feat: reorganize helmfile flux apps and update flux ks intervals (#1795)

Author: onedr0p

templates/config/bootstrap/helmfile.yaml.j2

@@ -19,33 +19,33 @@ releases:
     namespace: kube-system
     chart: cilium/cilium
     version: 1.17.1
-    values: ['{{ requiredEnv "ROOT_DIR" }}/kubernetes/apps/kube-system/cilium/app/helm-values.yaml']
+    values: ['{{ requiredEnv "ROOT_DIR" }}/kubernetes/apps/kube-system/cilium/app/helm/values.yaml']
 
   - name: coredns
     namespace: kube-system
     chart: oci://ghcr.io/coredns/charts/coredns
     version: 1.39.1
-    values: ['{{ requiredEnv "ROOT_DIR" }}/kubernetes/apps/kube-system/coredns/app/helm-values.yaml']
+    values: ['{{ requiredEnv "ROOT_DIR" }}/kubernetes/apps/kube-system/coredns/app/helm/values.yaml']
     needs: ['kube-system/cilium']
 
   - name: cert-manager
     namespace: cert-manager
     chart: jetstack/cert-manager
     version: v1.17.1
-    values: ['{{ requiredEnv "ROOT_DIR" }}/kubernetes/apps/cert-manager/cert-manager/app/helm-values.yaml']
+    values: ['{{ requiredEnv "ROOT_DIR" }}/kubernetes/apps/cert-manager/cert-manager/app/helm/values.yaml']
     needs: ['kube-system/coredns']
 
   - name: flux-operator
     namespace: flux-system
     chart: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator
     version: 0.16.0
-    values: ['{{ requiredEnv "ROOT_DIR" }}/kubernetes/apps/flux-system/flux-operator/app/helm-values.yaml']
+    values: ['{{ requiredEnv "ROOT_DIR" }}/kubernetes/apps/flux-system/flux-operator/app/helm/values.yaml']
     needs: ['cert-manager/cert-manager']
 
   - name: flux-instance
     namespace: flux-system
     chart: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-instance
     version: 0.16.0
     wait: false
-    values: ['{{ requiredEnv "ROOT_DIR" }}/kubernetes/apps/flux-system/flux-operator/instance/helm-values.yaml']
+    values: ['{{ requiredEnv "ROOT_DIR" }}/kubernetes/apps/flux-system/flux-instance/app/helm/values.yaml']
     needs: ['flux-system/flux-operator']

templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/clusterissuers.yaml.j2 templates/config/kubernetes/apps/cert-manager/cert-manager/app/clusterissuers.yaml.j2

@@ -3,12 +3,12 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-production
+  name: letsencrypt-staging
 spec:
   acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
     privateKeySecretRef:
-      name: letsencrypt-production
+      name: letsencrypt-staging
     solvers:
       - dns01:
           cloudflare:
@@ -18,17 +18,18 @@ spec:
         selector:
           dnsZones:
             - "${SECRET_DOMAIN}"
+#% if cloudflare_cluster_issuer == 'production' %#
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cert-manager.io/clusterissuer_v1.json
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-staging
+  name: letsencrypt-production
 spec:
   acme:
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    server: https://acme-v02.api.letsencrypt.org/directory
     privateKeySecretRef:
-      name: letsencrypt-staging
+      name: letsencrypt-production
     solvers:
       - dns01:
           cloudflare:
@@ -38,3 +39,4 @@ spec:
         selector:
           dnsZones:
             - "${SECRET_DOMAIN}"
+#% endif %#

templates/config/kubernetes/apps/cert-manager/cert-manager/app/kustomizeconfig.yaml.j2 templates/config/kubernetes/apps/cert-manager/cert-manager/app/helm/kustomizeconfig.yaml.j2

@@ -5,7 +5,7 @@ kind: HelmRelease
 metadata:
   name: cert-manager
 spec:
-  interval: 30m
+  interval: 1h
   chart:
     spec:
       chart: cert-manager
@@ -23,4 +23,4 @@ spec:
       retries: 3
   valuesFrom:
     - kind: ConfigMap
-      name: cert-manager-helm-values
+      name: cert-manager-values

templates/config/kubernetes/apps/cert-manager/cert-manager/app/helm-values.yaml.j2 templates/config/kubernetes/apps/cert-manager/cert-manager/app/helm/values.yaml.j2

