feat: Update structure, and add Cilium to local env

k8s/bases/infrastructure/controllers/cilium/README.md

@@ -0,0 +1,6 @@
+# Cilium
+
+Cilium is ebpf-based CNI (Container Network Interface) for Kubernetes, providing advanced networking, security, and observability features.
+
+- [Documentation](https://docs.cilium.io/en/stable/)
+- [Helm Chart](https://github.com/cilium/cilium/blob/main/install/kubernetes/cilium)

k8s/bases/infrastructure/controllers/cilium/helm-release.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: cilium
+  namespace: kube-system
+spec:
+  chart:
+    spec:
+      chart: cilium
+      version: v1.17.3
+      sourceRef:
+        kind: HelmRepository
+        name: cilium
+  interval: 10m0s
+  # https://github.com/cilium/cilium/blob/main/install/kubernetes/cilium/values.yaml
+  values:
+    ipam:
+      mode: kubernetes
+    kubeProxyReplacement: true
+    gatewayAPI:
+      enabled: true
+      enableAlpn: true

k8s/bases/infrastructure/controllers/cilium/helm-repository.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: cilium
+  namespace: kube-system
+spec:
+  url: https://helm.cilium.io/

k8s/bases/infrastructure/controllers/cilium/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm-release.yaml
+  - helm-repository.yaml

k8s/bases/infrastructure/controllers/kustomization.yaml

@@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - cert-manager/
+  - cilium/

k8s/clusters/dev/apps/flux-kustomization.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: apps
+  namespace: flux-system
+spec:
+  interval: 60m
+  timeout: 3m
+  retryInterval: 2m
+  sourceRef:
+    kind: OCIRepository
+    name: flux-system
+  path: clusters/dev/apps/
+  prune: true
+  wait: true
+  force: true

k8s/clusters/dev/apps/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../distributions/talos/infrastructure

k8s/clusters/dev/infrastructure/controllers/flux-kustomization.yaml

@@ -0,0 +1,29 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: infrastructure-controllers
+  namespace: flux-system
+spec:
+  interval: 5m
+  timeout: 2m
+  retryInterval: 1m
+  path: clusters/dev/infrastructure/controllers/
+  sourceRef:
+    kind: OCIRepository
+    name: flux-system
+  dependsOn:
+    - name: variables
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: variables-dev
+      - kind: Secret
+        name: variables-dev-sensitive
+  wait: true
+  prune: true
+  force: true

k8s/clusters/dev/infrastructure/controllers/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../distributions/talos/infrastructure/controllers

k8s/clusters/dev/infrastructure/flux-kustomization.yaml

@@ -0,0 +1,30 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: infrastructure
+  namespace: flux-system
+spec:
+  interval: 5m
+  timeout: 2m
+  retryInterval: 1m
+  path: clusters/dev/infrastructure/
+  sourceRef:
+    kind: OCIRepository
+    name: flux-system
+  dependsOn:
+    - name: variables
+    - name: infrastructure-controllers
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: variables-dev
+      - kind: Secret
+        name: variables-dev-sensitive
+  wait: true
+  prune: true
+  force: true

k8s/clusters/dev/infrastructure/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../distributions/talos/infrastructure

k8s/clusters/dev/kustomization.yaml

@@ -1,4 +1,7 @@
 ---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-resources: []
+resources:
+  - infrastructure/controllers/flux-kustomization.yaml
+  - infrastructure/flux-kustomization.yaml
+  - variables/flux-kustomization.yaml

k8s/clusters/dev/variables/config-map.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: variables-dev
+  namespace: flux-system
+data:
+  domain: dev.devantler.tech
+  github_app_client_id: Iv23liZ8GHRgpx32Em2y

k8s/clusters/dev/variables/flux-kustomization.yaml

@@ -0,0 +1,20 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: variables
+  namespace: flux-system
+spec:
+  interval: 5m
+  timeout: 2m
+  retryInterval: 1m
+  path: clusters/dev/variables/
+  sourceRef:
+    kind: OCIRepository
+    name: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+  wait: true
+  prune: true
+  force: true

