feat: driftDetection (+ cleanup interval)

2023-12-21 11:28:05 +01:00 · 2023-12-21 11:28:05 +01:00 · 226d0c88dd
commit 226d0c88dd
parent 446ca33ce2
34 changed files with 71 additions and 40 deletions
--- a/base-values/commons.yaml
+++ b/base-values/commons.yaml
@ -11,6 +11,8 @@ commons:
        remediation:
          retries: -1
        crds: CreateReplace
+      driftDetection:
+        mode: enabled

  ingress:
    domain: "wrenix.eu"
--- a/base/templates/release.yaml
+++ b/base/templates/release.yaml
@ -2,7 +2,7 @@
 {{- if ($config.enabled | default false) }}
 {{- $componentName := $config.name | default $componentInstance }}
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: "{{ $.Release.Name }}-{{ $componentInstance }}"
@ -21,6 +21,8 @@ spec:
    {{- toYaml $.Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml $.Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml $.Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: {{ $.Values.componentCommons.helm.release.interval }}
  valuesFrom:
    - kind: ConfigMap
--- a/base/values.yaml
+++ b/base/values.yaml
@ -9,6 +9,7 @@ commons:
      install: {}
      test: {}
      upgrade: {}
+      driftDetection: {}

 componentCommons:
  helm:
--- a/infra-certificates/templates/certmanager/release.yaml
+++ b/infra-certificates/templates/certmanager/release.yaml
@ -1,5 +1,5 @@
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: cert-manager
@ -10,13 +10,14 @@ spec:
        kind: HelmRepository
        name: jetstack
      chart: cert-manager
-      interval: 10m
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    installCRDs: true
--- a/infra-certificates/templates/certmanager/repo.yaml
+++ b/infra-certificates/templates/certmanager/repo.yaml
@ -5,4 +5,4 @@ metadata:
  name: jetstack
 spec:
  url: https://charts.jetstack.io
-  interval: 10m0s
+  interval: 10m
--- a/infra-certificates/values.yaml
+++ b/infra-certificates/values.yaml
@ -8,6 +8,8 @@ commons:
      install: {}
      test: {}
      upgrade: {}
+      driftDetection: {}
+
  prometheus:
    monitor:
      labels: {}
--- a/infra-ingress/templates/traefik/release.yaml
+++ b/infra-ingress/templates/traefik/release.yaml
@ -1,6 +1,6 @@
 {{- if (eq .Values.controller "traefik") }}
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: traefik
@ -11,13 +11,14 @@ spec:
        kind: HelmRepository
        name: traefik
      chart: traefik
-      interval: 30m
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    deployment:
--- a/infra-ingress/templates/traefik/repo.yaml
+++ b/infra-ingress/templates/traefik/repo.yaml
@ -6,5 +6,5 @@ metadata:
  name: traefik
 spec:
  url: https://helm.traefik.io/traefik
-  interval: 12h
+  interval: 10m
 {{- end }}
--- a/infra-ingress/values.yaml
+++ b/infra-ingress/values.yaml
@ -8,6 +8,7 @@ commons:
      install: {}
      test: {}
      upgrade: {}
+      driftDetection: {}

  ingress:
    domain: "wrenix.eu"
--- a/infra-logging/templates/logging-operator/release.yaml
+++ b/infra-logging/templates/logging-operator/release.yaml
@ -1,5 +1,5 @@
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: logging-operator
@ -10,13 +10,14 @@ spec:
        kind: HelmRepository
        name: kube-logging
      chart: logging-operator
-      interval: 10m
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    monitoring:
--- a/infra-logging/templates/logging-operator/repo.yaml
+++ b/infra-logging/templates/logging-operator/repo.yaml
@ -6,4 +6,4 @@ metadata:
 spec:
  url: oci://ghcr.io/kube-logging/helm-charts
  type: oci
-  interval: 10m0s
+  interval: 10m
--- a/infra-logging/templates/loki/release.yaml
+++ b/infra-logging/templates/loki/release.yaml
@ -1,6 +1,6 @@
 {{- if .Values.loki.enabled }}
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: loki
@ -11,13 +11,14 @@ spec:
        kind: HelmRepository
        name: grafana
      chart: loki
-      interval: 10m
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    singleBinary:
--- a/infra-logging/templates/loki/repo.yaml
+++ b/infra-logging/templates/loki/repo.yaml
@ -6,5 +6,5 @@ metadata:
  name: grafana
 spec:
  url: https://grafana.github.io/helm-charts
-  interval: 10m0s
+  interval: 10m
 {{- end }}
--- a/infra-logging/values.yaml
+++ b/infra-logging/values.yaml
@ -8,6 +8,7 @@ commons:
      install: {}
      test: {}
      upgrade: {}
+      driftDetection: {}

