feat!: migrate back to mono repo single cluster (#8632)

.github/labeler.yaml

@@ -16,7 +16,3 @@ area/taskfile:
       - any-glob-to-any-file:
           - ".taskfiles/**/*"
           - "Taskfile.yaml"
-# Clusters
-cluster/main:
-  - changed-files:
-      - any-glob-to-any-file: "kubernetes/main/**/*"

.github/labels.yaml

@@ -8,9 +8,6 @@
   color: "0e8a16"
 - name: area/taskfile
   color: "0e8a16"
-# Clusters
-- name: cluster/main
-  color: "ffc300"
 # Renovate Types
 - name: renovate/container
   color: "027fa0"

.github/renovate.json5

@@ -11,7 +11,6 @@
     ":skipStatusChecks",
     ":timezone(America/New_York)",
     "github>onedr0p/home-ops//.github/renovate/autoMerge.json5",
-    "github>onedr0p/home-ops//.github/renovate/clusters.json5",
     "github>onedr0p/home-ops//.github/renovate/customManagers.json5",
     "github>onedr0p/home-ops//.github/renovate/grafanaDashboards.json5",
     "github>onedr0p/home-ops//.github/renovate/groups.json5",

.github/workflows/flux-diff.yaml

@@ -6,9 +6,7 @@ on:
   pull_request:
     branches: ["main"]
     paths:
-      - kubernetes/main/apps/**
-      - kubernetes/main/flux/**
-      - kubernetes/shared/**
+      - kubernetes/**
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
@@ -52,8 +50,8 @@ jobs:
           args: >-
             diff ${{ matrix.resources }}
             --unified 6
-            --path /github/workspace/pull/kubernetes/main/flux/config
-            --path-orig /github/workspace/default/kubernetes/main/flux/config
+            --path /github/workspace/pull/kubernetes/flux/cluster
+            --path-orig /github/workspace/default/kubernetes/flux/cluster
             --strip-attrs "helm.sh/chart,checksum/config,app.kubernetes.io/version,chart"
             --limit-bytes 10000
             --all-namespaces
@@ -81,7 +79,7 @@ jobs:
         uses: mshick/add-pr-comment@v2
         with:
           repo-token: "${{ steps.app-token.outputs.token }}"
-          message-id: "${{ github.event.pull_request.number }}/kubernetes/main/${{ matrix.resources }}"
+          message-id: "${{ github.event.pull_request.number }}/kubernetes/${{ matrix.resources }}"
           message-failure: Diff was not successful
           message: |
             ```diff

.github/workflows/pre-pull-images.yaml

@@ -6,9 +6,7 @@ on:
   pull_request:
     branches: ["main"]
     paths:
-      - kubernetes/main/apps/**
-      - kubernetes/main/flux/**
-      - kubernetes/shared/**
+      - kubernetes/**
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
@@ -47,7 +45,7 @@ jobs:
         with:
           args: >-
             get cluster
-            --path /github/workspace/kubernetes/main/flux
+            --path /github/workspace/kubernetes/flux/cluster
             --enable-images
             --output yaml
             --output-file images.yaml

.mise.toml

@@ -1,7 +1,7 @@
 [env]
-KUBECONFIG = '{{config_root}}/kubernetes/main/kubeconfig'
+KUBECONFIG = '{{config_root}}/kubernetes/kubeconfig'
 MINIJINJA_CONFIG_FILE = '{{config_root}}/.minijinja.toml'
 SOPS_AGE_KEY_FILE = '{{config_root}}/age.key'
-TALOSCONFIG = '{{config_root}}/kubernetes/main/talosconfig'
+TALOSCONFIG = '{{config_root}}/kubernetes/talosconfig'
 TASK_X_ENV_PRECEDENCE = 1
 TASK_X_MAP_VARIABLES = 0

.taskfiles/bootstrap/Taskfile.yaml

@@ -5,49 +5,47 @@ version: '3'
 tasks:
 
   talos:
-    desc: Bootstrap Talos [CLUSTER=main]
-    dotenv: ['{{.CLUSTER_DIR}}/cluster.env']
+    desc: Bootstrap Talos
+    dotenv: ['{{.BOOTSTRAP_DIR}}/.cluster.env']
     cmds:
       - for: { var: TALOS_NODES }
         cmd: >
           sops exec-file --input-type yaml --output-type yaml {{.ITEM}} "minijinja-cli {}"
           | talosctl --nodes {{base .ITEM | replace ".sops.yaml.j2" ""}} apply-config --insecure --file /dev/stdin
       - until talosctl --nodes {{.TALOS_CONTROLLER}} bootstrap; do sleep 5; done
-      - talosctl kubeconfig --nodes {{.TALOS_CONTROLLER}} --force --force-context-name {{.CLUSTER}} {{.CLUSTER_DIR}}
+      - talosctl kubeconfig --nodes {{.TALOS_CONTROLLER}} --force --force-context-name main {{.CLUSTER_DIR}}
     vars:
       TALOS_CONTROLLER:
         sh: talosctl config info --output json | jq --raw-output '.endpoints[]' | shuf -n 1
       TALOS_NODES:
-        sh: ls {{.CLUSTER_DIR}}/talos/*.j2
-    requires:
-      vars: [CLUSTER]
+        sh: ls {{.BOOTSTRAP_DIR}}/talos/*.j2
     preconditions:
       - talosctl config info
       - test -f {{.CLUSTER_DIR}}/talosconfig
       - which jq minijinja-cli sops talosctl
 
   apps:
-    desc: Bootstrap Apps [CLUSTER=main] [MODEL=required]
+    desc: Bootstrap Apps [MODEL=required]
     prompt: Bootstrap apps into the Talos cluster?
     cmds:
       - until kubectl wait nodes --for=condition=Ready=False --all --timeout=10m; do sleep 5; done
-      - op run --env-file {{.CLUSTER_DIR}}/bootstrap/bootstrap.env --no-masking -- minijinja-cli {{.CLUSTER_DIR}}/bootstrap/templates/resources.yaml.j2 | kubectl apply --server-side --filename -
-      - helmfile --quiet --file {{.CLUSTER_DIR}}/bootstrap/helmfile.yaml apply --skip-diff-on-install --suppress-diff
-      - helmfile --quiet --file {{.CLUSTER_DIR}}/bootstrap/helmfile.yaml destroy --selector release=wipe-rook
+      - op run --env-file {{.BOOTSTRAP_DIR}}/.secrets.env --no-masking -- minijinja-cli {{.BOOTSTRAP_DIR}}/apps/templates/resources.yaml.j2 | kubectl apply --server-side --filename -
+      - helmfile --quiet --file {{.BOOTSTRAP_DIR}}/apps/helmfile.yaml apply --skip-diff-on-install --suppress-diff
+      - helmfile --quiet --file {{.BOOTSTRAP_DIR}}/apps/helmfile.yaml destroy --selector name=wipe-rook
     env:
       FLUX_GITHUB_PUBLIC_KEYS:
         sh: curl -fsSL https://api.github.com/meta | jq --raw-output '"github.com "+.ssh_keys[]'
       MODEL: '{{.MODEL}}'
       NODE_COUNT:
         sh: talosctl config info --output json | jq --raw-output '.nodes | length'
-      VAULT: '{{if eq .CLUSTER "main"}}kubernetes{{else}}{{.CLUSTER}}{{end}}' # ¯\_(ツ)_/¯
+      VAULT: kubernetes
     requires:
-      vars: [CLUSTER, MODEL]
+      vars: [MODEL]
     preconditions:
       - op user get --me
       - talosctl config info
       - test -f {{.CLUSTER_DIR}}/talosconfig
-      - test -f {{.CLUSTER_DIR}}/bootstrap/helmfile.yaml
-      - test -f {{.CLUSTER_DIR}}/bootstrap/templates/resources.yaml.j2
-      - test -f {{.CLUSTER_DIR}}/bootstrap/templates/wipe-rook.yaml.gotmpl
+      - test -f {{.BOOTSTRAP_DIR}}/apps/helmfile.yaml
+      - test -f {{.BOOTSTRAP_DIR}}/apps/templates/resources.yaml.j2
+      - test -f {{.BOOTSTRAP_DIR}}/apps/templates/wipe-rook.yaml.gotmpl
       - which curl jq helmfile kubectl op talosctl

.taskfiles/kubernetes/Taskfile.yaml

@@ -5,15 +5,15 @@ version: '3'
 tasks:
 
   ks-*:
-    desc: Apply a Flux KS for a cluster [CLUSTER=main] [PATH=required]
+    desc: Apply a Flux KS for a cluster [PATH=required]
     cmd: >
       flux build --namespace flux-system ks {{base .PATH}}
       --kustomization-file {{.CLUSTER_DIR}}/apps/{{.PATH}}/ks.yaml
       --path {{.CLUSTER_DIR}}/apps/{{.PATH}}{{if contains .KUSTOMIZATION "not found"}} --dry-run{{end}}
       | yq 'with(select(.apiVersion == "kustomize.toolkit.fluxcd.io/v1" and .kind == "Kustomization"); .metadata.namespace = "flux-system")' -
       | kubectl {{.OPERATION}} {{if eq .OPERATION "apply"}}--server-side  --field-manager=kustomize-controller{{end}} --filename -
     requires:
-      vars: [CLUSTER, PATH]
+      vars: [PATH]
     vars:
       OPERATION: '{{index .MATCH 0}}'
       KUSTOMIZATION:
@@ -23,53 +23,47 @@ tasks:
       - which flux kubectl yq
 
   browse-pvc:
-    desc: Mount a PVC to an temp container [CLUSTER=main] [NS=default] [CLAIM=required]
+    desc: Mount a PVC to an temp container [NS=default] [CLAIM=required]
     interactive: true
     cmd: kubectl browse-pvc --namespace {{.NS}} --image docker.io/library/alpine:latest {{.CLAIM}}
     vars:
       NS: '{{.NS | default "default"}}'
     requires:
-      vars: [CLUSTER, CLAIM]
+      vars: [CLAIM]
     preconditions:
       - kubectl --namespace {{.NS}} get persistentvolumeclaims {{.CLAIM}}
       - kubectl browse-pvc --version
       - which kubectl
 
   sync-secrets:
-    desc: Sync all ExternalSecrets [CLUSTER=main]
+    desc: Sync all ExternalSecrets
     cmds:
       - for: { var: SECRETS, split: "\n" }
         cmd: kubectl --namespace {{splitList "," .ITEM | first}} annotate externalsecret {{splitList "," .ITEM | last}} force-sync="{{now | unixEpoch}}" --overwrite
     vars:
       SECRETS:
         sh: kubectl get externalsecret --all-namespaces --no-headers --output=jsonpath='{range .items[*]}{.metadata.namespace},{.metadata.name}{"\n"}{end}'
-    requires:
-      vars: [CLUSTER]
     preconditions:
       - which kubectl
 
   cleanse-pods:
-    desc: Cleanse pods with a Failed/Pending/Succeeded phase [CLUSTER=main]
+    desc: Cleanse pods with a Failed/Pending/Succeeded phase
     cmds:
       - for:
           matrix:
             PHASE: [Failed, Pending, Succeeded]
         cmd: kubectl delete pods --all-namespaces --field-selector status.phase={{.ITEM.PHASE}} --ignore-not-found=true
-    requires:
-      vars: [CLUSTER]
     preconditions:
       - which kubectl
 
   # https://docs.github.com/en/enterprise-cloud@latest/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/deploying-runner-scale-sets-with-actions-runner-controller#upgrading-arc
   upgrade-arc:
-    desc: Upgrade the ARC [CLUSTER=main]
+    desc: Upgrade the ARC
     cmds:
       - helm -n actions-runner-system uninstall gha-runner-scale-set
       - helm -n actions-runner-system uninstall gha-runner-scale-set-controller
       - sleep 5
       - flux -n actions-runner-system reconcile hr gha-runner-scale-set-controller
       - flux -n actions-runner-system reconcile hr gha-runner-scale-set
-    requires:
-      vars: [CLUSTER]
     preconditions:
       - which flux helm