mthomson/fleet-infra
1
0
Fork 0
mirror of https://github.com/michaelthomson0797/fleet-infra.git synced 2026-02-04 13:09:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

weave gitops

Browse Source
This commit is contained in:
Michael Thomson
2023-11-23 23:57:19 -05:00
parent 20bc304fa9
commit 989647eb71
6 changed files with 298 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
bootstrap/helmrepositories/helmrepository-weave-gitops.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: weave-gitops
namespace: flux-system
spec:
interval: 15m
type: oci
url: oci://ghcr.io/weaveworks/charts

18
bootstrap/kustomizations/kustomization-weave-gitops.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: weave-gitops
namespace: flux-system
spec:
interval: 15m
path: ./weave-gitops
prune: true # remove any elements later removed from the above path
timeout: 2m # if not set, this defaults to interval duration, which is 1h
sourceRef:
kind: GitRepository
name: flux-system
healthChecks:
- apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
name: weave-gitops
namespace: weave-gitops

4
bootstrap/namespaces/namespace-weave-gitops.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: weave-gitops

36
weave-gitops-dashboard.yaml Normal file
View File

@@ -0,0 +1,36 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
annotations:
metadata.weave.works/description: This is the source location for the Weave GitOps
Dashboard's helm chart.
labels:
app.kubernetes.io/component: ui
app.kubernetes.io/created-by: weave-gitops-cli
app.kubernetes.io/name: weave-gitops-dashboard
app.kubernetes.io/part-of: weave-gitops
name: ww-gitops
namespace: flux-system
spec:
interval: 1h0m0s
type: oci
url: oci://ghcr.io/weaveworks/charts
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
annotations:
metadata.weave.works/description: This is the Weave GitOps Dashboard. It provides
a simple way to get insights into your GitOps workloads.
name: ww-gitops
namespace: flux-system
spec:
chart:
spec:
chart: weave-gitops
sourceRef:
kind: HelmRepository
name: ww-gitops
interval: 1h0m0s

12
weave-gitops/dns-endpoint-weave-gitops.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: weave-gitops.michaelthomson.dev
namespace: weave-gitops
spec:
endpoints:
- dnsName: weave-gitops.michaelthomson.dev
recordTTL: 180
recordType: CNAME
targets:
- server.michaelthomson.dev

