
   - ./webhooks

kubernetes/main/apps/flux-system/flux/ks.yaml

@@ -0,0 +1,42 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app flux
+  namespace: flux-system
+spec:
+  targetNamespace: flux-system
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/main/apps/flux-system/flux/app
+  prune: false # never should be deleted
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: false
+  interval: 30m
+  timeout: 5m
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app flux-github
+  namespace: flux-system
+spec:
+  targetNamespace: flux-system
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: external-secrets-stores
+  path: ./kubernetes/main/apps/flux-system/flux/github
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: false
+  interval: 30m
+  timeout: 5m

kubernetes/main/apps/flux-system/kustomization.yaml

@@ -6,4 +6,4 @@ resources:
   # Pre Flux-Kustomizations
   - ./namespace.yaml
   # Flux-Kustomizations
-  - ./addons/ks.yaml
+  - ./flux/ks.yaml

kubernetes/main/bootstrap/apps/helmfile.yaml

@@ -33,7 +33,8 @@ releases:
       - commonLabels:
           helm.toolkit.fluxcd.io/name: cilium
           helm.toolkit.fluxcd.io/namespace: kube-system
-    needs: ["observability/kube-prometheus-stack-crds"]
+    needs:
+      - observability/kube-prometheus-stack-crds
 
   - name: coredns
     namespace: kube-system
@@ -44,7 +45,8 @@ releases:
       - customLabels:
           helm.toolkit.fluxcd.io/name: coredns
           helm.toolkit.fluxcd.io/namespace: kube-system
-    needs: ["kube-system/cilium"]
+    needs:
+      - kube-system/cilium
 
   - name: spegel
     namespace: kube-system
@@ -56,4 +58,31 @@ releases:
       # - commonLabels:
       #     helm.toolkit.fluxcd.io/name: spegel
       #     helm.toolkit.fluxcd.io/namespace: kube-system
-    needs: ["kube-system/coredns"]
+    needs:
+      - kube-system/cilium
+
+  - name: flux
+    namespace: flux-system
+    chart: oci://ghcr.io/fluxcd-community/charts/flux2
+    version: 2.14.0
+    values:
+      - ../../apps/flux-system/flux/app/helm-values.yaml
+      - helmController:
+          labels:
+            helm.toolkit.fluxcd.io/name: flux
+            helm.toolkit.fluxcd.io/namespace: flux-system
+      - kustomizeController:
+          labels:
+            helm.toolkit.fluxcd.io/name: flux
+            helm.toolkit.fluxcd.io/namespace: flux-system
+      - notificationController:
+          labels:
+            helm.toolkit.fluxcd.io/name: flux
+            helm.toolkit.fluxcd.io/namespace: flux-system
+      - sourceController:
+          labels:
+            helm.toolkit.fluxcd.io/name: flux
+            helm.toolkit.fluxcd.io/namespace: flux-system
+    needs:
+      - kube-system/coredns
+      - kube-system/spegel