k8s/clusters/dev/variables/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../distributions/talos/variables
+  - config-map.yaml
+  - secret.enc.yaml

k8s/clusters/dev/variables/secret.enc.yaml

@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: variables-dev-sensitive
+    namespace: flux-system
+stringData:
+    dex_client_secret: ENC[AES256_GCM,data:+e5Ci4m7nMWUpkDT42brDaehqE0=,iv:vt18z7crgtdhsa2L371GLCv/acPnD3hNS5ZA2ZktAgw=,tag:nPQRcUHivbfwg98P0hP+6Q==,type:str]
+    github_app_client_secret: ENC[AES256_GCM,data:ElSZ3N+pvXNWarUiBazdBYme7LGCbbSOCGXpgutMJ8Agt+SHBaCaIw==,iv:TQVSBXGdRdyMGUXUP3YMZjpw4GF/jvA+9Bro2al0sNs=,tag:99sUHhgeVxgvmpXIuRfZ/A==,type:str]
+    github_app_private_key: ENC[AES256_GCM,data:+uRkDbVKduvgExe15gaue3/Mr5MGLIyiJJsjbhQBbfeRPU0wsGc0Vrcyj+4eFUjloTBB0R29I/rsZrhDE0B9L+tF59YYK1uFn5Uc+MsNkxdwxpJ4XXZPBlMsfwclLZxtncm9BhP950PQnY/5VN2Fb53BGp+xDBv42ARkT2T2qjrYzogO3uOefMv5GqL4UX2Qxj+pRjw6VelUMUNSHFKCFBQ7DDl3eI2dhIfqT0ZwxxVBxvIgNdBnEKgzQgblWz8xpyNIeFHFscTWnpoY4xgMwJJOzdCwq7IV4zhmmzxAv339VmUi2jUE055ZvyX1D7mxGontQbjuJn7uFW8Z5b0ov8A3PMa6CuEycEKvymYhKG07s3KsUZvegtKheV4L33l/3LPUPHV9T8uIYfyImcJ8fJj5C/indawdxQDMpyDN5+KuSkc/AP4Xtte4YWdNXUxmo0SxsR0HOR0VsBCIOetVnkB5WBtDXI9hTCMGDS3QZ5PoHTjQtyvZdFBrS4sv8g3tsvNmuHCcfZ6s6qo6FQ65/ZJmzSWJ6BM8H/iIJWiLDFiDIAG1XiZNqr8GRSP/jzYcTTma6sh9ST7DmdAlAeSigV/Shn8IFLKmfXxlMUMEBnPoHbOeqIpLPxDZPOlr7CiYHPE7y6gjswVNfAb1KyU7HiLzDQdtwR7VMjghJ5bAJu+erBhSb3oMU/yecBCOnTCgZStV7Qn86DWflaWa/rdn7hC4elsMYGrfbocERef2AWRFQS3ZdmjczlLc2nEspiRPEdrw3SqPEr7MduHA0nHg/OPe7+OTbXevBp0/hNXLh8Jdbk63B3RqE2+aSvSal49n8bdLlK+S8F4UKTecxtIuhMGcmU7FLcgAjuFBda0FQqC8yMEaWSzmAfLybXQuEZxlHIMKc44ODpqVdT4y9mqQuS30tz0+UnXGYOzkPqmq75p46yltIj29ZoZ1mvQjBQ2ZU8dOLOIX1ouGu417cvpMq8qG4iFL9cfW6xzrwbMC8tlLh7tC2fYgtbqf1/JPRmraJCCqiWCwZaaihTcoEy/1yWmmreGjfNMbpyaauyzJ+8OnUq5bk91nP57PHaLPsHFrphNrjyGIhFh73+3rCZrwkfyf9BOpxNyXtNXFPlLTw6r22u1tr/qSPdvElcIWlxOrSX54b9lettgFB0SSPe6hJxr5afmaErAVG6uwxcrTaGhFuVDJ4FZTCV1ws8i9Q8txM7prvV8xmwf0zuG2eUjWcZfUEiZlZ9GVCSsPVqnHXuoSXEPiGGAKY3t3d+oVuVsenfk4LK/srJGBYUrahdG7TGEhMHgMyhd++/y02S+93oxJdGIwYwpZbHca/n0asEs8m8mwirs2+Fj+zAC9JOjo3F7ew4Plh63hkJC3j2bOXY4yD0gwNjrr9TyEkLlj06354TGVzlnmpkIRl2r8PwZdOtDrHWh1zMutMKYv2D+ws9nOqKjzE0Zf6hVI1XIbn471gVvMkVvxeMq8A//txNF5g0eYDBlY8iBZ3//dbhCWiY4MFPAkCC4+6QEkbSsGNqbnDZPwPMQm1zXrrF6hJpC4Oc6elo0wPk85hzdoyqTBE0XFEpgsvDFAeyEowNYFGaBMC6vM7snxfJvH4f3X8Kro74i9ImAO+DpviiMhT5NoYCstLkyYklzn/XEsN+EOMNq6p9CvDI3X3IYucI6julbAH6XgCYcetPPN0UdXtGn4eh7X1Y9ZG1xfI1xP7122y/OClx+LjhxRw/Tuw3uVgzo6pSC10TCXqEhmpO3kKlGKd09z3vTBpFueG2rCTpZ4MmrrLXdFCu2o7Z2jbzM0iD8MYl6LQ5FmWGyUWMSfkY8FQLOqRUklP/Uh9ZHQEf1yxR1JNcTSrzyqrP4l66js4q8hVxw/T9DJnOtDIF6dOk81K4GDRF8J/0j2ikMgeunESyblXsVomSjZkchSbjgfKpAagLqS1koBbflkU0NrVsqHCF0ZjiGFlkAGtfbTrUPLTMAR17r4QbJ5zqq3/ROjhS476GS8xiqZm4UnfX4LXezVEKMF4Y++IvbLkZ5SsV3a6+aL9yF+v0eQcA56Bb8MYag9KB7kkvWIfKbJcS+hINAChRABjzSSY0RHlPjeN4+6fyEbvAlllaRIO45s4vdIJOjvdTgtCJ4CMcWW5XGMRYshrypKi5sA/Na6SCKS6G8yvBmg+QuTJpaYm0XfFBYIsVikBknWNxHuTlzMbcbznlj6fX2WDIG/zPTBp5Jlpw==,iv:/tby64GY0Q5UPkbg0w81YT6aOBiTNyDBKFFgLB0T1WA=,tag:HZ8/bnRqeO0cFfSPffzhaw==,type:str]
+sops:
+    age:
+        - recipient: age1fqcl89lrl8daucdkn7xstjhv9mcxk39m59a9mhvw0g3j24kjmu6qcaxpp7
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5b20wRER4SWdWdVgwTXpF
+            ZWxqTExtOFpFc2dpQ2l4bkNPRVZ4R3MyUVVnCnhUYkgxL1UxWGV6ZXBDb2xyQjZq
+            akJyVzdneUlPaXltNjhpYy9QbWtLVVkKLS0tIDFJUW54QUoxbXh5ZUNRcXBWRWI1
+            OE1CVEVqRVBjT3Jqckc1L0gwZ1JTdk0KGKF8qlUINhdrzW3JuplBqQ52s4PfbSo9
+            8HBAS+DlVet6PrlaolKlNjI5qL0u4FZfPwub6AXrI0jIq8XwEGzj/g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-05-09T15:47:43Z"
+    mac: ENC[AES256_GCM,data:Zw3zc3sQ6jLMAfj3rkMFbXh86F94JeOmP3caFW+cpqaziPyydXahQ+296Q10n3ydivNbEq2EMEkgjut3fArpN6KTxxTQ3vagpeReq3kOlDqOwdKTAwZ+Xd1IkCvljdUigbpsUWn6pPKvzfrxQ5UiOsA3J4re3ngndrKUqypW98s=,iv:qblri7AXEtDDKAIGJCCRZwrFR8b7Syk3uQphPqQNtNA=,tag:OSYICwjt0IC1IChS+shezQ==,type:str]
+    encrypted_regex: ^(data|stringData)$
+    version: 3.10.2

k8s/clusters/local/apps/flux-kustomization.yaml

@@ -11,7 +11,7 @@ spec:
   sourceRef:
     kind: OCIRepository
     name: flux-system
-  path: clusters/local/apps
+  path: clusters/local/apps/
   prune: true
   wait: true
   force: true

k8s/clusters/local/infrastructure/controllers/flux-kustomization.yaml

@@ -0,0 +1,29 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: infrastructure-controllers
+  namespace: flux-system
+spec:
+  interval: 5m
+  timeout: 2m
+  retryInterval: 1m
+  path: clusters/local/infrastructure/controllers/
+  sourceRef:
+    kind: OCIRepository
+    name: flux-system
+  dependsOn:
+    - name: variables
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: variables-local
+      - kind: Secret
+        name: variables-local-sensitive
+  wait: true
+  prune: true
+  force: true

k8s/clusters/local/infrastructure/flux-kustomization.yaml

@@ -1,52 +1,20 @@
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
-metadata:
-  name: infrastructure-controllers
-  namespace: flux-system
-spec:
-  interval: 5m
-  timeout: 2m
-  retryInterval: 1m
-  path: clusters/local/infrastructure/controllers
-  sourceRef:
-    kind: OCIRepository
-    name: flux-system
-  dependsOn:
-    - name: variables
-      namespace: flux-system
-  decryption:
-    provider: sops
-    secretRef:
-      name: sops-age
-  postBuild:
-    substituteFrom:
-      - kind: ConfigMap
-        name: variables-local
-      - kind: Secret
-        name: variables-local-sensitive
-  wait: true
-  prune: true
-  force: true
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
 metadata:
   name: infrastructure
   namespace: flux-system
 spec:
   interval: 5m
   timeout: 2m
   retryInterval: 1m
-  path: clusters/local/infrastructure
+  path: clusters/local/infrastructure/
   sourceRef:
     kind: OCIRepository
     name: flux-system
   dependsOn:
     - name: variables
-      namespace: flux-system
     - name: infrastructure-controllers
-      namespace: flux-system
   decryption:
     provider: sops
     secretRef:

k8s/clusters/local/kustomization.yaml

@@ -2,5 +2,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  - infrastructure/controllers/flux-kustomization.yaml
   - infrastructure/flux-kustomization.yaml
   - variables/flux-kustomization.yaml

k8s/clusters/local/variables/flux-kustomization.yaml

@@ -7,7 +7,7 @@ spec:
   interval: 5m
   timeout: 2m
   retryInterval: 1m
-  path: clusters/local/variables
+  path: clusters/local/variables/
   sourceRef:
     kind: OCIRepository
     name: flux-system

k8s/distributions/kind/apps/kustomization.yaml

@@ -1,4 +1,5 @@
 ---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-resources: []
+resources:
+  - ../../../bases/apps/

k8s/distributions/kind/infrastructure/cluster-issuers/selfsigned-cluster-issuer.yaml

@@ -2,6 +2,5 @@ apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   name: selfsigned-cluster-issuer
-  namespace: cert-manager
 spec:
   selfSigned: {}

k8s/distributions/kind/infrastructure/controllers/kustomization.yaml

@@ -2,4 +2,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ../../../../bases/infrastructure/controllers
+  - ../../../../bases/infrastructure/controllers/

k8s/distributions/kind/infrastructure/kustomization.yaml

@@ -2,6 +2,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ../../../bases/infrastructure
+  - ../../../bases/infrastructure/
   - cluster-issuers/
   - traefik/

k8s/distributions/talos/apps/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../bases/apps/

k8s/distributions/talos/infrastructure/controllers/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources: []
+  #- ../../../../bases/infrastructure/controllers/

k8s/distributions/talos/infrastructure/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources: []
+  #- ../../../bases/infrastructure/

k8s/distributions/talos/variables/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../bases/variables/