Restructure deployments

infrastructure/controllers/cert-manager/kustomization.yaml

@@ -0,0 +1,7 @@
+# /infrastructure/controllers/cert-manager/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - repository.yaml
+  - release.yaml

infrastructure/controllers/cert-manager/namespace.yaml

@@ -0,0 +1,5 @@
+# /infrastructure/controllers/cert-manager/namespace.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager

infrastructure/controllers/cert-manager/release.yaml

@@ -0,0 +1,20 @@
+# /infrastructure/controllers/cert-manager/release.yaml
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  interval: 12h
+  chart:
+    spec:
+      chart: cert-manager
+      version: "1.16.2"
+      sourceRef:
+        kind: HelmRepository
+        name: cert-manager
+        namespace: cert-manager
+      interval: 12h
+  values:
+    crds:
+      enabled: true

infrastructure/controllers/cert-manager/repository.yaml

@@ -0,0 +1,9 @@
+# /infrastructure/controllers/cert-manager/repository.yaml
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  interval: 24h
+  url: https://charts.jetstack.io

infrastructure/controllers/kustomization.yaml

@@ -0,0 +1,6 @@
+# infrastructure/controllers/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - cert-manager
+  - traefik

infrastructure/controllers/traefik/kustomization.yaml

@@ -0,0 +1,13 @@
+# /infrastructure/controllers/traefik/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - repository.yaml
+  - release.yaml
+
+configMapGenerator:
+  - name: traefik-prod-values
+    namespace: traefik
+    files:
+      - values.yaml

infrastructure/controllers/traefik/namespace.yaml

@@ -0,0 +1,5 @@
+# /infrastructure/controllers/traefik/namespace.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: traefik

infrastructure/controllers/traefik/release.yaml

@@ -0,0 +1,19 @@
+# /infrastructure/controllers/traefik/release.yaml
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: traefik
+  namespace: traefik
+spec:
+  interval: 10m
+  chart:
+    spec:
+      chart: traefik
+      version: 33.2.1
+      sourceRef:
+        kind: HelmRepository
+        name: traefik-helm-repo
+      interval: 10m
+  valuesFrom:
+    - kind: ConfigMap
+      name: traefik-prod-values

infrastructure/controllers/traefik/repository.yaml

@@ -0,0 +1,9 @@
+# /infrastructure/controllers/traefik/repository.yaml
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: traefik-helm-repo
+  namespace: traefik
+spec:
+  interval: 24h
+  url: https://helm.traefik.io/traefik

infrastructure/controllers/traefik/values.yaml

@@ -0,0 +1,40 @@
+# /infrastructure/controllers/traefik/values.yaml
+deployment:
+  additionalVolumes:
+  - name: access-log
+    hostPath:
+      path:  /var/log/traefik/
+additionalVolumeMounts:
+- name: access-log
+  mountPath: /var/log/traefik/
+logs:
+  access:
+    enabled: true
+    filePath: /var/log/traefik/access.log
+ingressRoute:
+  dashboard:
+    enabled: true
+    matchRule: Host(`traefik.example.com`)
+    entryPoints: ["websecure"]
+    middlewares:
+      - name: "auth-authelia@kubernetescrd"
+providers:
+  kubernetesCRD:
+    allowCrossNamespace: true
+persistence:
+  enabled: true
+  storageClass: retain-local-path
+ports:
+  websecure:
+    tls:
+      enabled: true
+  web:
+    redirectTo:
+      port: websecure
+service:
+  spec:
+    externalTrafficPolicy: Local
+tlsStore:
+  default:
+    defaultCertificate:
+      secretName: wildcard-nmsny-dev-tls