test: flux local cluster setup with infra-devops post

helmcharts/clusterrolebinding-flux.yaml

@@ -0,0 +1,29 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: dev-cm-flux-web-admin
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: flux-web-admin
+subjects:
+  - kind: Group
+    name: dev.cm:owners
+    apiGroup: rbac.authorization.k8s.io
+  - kind: Group
+    name: dev.cm:admins
+    apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: dev-cm-flux-web-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: flux-web-user
+subjects:
+  - kind: Group
+    name: dev.cm
+    apiGroup: rbac.authorization.k8s.io

helmcharts/helmchart-flux.yaml

@@ -0,0 +1,44 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: flux-operator
+  namespace: infra-gitops
+spec:
+  chart: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator
+  targetNamespace: infra-gitops
+  version: 0.40.0
+  valuesContent: |-
+    affinity:
+      nodeAffinity:
+        preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 1
+            preference:
+              matchExpressions:
+                - key: kubernetes.io/hostname
+                  operator: In
+                  values:
+                    - homea  
+    installCRDs: true
+    web:
+      config:
+        baseURL: https://cd.dev.cm
+        authentication:
+          type: OAuth2
+          oauth2:
+            provider: OIDC
+            issuerURL: https://git.dev.cm
+            clientID: "94b1ec99-55c4-4621-89c3-f49d8b7d5603"
+            clientSecret: "gto_5fmpkf6h7zohbpesnxfuvjvppinunayv7mfcyo2wmuzqtuj3ig2a"
+      networkPolicy:
+        create: false
+      ingress:
+        enabled: true
+        className: nginx
+        hosts:
+          - host: cd.dev.cm
+            paths:
+              - path: /
+                pathType: Prefix
+
+
+

helmcharts/networkpolicy-flux.yaml

@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-flux-operator
+  namespace: infra-gitops
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: flux-operator
+  ingress:
+    - from:
+        - podSelector: {}
+        - ipBlock:
+            cidr: 100.0.0.0/8
+      ports:
+        - port: 9080
+          protocol: TCP
+  egress:
+    - {}
+  policyTypes:
+    - Ingress
+    - Egress