feat: add private flux ui

infrastructure/addons/flux-ui/helmrelease-weave-gitops.yaml

@@ -0,0 +1,40 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: weave-gitops
+  namespace: flux-system
+spec:
+  interval: 10m
+  targetNamespace: flux-system
+  chartRef:
+    kind: OCIRepository
+    name: weave-gitops
+    namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+  values:
+    image:
+      repository: ghcr.io/weaveworks/wego-app
+      tag: v0.39.1-rc.1
+      pullPolicy: IfNotPresent
+    adminUser:
+      create: true
+      username: admin
+      passwordHash: "$2a$10$P/tHQ1DNFXdvX0zRGA8LPeSOyb0JXq9rP3fZ4W8HGTpLV7qHDlWhe"
+    rbac:
+      impersonationResourceNames:
+        - admin
+      viewSecretsEnabled: false
+    resources:
+      requests:
+        cpu: 100m
+        memory: 64Mi
+      limits:
+        cpu: 500m
+        memory: 512Mi
+    networkPolicy:
+      create: false

infrastructure/addons/flux-ui/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ocirepository-weave-gitops.yaml
+  - helmrelease-weave-gitops.yaml
+  - weave-gitops-tailscale-service.yaml

infrastructure/addons/flux-ui/ocirepository-weave-gitops.yaml

@@ -0,0 +1,14 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: OCIRepository
+metadata:
+  name: weave-gitops
+  namespace: flux-system
+spec:
+  interval: 10m
+  insecure: true
+  url: oci://10.27.27.239:5001/weaveworks/charts/weave-gitops
+  ref:
+    tag: 0.39.1-rc.1
+  layerSelector:
+    mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
+    operation: copy

infrastructure/addons/flux-ui/weave-gitops-tailscale-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: weave-gitops-tailscale
+  namespace: flux-system
+  annotations:
+    tailscale.com/hostname: flux
+    tailscale.com/tags: "tag:prod,tag:flux"
+    tailscale.com/proxy-class: infra-stable
+spec:
+  type: LoadBalancer
+  loadBalancerClass: tailscale
+  selector:
+    app.kubernetes.io/name: weave-gitops
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: 9001

infrastructure/addons/kustomization-flux-ui.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: addon-flux-ui
+  namespace: flux-system
+spec:
+  interval: 10m
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: platform
+  path: ./infrastructure/addons/flux-ui
+  dependsOn:
+    - name: addon-tailscale-operator
+    - name: addon-tailscale-proxyclass
+  wait: false
+  timeout: 5m
+  suspend: false

infrastructure/addons/kustomization.yaml

@@ -11,6 +11,7 @@ resources:
   - kustomization-observability-secrets.yaml
   - kustomization-observability.yaml
   - kustomization-observability-content.yaml
+  - kustomization-flux-ui.yaml
   - kustomization-rancher-secrets.yaml
   - kustomization-rancher.yaml
   - kustomization-rancher-config.yaml

scripts/smoke-check-tailnet-services.sh

@@ -209,3 +209,4 @@ restart_unhealthy_tailscale_proxies
 check_service "cattle-system" "rancher-tailscale" "rancher.silverside-gopher.ts.net" "https://rancher.silverside-gopher.ts.net/"
 check_service "observability" "grafana-tailscale" "grafana.silverside-gopher.ts.net" "http://grafana.silverside-gopher.ts.net/"
 check_service "observability" "prometheus-tailscale" "prometheus.silverside-gopher.ts.net" "http://prometheus.silverside-gopher.ts.net:9090/"
+check_service "flux-system" "weave-gitops-tailscale" "flux.silverside-gopher.ts.net" "http://flux.silverside-gopher.ts.net/"