OpenStaticFish/HetznerTerra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: harden cluster rebuild determinism
Deploy Grafana Content / Grafana Content (push) Failing after 1m14s
Details
Deploy Cluster / Terraform (push) Failing after 4m59s
Details
Deploy Cluster / Ansible (push) Has been skipped
Details

Browse Source
This commit is contained in:
MichaelFisher1997
2026-04-30 07:36:27 +00:00
parent f52e657f9f
commit a33a993867
38 changed files with 865 additions and 289 deletions
Download Patch File Download Diff File Expand all files Collapse all files
infrastructure/addons/external-secrets/clustersecretstore-doppler-hetznerterra.yaml → infrastructure/addons/external-secrets-store/clustersecretstore-doppler-hetznerterra.yaml
View File
infrastructure/addons/external-secrets-store/kustomization.yaml
+4
View File
@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- clustersecretstore-doppler-hetznerterra.yaml
infrastructure/addons/kustomization-external-secrets-store.yaml
+21
View File
@@ -0,0 +1,21 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: addon-external-secrets-store
namespace: flux-system
spec:
interval: 10m
prune: true
sourceRef:
kind: GitRepository
name: platform
path: ./infrastructure/addons/external-secrets-store
dependsOn:
- name: addon-external-secrets
wait: false
healthChecks:
- apiVersion: external-secrets.io/v1
kind: ClusterSecretStore
name: doppler-hetznerterra
timeout: 5m
suspend: false
infrastructure/addons/kustomization-external-secrets.yaml
+9 -1
View File
@@ -16,5 +16,13 @@ spec:
kind: HelmRelease
name: external-secrets
namespace: flux-system
timeout: 5m
- apiVersion: apps/v1
kind: Deployment
name: external-secrets-external-secrets
namespace: external-secrets
- apiVersion: apps/v1
kind: Deployment
name: external-secrets-external-secrets-webhook
namespace: external-secrets
timeout: 10m
suspend: false
infrastructure/addons/kustomization-observability-secrets.yaml
+26
View File
@@ -0,0 +1,26 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: addon-observability-secrets
namespace: flux-system
spec:
interval: 10m
prune: true
sourceRef:
kind: GitRepository
name: platform
path: ./infrastructure/addons/observability-secrets
dependsOn:
- name: addon-external-secrets-store
wait: false
healthChecks:
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
name: grafana-admin
namespace: observability
- apiVersion: v1
kind: Secret
name: grafana-admin-credentials
namespace: observability
timeout: 5m
suspend: false
infrastructure/addons/kustomization-observability.yaml
+3 -2
View File
@@ -11,7 +11,8 @@ spec:
name: platform
path: ./infrastructure/addons/observability
dependsOn:
- name: addon-external-secrets
- name: addon-observability-secrets
- name: addon-nfs-storage
- name: addon-tailscale-operator
- name: addon-tailscale-proxyclass
wait: false
@@ -28,5 +29,5 @@ spec:
kind: HelmRelease
name: promtail
namespace: flux-system
timeout: 5m
timeout: 15m
suspend: false
infrastructure/addons/kustomization-rancher-config.yaml
+1 -1
View File
@@ -13,5 +13,5 @@ spec:
dependsOn:
- name: addon-rancher
wait: true
timeout: 5m
timeout: 10m
suspend: false
infrastructure/addons/kustomization-rancher-secrets.yaml
+34
View File
@@ -0,0 +1,34 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: addon-rancher-secrets
namespace: flux-system
spec:
interval: 10m
prune: true
sourceRef:
kind: GitRepository
name: platform
path: ./infrastructure/addons/rancher-secrets
dependsOn:
- name: addon-external-secrets-store
wait: false
healthChecks:
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
name: rancher-bootstrap-password
namespace: flux-system
- apiVersion: v1
kind: Secret
name: rancher-bootstrap-password
namespace: flux-system
