feat!: big time operator #8624
Merged
feat!: big time operator #8624
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Devin Buhl <[email protected]>
bot-ross
bot
added
area/github
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
--- HelmRelease: kube-system/coredns ConfigMap: kube-system/coredns
+++ HelmRelease: kube-system/coredns ConfigMap: kube-system/coredns
@@ -8,14 +8,12 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: coredns
k8s-app: kube-dns
kubernetes.io/cluster-service: 'true'
kubernetes.io/name: CoreDNS
app.kubernetes.io/name: coredns
- helm.toolkit.fluxcd.io/name: coredns
- helm.toolkit.fluxcd.io/namespace: kube-system
data:
Corefile: |-
dns://.:53 {
errors
health {
lameduck 5s
--- HelmRelease: kube-system/coredns Service: kube-system/kube-dns
+++ HelmRelease: kube-system/coredns Service: kube-system/kube-dns
@@ -8,14 +8,12 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: coredns
k8s-app: kube-dns
kubernetes.io/cluster-service: 'true'
kubernetes.io/name: CoreDNS
app.kubernetes.io/name: coredns
- helm.toolkit.fluxcd.io/name: coredns
- helm.toolkit.fluxcd.io/namespace: kube-system
spec:
selector:
app.kubernetes.io/instance: coredns
k8s-app: kube-dns
app.kubernetes.io/name: coredns
clusterIP: 10.43.0.10
--- HelmRelease: kube-system/coredns Deployment: kube-system/coredns
+++ HelmRelease: kube-system/coredns Deployment: kube-system/coredns
@@ -8,14 +8,12 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: coredns
k8s-app: kube-dns
kubernetes.io/cluster-service: 'true'
kubernetes.io/name: CoreDNS
app.kubernetes.io/name: coredns
- helm.toolkit.fluxcd.io/name: coredns
- helm.toolkit.fluxcd.io/namespace: kube-system
spec:
replicas: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
@@ -28,14 +26,12 @@
template:
metadata:
labels:
k8s-app: kube-dns
app.kubernetes.io/name: coredns
app.kubernetes.io/instance: coredns
- helm.toolkit.fluxcd.io/name: coredns
- helm.toolkit.fluxcd.io/namespace: kube-system
annotations:
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly",
"operator":"Exists"}]'
spec:
terminationGracePeriodSeconds: 30
serviceAccountName: coredns
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/helm-controller
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/helm-controller
@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/component: helm-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- name: helm-controller
-
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/kustomize-controller
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/kustomize-controller
@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/component: kustomize-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- name: kustomize-controller
-
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/notification-controller
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/notification-controller
@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/component: notification-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- name: notification-controller
-
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/source-controller
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/source-controller
@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/component: source-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- name: source-controller
-
--- HelmRelease: flux-system/flux ClusterRole: flux-system/flux-edit
+++ HelmRelease: flux-system/flux ClusterRole: flux-system/flux-edit
@@ -1,24 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: flux-edit
- labels:
- rbac.authorization.k8s.io/aggregate-to-edit: 'true'
- rbac.authorization.k8s.io/aggregate-to-admin: 'true'
-rules:
-- apiGroups:
- - notification.toolkit.fluxcd.io
- - source.toolkit.fluxcd.io
- - helm.toolkit.fluxcd.io
- - image.toolkit.fluxcd.io
- - kustomize.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - create
- - delete
- - deletecollection
- - patch
- - update
-
--- HelmRelease: flux-system/flux ClusterRole: flux-system/flux-view
+++ HelmRelease: flux-system/flux ClusterRole: flux-system/flux-view
@@ -1,23 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: flux-view
- labels:
- rbac.authorization.k8s.io/aggregate-to-admin: 'true'
- rbac.authorization.k8s.io/aggregate-to-edit: 'true'
- rbac.authorization.k8s.io/aggregate-to-view: 'true'
-rules:
-- apiGroups:
- - notification.toolkit.fluxcd.io
- - source.toolkit.fluxcd.io
- - helm.toolkit.fluxcd.io
- - image.toolkit.fluxcd.io
- - kustomize.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - get
- - list
- - watch
-
--- HelmRelease: flux-system/flux ClusterRole: flux-system/crd-controller
+++ HelmRelease: flux-system/flux ClusterRole: flux-system/crd-controller
@@ -1,91 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: crd-controller
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
-rules:
-- apiGroups:
- - source.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - kustomize.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - helm.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - notification.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - image.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - ''
- resources:
- - namespaces
- - secrets
- - configmaps
- - serviceaccounts
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ''
- resources:
- - events
- verbs:
- - create
- - patch
-- apiGroups:
- - ''
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - ''
- resources:
- - configmaps/status
- verbs:
- - get
- - update
- - patch
-- apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-
--- HelmRelease: flux-system/flux ClusterRoleBinding: flux-system/cluster-reconciler
+++ HelmRelease: flux-system/flux ClusterRoleBinding: flux-system/cluster-reconciler
@@ -1,21 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- name: cluster-reconciler
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
-- kind: ServiceAccount
- name: kustomize-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: helm-controller
- namespace: flux-system
-
--- HelmRelease: flux-system/flux ClusterRoleBinding: flux-system/crd-controller
+++ HelmRelease: flux-system/flux ClusterRoleBinding: flux-system/crd-controller
@@ -1,33 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: crd-controller
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: crd-controller
-subjects:
-- kind: ServiceAccount
- name: kustomize-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: helm-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: source-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: notification-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: image-reflector-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: image-automation-controller
- namespace: flux-system
-
--- HelmRelease: flux-system/flux Service: flux-system/notification-controller
+++ HelmRelease: flux-system/flux Service: flux-system/notification-controller
@@ -1,20 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- control-plane: controller
