From 13da8f437966efec1dd54aaf9bc3dab23435395f Mon Sep 17 00:00:00 2001
From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com>
Date: Sat, 8 Nov 2025 21:59:52 +0100
Subject: [PATCH 1/4] chore: Expand .gitignore

---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index 7a6353d..3aafb64 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,3 @@
 .envrc
+output.yaml
+chart/

From 6ae3047867326952992869ff02ccd04dbc13381d Mon Sep 17 00:00:00 2001
From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com>
Date: Sat, 8 Nov 2025 22:00:55 +0100
Subject: [PATCH 2/4] chore: Refactor Cilium

---
 k8s-peterg/{cilium-gatewayapi => cilium}/gateways.yaml      | 0
 k8s-peterg/{cilium-gatewayapi => cilium}/httproute.yaml     | 2 +-
 k8s-peterg/{cilium-gatewayapi => cilium}/ip-pool.yaml       | 0
 k8s-peterg/{cilium-gatewayapi => cilium}/kustomization.yaml | 0
 k8s-peterg/{cilium-gatewayapi => cilium}/namespace.yaml     | 0
 5 files changed, 1 insertion(+), 1 deletion(-)
 rename k8s-peterg/{cilium-gatewayapi => cilium}/gateways.yaml (100%)
 rename k8s-peterg/{cilium-gatewayapi => cilium}/httproute.yaml (96%)
 rename k8s-peterg/{cilium-gatewayapi => cilium}/ip-pool.yaml (100%)
 rename k8s-peterg/{cilium-gatewayapi => cilium}/kustomization.yaml (100%)
 rename k8s-peterg/{cilium-gatewayapi => cilium}/namespace.yaml (100%)

diff --git a/k8s-peterg/cilium-gatewayapi/gateways.yaml b/k8s-peterg/cilium/gateways.yaml
similarity index 100%
rename from k8s-peterg/cilium-gatewayapi/gateways.yaml
rename to k8s-peterg/cilium/gateways.yaml
diff --git a/k8s-peterg/cilium-gatewayapi/httproute.yaml b/k8s-peterg/cilium/httproute.yaml
similarity index 96%
rename from k8s-peterg/cilium-gatewayapi/httproute.yaml
rename to k8s-peterg/cilium/httproute.yaml
index 265875b..d93c08e 100644
--- a/k8s-peterg/cilium-gatewayapi/httproute.yaml
+++ b/k8s-peterg/cilium/httproute.yaml
@@ -24,7 +24,7 @@ spec:
   parentRefs:
     - name: internal
       namespace: kube-system
-      sectionName: https
+      sectionName: http
   hostnames:
     - "hubble.k8s.peterg.nl"
   rules:
diff --git a/k8s-peterg/cilium-gatewayapi/ip-pool.yaml b/k8s-peterg/cilium/ip-pool.yaml
similarity index 100%
rename from k8s-peterg/cilium-gatewayapi/ip-pool.yaml
rename to k8s-peterg/cilium/ip-pool.yaml
diff --git a/k8s-peterg/cilium-gatewayapi/kustomization.yaml b/k8s-peterg/cilium/kustomization.yaml
similarity index 100%
rename from k8s-peterg/cilium-gatewayapi/kustomization.yaml
rename to k8s-peterg/cilium/kustomization.yaml
diff --git a/k8s-peterg/cilium-gatewayapi/namespace.yaml b/k8s-peterg/cilium/namespace.yaml
similarity index 100%
rename from k8s-peterg/cilium-gatewayapi/namespace.yaml
rename to k8s-peterg/cilium/namespace.yaml

From dc268db7b48fa8699e465f44fdc9e8a5717774e3 Mon Sep 17 00:00:00 2001
From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com>
Date: Sat, 8 Nov 2025 22:01:21 +0100
Subject: [PATCH 3/4] feat: Provision ExternalSecrets

---
 .../external-secrets-operator/kustomization.yaml   | 14 ++++++++++++++
 .../external-secrets-operator/namespace.yaml       |  5 +++++
 .../external-secrets-operator/secretstore.yaml     | 14 ++++++++++++++
 k8s-peterg/kustomization.yaml                      |  1 +
 4 files changed, 34 insertions(+)
 create mode 100644 k8s-peterg/external-secrets-operator/kustomization.yaml
 create mode 100644 k8s-peterg/external-secrets-operator/namespace.yaml
 create mode 100644 k8s-peterg/external-secrets-operator/secretstore.yaml