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
name: rancher-bootstrap-password
namespace: cattle-system
- apiVersion: v1
kind: Secret
name: rancher-bootstrap-password
namespace: cattle-system
timeout: 5m
suspend: false
infrastructure/addons/kustomization-rancher.yaml
+18 -2
View File
@@ -10,12 +10,12 @@ spec:
kind: GitRepository
name: platform
path: ./infrastructure/addons/rancher
timeout: 15m
timeout: 30m
suspend: false
dependsOn:
- name: addon-tailscale-operator
- name: addon-tailscale-proxyclass
- name: addon-external-secrets
- name: addon-rancher-secrets
- name: addon-cert-manager
wait: false
healthChecks:
@@ -23,3 +23,19 @@ spec:
kind: HelmRelease
name: rancher
namespace: flux-system
- apiVersion: apps/v1
kind: Deployment
name: cattle-system-rancher
namespace: cattle-system
- apiVersion: apps/v1
kind: Deployment
name: rancher-webhook
namespace: cattle-system
- apiVersion: cert-manager.io/v1
kind: Issuer
name: cattle-system-rancher
namespace: cattle-system
- apiVersion: cert-manager.io/v1
kind: Certificate
name: tls-rancher-ingress
namespace: cattle-system
infrastructure/addons/kustomization-tailscale-operator.yaml
+8 -1
View File
@@ -16,5 +16,12 @@ spec:
kind: HelmRelease
name: tailscale-operator
namespace: flux-system
timeout: 5m
- apiVersion: apps/v1
kind: Deployment
name: operator
namespace: tailscale-system
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: proxyclasses.tailscale.com
timeout: 10m
suspend: false
infrastructure/addons/kustomization.yaml
+3
View File
@@ -3,11 +3,14 @@ kind: Kustomization
resources:
- kustomization-nfs-storage.yaml
- kustomization-external-secrets.yaml
- kustomization-external-secrets-store.yaml
- kustomization-cert-manager.yaml
- kustomization-tailscale-operator.yaml
- kustomization-tailscale-proxyclass.yaml
- traefik
- kustomization-observability-secrets.yaml
- kustomization-observability.yaml
- kustomization-observability-content.yaml
- kustomization-rancher-secrets.yaml
- kustomization-rancher.yaml
- kustomization-rancher-config.yaml
infrastructure/addons/observability/grafana-admin-externalsecret.yaml → infrastructure/addons/observability-secrets/grafana-admin-externalsecret.yaml
View File
infrastructure/addons/observability-secrets/kustomization.yaml
+5
View File
@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- grafana-admin-externalsecret.yaml
infrastructure/addons/observability/namespace.yaml → infrastructure/addons/observability-secrets/namespace.yaml
View File
infrastructure/addons/observability/kustomization.yaml
-2
View File
@@ -1,8 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- grafana-admin-externalsecret.yaml
- ocirepository-loki.yaml
- ocirepository-promtail.yaml
- helmrelease-kube-prometheus-stack.yaml
infrastructure/addons/rancher-secrets/kustomization.yaml
+6
View File
@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- rancher-bootstrap-password-flux-externalsecret.yaml
- rancher-bootstrap-password-externalsecret.yaml
infrastructure/addons/rancher/namespace.yaml → infrastructure/addons/rancher-secrets/namespace.yaml
View File
infrastructure/addons/rancher/rancher-bootstrap-password-externalsecret.yaml → infrastructure/addons/rancher-secrets/rancher-bootstrap-password-externalsecret.yaml
View File
infrastructure/addons/rancher/rancher-bootstrap-password-flux-externalsecret.yaml → infrastructure/addons/rancher-secrets/rancher-bootstrap-password-flux-externalsecret.yaml
View File
infrastructure/addons/rancher/kustomization.yaml
-3
View File
@@ -1,8 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- helmrelease-rancher.yaml
- rancher-bootstrap-password-flux-externalsecret.yaml
- rancher-bootstrap-password-externalsecret.yaml
- rancher-tailscale-service.yaml