feat!: refactor namespaces and add descheduler (#1110)

Signed-off-by: Devin Buhl <devin@buhl.casa>

bootstrap/tasks/addons/csi_driver_nfs.yaml

@@ -2,7 +2,7 @@
 - name: Set addon facts
   ansible.builtin.set_fact:
     addon_name: csi-driver-nfs
-    addon_namespace: kube-system
+    addon_namespace: storage
 
 - name: Ensure directories exist for {{ addon_namespace }}/{{ addon_name }}
   when: item.state == 'directory'

bootstrap/tasks/addons/grafana.yaml

@@ -2,7 +2,7 @@
 - name: Set addon facts
   ansible.builtin.set_fact:
     addon_name: grafana
-    addon_namespace: monitoring
+    addon_namespace: observability
 
 - name: Ensure directories exist for {{ addon_namespace }}/{{ addon_name }}
   when: item.state == 'directory'

bootstrap/tasks/addons/kube_prometheus_stack.yaml

@@ -2,7 +2,7 @@
 - name: Set addon facts
   ansible.builtin.set_fact:
     addon_name: kube-prometheus-stack
-    addon_namespace: monitoring
+    addon_namespace: observability
 
 - name: Ensure directories exist for {{ addon_namespace }}/{{ addon_name }}
   when: item.state == 'directory'

bootstrap/tasks/addons/kubernetes_dashboard.yaml

@@ -2,7 +2,7 @@
 - name: Set addon facts
   ansible.builtin.set_fact:
     addon_name: kubernetes-dashboard
-    addon_namespace: monitoring
+    addon_namespace: observability
 
 - name: Ensure directories exist for {{ addon_namespace }}/{{ addon_name }}
   when: item.state == 'directory'

bootstrap/tasks/addons/system_upgrade_controller.yaml

@@ -2,7 +2,7 @@
 - name: Set addon facts
   ansible.builtin.set_fact:
     addon_name: system-upgrade-controller
-    addon_namespace: kube-system
+    addon_namespace: tools
 
 - name: Ensure directories exist for {{ addon_namespace }}/{{ addon_name }}
   when: item.state == 'directory'

bootstrap/templates/addons/csi-driver-nfs/ks.yaml.j2

@@ -5,11 +5,11 @@ metadata:
   name: &app csi-driver-nfs
   namespace: flux-system
 spec:
-  targetNamespace: kube-system
+  targetNamespace: storage
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/kube-system/csi-driver-nfs/app
+  path: ./kubernetes/apps/storage/csi-driver-nfs/app
   prune: true
   sourceRef:
     kind: GitRepository

bootstrap/templates/addons/grafana/app/helmrelease.yaml.j2

@@ -25,7 +25,7 @@ spec:
     keepHistory: false
   dependsOn:
     - name: local-path-provisioner
-      namespace: kube-system
+      namespace: storage
   values:
     deploymentStrategy:
       type: Recreate
@@ -85,7 +85,7 @@ spec:
             type: prometheus
             uid: prometheus
             access: proxy
-            url: http://kube-prometheus-stack-prometheus.monitoring.svc.cluster.local:9090
+            url: http://kube-prometheus-stack-prometheus.observability.svc.cluster.local:9090
             jsonData:
               prometheusType: Prometheus
             isDefault: true

bootstrap/templates/addons/grafana/ks.yaml.j2

@@ -5,11 +5,11 @@ metadata:
   name: &app grafana
   namespace: flux-system
 spec:
-  targetNamespace: monitoring
+  targetNamespace: observability
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/monitoring/grafana/app
+  path: ./kubernetes/apps/observability/grafana/app
   prune: true
   sourceRef:
     kind: GitRepository

bootstrap/templates/addons/hajimari/app/helmrelease.yaml.j2

@@ -38,7 +38,7 @@ spec:
       namespaceSelector:
         matchNames:
           - default
-          - monitoring
+          - observability
     ingress:
       main:
         enabled: true

bootstrap/templates/addons/kube-prometheus-stack/app/helmrelease.yaml.j2

@@ -28,7 +28,7 @@ spec:
     keepHistory: false
   dependsOn:
     - name: local-path-provisioner
-      namespace: kube-system
+      namespace: storage
   valuesFrom:
     - name: kube-prometheus-stack-values
       kind: ConfigMap

bootstrap/templates/addons/kube-prometheus-stack/ks.yaml.j2

@@ -5,11 +5,11 @@ metadata:
   name: &app kube-prometheus-stack
   namespace: flux-system
 spec:
-  targetNamespace: monitoring
+  targetNamespace: observability
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/monitoring/kube-prometheus-stack/app
+  path: ./kubernetes/apps/observability/kube-prometheus-stack/app
   prune: true
   sourceRef:
     kind: GitRepository