diff --git a/k8s-peterg/external-secrets-operator/kustomization.yaml b/k8s-peterg/external-secrets-operator/kustomization.yaml
new file mode 100644
index 0000000..9dc89ef
--- /dev/null
+++ b/k8s-peterg/external-secrets-operator/kustomization.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - secretstore.yaml
+
+helmCharts:
+  - name: external-secrets
+    repo: https://charts.external-secrets.io
+    namespace: external-secrets
+    releaseName: external-secrets
+    version: 1.0.0
diff --git a/k8s-peterg/external-secrets-operator/namespace.yaml b/k8s-peterg/external-secrets-operator/namespace.yaml
new file mode 100644
index 0000000..591aac5
--- /dev/null
+++ b/k8s-peterg/external-secrets-operator/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: external-secrets
diff --git a/k8s-peterg/external-secrets-operator/secretstore.yaml b/k8s-peterg/external-secrets-operator/secretstore.yaml
new file mode 100644
index 0000000..ef27680
--- /dev/null
+++ b/k8s-peterg/external-secrets-operator/secretstore.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ClusterSecretStore
+metadata:
+  name: 1password-wheatley
+spec:
+  provider:
+    onepasswordSDK:
+      vault: wheatley
+      auth:
+        serviceAccountSecretRef:
+          namespace: external-secrets
+          name: 1password-token-wheatley
+          key: token
diff --git a/k8s-peterg/kustomization.yaml b/k8s-peterg/kustomization.yaml
index 6c0f495..141e45c 100644
--- a/k8s-peterg/kustomization.yaml
+++ b/k8s-peterg/kustomization.yaml
@@ -4,3 +4,4 @@ kind: Kustomization
 resources:
   - cilium-gatewayapi
   - argocd
+  - external-secrets-operator

From ea771272e9facd01c107a579b206209805d6df74 Mon Sep 17 00:00:00 2001
From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com>
Date: Sat, 8 Nov 2025 22:01:51 +0100
Subject: [PATCH 4/4] feat: Provision k8s-wheatley cluster through ArgoCD

---
 k8s-peterg/argocd/clusters.yaml               | 30 +++++++++++++++++++
 k8s-peterg/argocd/kustomization.yaml          |  1 +
 k8s-wheatley/base/cilium/gateways.yaml        | 17 -----------
 k8s-wheatley/base/kustomization.yaml          |  7 -----
 .../base/metrics-server/kustomization.yaml    | 10 -------
 k8s-wheatley/cilium/gateways.yaml             | 17 +++++++++++
 k8s-wheatley/{base => }/cilium/httproute.yaml |  2 +-
 k8s-wheatley/{base => }/cilium/ip-pool.yaml   |  2 +-
 .../{base => }/cilium/kustomization.yaml      |  1 +
 k8s-wheatley/cilium/namespace.yaml            |  5 ++++
 10 files changed, 56 insertions(+), 36 deletions(-)
 create mode 100644 k8s-peterg/argocd/clusters.yaml
 delete mode 100644 k8s-wheatley/base/cilium/gateways.yaml
 delete mode 100644 k8s-wheatley/base/kustomization.yaml
 delete mode 100644 k8s-wheatley/base/metrics-server/kustomization.yaml
 create mode 100644 k8s-wheatley/cilium/gateways.yaml
 rename k8s-wheatley/{base => }/cilium/httproute.yaml (89%)
 rename k8s-wheatley/{base => }/cilium/ip-pool.yaml (89%)
 rename k8s-wheatley/{base => }/cilium/kustomization.yaml (89%)
 create mode 100644 k8s-wheatley/cilium/namespace.yaml

diff --git a/k8s-peterg/argocd/clusters.yaml b/k8s-peterg/argocd/clusters.yaml
new file mode 100644
index 0000000..4a894f8
--- /dev/null
+++ b/k8s-peterg/argocd/clusters.yaml
@@ -0,0 +1,30 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: k8s-wheatley-cluster
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: 1password-wheatley
+  target:
+    name: k8s-wheatley-cluster
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      type: Opaque
+      metadata:
+        labels:
+          argocd.argoproj.io/secret-type: cluster
+      data:
+        name: k8s-wheatley
+        server: "{{ .endpoint }}"
+        project: argocd
+        config: "{{ .config }}"
+  data:
+    - secretKey: endpoint
+      remoteRef:
+        key: k8s-wheatley_clusterdefinition/endpoint
+    - secretKey: config
+      remoteRef:
+        key: k8s-wheatley_clusterdefinition/config
diff --git a/k8s-peterg/argocd/kustomization.yaml b/k8s-peterg/argocd/kustomization.yaml
index 6e2d1d7..dbb8b6c 100644
--- a/k8s-peterg/argocd/kustomization.yaml
+++ b/k8s-peterg/argocd/kustomization.yaml
@@ -6,6 +6,7 @@ resources:
   - install.yaml
   - repository.yaml
   - namespace.yaml
+  - clusters.yaml
 
