diff --git a/apps/base/reposync/configmap_dnf-conf.yaml b/apps/base/reposync/configmap_dnf-conf.yaml new file mode 100644 index 0000000..cd7d66c --- /dev/null +++ b/apps/base/reposync/configmap_dnf-conf.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: reposync + app.kubernetes.io/name: reposync + name: dnf-conf + namespace: reposync +data: + dnf.conf: | + [main] + gpgcheck=1 + installonly_limit=3 + clean_requirements_on_remove=True + best=True + skip_if_unavailable=False + max_parallel_downloads=6 diff --git a/apps/base/reposync/configmap_openvox-repo.yaml b/apps/base/reposync/configmap_openvox-repo.yaml new file mode 100644 index 0000000..98f64f7 --- /dev/null +++ b/apps/base/reposync/configmap_openvox-repo.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: reposync-openvox7 + app.kubernetes.io/name: reposync + name: openvox7-openvox-repo + namespace: reposync +data: + openvox.repo: | + [openvox] + name=openvox repository + baseurl=https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/openvox/openvox7/el/9/x86_64/ + gpgkey=https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/openvox/GPG-KEY-openvox.pub + enabled=1 + gpgcheck=1 diff --git a/apps/base/reposync/cronjob_reposync-almalinux9-appstream.yaml b/apps/base/reposync/cronjob_reposync-almalinux9-appstream.yaml new file mode 100644 index 0000000..fa1a9c7 --- /dev/null +++ b/apps/base/reposync/cronjob_reposync-almalinux9-appstream.yaml @@ -0,0 +1,72 @@ +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + labels: + app.kubernetes.io/component: reposync-almalinux9-appstream + app.kubernetes.io/name: reposync + name: reposync-almalinux9-appstream + namespace: reposync +spec: + schedule: "10 2 * * *" + timeZone: "Australia/Sydney" + concurrencyPolicy: Forbid + suspend: false + successfulJobsHistoryLimit: 10 + failedJobsHistoryLimit: 5 + jobTemplate: + spec: + completions: 1 + parallelism: 1 + backoffLimit: 3 + ttlSecondsAfterFinished: 3600 + template: + spec: + restartPolicy: Never + containers: + - name: reposync + image: git.unkin.net/unkin/almalinux9-base:latest + imagePullPolicy: Always + command: ["/bin/bash", "-c"] + args: + - | + set -euo pipefail + echo "Starting AlmaLinux $REPO_TYPE repository sync..." + + # Install reposync + dnf install -y dnf-plugins-core + + # Sync repository + dnf reposync \ + --repoid=$REPO_TYPE \ + --destdir=/data \ + --download-metadata \ + --newest-only \ + --delete + + echo "AlmaLinux $REPO_TYPE repository sync completed successfully" + env: + - name: REPO_TYPE + value: "appstream" + resources: + requests: + cpu: 500m + memory: 1Gi + limits: + cpu: 2000m + memory: 4Gi + volumeMounts: + - name: repodata + mountPath: /data + readOnly: false + - name: dnf-conf + mountPath: /etc/dnf/dnf.conf + subPath: dnf.conf + readOnly: true + volumes: + - name: repodata + persistentVolumeClaim: + claimName: reposync-almalinux9-appstream-repodata + - name: dnf-conf + configMap: + name: dnf-conf diff --git a/apps/base/reposync/cronjob_reposync-almalinux9-baseos.yaml b/apps/base/reposync/cronjob_reposync-almalinux9-baseos.yaml new file mode 100644 index 0000000..7d18703 --- /dev/null +++ b/apps/base/reposync/cronjob_reposync-almalinux9-baseos.yaml @@ -0,0 +1,75 @@ +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + labels: + app.kubernetes.io/component: reposync-almalinux9-baseos + app.kubernetes.io/name: reposync + name: reposync-almalinux9-baseos + namespace: reposync +spec: + schedule: "0 2 * * *" + timeZone: "Australia/Sydney" + concurrencyPolicy: Forbid + suspend: false + successfulJobsHistoryLimit: 10 + failedJobsHistoryLimit: 5 + jobTemplate: + spec: + completions: 1 + parallelism: 1 + backoffLimit: 3 + ttlSecondsAfterFinished: 3600 + template: + spec: + restartPolicy: Never + containers: + - name: reposync + image: git.unkin.net/unkin/almalinux9-base:latest + imagePullPolicy: Always + command: ["/bin/bash", "-c"] + args: + - | + set -euo pipefail + echo "Starting AlmaLinux $REPO_TYPE repository sync..." + + # Install reposync + dnf install -y dnf-plugins-core + + # Create repo directory + mkdir -p /data/almalinux/$REPO_TYPE + + # Sync repository + dnf reposync \ + --repoid=$REPO_TYPE \ + --destdir=/data/almalinux/$REPO_TYPE \ + --download-metadata \ + --newest-only \ + --delete + + echo "AlmaLinux $REPO_TYPE repository sync completed successfully" + env: + - name: REPO_TYPE + value: "baseos" + resources: + requests: + cpu: 500m + memory: 1Gi + limits: + cpu: 2000m + memory: 4Gi + volumeMounts: + - name: repodata + mountPath: /data + readOnly: false + - name: dnf-conf + mountPath: /etc/dnf/dnf.conf + subPath: dnf.conf + readOnly: true + volumes: + - name: repodata + persistentVolumeClaim: + claimName: reposync-almalinux9-baseos-repodata + - name: dnf-conf + configMap: + name: dnf-conf diff --git a/apps/base/reposync/cronjob_reposync-epel9.yaml b/apps/base/reposync/cronjob_reposync-epel9.yaml new file mode 100644 index 0000000..b11095d --- /dev/null +++ b/apps/base/reposync/cronjob_reposync-epel9.yaml @@ -0,0 +1,72 @@ +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + labels: + app.kubernetes.io/component: reposync-epel9 + app.kubernetes.io/name: reposync + name: reposync-epel9 + namespace: reposync +spec: + schedule: "20 2 * * *" + timeZone: "Australia/Sydney" + concurrencyPolicy: Forbid + suspend: false + successfulJobsHistoryLimit: 10 + failedJobsHistoryLimit: 5 + jobTemplate: + spec: + completions: 1 + parallelism: 1 + backoffLimit: 3 + ttlSecondsAfterFinished: 3600 + template: + spec: + restartPolicy: Never + containers: + - name: reposync + image: git.unkin.net/unkin/almalinux9-base:latest + imagePullPolicy: Always + command: ["/bin/bash", "-c"] + args: + - | + set -euo pipefail + echo "Starting AlmaLinux $REPO_TYPE repository sync..." + + # Install reposync + dnf install -y dnf-plugins-core + + # Sync repository + dnf reposync \ + --repoid=$REPO_TYPE \ + --destdir=/data \ + --download-metadata \ + --newest-only \ + --delete + + echo "AlmaLinux $REPO_TYPE repository sync completed successfully" + env: + - name: REPO_TYPE + value: "epel" + resources: + requests: + cpu: 500m + memory: 1Gi + limits: + cpu: 2000m + memory: 4Gi + volumeMounts: + - name: repodata + mountPath: /data + readOnly: false + - name: dnf-conf + mountPath: /etc/dnf/dnf.conf + subPath: dnf.conf + readOnly: true + volumes: + - name: repodata + persistentVolumeClaim: + claimName: reposync-epel9-repodata + - name: dnf-conf + configMap: + name: dnf-conf diff --git a/apps/base/reposync/cronjob_reposync-openvox7.yaml b/apps/base/reposync/cronjob_reposync-openvox7.yaml new file mode 100644 index 0000000..b0fc005 --- /dev/null +++ b/apps/base/reposync/cronjob_reposync-openvox7.yaml @@ -0,0 +1,78 @@ +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + labels: + app.kubernetes.io/component: reposync-openvox7 + app.kubernetes.io/name: reposync + name: reposync-openvox7 + namespace: reposync +spec: + schedule: "30 2 * * *" + timeZone: "Australia/Sydney" + concurrencyPolicy: Forbid + suspend: false + successfulJobsHistoryLimit: 10 + failedJobsHistoryLimit: 5 + jobTemplate: + spec: + completions: 1 + parallelism: 1 + backoffLimit: 3 + ttlSecondsAfterFinished: 3600 + template: + spec: + restartPolicy: Never + containers: + - name: reposync + image: git.unkin.net/unkin/almalinux9-base:latest + imagePullPolicy: Always + command: ["/bin/bash", "-c"] + args: + - | + set -euo pipefail + echo "Starting AlmaLinux $REPO_TYPE repository sync..." + + # Install reposync + dnf install -y dnf-plugins-core + + # Sync repository + dnf reposync \ + --repoid=$REPO_TYPE \ + --destdir=/data \ + --download-metadata \ + --delete + + echo "AlmaLinux $REPO_TYPE repository sync completed successfully" + env: + - name: REPO_TYPE + value: "openvox" + resources: + requests: + cpu: 500m + memory: 1Gi + limits: + cpu: 2000m + memory: 4Gi + volumeMounts: + - name: repodata + mountPath: /data + readOnly: false + - name: dnf-conf + mountPath: /etc/dnf/dnf.conf + subPath: dnf.conf + readOnly: true + - name: openvox-repo + mountPath: /etc/yum.repos.d/openvox.repo + subPath: openvox.repo + readOnly: true + volumes: + - name: repodata + persistentVolumeClaim: + claimName: reposync-openvox7-repodata + - name: dnf-conf + configMap: + name: dnf-conf + - name: openvox-repo + configMap: + name: openvox7-openvox-repo diff --git a/apps/base/reposync/kustomization.yaml b/apps/base/reposync/kustomization.yaml new file mode 100644 index 0000000..bce9622 --- /dev/null +++ b/apps/base/reposync/kustomization.