219
weave-gitops/helmrelease-weave-gitops.yaml Normal file
View File

@@ -0,0 +1,219 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: weave-gitops
namespace: weave-gitops
spec:
chart:
spec:
chart: weave-gitops
version: 4.x
sourceRef:
kind: HelmRepository
name: weave-gitops
namespace: flux-system
interval: 15m
timeout: 5m
releaseName: weave-gitops
values:
# Default values for chart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# Note: paragraphs starting with `# --` will end up in our manual -
# see https://github.com/norwoodj/helm-docs
replicaCount: 1
image:
# FIXME check the app name
repository: ghcr.io/weaveworks/wego-app
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "v0.37.0"
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
# -- What log level to output. Valid levels are 'debug', 'info', 'warn' and 'error'
logLevel: info
# -- Additional arguments to pass in to the gitops-server
additionalArgs: []
# Any other environment variables:
envVars:
- name: WEAVE_GITOPS_FEATURE_TENANCY
value: "true"
- name: WEAVE_GITOPS_FEATURE_CLUSTER
value: "false"
# -- Annotations to add to the deployment
annotations: {}
# Should the 'oidc-auth' secret be created. For a detailed
# explanation of these attributes please see our documentation:
# https://docs.gitops.weave.works/docs/configuration/securing-access-to-the-dashboard/#login-via-an-oidc-provider
oidcSecret:
create: false
# clientID:
# clientSecret:
# issuerURL:
# redirectURL:
# -- If non empty, additional keys can be added to the OIDC secret
additionalKeys: {}
# additionalKeys:
# claimUsername: "email"
# claimGroups: "groups"
# customScopes: "openid,offline_access,email,groups"
serviceAccount:
# -- Specifies whether a service account should be created
create: true
# -- Annotations to add to the service account
annotations: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
rbac:
# -- Specifies whether the clusterRole & binding to the service account should be created
create: true
# -- If non-empty, this limits the resources that the service
# account can impersonate. This applies to both users and groups, e.g.
# `['user1@corporation.com', 'user2@corporation.com', 'operations']`
impersonationResourceNames: []
# -- Limit the type of principal that can be impersonated
impersonationResources: ["users", "groups"]
# -- If non-empty, this limits the secrets that can be accessed by
# the service account to the specified ones, e.g. `['weave-gitops-enterprise-credentials']`
viewSecretsResourceNames: ["cluster-user-auth", "oidc-auth"]
# -- If non-empty, these additional rules will be appended to the RBAC role and the cluster role.
# for example,
# additionalRules:
# - apiGroups: ["infra.contrib.fluxcd.io"]
# resources: ["terraforms"]
# verbs: [ "get", "list", "patch" ]
additionalRules: []
adminUser:
# -- Whether the local admin user should be created.
# If you use this make sure you add it to `rbac.impersonationResourceNames`.
create: false
# -- Specifies whether the clusterRole & binding to the admin user should be created.
# Will be created only if `adminUser.create` is enabled. Without this,
# the adminUser will only be able to see resources in the target namespace.
createClusterRole: true
# -- Whether we should create the secret for the local
# adminUser. Will be created only if `adminUser.create` is
# enabled. Without this, we'll still set up the roles and
# permissions, but the secret with username and password has to be
# provided separately.
createSecret: true
# -- Set username for local admin user, this should match the value in the secret `cluster-user-auth`
# which can be created with `adminUser.createSecret`. Requires `adminUser.create`.
username: gitops-test-user
# -- (string) Set the password for local admin user. Requires `adminUser.create` and `adminUser.createSecret`
# This needs to have been hashed using bcrypt.
# You can do this via our CLI with `gitops get bcrypt-hash`.
passwordHash:
podAnnotations: {}
podLabels: {}
# aadpodidbinding: identity
podSecurityContext: {}
# fsGroup: 2000
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
runAsUser: 1000
readOnlyRootFilesystem: true
service:
create: true
type: ClusterIP
port: 9001
# nodePort:
annotations: {}
ingress:
enabled: true
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: weave-gitops.michaelthomson.dev
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: letsencrypt-wildcard-cert-michaelthomson.dev
hosts:
- weave-gitops.michaelthomson.dev
extraVolumes: []
extraVolumeMounts: []
# Example using extraVolumes and extraVolumeMounts to load 'oidc-auth' secret
# with a secrets store CSI driver. Specify the secretName 'oidc-auth' in the
# secretProviderClass so this will be created by the secrets store CSI driver.
# See https://secrets-store-csi-driver.sigs.k8s.io/topics/sync-as-kubernetes-secret.html
# extraVolumeMounts:
# - name: ww-gitops-oauth-volume
# mountPath: /mnt/secrets
# readOnly: true
# extraVolumes:
# - name: ww-gitops-oauth-volume
# csi:
# driver: secrets-store.csi.k8s.io
# readOnly: true
# volumeAttributes:
# secretProviderClass: ww-gitops-oauth-provider
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
networkPolicy:
# -- Specifies whether default network policies should be created.
create: true
nodeSelector: {}
tolerations: []
affinity: {}
serverTLS:
# -- Enable TLS termination in gitops itself. If you enable this,
# you need to create a secret, and specify the secretName. Another
# option is to create an ingress.
enable: false
# -- Specify the tls secret name. This type of secrets have a key called `tls.crt` and `tls.key` containing their corresponding values in base64 format.
# See
# https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets for more details and examples
secretName: "my-secret-tls"
# Example of tls secret
#
# apiVersion: v1
# kind: Secret
# metadata:
# name: my-secret-tls
# type: kubernetes.io/tls
# data:
# # the data is abbreviated in this example
# tls.crt: |
# MIIC2DCCAcCgAwIBAgIBATANBgkqh ...
# tls.key: |
# MIIEpgIBAAKCAQEA7yn3bRHQ5FHMQ ...
#
# You can also create a tls secre t from files whith this k8s command:
# kubectl create secret tls my-tls-secret \
# --cert=path/to/cert/file \
# --key=path/to/key/file
metrics:
# -- Start the metrics exporter
enabled: false
service:
# -- Port to start the metrics exporter on
port: 2112
# -- Annotations to set on the service
annotations:
prometheus.io/scrape: "true"
prometheus.io/path: "/metrics"
prometheus.io/port: "{{ .Values.metrics.service.port }}"