Closed martinohmann closed 1 month ago
helmrelease
changes in kubernetes/main
--- HelmRelease: flux-system/weave-gitops ServiceAccount: flux-system/weave-gitops
+++ HelmRelease: flux-system/weave-gitops ServiceAccount: flux-system/weave-gitops
@@ -1,10 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: weave-gitops
- labels:
- app.kubernetes.io/name: weave-gitops
- app.kubernetes.io/instance: weave-gitops
- app.kubernetes.io/managed-by: Helm
-
--- HelmRelease: flux-system/weave-gitops ClusterRole: flux-system/wego-admin-cluster-role
+++ HelmRelease: flux-system/weave-gitops ClusterRole: flux-system/wego-admin-cluster-role
@@ -1,92 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: wego-admin-cluster-role
-rules:
-- apiGroups:
- - '*'
- resources:
- - '*'
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - source.toolkit.fluxcd.io
- resources:
- - buckets
- - helmcharts
- - gitrepositories
- - helmrepositories
- - ocirepositories
- verbs:
- - get
- - list
- - watch
- - patch
-- apiGroups:
- - kustomize.toolkit.fluxcd.io
- resources:
- - kustomizations
- verbs:
- - get
- - list
- - watch
- - patch
-- apiGroups:
- - helm.toolkit.fluxcd.io
- resources:
- - helmreleases
- verbs:
- - get
- - list
- - watch
- - patch
-- apiGroups:
- - notification.toolkit.fluxcd.io
- resources:
- - providers
- - alerts
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - infra.contrib.fluxcd.io
- resources:
- - terraforms
- verbs:
- - get
- - list
- - watch
- - patch
-- apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions
- verbs:
- - list
- - watch
-- apiGroups:
- - notification.toolkit.fluxcd.io
- resources:
- - providers
- - alerts
- verbs:
- - get
- - list
- - watch
- - patch
-- apiGroups:
- - image.toolkit.fluxcd.io
- resources:
- - imagepolicies
- - imagerepositories
- - imageupdateautomations
- verbs:
- - get
- - list
- - watch
- - patch
-
--- HelmRelease: flux-system/weave-gitops ClusterRole: flux-system/weave-gitops
+++ HelmRelease: flux-system/weave-gitops ClusterRole: flux-system/weave-gitops
@@ -1,38 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: weave-gitops
-rules:
-- apiGroups:
- - ''
- resources:
- - users
- - groups
- verbs:
- - impersonate
-- apiGroups:
- - ''
- resources:
- - secrets
- verbs:
- - get
- - list
- resourceNames:
- - cluster-user-auth
- - oidc-auth
-- apiGroups:
- - ''
- resources:
- - namespaces
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions
- verbs:
- - list
-
--- HelmRelease: flux-system/weave-gitops ClusterRoleBinding: flux-system/admin-user-read-resources-cr
+++ HelmRelease: flux-system/weave-gitops ClusterRoleBinding: flux-system/admin-user-read-resources-cr
@@ -1,14 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: admin-user-read-resources-cr
-subjects:
-- kind: User
- name: admin
- apiGroup: rbac.authorization.k8s.io
-roleRef:
- kind: ClusterRole
- name: wego-admin-cluster-role
- apiGroup: rbac.authorization.k8s.io
-
--- HelmRelease: flux-system/weave-gitops ClusterRoleBinding: flux-system/weave-gitops
+++ HelmRelease: flux-system/weave-gitops ClusterRoleBinding: flux-system/weave-gitops
@@ -1,18 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: weave-gitops
- labels:
- app.kubernetes.io/name: weave-gitops
- app.kubernetes.io/instance: weave-gitops
- app.kubernetes.io/managed-by: Helm
-subjects:
-- kind: ServiceAccount
- name: weave-gitops
- namespace: flux-system
-roleRef:
- kind: ClusterRole
- name: weave-gitops
- apiGroup: rbac.authorization.k8s.io
-
--- HelmRelease: flux-system/weave-gitops Role: flux-system/wego-admin-role
+++ HelmRelease: flux-system/weave-gitops Role: flux-system/wego-admin-role
@@ -1,66 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: wego-admin-role
- namespace: flux-system
-rules:
-- apiGroups:
- - '*'
- resources:
- - '*'
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - source.toolkit.fluxcd.io
