diff --git a/kubernetes/dev/app/ks.yaml b/kubernetes/dev/app/ks.yaml new file mode 100644 index 0000000..b88c4be --- /dev/null +++ b/kubernetes/dev/app/ks.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: apps + namespace: flux-system +spec: + interval: 10m + path: ./kubernetes/dev/app + prune: true + sourceRef: + kind: GitRepository + name: flux-system + dependsOn: + - name: infrastructure + - name: config + decryption: + provider: sops + secretRef: + name: sops-age + postBuild: + substituteFrom: + - kind: Secret + name: cluster-vars diff --git a/kubernetes/dev/app/lubelogger/ingress.yaml b/kubernetes/dev/app/lubelogger/ingress.yaml new file mode 100644 index 0000000..f5b47d3 --- /dev/null +++ b/kubernetes/dev/app/lubelogger/ingress.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: lubelogger + namespace: lubelogger + annotations: + cert-manager.io/cluster-issuer: letsencrypt +spec: + tls: + - hosts: + - ${LUBELOGGER_HOST} + secretName: lubelogger-tls + rules: + - host: ${LUBELOGGER_HOST} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: lubelogger + port: + number: 8080 diff --git a/kubernetes/dev/config/cluster-vars.sops.yaml b/kubernetes/dev/config/cluster-vars.sops.yaml new file mode 100644 index 0000000..b9666f7 --- /dev/null +++ b/kubernetes/dev/config/cluster-vars.sops.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cluster-vars + namespace: flux-system +stringData: + LUBELOGGER_HOST: ENC[AES256_GCM,data:OvDY/XIE/YW8lSDJmhHYI63r4eLQOojsMjjkUIge,iv:v1JafZB4cmVFjX+yA7FjjoXfx7jPpZQaq1HyXvNXvsY=,tag:+h5Gg/q3bKP3l7xCNLaBqA==,type:str] +sops: + age: + - recipient: age1zffnskvuezntkk703a0pyxsd5m8vx2hm33dr47wdfy8mn4fdw4sqgw0jgc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnQnMvTXBXZUg3eUhLTUtv + NlMxTmw2R0VVeXFBREdiYllweVE0elNqL0hRCjczS3NqVzlaTDhRSFdLMm5WREQx + ZG54Q2tRUk50bXZkd3FLQ3VXRUdaNEEKLS0tIDdpdSswc3pVQ1hFb1VhUWR3dFN4 + LzhUN3Z4cExIL1IyS3ZCNWh5aWpLbDgKQ7c3MmLykA00NaLoctKVDfJvPqTqh3Ia + cDZJUc6jYJXOJYM6YYyZOYcCL2z8V2RpIfA9sPg8PB2eiipZxjk+Cg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-10T12:00:08Z" + mac: ENC[AES256_GCM,data:MeENbnkjALwbIkd833zmBx/nCfCTqO7+5i5L98lI6UJrgOhrT5gsrP33jiWgyv6qPHqbgLb1XzJ/Z+DbTl6O/sW7NDrgRr3AXPg0L6ej1fCCcdpIQDbgkWzcUSgxSfv8WyFINh3f2HP0TFaZNRaDvkR0IDkwR3KHapkM8fl5uxQ=,iv:/RNS5e0IfOLobot6f+IHuYULbXSoLBYlg6EK9j4Bqic=,tag:re0Ip1/1eX96J5HRN3r46Q==,type:str] + encrypted_regex: ^(data|stringData|email)$ + version: 3.11.0 diff --git a/kubernetes/dev/config/ks.yaml b/kubernetes/dev/config/ks.yaml new file mode 100644 index 0000000..be3d20a --- /dev/null +++ b/kubernetes/dev/config/ks.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: config + namespace: flux-system +spec: + interval: 10m + path: ./kubernetes/dev/config + prune: true + sourceRef: + kind: GitRepository + name: flux-system + decryption: + provider: sops + secretRef: + name: sops-age diff --git a/kubernetes/dev/infrastructure/ks.yaml b/kubernetes/dev/infrastructure/ks.yaml new file mode 100644 index 0000000..110c92e --- /dev/null +++ b/kubernetes/dev/infrastructure/ks.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: infrastructure + namespace: flux-system +spec: + interval: 10m + path: ./kubernetes/dev/infrastructure + prune: true + sourceRef: + kind: GitRepository + name: flux-system + decryption: + provider: sops + secretRef: + name: sops-age diff --git a/kubernetes/dev/kustomization.yaml b/kubernetes/dev/kustomization.yaml new file mode 100644 index 0000000..914bd46 --- /dev/null +++ b/kubernetes/dev/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- flux-system +- config/ks.yaml +- infrastructure/ks.yaml +- app/ks.yaml diff --git a/kubernetes/flux-system/gotk-sync.yaml b/kubernetes/flux-system/gotk-sync.yaml index cacceb5..015ee7c 100644 --- a/kubernetes/flux-system/gotk-sync.yaml +++ b/kubernetes/flux-system/gotk-sync.yaml @@ -25,7 +25,3 @@ spec: sourceRef: kind: GitRepository name: flux-system - decryption: - provider: sops - secretRef: - name: sops-age