Merge pull request #170 from aenix-io/upd-flux

This cumulative PR includes the following changes: - Migrate from fluxcd-community charts to Flux-Operator #166 - Upgrade to Flux 2.3.x #167 - Refactor Flux 2.3 update #172 - Update flux plugin for dashboard #171 - Flux Operator 0.6 #178
aenix-io · Jun 24, 2024 · 352920e · 352920e
2 parents 33a9cb7 + 73b6f7f
commit 352920e
Show file tree

Hide file tree

Showing 76 changed files with 4,775 additions and 12,313 deletions.
diff --git a/packages/apps/kubernetes/templates/helmreleases/cilium.yaml b/packages/apps/kubernetes/templates/helmreleases/cilium.yaml
@@ -1,4 +1,4 @@
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: {{ .Release.Name }}-cilium

diff --git a/packages/apps/kubernetes/templates/helmreleases/csi.yaml b/packages/apps/kubernetes/templates/helmreleases/csi.yaml
@@ -1,4 +1,4 @@
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: {{ .Release.Name }}-csi

diff --git a/packages/apps/tenant/templates/etcd.yaml b/packages/apps/tenant/templates/etcd.yaml
@@ -1,5 +1,5 @@
 {{- if .Values.etcd }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: etcd

diff --git a/packages/apps/tenant/templates/ingress.yaml b/packages/apps/tenant/templates/ingress.yaml
@@ -1,5 +1,5 @@
 {{- if .Values.ingress }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: ingress

diff --git a/packages/apps/tenant/templates/monitoring.yaml b/packages/apps/tenant/templates/monitoring.yaml
@@ -1,5 +1,5 @@
 {{- if .Values.monitoring }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: monitoring

diff --git a/packages/core/fluxcd/Makefile b/packages/core/fluxcd/Makefile
@@ -7,14 +7,14 @@ show:
 	helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS)
 
 apply:
-	helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) | kubectl apply -n $(NAMESPACE) -f-
+	helm template -n $(NAMESPACE) $(NAME) . --no-hooks \
+		--dry-run=server $(API_VERSIONS_FLAGS) | kubectl apply -n $(NAMESPACE) -f-
 
 diff:
-	helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -n $(NAMESPACE) -f-
+	helm template -n $(NAMESPACE) $(NAME) . --no-hooks \
+		--dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -n $(NAMESPACE) -f-
 
 update:
 	rm -rf charts
-	helm repo add fluxcd-community https://fluxcd-community.github.io/helm-charts
-	helm repo update fluxcd-community
-	helm pull fluxcd-community/flux2 --untar --untardir charts
-	sed -i 's/\.{{ \.Values\.clusterDomain | default "cluster\.local" }}\.//g' `grep -rl '.{{ .Values.clusterDomain | default "cluster.local" }}.' charts`
+	helm pull oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator --untar --untardir charts
+	patch -p1 --no-backup-if-mismatch < patches/kubernetesEnvs.diff
diff --git a/...ages/core/fluxcd/charts/flux2/.helmignore → ...e/fluxcd/charts/flux-operator/.helmignore b/...ages/core/fluxcd/charts/flux2/.helmignore → ...e/fluxcd/charts/flux-operator/.helmignore
@@ -21,5 +21,4 @@
 .idea/
 *.tmproj
 .vscode/
-
-tests/
+helmdocs.gotmpl
diff --git a/packages/core/fluxcd/charts/flux-operator/Chart.yaml b/packages/core/fluxcd/charts/flux-operator/Chart.yaml
@@ -0,0 +1,30 @@
+annotations:
+  artifacthub.io/license: AGPL-3.0
+  artifacthub.io/links: |
+    - name: Documentation
+      url: https://fluxcd.control-plane.io/operator
+    - name: Chart Source
+      url: https://github.com/controlplaneio-fluxcd/charts
+    - name: Upstream Project
+      url: https://github.com/controlplaneio-fluxcd/flux-operator
+apiVersion: v2
+appVersion: v0.6.0
+description: 'A Helm chart for deploying the Flux Operator. '
+home: https://github.com/controlplaneio-fluxcd
+icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/flux/icon/color/flux-icon-color.png
+keywords:
+- flux
+- fluxcd
+- gitops
+kubeVersion: '>=1.22.0-0'
+maintainers:
+- email: stefan.prodan@control-plane.io
+  name: Stefan Prodan
+- name: Soule Ba
+  url: soule.ba@control-plane.io
+name: flux-operator
+sources:
+- https://github.com/controlplaneio-fluxcd/flux-operator
+- https://github.com/controlplaneio-fluxcd/charts
+type: application
+version: 0.6.0
diff --git a/packages/core/fluxcd/charts/flux-operator/README.md b/packages/core/fluxcd/charts/flux-operator/README.md
@@ -0,0 +1,57 @@
+# flux-operator
+
+![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.6.0](https://img.shields.io/badge/AppVersion-v0.6.0-informational?style=flat-square)
+
+The [Flux Operator](https://github.com/controlplaneio-fluxcd) provides a declarative API
+for the installation and upgrade of CNCF [Flux](https://fluxcd.io) and the
+ControlPlane [enterprise distribution](https://control-plane.io/enterprise-for-flux-cd/).
+
+The operator automates the patching for hotfixes and CVEs affecting the Flux controllers container images
+and enables the configuration of multi-tenancy lockdown on Kubernetes and OpenShift clusters.
+
+## Prerequisites
+
+- Kubernetes 1.22+
+- Helm 3.8+
+
+## Installing the Chart
+
+To install the operator in the `flux-system` namespace:
+
+```console
+helm install flux-operator oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator \
+  --namespace flux-system \
+  --create-namespace \
+  --wait
+```
+
+To deploy the Flux controllers and to configure automated updates,
+see the Flux Operator [documentation](https://fluxcd.control-plane.io/operator/).
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]}}}` | Pod affinity and anti-affinity settings. |
+| commonAnnotations | object | `{}` | Common annotations to add to all deployed objects including pods. |
+| commonLabels | object | `{}` | Common labels to add to all deployed objects including pods. |
+| extraEnvs | list | `[]` | Container extra environment variables. |
+| fullnameOverride | string | `""` |  |
+| hostNetwork | bool | `false` | If `true`, the container ports (`8080` and `8081`) are exposed on the host network. |
+| image | object | `{"pullSecrets":[],"repository":"ghcr.io/controlplaneio-fluxcd/flux-operator","tag":""}` | Container image settings. The image tag defaults to the chart appVersion. |
+| installCRDs | bool | `true` | Install and upgrade the custom resource definitions. |
+| livenessProbe | object | `{"httpGet":{"path":"/healthz","port":8081},"initialDelaySeconds":15,"periodSeconds":20}` | Container liveness probe settings. |
+| marketplace | object | `{"account":"","license":"","type":""}` | Marketplace settings. |
+| nameOverride | string | `""` |  |
+| podSecurityContext | object | `{}` | Pod security context settings. |
+| priorityClassName | string | `""` | Pod priority class name. Recommended value is system-cluster-critical. |
+| readinessProbe | object | `{"httpGet":{"path":"/readyz","port":8081},"initialDelaySeconds":5,"periodSeconds":10}` | Container readiness probe settings. |
+| resources | object | `{"limits":{"cpu":"1000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"64Mi"}}` | Container resources requests and limits settings. |
+| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Container security context settings. The default is compliant with the pod security restricted profile. |
+| serviceAccount | object | `{"automount":true,"create":true,"name":""}` | Pod service account settings. The name of the service account defaults to the release name. |
+| tolerations | list | `[]` | Pod tolerations settings. |
+
+## Source Code
+
+* <https://github.com/controlplaneio-fluxcd/flux-operator>
+* <https://github.com/controlplaneio-fluxcd/charts>
diff --git a/packages/core/fluxcd/charts/flux-operator/templates/NOTES.txt b/packages/core/fluxcd/charts/flux-operator/templates/NOTES.txt
@@ -0,0 +1 @@
+Documentation at https://fluxcd.control-plane.io/operator/
diff --git a/packages/core/fluxcd/charts/flux-operator/templates/_helpers.tpl b/packages/core/fluxcd/charts/flux-operator/templates/_helpers.tpl
@@ -0,0 +1,58 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "flux-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "flux-operator.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "flux-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "flux-operator.labels" -}}
+helm.sh/chart: {{ include "flux-operator.chart" . }}
+{{ include "flux-operator.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "flux-operator.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "flux-operator.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "flux-operator.serviceAccountName" -}}
+{{- default (include "flux-operator.fullname" .) .Values.serviceAccount.name }}
+{{- end }}
diff --git a/packages/core/fluxcd/charts/flux-operator/templates/clusterrole.yaml b/packages/core/fluxcd/charts/flux-operator/templates/clusterrole.yaml
@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "flux-operator.fullname" . }}
+  labels:
+    {{- include "flux-operator.labels" . | nindent 4 }}
+    {{- with .Values.commonLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.commonAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "flux-operator.fullname" . }}
+    namespace: {{ .Release.Namespace }}