Added scorpion resources (#126)

src/clusters/main/services/kustomization.yaml

@@ -12,6 +12,7 @@ resources:
   - octopus/octopus.yaml
   - pelican/pelican.yaml
   - quokka/quokka.yaml
+  - scorpion/scorpion.yaml
 # Apply patches for common configurations
 patches:
   # Set patch to add labels to all resources in nested Kustomizations

src/clusters/main/services/scorpion/kustomize/kustomization.yaml

@@ -0,0 +1,8 @@
+# Create scorpion Kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# Include the following resources
+resources:
+  - scorpion-helm/scorpion-helm.yaml
+  - scorpion-namespace/scorpion-namespace.yaml
+  - scorpion-traefik/scorpion-traefik.yaml

src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/configurations/names.yaml

@@ -0,0 +1,8 @@
+# Configure names transformer
+nameReference:
+  - kind: Secret
+    fieldSpecs:
+      # Replace secret names in HelmReleases
+      - group: helm.toolkit.fluxcd.io
+        kind: HelmRelease
+        path: spec/valuesFrom/name

src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/kustomization.yaml

@@ -0,0 +1,17 @@
+# Create scorpion-helm Kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# Include the following configuration files
+configurations:
+  - configurations/names.yaml
+# Include the following resources
+resources:
+  - resources/release.yaml
+  - resources/repository.yaml
+# Generate secrets
+secretGenerator:
+  - files:
+      # It's important to include extension in the key
+      # SOPS will use it to determine the format of the content
+      - values.yaml=secrets/values.yaml
+    name: scorpion-helm-secrets-values

src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/resources/release.yaml

@@ -0,0 +1,36 @@
+# Create scorpion Helm release
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: scorpion
+spec:
+  chart:
+    spec:
+      # Use this chart from the repository
+      chart: scorpion
+      # Pin version to major
+      version: "0.x"
+      # Use this Helm repository
+      sourceRef:
+        kind: HelmRepository
+        name: radio-aktywne
+  # This key always needs to be here for patching to work
+  postRenderers: []
+  values:
+    scorpion:
+      cookies:
+        domain: spietras.dev
+      urls:
+        issuer: https://scorpion.k8s.spietras.dev
+        public: https://scorpion.k8s.spietras.dev
+        admin: https://admin.scorpion.k8s.spietras.dev
+      crocus:
+        public:
+          scheme: https
+          host: crocus.k8s.spietras.dev
+          port: null
+      debug: false
+  valuesFrom:
+    - kind: Secret
+      name: scorpion-helm-secrets-values
+      valuesKey: values.yaml

src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/resources/repository.yaml

@@ -0,0 +1,8 @@
+# Create scorpion Helm repository
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: radio-aktywne
+spec:
+  type: oci
+  url: oci://ghcr.io/radio-aktywne/charts

src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize/secrets/values.yaml

@@ -0,0 +1,38 @@
+scorpion:
+  secrets:
+    system:
+      - ENC[AES256_GCM,data:7LSGi+dLFXdrtTALIW8w/iZI,iv:FkJJJyM08dLH7GR+VkhuJdsSW6o4vu0bXRKYPEbPqyc=,tag:vCwpw5BEiL0ImQyXLiZU4g==,type:str]
+    cookie:
+      - ENC[AES256_GCM,data:PsLehl5I7tLEbph/lALGCTUc,iv:RY6AgCyVU/kaoIxENZkqJB8SY4QyuXJgmlX3j67IuUA=,tag:Sbw6gAUJNAbefV7anc5ldw==,type:str]
+  diamond:
+    sql:
+      password: ENC[AES256_GCM,data:HhcYGvMvifU=,iv:sRCm5V6CG9LSWJiE19bSiIb5RSibKNOUu9La4JoNXYs=,tag:5d8gzothUdim5Rm/ExOhJw==,type:str]
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age:
+    - recipient: age14uepygtepskwehywergh9fe9j2a3ytqd80y9r2ekfmett6rq3peqjtgxns
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGY1ZoYlZvWG04Zk9ZdXh2
+        T0VWUk1oY0R0eEtpQnJRcWIzUXozQUlGOVRNCitxY0h5b3l6QnN2ejNZQ3Z1aXJX
+        aWhuNjZtYVNlTi9vV2pJOXJ3dkpZQjQKLS0tIGtJdFNOaDVtWXQ5aTd5L1diTzhw
+        c2RmaXczVnY0azVqWEtZTHQ5YUZFYkEK57cPtu0CelzVM9LFR/i3qUbAPt6HRAUZ
+        jAlPDHIQqQWeJE7x8E3CwCT3Z7LyA3fgSlt8eZ/n1OE6hNc1uWRz4Q==
+        -----END AGE ENCRYPTED FILE-----
+    - recipient: age1y5lqafxarcnlrduh8k3tycnaq63v2alagmtkf0k9gd59pg263axqtt928v
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOalFvczJlL2xpUlVEblRD
+        TGlid0dzRWhxYTBUZENVQzNESGtyTmkvcVFJCmxtWDQyb2VJNUNPaEVJVzVja0RK
+        aEVOZ2ZsMmZTckduVGRzcHFWSUFJdjAKLS0tIFRHZ3M0dUlob0p6R0JPQlpSWG0x
+        cm1sN3U1VnZNNTU1NFQ2UlRmSUJiVUkKcDxNEToerq/aAa+m8Bmyg9R+UsuMXwx/
+        1guqoWy3m4ucGQBi7eCswg5m+rGee+FgzlQsan9EQwL8Zhh8sTwlaQ==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2024-10-27T12:17:53Z"
+  mac: ENC[AES256_GCM,data:vg58H9fgyhkpQ44Sgv4J5d9e47I7/UzZc9L828fMbOJWGO9vkTOL+aiRh7IHo9u4cukeDGQApT5wAfw2fXBjVmIHytjjNtU7UgDPSRlWGYHhuyeVVOMkEVxObxh1UeNyHrs6dyNnTdeb5c4Q+/lPddWvvk1RkcqtDsCFu27jo9g=,iv:J+AY2QcQfA1Aqfmaphas3tNXStv3qdf/9ILMCToVn/Y=,tag:V9zHXoSjyB4tb+oc3wiD7A==,type:str]
+  pgp: []
+  unencrypted_suffix: _unencrypted
+  version: 3.8.1