 namespace: argocd
 
diff --git a/k8s-wheatley/base/cilium/gateways.yaml b/k8s-wheatley/base/cilium/gateways.yaml
deleted file mode 100644
index 919a70a..0000000
--- a/k8s-wheatley/base/cilium/gateways.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: gateway.networking.k8s.io/v1
-kind: Gateway
-metadata:
-  name: internal
-spec:
-  gatewayClassName: cilium
-  addresses:
-  - type: IPAddress
-    value: 10.13.38.10
-  listeners:
-  - allowedRoutes:
-      namespaces:
-        from: All
-    name: http
-    port: 80
-    protocol: HTTP
diff --git a/k8s-wheatley/base/kustomization.yaml b/k8s-wheatley/base/kustomization.yaml
deleted file mode 100644
index 17c02fa..0000000
--- a/k8s-wheatley/base/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - argocd
-  - cilium
-  - metrics-server
diff --git a/k8s-wheatley/base/metrics-server/kustomization.yaml b/k8s-wheatley/base/metrics-server/kustomization.yaml
deleted file mode 100644
index a896b50..0000000
--- a/k8s-wheatley/base/metrics-server/kustomization.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-helmCharts:
-  - name: metrics-server
-    repo: https://kubernetes-sigs.github.io/metrics-server/
-    namespace: kube-system
-    releaseName: metrics-server
-    version: 3.13.0
diff --git a/k8s-wheatley/cilium/gateways.yaml b/k8s-wheatley/cilium/gateways.yaml
new file mode 100644
index 0000000..a6179bd
--- /dev/null
+++ b/k8s-wheatley/cilium/gateways.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: internal
+spec:
+  gatewayClassName: cilium
+  addresses:
+    - type: IPAddress
+      value: 10.13.38.10
+  listeners:
+    - allowedRoutes:
+        namespaces:
+          from: All
+      name: http
+      port: 80
+      protocol: HTTP
diff --git a/k8s-wheatley/base/cilium/httproute.yaml b/k8s-wheatley/cilium/httproute.yaml
similarity index 89%
rename from k8s-wheatley/base/cilium/httproute.yaml
rename to k8s-wheatley/cilium/httproute.yaml
index aef03d2..5f3260f 100644
--- a/k8s-wheatley/base/cilium/httproute.yaml
+++ b/k8s-wheatley/cilium/httproute.yaml
@@ -10,7 +10,7 @@ spec:
       namespace: kube-system
       sectionName: http
   hostnames:
-    - "hubble.k8s-test.wheatley.in"
+    - "hubble.k8s.wheatley.in"
   rules:
     - backendRefs:
         - name: hubble-ui
diff --git a/k8s-wheatley/base/cilium/ip-pool.yaml b/k8s-wheatley/cilium/ip-pool.yaml
similarity index 89%
rename from k8s-wheatley/base/cilium/ip-pool.yaml
rename to k8s-wheatley/cilium/ip-pool.yaml
index 1906b3a..ffc0901 100644
--- a/k8s-wheatley/base/cilium/ip-pool.yaml
+++ b/k8s-wheatley/cilium/ip-pool.yaml
@@ -5,7 +5,7 @@ metadata:
   name: internal-pool
 spec:
   blocks:
-  - cidr: "10.13.38.10/32"
+    - cidr: "10.13.38.10/32"
 ---
 apiVersion: "cilium.io/v2alpha1"
 kind: CiliumL2AnnouncementPolicy
diff --git a/k8s-wheatley/base/cilium/kustomization.yaml b/k8s-wheatley/cilium/kustomization.yaml
similarity index 89%
rename from k8s-wheatley/base/cilium/kustomization.yaml
rename to k8s-wheatley/cilium/kustomization.yaml
index 1115bd9..34f4ff8 100644
--- a/k8s-wheatley/base/cilium/kustomization.yaml
+++ b/k8s-wheatley/cilium/kustomization.yaml
@@ -4,6 +4,7 @@ kind: Kustomization
 namespace: kube-system
 
 resources:
+  - namespace.yaml
   - ip-pool.yaml
   - gateways.yaml
   - httproute.yaml
diff --git a/k8s-wheatley/cilium/namespace.yaml b/k8s-wheatley/cilium/namespace.yaml
new file mode 100644
index 0000000..5988ffb
--- /dev/null
+++ b/k8s-wheatley/cilium/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kube-system