- name: notification-controller
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: notification-controller
- type: ClusterIP
-
--- HelmRelease: flux-system/flux Service: flux-system/webhook-receiver
+++ HelmRelease: flux-system/flux Service: flux-system/webhook-receiver
@@ -1,20 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- control-plane: controller
- name: webhook-receiver
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: 9292
- selector:
- app: notification-controller
- type: ClusterIP
-
--- HelmRelease: flux-system/flux Service: flux-system/source-controller
+++ HelmRelease: flux-system/flux Service: flux-system/source-controller
@@ -1,20 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- control-plane: controller
- name: source-controller
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: source-controller
- type: ClusterIP
-
--- HelmRelease: flux-system/flux Deployment: flux-system/helm-controller
+++ HelmRelease: flux-system/flux Deployment: flux-system/helm-controller
@@ -1,87 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/component: helm-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- control-plane: controller
- helm.toolkit.fluxcd.io/name: flux
- helm.toolkit.fluxcd.io/namespace: flux-system
- name: helm-controller
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: helm-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: '8080'
- prometheus.io/scrape: 'true'
- labels:
- app: helm-controller
- helm.toolkit.fluxcd.io/name: flux
- helm.toolkit.fluxcd.io/namespace: flux-system
- spec:
- automountServiceAccountToken: true
- containers:
- - args:
- - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- - --concurrent=10
- - --requeue-dependency=5s
- - --feature-gates=OOMWatch=true
- - --oom-watch-memory-threshold=95
- - --oom-watch-interval=500ms
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/helm-controller:v1.1.0
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- serviceAccountName: helm-controller
- terminationGracePeriodSeconds: 600
- volumes:
- - emptyDir: {}
- name: temp
-
--- HelmRelease: flux-system/flux Deployment: flux-system/kustomize-controller
+++ HelmRelease: flux-system/flux Deployment: flux-system/kustomize-controller
@@ -1,86 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/component: kustomize-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- control-plane: controller
- helm.toolkit.fluxcd.io/name: flux
- helm.toolkit.fluxcd.io/namespace: flux-system
- name: kustomize-controller
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: kustomize-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: '8080'
- prometheus.io/scrape: 'true'
- labels:
- app: kustomize-controller
- helm.toolkit.fluxcd.io/name: flux
- helm.toolkit.fluxcd.io/namespace: flux-system
- spec:
- automountServiceAccountToken: true
- containers:
- - args:
- - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- - --concurrent=10
- - --requeue-dependency=5s
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/kustomize-controller:v1.4.0
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- securityContext:
- fsGroup: 1337
- serviceAccountName: kustomize-controller
- terminationGracePeriodSeconds: 60
- volumes:
- - emptyDir: {}
- name: temp
-
--- HelmRelease: flux-system/flux Deployment: flux-system/notification-controller
+++ HelmRelease: flux-system/flux Deployment: flux-system/notification-controller
@@ -1,88 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/component: notification-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- control-plane: controller
- helm.toolkit.fluxcd.io/name: flux
- helm.toolkit.fluxcd.io/namespace: flux-system
- name: notification-controller
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: notification-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: '8080'
- prometheus.io/scrape: 'true'
- labels:
- app: notification-controller
- helm.toolkit.fluxcd.io/name: flux
- helm.toolkit.fluxcd.io/namespace: flux-system
- spec:
- automountServiceAccountToken: true
- containers:
- - args:
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/notification-controller:v1.4.0
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9090
- name: http
- protocol: TCP
- - containerPort: 9292
- name: http-webhook
- protocol: TCP
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- serviceAccountName: notification-controller
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: temp
-
--- HelmRelease: flux-system/flux Deployment: flux-system/source-controller
+++ HelmRelease: flux-system/flux Deployment: flux-system/source-controller
@@ -1,101 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/component: source-controller
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- control-plane: controller
- helm.toolkit.fluxcd.io/name: flux
- helm.toolkit.fluxcd.io/namespace: flux-system
- name: source-controller
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: source-controller
- strategy:
- type: Recreate
- template:
- metadata:
- annotations:
- prometheus.io/port: '8080'
- prometheus.io/scrape: 'true'
- labels:
- app: source-controller
- helm.toolkit.fluxcd.io/name: flux
- helm.toolkit.fluxcd.io/namespace: flux-system
- spec:
- automountServiceAccountToken: true
- containers:
- - args:
- - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- - --storage-path=/data
- - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
- - --helm-cache-max-size=10
- - --helm-cache-ttl=60m
- - --helm-cache-purge-interval=5m
- - --concurrent=10
- - --requeue-dependency=5s
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/source-controller:v1.4.1
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9090
- name: http
- protocol: TCP
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /
- port: http
- resources:
- limits:
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /data
- name: data
- - mountPath: /tmp
- name: tmp
- securityContext:
- fsGroup: 1337
- serviceAccountName: source-controller
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: data
- - emptyDir: {}
- name: tmp
-
--- HelmRelease: flux-system/flux PodMonitor: flux-system/flux
+++ HelmRelease: flux-system/flux PodMonitor: flux-system/flux
@@ -1,32 +0,0 @@
----
-apiVersion: monitoring.coreos.com/v1
-kind: PodMonitor
-metadata:
- name: flux
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
-spec:
- namespaceSelector:
- matchNames:
- - flux-system
- selector:
- matchExpressions:
- - key: app
- operator: In
- values:
- - helm-controller
- - source-controller
- - kustomize-controller
- - notification-controller
- - image-automation-controller
- - image-reflector-controller
- podMetricsEndpoints:
- - port: http-prom
- relabelings:
- - action: keep
- regex: Running
- sourceLabels:
- - __meta_kubernetes_pod_phase
-
--- HelmRelease: flux-system/flux ServiceAccount: flux-system/flux-flux-check
+++ HelmRelease: flux-system/flux ServiceAccount: flux-system/flux-flux-check
@@ -1,14 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- name: flux-flux-check
