this repo has no description
refactor(platform)!: migrate from ArgoCD to Flux CD
Need something more minimal, and I'm gonna build a custom UI later.
+219
-2
+2
-2
infra/_modules/nixos/profiles/k3s-addons.nix
+2
-2
infra/_modules/nixos/profiles/k3s-addons.nix
···
61
61
# url = "http://forgejo-http.forgejo.svc.cluster.local:3000/khuedoan/cloudlab";
62
62
url = "https://code.khuedoan.com/khuedoan/cloudlab";
63
63
ref = {
64
-
branch = "flux-migration"; # TODO switch back to master
64
+
branch = "master";
65
65
};
66
66
};
67
67
}
···
74
74
};
75
75
spec = {
76
76
interval = "1m";
77
-
path = "platform/production";
77
+
path = "platform/staging";
78
78
prune = true;
79
79
sourceRef = {
80
80
kind = "GitRepository";
+33
platform/staging/cert-manager.yaml
+33
platform/staging/cert-manager.yaml
···
1
+
apiVersion: source.toolkit.fluxcd.io/v1
2
+
kind: HelmRepository
3
+
metadata:
4
+
name: jetstack
5
+
namespace: flux-system
6
+
spec:
7
+
interval: 1h
8
+
url: https://charts.jetstack.io
9
+
---
10
+
apiVersion: helm.toolkit.fluxcd.io/v2
11
+
kind: HelmRelease
12
+
metadata:
13
+
name: cert-manager
14
+
namespace: flux-system
15
+
spec:
16
+
interval: 30m
17
+
chart:
18
+
spec:
19
+
chart: cert-manager
20
+
version: 1.18.2
21
+
sourceRef:
22
+
kind: HelmRepository
23
+
name: jetstack
24
+
releaseName: cert-manager
25
+
targetNamespace: cert-manager
26
+
install:
27
+
createNamespace: true
28
+
values:
29
+
config:
30
+
featureGates:
31
+
ACMEHTTP01IngressPathTypeExact: false
32
+
crds:
33
+
enabled: true
+98
platform/staging/forgejo.yaml
+98
platform/staging/forgejo.yaml
···
1
+
apiVersion: source.toolkit.fluxcd.io/v1
2
+
kind: HelmRepository
3
+
metadata:
4
+
name: forgejo
5
+
namespace: flux-system
6
+
spec:
7
+
type: oci
8
+
url: oci://code.forgejo.org/forgejo-helm
9
+
---
10
+
apiVersion: helm.toolkit.fluxcd.io/v2
11
+
kind: HelmRelease
12
+
metadata:
13
+
name: forgejo
14
+
namespace: flux-system
15
+
spec:
16
+
interval: 30m
17
+
chart:
18
+
spec:
19
+
chart: forgejo
20
+
version: 15.0.3
21
+
sourceRef:
22
+
kind: HelmRepository
23
+
name: forgejo
24
+
releaseName: forgejo
25
+
targetNamespace: forgejo
26
+
install:
27
+
createNamespace: true
28
+
values:
29
+
strategy:
30
+
type: Recreate
31
+
gitea:
32
+
config:
33
+
database:
34
+
DB_TYPE: sqlite3
35
+
session:
36
+
PROVIDER: memory
37
+
cache:
38
+
ADAPTER: memory
39
+
queue:
40
+
TYPE: level
41
+
server:
42
+
LANDING_PAGE: explore
43
+
ROOT_URL: https://code.khuedoan.com
44
+
OFFLINE_MODE: true
45
+
repository:
46
+
DISABLED_REPO_UNITS: repo.wiki,repo.projects,repo.packages
47
+
DISABLE_STARS: true
48
+
DEFAULT_BRANCH: master
49
+
oauth2_client:
50
+
ENABLE_AUTO_REGISTRATION: true
51
+
OPENID_CONNECT_SCOPES: "email profile"
52
+
USERNAME: username
53
+
service:
54
+
ENABLE_INTERNAL_SIGNIN: false
55
+
ALLOW_ONLY_EXTERNAL_REGISTRATION: true
56
+
"service.explore":
57
+
DISABLE_USERS_PAGE: true
58
+
actions:
59
+
ENABLED: false
60
+
webhook:
61
+
ALLOWED_HOST_LIST: "private"
62
+
other:
63
+
SHOW_FOOTER_VERSION: false
64
+
SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
65
+
SHOW_FOOTER_POWERED_BY: false
66
+
oauth:
67
+
- name: SSO
68
+
provider: 'openidConnect'
69
+
autoDiscoverUrl: https://dex.cloudlab.khuedoan.com/.well-known/openid-configuration
70
+
existingSecret: forgejo-oauth
71
+
admin:
72
+
email: admin@cloudlab.khuedoan.com
73
+
existingSecret: forgejo-admin
74
+
podAnnotations:
75
+
"istio.io/dataplane-mode": "ambient"
76
+
ingress:
77
+
enabled: true
78
+
className: nginx
79
+
annotations:
80
+
cert-manager.io/cluster-issuer: letsencrypt-prod
81
+
nginx.ingress.kubernetes.io/proxy-body-size: "0"
82
+
hosts:
83
+
- host: code.khuedoan.com
84
+
paths:
85
+
- path: /
86
+
pathType: Prefix
87
+
tls:
88
+
- hosts:
89
+
- code.khuedoan.com
90
+
secretName: forgejo-tls-certificate
91
+
valkey-cluster:
92
+
enabled: false
93
+
valkey:
94
+
enabled: false
95
+
postgresql:
96
+
enabled: false
97
+
postgresql-ha:
98
+
enabled: false
+86
platform/staging/istio.yaml
+86
platform/staging/istio.yaml
···
1
+
apiVersion: source.toolkit.fluxcd.io/v1
2
+
kind: HelmRepository
3
+
metadata:
4
+
name: istio
5
+
namespace: flux-system
6
+
spec:
7
+
interval: 1h
8
+
url: https://istio-release.storage.googleapis.com/charts
9
+
---
10
+
apiVersion: helm.toolkit.fluxcd.io/v2
11
+
kind: HelmRelease
12
+
metadata:
13
+
name: istio-base
14
+
namespace: flux-system
15
+
spec:
16
+
interval: 3m
17
+
chart:
18
+
spec:
19
+
chart: base
20
+
version: 1.25.1
21
+
sourceRef:
22
+
kind: HelmRepository
23
+
name: istio
24
+
releaseName: istio-base
25
+
targetNamespace: istio-system
26
+
install:
27
+
createNamespace: true
28
+
---
29
+
apiVersion: helm.toolkit.fluxcd.io/v2
30
+
kind: HelmRelease
31
+
metadata:
32
+
name: istio-cni
33
+
namespace: flux-system
34
+
spec:
35
+
interval: 3m
36
+
chart:
37
+
spec:
38
+
chart: cni
39
+
version: 1.25.1
40
+
sourceRef:
41
+
kind: HelmRepository
42
+
name: istio
43
+
releaseName: istio-cni
44
+
targetNamespace: istio-system
45
+
values:
46
+
global:
47
+
platform: k3s
48
+
profile: ambient
49
+
---
50
+
apiVersion: helm.toolkit.fluxcd.io/v2
51
+
kind: HelmRelease
52
+
metadata:
53
+
name: ztunnel
54
+
namespace: flux-system
55
+
spec:
56
+
interval: 3m
57
+
chart:
58
+
spec:
59
+
chart: ztunnel
60
+
version: 1.25.1
61
+
sourceRef:
62
+
kind: HelmRepository
63
+
name: istio
64
+
releaseName: ztunnel
65
+
targetNamespace: istio-system
66
+
values:
67
+
profile: ambient
68
+
---
69
+
apiVersion: helm.toolkit.fluxcd.io/v2
70
+
kind: HelmRelease
71
+
metadata:
72
+
name: istiod
73
+
namespace: flux-system
74
+
spec:
75
+
interval: 3m
76
+
chart:
77
+
spec:
78
+
chart: istiod
79
+
version: 1.25.1
80
+
sourceRef:
81
+
kind: HelmRepository
82
+
name: istio
83
+
releaseName: istiod
84
+
targetNamespace: istio-system
85
+
values:
86
+
profile: ambient