konstructio · jokestax · Jul 18, 2024 · Jul 18, 2024 · Jul 18, 2024 · Jul 24, 2024
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -0,0 +1,11 @@
+{
+    "name": "devcontainer",
+    "image": "ghcr.io/kubefirst/devcontainers/full:latest",
+    "features": {},
+    "customizations": {
+      "vscode": {
+        "extensions": [],
+        "settings": {}
+      }
+    }
+}
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,18 @@
+# editorconfig.org
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.go]
+indent_style = tab
+indent_size = 4
+
+[Makefile]
+indent_style = tab
+indent_size = 4
diff --git a/akamai-github/templates/mgmt/components/argo-workflows/vault-wait.yaml b/akamai-github/templates/mgmt/components/argo-workflows/vault-wait.yaml
@@ -22,4 +22,3 @@ spec:
       selfHeal: true
     syncOptions:
       - CreateNamespace=true
-      - Replace=true
diff --git a/akamai-github/templates/mgmt/components/argo-workflows/wait/vault-tls.yaml b/akamai-github/templates/mgmt/components/argo-workflows/wait/vault-tls.yaml
@@ -23,6 +23,7 @@ kind: Job
 metadata:
   annotations:
     argocd.argoproj.io/sync-wave: '0'
+    argocd.argoproj.io/sync-options: Force=true,Replace=true
   name: wait-vault-tls
   namespace: vault
 spec:

diff --git a/akamai-github/templates/mgmt/components/argocd/kustomization.yaml b/akamai-github/templates/mgmt/components/argocd/kustomization.yaml
@@ -5,7 +5,7 @@ namespace: argocd
 # To upgrade ArgoCD, increment the version here
 # https://github.com/argoproj/argo-cd/tags
 resources:
-  - github.com:kubefirst/manifests.git/argocd/cloud?ref=main
+  - github.com:konstructio/manifests.git/argocd/cloud?ref=v1.1.0
   - argocd-ui-ingress.yaml
   - externalsecrets.yaml
   - argocd-oidc-restart-job.yaml

diff --git a/akamai-github/templates/mgmt/components/kubefirst/console.yaml b/akamai-github/templates/mgmt/components/kubefirst/console.yaml
@@ -8,8 +8,8 @@ metadata:
 spec:
   project: default
   source:
-    repoURL: https://charts.kubefirst.com
-    targetRevision: 2.4.14-rc22
+    repoURL: https://charts.konstruct.io
+    targetRevision: 2.5.12-rc3
     chart: kubefirst
     helm:
       values: |-

diff --git a/akamai-github/terraform/akamai/main.tf b/akamai-github/terraform/akamai/main.tf
@@ -35,7 +35,7 @@ locals {
 
 resource "linode_lke_cluster" "kubefirst" {
   label       = local.cluster_name
-  k8s_version = "1.28"
+  k8s_version = "1.30"
   region      = "us-central"
   tags        = ["<CLUSTER_NAME>"]
 

diff --git a/akamai-github/terraform/github/repos.tf b/akamai-github/terraform/github/repos.tf
@@ -26,7 +26,7 @@ terraform {
 module "gitops" {
   source = "./modules/repository"
 
-  repo_name          = "gitops"
+  repo_name          = "<GIT_REPO_NAME> "
   archive_on_destroy = false
   auto_init          = false # set to false if importing an existing repository
   team_developers_id = github_team.developers.id
@@ -55,7 +55,7 @@ variable "atlantis_repo_webhook_secret" {
 module "metaphor" {
   source = "./modules/repository"
 
-  repo_name          = "metaphor"
+  repo_name          = "<METAPHOR_REPO_NAME>"
   archive_on_destroy = false
   auto_init          = false # set to false if importing an existing repository
   create_ecr         = true

diff --git a/akamai-github/terraform/github/teams.tf b/akamai-github/terraform/github/teams.tf
@@ -1,11 +1,11 @@
 resource "github_team" "admins" {
-  name        = "admins"
+  name        = "<ADMIN_TEAM>"
   description = "administrators of the kubefirst platform"
   privacy     = "closed"
 }
 
 resource "github_team" "developers" {
-  name        = "developers"
+  name        = "<DEVELOPER-TEAM>"
   description = "developers using the kubefirst plaftform"
   privacy     = "closed"
 }
diff --git a/akamai-github/terraform/users/admins/data_sources.tf b/akamai-github/terraform/users/admins/data_sources.tf
@@ -1,5 +1,5 @@
 data "github_team" "admins" {
-  slug = "admins"
+  slug = "<ADMIN_TEAM>"
 }
 
 data "vault_auth_backend" "userpass" {

diff --git a/akamai-github/terraform/users/developers/data_sources.tf b/akamai-github/terraform/users/developers/data_sources.tf
@@ -1,5 +1,5 @@
 data "github_team" "developers" {
-  slug = "developers"
+  slug = "<DEVELOPER-TEAM>"
 }
 