- annotations:
- helm.sh/hook: pre-install
- helm.sh/hook-weight: '-10'
- helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-
--- HelmRelease: flux-system/flux Job: flux-system/flux-flux-check
+++ HelmRelease: flux-system/flux Job: flux-system/flux-flux-check
@@ -1,45 +0,0 @@
----
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: flux-flux-check
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- annotations:
- helm.sh/hook: pre-install
- helm.sh/hook-weight: '-5'
- helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-spec:
- backoffLimit: 1
- template:
- metadata:
- name: flux
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: flux
- spec:
- restartPolicy: Never
- serviceAccountName: flux-flux-check
- automountServiceAccountToken: true
- containers:
- - name: flux-cli
- image: ghcr.io/fluxcd/flux-cli:v2.4.0
- command:
- - /usr/local/bin/flux
- - check
- - --pre
- - --namespace
- - flux-system
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
-
--- HelmRelease: flux-system/flux-operator ServiceAccount: flux-system/flux-operator
+++ HelmRelease: flux-system/flux-operator ServiceAccount: flux-system/flux-operator
@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: flux-operator
+ namespace: flux-system
+ labels:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+ app.kubernetes.io/managed-by: Helm
+automountServiceAccountToken: true
+
--- HelmRelease: flux-system/flux-operator ClusterRoleBinding: flux-system/flux-operator
+++ HelmRelease: flux-system/flux-operator ClusterRoleBinding: flux-system/flux-operator
@@ -0,0 +1,18 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: flux-operator
+ labels:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+ app.kubernetes.io/managed-by: Helm
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+- kind: ServiceAccount
+ name: flux-operator
+ namespace: flux-system
+
--- HelmRelease: flux-system/flux-operator Service: flux-system/flux-operator
+++ HelmRelease: flux-system/flux-operator Service: flux-system/flux-operator
@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: flux-operator
+ namespace: flux-system
+ labels:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+ app.kubernetes.io/managed-by: Helm
+spec:
+ ports:
+ - port: 8080
+ targetPort: http-metrics
+ protocol: TCP
+ name: http
+ selector:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+
--- HelmRelease: flux-system/flux-operator Deployment: flux-system/flux-operator
+++ HelmRelease: flux-system/flux-operator Deployment: flux-system/flux-operator
@@ -0,0 +1,89 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: flux-operator
+ namespace: flux-system
+ labels:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+ app.kubernetes.io/managed-by: Helm
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+ template:
+ metadata:
+ annotations:
+ prometheus.io/scrape: 'true'
+ prometheus.io/port: '8080'
+ prometheus.io/path: /metrics
+ labels:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+ app.kubernetes.io/managed-by: Helm
+ spec:
+ serviceAccountName: flux-operator
+ containers:
+ - name: manager
+ args:
+ - --log-level=info
+ env:
+ - name: RUNTIME_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ image: ghcr.io/controlplaneio-fluxcd/flux-operator:v0.12.0
+ imagePullPolicy: IfNotPresent
+ ports:
+ - name: http-metrics
+ containerPort: 8080
+ protocol: TCP
+ - name: http
+ containerPort: 8081
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8081
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ volumeMounts:
+ - name: temp
+ mountPath: /tmp
+ volumes:
+ - name: temp
+ emptyDir: {}
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/os
+ operator: In
+ values:
+ - linux
+
--- HelmRelease: flux-system/flux-operator ServiceMonitor: flux-system/flux-operator
+++ HelmRelease: flux-system/flux-operator ServiceMonitor: flux-system/flux-operator
@@ -0,0 +1,24 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: flux-operator
+ namespace: flux-system
+ labels:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+ app.kubernetes.io/managed-by: Helm
+spec:
+ namespaceSelector:
+ matchNames:
+ - flux-system
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: flux-operator
+ app.kubernetes.io/instance: flux-operator
+ endpoints:
+ - targetPort: 8080
+ path: /metrics
+ interval: 60s
+ scrapeTimeout: 30s
+
--- HelmRelease: flux-system/flux-instance FluxInstance: flux-system/flux
+++ HelmRelease: flux-system/flux-instance FluxInstance: flux-system/flux
@@ -0,0 +1,100 @@
+---
+apiVersion: fluxcd.controlplane.io/v1
+kind: FluxInstance
+metadata:
+ name: flux
+ namespace: flux-system
+ labels:
+ app.kubernetes.io/name: flux-instance
+ app.kubernetes.io/instance: flux-instance
+ app.kubernetes.io/managed-by: Helm
+spec:
+ distribution:
+ version: 2.x
+ registry: ghcr.io/fluxcd
+ artifact: oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests:latest
+ components:
+ - source-controller
+ - kustomize-controller
+ - helm-controller
+ - notification-controller
+ cluster:
+ domain: cluster.local
+ multitenant: false
+ networkPolicy: false
+ tenantDefaultServiceAccount: default
+ type: kubernetes
+ kustomize:
+ patches:
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --concurrent=10
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --requeue-dependency=5s
+ target:
+ kind: Deployment
+ name: (kustomize-controller|helm-controller|source-controller)
+ - patch: |
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ name: all
+ spec:
+ template:
+ spec:
+ containers:
+ - name: manager
+ resources:
+ limits:
+ memory: 2Gi
+ target:
+ kind: Deployment
+ name: (kustomize-controller|helm-controller|source-controller)
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --concurrent=20
+ - op: replace
+ path: /spec/template/spec/volumes/0
+ value:
+ name: temp
+ emptyDir:
+ medium: Memory
+ target:
+ kind: Deployment
+ name: kustomize-controller
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --helm-cache-max-size=10
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --helm-cache-ttl=60m
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --helm-cache-purge-interval=5m
+ target:
+ kind: Deployment
+ name: source-controller
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --feature-gates=OOMWatch=true
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --oom-watch-memory-threshold=95
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --oom-watch-interval=500ms
+ target:
+ kind: Deployment
+ name: helm-controller
+ sync:
+ kind: GitRepository
+ url: ssh://[email protected]/onedr0p/home-ops
+ ref: refs/heads/main
+ path: kubernetes/main/flux/config
+ pullSecret: github-deploy-key
+ |
--- kubernetes/shared Kustomization: flux-system/cluster-shared HelmRepository: flux-system/controlplaneio
+++ kubernetes/shared Kustomization: flux-system/cluster-shared HelmRepository: flux-system/controlplaneio
@@ -0,0 +1,14 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-shared
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: controlplaneio