src/clusters/main/services/scorpion/kustomize/scorpion-helm/scorpion-helm.yaml

@@ -0,0 +1,13 @@
+# Create scorpion-helm Kustomization
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: scorpion-helm
+spec:
+  # Path inside repository to a directory containing Kustomization files
+  path: src/clusters/main/services/scorpion/kustomize/scorpion-helm/kustomize
+  dependsOn:
+    # Deploy namespace first
+    - name: scorpion-namespace
+  # This key always needs to be here for patching to work
+  patches: []

src/clusters/main/services/scorpion/kustomize/scorpion-namespace/kustomize/kustomization.yaml

@@ -0,0 +1,6 @@
+# Create scorpion-namespace Kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# Include the following resources
+resources:
+  - resources/namespace.yaml

src/clusters/main/services/scorpion/kustomize/scorpion-namespace/kustomize/resources/namespace.yaml

@@ -0,0 +1,5 @@
+# Create scorpion namespace
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: scorpion

src/clusters/main/services/scorpion/kustomize/scorpion-namespace/scorpion-namespace.yaml

@@ -0,0 +1,10 @@
+# Create scorpion-namespace Kustomization
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: scorpion-namespace
+spec:
+  # Path inside repository to a directory containing Kustomization files
+  path: src/clusters/main/services/scorpion/kustomize/scorpion-namespace/kustomize
+  # This key always needs to be here for patching to work
+  patches: []

src/clusters/main/services/scorpion/kustomize/scorpion-traefik/kustomize/kustomization.yaml

@@ -0,0 +1,7 @@
+# Create scorpion-traefik Kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# Include the following resources
+resources:
+  - resources/routes/public.yaml
+  - resources/routes/admin.yaml

src/clusters/main/services/scorpion/kustomize/scorpion-traefik/kustomize/resources/routes/admin.yaml

@@ -0,0 +1,18 @@
+# Create admin ingress route for scorpion
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: scorpion-admin
+spec:
+  entryPoints:
+    # Use entrypoint for HTTPS traffic
+    - https
+  routes:
+    # Match traffic with the Host header
+    - match: HostRegexp(`admin\.scorpion\..*`)
+      kind: Rule
+      services:
+        # Route traffic to the scorpion service
+        - name: scorpion
+          # This is the name of the port in the service
+          port: admin

src/clusters/main/services/scorpion/kustomize/scorpion-traefik/kustomize/resources/routes/public.yaml

@@ -0,0 +1,18 @@
+# Create public ingress route for scorpion
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: scorpion-public
+spec:
+  entryPoints:
+    # Use entrypoint for HTTPS traffic
+    - https
+  routes:
+    # Match traffic with the Host header
+    - match: HostRegexp(`scorpion\..*`)
+      kind: Rule
+      services:
+        # Route traffic to the scorpion service
+        - name: scorpion
+          # This is the name of the port in the service
+          port: public

src/clusters/main/services/scorpion/kustomize/scorpion-traefik/scorpion-traefik.yaml