- resources:
- - buckets
- - helmcharts
- - gitrepositories
- - helmrepositories
- - ocirepositories
- verbs:
- - get
- - list
- - watch
- - patch
-- apiGroups:
- - kustomize.toolkit.fluxcd.io
- resources:
- - kustomizations
- verbs:
- - get
- - list
- - watch
- - patch
-- apiGroups:
- - helm.toolkit.fluxcd.io
- resources:
- - helmreleases
- verbs:
- - get
- - list
- - watch
- - patch
-- apiGroups:
- - notification.toolkit.fluxcd.io
- resources:
- - providers
- - alerts
- verbs:
- - get
- - list
- - watch
- - patch
-- apiGroups:
- - infra.contrib.fluxcd.io
- resources:
- - terraforms
- verbs:
- - get
- - list
- - watch
- - patch
-
--- HelmRelease: flux-system/weave-gitops RoleBinding: flux-system/admin-user-read-resources
+++ HelmRelease: flux-system/weave-gitops RoleBinding: flux-system/admin-user-read-resources
@@ -1,15 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: admin-user-read-resources
- namespace: flux-system
-subjects:
-- kind: User
- name: wego-admin
- namespace: flux-system
-roleRef:
- kind: Role
- name: wego-admin-role
- apiGroup: rbac.authorization.k8s.io
-
--- HelmRelease: flux-system/weave-gitops Service: flux-system/weave-gitops
+++ HelmRelease: flux-system/weave-gitops Service: flux-system/weave-gitops
@@ -1,28 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: weave-gitops
- labels:
- app.kubernetes.io/name: weave-gitops
- app.kubernetes.io/instance: weave-gitops
- app.kubernetes.io/managed-by: Helm
- annotations:
- prometheus.io/path: /metrics
- prometheus.io/port: '2112'
- prometheus.io/scrape: 'true'
-spec:
- type: ClusterIP
- ports:
- - port: 9001
- targetPort: http
- protocol: TCP
- name: http
- - port: 2112
- targetPort: 2112
- protocol: TCP
- name: http-metrics
- selector:
- app.kubernetes.io/name: weave-gitops
- app.kubernetes.io/instance: weave-gitops
-
--- HelmRelease: flux-system/weave-gitops Deployment: flux-system/weave-gitops
+++ HelmRelease: flux-system/weave-gitops Deployment: flux-system/weave-gitops
@@ -1,75 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: weave-gitops
- labels:
- app.kubernetes.io/name: weave-gitops
- app.kubernetes.io/instance: weave-gitops
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/part-of: weave-gitops
- weave.works/app: weave-gitops-oss
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/name: weave-gitops
- app.kubernetes.io/instance: weave-gitops
- template:
- metadata:
- annotations:
- secret.reloader.stakater.com/reload: cluster-user-auth,oidc-auth
- labels:
- app.kubernetes.io/name: weave-gitops
- app.kubernetes.io/instance: weave-gitops
- app.kubernetes.io/part-of: weave-gitops
- weave.works/app: weave-gitops-oss
- spec:
- serviceAccountName: weave-gitops
- containers:
- - name: weave-gitops
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- runAsUser: 1000
- seccompProfile:
- type: RuntimeDefault
- image: ghcr.io/weaveworks/wego-app:v0.38.0
- imagePullPolicy: IfNotPresent
- args:
- - --log-level
- - info
- - --insecure
- - --enable-metrics
- - --metrics-address=:2112
- ports:
- - name: http
- containerPort: 9001
- protocol: TCP
- - name: http-metrics
- containerPort: 2112
- protocol: TCP
- livenessProbe:
- httpGet:
- path: /
- port: http
- readinessProbe:
- httpGet:
- path: /
- port: http
- env:
- - name: WEAVE_GITOPS_FEATURE_TENANCY
- value: 'true'
- - name: WEAVE_GITOPS_FEATURE_CLUSTER
- value: 'false'
- resources:
- limits:
- memory: 140Mi
- requests:
- cpu: 30m
- memory: 70Mi
-
--- HelmRelease: flux-system/weave-gitops Ingress: flux-system/weave-gitops
+++ HelmRelease: flux-system/weave-gitops Ingress: flux-system/weave-gitops
@@ -1,32 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: weave-gitops
- labels:
- app.kubernetes.io/name: weave-gitops
- app.kubernetes.io/instance: weave-gitops
- app.kubernetes.io/managed-by: Helm