+ namespace: flux-system
+spec:
+ interval: 5m
+ type: oci
+ url: oci://ghcr.io/controlplaneio-fluxcd/charts
+
--- kubernetes/main/apps/kube-system/cilium/app Kustomization: flux-system/cilium HelmRelease: kube-system/cilium
+++ kubernetes/main/apps/kube-system/cilium/app Kustomization: flux-system/cilium HelmRelease: kube-system/cilium
@@ -25,8 +25,8 @@
cleanupOnFail: true
remediation:
retries: 3
strategy: rollback
valuesFrom:
- kind: ConfigMap
- name: cilium-helm-values-c87c98chck
+ name: cilium-helm-values-k6cfc88875
--- kubernetes/main/apps/kube-system/cilium/app Kustomization: flux-system/cilium ConfigMap: kube-system/cilium-helm-values-c87c98chck
+++ kubernetes/main/apps/kube-system/cilium/app Kustomization: flux-system/cilium ConfigMap: kube-system/cilium-helm-values-c87c98chck
@@ -1,97 +0,0 @@
----
-apiVersion: v1
-data:
- values.yaml: |
- ---
- autoDirectNodeRoutes: true
- bandwidthManager:
- enabled: true
- bbr: true
- bpf:
- datapathMode: netkit
- masquerade: true
- preallocateMaps: true
- tproxy: true
- bgpControlPlane:
- enabled: true
- cgroup:
- automount:
- enabled: false
- hostRoot: /sys/fs/cgroup
- cluster:
- id: 1
- name: main
- cni:
- exclusive: false
- devices: enp+
- enableIPv4BIGTCP: true
- endpointRoutes:
- enabled: true
- envoy:
- enabled: false
- hubble:
- enabled: false
- ipam:
- mode: kubernetes
- ipv4NativeRoutingCIDR: 10.42.0.0/16
- k8sServiceHost: 127.0.0.1
- k8sServicePort: 7445
- kubeProxyReplacement: true
- kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
- l2announcements:
- enabled: true
- loadBalancer:
- algorithm: maglev
- mode: dsr
- localRedirectPolicy: true
- operator:
- replicas: 2
- rollOutPods: true
- prometheus:
- enabled: true
- serviceMonitor:
- enabled: true
- dashboards:
- enabled: true
- prometheus:
- enabled: true
- serviceMonitor:
- enabled: true
- trustCRDsExist: true
- dashboards:
- enabled: true
- rollOutCiliumPods: true
- routingMode: native
- securityContext:
- capabilities:
- ciliumAgent:
- - CHOWN
- - KILL
- - NET_ADMIN
- - NET_RAW
- - IPC_LOCK
- - SYS_ADMIN
- - SYS_RESOURCE
- - PERFMON
- - BPF
- - DAC_OVERRIDE
- - FOWNER
- - SETGID
- - SETUID
- cleanCiliumState:
- - NET_ADMIN
- - SYS_ADMIN
- - SYS_RESOURCE
- # Graceful Helmfile to HelmRelease takeover
- commonLabels:
- helm.toolkit.fluxcd.io/name: cilium
- helm.toolkit.fluxcd.io/namespace: kube-system
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: cilium
- kustomize.toolkit.fluxcd.io/name: cilium
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: cilium-helm-values-c87c98chck
- namespace: kube-system
-
--- kubernetes/main/apps/kube-system/cilium/app Kustomization: flux-system/cilium ConfigMap: kube-system/cilium-helm-values-k6cfc88875
+++ kubernetes/main/apps/kube-system/cilium/app Kustomization: flux-system/cilium ConfigMap: kube-system/cilium-helm-values-k6cfc88875
@@ -0,0 +1,93 @@
+---
+apiVersion: v1
+data:
+ values.yaml: |
+ ---
+ autoDirectNodeRoutes: true
+ bandwidthManager:
+ enabled: true
+ bbr: true
+ bpf:
+ datapathMode: netkit
+ masquerade: true
+ preallocateMaps: true
+ tproxy: true
+ bgpControlPlane:
+ enabled: true
+ cgroup:
+ automount:
+ enabled: false
+ hostRoot: /sys/fs/cgroup
+ cluster:
+ id: 1
+ name: main
+ cni:
+ exclusive: false
+ devices: enp+
+ enableIPv4BIGTCP: true
+ endpointRoutes:
+ enabled: true
+ envoy:
+ enabled: false
+ hubble:
+ enabled: false
+ ipam:
+ mode: kubernetes
+ ipv4NativeRoutingCIDR: 10.42.0.0/16
+ k8sServiceHost: 127.0.0.1
+ k8sServicePort: 7445
+ kubeProxyReplacement: true
+ kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
+ l2announcements:
+ enabled: true
+ loadBalancer:
+ algorithm: maglev
+ mode: dsr
+ localRedirectPolicy: true
+ operator:
+ replicas: 2
+ rollOutPods: true
+ prometheus:
+ enabled: true
+ serviceMonitor:
+ enabled: true
+ dashboards:
+ enabled: true
+ prometheus:
+ enabled: true
+ serviceMonitor:
+ enabled: true
+ trustCRDsExist: true
+ dashboards:
+ enabled: true
+ rollOutCiliumPods: true
+ routingMode: native
+ securityContext:
+ capabilities:
+ ciliumAgent:
+ - CHOWN
+ - KILL
+ - NET_ADMIN
+ - NET_RAW
+ - IPC_LOCK
+ - SYS_ADMIN
+ - SYS_RESOURCE
+ - PERFMON
+ - BPF
+ - DAC_OVERRIDE
+ - FOWNER
+ - SETGID
+ - SETUID
+ cleanCiliumState:
+ - NET_ADMIN
+ - SYS_ADMIN
+ - SYS_RESOURCE
+kind: ConfigMap
+metadata:
+ labels:
+ app.kubernetes.io/name: cilium
+ kustomize.toolkit.fluxcd.io/name: cilium
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: cilium-helm-values-k6cfc88875
+ namespace: kube-system
+
--- kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns HelmRelease: kube-system/coredns
+++ kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns HelmRelease: kube-system/coredns
@@ -25,8 +25,8 @@
cleanupOnFail: true
remediation:
retries: 3
strategy: rollback
valuesFrom:
- kind: ConfigMap
- name: coredns-helm-values-74g8k8h85k
+ name: coredns-helm-values-72bthf6577
--- kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns ConfigMap: kube-system/coredns-helm-values-74g8k8h85k
+++ kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns ConfigMap: kube-system/coredns-helm-values-74g8k8h85k
@@ -1,68 +0,0 @@
----
-apiVersion: v1
-data:
- values.yaml: |
- ---
- fullnameOverride: coredns
- replicaCount: 2
- k8sAppLabelOverride: kube-dns
- serviceAccount:
- create: true
- service:
- name: kube-dns
- clusterIP: 10.43.0.10
- servers:
- - zones:
- - zone: .
- scheme: dns://
- use_tcp: true
- port: 53
- plugins:
- - name: errors
- - name: health
- configBlock: |-
- lameduck 5s
- - name: ready
- - name: log
- configBlock: |-
- class error
- - name: prometheus
- parameters: 0.0.0.0:9153
- - name: kubernetes
- parameters: cluster.local in-addr.arpa ip6.arpa
- configBlock: |-
- pods insecure
- fallthrough in-addr.arpa ip6.arpa
- - name: forward
- parameters: . /etc/resolv.conf
- - name: cache
- parameters: 30
- - name: loop
- - name: reload
- - name: loadbalance
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: node-role.kubernetes.io/control-plane
- operator: Exists
- tolerations:
- - key: CriticalAddonsOnly
- operator: Exists
- - key: node-role.kubernetes.io/control-plane
- operator: Exists
- effect: NoSchedule
- # Graceful Helmfile to HelmRelease takeover
- customLabels:
- helm.toolkit.fluxcd.io/name: coredns
- helm.toolkit.fluxcd.io/namespace: kube-system
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: coredns
- kustomize.toolkit.fluxcd.io/name: coredns
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: coredns-helm-values-74g8k8h85k
- namespace: kube-system
-
--- kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns ConfigMap: kube-system/coredns-helm-values-72bthf6577
+++ kubernetes/main/apps/kube-system/coredns/app Kustomization: flux-system/coredns ConfigMap: kube-system/coredns-helm-values-72bthf6577
@@ -0,0 +1,64 @@
+---
+apiVersion: v1
+data:
+ values.yaml: |
+ ---
+ fullnameOverride: coredns
+ replicaCount: 2
+ k8sAppLabelOverride: kube-dns
+ serviceAccount:
+ create: true
+ service:
+ name: kube-dns
+ clusterIP: 10.43.0.10
+ servers:
+ - zones:
+ - zone: .
+ scheme: dns://
+ use_tcp: true
+ port: 53
+ plugins:
+ - name: errors
+ - name: health
+ configBlock: |-
+ lameduck 5s
+ - name: ready
+ - name: log
+ configBlock: |-
+ class error
+ - name: prometheus
+ parameters: 0.0.0.0:9153
+ - name: kubernetes
+ parameters: cluster.local in-addr.arpa ip6.arpa
+ configBlock: |-
+ pods insecure
+ fallthrough in-addr.arpa ip6.arpa
+ - name: forward
+ parameters: . /etc/resolv.conf
+ - name: cache
+ parameters: 30
+ - name: loop
+ - name: reload
+ - name: loadbalance
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ tolerations:
+ - key: CriticalAddonsOnly
+ operator: Exists
+ - key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ effect: NoSchedule
+kind: ConfigMap
+metadata:
+ labels:
+ app.kubernetes.io/name: coredns
+ kustomize.toolkit.fluxcd.io/name: coredns
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: coredns-helm-values-72bthf6577
+ namespace: kube-system
+
--- kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux HelmRelease: flux-system/flux
+++ kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux HelmRelease: flux-system/flux
@@ -1,32 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- labels:
- app.kubernetes.io/name: flux
- kustomize.toolkit.fluxcd.io/name: flux
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: flux
- namespace: flux-system
-spec:
- chart:
- spec:
- chart: flux2
- sourceRef:
- kind: HelmRepository
- name: fluxcd-community
- namespace: flux-system
- version: 2.14.1
- install:
- remediation:
- retries: 3
- interval: 30m
- upgrade:
- cleanupOnFail: true
- remediation:
- retries: 3
- strategy: rollback
- valuesFrom:
- - kind: ConfigMap
- name: flux-helm-values-thk7hgthck
-
--- kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux PrometheusRule: flux-system/flux-rules
+++ kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux PrometheusRule: flux-system/flux-rules
@@ -1,35 +0,0 @@
----
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
- labels:
- app.kubernetes.io/name: flux
- kustomize.toolkit.fluxcd.io/name: flux
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: flux-rules
- namespace: flux-system
-spec:
- groups:
- - name: flux.rules
- rules:
- - alert: FluxComponentAbsent
- annotations:
- summary: Flux component has disappeared from Prometheus target discovery.
- expr: |
- absent(up{job=~".*flux-system.*"} == 1)
- for: 15m
- labels:
- severity: critical
- - alert: FluxReconciliationFailure
- annotations:
- summary: '{{ $labels.kind }} {{ $labels.namespace }}/{{ $labels.name }} reconciliation
- has been failing for more than 15 minutes.'
- expr: |
- max(gotk_reconcile_condition{status="False",type="Ready"}) by (namespace, name, kind)
- +
- on(namespace, name, kind) (max(gotk_reconcile_condition{status="Deleted"})
- by (namespace, name, kind)) * 2 == 1
- for: 15m
- labels:
- severity: critical
-
--- kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux ConfigMap: flux-system/flux-helm-values-thk7hgthck
+++ kubernetes/main/apps/flux-system/flux/app Kustomization: flux-system/flux ConfigMap: flux-system/flux-helm-values-thk7hgthck
@@ -1,95 +0,0 @@
----
-apiVersion: v1
-data:
- values.yaml: |
- ---
- # Graceful Helmfile to HelmRelease takeover
- x-shared-labels: &labels
- helm.toolkit.fluxcd.io/name: flux
- helm.toolkit.fluxcd.io/namespace: flux-system
-
- crds:
- annotations:
- helm.sh/resource-policy: keep
-
- helmController:
- container:
- additionalArgs:
- # Increase the number of workers and limits
- # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits
- - --concurrent=10
- - --requeue-dependency=5s
- # Flux near OOM detection for Helm
- # Ref: https://fluxcd.io/flux/installation/configuration/helm-oom-detection/
- - --feature-gates=OOMWatch=true
- - --oom-watch-memory-threshold=95
- - --oom-watch-interval=500ms
- labels: *labels
- resources:
- requests:
- cpu: 100m
- limits:
- memory: 2Gi
-
- imageAutomationController:
- create: false
-
- imageReflectionController:
- create: false
-
- kustomizeController:
- container:
- additionalArgs:
- # Increase the number of workers and limits
- # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits
- - --concurrent=10
- - --requeue-dependency=5s
- labels: *labels
- resources:
- requests:
- cpu: 100m
- limits:
- memory: 2Gi
-
- notificationController:
- labels: *labels
- resources:
- requests:
- cpu: 100m
- limits:
- memory: 2Gi
-
- sourceController:
- labels: *labels
- container:
- additionalArgs:
- # Enable Helm repositories caching
- # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-helm-repositories-caching
- - --helm-cache-max-size=10
- - --helm-cache-ttl=60m
- - --helm-cache-purge-interval=5m
- # Increase the number of workers and limits
- # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits
- - --concurrent=10
- - --requeue-dependency=5s
- resources:
- requests:
- cpu: 100m
- limits:
- memory: 2Gi
-
- policies:
- create: false
-
- prometheus:
- podMonitor:
- create: true
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: flux
- kustomize.toolkit.fluxcd.io/name: flux
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: flux-helm-values-thk7hgthck
- namespace: flux-system
-
--- kubernetes/main/apps/kube-system/spegel/app Kustomization: flux-system/spegel HelmRelease: kube-system/spegel
+++ kubernetes/main/apps/kube-system/spegel/app Kustomization: flux-system/spegel HelmRelease: kube-system/spegel
@@ -25,8 +25,8 @@
cleanupOnFail: true
remediation:
retries: 3
strategy: rollback
valuesFrom:
- kind: ConfigMap
- name: spegel-helm-values-k699kdbf56
+ name: spegel-helm-values-6fc949fg8k
--- kubernetes/main/apps/kube-system/spegel/app Kustomization: flux-system/spegel ConfigMap: kube-system/spegel-helm-values-k699kdbf56
+++ kubernetes/main/apps/kube-system/spegel/app Kustomization: flux-system/spegel ConfigMap: kube-system/spegel-helm-values-k699kdbf56
@@ -1,29 +0,0 @@
----
-apiVersion: v1
-data:
- values.yaml: |
- ---
- spegel:
- appendMirrors: true
- containerdSock: /run/containerd/containerd.sock
- containerdRegistryConfigPath: /etc/cri/conf.d/hosts
- service:
- registry:
- hostPort: 29999
- serviceMonitor:
- enabled: true
- grafanaDashboard:
- enabled: true
- # Graceful Helmfile to HelmRelease takeover
- commonLabels:
- helm.toolkit.fluxcd.io/name: spegel
- helm.toolkit.fluxcd.io/namespace: kube-system
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: spegel
- kustomize.toolkit.fluxcd.io/name: spegel
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: spegel-helm-values-k699kdbf56
- namespace: kube-system
-
--- kubernetes/main/apps/kube-system/spegel/app Kustomization: flux-system/spegel ConfigMap: kube-system/spegel-helm-values-6fc949fg8k
+++ kubernetes/main/apps/kube-system/spegel/app Kustomization: flux-system/spegel ConfigMap: kube-system/spegel-helm-values-6fc949fg8k
@@ -0,0 +1,25 @@
+---
+apiVersion: v1
+data:
+ values.yaml: |
+ ---
+ spegel:
+ appendMirrors: true
+ containerdSock: /run/containerd/containerd.sock
