feat: deploy fleet

kubernetes/apps/dev/fleet/app/externalsecret.yaml

@@ -0,0 +1,24 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: fleet
+  namespace: dev
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: doppler-auth-api
+  target:
+    name: fleet
+    creationPolicy: Owner
+    deletionPolicy: "Delete"
+    template:
+      engineVersion: v2
+      data:
+        mysql-root-password: "{{ .MYSQL__ROOT_PASSWORD }}"
+        mysql-replication-password: "{{ .MYSQL__REPLICATION_PASSWORD }}"
+        mysql-password: "{{ .MYSQL__PASSWORD  }}"
+
+  dataFrom:
+    - find:
+        path: MYSQL__

kubernetes/apps/dev/fleet/app/helmrelease.yaml

@@ -0,0 +1,61 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: fleet
+  namespace: dev
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: fleet
+      version: v6.0.2
+      sourceRef:
+        kind: HelmRepository
+        name: fleet
+        namespace: flux-system
+  maxHistory: 3
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    hostName: fleet.${SECRET_DOMAIN}
+    replicas: 1
+    # manifest version unsupported by kube-arch-scheduler
+    nodeSelector:
+      kubernetes.io/arch: amd64
+    fleet:
+      autoApplySQLMigrations: true
+      logging:
+        json: true
+      tls:
+        enabled: false
+    database:
+      address: fleet-mysql:3306
+      secretName: fleet
+    mysql:
+      enabled: true
+      auth:
+        database: fleet
+        username: fleet
+        existingSecret: fleet
+      primary:
+        persistence:
+          size: 1Gi
+    cache:
+      address: fleet-redis-master:6379
+    redis:
+      enabled: true
+      auth:
+        enabled: false
+      architecture: standalone
+      # https://fleetdm.com/docs/deploy/deploy-fleet-on-kubernetes#redis
+      master:
+        persistence:
+          enabled: false

kubernetes/apps/dev/fleet/app/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml
+  - ./kustomization.yaml

kubernetes/apps/dev/fleet/ks.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: cluster-apps-fleet
+  namespace: flux-system
+  labels:
+    substitution.flux.home.arpa/enabled: "true"
+spec:
+  path: ./kubernetes/apps/dev/fleet/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      name: app-a
+      namespace: dev
+  interval: 30m
+  retryInterval: 1m
+  timeout: 3m

kubernetes/apps/dev/kustomization.yaml

@@ -3,4 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./namespace.yaml
+  - ./fleet/ks.yaml
   - ./spring-boot-app/ks.yaml

kubernetes/flux/repositories/helm/fleet.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: fleet
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://fleetdm.github.io/fleet/charts

kubernetes/flux/repositories/helm/kustomization.yaml

@@ -21,6 +21,7 @@ resources:
   - ./external-secrets.yaml
   - ./fairwinds.yaml
   - ./flanksource.yaml
+  - ./fleet.yaml
   - ./gitea.yaml
   - ./grafana.yaml
   - ./hajimari.yaml