 data "vault_auth_backend" "userpass" {

diff --git a/akamai-github/terraform/users/users.tf b/akamai-github/terraform/users/users.tf
@@ -20,19 +20,19 @@ terraform {
 }
 
 data "github_team" "admins" {
-  slug = "admins"
+  slug = "<ADMIN_TEAM>"
 }
 
 data "github_team" "developers" {
-  slug = "developers"
+  slug = "<DEVELOPER-TEAM>"
 }
 
 data "vault_auth_backend" "userpass" {
   path = "userpass"
 }
 
 data "vault_identity_group" "admins" {
-  group_name = "admins"
+  group_name = "<ADMIN_TEAM>"
 }
 
 variable "initial_password" {

diff --git a/akamai-github/terraform/vault/oidc-groups.tf b/akamai-github/terraform/vault/oidc-groups.tf
@@ -1,5 +1,5 @@
 resource "vault_identity_group" "developers" {
-  name     = "developers"
+  name     = "<DEVELOPER-TEAM>"
   type     = "internal"
   policies = ["developer"]
 
@@ -16,7 +16,7 @@ resource "vault_identity_group" "developers" {
 }
 
 resource "vault_identity_group" "admins" {
-  name     = "admins"
+  name     = "<ADMIN_TEAM>"
   type     = "internal"
   policies = ["admin"]
 

