k8s-cluster/flux/clusters/flux-system/receiver.yaml

68 lines
1.7 KiB
YAML

# https://kubernetes.io/docs/concepts/services-networking/ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: webhook-flux-receiver
namespace: flux-system
annotations:
# https://cert-manager.io/docs/usage/ingress/#supported-annotations
# https://github.com/cert-manager/cert-manager/issues/2239
cert-manager.io/cluster-issuer: letsencrypt-http
cert-manager.io/private-key-algorithm: ECDSA
cert-manager.io/private-key-size: 384
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
tls:
- hosts:
- flux.k8s.forgejo.org
secretName: tls-forgejo-flux-ingress-http
rules:
- host: flux.k8s.forgejo.org
http:
paths:
- pathType: Prefix
path: /
backend:
service:
# pre-defined by flux
name: webhook-receiver
port:
name: http
---
apiVersion: notification.toolkit.fluxcd.io/v1
kind: Receiver
metadata:
name: forgejo-flux-receiver
namespace: flux-system
spec:
type: github
events:
- "ping"
- "push"
secretRef:
name: webhook-flux-token
resources:
- apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
# matching the GitRepository in gotk-sync.yaml
name: flux-system
---
#
# The discussion that led to adding the following is
# https://matrix.to/#/!NdTYAXrlSgIkGNiPgQ:matrix.org/$fUvRAhXEnubBTxbads0unHm7UWUGfciX_3TcoIv7xKc?via=schinas.net&via=matrix.org&via=mozilla.org
#
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: cert-manager-acme-http-solver
namespace: flux-system
spec:
podSelector:
matchLabels:
acme.cert-manager.io/http01-solver: 'true'
ingress:
- {}
policyTypes:
- Ingress