diff --git a/src/clusters/main/services/kustomization.yaml b/src/clusters/main/services/kustomization.yaml index d6c40cc..e41509d 100644 --- a/src/clusters/main/services/kustomization.yaml +++ b/src/clusters/main/services/kustomization.yaml @@ -12,6 +12,7 @@ resources: - octopus/octopus.yaml - pelican/pelican.yaml - quokka/quokka.yaml + - scorpion/scorpion.yaml # Apply patches for common configurations patches: # Set patch to add labels to all resources in nested Kustomizations diff --git a/src/clusters/main/services/scorpion/kustomize/kustomization.yaml b/src/clusters/main/services/scorpion/kustomize/kustomization.yaml new file mode 100644 index 0000000..090f14a --- /dev/null +++ b/src/clusters/main/services/scorpion/kustomize/kustomization.yaml @@ -0,0 +1,8 @@ +# Create scorpion Kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +# Include the following resources +resources: + - scorpion-helm/scorpion-helm.yaml + - scorpion-namespace/scorpion-namespace.yaml + - scorpion-traefik/scorpion-traefik.yaml diff --git a/src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/configurations/names.yaml b/src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/configurations/names.yaml new file mode 100644 index 0000000..f1d6512 --- /dev/null +++ b/src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/configurations/names.yaml @@ -0,0 +1,8 @@ +# Configure names transformer +nameReference: + - kind: Secret + fieldSpecs: + # Replace secret names in HelmReleases + - group: helm.toolkit.fluxcd.io + kind: HelmRelease + path: spec/valuesFrom/name diff --git a/src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/kustomization.yaml b/src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/kustomization.yaml new file mode 100644 index 0000000..60e3951 --- /dev/null +++ b/src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/kustomization.yaml @@ -0,0 +1,17 @@ +# Create scorpion-helm Kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +# Include the following configuration files +configurations: + - configurations/names.yaml +# Include the following resources +resources: + - resources/release.yaml + - resources/repository.yaml +# Generate secrets +secretGenerator: + - files: + # It's important to include extension in the key + # SOPS will use it to determine the format of the content + - values.yaml=secrets/values.yaml + name: scorpion-helm-secrets-values diff --git a/src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/resources/release.yaml b/src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/resources/release.yaml new file mode 100644 index 0000000..a3d9e92 --- /dev/null +++ b/src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/resources/release.yaml @@ -0,0 +1,36 @@ +# Create scorpion Helm release +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: scorpion +spec: + chart: + spec: + # Use this chart from the repository + chart: scorpion + # Pin version to major + version: "0.x" + # Use this Helm repository + sourceRef: + kind: HelmRepository + name: radio-aktywne + # This key always needs to be here for patching to work + postRenderers: [] + values: + scorpion: + cookies: + domain: spietras.dev + urls: + issuer: https://scorpion.k8s.spietras.dev + public: https://scorpion.k8s.spietras.dev + admin: https://admin.scorpion.k8s.spietras.dev + crocus: + public: + scheme: https + host: crocus.k8s.spietras.dev + port: "" + path: "" + valuesFrom: + - kind: Secret + name: scorpion-helm-secrets-values + valuesKey: values.yaml diff --git a/src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/resources/repository.yaml b/src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/resources/repository.yaml new file mode 100644 index 0000000..6421736 --- /dev/null +++ b/src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/resources/repository.yaml @@ -0,0 +1,8 @@ +# Create scorpion Helm