@@ -0,0 +1,13 @@
+# Create scorpion-traefik Kustomization
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: scorpion-traefik
+spec:
+  # Path inside repository to a directory containing Kustomization files
+  path: src/clusters/main/services/scorpion/kustomize/scorpion-traefik/kustomize
+  dependsOn:
+    # Deploy Helm release first
+    - name: scorpion-helm
+  # This key always needs to be here for patching to work
+  patches: []

src/clusters/main/services/scorpion/scorpion.yaml

@@ -0,0 +1,25 @@
+# Create scorpion Kustomization
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: scorpion
+spec:
+  # Path inside repository to a directory containing Kustomization files
+  path: src/clusters/main/services/scorpion/kustomize
+  dependsOn:
+    # Deploy Traefik first
+    - name: traefik
+  # Apply patches for common configurations
+  # This key always needs to be here for patching to work
+  patches:
+    # Set target namespace
+    - target:
+        group: kustomize.toolkit.fluxcd.io
+        kind: Kustomization
+        name: .*
+      patch: |
+        kind: .
+        metadata:
+          name: .
+        spec:
+          targetNamespace: scorpion

tests/clusters/ci/main/services/kustomization.yaml

@@ -12,6 +12,7 @@ resources:
   - octopus/octopus.yaml
   - pelican/pelican.yaml
   - quokka/quokka.yaml
+  - scorpion/scorpion.yaml
 # Apply patches for common configurations
 patches:
   # Set patch to add labels to all resources in nested Kustomizations

tests/clusters/ci/main/services/scorpion/kustomize/kustomization.yaml

@@ -0,0 +1,8 @@
+# Create scorpion Kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# Include the following resources
+resources:
+  - scorpion-helm/scorpion-helm.yaml
+  - scorpion-namespace/scorpion-namespace.yaml
+  - scorpion-traefik/scorpion-traefik.yaml

tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/kustomize/kustomization.yaml

@@ -0,0 +1,7 @@
+# Create scorpion-helm Kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# Include the following resources
+resources:
+  - resources/release.yaml
+  - resources/repository.yaml

tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/kustomize/resources/release.yaml

@@ -0,0 +1,18 @@
+# Create scorpion Helm release
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: scorpion
+spec:
+  chart:
+    spec:
+      # Use this chart from the repository
+      chart: scorpion
+      # Pin version to major
+      version: "0.x"
+      # Use this Helm repository
+      sourceRef:
+        kind: HelmRepository
+        name: radio-aktywne
+  # This key always needs to be here for patching to work
+  postRenderers: []

tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/kustomize/resources/repository.yaml

@@ -0,0 +1,8 @@
+# Create scorpion Helm repository
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: radio-aktywne
+spec:
+  type: oci
+  url: oci://ghcr.io/radio-aktywne/charts

tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/scorpion-helm.yaml

@@ -0,0 +1,13 @@
+# Create scorpion-helm Kustomization
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: scorpion-helm
+spec:
+  # Path inside repository to a directory containing Kustomization files
+  path: tests/clusters/ci/main/services/scorpion/kustomize/scorpion-helm/kustomize
+  dependsOn:
+    # Deploy namespace first
+    - name: scorpion-namespace
+  # This key always needs to be here for patching to work
+  patches: []

tests/clusters/ci/main/services/scorpion/kustomize/scorpion-namespace/kustomize/kustomization.yaml

@@ -0,0 +1,5 @@
+# Overlay scorpion-namespace Kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../../../../../../src/clusters/main/services/scorpion/kustomize/scorpion-namespace/kustomize

tests/clusters/ci/main/services/scorpion/kustomize/scorpion-namespace/scorpion-namespace.yaml

@@ -0,0 +1,10 @@
+# Create scorpion-namespace Kustomization
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: scorpion-namespace
+spec:
+  # Path inside repository to a directory containing Kustomization files
+  path: tests/clusters/ci/main/services/scorpion/kustomize/scorpion-namespace/kustomize
+  # This key always needs to be here for patching to work
+  patches: []

tests/clusters/ci/main/services/scorpion/kustomize/scorpion-traefik/kustomize/kustomization.yaml

@@ -0,0 +1,5 @@
+# Overlay scorpion-traefik Kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../../../../../../src/clusters/main/services/scorpion/kustomize/scorpion-traefik/kustomize

tests/clusters/ci/main/services/scorpion/kustomize/scorpion-traefik/scorpion-traefik.yaml

@@ -0,0 +1,13 @@
+# Create scorpion-traefik Kustomization
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: scorpion-traefik
+spec:
+  # Path inside repository to a directory containing Kustomization files
+  path: tests/clusters/ci/main/services/scorpion/kustomize/scorpion-traefik/kustomize
+  dependsOn:
+    # Deploy Helm release first
+    - name: scorpion-helm
+  # This key always needs to be here for patching to work
+  patches: []

tests/clusters/ci/main/services/scorpion/scorpion.yaml

@@ -0,0 +1,25 @@
+# Create scorpion Kustomization
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: scorpion
+spec:
+  # Path inside repository to a directory containing Kustomization files
+  path: tests/clusters/ci/main/services/scorpion/kustomize
+  dependsOn:
+    # Deploy Traefik first
+    - name: traefik
+  # Apply patches for common configurations
+  # This key always needs to be here for patching to work
+  patches:
+    # Set target namespace
+    - target:
+        group: kustomize.toolkit.fluxcd.io
+        kind: Kustomization
+        name: .*
+      patch: |
+        kind: .
+        metadata:
+          name: .
+        spec:
+          targetNamespace: scorpion