vynil/addons
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial release

Browse Source
This commit is contained in:
Sébastien Huss
2024-03-19 13:13:53 +01:00
commit 451fdb09fc
391 changed files with 184309 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
workflow/flux/apps_v1_Deployment_helm-controller.yaml Normal file
View File

@@ -0,0 +1,80 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: helm-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
control-plane: controller
name: helm-controller
namespace: flux-system
spec:
replicas: 1
selector:
matchLabels:
app: helm-controller
template:
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: helm-controller
spec:
containers:
- args:
- --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- --watch-all-namespaces
- --log-level=info
- --log-encoding=json
- --enable-leader-election
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: ghcr.io/fluxcd/helm-controller:v0.37.4
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 8080
name: http-prom
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 100m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: temp
priorityClassName: system-cluster-critical
securityContext:
fsGroup: 1337
serviceAccountName: helm-controller
terminationGracePeriodSeconds: 600
volumes:
- emptyDir: {}
name: temp

79
workflow/flux/apps_v1_Deployment_image-automation-controller.yaml Normal file
View File

@@ -0,0 +1,79 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: image-automation-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
control-plane: controller
name: image-automation-controller
namespace: flux-system
spec:
replicas: 1
selector:
matchLabels:
app: image-automation-controller
template:
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: image-automation-controller
spec:
containers:
- args:
- --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- --watch-all-namespaces
- --log-level=info
- --log-encoding=json
- --enable-leader-election
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: ghcr.io/fluxcd/image-automation-controller:v0.37.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 8080
name: http-prom
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 100m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: temp
securityContext:
fsGroup: 1337
serviceAccountName: image-automation-controller
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: temp

83
workflow/flux/apps_v1_Deployment_image-reflector-controller.yaml Normal file
View File

@@ -0,0 +1,83 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: image-reflector-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
control-plane: controller
name: image-reflector-controller
namespace: flux-system
spec:
replicas: 1
selector:
matchLabels:
app: image-reflector-controller
template:
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: image-reflector-controller
spec:
containers:
- args:
- --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- --watch-all-namespaces
- --log-level=info
- --log-encoding=json
- --enable-leader-election
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: ghcr.io/fluxcd/image-reflector-controller:v0.31.2
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 8080
name: http-prom
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 100m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: temp
- mountPath: /data
name: data
securityContext:
fsGroup: 1337
serviceAccountName: image-reflector-controller
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: temp
- emptyDir: {}
name: data

80
workflow/flux/apps_v1_Deployment_kustomize-controller.yaml Normal file
View File

@@ -0,0 +1,80 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: kustomize-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
control-plane: controller
name: kustomize-controller
namespace: flux-system
spec:
replicas: 1
selector:
matchLabels:
app: kustomize-controller
template:
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: kustomize-controller
spec:
containers:
- args:
- --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- --watch-all-namespaces
- --log-level=info
- --log-encoding=json
- --enable-leader-election
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: ghcr.io/fluxcd/kustomize-controller:v1.2.2
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 8080
name: http-prom
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 100m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: temp
priorityClassName: system-cluster-critical
securityContext:
fsGroup: 1337
serviceAccountName: kustomize-controller
terminationGracePeriodSeconds: 60
volumes:
- emptyDir: {}
name: temp

84
workflow/flux/apps_v1_Deployment_notification-controller.yaml Normal file
View File

@@ -0,0 +1,84 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
control-plane: controller
name: notification-controller
namespace: flux-system
spec:
replicas: 1
selector:
matchLabels:
app: notification-controller
template:
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: notification-controller
spec:
containers:
- args:
- --watch-all-namespaces
- --log-level=info
- --log-encoding=json
- --enable-leader-election
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: ghcr.io/fluxcd/notification-controller:v1.2.4
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 9090
name: http
protocol: TCP
- containerPort: 9292
name: http-webhook
protocol: TCP
- containerPort: 8080
name: http-prom
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 100m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: temp
securityContext:
fsGroup: 1337
serviceAccountName: notification-controller
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: temp

93
workflow/flux/apps_v1_Deployment_source-controller.yaml Normal file
View File

@@ -0,0 +1,93 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
control-plane: controller
name: source-controller
namespace: flux-system
spec:
replicas: 1
selector:
matchLabels:
app: source-controller
strategy:
type: Recreate
template:
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: source-controller
spec:
containers:
- args:
- --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- --watch-all-namespaces
- --log-level=info
- --log-encoding=json
- --enable-leader-election
- --storage-path=/data
- --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: TUF_ROOT
value: /tmp/.sigstore
image: ghcr.io/fluxcd/source-controller:v1.2.4
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 9090
name: http
protocol: TCP
- containerPort: 8080
name: http-prom
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /
port: http
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 50m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /data
name: data
- mountPath: /tmp
name: tmp
priorityClassName: system-cluster-critical
securityContext:
fsGroup: 1337
serviceAccountName: source-controller
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: data
- emptyDir: {}
name: tmp

18
workflow/flux/datas.tf Normal file
View File

@@ -0,0 +1,18 @@
locals {
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
}
data "kustomization_overlay" "data" {
namespace = var.namespace
common_labels = local.common-labels
resources = [ for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
}