+ containerdRegistryConfigPath: /etc/cri/conf.d/hosts
+ service:
+ registry:
+ hostPort: 29999
+ serviceMonitor:
+ enabled: true
+ grafanaDashboard:
+ enabled: true
+kind: ConfigMap
+metadata:
+ labels:
+ app.kubernetes.io/name: spegel
+ kustomize.toolkit.fluxcd.io/name: spegel
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: spegel-helm-values-6fc949fg8k
+ namespace: kube-system
+
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux
+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux
@@ -1,35 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster-apps
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: flux
- namespace: flux-system
-spec:
- commonMetadata:
- labels:
- app.kubernetes.io/name: flux
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- interval: 30m
- path: ./kubernetes/main/apps/flux-system/flux/app
- postBuild:
- substituteFrom:
- - kind: ConfigMap
- name: cluster-settings
- optional: true
- - kind: Secret
- name: cluster-secrets
- optional: true
- prune: false
- sourceRef:
- kind: GitRepository
- name: home-kubernetes
- targetNamespace: flux-system
- timeout: 5m
- wait: false
-
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-github
+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-github
@@ -12,26 +12,24 @@
labels:
app.kubernetes.io/name: flux-github
decryption:
provider: sops
secretRef:
name: sops-age
- dependsOn:
- - name: external-secrets-stores
interval: 30m
- path: ./kubernetes/main/apps/flux-system/flux/github
+ path: ./kubernetes/main/apps/flux-system/github/app
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
optional: true
- kind: Secret
name: cluster-secrets
optional: true
- prune: false
+ prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
targetNamespace: flux-system
timeout: 5m
- wait: false
+ wait: true
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-operator
+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-operator
@@ -0,0 +1,35 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-operator
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: flux-operator
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ interval: 30m
+ path: ./kubernetes/main/apps/flux-system/flux-operator/app
+ postBuild:
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ optional: true
+ - kind: Secret
+ name: cluster-secrets
+ optional: true
+ prune: false
+ sourceRef:
+ kind: GitRepository
+ name: home-kubernetes
+ targetNamespace: flux-system
+ timeout: 5m
+ wait: false
+
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-instance
+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-instance
@@ -0,0 +1,37 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-instance
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: flux-instance
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ dependsOn:
+ - name: flux-operator
+ interval: 30m
+ path: ./kubernetes/main/apps/flux-system/flux-operator/instance
+ postBuild:
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ optional: true
+ - kind: Secret
+ name: cluster-secrets
+ optional: true
+ prune: false
+ sourceRef:
+ kind: GitRepository
+ name: home-kubernetes
+ targetNamespace: flux-system
+ timeout: 5m
+ wait: false
+
--- kubernetes/main/flux Kustomization: flux-system/cluster Kustomization: flux-system/cluster-apps
+++ kubernetes/main/flux Kustomization: flux-system/cluster Kustomization: flux-system/cluster-apps
@@ -1,52 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: cluster-apps
- namespace: flux-system
-spec:
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- interval: 30m
- patches:
- - patch: |-
- apiVersion: kustomize.toolkit.fluxcd.io/v1
- kind: Kustomization
- metadata:
- name: not-used
- spec:
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- postBuild:
- substituteFrom:
- - name: cluster-settings
- kind: ConfigMap
- optional: true
- - name: cluster-secrets
- kind: Secret
- optional: true
- target:
- group: kustomize.toolkit.fluxcd.io
- kind: Kustomization
- labelSelector: substitution.flux.home.arpa/disabled notin (true)
- path: ./kubernetes/main/apps
- postBuild:
- substituteFrom:
- - kind: ConfigMap
- name: cluster-settings
- optional: true
- - kind: Secret
- name: cluster-secrets
- optional: true
- prune: false
- sourceRef:
- kind: GitRepository
- name: home-kubernetes
-
--- kubernetes/main/flux Kustomization: flux-system/cluster GitRepository: flux-system/home-kubernetes
+++ kubernetes/main/flux Kustomization: flux-system/cluster GitRepository: flux-system/home-kubernetes
@@ -1,23 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: home-kubernetes
- namespace: flux-system
-spec:
- ignore: |
- # exclude all
- /*
- # include dirs
- !/kubernetes/main
- !/kubernetes/shared
- interval: 30m
- ref:
- branch: main
- secretRef:
- name: github-deploy-key
- url: ssh://[email protected]/onedr0p/home-ops
-
--- kubernetes/main/flux Kustomization: flux-system/cluster Kustomization: flux-system/cluster-shared
+++ kubernetes/main/flux Kustomization: flux-system/cluster Kustomization: flux-system/cluster-shared
@@ -1,18 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: cluster-shared
- namespace: flux-system
-spec:
- interval: 30m
- path: ./kubernetes/shared
- prune: false
- sourceRef:
- kind: GitRepository
- name: home-kubernetes
- wait: true
-
--- kubernetes/main/flux Kustomization: flux-system/cluster Kustomization: flux-system/cluster
+++ kubernetes/main/flux Kustomization: flux-system/cluster Kustomization: flux-system/cluster
@@ -1,32 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: cluster
- namespace: flux-system
-spec:
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- dependsOn:
- - name: cluster-shared
- interval: 30m
- path: ./kubernetes/main/flux
- postBuild:
- substituteFrom:
- - kind: ConfigMap
- name: cluster-settings
- optional: true
- - kind: Secret
- name: cluster-secrets
- optional: true
- prune: false
- sourceRef:
- kind: GitRepository
- name: home-kubernetes
- wait: false
-
--- kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github ExternalSecret: flux-system/github-token
+++ kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github ExternalSecret: flux-system/github-token
@@ -1,24 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- app.kubernetes.io/name: flux-github
- kustomize.toolkit.fluxcd.io/name: flux-github
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: github-token
- namespace: flux-system
-spec:
- dataFrom:
- - extract:
- key: flux
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- name: github-token-secret
- template:
- data:
- token: '{{ .FLUX_GITHUB_TOKEN }}'
- engineVersion: v2
-
--- kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github Provider: flux-system/github
+++ kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github Provider: flux-system/github
@@ -1,16 +0,0 @@
----
-apiVersion: notification.toolkit.fluxcd.io/v1beta3
-kind: Provider
-metadata:
- labels:
- app.kubernetes.io/name: flux-github
- kustomize.toolkit.fluxcd.io/name: flux-github
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: github
- namespace: flux-system
-spec:
- address: https://github.com/onedr0p/home-ops
- secretRef:
- name: github-token-secret
- type: github
-
--- kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github Alert: flux-system/github
+++ kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github Alert: flux-system/github
@@ -1,18 +0,0 @@
----
-apiVersion: notification.toolkit.fluxcd.io/v1beta3
-kind: Alert
-metadata:
- labels:
- app.kubernetes.io/name: flux-github
- kustomize.toolkit.fluxcd.io/name: flux-github
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: github
- namespace: flux-system
-spec:
- eventSeverity: info
- eventSources:
- - kind: Kustomization
- name: '*'
- providerRef:
- name: github
-
--- kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github ExternalSecret: flux-system/github-webhook-token
+++ kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github ExternalSecret: flux-system/github-webhook-token
@@ -1,24 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- app.kubernetes.io/name: flux-github
- kustomize.toolkit.fluxcd.io/name: flux-github
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: github-webhook-token
- namespace: flux-system
-spec:
- dataFrom:
- - extract:
- key: flux
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- name: github-webhook-token-secret
- template:
- data:
- token: '{{ .FLUX_GITHUB_WEBHOOK_TOKEN }}'
- engineVersion: v2
-
--- kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github Ingress: flux-system/webhook-receiver
+++ kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github Ingress: flux-system/webhook-receiver
@@ -1,24 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- labels:
- app.kubernetes.io/name: flux-github
- kustomize.toolkit.fluxcd.io/name: flux-github
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: webhook-receiver
- namespace: flux-system
-spec:
- ingressClassName: external
- rules:
- - host: flux-webhook.devbu.io
- http:
- paths:
- - backend:
- service:
- name: webhook-receiver
- port:
- number: 80
- path: /hook/
- pathType: Prefix
-
--- kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github Receiver: flux-system/home-ops
+++ kubernetes/main/apps/flux-system/flux/github Kustomization: flux-system/flux-github Receiver: flux-system/home-ops
@@ -1,31 +0,0 @@
----
-apiVersion: notification.toolkit.fluxcd.io/v1
-kind: Receiver
-metadata:
- labels:
- app.kubernetes.io/name: flux-github
- kustomize.toolkit.fluxcd.io/name: flux-github
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: home-ops
- namespace: flux-system
-spec:
- events:
- - ping
- - push
- resources:
- - apiVersion: source.toolkit.fluxcd.io/v1
- kind: GitRepository
- name: home-kubernetes
- namespace: flux-system
- - apiVersion: kustomize.toolkit.fluxcd.io/v1
- kind: Kustomization
- name: cluster
- namespace: flux-system
- - apiVersion: kustomize.toolkit.fluxcd.io/v1
- kind: Kustomization
- name: cluster-apps
- namespace: flux-system
- secretRef:
- name: github-webhook-token-secret
- type: github
-
--- kubernetes/main/apps/flux-system/flux-operator/app Kustomization: flux-system/flux-operator HelmRelease: flux-system/flux-operator
+++ kubernetes/main/apps/flux-system/flux-operator/app Kustomization: flux-system/flux-operator HelmRelease: flux-system/flux-operator
@@ -0,0 +1,32 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-operator
+ kustomize.toolkit.fluxcd.io/name: flux-operator
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-operator
+ namespace: flux-system
+spec:
+ chart:
+ spec:
+ chart: flux-operator
+ sourceRef:
+ kind: HelmRepository
+ name: controlplaneio
+ namespace: flux-system
+ version: 0.12.0
+ install:
+ remediation:
+ retries: 3
+ interval: 30m
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ strategy: rollback
+ valuesFrom:
+ - kind: ConfigMap
+ name: flux-operator-helm-values-fb7h5gm7k8
+
--- kubernetes/main/apps/flux-system/flux-operator/app Kustomization: flux-system/flux-operator ConfigMap: flux-system/flux-operator-helm-values-fb7h5gm7k8
+++ kubernetes/main/apps/flux-system/flux-operator/app Kustomization: flux-system/flux-operator ConfigMap: flux-system/flux-operator-helm-values-fb7h5gm7k8
@@ -0,0 +1,16 @@
+---
+apiVersion: v1
+data:
+ values.yaml: |
+ ---
+ serviceMonitor:
+ create: true
+kind: ConfigMap
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-operator
+ kustomize.toolkit.fluxcd.io/name: flux-operator
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-operator-helm-values-fb7h5gm7k8
+ namespace: flux-system
+
--- kubernetes/main/apps/flux-system/github/app Kustomization: flux-system/flux-github ExternalSecret: flux-system/github-token
+++ kubernetes/main/apps/flux-system/github/app Kustomization: flux-system/flux-github ExternalSecret: flux-system/github-token
@@ -0,0 +1,24 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: github-token
+ namespace: flux-system
+spec:
+ dataFrom:
+ - extract:
+ key: flux
+ secretStoreRef:
+ kind: ClusterSecretStore
+ name: onepassword-connect
+ target:
+ name: github-token-secret
+ template:
+ data:
+ token: '{{ .FLUX_GITHUB_TOKEN }}'
+ engineVersion: v2
+
--- kubernetes/main/apps/flux-system/github/app Kustomization: flux-system/flux-github Provider: flux-system/github
+++ kubernetes/main/apps/flux-system/github/app Kustomization: flux-system/flux-github Provider: flux-system/github
@@ -0,0 +1,16 @@
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Provider
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: github
+ namespace: flux-system
+spec:
+ address: https://github.com/onedr0p/home-ops
+ secretRef:
+ name: github-token-secret
+ type: github
+
--- kubernetes/main/apps/flux-system/github/app Kustomization: flux-system/flux-github Alert: flux-system/github
+++ kubernetes/main/apps/flux-system/github/app Kustomization: flux-system/flux-github Alert: flux-system/github
@@ -0,0 +1,18 @@
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Alert
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: github
+ namespace: flux-system
+spec:
+ eventSeverity: info
+ eventSources:
+ - kind: Kustomization
+ name: '*'
+ providerRef:
+ name: github
+
--- kubernetes/main/apps/flux-system/github/app Kustomization: flux-system/flux-github ExternalSecret: flux-system/github-webhook-token
+++ kubernetes/main/apps/flux-system/github/app Kustomization: flux-system/flux-github ExternalSecret: flux-system/github-webhook-token
@@ -0,0 +1,24 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: github-webhook-token
+ namespace: flux-system
+spec:
+ dataFrom:
+ - extract:
+ key: flux
+ secretStoreRef:
+ kind: ClusterSecretStore
+ name: onepassword-connect
+ target:
+ name: github-webhook-token-secret
+ template:
+ data:
+ token: '{{ .FLUX_GITHUB_WEBHOOK_TOKEN }}'
+ engineVersion: v2
+