diff --git a/akamai-gitlab/atlantis.yaml b/akamai-gitlab/atlantis.yaml
@@ -0,0 +1,23 @@
+version: 3
+automerge: true
+projects:
+  - dir: terraform/<CLOUD_PROVIDER>
+    terraform_version: 1.3.8
+    autoplan:
+      enabled: true
+      when_modified: ['**/*.tf', '*.tf*']
+  - dir: terraform/<GIT_PROVIDER>
+    terraform_version: 1.3.8
+    autoplan:
+      enabled: true
+      when_modified: ['**/*.tf', '*.tf*']
+  - dir: terraform/users
+    terraform_version: 1.3.8
+    autoplan:
+      enabled: true
+      when_modified: ['**/*.tf', '**/modules/*.tf', '**/admins/*.tf', '**/developers/*.tf', '*.tf*']
+  - dir: terraform/vault
+    terraform_version: 1.3.8
+    autoplan:
+      enabled: true
+      when_modified: ['**/*.tf', '*.tf*']
diff --git a/akamai-gitlab/registry/environments/.gitkeep b/akamai-gitlab/registry/environments/.gitkeep
diff --git a/akamai-gitlab/registry/environments/development/docker-config.yaml b/akamai-gitlab/registry/environments/development/docker-config.yaml
@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: development-docker-config
+spec:
+  refreshInterval: 10s
+  secretStoreRef:
+    name: vault-kv-secret
+    kind: ClusterSecretStore
+  target:
+    template:
+      type: kubernetes.io/dockerconfigjson
+      data:
+        .dockerconfigjson: "{{ .dockerconfig | toString }}"
+    name: docker-config
+    creationPolicy: Owner
+  data:
+    - secretKey: "dockerconfig"
+      remoteRef:
+        property: dockerconfig
+        key: dockerconfigjson
diff --git a/akamai-gitlab/registry/environments/development/metaphor.yaml b/akamai-gitlab/registry/environments/development/metaphor.yaml
@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: development-environment-metaphor
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+  annotations:
+    argocd.argoproj.io/sync-wave: '45'
+spec:
+  project: default
+  source:
+    repoURL: <GITOPS_REPO_URL>
+    path: registry/environments/development/metaphor
+    targetRevision: HEAD
+  destination:
+    name: in-cluster
+    namespace: development
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
diff --git a/akamai-gitlab/registry/environments/development/metaphor/Chart.yaml b/akamai-gitlab/registry/environments/development/metaphor/Chart.yaml
@@ -0,0 +1,9 @@
+apiVersion: v2
+dependencies:
+  - name: metaphor
+    repository: http://chartmuseum.chartmuseum.svc.cluster.local:8080
+    version: 0.0.1-rc.awaiting-ci
+description: metaphor example application
+name: metaphor
+type: application
+version: 1.0.0
diff --git a/akamai-gitlab/registry/environments/development/metaphor/values.yaml b/akamai-gitlab/registry/environments/development/metaphor/values.yaml
@@ -0,0 +1,36 @@
+metaphor:
+  annotations: |
+    linkerd.io/inject: "enabled"
+  labels: |
+    mirror.linkerd.io/exported: "true"
+  image:
+    repository: <CONTAINER_REGISTRY_URL>/metaphor
+  imagePullSecrets:
+    - name: docker-config
+  ingress:
+    className: nginx
+    enabled: true
+    annotations:
+      <CERT_MANAGER_ISSUER_ANNOTATION_1>
+      <CERT_MANAGER_ISSUER_ANNOTATION_2>
+      <CERT_MANAGER_ISSUER_ANNOTATION_3>
+      <CERT_MANAGER_ISSUER_ANNOTATION_4>
+      nginx.ingress.kubernetes.io/service-upstream: "true"
+    hosts:
+      - host: metaphor-development.<DOMAIN_NAME>
+        paths:
+          - path: /
+            pathType: Prefix
+    tls:
+      - secretName: metaphor-tls
+        hosts:
+          - metaphor-development.<DOMAIN_NAME>
+  metaphor:
+    host: https://metaphor-development.<DOMAIN_NAME>/api
+    console: https://kubefirst.<DOMAIN_NAME>
+
+  clusterSecretStoreName: vault-kv-secret
+  vaultSecretPath: development/metaphor
+  configs:
+    configOne: development-config-one
+    configTwo: development-config-two
diff --git a/akamai-gitlab/registry/environments/production/docker-config.yaml b/akamai-gitlab/registry/environments/production/docker-config.yaml
@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: production-docker-config
+spec:
+  refreshInterval: 10s
+  secretStoreRef:
+    name: vault-kv-secret
+    kind: ClusterSecretStore
+  target:
+    template:
+      type: kubernetes.io/dockerconfigjson
+      data:
+        .dockerconfigjson: "{{ .dockerconfig | toString }}"
+    name: docker-config
+    creationPolicy: Owner
+  data:
+    - secretKey: "dockerconfig"
+      remoteRef:
+        property: dockerconfig
+        key: dockerconfigjson
diff --git a/akamai-gitlab/registry/environments/production/metaphor.yaml b/akamai-gitlab/registry/environments/production/metaphor.yaml
@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: production-environment-metaphor
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+  annotations:
+    argocd.argoproj.io/sync-wave: "45"
+spec:
+  project: default
+  source:
+    repoURL: <GITOPS_REPO_URL>
+    path: registry/environments/production/metaphor
+    targetRevision: HEAD
+  destination:
+    name: in-cluster
+    namespace: production
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
diff --git a/akamai-gitlab/registry/environments/production/metaphor/Chart.yaml b/akamai-gitlab/registry/environments/production/metaphor/Chart.yaml
@@ -0,0 +1,9 @@
+apiVersion: v2
+dependencies:
+  - name: metaphor
+    repository: http://chartmuseum.chartmuseum.svc.cluster.local:8080
+    version: 0.0.1-rc.awaiting-ci
+description: metaphor example application
+name: metaphor
+type: application
+version: 1.0.0
diff --git a/akamai-gitlab/registry/environments/production/metaphor/values.yaml b/akamai-gitlab/registry/environments/production/metaphor/values.yaml
@@ -0,0 +1,36 @@
+metaphor:
+  annotations: |
+    linkerd.io/inject: "enabled"
+  labels: |
+    mirror.linkerd.io/exported: "true"
+  image:
+    repository: <CONTAINER_REGISTRY_URL>/metaphor
+  imagePullSecrets:
+    - name: docker-config
+  ingress:
+    className: nginx
+    enabled: true
+    annotations:
+      <CERT_MANAGER_ISSUER_ANNOTATION_1>
+      <CERT_MANAGER_ISSUER_ANNOTATION_2>
+      <CERT_MANAGER_ISSUER_ANNOTATION_3>
+      <CERT_MANAGER_ISSUER_ANNOTATION_4>
+      nginx.ingress.kubernetes.io/service-upstream: "true"
+    hosts:
+      - host: metaphor-production.<DOMAIN_NAME>
+        paths:
+          - path: /
+            pathType: Prefix
+    tls:
+      - secretName: metaphor-tls
+        hosts:
+          - metaphor-production.<DOMAIN_NAME>
+  metaphor:
+    host: https://metaphor-production.<DOMAIN_NAME>/api
+    console: https://kubefirst.<DOMAIN_NAME>
+
+  clusterSecretStoreName: vault-kv-secret
+  vaultSecretPath: production/metaphor
+  configs:
+    configOne: production-config-one
+    configTwo: production-config-two
diff --git a/akamai-gitlab/registry/environments/staging/docker-config.yaml b/akamai-gitlab/registry/environments/staging/docker-config.yaml
@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: staging-docker-config
+spec:
+  refreshInterval: 10s
+  secretStoreRef:
+    name: vault-kv-secret
+    kind: ClusterSecretStore
+  target:
+    template:
+      type: kubernetes.io/dockerconfigjson
+      data:
+        .dockerconfigjson: "{{ .dockerconfig | toString }}"
+    name: docker-config
+    creationPolicy: Owner
+  data:
+    - secretKey: "dockerconfig"
+      remoteRef:
+        property: dockerconfig
+        key: dockerconfigjson