Add init files

eksctl-clusters/clusters/run-playwright-tests-6357874713-eksctl-cluster.yaml

@@ -0,0 +1,63 @@
+apiVersion: eksctl.io/v1alpha5
+kind: ClusterConfig
+
+metadata:
+  name: run-playwright-tests-6357874713
+  region: eu-north-1
+  version: "1.27"
+  tags:
+    environment: "run-playwright-tests-6357874713"
+    delete-after: "7"
+    team: "timberwolf"
+
+iam:
+  withOIDC: true
+  serviceRoleARN: "arn:aws:iam::894516026745:role/WeaveEksClusterRole"
+  serviceAccounts:
+  - metadata:
+      name: kustomize-controller
+      namespace: flux-system
+    attachPolicyARNs:
+    - "arn:aws:iam::894516026745:policy/WeaveSopsKmsDecrypt"
+    roleName: eksctl-run-playwright-tests-6357874713-sops-decrypt-role
+    roleOnly: true
+  - metadata:
+      name: external-dns
+      namespace: external-dns
+    attachPolicyARNs:
+    - "arn:aws:iam::894516026745:policy/AllowExternalDNSUpdates"
+    roleName: eksctl-run-playwright-tests-6357874713-route53-external-dns-role
+    roleOnly: false # create role and annotated service account
+
+# Enable private access to the API server.
+vpc:
+  clusterEndpoints:
+    privateAccess: true
+    publicAccess: true
+
+nodeGroups:
+  - name: run-playwright-tests-6357874713-ng-1
+    instanceType: t3.medium
+    minSize: 3
+    maxSize: 3
+    desiredCapacity: 3
+    volumeSize: 10
+    privateNetworking: true
+    tags:
+      environment: "run-playwright-tests-6357874713"
+      delete-after: "7"
+      team: "timberwolf"
+    propagateASGTags: true
+    iam:
+      instanceProfileARN: "arn:aws:iam::894516026745:instance-profile/WeaveEksWorkerNodeRole"
+
+gitops:
+  flux:
+    gitProvider: github
+    flags:
+      owner: "weaveworks"
+      repository: "clusters-config"
+      private: "true"
+      branch: "cluster-run-playwright-tests-6357874713"
+      namespace: "flux-system"
+      path: "eksctl-clusters/clusters/run-playwright-tests-6357874713"

eksctl-clusters/clusters/run-playwright-tests-6357874713/common-kustomization.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: common
+  namespace: flux-system
+spec:
+  interval: 30s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./eksctl-clusters/apps/common
+  prune: true
+  postBuild:
+    substitute:
+      CLUSTER_NAME: run-playwright-tests-6357874713
+      SSL_CERTIFICATE_ARN: arn:aws:acm:eu-north-1:894516026745:certificate/5f8813f2-b630-4d0d-8c34-8fb68ec166ac

eksctl-clusters/clusters/run-playwright-tests-6357874713/enterprise-kustomization.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: enterprise
+  namespace: flux-system
+spec:
+  interval: 30s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./eksctl-clusters/apps/enterprise
+  prune: true
+  postBuild:
+    substitute:
+      CLUSTER_NAME: run-playwright-tests-6357874713
+      BRANCH_NAME: cluster-run-playwright-tests-6357874713
+      CHART_REPO: https://charts.dev.wkp.weave.works/dev/branches/main

eksctl-clusters/clusters/run-playwright-tests-6357874713/flux-system/kustomization.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - gotk-components.yaml
+  - gotk-sync.yaml
+patches:
+  - patch: |
+      apiVersion: v1
+      kind: ServiceAccount
+      metadata:
+        name: kustomize-controller
+        annotations:
+          eks.amazonaws.com/role-arn: arn:aws:iam::894516026745:role/eksctl-run-playwright-tests-6357874713-sops-decrypt-role
+    target:
+      kind: ServiceAccount
+      name: kustomize-controller

eksctl-clusters/clusters/run-playwright-tests-6357874713/policies-kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: policies
+  namespace: flux-system
+spec:
+  interval: 30s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./eksctl-clusters/policies/
+  prune: true
+  dependsOn:
+    - name: enterprise

eksctl-clusters/clusters/run-playwright-tests-6357874713/secrets-kustomization.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: shared-secrets
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./eksctl-clusters/shared-secrets
+  prune: true
+  decryption:
+    provider: sops
+  postBuild:
+    substitute:
+      ISSUER_URL: aHR0cHM6Ly9ydW4tcGxheXdyaWdodC10ZXN0cy02MzU3ODc0NzEzLWRleC5lbmctc2FuZGJveC53ZWF2ZS53b3Jrcw==
+      REDIRECT_URL: aHR0cHM6Ly9ydW4tcGxheXdyaWdodC10ZXN0cy02MzU3ODc0NzEzLmVuZy1zYW5kYm94LndlYXZlLndvcmtzL29hdXRoMi9jYWxsYmFjaw==

eksctl-clusters/clusters/run-playwright-tests-6357874713/violating-apps/violating-app-manifest.yaml

@@ -0,0 +1,77 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: violating-podinfo
+  namespace: default
+spec:
+  minReadySeconds: 3
+  revisionHistoryLimit: 5
+  progressDeadlineSeconds: 60
+  strategy:
+    rollingUpdate:
+      maxUnavailable: 0
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: violating-podinfo
+  template:
+    metadata:
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "9797"
+      labels:
+        app: violating-podinfo
+    spec:
+      containers:
+      - name: violating-podinfo
+        imagePullPolicy: Always
+        image: ghcr.io/stefanprodan/podinfo:latest
+        securityContext:
+          allowPrivilegeEscalation: true
+        ports:
+        - name: http
+          containerPort: 9898
+          protocol: TCP
+        - name: http-metrics
+          containerPort: 9797
+          protocol: TCP
+        - name: grpc
+          containerPort: 9999
+          protocol: TCP
+        command:
+        - ./podinfo
+        - --port=9898
+        - --port-metrics=9797
+        - --grpc-port=9999
+        - --grpc-service-name=podinfo
+        - --level=info
+        - --random-delay=false
+        - --random-error=false
+        env:
+        - name: PODINFO_UI_COLOR
+          value: "#34577c"
+        livenessProbe:
+          exec:
+            command:
+            - podcli
+            - check
+            - http
+            - localhost:9898/healthz
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+        readinessProbe:
+          exec:
+            command:
+            - podcli
+            - check
+            - http
+            - localhost:9898/readyz
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+        resources:
+          limits:
+            cpu: 2000m
+            memory: 512Mi
+          requests:
+            cpu: 100m
+            memory: 64Mi

eksctl-clusters/clusters/run-playwright-tests-6357874713/violating-podinfo-kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: violating-podinfo
+  namespace: default
+spec:
+  interval: 10m
+  targetNamespace: default
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  path: ./eksctl-clusters/clusters/run-playwright-tests-6357874713/violating-apps
+  prune: true
+  timeout: 1m