From a0020061699945b710806bec53d936bc121ac987 Mon Sep 17 00:00:00 2001 From: Jonathan Leech-Pepin Date: Thu, 27 Mar 2025 22:00:00 -0400 Subject: [PATCH] Move longhorn, cert-manager and traefik to kustomize --- .../extras}/cloudflare-token.yaml | 0 .../cert-manager/kustomization.yaml | 29 ++++++ .../{ => cert-manager/patches}/chart.yaml | 0 .../post}/cluster-issuer.yaml | 0 .../post}/consultjlpdotcom-cert.yaml | 0 .../post}/jlptechdotconsulting-cert.yaml | 0 .../post}/leechpepindotcom-cert.yaml | 0 namespaces/homelab/secrets.yaml | 33 ------- .../infisical/infisical/kustomization.yaml | 28 ++++++ .../infisical/infisical/patches/chart.yaml | 1 - namespaces/infisical/namespace.yaml | 7 ++ .../longhorn-system/longhorn-gateway.yaml | 39 -------- .../longhorn-system/storageclasses.yaml | 23 ----- .../extras/longhorn-private-storageclass.yaml | 12 +++ .../extras/longhorn-public-storageclass.yaml | 11 +++ .../longhorn/longhorn/kustomization.yaml | 99 +++++++++++++++++++ .../longhorn/longhorn/patches/chart.yaml | 1 - .../longhorn/longhorn/patches/secrets.yaml | 5 + namespaces/longhorn/namespace.yaml | 7 ++ namespaces/traefik/namespace.yaml | 7 ++ namespaces/traefik/traefik/kustomization.yaml | 28 ++++++ .../traefik/traefik/patches/chart.yaml | 0 22 files changed, 233 insertions(+), 97 deletions(-) rename namespaces/cert-manager/{ => cert-manager/extras}/cloudflare-token.yaml (100%) create mode 100644 namespaces/cert-manager/cert-manager/kustomization.yaml rename namespaces/cert-manager/{ => cert-manager/patches}/chart.yaml (100%) rename namespaces/cert-manager/{ => cert-manager/post}/cluster-issuer.yaml (100%) rename namespaces/cert-manager/{ => cert-manager/post}/consultjlpdotcom-cert.yaml (100%) rename namespaces/cert-manager/{ => cert-manager/post}/jlptechdotconsulting-cert.yaml (100%) rename namespaces/cert-manager/{ => cert-manager/post}/leechpepindotcom-cert.yaml (100%) delete mode 100644 namespaces/homelab/secrets.yaml create mode 100644 namespaces/infisical/infisical/kustomization.yaml rename charts/infisical.yaml => namespaces/infisical/infisical/patches/chart.yaml (95%) create mode 100644 namespaces/infisical/namespace.yaml delete mode 100644 namespaces/longhorn-system/longhorn-gateway.yaml delete mode 100644 namespaces/longhorn-system/storageclasses.yaml create mode 100644 namespaces/longhorn/longhorn/extras/longhorn-private-storageclass.yaml create mode 100644 namespaces/longhorn/longhorn/extras/longhorn-public-storageclass.yaml create mode 100644 namespaces/longhorn/longhorn/kustomization.yaml rename charts/longhorn.yaml => namespaces/longhorn/longhorn/patches/chart.yaml (90%) create mode 100644 namespaces/longhorn/longhorn/patches/secrets.yaml create mode 100644 namespaces/longhorn/namespace.yaml create mode 100644 namespaces/traefik/namespace.yaml create mode 100644 namespaces/traefik/traefik/kustomization.yaml rename charts/traefik.yaml => namespaces/traefik/traefik/patches/chart.yaml (100%) diff --git a/namespaces/cert-manager/cloudflare-token.yaml b/namespaces/cert-manager/cert-manager/extras/cloudflare-token.yaml similarity index 100% rename from namespaces/cert-manager/cloudflare-token.yaml rename to namespaces/cert-manager/cert-manager/extras/cloudflare-token.yaml diff --git a/namespaces/cert-manager/cert-manager/kustomization.yaml b/namespaces/cert-manager/cert-manager/kustomization.yaml new file mode 100644 index 0000000..722f7b8 --- /dev/null +++ b/namespaces/cert-manager/cert-manager/kustomization.yaml @@ -0,0 +1,29 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +transformers: + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: notImportantHere + namespace: cert-manager + unsetOnly: true + +namePrefix: cert-manager- +resources: + - ../../../kustomize/helmchart-noaddons + - extras/cloudflare-token.yaml + +patches: + - path: patches/chart.yaml + target: + kind: HelmChart + name: chart + +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/appName: cert-manager + - pairs: + app.kubernetes.io/appNamespace: cert-manager diff --git a/namespaces/cert-manager/chart.yaml b/namespaces/cert-manager/cert-manager/patches/chart.yaml similarity index 100% rename from namespaces/cert-manager/chart.yaml rename to namespaces/cert-manager/cert-manager/patches/chart.yaml diff --git a/namespaces/cert-manager/cluster-issuer.yaml b/namespaces/cert-manager/cert-manager/post/cluster-issuer.yaml similarity index 100% rename from namespaces/cert-manager/cluster-issuer.yaml rename to namespaces/cert-manager/cert-manager/post/cluster-issuer.yaml diff --git a/namespaces/cert-manager/consultjlpdotcom-cert.yaml b/namespaces/cert-manager/cert-manager/post/consultjlpdotcom-cert.yaml similarity index 100% rename from namespaces/cert-manager/consultjlpdotcom-cert.yaml rename to namespaces/cert-manager/cert-manager/post/consultjlpdotcom-cert.yaml diff --git a/namespaces/cert-manager/jlptechdotconsulting-cert.yaml b/namespaces/cert-manager/cert-manager/post/jlptechdotconsulting-cert.yaml similarity index 100% rename from namespaces/cert-manager/jlptechdotconsulting-cert.yaml rename to namespaces/cert-manager/cert-manager/post/jlptechdotconsulting-cert.yaml diff --git a/namespaces/cert-manager/leechpepindotcom-cert.yaml b/namespaces/cert-manager/cert-manager/post/leechpepindotcom-cert.yaml similarity index 100% rename from namespaces/cert-manager/leechpepindotcom-cert.yaml rename to namespaces/cert-manager/cert-manager/post/leechpepindotcom-cert.yaml diff --git a/namespaces/homelab/secrets.yaml b/namespaces/homelab/secrets.yaml deleted file mode 100644 index f4ecc5d..0000000 --- a/namespaces/homelab/secrets.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: secrets.infisical.com/v1alpha1 -kind: InfisicalSecret -metadata: - name: homelab-sslcert-secrets - namespace: infisical - labels: - label-to-be-passed-to-managed-secret: homelab - annotations: - example.com/annotation-to-be-passed-to-managed-secret: "homelab" -spec: - hostAPI: https://app.infisical.com/api - resyncInterval: 10 - authentication: - # Universal Auth - universalAuth: - secretsScope: - projectSlug: homelab-n-f-yj - envSlug: prod - secretsPath: "/homelab" # Root is "/" - recursive: true # Whether or not to use recursive mode (Fetches all secrets in an environment from a given secret path, and all folders inside the path) / defaults to false - credentialsRef: - secretName: universal-auth-credentials - secretNamespace: infisical - managedSecretReference: - secretName: infisical-self-signed-cert - secretNamespace: homelab - creationPolicy: "Orphan" ## Owner | Orphan - secretType: kubernetes.io/tls - template: - data: - tls.crt: "{{ .TLS_CERT.Value }}" - tls.key: "{{ .TLS_KEY.Value }}" diff --git a/namespaces/infisical/infisical/kustomization.yaml b/namespaces/infisical/infisical/kustomization.yaml new file mode 100644 index 0000000..0f450e3 --- /dev/null +++ b/namespaces/infisical/infisical/kustomization.yaml @@ -0,0 +1,28 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +transformers: + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: notImportantHere + namespace: infisical + unsetOnly: true + +namePrefix: infisical- +resources: + - ../../../kustomize/helmchart-noaddons + +patches: + - path: patches/chart.yaml + target: + kind: HelmChart + name: chart + +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/appName: infisical + - pairs: + app.kubernetes.io/appNamespace: infisical diff --git a/charts/infisical.yaml b/namespaces/infisical/infisical/patches/chart.yaml similarity index 95% rename from charts/infisical.yaml rename to namespaces/infisical/infisical/patches/chart.yaml index fd61431..879cc0a 100644 --- a/charts/infisical.yaml +++ b/namespaces/infisical/infisical/patches/chart.yaml @@ -7,7 +7,6 @@ metadata: - wrangler.cattle.io/on-helm-chart-remove generation: 1 name: infisical-install - namespace: default spec: chart: secrets-operator repo: https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/ diff --git a/namespaces/infisical/namespace.yaml b/namespaces/infisical/namespace.yaml new file mode 100644 index 0000000..585ae4a --- /dev/null +++ b/namespaces/infisical/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + homelab-access: "false" + name: infisical diff --git a/namespaces/longhorn-system/longhorn-gateway.yaml b/namespaces/longhorn-system/longhorn-gateway.yaml deleted file mode 100644 index 4cf9246..0000000 --- a/namespaces/longhorn-system/longhorn-gateway.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: ReferenceGrant -metadata: - name: allow-routes-to-services - namespace: longhorn-system -spec: - from: - - group: gateway.networking.k8s.io - kind: HTTPRoute - namespace: traefik - to: - - group: "" - kind: Service ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: longhorn-ui - namespace: traefik -spec: - parentRefs: - - name: traefik-gateway - sectionName: web - kind: Gateway - namespace: traefik - - hostnames: - - longhorn.leechpepin.local - - rules: - - matches: - - path: - type: PathPrefix - value: / - - backendRefs: - - name: longhorn-frontend - namespace: longhorn-system - port: 80 diff --git a/namespaces/longhorn-system/storageclasses.yaml b/namespaces/longhorn-system/storageclasses.yaml deleted file mode 100644 index fc9f015..0000000 --- a/namespaces/longhorn-system/storageclasses.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: longhorn-private -provisioner: driver.longhorn.io -allowVolumeExpansion: true -parameters: - numberOfReplicas: "2" - dataLocality: "best-effort" - diskSelector: "private" - nodeSelector: "private" ---- -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: longhorn-public -provisioner: driver.longhorn.io -allowVolumeExpansion: true -parameters: - numberOfReplicas: "2" - dataLocality: "best-effort" - diskSelector: "public" diff --git a/namespaces/longhorn/longhorn/extras/longhorn-private-storageclass.yaml b/namespaces/longhorn/longhorn/extras/longhorn-private-storageclass.yaml new file mode 100644 index 0000000..875fe13 --- /dev/null +++ b/namespaces/longhorn/longhorn/extras/longhorn-private-storageclass.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: private +provisioner: driver.longhorn.io +allowVolumeExpansion: true +parameters: + numberOfReplicas: "2" + dataLocality: "best-effort" + diskSelector: "private" + nodeSelector: "private" diff --git a/namespaces/longhorn/longhorn/extras/longhorn-public-storageclass.yaml b/namespaces/longhorn/longhorn/extras/longhorn-public-storageclass.yaml new file mode 100644 index 0000000..2a0b588 --- /dev/null +++ b/namespaces/longhorn/longhorn/extras/longhorn-public-storageclass.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: public +provisioner: driver.longhorn.io +allowVolumeExpansion: true +parameters: + numberOfReplicas: "2" + dataLocality: "best-effort" + diskSelector: "public" diff --git a/namespaces/longhorn/longhorn/kustomization.yaml b/namespaces/longhorn/longhorn/kustomization.yaml new file mode 100644 index 0000000..9174371 --- /dev/null +++ b/namespaces/longhorn/longhorn/kustomization.yaml @@ -0,0 +1,99 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +transformers: + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: notImportantHere + namespace: longhorn + unsetOnly: true + +namePrefix: longhorn- +resources: + - ../../../kustomize/helmchart + - extras/longhorn-public-storageclass.yaml + - extras/longhorn-private-storageclass.yaml + +patches: + - path: patches/chart.yaml + target: + kind: HelmChart + name: chart + - path: patches/secrets.yaml + target: + kind: InfisicalSecret + name: secrets + +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/appName: longhorn + - pairs: + app.kubernetes.io/appNamespace: longhorn + - pairs: + app.kubernetes.io/chartServiceName: longhorn-frontend + +replacements: + - source: + kind: HTTPRoute + name: http + fieldPath: metadata.labels.