@@ -4,9 +4,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./helmrelease.yaml
+  - ./secret.sops.yaml
+  - ./clusterissuers.yaml
 configMapGenerator:
-  - name: cert-manager-helm-values
+  - name: cert-manager-values
     files:
-      - values.yaml=./helm-values.yaml
+      - values.yaml=./helm/values.yaml
 configurations:
-  - kustomizeconfig.yaml
+  - ./helm/kustomizeconfig.yaml

templates/config/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml.j2

@@ -9,41 +9,21 @@ spec:
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  interval: 30m
-  path: ./kubernetes/apps/cert-manager/cert-manager/app
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-    namespace: flux-system
-  timeout: 5m
-  targetNamespace: *namespace
-  wait: false
----
-# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app cert-manager-issuers
-  namespace: &namespace cert-manager
-spec:
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  interval: 30m
-  path: ./kubernetes/apps/cert-manager/cert-manager/issuers
-  prune: true
   healthCheckExprs:
     - apiVersion: cert-manager.io/v1
       kind: ClusterIssuer
       failed: status.conditions.filter(e, e.type == 'Ready').all(e, e.status == 'False')
       current: status.conditions.filter(e, e.type == 'Ready').all(e, e.status == 'True')
+  interval: 1h
+  path: ./kubernetes/apps/cert-manager/cert-manager/app
+  prune: true
+  retryInterval: 2m
   sourceRef:
     kind: GitRepository
     name: flux-system
     namespace: flux-system
   targetNamespace: *namespace
-  timeout: 5m
+  timeout: 15m
   wait: true
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
@@ -57,16 +37,17 @@ spec:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
-    - name: cert-manager-issuers
+    - name: cert-manager
       namespace: cert-manager
   healthCheckExprs:
     - apiVersion: cert-manager.io/v1
       kind: Certificate
       failed: status.conditions.filter(e, e.type == 'Ready').all(e, e.status == 'False')
       current: status.conditions.filter(e, e.type == 'Ready').all(e, e.status == 'True')
-  interval: 30m
+  interval: 1h
   path: ./kubernetes/apps/cert-manager/cert-manager/tls
   prune: true
+  retryInterval: 2m
   sourceRef:
     kind: GitRepository
     name: flux-system

templates/config/kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml.j2

@@ -5,7 +5,7 @@ kind: HelmRelease
 metadata:
   name: echo-server
 spec:
-  interval: 30m
+  interval: 1h
   chart:
     spec:
       chart: app-template

templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml.j2 templates/config/kubernetes/apps/cert-manager/cert-manager/app/secret.sops.yaml.j2

@@ -9,9 +9,10 @@ spec:
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  interval: 30m
+  interval: 1h
   path: ./kubernetes/apps/default/echo-server/app
   prune: true
+  retryInterval: 2m
   sourceRef:
     kind: GitRepository
     name: flux-system

templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml.j2

@@ -5,7 +5,7 @@ kind: HelmRelease
 metadata:
   name: flux-instance
 spec:
-  interval: 30m
+  interval: 1h
   chart:
     spec:
       chart: flux-instance
@@ -27,4 +27,4 @@ spec:
       namespace: flux-system
   valuesFrom:
     - kind: ConfigMap
-      name: flux-instance-helm-values
+      name: flux-instance-values

templates/config/kubernetes/apps/cert-manager/cert-manager/ks.yaml.j2

@@ -4,10 +4,12 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./helmrelease.yaml
-  - ./github-webhook
+  - ./secret.sops.yaml
+  - ./ingress.yaml
+  - ./receiver.yaml
 configMapGenerator:
-  - name: flux-instance-helm-values
+  - name: flux-instance-values
     files:
-      - values.yaml=./helm-values.yaml
+      - values.yaml=./helm/values.yaml
 configurations:
-  - kustomizeconfig.yaml
+  - ./helm/kustomizeconfig.yaml

