Move longhorn, cert-manager and traefik to kustomize

namespaces/cert-manager/cert-manager/kustomization.yaml

@@ -0,0 +1,29 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+transformers:
+  - |-
+    apiVersion: builtin
+    kind: NamespaceTransformer
+    metadata:
+      name: notImportantHere
+      namespace: cert-manager
+    unsetOnly: true
+
+namePrefix: cert-manager-
+resources:
+  - ../../../kustomize/helmchart-noaddons
+  - extras/cloudflare-token.yaml
+
+patches:
+  - path: patches/chart.yaml
+    target:
+      kind: HelmChart
+      name: chart
+
+labels:
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/appName: cert-manager
+  - pairs:
+      app.kubernetes.io/appNamespace: cert-manager

namespaces/homelab/secrets.yaml

@@ -1,33 +0,0 @@
----
-apiVersion: secrets.infisical.com/v1alpha1
-kind: InfisicalSecret
-metadata:
-  name: homelab-sslcert-secrets
-  namespace: infisical
-  labels:
-    label-to-be-passed-to-managed-secret: homelab
-  annotations:
-    example.com/annotation-to-be-passed-to-managed-secret: "homelab"
-spec:
-  hostAPI: https://app.infisical.com/api
-  resyncInterval: 10
-  authentication:
-    # Universal Auth
-    universalAuth:
-      secretsScope:
-        projectSlug: homelab-n-f-yj
-        envSlug: prod
-        secretsPath: "/homelab" # Root is "/"
-        recursive: true # Whether or not to use recursive mode (Fetches all secrets in an environment from a given secret path, and all folders inside the path) / defaults to false
-      credentialsRef:
-        secretName: universal-auth-credentials
-        secretNamespace: infisical
-  managedSecretReference:
-    secretName: infisical-self-signed-cert
-    secretNamespace: homelab
-    creationPolicy: "Orphan" ## Owner | Orphan
-    secretType: kubernetes.io/tls
-    template:
-      data:
-        tls.crt: "{{ .TLS_CERT.Value }}"
-        tls.key: "{{ .TLS_KEY.Value }}"

namespaces/infisical/infisical/kustomization.yaml

@@ -0,0 +1,28 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+transformers:
+  - |-
+    apiVersion: builtin
+    kind: NamespaceTransformer
+    metadata:
+      name: notImportantHere
+      namespace: infisical
+    unsetOnly: true
+
+namePrefix: infisical-
+resources:
+  - ../../../kustomize/helmchart-noaddons
+
+patches:
+  - path: patches/chart.yaml
+    target:
+      kind: HelmChart
+      name: chart
+
+labels:
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/appName: infisical
+  - pairs:
+      app.kubernetes.io/appNamespace: infisical

namespaces/infisical/infisical/patches/chart.yaml

@@ -7,7 +7,6 @@ metadata:
     - wrangler.cattle.io/on-helm-chart-remove
   generation: 1
   name: infisical-install
-  namespace: default
 spec:
   chart: secrets-operator
   repo: https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/

namespaces/infisical/namespace.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    homelab-access: "false"
+  name: infisical

namespaces/longhorn-system/longhorn-gateway.yaml

@@ -1,39 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1beta1
-kind: ReferenceGrant
-metadata:
-  name: allow-routes-to-services
-  namespace: longhorn-system
-spec:
-  from:
-    - group: gateway.networking.k8s.io
-      kind: HTTPRoute
-      namespace: traefik
-  to:
-    - group: ""
-      kind: Service
----
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: longhorn-ui
-  namespace: traefik
-spec:
-  parentRefs:
-    - name: traefik-gateway
-      sectionName: web
-      kind: Gateway
-      namespace: traefik
-
-  hostnames:
-    - longhorn.leechpepin.local
-
-  rules:
-    - matches:
-        - path:
-            type: PathPrefix
-            value: /
-
-      backendRefs:
-        - name: longhorn-frontend
-          namespace: longhorn-system
-          port: 80

namespaces/longhorn-system/storageclasses.yaml

@@ -1,23 +0,0 @@
----
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: longhorn-private
-provisioner: driver.longhorn.io
-allowVolumeExpansion: true
-parameters:
-  numberOfReplicas: "2"
-  dataLocality: "best-effort"
-  diskSelector: "private"
-  nodeSelector: "private"
----
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: longhorn-public
-provisioner: driver.longhorn.io
-allowVolumeExpansion: true
-parameters:
-  numberOfReplicas: "2"
-  dataLocality: "best-effort"
-  diskSelector: "public"

namespaces/longhorn/longhorn/extras/longhorn-private-storageclass.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: private
+provisioner: driver.longhorn.io
+allowVolumeExpansion: true
+parameters:
+  numberOfReplicas: "2"
+  dataLocality: "best-effort"
+  diskSelector: "private"
+  nodeSelector: "private"

namespaces/longhorn/longhorn/extras/longhorn-public-storageclass.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: public
+provisioner: driver.longhorn.io
+allowVolumeExpansion: true
+parameters:
+  numberOfReplicas: "2"
+  dataLocality: "best-effort"
+  diskSelector: "public"

namespaces/longhorn/longhorn/kustomization.yaml

@@ -0,0 +1,99 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+transformers:
+  - |-
+    apiVersion: builtin
+    kind: NamespaceTransformer
+    metadata:
+      name: notImportantHere
+      namespace: longhorn
+    unsetOnly: true
+
+namePrefix: longhorn-
+resources:
+  - ../../../kustomize/helmchart
+  - extras/longhorn-public-storageclass.yaml
+  - extras/longhorn-private-storageclass.yaml
+
+patches:
+  - path: patches/chart.yaml
+    target:
+      kind: HelmChart
+      name: chart
+  - path: patches/secrets.yaml
+    target:
+      kind: InfisicalSecret
+      name: secrets
+
+labels:
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/appName: longhorn
+  - pairs:
+      app.kubernetes.io/appNamespace: longhorn
+  - pairs:
+      app.kubernetes.io/chartServiceName: longhorn-frontend
+
+replacements:
+  - source:
+      kind: HTTPRoute
+      name: http
+      fieldPath: metadata.labels.[app.kubernetes.io/chartServiceName]
+    targets:
+      - select:
+          kind: HTTPRoute
+        options:
+          create: true
+          delimiter: "."
+          index: 0
+        fieldPaths:
+          - spec.rules.0.backendRefs.0.name
+  - source:
+      kind: HTTPRoute
+      name: http
+      fieldPath: metadata.labels.[app.kubernetes.io/appName]
+    targets:
+      - select:
+          kind: HTTPRoute
+        options:
+          create: true
+          delimiter: "."
+          index: 0
+        fieldPaths:
+          - spec.hostnames.0
+      - select:
+          kind: InfisicalSecret
+        options:
+          delimiter: "-"
+          index: 0
+        fieldPaths:
+          - spec.managedSecretReference.secretName
+      - select:
+          kind: InfisicalSecret
+        options:
+          delimiter: "/"
+          index: 2
+        fieldPaths:
+          - spec.authentication.universalAuth.secretsScope.secretsPath
+  - source:
+      kind: HTTPRoute
+      name: http
+      fieldPath: metadata.labels.[app.kubernetes.io/appNamespace]
+    targets:
+      - select:
+          kind: HelmChart
+          name: chart
+        fieldPaths:
+          - spec.targetNamespace
+      - select:
+          kind: InfisicalSecret
+        options:
+          delimiter: "/"
+          index: 1
+        fieldPaths:
+          - spec.authentication.universalAuth.secretsScope.secretsPath
+      - select:
+          kind: InfisicalSecret
+        fieldPaths:
+          - spec.managedSecretReference.secretNamespace

namespaces/longhorn/longhorn/patches/chart.yaml

@@ -7,7 +7,6 @@ metadata:
     - wrangler.cattle.io/on-helm-chart-remove
   generation: 1
   name: longhorn-install
-  namespace: default # This should be elsewhere but changing it would delete
 spec:
   version: v1.7.2
   chart: longhorn

namespaces/longhorn/longhorn/patches/secrets.yaml

@@ -0,0 +1,5 @@
+$patch: delete
+apiVersion: secrets.infisical.com/v1alpha1
+kind: InfisicalSecret
+metadata:
+  name: secrets

namespaces/longhorn/namespace.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    homelab-access: "true"
+  name: longhorn

namespaces/traefik/namespace.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    homelab-access: "true"
+  name: traefik

namespaces/traefik/traefik/kustomization.yaml

@@ -0,0 +1,28 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+transformers:
+  - |-
+    apiVersion: builtin
+    kind: NamespaceTransformer
+    metadata:
+      name: notImportantHere
+      namespace: traefik
+    unsetOnly: true
+
+namePrefix: traefik-lb
+resources:
+  - ../../../kustomize/helmchart-noaddons/
+
+patches:
+  - path: patches/chart.yaml
+    target:
+      kind: HelmChart
+      name: chart
+
+labels:
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/appName: traefik-lb
+  - pairs:
+      app.kubernetes.io/appNamespace: traefik