19
workflow/flux/index.yaml Normal file
View File

@@ -0,0 +1,19 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: workflow
metadata:
name: flux
description: 'FluxCD: Open and extensible Continuous Delivery solution for Kubernetes.'
options:
release:
default: 2.2.3
examples:
- 2.2.3
type: string
dependencies:
- dist: null
category: crd
component: flux
providers: null
tfaddtype: null

18
workflow/flux/networking.k8s.io_v1_NetworkPolicy_allow-egress.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
name: allow-egress
namespace: flux-system
spec:
egress:
- {}
ingress:
- from:
- podSelector: {}
podSelector: {}
policyTypes:
- Ingress
- Egress

18
workflow/flux/networking.k8s.io_v1_NetworkPolicy_allow-scraping.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
name: allow-scraping
namespace: flux-system
spec:
ingress:
- from:
- namespaceSelector: {}
ports:
- port: 8080
protocol: TCP
podSelector: {}
policyTypes:
- Ingress

17
workflow/flux/networking.k8s.io_v1_NetworkPolicy_allow-webhooks.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
name: allow-webhooks
namespace: flux-system
spec:
ingress:
- from:
- namespaceSelector: {}
podSelector:
matchLabels:
app: notification-controller
policyTypes:
- Ingress

18
workflow/flux/rbac.authorization.k8s.io_v1_ClusterRoleBinding_cluster-reconciler.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
name: cluster-reconciler
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kustomize-controller
namespace: flux-system
- kind: ServiceAccount
name: helm-controller
namespace: flux-system

30
workflow/flux/rbac.authorization.k8s.io_v1_ClusterRoleBinding_crd-controller.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
name: crd-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: crd-controller
subjects:
- kind: ServiceAccount
name: kustomize-controller
namespace: flux-system
- kind: ServiceAccount
name: helm-controller
namespace: flux-system
- kind: ServiceAccount
name: source-controller
namespace: flux-system
- kind: ServiceAccount
name: notification-controller
namespace: flux-system
- kind: ServiceAccount
name: image-reflector-controller
namespace: flux-system
- kind: ServiceAccount
name: image-automation-controller
namespace: flux-system

88
workflow/flux/rbac.authorization.k8s.io_v1_ClusterRole_crd-controller.yaml Normal file
View File

@@ -0,0 +1,88 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
name: crd-controller
rules:
- apiGroups:
- source.toolkit.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- kustomize.toolkit.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- helm.toolkit.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- notification.toolkit.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- image.toolkit.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
- secrets
- configmaps
- serviceaccounts
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete

24
workflow/flux/rbac.authorization.k8s.io_v1_ClusterRole_flux-edit.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: flux-edit
rules:
- apiGroups:
- notification.toolkit.fluxcd.io
- source.toolkit.fluxcd.io
- helm.toolkit.fluxcd.io
- image.toolkit.fluxcd.io
- kustomize.toolkit.fluxcd.io
resources:
- '*'
verbs:
- create
- delete
- deletecollection
- patch
- update

23
workflow/flux/rbac.authorization.k8s.io_v1_ClusterRole_flux-view.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: flux-view
rules:
- apiGroups:
- notification.toolkit.fluxcd.io
- source.toolkit.fluxcd.io
- helm.toolkit.fluxcd.io
- image.toolkit.fluxcd.io
- kustomize.toolkit.fluxcd.io
resources:
- '*'
verbs:
- get
- list
- watch

18
workflow/flux/v1_ResourceQuota_critical-pods.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: ResourceQuota
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
name: critical-pods
namespace: flux-system
spec:
hard:
pods: "1000"
scopeSelector:
matchExpressions:
- operator: In
scopeName: PriorityClass
values:
- system-node-critical
- system-cluster-critical

9
workflow/flux/v1_ServiceAccount_helm-controller.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: helm-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
name: helm-controller
namespace: flux-system

9
workflow/flux/v1_ServiceAccount_image-automation-controller.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: image-automation-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
name: image-automation-controller
namespace: flux-system

9
workflow/flux/v1_ServiceAccount_image-reflector-controller.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: image-reflector-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
name: image-reflector-controller
namespace: flux-system

9
workflow/flux/v1_ServiceAccount_kustomize-controller.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: kustomize-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
name: kustomize-controller
namespace: flux-system

9
workflow/flux/v1_ServiceAccount_notification-controller.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
name: notification-controller
namespace: flux-system

9
workflow/flux/v1_ServiceAccount_source-controller.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
name: source-controller
namespace: flux-system

19
workflow/flux/v1_Service_notification-controller.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
control-plane: controller
name: notification-controller
namespace: flux-system
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
app: notification-controller
type: ClusterIP

19
workflow/flux/v1_Service_source-controller.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: source-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
control-plane: controller
name: source-controller
namespace: flux-system
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
app: source-controller
type: ClusterIP

19
workflow/flux/v1_Service_webhook-receiver.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: notification-controller
app.kubernetes.io/instance: flux-system
app.kubernetes.io/part-of: flux
control-plane: controller
name: webhook-receiver
namespace: flux-system
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http-webhook
selector:
app: notification-controller
type: ClusterIP