From f900578b74a64c85a31a0e952e44e4b852051e21 Mon Sep 17 00:00:00 2001 From: rohow Date: Wed, 4 Feb 2026 19:14:41 +0800 Subject: [PATCH] feat(gitops): migrate resources to infra-gitops namespace and update Helm chart versions --- apps/apps/halo/helmchart.yaml | 2 +- .../flux/flux-instance.yaml | 7 ++-- apps/infra/gitops/flux/helmchart.yaml | 34 +++++++++++++++++++ apps/infra/gitops/flux/networkpolicy.yaml | 22 ++++++++++++ .../gitea/configmap-actions-dind.yaml | 2 +- .../gitea/configmap-templates.yaml | 2 +- .../gitea/helmchart-actions.yaml | 6 ++-- .../{devops => gitops}/gitea/helmchart.yaml | 4 +-- .../gitea/ingress-static.yaml | 2 +- .../gitea/loadbalancer-ssh.yaml | 2 +- apps/infra/gitops/gitea/networkpolicy.yaml | 24 +++++++++++++ apps/infra/gitops/namespaces.yaml | 4 +++ apps/infra/monitor/prometheus/helmchart.yaml | 4 ++- apps/infra/net/nginx/ingress-cdn.yaml | 2 +- 14 files changed, 103 insertions(+), 14 deletions(-) rename apps/infra/{devops => gitops}/flux/flux-instance.yaml (81%) create mode 100644 apps/infra/gitops/flux/helmchart.yaml create mode 100644 apps/infra/gitops/flux/networkpolicy.yaml rename apps/infra/{devops => gitops}/gitea/configmap-actions-dind.yaml (83%) rename apps/infra/{devops => gitops}/gitea/configmap-templates.yaml (97%) rename apps/infra/{devops => gitops}/gitea/helmchart-actions.yaml (89%) rename apps/infra/{devops => gitops}/gitea/helmchart.yaml (98%) rename apps/infra/{devops => gitops}/gitea/ingress-static.yaml (97%) rename apps/infra/{devops => gitops}/gitea/loadbalancer-ssh.yaml (90%) create mode 100644 apps/infra/gitops/gitea/networkpolicy.yaml create mode 100644 apps/infra/gitops/namespaces.yaml diff --git a/apps/apps/halo/helmchart.yaml b/apps/apps/halo/helmchart.yaml index c79a27b..b033f21 100644 --- a/apps/apps/halo/helmchart.yaml +++ b/apps/apps/halo/helmchart.yaml @@ -22,7 +22,7 @@ spec: namespaceSelector: {} image: repository: halohub/halo-pro - tag: 2.22.12 + tag: 2.22.13 service: type: ClusterIP ingress: diff --git a/apps/infra/devops/flux/flux-instance.yaml b/apps/infra/gitops/flux/flux-instance.yaml similarity index 81% rename from apps/infra/devops/flux/flux-instance.yaml rename to apps/infra/gitops/flux/flux-instance.yaml index 0fb0e57..5de300d 100644 --- a/apps/infra/devops/flux/flux-instance.yaml +++ b/apps/infra/gitops/flux/flux-instance.yaml @@ -2,7 +2,7 @@ apiVersion: fluxcd.controlplane.io/v1 kind: FluxInstance metadata: name: flux - namespace: flux-system + namespace: infra-gitops spec: distribution: version: "2.x" @@ -19,4 +19,7 @@ spec: size: small multitenant: false networkPolicy: true - domain: "cluster.local" \ No newline at end of file + domain: "cluster.local" + storage: + class: "local-path" + size: "10Gi" \ No newline at end of file diff --git a/apps/infra/gitops/flux/helmchart.yaml b/apps/infra/gitops/flux/helmchart.yaml new file mode 100644 index 0000000..b8ce06c --- /dev/null +++ b/apps/infra/gitops/flux/helmchart.yaml @@ -0,0 +1,34 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: flux-operator + namespace: infra-gitops +spec: + chart: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator + targetNamespace: infra-gitops + version: 0.40.0 + valuesContent: |- + installCRDs: true + web: + config: + baseURL: https://cd.dev.cm + authentication: + type: OAuth2 + oauth2: + provider: OIDC + issuerURL: https://git.dev.cm + clientID: "94b1ec99-55c4-4621-89c3-f49d8b7d5603" + clientSecret: "gto_5fmpkf6h7zohbpesnxfuvjvppinunayv7mfcyo2wmuzqtuj3ig2a" + networkPolicy: + create: false + ingress: + enabled: true + className: nginx + hosts: + - host: cd.dev.cm + paths: + - path: / + pathType: Prefix + + + diff --git a/apps/infra/gitops/flux/networkpolicy.yaml b/apps/infra/gitops/flux/networkpolicy.yaml new file mode 100644 index 0000000..76b51ab --- /dev/null +++ b/apps/infra/gitops/flux/networkpolicy.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-flux-operator + namespace: infra-gitops +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: flux-operator + ingress: + - from: + - podSelector: {} + - ipBlock: + cidr: 100.0.0.0/8 + ports: + - port: 9080 + protocol: TCP + egress: + - {} + policyTypes: + - Ingress + - Egress \ No newline at end of file diff --git a/apps/infra/devops/gitea/configmap-actions-dind.yaml b/apps/infra/gitops/gitea/configmap-actions-dind.yaml similarity index 83% rename from apps/infra/devops/gitea/configmap-actions-dind.yaml rename to apps/infra/gitops/gitea/configmap-actions-dind.yaml index 623ab3d..64edd6a 100644 --- a/apps/infra/devops/gitea/configmap-actions-dind.yaml +++ b/apps/infra/gitops/gitea/configmap-actions-dind.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: gitea-actions-dind-config - namespace: infra-devops + namespace: infra-gitops data: daemon.json: |- { diff --git a/apps/infra/devops/gitea/configmap-templates.yaml b/apps/infra/gitops/gitea/configmap-templates.yaml similarity index 97% rename from apps/infra/devops/gitea/configmap-templates.yaml rename to apps/infra/gitops/gitea/configmap-templates.yaml index 89ed57c..5b5b0ff 100644 --- a/apps/infra/devops/gitea/configmap-templates.yaml +++ b/apps/infra/gitops/gitea/configmap-templates.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: gitea-custom-templates - namespace: infra-devops + namespace: infra-gitops data: home.tmpl: |- {{template "base/head" .}} diff --git a/apps/infra/devops/gitea/helmchart-actions.yaml b/apps/infra/gitops/gitea/helmchart-actions.yaml similarity index 89% rename from apps/infra/devops/gitea/helmchart-actions.yaml rename to apps/infra/gitops/gitea/helmchart-actions.yaml index 6854456..a9e96fb 100644 --- a/apps/infra/devops/gitea/helmchart-actions.yaml +++ b/apps/infra/gitops/gitea/helmchart-actions.yaml @@ -2,11 +2,11 @@ apiVersion: helm.cattle.io/v1 kind: HelmChart metadata: name: gitea-actions - namespace: infra-devops + namespace: infra-gitops spec: repo: https://dl.gitea.com/charts chart: actions - targetNamespace: infra-devops + targetNamespace: infra-gitops version: 0.0.2 valuesContent: |- enabled: true @@ -36,7 +36,7 @@ spec: name: gitea-actions-dind-config persistence: size: 10Gi - giteaRootURL: http://gitea-http.infra-devops.svc.cluster.local:3000 + giteaRootURL: http://gitea-http.infra-gitops.svc.cluster.local:3000 existingSecret: gitea-actions existingSecretKey: token diff --git a/apps/infra/devops/gitea/helmchart.yaml b/apps/infra/gitops/gitea/helmchart.yaml similarity index 98% rename from apps/infra/devops/gitea/helmchart.yaml rename to apps/infra/gitops/gitea/helmchart.yaml index 8e50a7d..11b9b09 100644 --- a/apps/infra/devops/gitea/helmchart.yaml +++ b/apps/infra/gitops/gitea/helmchart.yaml @@ -2,11 +2,11 @@ apiVersion: helm.cattle.io/v1 kind: HelmChart metadata: name: gitea - namespace: infra-devops + namespace: infra-gitops spec: repo: https://dl.gitea.com/charts chart: gitea - targetNamespace: infra-devops + targetNamespace: infra-gitops version: 12.3.0 valuesContent: |- affinity: diff --git a/apps/infra/devops/gitea/ingress-static.yaml b/apps/infra/gitops/gitea/ingress-static.yaml similarity index 97% rename from apps/infra/devops/gitea/ingress-static.yaml rename to apps/infra/gitops/gitea/ingress-static.yaml index e9d6164..eeebc4b 100644 --- a/apps/infra/devops/gitea/ingress-static.yaml +++ b/apps/infra/gitops/gitea/ingress-static.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: gitea-static - namespace: infra-devops + namespace: infra-gitops annotations: nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/proxy-buffering: "on" diff --git a/apps/infra/devops/gitea/loadbalancer-ssh.yaml b/apps/infra/gitops/gitea/loadbalancer-ssh.yaml similarity index 90% rename from apps/infra/devops/gitea/loadbalancer-ssh.yaml rename to apps/infra/gitops/gitea/loadbalancer-ssh.yaml index 0e0d046..d24c78d 100644 --- a/apps/infra/devops/gitea/loadbalancer-ssh.yaml +++ b/apps/infra/gitops/gitea/loadbalancer-ssh.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: gitea-ssh-lb - namespace: infra-devops + namespace: infra-gitops spec: selector: app.kubernetes.io/name: gitea diff --git a/apps/infra/gitops/gitea/networkpolicy.yaml b/apps/infra/gitops/gitea/networkpolicy.yaml new file mode 100644 index 0000000..c0d110e --- /dev/null +++ b/apps/infra/gitops/gitea/networkpolicy.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-gitea + namespace: infra-gitops +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: gitea + ingress: + - from: + - podSelector: {} + - ipBlock: + cidr: 100.0.0.0/8 + ports: + - port: 3000 + protocol: TCP + - port: 2222 + protocol: TCP + egress: + - {} + policyTypes: + - Ingress + - Egress \ No newline at end of file diff --git a/apps/infra/gitops/namespaces.yaml b/apps/infra/gitops/namespaces.yaml new file mode 100644 index 0000000..f46880b --- /dev/null +++ b/apps/infra/gitops/namespaces.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: infra-gitops \ No newline at end of file diff --git a/apps/infra/monitor/prometheus/helmchart.yaml b/apps/infra/monitor/prometheus/helmchart.yaml index 0df5148..6580ab5 100644 --- a/apps/infra/monitor/prometheus/helmchart.yaml +++ b/apps/infra/monitor/prometheus/helmchart.yaml @@ -7,7 +7,7 @@ spec: repo: https://prometheus-community.github.io/helm-charts chart: kube-prometheus-stack targetNamespace: infra-monitor - version: 81.0.0 + version: 81.5.0 valuesContent: |- kubeControllerManager: enabled: false @@ -55,6 +55,8 @@ spec: - / assertNoLeakedSecrets: false grafana.ini: + server: + root_url: https://monitor.dev.cm/ public_dashboards: enabled: false help: diff --git a/apps/infra/net/nginx/ingress-cdn.yaml b/apps/infra/net/nginx/ingress-cdn.yaml index 24041f6..172cb16 100644 --- a/apps/infra/net/nginx/ingress-cdn.yaml +++ b/apps/infra/net/nginx/ingress-cdn.yaml @@ -65,7 +65,7 @@ metadata: namespace: infra-net spec: type: ExternalName - externalName: gitea-http.infra-devops.svc.cluster.local + externalName: gitea-http.infra-gitops.svc.cluster.local --- apiVersion: v1