diff --git a/flux/cluster-1 b/flux/cluster-1 deleted file mode 160000 index 7ddc6f1..0000000 --- a/flux/cluster-1 +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 7ddc6f1d90f387a2889e9e473316e05247857fae diff --git a/flux/cluster-2 b/flux/cluster-2 deleted file mode 160000 index 1543773..0000000 --- a/flux/cluster-2 +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 1543773dc3dee56a05d7ca8bcb990bb7759f6ff2 diff --git a/kustomize/cluster-1/.sops.yaml b/kustomize/cluster-1/.sops.yaml new file mode 100644 index 0000000..8598d47 --- /dev/null +++ b/kustomize/cluster-1/.sops.yaml @@ -0,0 +1,5 @@ +creation_rules: + - path_regex: secrets/.*.yaml + key_groups: + - age: + - age1nrsmsgq0xynqke4sh8qmuxnlqqg7z5ll5stkpe8qy6tqy40cearqhxjy70 diff --git a/kustomize/cluster-1/kustomization.yaml b/kustomize/cluster-1/kustomization.yaml new file mode 100644 index 0000000..19c0893 --- /dev/null +++ b/kustomize/cluster-1/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +generatorOptions: + disableNameSuffixHash: true +generators: +- sec-generator.yaml +kind: Kustomization +metadata: + name: helm-root + namespace: flux-system +resources: +- src/release-postgresql.yaml +- src/repository-bitnami.yaml +- src/values/database-postgresql-values.postgresql.yaml +- src/values/database-postgresql-values.spec.postgresql.yaml diff --git a/kustomize/cluster-1/sec-generator.yaml b/kustomize/cluster-1/sec-generator.yaml new file mode 100644 index 0000000..8767f03 --- /dev/null +++ b/kustomize/cluster-1/sec-generator.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: shoebill-secret-gen +files: + - src/secrets/database-postgresql-secrets.postgresql.yaml diff --git a/kustomize/cluster-1/src/.gitkeep b/kustomize/cluster-1/src/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/kustomize/cluster-1/src/release-postgresql.yaml b/kustomize/cluster-1/src/release-postgresql.yaml new file mode 100644 index 0000000..e6fcbc7 --- /dev/null +++ b/kustomize/cluster-1/src/release-postgresql.yaml @@ -0,0 +1,32 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + creationTimestamp: null + name: postgresql + namespace: flux-system +spec: + chart: + spec: + chart: postgresql + sourceRef: + kind: HelmRepository + name: bitnami + namespace: flux-system + version: 13.3.1 + install: + crds: Create + createNamespace: true + interval: 1m0s + releaseName: postgresql + targetNamespace: database + valuesFrom: + - kind: ConfigMap + name: database-postgresql-values.postgresql.yaml + valuesKey: database-postgresql-values.postgresql.yaml + - kind: ConfigMap + name: database-postgresql-values.spec.postgresql.yaml + valuesKey: database-postgresql-values.spec.postgresql.yaml + - kind: Secret + name: database-postgresql-secrets.postgresql.yaml + valuesKey: database-postgresql-secrets.postgresql.yaml +status: {} diff --git a/kustomize/cluster-1/src/repository-bitnami.yaml b/kustomize/cluster-1/src/repository-bitnami.yaml new file mode 100644 index 0000000..16afc5f --- /dev/null +++ b/kustomize/cluster-1/src/repository-bitnami.yaml @@ -0,0 +1,11 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + creationTimestamp: null + name: bitnami + namespace: flux-system +spec: + interval: 1m0s + type: default + url: https://charts.bitnami.com/bitnami +status: {} diff --git a/kustomize/cluster-1/src/secrets/database-postgresql-secrets.postgresql.yaml b/kustomize/cluster-1/src/secrets/database-postgresql-secrets.postgresql.yaml new file mode 100644 index 0000000..70ff155 --- /dev/null +++ b/kustomize/cluster-1/src/secrets/database-postgresql-secrets.postgresql.yaml @@ -0,0 +1,28 @@ +apiVersion: ENC[AES256_GCM,data:0IQ=,iv:6DBjaKbEYluzcIXt41qI1nibvmsBCMpjCygTSYIbbpI=,tag:oxFoA9i3y2qIWTAx13fZgQ==,type:str] +data: + database-postgresql-secrets.postgresql.yaml: ENC[AES256_GCM,data:bku6a/JrpOAhCLzewyAi3EXn+0Ag4XR0jLbBu/2qE5CwJmUpF++dPOtuGQkDMA9BQ/+vBCiX8swioHi4Vm2DiFB1E92beIDUYDIlAxpEp9zcMNpIX3tgqtNMy0lcwoZ4tz38eBOrZa4=,iv:6BI87Bt02PDVzMOrNnH+C5AHJ+mpAbvZqeERUW2AqkI=,tag:l1+QS4qFomJhjUkgsAkiNQ==,type:str] +kind: ENC[AES256_GCM,data:ZFyQkoBd,iv:hORdR7eZvVQYVOVPsksikkDQ7gxmXk9yaqo3ZbcHJDQ=,tag:VqZ6yB8D9Il9T8CS4r+CmA==,type:str] +metadata: + creationTimestamp: null + name: ENC[AES256_GCM,data:5GUso4i6iR+XIc4x0oV1YnynuwBsQszBiEIbbbgywnQQvUwTpXTg0HStcw==,iv:FOZN5t4y/Nof0RThN25zo3yYvVq/jFAivbRrk+2/nDY=,tag:fagVnwd2+nZob4cInc0HCQ==,type:str] + namespace: ENC[AES256_GCM,data:Gi2FTIVlqneUJN8=,iv:Nsn9/2rj36kTsx7oc7ooqzHzWjpyz6LI0gSjDhF+3CE=,tag:bmbMSRA4wKVfxHMkM8OLDQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1nrsmsgq0xynqke4sh8qmuxnlqqg7z5ll5stkpe8qy6tqy40cearqhxjy70 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1UXRBRnBjWER3a3B2a2pQ + Ymo0M21yMXlXdm5RTmc5S2tQN1lub3BPV21NCldvZGIxTGV3UmMrMVk4di9Gb2xI + K2tPc1FrL3ZCWjBLSi9zVTRpUTd2YU0KLS0tIGFYYUZSUllteDJzeW8wdXdlUyt6 + NWtXVmVrSVhJaHVOdFV6eGF3ektQNk0KdRktWh7bAYzf/dMkZI6GFERjjloITA1c + LDZot6QNyWGmxPMMMTPKPWVTPpQ6mAMrYBRfY0fGGBN0vEk+UDqzbg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-02-06T20:38:58Z" + mac: ENC[AES256_GCM,data:Ks/88amf/v7xT+oQaeAB4TR/QR6JTRzvNJyi5A4AhV2l6PEWCqyN4kK2SQd+khwrYhtPUcFuteIUoch9vGiwhxlRsE+lCEJ3RceU/YJg9dOaBXZX1eWs6p2gcxxJhxDGbHEgXimf8URCvl5YOzk5OjbbI8rI9OjYiiGpOLkZxIs=,iv:lgpgL6Ro8SVNqvN+/md/N6RBIXyMICE691eZ4xeFTnQ=,tag:eMv6nqjG+s/FTk5h9hfnXQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/kustomize/cluster-1/src/values/database-postgresql-values.postgresql.yaml b/kustomize/cluster-1/src/values/database-postgresql-values.postgresql.yaml new file mode 100644 index 0000000..38fd955 --- /dev/null +++ b/kustomize/cluster-1/src/values/database-postgresql-values.postgresql.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + database-postgresql-values.postgresql.yaml: | + architecture: standalone + + auth: + database: postgres + + metrics: + enabled: false +kind: ConfigMap +metadata: + creationTimestamp: null + name: database-postgresql-values.postgresql.yaml + namespace: flux-system diff --git a/kustomize/cluster-1/src/values/database-postgresql-values.spec.postgresql.yaml b/kustomize/cluster-1/src/values/database-postgresql-values.spec.postgresql.yaml new file mode 100644 index 0000000..bc455a6 --- /dev/null +++ b/kustomize/cluster-1/src/values/database-postgresql-values.spec.postgresql.