--- kubernetes/main/apps/flux-system/github/app Kustomization: flux-system/flux-github Ingress: flux-system/webhook-receiver
+++ kubernetes/main/apps/flux-system/github/app Kustomization: flux-system/flux-github Ingress: flux-system/webhook-receiver
@@ -0,0 +1,24 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: webhook-receiver
+ namespace: flux-system
+spec:
+ ingressClassName: external
+ rules:
+ - host: flux-webhook.devbu.io
+ http:
+ paths:
+ - backend:
+ service:
+ name: webhook-receiver
+ port:
+ number: 80
+ path: /hook/
+ pathType: Prefix
+
--- kubernetes/main/apps/flux-system/github/app Kustomization: flux-system/flux-github Receiver: flux-system/home-ops
+++ kubernetes/main/apps/flux-system/github/app Kustomization: flux-system/flux-github Receiver: flux-system/home-ops
@@ -0,0 +1,31 @@
+---
+apiVersion: notification.toolkit.fluxcd.io/v1
+kind: Receiver
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/name: flux-github
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: home-ops
+ namespace: flux-system
+spec:
+ events:
+ - ping
+ - push
+ resources:
+ - apiVersion: source.toolkit.fluxcd.io/v1
+ kind: GitRepository
+ name: home-kubernetes
+ namespace: flux-system
+ - apiVersion: kustomize.toolkit.fluxcd.io/v1
+ kind: Kustomization
+ name: cluster
+ namespace: flux-system
+ - apiVersion: kustomize.toolkit.fluxcd.io/v1
+ kind: Kustomization
+ name: cluster-apps
+ namespace: flux-system
+ secretRef:
+ name: github-webhook-token-secret
+ type: github
+
--- kubernetes/main/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance HelmRelease: flux-system/flux-instance
+++ kubernetes/main/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance HelmRelease: flux-system/flux-instance
@@ -0,0 +1,32 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-instance
+ kustomize.toolkit.fluxcd.io/name: flux-instance
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-instance
+ namespace: flux-system
+spec:
+ chart:
+ spec:
+ chart: flux-instance
+ sourceRef:
+ kind: HelmRepository
+ name: controlplaneio
+ namespace: flux-system
+ version: 0.12.0
+ install:
+ remediation:
+ retries: 3
+ interval: 30m
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ strategy: rollback
+ valuesFrom:
+ - kind: ConfigMap
+ name: flux-instance-helm-values-t8487gt25m
+
--- kubernetes/main/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance PrometheusRule: flux-system/flux-rules
+++ kubernetes/main/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance PrometheusRule: flux-system/flux-rules
@@ -0,0 +1,35 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-instance
+ kustomize.toolkit.fluxcd.io/name: flux-instance
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-rules
+ namespace: flux-system
+spec:
+ groups:
+ - name: flux.rules
+ rules:
+ - alert: FluxComponentAbsent
+ annotations:
+ summary: Flux component has disappeared from Prometheus target discovery.
+ expr: |
+ absent(up{job=~".*flux-system.*"} == 1)
+ for: 15m
+ labels:
+ severity: critical
+ - alert: FluxReconciliationFailure
+ annotations:
+ summary: '{{ $labels.kind }} {{ $labels.namespace }}/{{ $labels.name }} reconciliation
+ has been failing for more than 15 minutes.'
+ expr: |
+ max(gotk_reconcile_condition{status="False",type="Ready"}) by (namespace, name, kind)
+ +
+ on(namespace, name, kind) (max(gotk_reconcile_condition{status="Deleted"})
+ by (namespace, name, kind)) * 2 == 1
+ for: 15m
+ labels:
+ severity: critical
+
--- kubernetes/main/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance ConfigMap: flux-system/flux-instance-helm-values-t8487gt25m
+++ kubernetes/main/apps/flux-system/flux-operator/instance Kustomization: flux-system/flux-instance ConfigMap: flux-system/flux-instance-helm-values-t8487gt25m
@@ -0,0 +1,104 @@
+---
+apiVersion: v1
+data:
+ values.yaml: |
+ ---
+ instance:
+ cluster:
+ networkPolicy: false
+ components:
+ - source-controller
+ - kustomize-controller
+ - helm-controller
+ - notification-controller
+ sync:
+ kind: GitRepository
+ name: home-kubernetes
+ url: ssh://[email protected]/onedr0p/home-ops
+ ref: refs/heads/main
+ path: kubernetes/main/flux/config
+ pullSecret: github-deploy-key
+ kustomize:
+ patches:
+ # Increase the number of workers and limits
+ # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#increase-the-number-of-workers-and-limits
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --concurrent=10
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --requeue-dependency=5s
+ target:
+ kind: Deployment
+ name: (kustomize-controller|helm-controller|source-controller)
+ - patch: |
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ name: all
+ spec:
+ template:
+ spec:
+ containers:
+ - name: manager
+ resources:
+ limits:
+ memory: 2Gi
+ target:
+ kind: Deployment
+ name: (kustomize-controller|helm-controller|source-controller)
+ # Enable in-memory kustomize builds
+ # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-in-memory-kustomize-builds
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --concurrent=20
+ - op: replace
+ path: /spec/template/spec/volumes/0
+ value:
+ name: temp
+ emptyDir:
+ medium: Memory
+ target:
+ kind: Deployment
+ name: kustomize-controller
+ # Enable Helm repositories caching
+ # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-helm-repositories-caching
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --helm-cache-max-size=10
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --helm-cache-ttl=60m
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --helm-cache-purge-interval=5m
+ target:
+ kind: Deployment
+ name: source-controller
+ # Flux near OOM detection for Helm
+ # Ref: https://fluxcd.io/flux/installation/configuration/helm-oom-detection/
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --feature-gates=OOMWatch=true
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --oom-watch-memory-threshold=95
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --oom-watch-interval=500ms
+ target:
+ kind: Deployment
+ name: helm-controller
+kind: ConfigMap
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-instance
+ kustomize.toolkit.fluxcd.io/name: flux-instance
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-instance-helm-values-t8487gt25m
+ namespace: flux-system
+ |
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Signed-off-by: Devin Buhl <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Brain Dump of migrating from the flux helm chart to the flux operator
flux suspend ks --all,flux delete source git home-kubernetes,flux -n flux-system delete ks cluster,flux delete ks fluxflux delete hr -n flux-system flux,helm uninstall -n flux-system fluxor if not migrating from the flux community chart delete the flux controller deployments in the flux-system namespace.helmfile.yaml...helmfile apply --file helmfile.yaml --skip-diff-on-install --suppress-diffflux resume ks --alland verify all ks have been updated to the new ref:flux get ks -AWE HAVE LIFT OFF 🚀