feat: Provision k8s-wheatley cluster through ArgoCD

feat: Provision ExternalSecrets
chore: Refactor Cilium
2025-11-08 22:02:07 +01:00 · 2025-11-08 22:01:28 +01:00 · 2025-11-08 22:00:55 +01:00 · 2025-11-08 21:59:52 +01:00
20 changed files with 93 additions and 37 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,3 @@
 .envrc
+output.yaml
+chart/
--- a/k8s-peterg/argocd/clusters.yaml
+++ b/k8s-peterg/argocd/clusters.yaml
@ -0,0 +1,30 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: k8s-wheatley-cluster
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: 1password-wheatley
+  target:
+    name: k8s-wheatley-cluster
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      type: Opaque
+      metadata:
+        labels:
+          argocd.argoproj.io/secret-type: cluster
+      data:
+        name: k8s-wheatley
+        server: "{{ .endpoint }}"
+        project: argocd
+        config: "{{ .config }}"
+  data:
+    - secretKey: endpoint
+      remoteRef:
+        key: k8s-wheatley_clusterdefinition/endpoint
+    - secretKey: config
+      remoteRef:
+        key: k8s-wheatley_clusterdefinition/config
--- a/k8s-peterg/argocd/kustomization.yaml
+++ b/k8s-peterg/argocd/kustomization.yaml
@ -6,6 +6,7 @@ resources:
  - install.yaml
  - repository.yaml
  - namespace.yaml
+  - clusters.yaml

 namespace: argocd

--- a/k8s-peterg/cilium-gatewayapi/gateways.yaml
+++ b/k8s-peterg/cilium-gatewayapi/gateways.yaml
--- a/k8s-peterg/cilium-gatewayapi/httproute.yaml
+++ b/k8s-peterg/cilium-gatewayapi/httproute.yaml
@ -24,7 +24,7 @@ spec:
  parentRefs:
    - name: internal
      namespace: kube-system
-      sectionName: https
+      sectionName: http
  hostnames:
    - "hubble.k8s.peterg.nl"
  rules:
--- a/k8s-peterg/cilium-gatewayapi/ip-pool.yaml
+++ b/k8s-peterg/cilium-gatewayapi/ip-pool.yaml
--- a/k8s-peterg/cilium-gatewayapi/kustomization.yaml
+++ b/k8s-peterg/cilium-gatewayapi/kustomization.yaml
--- a/k8s-peterg/cilium-gatewayapi/namespace.yaml
+++ b/k8s-peterg/cilium-gatewayapi/namespace.yaml
--- a/k8s-peterg/external-secrets-operator/kustomization.yaml
+++ b/k8s-peterg/external-secrets-operator/kustomization.yaml
@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - secretstore.yaml
+
+helmCharts:
+  - name: external-secrets
+    repo: https://charts.external-secrets.io
+    namespace: external-secrets
+    releaseName: external-secrets
+    version: 1.0.0
--- a/k8s-peterg/external-secrets-operator/namespace.yaml
+++ b/k8s-peterg/external-secrets-operator/namespace.yaml
@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: external-secrets
--- a/k8s-peterg/external-secrets-operator/secretstore.yaml
+++ b/k8s-peterg/external-secrets-operator/secretstore.yaml
@ -0,0 +1,14 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ClusterSecretStore
+metadata:
+  name: 1password-wheatley
+spec:
+  provider:
+    onepasswordSDK:
+      vault: wheatley
+      auth:
+        serviceAccountSecretRef:
+          namespace: external-secrets
+          name: 1password-token-wheatley
+          key: token
--- a/k8s-peterg/kustomization.yaml
+++ b/k8s-peterg/kustomization.yaml
@ -4,3 +4,4 @@ kind: Kustomization
 resources:
  - cilium-gatewayapi
  - argocd
+  - external-secrets-operator
--- a/k8s-wheatley/base/cilium/gateways.yaml
+++ b/k8s-wheatley/base/cilium/gateways.yaml
@ -1,17 +0,0 @@
---
-apiVersion: gateway.networking.k8s.io/v1
-kind: Gateway
-metadata:
-  name: internal
-spec:
-  gatewayClassName: cilium
-  addresses:
-  - type: IPAddress
-    value: 10.13.38.10
-  listeners:
-  - allowedRoutes:
-      namespaces:
-        from: All
-    name: http
-    port: 80
-    protocol: HTTP
--- a/k8s-wheatley/base/kustomization.yaml
+++ b/k8s-wheatley/base/kustomization.yaml
@ -1,7 +0,0 @@
---
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - argocd
-  - cilium
-  - metrics-server
--- a/k8s-wheatley/base/metrics-server/kustomization.yaml
+++ b/k8s-wheatley/base/metrics-server/kustomization.yaml
@ -1,10 +0,0 @@
---
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-helmCharts:
-  - name: metrics-server
-    repo: https://kubernetes-sigs.github.io/metrics-server/
-    namespace: kube-system
-    releaseName: metrics-server
-    version: 3.13.0
--- a/k8s-wheatley/cilium/gateways.yaml
+++ b/k8s-wheatley/cilium/gateways.yaml
@ -0,0 +1,17 @@
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: internal
+spec:
+  gatewayClassName: cilium
+  addresses:
+    - type: IPAddress
+      value: 10.13.38.10
+  listeners:
+    - allowedRoutes:
+        namespaces:
+          from: All
+      name: http
+      port: 80
+      protocol: HTTP
--- a/k8s-wheatley/base/cilium/httproute.yaml
+++ b/k8s-wheatley/base/cilium/httproute.yaml
@ -10,7 +10,7 @@ spec:
      namespace: kube-system
      sectionName: http
  hostnames:
-    - "hubble.k8s-test.wheatley.in"
+    - "hubble.k8s.wheatley.in"
  rules:
    - backendRefs:
        - name: hubble-ui
--- a/k8s-wheatley/base/cilium/ip-pool.yaml
+++ b/k8s-wheatley/base/cilium/ip-pool.yaml
--- a/k8s-wheatley/base/cilium/kustomization.yaml
+++ b/k8s-wheatley/base/cilium/kustomization.yaml
@ -4,6 +4,7 @@ kind: Kustomization
 namespace: kube-system

 resources:
+  - namespace.yaml
  - ip-pool.yaml
  - gateways.yaml
  - httproute.yaml
--- a/k8s-wheatley/cilium/namespace.yaml
+++ b/k8s-wheatley/cilium/namespace.yaml
@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kube-system
Author	SHA1	Message	Date
pgijsbertsen	ea771272e9	feat: Provision k8s-wheatley cluster through ArgoCD	2025-11-08 22:02:07 +01:00
pgijsbertsen	dc268db7b4	feat: Provision ExternalSecrets	2025-11-08 22:01:28 +01:00
pgijsbertsen	6ae3047867	chore: Refactor Cilium	2025-11-08 22:00:55 +01:00
pgijsbertsen	13da8f4379	chore: Expand .gitignore	2025-11-08 21:59:52 +01:00