Update structure for Flux 2.7

Signed-off-by: Stefan Prodan <[email protected]>

Author: stefanprodan

.github/workflows/e2e.yaml

@@ -11,15 +11,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
       - name: Setup Flux
         uses: fluxcd/flux2/action@main
       - name: Setup Kubernetes
-        uses: helm/kind-action@v1.7.0
+        uses: helm/kind-action@v1.12.0
         with:
           cluster_name: flux
+          version: v0.30.0
+          node_image: kindest/node:v1.33.4
       - name: Install Flux in Kubernetes Kind
-        run: flux install
+        run: flux install --components-extra source-watcher
       - name: Setup cluster reconciliation
         run: |
           flux create source git flux-system \
@@ -38,6 +40,8 @@ jobs:
       - name: Verify helm reconciliation
         run: |
           kubectl -n podinfo wait helmrelease/podinfo --for=condition=ready --timeout=5m
+      - name: List deployed resources
+        run: flux tree ks flux-system
       - name: Debug failure
         if: failure()
         run: |

.github/workflows/test.yaml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
       - name: Setup yq
         uses: fluxcd/pkg/actions/yq@main
       - name: Setup kubeconform

README.md

@@ -122,7 +122,7 @@ spec:
         - host: podinfo.staging
 ```
 
-Note that with ` version: ">=1.0.0-alpha"` we configure Flux to automatically upgrade
+Note that with `version: ">=1.0.0-alpha"` we configure Flux to automatically upgrade
 the `HelmRelease` to the latest chart version including alpha, beta and pre-releases.
 
 In **apps/production/** dir we have a Kustomize patch with the production specific values:

clusters/staging/apps.yaml

@@ -1,16 +1,18 @@
+---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
   name: apps
   namespace: flux-system
 spec:
-  interval: 10m0s
   dependsOn:
     - name: infra-configs
+  interval: 1h
+  retryInterval: 2m
+  timeout: 5m
   sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./apps/staging
+    kind: ExternalArtifact
+    name: apps
+  path: ./staging
   prune: true
   wait: true
-  timeout: 5m0s

clusters/staging/artifacts.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: source.extensions.fluxcd.io/v1beta1
+kind: ArtifactGenerator
+metadata:
+  name: flux-system
+  namespace: flux-system
+spec:
+  sources:
+    - alias: monorepo
+      kind: GitRepository
+      name: flux-system
+  artifacts:
+    - name: infrastructure
+      originRevision: "@monorepo"
+      copy:
+        - from: "@monorepo/infrastructure/**"
+          to: "@artifact/"
+    - name: apps
+      originRevision: "@monorepo"
+      copy:
+        - from: "@monorepo/apps/**"
+          to: "@artifact/"

clusters/staging/infrastructure.yaml

@@ -6,12 +6,12 @@ metadata:
   namespace: flux-system
 spec:
   interval: 1h
-  retryInterval: 1m
+  retryInterval: 2m
   timeout: 5m
   sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./infrastructure/controllers
+    kind: ExternalArtifact
+    name: infrastructure
+  path: ./controllers
   prune: true
   wait: true
 ---
@@ -24,12 +24,12 @@ spec:
   dependsOn:
     - name: infra-controllers
   interval: 1h
-  retryInterval: 1m
+  retryInterval: 2m
   timeout: 5m
   sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./infrastructure/configs
+    kind: ExternalArtifact
+    name: infrastructure
+  path: ./configs
   prune: true
   patches:
     - patch: |

infrastructure/controllers/cert-manager.yaml

@@ -7,30 +7,37 @@ metadata:
     toolkit.fluxcd.io/tenant: sre-team
 ---
 apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
+kind: OCIRepository
 metadata:
   name: cert-manager
   namespace: cert-manager
 spec:
   interval: 24h
-  url: https://charts.jetstack.io
+  url: oci://quay.io/jetstack/charts/cert-manager
+  layerSelector:
+    mediaType: "application/vnd.cncf.helm.chart.content.v1.tar+gzip"
+    operation: copy
+  ref:
+    semver: "1.x"
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: cert-manager
   namespace: cert-manager
 spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: cert-manager
-      version: "1.x"
-      sourceRef:
-        kind: HelmRepository
-        name: cert-manager
-        namespace: cert-manager
-      interval: 12h
+  interval: 12h
+  install:
+    strategy:
+      name: RetryOnFailure
+      retryInterval: 2m
+  upgrade:
+    strategy:
+      name: RetryOnFailure
+      retryInterval: 3m
+  chartRef:
+    kind: OCIRepository
+    name: cert-manager
   values:
     crds:
       enabled: true

infrastructure/controllers/ingress-nginx.yaml

@@ -21,7 +21,18 @@ metadata:
   name: ingress-nginx
   namespace: ingress-nginx
 spec:
-  interval: 30m
+  dependsOn:
+    - name: cert-manager
+      namespace: cert-manager
+  interval: 12h
+  install:
+    strategy:
+      name: RetryOnFailure
+      retryInterval: 2m
+  upgrade:
+    strategy:
+      name: RetryOnFailure
+      retryInterval: 3m
   chart:
     spec:
       chart: ingress-nginx
@@ -33,7 +44,8 @@ spec:
       interval: 12h
   values:
     controller:
+      admissionWebhooks:
+        certManager:
+          enabled: true
       service:
         type: "NodePort"
-    admissionWebhooks:
-      enabled: false

scripts/validate.sh

@@ -20,9 +20,9 @@
 # limitations under the License.
 
 # Prerequisites
-# - yq v4.34
-# - kustomize v5.3
-# - kubeconform v0.6
+# - yq v4.48
+# - kustomize v5.7
+# - kubeconform v0.7
 
 set -o errexit
 set -o pipefail