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + database-postgresql-values.spec.postgresql.yaml: | + persistence: + size: 1Gi +kind: ConfigMap +metadata: + creationTimestamp: null + name: database-postgresql-values.spec.postgresql.yaml + namespace: flux-system diff --git a/kustomize/cluster-2/.sops.yaml b/kustomize/cluster-2/.sops.yaml new file mode 100644 index 0000000..2cdfd44 --- /dev/null +++ b/kustomize/cluster-2/.sops.yaml @@ -0,0 +1,5 @@ +creation_rules: + - path_regex: secrets/.*.yaml + key_groups: + - age: + - age1qf6709hu4wlg6s5wyy3w0en265k9qjuxesz2tqq8e0xdrfwjrc2qngtfew diff --git a/kustomize/cluster-2/kustomization.yaml b/kustomize/cluster-2/kustomization.yaml new file mode 100644 index 0000000..19c0893 --- /dev/null +++ b/kustomize/cluster-2/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +generatorOptions: + disableNameSuffixHash: true +generators: +- sec-generator.yaml +kind: Kustomization +metadata: + name: helm-root + namespace: flux-system +resources: +- src/release-postgresql.yaml +- src/repository-bitnami.yaml +- src/values/database-postgresql-values.postgresql.yaml +- src/values/database-postgresql-values.spec.postgresql.yaml diff --git a/kustomize/cluster-2/sec-generator.yaml b/kustomize/cluster-2/sec-generator.yaml new file mode 100644 index 0000000..8767f03 --- /dev/null +++ b/kustomize/cluster-2/sec-generator.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: shoebill-secret-gen +files: + - src/secrets/database-postgresql-secrets.postgresql.yaml diff --git a/kustomize/cluster-2/src/.gitkeep b/kustomize/cluster-2/src/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/kustomize/cluster-2/src/release-postgresql.yaml b/kustomize/cluster-2/src/release-postgresql.yaml new file mode 100644 index 0000000..e6fcbc7 --- /dev/null +++ b/kustomize/cluster-2/src/release-postgresql.yaml @@ -0,0 +1,32 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + creationTimestamp: null + name: postgresql + namespace: flux-system +spec: + chart: + spec: + chart: postgresql + sourceRef: + kind: HelmRepository + name: bitnami + namespace: flux-system + version: 13.3.1 + install: + crds: Create + createNamespace: true + interval: 1m0s + releaseName: postgresql + targetNamespace: database + valuesFrom: + - kind: ConfigMap + name: database-postgresql-values.postgresql.yaml + valuesKey: database-postgresql-values.postgresql.yaml + - kind: ConfigMap + name: database-postgresql-values.spec.postgresql.yaml + valuesKey: database-postgresql-values.spec.postgresql.yaml + - kind: Secret + name: database-postgresql-secrets.postgresql.yaml + valuesKey: database-postgresql-secrets.postgresql.yaml +status: {} diff --git a/kustomize/cluster-2/src/repository-bitnami.yaml b/kustomize/cluster-2/src/repository-bitnami.yaml new file mode 100644 index 0000000..16afc5f --- /dev/null +++ b/kustomize/cluster-2/src/repository-bitnami.yaml @@ -0,0 +1,11 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + creationTimestamp: null + name: bitnami + namespace: flux-system +spec: + interval: 1m0s + type: default + url: https://charts.bitnami.com/bitnami +status: {} diff --git a/kustomize/cluster-2/src/secrets/database-postgresql-secrets.postgresql.yaml