feat: Commit initial

2025-11-07 09:33:38 +01:00 · 2025-11-07 09:33:38 +01:00 · 40dc0f4184
commit 40dc0f4184
43 changed files with 1990 additions and 0 deletions
--- a/kubernetes/apps/example-nginx/deployment.yaml
+++ b/kubernetes/apps/example-nginx/deployment.yaml
@ -0,0 +1,67 @@
+---
+# Example application deployment
+# This demonstrates how FluxCD automatically deploys apps from Git
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: example-nginx
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+  namespace: example-nginx
+  labels:
+    app: nginx
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.25-alpine
+        ports:
+        - containerPort: 80
+          name: http
+        resources:
+          requests:
+            cpu: 100m
+            memory: 128Mi
+          limits:
+            cpu: 200m
+            memory: 256Mi
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 80
+          initialDelaySeconds: 10
+          periodSeconds: 5
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 80
+          initialDelaySeconds: 5
+          periodSeconds: 3
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx
+  namespace: example-nginx
+spec:
+  selector:
+    app: nginx
+  ports:
+  - port: 80
+    targetPort: 80
+    name: http
+  type: ClusterIP
--- a/kubernetes/apps/example-nginx/kustomization.yaml
+++ b/kubernetes/apps/example-nginx/kustomization.yaml
@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment.yaml
--- a/kubernetes/apps/kustomization.yaml
+++ b/kubernetes/apps/kustomization.yaml
@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - example-nginx
--- a/kubernetes/flux-system/README.md
+++ b/kubernetes/flux-system/README.md
@ -0,0 +1,43 @@
+# FluxCD System Configuration
+
+This directory contains FluxCD configuration for GitOps.
+
+## Setup
+
+1. **Install FluxCD** (done automatically by Ansible):
+   ```bash
+   flux install --namespace=flux-system
+   ```
+
+2. **Create Forgejo credentials secret**:
+   ```bash
+   kubectl create secret generic forgejo-credentials \
+     --namespace=flux-system \
+     --from-literal=username=git \
+     --from-literal=password=YOUR_FORGEJO_TOKEN
+   ```
+
+3. **Update GitRepository URL** in `gotk-sync.yaml`:
+   ```yaml
+   url: https://forgejo.your-domain.com/your-org/infra.git
+   ```
+
+4. **Apply FluxCD configuration**:
+   ```bash
+   kubectl apply -k kubernetes/flux-system/
+   ```
+
+## Monitoring
+
+Check FluxCD status:
+```bash
+flux get sources git
+flux get kustomizations
+flux logs
+```
+
+Force reconciliation:
+```bash
+flux reconcile source git infra-repo
+flux reconcile kustomization apps --with-source
+```
--- a/kubernetes/flux-system/gotk-sync.yaml
+++ b/kubernetes/flux-system/gotk-sync.yaml
@ -0,0 +1,59 @@
+---
+# GitRepository resource - tells FluxCD where to find the Git repo
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: infra-repo
+  namespace: flux-system
+spec:
+  interval: 1m  # Poll Git every 1 minute
+  url: ssh://git@forgejo.tellserv.fr:222/Tellsanguis/infra.git
+  ref:
+    branch: main
+  secretRef:
+    name: forgejo-credentials
+  ignore: |
+    # Ignore files that don't need to trigger reconciliation
+    /*.md
+    /terraform/
+    /ansible/
+    /.forgejo/
+
+---
+# Kustomization resource - tells FluxCD what to deploy
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: apps
+  namespace: flux-system
+spec:
+  interval: 5m  # Reconcile every 5 minutes
+  path: ./kubernetes/apps
+  prune: true  # Remove resources deleted from Git
+  sourceRef:
+    kind: GitRepository
+    name: infra-repo
+  timeout: 3m
+  wait: true
+  healthChecks:
+    - apiVersion: apps/v1
+      kind: Deployment
+      namespace: default
+      name: '*'
+
+---
+# Kustomization for infrastructure components
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: infrastructure
+  namespace: flux-system
+spec:
+  interval: 10m
+  path: ./kubernetes/infrastructure
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: infra-repo
+  timeout: 5m
+  wait: true
--- a/kubernetes/flux-system/kustomization.yaml
+++ b/kubernetes/flux-system/kustomization.yaml
@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - gotk-sync.yaml
+  - secret-forgejo.yaml
--- a/kubernetes/flux-system/secret-forgejo.yaml
+++ b/kubernetes/flux-system/secret-forgejo.yaml
@ -0,0 +1,22 @@
+---
+# Secret for Forgejo authentication
+# IMPORTANT: This file should contain a sealed secret or be created manually
+# Never commit actual credentials to Git!
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: forgejo-credentials
+  namespace: flux-system
+type: Opaque
+stringData:
+  # Create this secret manually with:
+  # kubectl create secret generic forgejo-credentials \
+  #   --namespace=flux-system \
+  #   --from-literal=username=git \
+  #   --from-literal=password=YOUR_FORGEJO_TOKEN
+
+  # For this example, we use a placeholder
+  # REPLACE THIS IN PRODUCTION with sealed-secrets or external-secrets
+  username: git
+  password: REPLACE_WITH_FORGEJO_TOKEN
--- a/kubernetes/infrastructure/.gitkeep
+++ b/kubernetes/infrastructure/.gitkeep
@ -0,0 +1,2 @@
+# Infrastructure components go here
+# Examples: ingress controllers, cert-manager, monitoring, etc.