From 52b7db182993d0c31542c478fa06fa60cc7750ab Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Tue, 7 Jan 2025 09:44:25 -0500 Subject: [PATCH 1/2] feat!: deploy flux with helm Signed-off-by: Devin Buhl --- .taskfiles/bootstrap/Taskfile.yaml | 1 - .../addons/app/monitoring/kustomization.yaml | 8 - .../addons/app/monitoring/podmonitor.yaml | 32 ---- .../app/notifications/kustomization.yaml | 6 - .../addons/app/webhooks/github/ingress.yaml | 18 --- .../addons/app/webhooks/kustomization.yaml | 6 - .../main/apps/flux-system/addons/ks.yaml | 22 --- .../flux-system/flux/app/helm-values.yaml | 81 ++++++++++ .../flux-system/flux/app/helmrelease.yaml | 27 ++++ .../flux-system/flux/app/kustomization.yaml | 12 ++ .../flux-system/flux/app/kustomizeconfig.yaml | 7 + .../app}/prometheusrule.yaml | 0 .../app => flux/github}/kustomization.yaml | 1 - .../github/notifications}/externalsecret.yaml | 0 .../github/notifications}/kustomization.yaml | 0 .../github/notifications}/notification.yaml | 0 .../github/webhooks}/externalsecret.yaml | 0 .../github/webhooks}/kustomization.yaml | 1 - .../github/webhooks}/receiver.yaml | 0 kubernetes/main/apps/flux-system/flux/ks.yaml | 42 +++++ .../main/apps/flux-system/kustomization.yaml | 2 +- kubernetes/main/bootstrap/apps/helmfile.yaml | 35 ++++- .../main/bootstrap/apps/kustomization.yaml | 145 ------------------ kubernetes/main/flux/config/flux.yaml | 121 --------------- .../main/flux/config/kustomization.yaml | 1 - .../shared/repos/helm/fluxcd-community.yaml | 11 ++ .../shared/repos/helm/kustomization.yaml | 1 + 27 files changed, 214 insertions(+), 366 deletions(-) delete mode 100644 kubernetes/main/apps/flux-system/addons/app/monitoring/kustomization.yaml delete mode 100644 kubernetes/main/apps/flux-system/addons/app/monitoring/podmonitor.yaml delete mode 100644 kubernetes/main/apps/flux-system/addons/app/notifications/kustomization.yaml delete mode 100644 kubernetes/main/apps/flux-system/addons/app/webhooks/github/ingress.yaml delete mode 100644 kubernetes/main/apps/flux-system/addons/app/webhooks/kustomization.yaml delete mode 100644 kubernetes/main/apps/flux-system/addons/ks.yaml create mode 100644 kubernetes/main/apps/flux-system/flux/app/helm-values.yaml create mode 100644 kubernetes/main/apps/flux-system/flux/app/helmrelease.yaml create mode 100644 kubernetes/main/apps/flux-system/flux/app/kustomization.yaml create mode 100644 kubernetes/main/apps/flux-system/flux/app/kustomizeconfig.yaml rename kubernetes/main/apps/flux-system/{addons/app/monitoring => flux/app}/prometheusrule.yaml (100%) rename kubernetes/main/apps/flux-system/{addons/app => flux/github}/kustomization.yaml (91%) rename kubernetes/main/apps/flux-system/{addons/app/notifications/github => flux/github/notifications}/externalsecret.yaml (100%) rename kubernetes/main/apps/flux-system/{addons/app/notifications/github => flux/github/notifications}/kustomization.yaml (100%) rename kubernetes/main/apps/flux-system/{addons/app/notifications/github => flux/github/notifications}/notification.yaml (100%) rename kubernetes/main/apps/flux-system/{addons/app/webhooks/github => flux/github/webhooks}/externalsecret.yaml (100%) rename kubernetes/main/apps/flux-system/{addons/app/webhooks/github => flux/github/webhooks}/kustomization.yaml (91%) rename kubernetes/main/apps/flux-system/{addons/app/webhooks/github => flux/github/webhooks}/receiver.yaml (100%) create mode 100644 kubernetes/main/apps/flux-system/flux/ks.yaml delete mode 100644 kubernetes/main/bootstrap/apps/kustomization.yaml delete mode 100644 kubernetes/main/flux/config/flux.yaml create mode 100644 kubernetes/shared/repos/helm/fluxcd-community.yaml diff --git a/.taskfiles/bootstrap/Taskfile.yaml b/.taskfiles/bootstrap/Taskfile.yaml index 289af44524050..85319481be654 100644 --- a/.taskfiles/bootstrap/Taskfile.yaml +++ b/.taskfiles/bootstrap/Taskfile.yaml @@ -65,7 +65,6 @@ tasks: flux: desc: Bootstrap Flux [CLUSTER=main] cmds: - - kubectl apply --server-side --kustomize {{.CLUSTER_DIR}}/bootstrap/apps - for: { var: TEMPLATES } cmd: op run --env-file {{.CLUSTER_DIR}}/bootstrap/bootstrap.env --no-masking -- minijinja-cli {{.ITEM}} | kubectl apply --server-side --filename - - kubectl apply --server-side --kustomize {{.CLUSTER_DIR}}/flux/config diff --git a/kubernetes/main/apps/flux-system/addons/app/monitoring/kustomization.yaml b/kubernetes/main/apps/flux-system/addons/app/monitoring/kustomization.yaml deleted file mode 100644 index 247c037449f3a..0000000000000 --- a/kubernetes/main/apps/flux-system/addons/app/monitoring/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: flux-system -resources: - - ./podmonitor.yaml - - ./prometheusrule.yaml diff --git a/kubernetes/main/apps/flux-system/addons/app/monitoring/podmonitor.yaml b/kubernetes/main/apps/flux-system/addons/app/monitoring/podmonitor.yaml deleted file mode 100644 index 8d09c127e49dd..0000000000000 --- a/kubernetes/main/apps/flux-system/addons/app/monitoring/podmonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/podmonitor_v1.json -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: flux-system - namespace: flux-system - labels: - app.kubernetes.io/part-of: flux - app.kubernetes.io/component: monitoring -spec: - namespaceSelector: - matchNames: - - flux-system - selector: - matchExpressions: - - key: app - operator: In - values: - - helm-controller - - source-controller - - kustomize-controller - - notification-controller - - image-automation-controller - - image-reflector-controller - podMetricsEndpoints: - - port: http-prom - relabelings: - # Ref: https://github.com/prometheus-operator/prometheus-operator/issues/4816 - - sourceLabels: [__meta_kubernetes_pod_phase] - action: keep - regex: Running diff --git a/kubernetes/main/apps/flux-system/addons/app/notifications/kustomization.yaml b/kubernetes/main/apps/flux-system/addons/app/notifications/kustomization.yaml deleted file mode 100644 index 08c1780f06076..0000000000000 --- a/kubernetes/main/apps/flux-system/addons/app/notifications/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./github diff --git a/kubernetes/main/apps/flux-system/addons/app/webhooks/github/ingress.yaml b/kubernetes/main/apps/flux-system/addons/app/webhooks/github/ingress.yaml deleted file mode 100644 index 19d4cb385f213..0000000000000 --- a/kubernetes/main/apps/flux-system/addons/app/webhooks/github/ingress.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: webhook-receiver -spec: - ingressClassName: external - rules: - - host: flux-webhook.devbu.io - http: - paths: - - path: /hook/ - pathType: Prefix - backend: - service: - name: webhook-receiver - port: - number: 80 diff --git a/kubernetes/main/apps/flux-system/addons/app/webhooks/kustomization.yaml b/kubernetes/main/apps/flux-system/addons/app/webhooks/kustomization.yaml deleted file mode 100644 index 08c1780f06076..0000000000000 --- a/kubernetes/main/apps/flux-system/addons/app/webhooks/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./github diff --git a/kubernetes/main/apps/flux-system/addons/ks.yaml b/kubernetes/main/apps/flux-system/addons/ks.yaml deleted file mode 100644 index 8a27804838c04..0000000000000 --- a/kubernetes/main/apps/flux-system/addons/ks.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app flux-addons - namespace: flux-system -spec: - targetNamespace: flux-system - commonMetadata: - labels: - app.kubernetes.io/name: *app - dependsOn: - - name: external-secrets-stores - path: ./kubernetes/main/apps/flux-system/addons/app - prune: true - sourceRef: - kind: GitRepository - name: home-kubernetes - wait: false - interval: 30m - timeout: 5m diff --git a/kubernetes/main/apps/flux-system/flux/app/helm-values.yaml b/kubernetes/main/apps/flux-system/flux/app/helm-values.yaml new file mode 100644 index 0000000000000..9307123727cd6 --- /dev/null +++ b/kubernetes/main/apps/flux-system/flux/app/helm-values.yaml @@ -0,0 +1,81 @@ +helmController: + container: + additionalArgs: + # Increase the number of workers and limits + # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits + - --concurrent=10 + - --requeue-dependency=5s + # Flux near OOM detection for Helm + # Ref: https://fluxcd.io/flux/installation/configuration/helm-oom-detection/ + - --feature-gates=OOMWatch=true + - --oom-watch-memory-threshold=95 + - --oom-watch-interval=500ms + resources: + requests: + cpu: 100m + limits: + memory: 2Gi + +imageAutomationController: + create: false + +imageReflectionController: + create: false + +kustomizeController: + container: + additionalArgs: + # Increase the number of workers and limits + # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits + - --concurrent=10 + - --requeue-dependency=5s + resources: + requests: + cpu: 100m + limits: + memory: 2Gi + +notificationController: + webhookReceiver: + ingress: + ingressClassName: external + hosts: + - host: flux-webhook.devbu.io + paths: + - path: /hook/ + pathType: Prefix + backend: + service: + name: webhook-receiver + port: + number: 80 + resources: + requests: + cpu: 100m + limits: + memory: 2Gi + +sourceController: + container: + additionalArgs: + # Enable Helm repositories caching + # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-helm-repositories-caching + - --helm-cache-max-size=10 + - --helm-cache-ttl=60m + - --helm-cache-purge-interval=5m + # Increase the number of workers and limits + # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits + - --concurrent=10 + - --requeue-dependency=5s + resources: + requests: + cpu: 100m + limits: + memory: 2Gi + +policies: + create: false + +prometheus: + podMonitor: + create: true diff --git a/kubernetes/main/apps/flux-system/flux/app/helmrelease.yaml b/kubernetes/main/apps/flux-system/flux/app/helmrelease.yaml new file mode 100644 index 0000000000000..a384b9c4f52e5 --- /dev/null +++ b/kubernetes/main/apps/flux-system/flux/app/helmrelease.yaml @@ -0,0 +1,27 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: flux +spec: + interval: 30m + chart: + spec: + chart: flux2 + version: 2.14.0 + sourceRef: + kind: HelmRepository + name: fluxcd-community + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + valuesFrom: + - kind: ConfigMap + name: flux-helm-values diff --git a/kubernetes/main/apps/flux-system/flux/app/kustomization.yaml b/kubernetes/main/apps/flux-system/flux/app/kustomization.yaml new file mode 100644 index 0000000000000..93b4c137f5a07 --- /dev/null +++ b/kubernetes/main/apps/flux-system/flux/app/kustomization.yaml @@ -0,0 +1,12 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml +configMapGenerator: + - name: flux-helm-values + files: + - values.yaml=./helm-values.yaml +configurations: + - kustomizeconfig.yaml diff --git a/kubernetes/main/apps/flux-system/flux/app/kustomizeconfig.yaml b/kubernetes/main/apps/flux-system/flux/app/kustomizeconfig.yaml new file mode 100644 index 0000000000000..58f92ba1530f1 --- /dev/null +++ b/kubernetes/main/apps/flux-system/flux/app/kustomizeconfig.yaml @@ -0,0 +1,7 @@ +--- +nameReference: + - kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease diff --git a/kubernetes/main/apps/flux-system/addons/app/monitoring/prometheusrule.yaml b/kubernetes/main/apps/flux-system/flux/app/prometheusrule.yaml similarity index 100% rename from kubernetes/main/apps/flux-system/addons/app/monitoring/prometheusrule.yaml rename to kubernetes/main/apps/flux-system/flux/app/prometheusrule.yaml diff --git a/kubernetes/main/apps/flux-system/addons/app/kustomization.yaml b/kubernetes/main/apps/flux-system/flux/github/kustomization.yaml similarity index 91% rename from kubernetes/main/apps/flux-system/addons/app/kustomization.yaml rename to kubernetes/main/apps/flux-system/flux/github/kustomization.yaml index feb053584c4dc..9358324e24d5b 100644 --- a/kubernetes/main/apps/flux-system/addons/app/kustomization.yaml +++ b/kubernetes/main/apps/flux-system/flux/github/kustomization.yaml @@ -3,6 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./monitoring - ./notifications - ./webhooks diff --git a/kubernetes/main/apps/flux-system/addons/app/notifications/github/externalsecret.yaml