b/kustomize/cluster-2/src/secrets/database-postgresql-secrets.postgresql.yaml new file mode 100644 index 0000000..01b9048 --- /dev/null +++ b/kustomize/cluster-2/src/secrets/database-postgresql-secrets.postgresql.yaml @@ -0,0 +1,28 @@ +apiVersion: ENC[AES256_GCM,data:QfE=,iv:vk+W6EpT+3/cFYVahk7rOzluFjNtRS82fiT+aXudxiE=,tag:6jyzh9YmotDo7dW8dRrz/A==,type:str] +data: + database-postgresql-secrets.postgresql.yaml: ENC[AES256_GCM,data:SOe+Bw/lG33RmMcb+L6HqQ0we7h+y0wATk0/sKF77awPFO/7VX1jHgZmHXO0pTpfP5cFz7JDRY8otaL+WZJ3deH6tomYOuQx1PFBxiyZiDpLAX4dIH1RpxKa7RsiChGU3SG9N/GRmUU=,iv:rjSww8arBW69vw10EMz40wu2Xt3o7GCzFfo21XvNzLU=,tag:owUDgpMkQjAQwXCNgp8Aaw==,type:str] +kind: ENC[AES256_GCM,data:r8+gX2XV,iv:kR+CWq9h7qI7Q03QXZciiIkFj6IK4GcwEg/QpTPXq/4=,tag:SXVMggg9efy670umdUQpzw==,type:str] +metadata: + creationTimestamp: null + name: ENC[AES256_GCM,data:wv2KayG7X8JnVxY15zSyIjyZlu8aSZSLlNn3+HjaozizH0Z4UfE29X3UgQ==,iv:erc4WrkzbeC5W017seKd2Y0xO322+m6LPZt1rYobGbI=,tag:AnmRmf5mcJqJpKr5YpFzRg==,type:str] + namespace: ENC[AES256_GCM,data:7+Driy1rvuToNkI=,iv:XeaL2SAyGEcJive//UYxH/fI90kDduycD29Qkh4c/jw=,tag:BVh1rPwYJQQKctcR39jrGw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1qf6709hu4wlg6s5wyy3w0en265k9qjuxesz2tqq8e0xdrfwjrc2qngtfew + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2dVhKQmdJZGlrZmE1VTdo + OFdudmE3MUVydXhwbzIzN1BOQXZJeFB1NkQ4CkVVcENGUjlIWldzZFpNWk5xcG1q + SUFZakZIbzVaRDhoTStBblFabkZTVGsKLS0tIG1Hc09lWndIWHpZZjR4UjlLazZW + a0tnMmVuTGlHOGVDeUtiSzFjNU1oWWcK40x6CfKlRo0GoQ5xPs39FnSxLIEOq0Ad + I1OtZuVpjE2h9Wm45dAMfB4h5sI8Z7/WW7122jVtKYrH6KqBSbpfcg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-02-06T20:39:45Z" + mac: ENC[AES256_GCM,data:7fRvSUKtsKSTq605EaLBb+Dj+2uTa19t0FsUeue1XvQVwOzOI1oOMrwyNP6b90g55FsLdzoy0Q2U4ehnoFY7Rvjj0mnM9ApcWFvcWTCXYrqJfNkkObpsqHSQWItGvf/4iJPokk4vIneGZzkPOQXnzj5sP5s6+Sr6Tb8r40Wlqqo=,iv:3cRz3rnGOM1p8y6MRplJedNLMjQV4f2BrR2iliFm+fc=,tag:tt1bCtYDvAueelaF0LezLA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/kustomize/cluster-2/src/values/database-postgresql-values.postgresql.yaml b/kustomize/cluster-2/src/values/database-postgresql-values.postgresql.yaml new file mode 100644 index 0000000..38fd955 --- /dev/null +++ b/kustomize/cluster-2/src/values/database-postgresql-values.postgresql.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + database-postgresql-values.postgresql.yaml: | + architecture: standalone + + auth: + database: postgres + + metrics: + enabled: false +kind: ConfigMap +metadata: + creationTimestamp: null + name: database-postgresql-values.postgresql.yaml + namespace: flux-system diff --git a/kustomize/cluster-2/src/values/database-postgresql-values.spec.postgresql.yaml b/kustomize/cluster-2/src/values/database-postgresql-values.spec.postgresql.yaml new file mode 100644 index 0000000..96f1349 --- /dev/null +++ b/kustomize/cluster-2/src/values/database-postgresql-values.spec.postgresql.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + database-postgresql-values.spec.postgresql.yaml: | + persistence: + size: 10Gi +kind: ConfigMap +metadata: + creationTimestamp: null + name: database-postgresql-values.spec.postgresql.yaml + namespace: flux-system