feat(gitops): migrate resources to infra-gitops namespace and update Helm chart versions

apps/apps/halo/helmchart.yaml

@@ -22,7 +22,7 @@ spec:
               namespaceSelector: {} 
     image:
       repository: halohub/halo-pro
-      tag: 2.22.12
+      tag: 2.22.13
     service:
       type: ClusterIP
     ingress:

apps/infra/gitops/flux/flux-instance.yaml

@@ -2,7 +2,7 @@ apiVersion: fluxcd.controlplane.io/v1
 kind: FluxInstance
 metadata:
   name: flux
-  namespace: flux-system
+  namespace: infra-gitops
 spec:
   distribution:
     version: "2.x"
@@ -20,3 +20,6 @@ spec:
     multitenant: false
     networkPolicy: true
     domain: "cluster.local"
+  storage:
+    class: "local-path"
+    size: "10Gi"

apps/infra/gitops/flux/helmchart.yaml

@@ -0,0 +1,34 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: flux-operator
+  namespace: infra-gitops
+spec:
+  chart: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator
+  targetNamespace: infra-gitops
+  version: 0.40.0
+  valuesContent: |-
+    installCRDs: true
+    web:
+      config:
+        baseURL: https://cd.dev.cm
+        authentication:
+          type: OAuth2
+          oauth2:
+            provider: OIDC
+            issuerURL: https://git.dev.cm
+            clientID: "94b1ec99-55c4-4621-89c3-f49d8b7d5603"
+            clientSecret: "gto_5fmpkf6h7zohbpesnxfuvjvppinunayv7mfcyo2wmuzqtuj3ig2a"
+      networkPolicy:
+        create: false
+      ingress:
+        enabled: true
+        className: nginx
+        hosts:
+          - host: cd.dev.cm
+            paths:
+              - path: /
+                pathType: Prefix
+
+
+

apps/infra/gitops/flux/networkpolicy.yaml

@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-flux-operator
+  namespace: infra-gitops
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: flux-operator
+  ingress:
+    - from:
+        - podSelector: {}
+        - ipBlock:
+            cidr: 100.0.0.0/8
+      ports:
+        - port: 9080
+          protocol: TCP
+  egress:
+    - {}
+  policyTypes:
+    - Ingress
+    - Egress

apps/infra/gitops/gitea/configmap-actions-dind.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: gitea-actions-dind-config
-  namespace: infra-devops
+  namespace: infra-gitops
 data:
   daemon.json: |-
     {

apps/infra/gitops/gitea/configmap-templates.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: gitea-custom-templates
-  namespace: infra-devops
+  namespace: infra-gitops
 data:
   home.tmpl: |-
     {{template "base/head" .}}

apps/infra/gitops/gitea/helmchart-actions.yaml

@@ -2,11 +2,11 @@ apiVersion: helm.cattle.io/v1
 kind: HelmChart
 metadata:
   name: gitea-actions
-  namespace: infra-devops
+  namespace: infra-gitops
 spec:
   repo: https://dl.gitea.com/charts
   chart: actions
-  targetNamespace: infra-devops
+  targetNamespace: infra-gitops
   version: 0.0.2
   valuesContent: |-
     enabled: true
@@ -36,7 +36,7 @@ spec:
             name: gitea-actions-dind-config
       persistence:
         size: 10Gi
-    giteaRootURL: http://gitea-http.infra-devops.svc.cluster.local:3000
+    giteaRootURL: http://gitea-http.infra-gitops.svc.cluster.local:3000
     existingSecret: gitea-actions
     existingSecretKey: token
       

apps/infra/gitops/gitea/helmchart.yaml

@@ -2,11 +2,11 @@ apiVersion: helm.cattle.io/v1
 kind: HelmChart
 metadata:
   name: gitea
-  namespace: infra-devops
+  namespace: infra-gitops
 spec:
   repo: https://dl.gitea.com/charts
   chart: gitea
-  targetNamespace: infra-devops
+  targetNamespace: infra-gitops
   version: 12.3.0
   valuesContent: |-
     affinity:

apps/infra/gitops/gitea/ingress-static.yaml

@@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: gitea-static
-  namespace: infra-devops
+  namespace: infra-gitops
   annotations:
     nginx.ingress.kubernetes.io/use-regex: "true"
     nginx.ingress.kubernetes.io/proxy-buffering: "on"

apps/infra/gitops/gitea/loadbalancer-ssh.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: gitea-ssh-lb
-  namespace: infra-devops
+  namespace: infra-gitops
 spec:
   selector:
     app.kubernetes.io/name: gitea

apps/infra/gitops/gitea/networkpolicy.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-gitea
+  namespace: infra-gitops
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: gitea
+  ingress:
+    - from:
+        - podSelector: {}
+        - ipBlock:
+            cidr: 100.0.0.0/8
+      ports:
+        - port: 3000
+          protocol: TCP
+        - port: 2222
+          protocol: TCP
+  egress:
+    - {}
+  policyTypes:
+    - Ingress
+    - Egress

apps/infra/gitops/namespaces.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: infra-gitops

apps/infra/monitor/prometheus/helmchart.yaml

@@ -7,7 +7,7 @@ spec:
   repo: https://prometheus-community.github.io/helm-charts
   chart: kube-prometheus-stack
   targetNamespace: infra-monitor
-  version: 81.0.0
+  version: 81.5.0
   valuesContent: |-
     kubeControllerManager:
       enabled: false
@@ -55,6 +55,8 @@ spec:
           - /
       assertNoLeakedSecrets: false
       grafana.ini:
+        server:
+          root_url: https://monitor.dev.cm/
         public_dashboards:
           enabled: false
         help:

apps/infra/net/nginx/ingress-cdn.yaml

@@ -65,7 +65,7 @@ metadata:
   namespace: infra-net
 spec:
   type: ExternalName
-  externalName: gitea-http.infra-devops.svc.cluster.local
+  externalName: gitea-http.infra-gitops.svc.cluster.local
 
 ---
 apiVersion: v1