b/kubernetes/main/apps/flux-system/flux/github/notifications/externalsecret.yaml similarity index 100% rename from kubernetes/main/apps/flux-system/addons/app/notifications/github/externalsecret.yaml rename to kubernetes/main/apps/flux-system/flux/github/notifications/externalsecret.yaml diff --git a/kubernetes/main/apps/flux-system/addons/app/notifications/github/kustomization.yaml b/kubernetes/main/apps/flux-system/flux/github/notifications/kustomization.yaml similarity index 100% rename from kubernetes/main/apps/flux-system/addons/app/notifications/github/kustomization.yaml rename to kubernetes/main/apps/flux-system/flux/github/notifications/kustomization.yaml diff --git a/kubernetes/main/apps/flux-system/addons/app/notifications/github/notification.yaml b/kubernetes/main/apps/flux-system/flux/github/notifications/notification.yaml similarity index 100% rename from kubernetes/main/apps/flux-system/addons/app/notifications/github/notification.yaml rename to kubernetes/main/apps/flux-system/flux/github/notifications/notification.yaml diff --git a/kubernetes/main/apps/flux-system/addons/app/webhooks/github/externalsecret.yaml b/kubernetes/main/apps/flux-system/flux/github/webhooks/externalsecret.yaml similarity index 100% rename from kubernetes/main/apps/flux-system/addons/app/webhooks/github/externalsecret.yaml rename to kubernetes/main/apps/flux-system/flux/github/webhooks/externalsecret.yaml diff --git a/kubernetes/main/apps/flux-system/addons/app/webhooks/github/kustomization.yaml b/kubernetes/main/apps/flux-system/flux/github/webhooks/kustomization.yaml similarity index 91% rename from kubernetes/main/apps/flux-system/addons/app/webhooks/github/kustomization.yaml rename to kubernetes/main/apps/flux-system/flux/github/webhooks/kustomization.yaml index 58532a27c3a5b..55f4a93fe0842 100644 --- a/kubernetes/main/apps/flux-system/addons/app/webhooks/github/kustomization.yaml +++ b/kubernetes/main/apps/flux-system/flux/github/webhooks/kustomization.yaml @@ -4,5 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./externalsecret.yaml - - ./ingress.yaml - ./receiver.yaml diff --git a/kubernetes/main/apps/flux-system/addons/app/webhooks/github/receiver.yaml b/kubernetes/main/apps/flux-system/flux/github/webhooks/receiver.yaml similarity index 100% rename from kubernetes/main/apps/flux-system/addons/app/webhooks/github/receiver.yaml rename to kubernetes/main/apps/flux-system/flux/github/webhooks/receiver.yaml diff --git a/kubernetes/main/apps/flux-system/flux/ks.yaml b/kubernetes/main/apps/flux-system/flux/ks.yaml new file mode 100644 index 0000000000000..168b4e156df32 --- /dev/null +++ b/kubernetes/main/apps/flux-system/flux/ks.yaml @@ -0,0 +1,42 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app flux + namespace: flux-system +spec: + targetNamespace: flux-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/main/apps/flux-system/flux/app + prune: false # never should be deleted + sourceRef: + kind: GitRepository + name: home-kubernetes + wait: false + interval: 30m + timeout: 5m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app flux-github + namespace: flux-system +spec: + targetNamespace: flux-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: external-secrets-stores + path: ./kubernetes/main/apps/flux-system/flux/github + prune: true + sourceRef: + kind: GitRepository + name: home-kubernetes + wait: false + interval: 30m + timeout: 5m diff --git a/kubernetes/main/apps/flux-system/kustomization.yaml b/kubernetes/main/apps/flux-system/kustomization.yaml index 95df4db767282..d83f7e0c6c6f4 100644 --- a/kubernetes/main/apps/flux-system/kustomization.yaml +++ b/kubernetes/main/apps/flux-system/kustomization.yaml @@ -6,4 +6,4 @@ resources: # Pre Flux-Kustomizations - ./namespace.yaml # Flux-Kustomizations - - ./addons/ks.yaml + - ./flux/ks.yaml diff --git a/kubernetes/main/bootstrap/apps/helmfile.yaml b/kubernetes/main/bootstrap/apps/helmfile.yaml index be533f638c0b5..cb9539990a2c5 100644 --- a/kubernetes/main/bootstrap/apps/helmfile.yaml +++ b/kubernetes/main/bootstrap/apps/helmfile.yaml @@ -33,7 +33,8 @@ releases: - commonLabels: helm.toolkit.fluxcd.io/name: cilium helm.toolkit.fluxcd.io/namespace: kube-system - needs: ["observability/kube-prometheus-stack-crds"] + needs: + - observability/kube-prometheus-stack-crds - name: coredns namespace: kube-system @@ -44,7 +45,8 @@ releases: - customLabels: helm.toolkit.fluxcd.io/name: coredns helm.toolkit.fluxcd.io/namespace: kube-system - needs: ["kube-system/cilium"] + needs: + - kube-system/cilium - name: spegel namespace: kube-system @@ -56,4 +58,31 @@ releases: # - commonLabels: # helm.toolkit.fluxcd.io/name: spegel # helm.toolkit.fluxcd.io/namespace: kube-system - needs: ["kube-system/coredns"] + needs: + - kube-system/cilium + + - name: flux + namespace: flux-system + chart: oci://ghcr.io/fluxcd-community/charts/flux2 + version: 2.14.0 + values: + - ../../apps/flux-system/flux/app/helm-values.yaml + - helmController: + labels: + helm.toolkit.fluxcd.io/name: flux + helm.toolkit.fluxcd.io/namespace: flux-system + - kustomizeController: + labels: + helm.toolkit.fluxcd.io/name: flux + helm.toolkit.fluxcd.io/namespace: flux-system + - notificationController: + labels: + helm.toolkit.fluxcd.io/name: flux + helm.toolkit.fluxcd.io/namespace: flux-system + - sourceController: + labels: + helm.toolkit.fluxcd.io/name: flux + helm.toolkit.fluxcd.io/namespace: flux-system + needs: + - kube-system/coredns + - kube-system/spegel diff --git a/kubernetes/main/bootstrap/apps/kustomization.yaml b/kubernetes/main/bootstrap/apps/kustomization.yaml deleted file mode 100644 index 494241416c663..0000000000000 --- a/kubernetes/main/bootstrap/apps/kustomization.yaml +++ /dev/null @@ -1,145 +0,0 @@ -# IMPORTANT: This file is not tracked by flux and should never be. Its -# purpose is to only install the Flux components & CRDs into your cluster. ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - github.com/fluxcd/flux2/manifests/install?ref=v2.4.0 -patches: - # Remove image automation and image reflector controllers - - patch: | - $patch: delete - apiVersion: apps/v1 - kind: Deployment - metadata: - name: all - target: - kind: Deployment - name: (image-automation-controller|image-reflector-controller) - # Remove the built-in network policies - - patch: | - $patch: delete - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: all - target: - group: networking.k8s.io - kind: NetworkPolicy - # Increase the number of workers and limits - # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits - - patch: | - - op: add - path: /spec/template/spec/containers/0/args/- - value: --concurrent=10 - - op: add - path: /spec/template/spec/containers/0/args/- - value: --requeue-dependency=5s - target: - kind: Deployment - name: (kustomize-controller|helm-controller|source-controller) - - patch: | - apiVersion: apps/v1 - kind: Deployment - metadata: - name: all - spec: - template: - spec: - containers: - - name: manager - resources: - limits: - memory: 2Gi - target: - kind: Deployment - name: (kustomize-controller|helm-controller|source-controller) - # Enable in-memory kustomize builds - # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-in-memory-kustomize-builds - - patch: | - - op: add - path: /spec/template/spec/containers/0/args/- - value: --concurrent=20 - - op: replace - path: /spec/template/spec/volumes/0 - value: - name: temp - emptyDir: - medium: Memory - target: - kind: Deployment - name: kustomize-controller - # Enable Helm repositories caching - # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-helm-repositories-caching - - patch: | - - op: add - path: /spec/template/spec/containers/0/args/- - value: --helm-cache-max-size=10 - - op: add - path: /spec/template/spec/containers/0/args/- - value: --helm-cache-ttl=60m - - op: add - path: /spec/template/spec/containers/0/args/- - value: --helm-cache-purge-interval=5m - target: - kind: Deployment - name: source-controller - # Flux near OOM detection