  grafana:
    datasource:
--- a/infra-monitoring/templates/alertmanager/authentik-application.yaml
+++ b/infra-monitoring/templates/alertmanager/authentik-application.yaml
@ -3,7 +3,7 @@
  .Values.alertmanager.ingress.enabled
 }}
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: authentik-application-alertmanager
@ -16,7 +16,6 @@ spec:
        namespace: "flux-system"
      chart: "./authentik-application"
      reconcileStrategy: "Revision"
-      interval: 10m
  releaseName: authentik-application-infra-alertmanager
  targetNamespace: {{ .Values.commons.auth.namespace }}
  install:
@ -25,6 +24,8 @@ spec:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    {{- $domain := .Values.alertmanager.ingress.host | default (printf "alertmanager.%s" .Values.commons.ingress.domain) }}
--- a/infra-monitoring/templates/alertmanager/matrix/release.yaml
+++ b/infra-monitoring/templates/alertmanager/matrix/release.yaml
@ -1,7 +1,7 @@
 {{- with .Values.alertmanager.receiver.matrix }}
 {{- if .enabled }}
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: "alertmanager-matrix"
@ -20,7 +20,9 @@ spec:
    {{- toYaml $.Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml $.Values.commons.helm.release.upgrade | nindent 4 }}
-  interval: 5m
+  driftDetection:
+    {{- toYaml $.Values.commons.helm.release.driftDetection | nindent 4 }}
+  interval: 10m
  valuesFrom:
    - kind: Secret
      name: "global-alertmanager-matrix-token"
--- a/infra-monitoring/templates/alertmanager/ntfy/release.yaml
+++ b/infra-monitoring/templates/alertmanager/ntfy/release.yaml
@ -1,7 +1,7 @@
 {{- with .Values.alertmanager.receiver.ntfy }}
 {{- if .enabled }}
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: "alertmanager-ntfy"
@ -20,7 +20,9 @@ spec:
    {{- toYaml $.Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml $.Values.commons.helm.release.upgrade | nindent 4 }}
-  interval: 5m
+  driftDetection:
+    {{- toYaml $.Values.commons.helm.release.driftDetection | nindent 4 }}
+  interval: 10m
  valuesFrom:
    - kind: Secret
      name: "global-alertmanager-ntfy-auth"
--- a/infra-monitoring/templates/exporter/blackbox/release.yaml
+++ b/infra-monitoring/templates/exporter/blackbox/release.yaml
@ -11,13 +11,14 @@ spec:
        kind: HelmRepository
        name: "prometheus-community"
      chart: "prometheus-blackbox-exporter"
-      interval: 10m
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:

--- a/infra-monitoring/templates/grafana/authentik-application.yaml
+++ b/infra-monitoring/templates/grafana/authentik-application.yaml
@ -3,7 +3,7 @@
  .Values.grafana.ingress.enabled
 }}
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: authentik-application-grafana
@ -16,7 +16,6 @@ spec:
        namespace: "flux-system"
      chart: "./authentik-application"
      reconcileStrategy: "Revision"
-      interval: 10m
  releaseName: authentik-application-infra-grafana
  targetNamespace: {{ .Values.commons.auth.namespace }}
  install:
@ -25,6 +24,8 @@ spec:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    {{- $url := default (printf "grafana.%s" .Values.commons.ingress.domain) .Values.grafana.ingress.host }}
--- a/infra-monitoring/templates/karma/authentik-application.yaml
+++ b/infra-monitoring/templates/karma/authentik-application.yaml
@ -3,7 +3,7 @@
  .Values.karma.enabled
 }}
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: authentik-application-karma
@ -16,7 +16,6 @@ spec:
        namespace: "flux-system"
      chart: "./authentik-application"
      reconcileStrategy: "Revision"
-      interval: 10m
  releaseName: authentik-application-infra-karma
  targetNamespace: {{ .Values.commons.auth.namespace }}
  install:
@ -25,6 +24,8 @@ spec:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    {{- $domain := .Values.karma.ingress.host | default (printf "karma.%s" .Values.commons.ingress.domain) }}
--- a/infra-monitoring/templates/karma/release.yaml
+++ b/infra-monitoring/templates/karma/release.yaml
@ -1,6 +1,6 @@
 {{- if .Values.karma.enabled }}
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: karma
@ -11,13 +11,14 @@ spec:
        kind: HelmRepository
        name: "wiremind"
      chart: "karma"
-      interval: 10m
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    configMap:
--- a/infra-monitoring/templates/karma/repo.yaml
+++ b/infra-monitoring/templates/karma/repo.yaml
@ -5,4 +5,4 @@ metadata:
  name: wiremind
 spec:
  url: https://wiremind.github.io/wiremind-helm-charts
-  interval: 10m0s
+  interval: 10m
--- a/infra-monitoring/templates/kube-prometheus-stack/release.yaml
+++ b/infra-monitoring/templates/kube-prometheus-stack/release.yaml
@ -1,5 +1,5 @@
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: kube-prometheus-stack
@ -10,13 +10,14 @@ spec:
        kind: HelmRepository
        name: "prometheus-community"
      chart: "kube-prometheus-stack"
-      interval: 10m
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    commonLabels:
--- a/infra-monitoring/templates/prometheus/authentik-application.yaml
+++ b/infra-monitoring/templates/prometheus/authentik-application.yaml
@ -3,7 +3,7 @@
  .Values.prometheus.ingress.enabled
 }}
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: authentik-application-prometheus
@ -16,7 +16,6 @@ spec:
        namespace: "flux-system"
      chart: "./authentik-application"
      reconcileStrategy: "Revision"
-      interval: 10m
  releaseName: authentik-application-infra-prometheus
  targetNamespace: {{ .Values.commons.auth.namespace }}
  install:
@ -25,6 +24,8 @@ spec:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    {{- $domain := .Values.prometheus.ingress.host | default (printf "prometheus.%s" .Values.commons.ingress.domain) }}
--- a/infra-monitoring/templates/repo.yaml
+++ b/infra-monitoring/templates/repo.yaml
@ -5,4 +5,4 @@ metadata:
  name: prometheus-community
 spec:
  url: https://prometheus-community.github.io/helm-charts/
-  interval: 10m0s
+  interval: 10m
--- a/infra-monitoring/values.yaml
+++ b/infra-monitoring/values.yaml
@ -18,6 +18,7 @@ commons:
      install: {}
      test: {}
      upgrade: {}
+      driftDetection: {}

  ingress:
    domain: "wrenix.eu"
--- a/infra-trivy/templates/release.yaml
+++ b/infra-trivy/templates/release.yaml
@ -1,5 +1,5 @@
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: trivy-operator
@ -11,13 +11,14 @@ spec:
        name: "aqua"
      chart: "trivy-operator"
      version: "0.18.4"
-      interval: 10m
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  postRenderers:
    - kustomize:
--- a/infra-trivy/templates/repo.yaml
+++ b/infra-trivy/templates/repo.yaml
@ -5,4 +5,4 @@ metadata:
  name: aqua
 spec:
  url: https://aquasecurity.github.io/helm-charts/
-  interval: 10m0s
+  interval: 10m
--- a/infra-trivy/values.yaml
+++ b/infra-trivy/values.yaml
@ -8,6 +8,7 @@ commons:
      install: {}
      test: {}
      upgrade: {}
+      driftDetection: {}

  prometheus:
    alertmanager:
--- a/mycloud-authentik/templates/release.yaml
+++ b/mycloud-authentik/templates/release.yaml
@ -1,5 +1,5 @@
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: "{{ .Release.Name }}-hr"
@ -10,13 +10,14 @@ spec:
        kind: HelmRepository
        name: "authentik"
      chart: "authentik"
-      interval: 10m
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    authentik:
--- a/mycloud-authentik/templates/repo.yaml
+++ b/mycloud-authentik/templates/repo.yaml
@ -5,4 +5,4 @@ metadata:
  name: authentik
 spec:
  url: https://charts.goauthentik.io
-  interval: 10m0s
+  interval: 10m
--- a/mycloud-authentik/values.yaml
+++ b/mycloud-authentik/values.yaml
@ -22,6 +22,7 @@ commons:
      install: {}
      test: {}
      upgrade: {}
+      driftDetection: {}

  ingress:
    domain: "wrenix.eu"
--- a/mycloud-services/templates/postgresql/release.yaml
+++ b/mycloud-services/templates/postgresql/release.yaml
@ -1,5 +1,5 @@
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: mycloud-services-postgresql
@ -12,7 +12,6 @@ spec:
        namespace: "flux-system"
      chart: "./postgresql"
      reconcileStrategy: "Revision"
-      interval: 10m
  releaseName: mycloud-services-postgresql
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
@ -20,6 +19,8 @@ spec:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  valuesFrom:
    - kind: Secret
--- a/mycloud-services/values.yaml
+++ b/mycloud-services/values.yaml
@ -12,6 +12,7 @@ commons:
      install: {}
      test: {}
      upgrade: {}
+      driftDetection: {}

 postgresql:
  persistence: