feat: implements a new cluster configuration structure

This commit is contained in:
2025-11-07 17:31:43 -03:00
parent c5ed394bb9
commit bbe5420893
28 changed files with 289 additions and 1184 deletions

View File

@@ -0,0 +1,51 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cert-manager
namespace: cert-manager
spec:
interval: 10m
releaseName: cert-manager
chart:
spec:
chart: cert-manager
version: "v1.14.2"
sourceRef:
kind: HelmRepository
name: jetstack
namespace: flux-system
install:
createNamespace: true
crds: CreateReplace
values:
resources:
limits:
cpu: 50m
memory: 128Mi
requests:
cpu: 25m
memory: 64Mi
webhook:
resources:
limits:
cpu: 50m
memory: 64Mi
requests:
cpu: 25m
memory: 32Mi
cainjector:
resources:
limits:
cpu: 50m
memory: 128Mi
requests:
cpu: 25m
memory: 64Mi
startupapicheck:
resources:
limits:
cpu: 50m
memory: 64Mi
requests:
cpu: 25m
memory: 32Mi

View File

@@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: jetstack
namespace: flux-system
spec:
interval: 10m
url: https://charts.jetstack.io

View File

@@ -0,0 +1,39 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: descheduler
namespace: kube-system
spec:
interval: 10m
releaseName: descheduler
chart:
spec:
chart: descheduler
version: "*"
sourceRef:
kind: HelmRepository
name: descheduler
namespace: flux-system
values:
schedule: "*/2 * * * *"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
# Security context
podSecurityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 1000
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true

View File

@@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: descheduler
namespace: flux-system
spec:
interval: 10m
url: https://kubernetes-sigs.github.io/descheduler

View File

@@ -0,0 +1,44 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: ingress-nginx
namespace: ingress-nginx
spec:
interval: 10m
releaseName: ingress-nginx
chart:
spec:
chart: ingress-nginx
sourceRef:
kind: HelmRepository
name: ingress-nginx
namespace: flux-system
install:
createNamespace: true
values:
controller:
resources:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 125m
memory: 128Mi
# Enable metrics for monitoring
metrics:
enabled: true
serviceMonitor:
enabled: false # Set to true if you have Prometheus
# Security context
podSecurityContext:
runAsNonRoot: true
runAsUser: 101
fsGroup: 65534
defaultBackend:
resources:
limits:
cpu: 25m
memory: 32Mi
requests:
cpu: 12m
memory: 16Mi

View File

@@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: ingress-nginx
namespace: flux-system
spec:
interval: 10m
url: https://kubernetes.github.io/ingress-nginx

118
manifest/flux-instance.yaml Normal file
View File

@@ -0,0 +1,118 @@
apiVersion: fluxcd.controlplane.io/v1
kind: FluxInstance
metadata:
name: flux
namespace: flux-system
annotations:
fluxcd.controlplane.io/reconcileEvery: "1h"
fluxcd.controlplane.io/reconcileTimeout: "5m"
spec:
distribution:
version: "2.x"
registry: "ghcr.io/fluxcd"
artifact: "oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests"
components:
- source-controller
- kustomize-controller
- helm-controller
- notification-controller
- image-reflector-controller
- image-automation-controller
cluster:
type: kubernetes
size: medium
multitenant: false
networkPolicy: true
domain: "cluster.local"
kustomize:
patches:
- target:
kind: Deployment
patch: |
- op: replace
path: /spec/template/spec/nodeSelector
value:
kubernetes.io/os: linux
- op: add
path: /spec/template/spec/tolerations
value:
- key: "CriticalAddonsOnly"
operator: "Exists"
- target:
kind: Deployment
name: source-controller
patch: |
- op: add
path: /spec/template/spec/containers/0/resources
value:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 25m
memory: 32Mi
- target:
kind: Deployment
name: kustomize-controller
patch: |
- op: add
path: /spec/template/spec/containers/0/resources
value:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 50m
memory: 64Mi
- target:
kind: Deployment
name: helm-controller
patch: |
- op: add
path: /spec/template/spec/containers/0/resources
value:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 50m
memory: 64Mi
- target:
kind: Deployment
name: notification-controller
patch: |
- op: add
path: /spec/template/spec/containers/0/resources
value:
limits:
cpu: 50m
memory: 64Mi
requests:
cpu: 25m
memory: 32Mi
- target:
kind: Deployment
name: image-reflector-controller
patch: |
- op: add
path: /spec/template/spec/containers/0/resources
value:
limits:
cpu: 50m
memory: 64Mi
requests:
cpu: 25m
memory: 32Mi
- target:
kind: Deployment
name: image-automation-controller
patch: |
- op: add
path: /spec/template/spec/containers/0/resources
value:
limits:
cpu: 50m
memory: 64Mi
requests:
cpu: 25m
memory: 32Mi