repository +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: radio-aktywne +spec: + type: oci + url: oci://ghcr.io/radio-aktywne/charts diff --git a/src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/secrets/values.yaml b/src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/secrets/values.yaml new file mode 100644 index 0000000..2e61f02 --- /dev/null +++ b/src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/secrets/values.yaml @@ -0,0 +1,38 @@ +scorpion: + secrets: + system: + - ENC[AES256_GCM,data:7LSGi+dLFXdrtTALIW8w/iZI,iv:FkJJJyM08dLH7GR+VkhuJdsSW6o4vu0bXRKYPEbPqyc=,tag:vCwpw5BEiL0ImQyXLiZU4g==,type:str] + cookie: + - ENC[AES256_GCM,data:PsLehl5I7tLEbph/lALGCTUc,iv:RY6AgCyVU/kaoIxENZkqJB8SY4QyuXJgmlX3j67IuUA=,tag:Sbw6gAUJNAbefV7anc5ldw==,type:str] + diamond: + sql: + password: ENC[AES256_GCM,data:HhcYGvMvifU=,iv:sRCm5V6CG9LSWJiE19bSiIb5RSibKNOUu9La4JoNXYs=,tag:5d8gzothUdim5Rm/ExOhJw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age14uepygtepskwehywergh9fe9j2a3ytqd80y9r2ekfmett6rq3peqjtgxns + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGY1ZoYlZvWG04Zk9ZdXh2 + T0VWUk1oY0R0eEtpQnJRcWIzUXozQUlGOVRNCitxY0h5b3l6QnN2ejNZQ3Z1aXJX + aWhuNjZtYVNlTi9vV2pJOXJ3dkpZQjQKLS0tIGtJdFNOaDVtWXQ5aTd5L1diTzhw + c2RmaXczVnY0azVqWEtZTHQ5YUZFYkEK57cPtu0CelzVM9LFR/i3qUbAPt6HRAUZ + jAlPDHIQqQWeJE7x8E3CwCT3Z7LyA3fgSlt8eZ/n1OE6hNc1uWRz4Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1y5lqafxarcnlrduh8k3tycnaq63v2alagmtkf0k9gd59pg263axqtt928v + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOalFvczJlL2xpUlVEblRD + TGlid0dzRWhxYTBUZENVQzNESGtyTmkvcVFJCmxtWDQyb2VJNUNPaEVJVzVja0RK + aEVOZ2ZsMmZTckduVGRzcHFWSUFJdjAKLS0tIFRHZ3M0dUlob0p6R0JPQlpSWG0x + cm1sN3U1VnZNNTU1NFQ2UlRmSUJiVUkKcDxNEToerq/aAa+m8Bmyg9R+UsuMXwx/ + 1guqoWy3m4ucGQBi7eCswg5m+rGee+FgzlQsan9EQwL8Zhh8sTwlaQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-27T12:17:53Z" + mac: ENC[AES256_GCM,data:vg58H9fgyhkpQ44Sgv4J5d9e47I7/UzZc9L828fMbOJWGO9vkTOL+aiRh7IHo9u4cukeDGQApT5wAfw2fXBjVmIHytjjNtU7UgDPSRlWGYHhuyeVVOMkEVxObxh1UeNyHrs6dyNnTdeb5c4Q+/lPddWvvk1RkcqtDsCFu27jo9g=,iv:J+AY2QcQfA1Aqfmaphas3tNXStv3qdf/9ILMCToVn/Y=,tag:V9zHXoSjyB4tb+oc3wiD7A==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/src/clusters/main/services/scorpion/kustomize/scorpion-helm/scorpion-helm.yaml b/src/clusters/main/services/scorpion/kustomize/scorpion-helm/scorpion-helm.yaml new file mode 100644 index 0000000..e625001 --- /dev/null +++ b/src/clusters/main/services/scorpion/kustomize/scorpion-helm/scorpion-helm.yaml @@ -0,0 +1,13 @@ +# Create scorpion-helm Kustomization +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: scorpion-helm +spec: + # Path inside repository to a directory containing Kustomization files + path: src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize + dependsOn: + # Deploy namespace first + - name: scorpion-namespace + # This key always needs to be here for patching to work + patches: [] diff --git a/src/clusters/main/services/scorpion/kustomize/scorpion-namespace/kustomize/kustomization.yaml b/src/clusters/main/services/scorpion/kustomize/scorpion-namespace/kustomize/kustomization.yaml new file mode 100644 index 0000000..4a6a48b --- /dev/null +++ b/src/clusters/main/services/scorpion/kustomize/scorpion-namespace/kustomize/kustomization.yaml @@ -0,0 +1,6 @@ +# Create scorpion-namespace Kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +# Include the following resources +resources: + - resources/namespace.yaml diff --git a/src/clusters/main/services/scorpion/kustomize/scorpion-namespace/kustomize/resources/namespace.yaml b/src/clusters/main/services/scorpion/kustomize/scorpion-namespace/kustomize/resources/namespace.yaml new file mode 100644 index 0000000..f7e31f3 --- /dev/null +++ b/src/clusters/main/services/scorpion/kustomize/scorpion-namespace/kustomize/resources/namespace.yaml @@ -0,0 +1,5 @@ +# Create