fix: stabilize flux and external secrets reconciliation

2026-03-09 02:25:27 +00:00
parent 6f2e056b98
commit 646ef16258
7 changed files with 6498 additions and 1 deletions
--- a/clusters/prod/flux-system/gotk-components.yaml
+++ b/clusters/prod/flux-system/gotk-components.yaml
--- a/clusters/prod/flux-system/gotk-controller-cp1-patches.yaml
+++ b/clusters/prod/flux-system/gotk-controller-cp1-patches.yaml
@@ -0,0 +1,43 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: source-controller
  namespace: flux-system
 spec:
  template:
    spec:
      nodeSelector:
        kubernetes.io/hostname: k8s-cluster-cp-1
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: kustomize-controller
  namespace: flux-system
 spec:
  template:
    spec:
      nodeSelector:
        kubernetes.io/hostname: k8s-cluster-cp-1
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: helm-controller
  namespace: flux-system
 spec:
  template:
    spec:
      nodeSelector:
        kubernetes.io/hostname: k8s-cluster-cp-1
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: notification-controller
  namespace: flux-system
 spec:
  template:
    spec:
      nodeSelector:
        kubernetes.io/hostname: k8s-cluster-cp-1
--- a/clusters/prod/flux-system/kustomization.yaml
+++ b/clusters/prod/flux-system/kustomization.yaml
@@ -1,6 +1,9 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - gotk-components.yaml
  - gitrepository-platform.yaml
  - kustomization-infrastructure.yaml
  - kustomization-apps.yaml
 patchesStrategicMerge:
  - gotk-controller-cp1-patches.yaml
--- a/infrastructure/addons/external-secrets/helmrelease-external-secrets.yaml
+++ b/infrastructure/addons/external-secrets/helmrelease-external-secrets.yaml
@@ -23,5 +23,14 @@ spec:
      retries: 3
  values:
    installCRDs: true
    nodeSelector:
      kubernetes.io/hostname: k8s-cluster-cp-1
    webhook:
      failurePolicy: Ignore
      nodeSelector:
        kubernetes.io/hostname: k8s-cluster-cp-1
    certController:
      nodeSelector:
        kubernetes.io/hostname: k8s-cluster-cp-1
    serviceMonitor:
      enabled: false
--- a/infrastructure/addons/external-secrets/kustomization.yaml
+++ b/infrastructure/addons/external-secrets/kustomization.yaml
@@ -4,4 +4,3 @@ resources:
  - namespace.yaml
  - helmrepository-external-secrets.yaml
  - helmrelease-external-secrets.yaml
  - clustersecretstore-doppler-hetznerterra.yaml
--- a/infrastructure/kustomization-secrets.yaml
+++ b/infrastructure/kustomization-secrets.yaml
@@ -0,0 +1,16 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: secrets
  namespace: flux-system
 spec:
  interval: 10m
  prune: true
  sourceRef:
    kind: GitRepository
    name: platform
  path: ./infrastructure/secrets
  dependsOn:
    - name: addon-external-secrets
  wait: true
  timeout: 5m
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - addons
  - kustomization-secrets.yaml