- annotations:
- gethomepage.dev/enabled: 'false'
- gethomepage.dev/group: Automation
- gethomepage.dev/icon: git.png
- gethomepage.dev/name: GitOps
-spec:
- ingressClassName: internal
- tls:
- - hosts:
- - gitops.18b.haus
- secretName: null
- rules:
- - host: gitops.18b.haus
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: weave-gitops
- port:
- number: 9001
-
kustomization
changes in kubernetes/main
--- kubernetes/main/flux Kustomization: flux-system/cluster HelmRepository: flux-system/weave-gitops
+++ kubernetes/main/flux Kustomization: flux-system/cluster HelmRepository: flux-system/weave-gitops
@@ -1,14 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: weave-gitops
- namespace: flux-system
-spec:
- interval: 1h
- type: oci
- url: oci://ghcr.io/weaveworks/charts
-
--- kubernetes/main/apps/flux-system/weave-gitops/app Kustomization: flux-system/weave-gitops ClusterRoleBinding: flux-system/wego-admin-oidc
+++ kubernetes/main/apps/flux-system/weave-gitops/app Kustomization: flux-system/weave-gitops ClusterRoleBinding: flux-system/wego-admin-oidc
@@ -1,18 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/name: weave-gitops
- kustomize.toolkit.fluxcd.io/name: weave-gitops
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: wego-admin-oidc
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: wego-admin-cluster-role
-subjects:
-- apiGroup: rbac.authorization.k8s.io
- kind: Group
- name: admins
-
--- kubernetes/main/apps/flux-system/weave-gitops/app Kustomization: flux-system/weave-gitops HelmRelease: flux-system/weave-gitops
+++ kubernetes/main/apps/flux-system/weave-gitops/app Kustomization: flux-system/weave-gitops HelmRelease: flux-system/weave-gitops
@@ -1,66 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
- labels:
- app.kubernetes.io/name: weave-gitops
- kustomize.toolkit.fluxcd.io/name: weave-gitops
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: weave-gitops
- namespace: flux-system
-spec:
- chart:
- spec:
- chart: weave-gitops
- sourceRef:
- kind: HelmRepository
- name: weave-gitops
- namespace: flux-system
- version: 4.0.36
- install:
- remediation:
- retries: 3
- interval: 2h
- maxHistory: 2
- uninstall:
- keepHistory: false
- upgrade:
- cleanupOnFail: true
- remediation:
- retries: 3
- values:
- adminUser:
- create: true
- createSecret: false
- username: admin
- ingress:
- annotations:
- gethomepage.dev/enabled: 'false'
- gethomepage.dev/group: Automation
- gethomepage.dev/icon: git.png
- gethomepage.dev/name: GitOps
- className: internal
- enabled: true
- hosts:
- - host: gitops.18b.haus
- paths:
- - path: /
- pathType: Prefix
- tls:
- - hosts:
- - gitops.18b.haus
- metrics:
- enabled: true
- networkPolicy:
- create: false
- podAnnotations:
- secret.reloader.stakater.com/reload: cluster-user-auth,oidc-auth
- rbac:
- create: true
- resources:
- limits:
- memory: 140Mi
- requests:
- cpu: 30m
- memory: 70Mi
-
--- kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/weave-gitops
+++ kubernetes/main/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/weave-gitops
@@ -1,32 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: cluster-apps
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: weave-gitops
- namespace: flux-system
-spec:
- commonMetadata:
- labels:
- app.kubernetes.io/name: weave-gitops
- decryption:
- provider: sops
- secretRef:
- name: sops-age
- interval: 2h
- path: ./kubernetes/main/apps/flux-system/weave-gitops/app
- postBuild:
- substituteFrom:
- - kind: Secret
- name: cluster-secrets
- prune: true
- retryInterval: 1m
- sourceRef:
- kind: GitRepository
- name: home-kubernetes
- targetNamespace: flux-system
- timeout: 5m
- wait: false
-
I haven't looked at it in a while. It's also only showing the main cluster, I would need another deployment for the storage cluster if I decided to keep it.