diff --git a/clusters/hephy-staging/flux-operator.yaml b/clusters/hephy-staging/flux-operator.yaml new file mode 100644 index 00000000..bb03d1b9 --- /dev/null +++ b/clusters/hephy-staging/flux-operator.yaml @@ -0,0 +1,66 @@ +apiVersion: fluxcd.controlplane.io/v1 +kind: FluxInstance +metadata: + name: flux + namespace: flux-system +spec: + distribution: + version: "2.x" + registry: "ghcr.io/fluxcd" + components: + - source-controller + - kustomize-controller + - helm-controller + - notification-controller + - image-automation-controller + - image-reflector-controller + cluster: + type: kubernetes + multitenant: false + networkPolicy: true + domain: "cluster.local" + sync: + kind: GitRepository + url: "ssh://git@github.com/kingdonb/bootstrap-repo.git" + ref: "refs/heads/main" + path: "clusters/hephy-staging" + pullSecret: "flux-system" + kustomize: + patches: + - target: + kind: Deployment + name: "(kustomize-controller|helm-controller)" + patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --concurrent=10 + - op: add + path: /spec/template/spec/containers/0/args/- + value: --requeue-dependency=5s + - patch: | + apiVersion: apps/v1 + kind: Deployment + metadata: + name: all + spec: + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: role + operator: In + values: + - flux + tolerations: + - effect: NoSchedule + key: role + operator: Equal + value: flux + target: + kind: Deployment diff --git a/clusters/hephy-staging/flux-system/gotk-components.yaml b/clusters/hephy-staging/flux-system/gotk-components.yaml deleted file mode 100644 index 3794d4c1..00000000 --- a/clusters/hephy-staging/flux-system/gotk-components.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: fluxcd.controlplane.io/v1 -kind: FluxInstance -metadata: - name: flux - namespace: flux-system -spec: - distribution: - version: "2.3.x" - registry: "ghcr.io/fluxcd" - cluster: - type: kubernetes - sync: - kind: GitRepository - url: "ssh://git@github.com/kingdonb/bootstrap-repo.git" - ref: "refs/heads/main" - path: "clusters/hephy-staging" - pullSecret: "flux-system" - components: - - source-controller - - kustomize-controller - - helm-controller - - notification-controller - - image-reflector-controller - - image-automation-controller - kustomize: - patches: - - target: - kind: Deployment - name: "(kustomize-controller|helm-controller)" - patch: | - - op: add - path: /spec/template/spec/containers/0/args/- - value: --concurrent=10 - - op: add - path: /spec/template/spec/containers/0/args/- - value: --requeue-dependency=5s diff --git a/clusters/moo-cluster/flux-operator.yaml b/clusters/moo-cluster/flux-operator.yaml new file mode 100644 index 00000000..a237ae0c --- /dev/null +++ b/clusters/moo-cluster/flux-operator.yaml @@ -0,0 +1,56 @@ +apiVersion: fluxcd.controlplane.io/v1 +kind: FluxInstance +metadata: + name: flux + namespace: flux-system +spec: + distribution: + version: "2.x" + registry: "ghcr.io/fluxcd" + components: + - source-controller + - kustomize-controller + - helm-controller + - notification-controller + - image-automation-controller + - image-reflector-controller + cluster: + type: kubernetes + multitenant: false + networkPolicy: false + domain: "cluster.local" + sync: + kind: GitRepository + url: "ssh://git@github.com/kingdonb/bootstrap-repo.git" + ref: "refs/heads/main" + path: "clusters/moo-cluster" + pullSecret: "flux-system" + kustomize: + patches: + - patch: | + apiVersion: apps/v1 + kind: Deployment + metadata: + name: all + spec: + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: role + operator: In + values: + - flux + tolerations: + - effect: NoSchedule + key: role + operator: Equal + value: flux + target: + kind: Deployment diff --git a/clusters/moo-cluster/flux-system/kustomization.yaml b/clusters/moo-cluster/flux-system/kustomization.yaml index 15070d93..d561ee01 100644 --- a/clusters/moo-cluster/flux-system/kustomization.yaml +++ b/clusters/moo-cluster/flux-system/kustomization.yaml @@ -2,8 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: # - helm.toolkit.fluxcd.io_helmreleases.yaml -- gotk-components.yaml -- gotk-sync.yaml +# - gotk-components.yaml +# - gotk-sync.yaml - flux-sync.yaml images: [] @@ -13,7 +13,7 @@ images: [] # - name: fluxcd/source-controller # newName: fluxcd/source-controller # newTag: rc-61941672 -patches: +patches: [] # - patch: | # apiVersion: apps/v1 # kind: Deployment @@ -30,30 +30,30 @@ patches: # kind: Deployment # name: "helm-controller" - - patch: | - # Enable drift detection feature - - op: add - path: /spec/template/spec/containers/0/args/- - value: --feature-gates=DetectDrift=true - # Enable debug logging for diff output (optional) - - op: replace - path: /spec/template/spec/containers/0/args/2 - value: --log-level=debug - # Enable OOM watch feature - - op: add - path: /spec/template/spec/containers/0/args/- - value: --feature-gates=OOMWatch=true - # Threshold at which to trigger a graceful shutdown (optional, default 95%) - - op: add - path: /spec/template/spec/containers/0/args/- - value: --oom-watch-memory-threshold=95 - # Interval at which to check memory usage (optional, default 500ms) - - op: add - path: /spec/template/spec/containers/0/args/- - value: --oom-watch-interval=500ms - target: - kind: Deployment - name: helm-controller +# - patch: | +# # Enable drift detection feature +# - op: add +# path: /spec/template/spec/containers/0/args/- +# value: --feature-gates=DetectDrift=true +# # Enable debug logging for diff output (optional) +# - op: replace +# path: /spec/template/spec/containers/0/args/2 +# value: --log-level=debug +# # Enable OOM watch feature +# - op: add +# path: /spec/template/spec/containers/0/args/- +# value: --feature-gates=OOMWatch=true +# # Threshold at which to trigger a graceful shutdown (optional, default 95%) +# - op: add +# path: /spec/template/spec/containers/0/args/- +# value: --oom-watch-memory-threshold=95 +# # Interval at which to check memory usage (optional, default 500ms) +# - op: add +# path: /spec/template/spec/containers/0/args/- +# value: --oom-watch-interval=500ms +# target: +# kind: Deployment +# name: helm-controller #- patch: | # - op: add # path: /spec/template/spec/containers/0/env/0 @@ -83,63 +83,63 @@ patches: # - op: add # path: /spec/template/spec/containers/0/args/- # value: --requeue-dependency=15s -patchesStrategicMerge: -- |- - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: allow-egress - namespace: flux-system - $patch: delete -- |- - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: allow-scraping - namespace: flux-system - $patch: delete -- |- - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - metadata: - name: allow-webhooks - namespace: flux-system - $patch: delete -- |- - apiVersion: kustomize.toolkit.fluxcd.io/v1 - kind: Kustomization - metadata: - name: flux-system - namespace: flux-system - spec: - interval: 1m - patches: - - target: - version: v1 - group: apps - kind: Deployment - name: notification-controller - namespace: flux-system - patch: |- - - op: add - path: /spec/template/spec/containers/0/args/- - value: --rate-limit-interval=10s - - target: - version: v1 - group: apps - kind: Deployment - name: kustomize-controller - namespace: flux-system - patch: |- - - op: add - path: /spec/template/spec/containers/0/args/- - value: --requeue-dependency=3s - - op: add - path: /spec/template/spec/containers/0/args/0 - value: --concurrent=6 - - op: replace - path: /spec/template/spec/containers/0/resources/limits/cpu - value: "2" - - op: replace - path: /spec/template/spec/containers/0/resources/limits/memory - value: "2Gi" +patchesStrategicMerge: [] +# - |- +# apiVersion: networking.k8s.io/v1 +# kind: NetworkPolicy +# metadata: +# name: allow-egress +# namespace: flux-system +# $patch: delete +# - |- +# apiVersion: networking.k8s.io/v1 +# kind: NetworkPolicy +# metadata: +# name: allow-scraping +# namespace: flux-system +# $patch: delete +# - |- +# apiVersion: networking.k8s.io/v1 +# kind: NetworkPolicy +# metadata: +# name: allow-webhooks +# namespace: flux-system +# $patch: delete +# - |- +# apiVersion: kustomize.toolkit.fluxcd.io/v1 +# kind: Kustomization +# metadata: +# name: flux-system +# namespace: flux-system +# spec: +# interval: 1m +# patches: +# - target: +# version: v1 +# group: apps +# kind: Deployment +# name: notification-controller +# namespace: flux-system +# patch: |- +# - op: add +# path: /spec/template/spec/containers/0/args/- +# value: --rate-limit-interval=10s +# - target: +# version: v1 +# group: apps +# kind: Deployment +# name: kustomize-controller +# namespace: flux-system +# patch: |- +# - op: add +# path: /spec/template/spec/containers/0/args/- +# value: --requeue-dependency=3s +# - op: add +# path: /spec/template/spec/containers/0/args/0 +# value: --concurrent=6 +# - op: replace +# path: /spec/template/spec/containers/0/resources/limits/cpu +# value: "2" +# - op: replace +# path: /spec/template/spec/containers/0/resources/limits/memory +# value: "2Gi"