feat: add flux ui on shared tailscale endpoint

README.md

@@ -233,6 +233,7 @@ Preferred (when Tailscale Operator is healthy):
 
 - Grafana: `http://observability/grafana/` (or `http://observability.<your-tailnet>/grafana/`)
 - Prometheus: `http://observability/prometheus/` (or `http://observability.<your-tailnet>/prometheus/`)
+- Flux UI: `http://observability:9001/` (or `http://observability.<your-tailnet>:9001/`)
 
 Fallback (port-forward from a tailnet-connected machine):
 

infrastructure/addons/flux-ui/gitrepository-weave-gitops.yaml

@@ -0,0 +1,10 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: weave-gitops
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://github.com/weaveworks/weave-gitops
+  ref:
+    tag: v0.39.0-rc.2

infrastructure/addons/flux-ui/helmrelease-weave-gitops.yaml

@@ -0,0 +1,36 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: weave-gitops
+  namespace: flux-system
+spec:
+  interval: 10m
+  targetNamespace: flux-system
+  chart:
+    spec:
+      chart: ./charts/gitops-server
+      sourceRef:
+        kind: GitRepository
+        name: weave-gitops
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+  values:
+    service:
+      type: ClusterIP
+      port: 9001
+    adminUser:
+      create: true
+      createClusterRole: true
+      createSecret: true
+      username: admin
+      passwordHash: "$2b$12$iVSpwZxP98Y1T4AOwj.TAeMsrOuQ6vWfhXfG4Gan9ay.qGMaRNdrC"
+    rbac:
+      create: true
+      impersonationResourceNames:
+        - admin

infrastructure/addons/flux-ui/ingress-flux-ui.yaml

@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: flux-ui
+  namespace: flux-system
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: flux
+spec:
+  ingressClassName: traefik
+  rules:
+    - http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: flux-system-weave-gitops
+                port:
+                  number: 9001

infrastructure/addons/flux-ui/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - gitrepository-weave-gitops.yaml
+  - helmrelease-weave-gitops.yaml
+  - traefik-helmchartconfig-flux-entrypoint.yaml
+  - ingress-flux-ui.yaml

infrastructure/addons/flux-ui/traefik-helmchartconfig-flux-entrypoint.yaml

@@ -0,0 +1,9 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChartConfig
+metadata:
+  name: traefik
+  namespace: kube-system
+spec:
+  valuesContent: |-
+    additionalArguments:
+      - "--entryPoints.flux.address=:9001/tcp"

infrastructure/addons/kustomization-flux-ui.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: addon-flux-ui
+  namespace: flux-system
+spec:
+  interval: 10m
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: platform
+  path: ./infrastructure/addons/flux-ui
+  wait: true
+  timeout: 5m
+  suspend: false

infrastructure/addons/kustomization.yaml

@@ -3,6 +3,7 @@ kind: Kustomization
 resources:
   - kustomization-ccm.yaml
   - kustomization-csi.yaml
+  - kustomization-flux-ui.yaml
   - kustomization-tailscale-operator.yaml
   - kustomization-observability.yaml
   - kustomization-observability-content.yaml

infrastructure/addons/observability/traefik-tailscale-service.yaml

@@ -21,3 +21,7 @@ spec:
       port: 443
       protocol: TCP
       targetPort: websecure
+    - name: flux
+      port: 9001
+      protocol: TCP
+      targetPort: 9001