for Helm - # Ref: https://fluxcd.io/flux/installation/configuration/helm-oom-detection/ - - patch: | - - op: add - path: /spec/template/spec/containers/0/args/- - value: --feature-gates=OOMWatch=true - - op: add - path: /spec/template/spec/containers/0/args/- - value: --oom-watch-memory-threshold=95 - - op: add - path: /spec/template/spec/containers/0/args/- - value: --oom-watch-interval=500ms - target: - kind: Deployment - name: helm-controller - # Resources renamed to match those installed by oci://ghcr.io/fluxcd/flux-manifests - - target: - kind: ResourceQuota - name: critical-pods - patch: | - - op: replace - path: /metadata/name - value: critical-pods-flux-system - - target: - kind: ClusterRoleBinding - name: cluster-reconciler - patch: | - - op: replace - path: /metadata/name - value: cluster-reconciler-flux-system - - target: - kind: ClusterRoleBinding - name: crd-controller - patch: | - - op: replace - path: /metadata/name - value: crd-controller-flux-system - - target: - kind: ClusterRole - name: crd-controller - patch: | - - op: replace - path: /metadata/name - value: crd-controller-flux-system - - target: - kind: ClusterRole - name: flux-edit - patch: | - - op: replace - path: /metadata/name - value: flux-edit-flux-system - - target: - kind: ClusterRole - name: flux-view - patch: | - - op: replace - path: /metadata/name - value: flux-view-flux-system diff --git a/kubernetes/main/flux/config/flux.yaml b/kubernetes/main/flux/config/flux.yaml deleted file mode 100644 index 417ef59764397..0000000000000 --- a/kubernetes/main/flux/config/flux.yaml +++ /dev/null @@ -1,121 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1beta2.json -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: OCIRepository -metadata: - name: flux-manifests - namespace: flux-system -spec: - interval: 10m - url: oci://ghcr.io/fluxcd/flux-manifests - ref: - tag: v2.4.0 ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: flux - namespace: flux-system -spec: - interval: 10m - path: ./ - prune: true - wait: true - sourceRef: - kind: OCIRepository - name: flux-manifests - patches: - # Remove image automation and image reflector controllers - - patch: | - $patch: delete - apiVersion: apps/v1 - kind: Deployment - metadata: - name: all - target: - kind: Deployment - name: (image-automation-controller|image-reflector-controller) - # Remove the built-in network policies - - patch: | - $patch: delete - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: all - target: - group: networking.k8s.io - kind: NetworkPolicy - # Increase the number of workers and limits - # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits - - patch: | - - op: add - path: /spec/template/spec/containers/0/args/- - value: --concurrent=10 - - op: add - path: /spec/template/spec/containers/0/args/- - value: --requeue-dependency=5s - target: - kind: Deployment - name: (kustomize-controller|helm-controller|source-controller) - - patch: | - apiVersion: apps/v1 - kind: Deployment - metadata: - name: all - spec: - template: - spec: - containers: - - name: manager - resources: - limits: - memory: 2Gi - target: - kind: Deployment - name: (kustomize-controller|helm-controller|source-controller) - # Enable in-memory kustomize builds - # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-in-memory-kustomize-builds - - patch: | - - op: add - path: /spec/template/spec/containers/0/args/- - value: --concurrent=20 - - op: replace - path: /spec/template/spec/volumes/0 - value: - name: temp - emptyDir: - medium: Memory - target: - kind: Deployment - name: kustomize-controller - # Enable Helm repositories caching - # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-helm-repositories-caching - - patch: | - - op: add - path: /spec/template/spec/containers/0/args/- - value: --helm-cache-max-size=10 - - op: add - path: /spec/template/spec/containers/0/args/- - value: --helm-cache-ttl=60m - - op: add - path: /spec/template/spec/containers/0/args/- - value: --helm-cache-purge-interval=5m - target: - kind: Deployment - name: source-controller - # Flux near OOM detection for Helm - # Ref: https://fluxcd.io/flux/installation/configuration/helm-oom-detection/ - - patch: | - - op: add - path: /spec/template/spec/containers/0/args/- - value: --feature-gates=OOMWatch=true - - op: add - path: /spec/template/spec/containers/0/args/- - value: --oom-watch-memory-threshold=95 - - op: add - path: /spec/template/spec/containers/0/args/- - value: --oom-watch-interval=500ms - target: - kind: Deployment - name: helm-controller diff --git a/kubernetes/main/flux/config/kustomization.yaml b/kubernetes/main/flux/config/kustomization.yaml index 27dcadbf49eee..7461365079281 100644 --- a/kubernetes/main/flux/config/kustomization.yaml +++ b/kubernetes/main/flux/config/kustomization.yaml @@ -5,4 +5,3 @@ kind: Kustomization namespace: flux-system resources: - ./cluster.yaml - - ./flux.yaml diff --git a/kubernetes/shared/repos/helm/fluxcd-community.yaml b/kubernetes/shared/repos/helm/fluxcd-community.yaml new file mode 100644 index 0000000000000..dcea00831e353 --- /dev/null +++ b/kubernetes/shared/repos/helm/fluxcd-community.yaml @@ -0,0 +1,11 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: fluxcd-community + namespace: flux-system +spec: + type: oci + interval: 5m + url: oci://ghcr.io/fluxcd-community/charts diff --git a/kubernetes/shared/repos/helm/kustomization.yaml b/kubernetes/shared/repos/helm/kustomization.yaml index 5676ad5c85dd1..246096b97c08b 100644 --- a/kubernetes/shared/repos/helm/kustomization.yaml +++ b/kubernetes/shared/repos/helm/kustomization.yaml @@ -18,6 +18,7 @@ resources: - ./emqx.yaml - ./external-dns.yaml - ./external-secrets.yaml + - ./fluxcd-community.yaml - ./grafana.yaml - ./ingress-nginx.yaml - ./intel.yaml From 3577fd04099c8f3c909d3eca8ccbb3ed17b83a00 Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Tue, 7 Jan 2025 09:48:48 -0500 Subject: [PATCH 2/2] feat!: deploy flux with helm Signed-off-by: Devin Buhl --- .../apps/flux-system/flux/app/helm-values.yaml | 14 +------------- .../flux/github/webhooks/ingress.yaml | 18 ++++++++++++++++++ .../flux/github/webhooks/kustomization.yaml | 1 + 3 files changed, 20 insertions(+), 13 deletions(-) create mode 100644 kubernetes/main/apps/flux-system/flux/github/webhooks/ingress.yaml diff --git a/kubernetes/main/apps/flux-system/flux/app/helm-values.yaml b/kubernetes/main/apps/flux-system/flux/app/helm-values.yaml index 9307123727cd6..d5478087bc71d 100644 --- a/kubernetes/main/apps/flux-system/flux/app/helm-values.yaml +++ b/kubernetes/main/apps/flux-system/flux/app/helm-values.yaml @@ -1,3 +1,4 @@ +--- helmController: container: additionalArgs: @@ -36,19 +37,6 @@ kustomizeController: memory: 2Gi notificationController: - webhookReceiver: - ingress: - ingressClassName: external - hosts: - - host: flux-webhook.devbu.io - paths: - - path: /hook/ - pathType: Prefix - backend: - service: - name: webhook-receiver - port: - number: 80 resources: requests: cpu: 100m diff --git a/kubernetes/main/apps/flux-system/flux/github/webhooks/ingress.yaml b/kubernetes/main/apps/flux-system/flux/github/webhooks/ingress.yaml new file mode 100644 index 0000000000000..19d4cb385f213 --- /dev/null +++ b/kubernetes/main/apps/flux-system/flux/github/webhooks/ingress.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: webhook-receiver +spec: + ingressClassName: external + rules: + - host: flux-webhook.devbu.io + http: + paths: + - path: /hook/ + pathType: Prefix + backend: + service: + name: webhook-receiver + port: + number: 80 diff --git a/kubernetes/main/apps/flux-system/flux/github/webhooks/kustomization.yaml b/kubernetes/main/apps/flux-system/flux/github/webhooks/kustomization.yaml index 55f4a93fe0842..58532a27c3a5b 100644 --- a/kubernetes/main/apps/flux-system/flux/github/webhooks/kustomization.yaml +++ b/kubernetes/main/apps/flux-system/flux/github/webhooks/kustomization.yaml @@ -4,4 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./externalsecret.yaml + - ./ingress.yaml - ./receiver.yaml