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - namespace.yaml + - configmap_dnf-conf.yaml + - configmap_openvox-repo.yaml + - persistentvolumeclaims.yaml + - cronjob_reposync-almalinux9-baseos.yaml + - cronjob_reposync-almalinux9-appstream.yaml + - cronjob_reposync-epel9.yaml + - cronjob_reposync-openvox7.yaml diff --git a/apps/base/reposync/namespace.yaml b/apps/base/reposync/namespace.yaml new file mode 100644 index 0000000..82ba129 --- /dev/null +++ b/apps/base/reposync/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/name: reposync + name: reposync diff --git a/apps/base/reposync/persistentvolumeclaims.yaml b/apps/base/reposync/persistentvolumeclaims.yaml new file mode 100644 index 0000000..882b4d4 --- /dev/null +++ b/apps/base/reposync/persistentvolumeclaims.yaml @@ -0,0 +1,64 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: reposync-almalinux9-baseos + app.kubernetes.io/name: reposync + name: reposync-almalinux9-baseos-repodata + namespace: reposync +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: cephrbd-fast-delete +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: reposync-almalinux9-appstream + app.kubernetes.io/name: reposync + name: reposync-almalinux9-appstream-repodata + namespace: reposync +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + storageClassName: cephrbd-fast-delete +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: reposync-epel9 + app.kubernetes.io/name: reposync + name: reposync-epel9-repodata + namespace: reposync +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 30Gi + storageClassName: cephrbd-fast-delete +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: reposync-openvox7 + app.kubernetes.io/name: reposync + name: reposync-openvox7-repodata + namespace: reposync +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: cephrbd-fast-delete diff --git a/apps/overlays/au-syd1/reposync/kustomization.yaml b/apps/overlays/au-syd1/reposync/kustomization.yaml new file mode 100644 index 0000000..e0b19ed --- /dev/null +++ b/apps/overlays/au-syd1/reposync/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: reposync + +resources: + - ../../../base/reposync diff --git a/argocd/applicationsets/platform.yaml b/argocd/applicationsets/platform.yaml index a77be79..0c4eafd 100644 --- a/argocd/applicationsets/platform.yaml +++ b/argocd/applicationsets/platform.yaml @@ -12,16 +12,17 @@ spec: directories: - path: apps/overlays/*/artifactapi - path: apps/overlays/*/cattle-system - - path: apps/overlays/*/certificates - path: apps/overlays/*/cert-manager + - path: apps/overlays/*/certificates - path: apps/overlays/*/cnpg-system - path: apps/overlays/*/externaldns - path: apps/overlays/*/inteldeviceplugins-system + - path: apps/overlays/*/jfrog - path: apps/overlays/*/node-feature-discovery + - path: apps/overlays/*/puppet - path: apps/overlays/*/reflector-system - path: apps/overlays/*/reloader-system - - path: apps/overlays/*/jfrog - - path: apps/overlays/*/puppet + - path: apps/overlays/*/reposync - path: apps/overlays/*/woodpecker template: metadata: diff --git a/argocd/projects/platform.yaml b/argocd/projects/platform.yaml index c537d30..f5bfac8 100644 --- a/argocd/projects/platform.yaml +++ b/argocd/projects/platform.yaml @@ -8,14 +8,14 @@ spec: description: Platform infrastructure and core services sourceRepos: - https://git.unkin.net/unkin/argocd-apps + - https://charts.jetstack.io + - https://cloudnative-pg.github.io/charts + - https://intel.github.io/helm-charts/ + - https://kubernetes-sigs.github.io/external-dns/ + - https://releases.rancher.com/server-charts/stable + - oci://gcr.io/k8s-staging-nfd/charts - oci://ghcr.io/emberstack/helm-charts - oci://ghcr.io/woodpecker-ci/helm/woodpecker - - https://releases.rancher.com/server-charts/stable - - https://charts.jetstack.io - - https://kubernetes-sigs.github.io/external-dns/ - - https://cloudnative-pg.github.io/charts - - oci://gcr.io/k8s-staging-nfd/charts - - https://intel.github.io/helm-charts/ destinations: - namespace: '*-system' server: https://kubernetes.default.svc @@ -33,6 +33,8 @@ spec: server: https://kubernetes.default.svc - namespace: 'puppet' server: https://kubernetes.default.svc + - namespace: 'reposync' + server: https://kubernetes.default.svc - namespace: 'woodpecker' server: https://kubernetes.default.svc clusterResourceWhitelist: