refactor: subscribe to microservices app repo

.gitea/workflows/deploy.yml

@@ -1248,7 +1248,6 @@ jobs:
           wait_for_kustomization_ready addon-observability-secrets 300s
           wait_for_kustomization_ready addon-observability 300s
           wait_for_kustomization_ready addon-observability-content 300s
-          wait_for_kustomization_ready apps 300s
           if ! kubectl -n flux-system wait --for=condition=Ready helmrelease --all --timeout=120s; then
             stalled_helmreleases="$(kubectl -n flux-system get helmreleases -o jsonpath='{range .items[*]}{.metadata.name}{" "}{.status.conditions[?(@.type=="Stalled")].status}{"\n"}{end}' | awk '$2 == "True" {print $1}')"
             if [ -n "${stalled_helmreleases}" ]; then
@@ -1294,6 +1293,7 @@ jobs:
             | grep -Ev "^cattle-capi-system[[:space:]]+capi-controller-manager-" \
             | grep -Ev "^cattle-turtles-system[[:space:]]+cluster-api-operator-resources-cleanup-" \
             | grep -Ev "^kube-system[[:space:]]+helm-install-" \
+            | grep -Ev "^microservices[[:space:]]+" \
             | tee "${unhealthy_pods}" || true
           test ! -s "${unhealthy_pods}"
           kubectl -n kube-system get pods -o wide

apps/kustomization.yaml

@@ -1,4 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - microservices
+  - microservices.yaml

apps/microservices.yaml

@@ -0,0 +1,28 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: microservices
+  namespace: flux-system
+spec:
+  interval: 1m
+  ref:
+    branch: main
+  url: https://github.com/OpenStaticFish/MicroServices.git
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: microservices
+  namespace: flux-system
+spec:
+  interval: 5m
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: microservices
+  path: ./deploy/prod
+  dependsOn:
+    - name: addon-external-secrets-store
+    - name: addon-tailscale-proxyclass
+  wait: false
+  timeout: 5m

apps/microservices/ingressroute-microservices.yaml

@@ -1,23 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: microservices
-  namespace: microservices
-spec:
-  entryPoints:
-    - web
-  routes:
-    - match: Host(`apps.silverside-gopher.ts.net`) && PathPrefix(`/site-analyzer`)
-      kind: Rule
-      middlewares:
-        - name: microservices-strip-prefix
-      services:
-        - name: site-analyzer
-          port: 8090
-    - match: Host(`apps.silverside-gopher.ts.net`) && PathPrefix(`/scraper`)
-      kind: Rule
-      middlewares:
-        - name: microservices-strip-prefix
-      services:
-        - name: scraper
-          port: 8080

apps/microservices/kustomization.yaml

@@ -1,11 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - namespace.yaml
-  - webshare-api-externalsecret.yaml
-  - site-analyzer-deployment.yaml
-  - site-analyzer-service.yaml
-  - scraper-deployment.yaml
-  - scraper-service.yaml
-  - traefik-middleware-strip-prefix.yaml
-  - ingressroute-microservices.yaml

apps/microservices/namespace.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: microservices

apps/microservices/scraper-deployment.yaml

@@ -1,65 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: scraper
-  namespace: microservices
-  labels:
-    app: scraper
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: scraper
-  template:
-    metadata:
-      labels:
-        app: scraper
-    spec:
-      imagePullSecrets:
-        - name: ghcr-pull-secret
-      containers:
-        - name: scraper
-          image: ghcr.io/openstaticfish/microservices/scraper:main
-          imagePullPolicy: Always
-          ports:
-            - containerPort: 8080
-          env:
-            - name: PORT
-              value: "8080"
-            - name: WEBSHARE_API_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: webshare-api
-                  key: api-key
-                  optional: true
-            - name: WEBSHARE_PROXY_USERNAME
-              valueFrom:
-                secretKeyRef:
-                  name: webshare-api
-                  key: proxy-username
-                  optional: true
-            - name: WEBSHARE_PROXY_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: webshare-api
-                  key: proxy-password
-                  optional: true
-          resources:
-            requests:
-              cpu: 100m
-              memory: 64Mi
-            limits:
-              cpu: 500m
-              memory: 256Mi
-          livenessProbe:
-            httpGet:
-              path: /health
-              port: 8080
-            initialDelaySeconds: 2
-            periodSeconds: 10
-          readinessProbe:
-            httpGet:
-              path: /health
-              port: 8080
-            initialDelaySeconds: 2
-            periodSeconds: 5

apps/microservices/scraper-service.yaml

@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: scraper
-  namespace: microservices
-spec:
-  type: ClusterIP
-  selector:
-    app: scraper
-  ports:
-    - name: http
-      protocol: TCP
-      port: 8080
-      targetPort: 8080

apps/microservices/site-analyzer-deployment.yaml

@@ -1,81 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: site-analyzer
-  namespace: microservices
-  labels:
-    app: site-analyzer
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: site-analyzer
-  strategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxSurge: 1
-      maxUnavailable: 0
-  template:
-    metadata:
-      labels:
-        app: site-analyzer
-    spec:
-      imagePullSecrets:
-        - name: ghcr-pull-secret
-      terminationGracePeriodSeconds: 30
-      containers:
-        - name: site-analyzer
-          image: ghcr.io/openstaticfish/microservices/site-analyzer:main
-          imagePullPolicy: Always
-          ports:
-            - containerPort: 8090
-          env:
-            - name: PORT
-              value: "8090"
-            - name: MAX_CONCURRENT_ANALYSES
-              value: "20"
-            - name: ANALYSIS_TIMEOUT
-              value: 15s
-            - name: FETCH_TIMEOUT
-              value: 10s
-            - name: MAX_REQUEST_BYTES
-              value: "4096"
-            - name: MAX_RESPONSE_BYTES
-              value: "2097152"
-            - name: READ_HEADER_TIMEOUT
-              value: 2s
-            - name: READ_TIMEOUT
-              value: 5s
-            - name: WRITE_TIMEOUT
-              value: 20s
-            - name: IDLE_TIMEOUT
-              value: 60s
-            - name: SHUTDOWN_TIMEOUT
-              value: 25s
-            - name: MAX_IDLE_CONNS
-              value: "200"
-            - name: MAX_IDLE_CONNS_PER_HOST
-              value: "20"
-          resources:
-            requests:
-              cpu: 250m
-              memory: 128Mi
-            limits:
-              cpu: "1"
-              memory: 512Mi
-          livenessProbe:
-            httpGet:
-              path: /health
-              port: 8090
-            initialDelaySeconds: 2
-            periodSeconds: 10
-            timeoutSeconds: 1
-            failureThreshold: 3
-          readinessProbe:
-            httpGet:
-              path: /ready
-              port: 8090
-            initialDelaySeconds: 2
-            periodSeconds: 3
-            timeoutSeconds: 1
-            failureThreshold: 2

apps/microservices/site-analyzer-service.yaml

@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: site-analyzer
-  namespace: microservices
-spec:
-  type: ClusterIP
-  selector:
-    app: site-analyzer
-  ports:
-    - name: http
-      protocol: TCP
-      port: 8090
-      targetPort: 8090

apps/microservices/traefik-middleware-strip-prefix.yaml

@@ -1,10 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: microservices-strip-prefix
-  namespace: microservices
-spec:
-  stripPrefix:
-    prefixes:
-      - /site-analyzer
-      - /scraper

apps/microservices/webshare-api-externalsecret.yaml

@@ -1,29 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: webshare-api
-  namespace: microservices
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    name: doppler-openstaticfish-microservices
-    kind: ClusterSecretStore
-  target:
-    name: webshare-api
-    creationPolicy: Owner
-    template:
-      type: Opaque
-      data:
-        api-key: "{{ .webshareApiKey }}"
-        proxy-username: "{{ .webshareProxyUsername }}"
-        proxy-password: "{{ .webshareProxyPassword }}"
-  data:
-    - secretKey: webshareApiKey
-      remoteRef:
-        key: WEBSHARE_API_KEY
-    - secretKey: webshareProxyUsername
-      remoteRef:
-        key: WEBSHARE_PROXY_USERNAME
-    - secretKey: webshareProxyPassword
-      remoteRef:
-        key: WEBSHARE_PROXY_PASSWORD

scripts/smoke-check-tailnet-services.sh

@@ -209,4 +209,3 @@ restart_unhealthy_tailscale_proxies
 check_service "cattle-system" "rancher-tailscale" "rancher.silverside-gopher.ts.net" "https://rancher.silverside-gopher.ts.net/"
 check_service "observability" "grafana-tailscale" "grafana.silverside-gopher.ts.net" "http://grafana.silverside-gopher.ts.net/"
 check_service "observability" "prometheus-tailscale" "prometheus.silverside-gopher.ts.net" "http://prometheus.silverside-gopher.ts.net:9090/"
-check_service "kube-system" "traefik-apps-tailscale" "apps.silverside-gopher.ts.net" "http://apps.silverside-gopher.ts.net/site-analyzer/health"