templates/config/kubernetes/apps/default/echo-server/app/helmrelease.yaml.j2

@@ -0,0 +1,22 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app flux-instance
+  namespace: &namespace flux-system
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  interval: 1h
+  path: ./kubernetes/apps/flux-system/flux-instance/app
+  prune: false # let's not make happy accidents
+  retryInterval: 2m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  targetNamespace: *namespace
+  timeout: 5m
+  wait: false

templates/config/kubernetes/apps/default/echo-server/ks.yaml.j2

@@ -5,7 +5,7 @@ kind: HelmRelease
 metadata:
   name: flux-operator
 spec:
-  interval: 30m
+  interval: 1h
   chart:
     spec:
       chart: flux-operator
@@ -24,4 +24,4 @@ spec:
       retries: 3
   valuesFrom:
     - kind: ConfigMap
-      name: flux-operator-helm-values
+      name: flux-operator-values

templates/config/kubernetes/apps/flux-system/flux-operator/app/kustomizeconfig.yaml.j2 templates/config/kubernetes/apps/flux-system/flux-instance/app/helm/kustomizeconfig.yaml.j2

@@ -5,8 +5,8 @@ kind: Kustomization
 resources:
   - ./helmrelease.yaml
 configMapGenerator:
-  - name: flux-operator-helm-values
+  - name: flux-operator-values
     files:
-      - values.yaml=./helm-values.yaml
+      - values.yaml=./helm/values.yaml
 configurations:
-  - kustomizeconfig.yaml
+  - ./helm/kustomizeconfig.yaml

templates/config/kubernetes/apps/flux-system/flux-operator/instance/helm-values.yaml.j2 templates/config/kubernetes/apps/flux-system/flux-instance/app/helm/values.yaml.j2

@@ -4,34 +4,15 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
   name: &app flux-operator
-  namespace: flux-system
-spec:
-  targetNamespace: flux-system
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/flux-system/flux-operator/app
-  prune: false # never should be deleted
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  wait: false
-  interval: 30m
-  timeout: 5m
----
-# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app flux-instance
   namespace: &namespace flux-system
 spec:
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  interval: 30m
-  path: ./kubernetes/apps/flux-system/flux-operator/instance
-  prune: false # never should be deleted
+  interval: 1h
+  path: ./kubernetes/apps/flux-system/flux-operator/app
+  prune: false # let's not make happy accidents
+  retryInterval: 2m
   sourceRef:
     kind: GitRepository
     name: flux-system

templates/config/kubernetes/apps/flux-system/flux-operator/instance/helmrelease.yaml.j2 templates/config/kubernetes/apps/flux-system/flux-instance/app/helmrelease.yaml.j2

@@ -6,4 +6,5 @@ namespace: flux-system
 components:
   - ../../components/common
 resources:
+  - ./flux-instance/ks.yaml
   - ./flux-operator/ks.yaml

templates/config/kubernetes/apps/flux-system/flux-operator/instance/github-webhook/ingress.yaml.j2 templates/config/kubernetes/apps/flux-system/flux-instance/app/ingress.yaml.j2

@@ -5,7 +5,7 @@ kind: HelmRelease
 metadata:
   name: cilium
 spec:
-  interval: 30m
+  interval: 1h
   chart:
     spec:
       chart: cilium
@@ -23,7 +23,7 @@ spec:
       retries: 3
   valuesFrom:
     - kind: ConfigMap
-      name: cilium-helm-values
+      name: cilium-values
   values:
     operator:
       tolerations: []

templates/config/kubernetes/apps/flux-system/flux-operator/instance/kustomization.yaml.j2 templates/config/kubernetes/apps/flux-system/flux-instance/app/kustomization.yaml.j2

@@ -4,9 +4,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./helmrelease.yaml
+  - ./networks.yaml
 configMapGenerator:
-  - name: cilium-helm-values
+  - name: cilium-values
     files:
-      - values.yaml=./helm-values.yaml
+      - values.yaml=./helm/values.yaml
 configurations:
-  - kustomizeconfig.yaml
+  - ./helm/kustomizeconfig.yaml