scorpion namespace +apiVersion: v1 +kind: Namespace +metadata: + name: scorpion diff --git a/src/clusters/main/services/scorpion/kustomize/scorpion-namespace/scorpion-namespace.yaml b/src/clusters/main/services/scorpion/kustomize/scorpion-namespace/scorpion-namespace.yaml new file mode 100644 index 0000000..b95e35a --- /dev/null +++ b/src/clusters/main/services/scorpion/kustomize/scorpion-namespace/scorpion-namespace.yaml @@ -0,0 +1,10 @@ +# Create scorpion-namespace Kustomization +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: scorpion-namespace +spec: + # Path inside repository to a directory containing Kustomization files + path: src/clusters/main/services/scorpion/kustomize/scorpion-namespace/kustomize + # This key always needs to be here for patching to work + patches: [] diff --git a/src/clusters/main/services/scorpion/kustomize/scorpion-traefik/kustomize/kustomization.yaml b/src/clusters/main/services/scorpion/kustomize/scorpion-traefik/kustomize/kustomization.yaml new file mode 100644 index 0000000..bfb2ad0 --- /dev/null +++ b/src/clusters/main/services/scorpion/kustomize/scorpion-traefik/kustomize/kustomization.yaml @@ -0,0 +1,7 @@ +# Create scorpion-traefik Kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +# Include the following resources +resources: + - resources/routes/public.yaml + - resources/routes/admin.yaml diff --git a/src/clusters/main/services/scorpion/kustomize/scorpion-traefik/kustomize/resources/routes/admin.yaml b/src/clusters/main/services/scorpion/kustomize/scorpion-traefik/kustomize/resources/routes/admin.yaml new file mode 100644 index 0000000..4c9213c --- /dev/null +++ b/src/clusters/main/services/scorpion/kustomize/scorpion-traefik/kustomize/resources/routes/admin.yaml @@ -0,0 +1,18 @@ +# Create admin ingress route for scorpion +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: scorpion-admin +spec: + entryPoints: + # Use entrypoint for HTTPS traffic + - https + routes: + # Match traffic with the Host header + - match: HostRegexp(`admin\.scorpion\..*`) + kind: Rule + services: + # Route traffic to the scorpion service + - name: scorpion + # This is the name of the port in the service + port: admin diff --git a/src/clusters/main/services/scorpion/kustomize/scorpion-traefik/kustomize/resources/routes/public.yaml b/src/clusters/main/services/scorpion/kustomize/scorpion-traefik/kustomize/resources/routes/public.yaml new file mode 100644 index 0000000..479992a --- /dev/null +++ b/src/clusters/main/services/scorpion/kustomize/scorpion-traefik/kustomize/resources/routes/public.yaml @@ -0,0 +1,18 @@ +# Create public ingress route for scorpion +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: scorpion-public +spec: + entryPoints: + # Use entrypoint for HTTPS traffic + - https + routes: + # Match traffic with the Host header + - match: HostRegexp(`scorpion\..*`) + kind: Rule + services: + # Route traffic to the scorpion service + - name: scorpion + # This is the name of the port in the service + port: public diff --git a/src/clusters/main/services/scorpion/kustomize/scorpion-traefik/scorpion-traefik.yaml b/src/clusters/main/services/scorpion/kustomize/scorpion-traefik/scorpion-traefik.yaml new file mode 100644 index 0000000..3663043 --- /dev/null +++ b/src/clusters/main/services/scorpion/kustomize/scorpion-traefik/scorpion-traefik.yaml @@ -0,0 +1,13 @@ +# Create scorpion-traefik Kustomization +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: scorpion-traefik +spec: + # Path inside repository to a directory containing Kustomization files + path: src/clusters/main/services/scorpion/kustomize/scorpion-traefik/kustomize + dependsOn: + # Deploy Helm release first + - name: scorpion-helm + # This key always needs to be here for patching to work + patches: [] diff --git a/src/clusters/main/services/scorpion/scorpion.yaml b/src/clusters/main/services/scorpion/scorpion.yaml