Add init files

weaveworks · Aug 3, 2023 · 481cfba · 481cfba
1 parent 5ddff82
commit 481cfba
Show file tree

Hide file tree

Showing 9 changed files with 498 additions and 0 deletions.
diff --git a/eksctl-clusters/clusters/run-playwright-tests-5749908950-eksctl-cluster.yaml b/eksctl-clusters/clusters/run-playwright-tests-5749908950-eksctl-cluster.yaml
@@ -0,0 +1,63 @@
+apiVersion: eksctl.io/v1alpha5
+kind: ClusterConfig
+
+metadata:
+  name: run-playwright-tests-5749908950
+  region: eu-north-1
+  version: "1.24"
+  tags:
+    environment: "run-playwright-tests-5749908950"
+    delete-after: "7"
+    team: "timberwolf"
+
+iam:
+  withOIDC: true
+  serviceRoleARN: "arn:aws:iam::894516026745:role/WeaveEksClusterRole"
+  serviceAccounts:
+  - metadata:
+      name: kustomize-controller
+      namespace: flux-system
+    attachPolicyARNs:
+    - "arn:aws:iam::894516026745:policy/WeaveSopsKmsDecrypt"
+    roleName: eksctl-run-playwright-tests-5749908950-sops-decrypt-role
+    roleOnly: true
+  - metadata:
+      name: external-dns
+      namespace: external-dns
+    attachPolicyARNs:
+    - "arn:aws:iam::894516026745:policy/AllowExternalDNSUpdates"
+    roleName: eksctl-run-playwright-tests-5749908950-route53-external-dns-role
+    roleOnly: false # create role and annotated service account
+
+# Enable private access to the API server.
+vpc:
+  clusterEndpoints:
+    privateAccess: true
+    publicAccess: true
+
+nodeGroups:
+  - name: run-playwright-tests-5749908950-ng-1
+    instanceType: t3.medium
+    minSize: 3
+    maxSize: 3
+    desiredCapacity: 3
+    volumeSize: 10
+    privateNetworking: true
+    tags:
+      environment: "run-playwright-tests-5749908950"
+      delete-after: "7"
+      team: "timberwolf"
+    propagateASGTags: true
+    iam:
+      instanceProfileARN: "arn:aws:iam::894516026745:instance-profile/WeaveEksWorkerNodeRole"
+
+gitops:
+  flux:
+    gitProvider: github
+    flags:
+      owner: "weaveworks"
+      repository: "clusters-config"
+      private: "true"
+      branch: "cluster-run-playwright-tests-5749908950"
+      namespace: "flux-system"
+      path: "eksctl-clusters/clusters/run-playwright-tests-5749908950"
diff --git a/eksctl-clusters/clusters/run-playwright-tests-5749908950/common-kustomization.yaml b/eksctl-clusters/clusters/run-playwright-tests-5749908950/common-kustomization.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: common
+  namespace: flux-system
+spec:
+  interval: 30s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./eksctl-clusters/apps/common
+  prune: true
+  validation: client
+  postBuild:
+    substitute:
+      CLUSTER_NAME: run-playwright-tests-5749908950
+      SSL_CERTIFICATE_ARN: arn:aws:acm:eu-north-1:894516026745:certificate/5f8813f2-b630-4d0d-8c34-8fb68ec166ac
diff --git a/eksctl-clusters/clusters/run-playwright-tests-5749908950/enterprise-kustomization.yaml b/eksctl-clusters/clusters/run-playwright-tests-5749908950/enterprise-kustomization.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: enterprise
+  namespace: flux-system
+spec:
+  interval: 30s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./eksctl-clusters/apps/enterprise
+  prune: true
+  validation: client
+  postBuild:
+    substitute:
+      CLUSTER_NAME: run-playwright-tests-5749908950
+      BRANCH_NAME: cluster-run-playwright-tests-5749908950
+      CHART_REPO: https://charts.dev.wkp.weave.works/dev/branches/main
diff --git a/eksctl-clusters/clusters/run-playwright-tests-5749908950/flux-system/gotk-components.yaml b/eksctl-clusters/clusters/run-playwright-tests-5749908950/flux-system/gotk-components.yaml
diff --git a/eksctl-clusters/clusters/run-playwright-tests-5749908950/flux-system/gotk-sync.yaml b/eksctl-clusters/clusters/run-playwright-tests-5749908950/flux-system/gotk-sync.yaml
diff --git a/eksctl-clusters/clusters/run-playwright-tests-5749908950/flux-system/kustomization.yaml b/eksctl-clusters/clusters/run-playwright-tests-5749908950/flux-system/kustomization.yaml
@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - gotk-components.yaml
+  - gotk-sync.yaml
+patches:
+  - patch: |
+      apiVersion: v1
+      kind: ServiceAccount
+      metadata:
+        name: kustomize-controller
+        annotations:
+          eks.amazonaws.com/role-arn: arn:aws:iam::894516026745:role/eksctl-run-playwright-tests-5749908950-sops-decrypt-role
+    target:
+      kind: ServiceAccount
+      name: kustomize-controller
diff --git a/eksctl-clusters/clusters/run-playwright-tests-5749908950/policies-kustomization.yaml b/eksctl-clusters/clusters/run-playwright-tests-5749908950/policies-kustomization.yaml
@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: policies
+  namespace: flux-system
+spec:
+  interval: 30s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./eksctl-clusters/policies/
+  prune: true
+  validation: client
+  dependsOn:
+    - name: enterprise
diff --git a/eksctl-clusters/clusters/run-playwright-tests-5749908950/secrets-kustomization.yaml b/eksctl-clusters/clusters/run-playwright-tests-5749908950/secrets-kustomization.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: shared-secrets
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./eksctl-clusters/shared-secrets
+  prune: true
+  decryption:
+    provider: sops
+  postBuild:
+    substitute:
+      ISSUER_URL: aHR0cHM6Ly9ydW4tcGxheXdyaWdodC10ZXN0cy01NzQ5OTA4OTUwLWRleC5lbmctc2FuZGJveC53ZWF2ZS53b3Jrcw==
+      REDIRECT_URL: aHR0cHM6Ly9ydW4tcGxheXdyaWdodC10ZXN0cy01NzQ5OTA4OTUwLmVuZy1zYW5kYm94LndlYXZlLndvcmtzL29hdXRoMi9jYWxsYmFjaw==