[app.kubernetes.io/chartServiceName] + targets: + - select: + kind: HTTPRoute + options: + create: true + delimiter: "." + index: 0 + fieldPaths: + - spec.rules.0.backendRefs.0.name + - source: + kind: HTTPRoute + name: http + fieldPath: metadata.labels.[app.kubernetes.io/appName] + targets: + - select: + kind: HTTPRoute + options: + create: true + delimiter: "." + index: 0 + fieldPaths: + - spec.hostnames.0 + - select: + kind: InfisicalSecret + options: + delimiter: "-" + index: 0 + fieldPaths: + - spec.managedSecretReference.secretName + - select: + kind: InfisicalSecret + options: + delimiter: "/" + index: 2 + fieldPaths: + - spec.authentication.universalAuth.secretsScope.secretsPath + - source: + kind: HTTPRoute + name: http + fieldPath: metadata.labels.[app.kubernetes.io/appNamespace] + targets: + - select: + kind: HelmChart + name: chart + fieldPaths: + - spec.targetNamespace + - select: + kind: InfisicalSecret + options: + delimiter: "/" + index: 1 + fieldPaths: + - spec.authentication.universalAuth.secretsScope.secretsPath + - select: + kind: InfisicalSecret + fieldPaths: + - spec.managedSecretReference.secretNamespace diff --git a/charts/longhorn.yaml b/namespaces/longhorn/longhorn/patches/chart.yaml similarity index 90% rename from charts/longhorn.yaml rename to namespaces/longhorn/longhorn/patches/chart.yaml index eddab7e..8b40270 100644 --- a/charts/longhorn.yaml +++ b/namespaces/longhorn/longhorn/patches/chart.yaml @@ -7,7 +7,6 @@ metadata: - wrangler.cattle.io/on-helm-chart-remove generation: 1 name: longhorn-install - namespace: default # This should be elsewhere but changing it would delete spec: version: v1.7.2 chart: longhorn diff --git a/namespaces/longhorn/longhorn/patches/secrets.yaml b/namespaces/longhorn/longhorn/patches/secrets.yaml new file mode 100644 index 0000000..7a199b7 --- /dev/null +++ b/namespaces/longhorn/longhorn/patches/secrets.yaml @@ -0,0 +1,5 @@ +$patch: delete +apiVersion: secrets.infisical.com/v1alpha1 +kind: InfisicalSecret +metadata: + name: secrets diff --git a/namespaces/longhorn/namespace.yaml b/namespaces/longhorn/namespace.yaml new file mode 100644 index 0000000..af4d98f --- /dev/null +++ b/namespaces/longhorn/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + homelab-access: "true" + name: longhorn diff --git a/namespaces/traefik/namespace.yaml b/namespaces/traefik/namespace.yaml new file mode 100644 index 0000000..f1862a6 --- /dev/null +++ b/namespaces/traefik/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + homelab-access: "true" + name: traefik diff --git a/namespaces/traefik/traefik/kustomization.yaml b/namespaces/traefik/traefik/kustomization.yaml new file mode 100644 index 0000000..84bea1c --- /dev/null +++ b/namespaces/traefik/traefik/kustomization.yaml @@ -0,0 +1,28 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +transformers: + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: notImportantHere + namespace: traefik + unsetOnly: true + +namePrefix: traefik-lb +resources: + - ../../../kustomize/helmchart-noaddons/ + +patches: + - path: patches/chart.yaml + target: + kind: HelmChart + name: chart + +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/appName: traefik-lb + - pairs: + app.kubernetes.io/appNamespace: traefik diff --git a/charts/traefik.yaml b/namespaces/traefik/traefik/patches/chart.yaml similarity index 100% rename from charts/traefik.yaml rename to namespaces/traefik/traefik/patches/chart.yaml