new file mode 100644 index 0000000..83337e9 --- /dev/null +++ b/src/clusters/main/services/scorpion/scorpion.yaml @@ -0,0 +1,25 @@ +# Create scorpion Kustomization +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: scorpion +spec: + # Path inside repository to a directory containing Kustomization files + path: src/clusters/main/services/scorpion/kustomize + dependsOn: + # Deploy Traefik first + - name: traefik + # Apply patches for common configurations + # This key always needs to be here for patching to work + patches: + # Set target namespace + - target: + group: kustomize.toolkit.fluxcd.io + kind: Kustomization + name: .* + patch: | + kind: . + metadata: + name: . + spec: + targetNamespace: scorpion diff --git a/tests/clusters/ci/main/services/kustomization.yaml b/tests/clusters/ci/main/services/kustomization.yaml index d6c40cc..e41509d 100644 --- a/tests/clusters/ci/main/services/kustomization.yaml +++ b/tests/clusters/ci/main/services/kustomization.yaml @@ -12,6 +12,7 @@ resources: - octopus/octopus.yaml - pelican/pelican.yaml - quokka/quokka.yaml + - scorpion/scorpion.yaml # Apply patches for common configurations patches: # Set patch to add labels to all resources in nested Kustomizations diff --git a/tests/clusters/ci/main/services/scorpion/kustomize/kustomization.yaml b/tests/clusters/ci/main/services/scorpion/kustomize/kustomization.yaml new file mode 100644 index 0000000..090f14a --- /dev/null +++ b/tests/clusters/ci/main/services/scorpion/kustomize/kustomization.yaml @@ -0,0 +1,8 @@ +# Create scorpion Kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +# Include the following resources +resources: + - scorpion-helm/scorpion-helm.yaml + - scorpion-namespace/scorpion-namespace.yaml + - scorpion-traefik/scorpion-traefik.yaml diff --git a/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/kustomize/kustomization.yaml b/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/kustomize/kustomization.yaml new file mode 100644 index 0000000..68ed394 --- /dev/null +++ b/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/kustomize/kustomization.yaml @@ -0,0 +1,7 @@ +# Create scorpion-helm Kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +# Include the following resources +resources: + - resources/release.yaml + - resources/repository.yaml diff --git a/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/kustomize/resources/release.yaml b/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/kustomize/resources/release.yaml new file mode 100644 index 0000000..d8435aa --- /dev/null +++ b/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/kustomize/resources/release.yaml @@ -0,0 +1,18 @@ +# Create scorpion Helm release +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: scorpion +spec: + chart: + spec: + # Use this chart from the repository + chart: scorpion + # Pin version to major + version: "0.x" + # Use this Helm repository + sourceRef: + kind: HelmRepository + name: radio-aktywne + # This key always needs to be here for patching to work + postRenderers: [] diff --git a/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/kustomize/resources/repository.yaml b/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/kustomize/resources/repository.yaml new file mode 100644 index 0000000..6421736 --- /dev/null +++ b/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/kustomize/resources/repository.yaml @@ -0,0 +1,8 @@ +# Create scorpion Helm repository +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: radio-aktywne +spec: + type: oci + url: oci://ghcr.io/radio-aktywne/charts diff --git a/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/scorpion-helm.yaml b/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/scorpion-helm.yaml new file mode 100644 index 0000000..73302b9 --- /dev/null +++ b/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/scorpion-helm.yaml @@ -0,0 +1,13 @@ +# Create scorpion-helm Kustomization +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: scorpion-helm +spec: + # Path inside repository to a directory containing Kustomization files + path: tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/kustomize + dependsOn: + # Deploy namespace first + - name: scorpion-namespace + # This key always needs to be here for patching to work + patches: [] diff --git a/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-namespace/kustomize/kustomization.yaml b/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-namespace/kustomize/kustomization.yaml new file mode 100644 index 0000000..5ed136c --- /dev/null +++ b/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-namespace/kustomize/kustomization.yaml @@ -0,0 +1,5 @@ +# Overlay scorpion-namespace Kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../../../../../../../src/clusters/main/services/scorpion/kustomize/scorpion-namespace/kustomize diff --git a/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-namespace/scorpion-namespace.yaml b/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-namespace/scorpion-namespace.yaml new file mode 100644 index 0000000..7ae4108 --- /dev/null +++ b/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-namespace/scorpion-namespace.yaml @@ -0,0 +1,10 @@ +# Create scorpion-namespace Kustomization +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: scorpion-namespace +spec: + # Path inside repository to a directory containing Kustomization files + path: tests/clusters/ci/main/services/scorpion/kustomize/scorpion-namespace/kustomize + # This key always needs to be here for patching to work + patches: [] diff --git a/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-traefik/kustomize/kustomization.yaml b/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-traefik/kustomize/kustomization.yaml new file mode 100644 index 0000000..9d3e802 --- /dev/null +++ b/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-traefik/kustomize/kustomization.yaml @@ -0,0 +1,5 @@ +# Overlay scorpion-traefik Kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../../../../../../../src/clusters/main/services/scorpion/kustomize/scorpion-traefik/kustomize diff --git a/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-traefik/scorpion-traefik.yaml b/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-traefik/scorpion-traefik.yaml new file mode 100644 index 0000000..3bee15a --- /dev/null +++ b/tests/clusters/ci/main/services/scorpion/kustomize/scorpion-traefik/scorpion-traefik.yaml @@ -0,0 +1,13 @@ +# Create scorpion-traefik Kustomization +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: scorpion-traefik +spec: + # Path inside repository to a directory containing Kustomization files + path: tests/clusters/ci/main/services/scorpion/kustomize/scorpion-traefik/kustomize + dependsOn: + # Deploy Helm release first + - name: scorpion-helm + # This key always needs to be here for patching to work + patches: [] diff --git a/tests/clusters/ci/main/services/scorpion/scorpion.yaml b/tests/clusters/ci/main/services/scorpion/scorpion.yaml new file mode 100644 index 0000000..6c8681b --- /dev/null +++ b/tests/clusters/ci/main/services/scorpion/scorpion.yaml @@ -0,0 +1,25 @@ +# Create scorpion Kustomization +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: scorpion +spec: + # Path inside repository to a directory containing Kustomization files + path: tests/clusters/ci/main/services/scorpion/kustomize + dependsOn: + # Deploy Traefik first + - name: traefik + # Apply patches for common configurations + # This key always needs to be here for patching to work + patches: + # Set target namespace + - target: + group: kustomize.toolkit.fluxcd.io + kind: Kustomization + name: .* + patch: | + kind: . + metadata: + name: . + spec: + targetNamespace: scorpion