bootstrap/templates/addons/kubernetes-dashboard/app/rbac.yaml.j2

@@ -1,5 +1,5 @@
 # For dashboard sign in token:
-# kubectl -n monitoring get secret kubernetes-dashboard -o jsonpath='{.data.token}' | base64 -d
+# kubectl -n observability get secret kubernetes-dashboard -o jsonpath='{.data.token}' | base64 -d
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -9,7 +9,7 @@ metadata:
     app.kubernetes.io/managed-by: Helm
   annotations:
     meta.helm.sh/release-name: kubernetes-dashboard
-    meta.helm.sh/release-namespace: monitoring
+    meta.helm.sh/release-namespace: observability
 secrets:
   - name: kubernetes-dashboard
 ---
@@ -22,7 +22,7 @@ metadata:
     app.kubernetes.io/managed-by: Helm
   annotations:
     meta.helm.sh/release-name: kubernetes-dashboard
-    meta.helm.sh/release-namespace: monitoring
+    meta.helm.sh/release-namespace: observability
     kubernetes.io/service-account.name: kubernetes-dashboard
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -36,4 +36,4 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: kubernetes-dashboard
-    namespace: monitoring
+    namespace: observability

bootstrap/templates/addons/kubernetes-dashboard/ks.yaml.j2

@@ -5,14 +5,14 @@ metadata:
   name: &app kubernetes-dashboard
   namespace: flux-system
 spec:
-  targetNamespace: monitoring
+  targetNamespace: observability
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
     - name: cert-manager
     - name: metrics-server
-  path: ./kubernetes/apps/monitoring/kubernetes-dashboard/app
+  path: ./kubernetes/apps/observability/kubernetes-dashboard/app
   prune: true
   sourceRef:
     kind: GitRepository

bootstrap/templates/addons/system-upgrade-controller/app/rbac.yaml.j2

@@ -25,4 +25,4 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: system-upgrade
-    namespace: kube-system
+    namespace: tools

bootstrap/templates/addons/system-upgrade-controller/ks.yaml.j2

@@ -5,11 +5,11 @@ metadata:
   name: &app system-upgrade-controller
   namespace: flux-system
 spec:
-  targetNamespace: kube-system
+  targetNamespace: tools
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/kube-system/system-upgrade-controller/app
+  path: ./kubernetes/apps/tools/system-upgrade-controller/app
   prune: true
   sourceRef:
     kind: GitRepository
@@ -25,13 +25,13 @@ metadata:
   name: &app system-upgrade-controller-plans
   namespace: flux-system
 spec:
-  targetNamespace: kube-system
+  targetNamespace: tools
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
     - name: system-upgrade-controller
-  path: ./kubernetes/apps/kube-system/system-upgrade-controller/plans
+  path: ./kubernetes/apps/tools/system-upgrade-controller/plans
   prune: true
   sourceRef:
     kind: GitRepository

bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml.j2

@@ -37,4 +37,4 @@ spec:
       enabled: true
       servicemonitor:
         enabled: true
-        prometheusInstance: monitoring
+        prometheusInstance: observability

bootstrap/templates/kubernetes/apps/kube-system/kustomization.yaml.j2

@@ -6,13 +6,4 @@ resources:
   - ./namespace.yaml
   - ./cilium/ks.yaml
   - ./coredns/ks.yaml
-  - ./local-path-provisioner/ks.yaml
   - ./metrics-server/ks.yaml
-  - ./reloader/ks.yaml
-  - ./snapshot-controller/ks.yaml
-  {% if csi_driver_nfs.enabled | default(false) %}
-  - ./csi-driver-nfs/ks.yaml
-  {% endif %}
-  {% if system_upgrade_controller.enabled | default(false) %}
-  - ./system-upgrade-controller/ks.yaml
-  {% endif %}

bootstrap/templates/kubernetes/apps/networking/cloudflared/app/configs/config.yaml.j2 → bootstrap/templates/kubernetes/apps/network/cloudflared/app/configs/config.yaml.j2

@@ -4,11 +4,11 @@ originRequest:
 
 ingress:
   - hostname: "${SECRET_DOMAIN}"
-    service: https://nginx-external-controller.networking.svc.cluster.local:443
+    service: https://nginx-external-controller.network.svc.cluster.local:443
     originRequest:
       originServerName: "external.${SECRET_DOMAIN}"
   - hostname: "*.${SECRET_DOMAIN}"
-    service: https://nginx-external-controller.networking.svc.cluster.local:443
+    service: https://nginx-external-controller.network.svc.cluster.local:443
     originRequest:
       originServerName: "external.${SECRET_DOMAIN}"
   - service: http_status:404

bootstrap/templates/kubernetes/apps/networking/cloudflared/ks.yaml.j2 → bootstrap/templates/kubernetes/apps/network/cloudflared/ks.yaml.j2

@@ -5,13 +5,13 @@ metadata:
   name: &app cloudflared
   namespace: flux-system
 spec:
-  targetNamespace: networking
+  targetNamespace: network
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
     - name: external-dns
-  path: ./kubernetes/apps/networking/cloudflared/app
+  path: ./kubernetes/apps/network/cloudflared/app
   prune: true
   sourceRef:
     kind: GitRepository

bootstrap/templates/kubernetes/apps/networking/echo-server/ks.yaml.j2 → bootstrap/templates/kubernetes/apps/network/echo-server/ks.yaml.j2

@@ -5,11 +5,11 @@ metadata:
   name: &app echo-server
   namespace: flux-system
 spec:
-  targetNamespace: networking
+  targetNamespace: network
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/networking/echo-server/app
+  path: ./kubernetes/apps/network/echo-server/app
   prune: true
   sourceRef:
     kind: GitRepository

bootstrap/templates/kubernetes/apps/networking/external-dns/ks.yaml.j2 → bootstrap/templates/kubernetes/apps/network/external-dns/ks.yaml.j2

@@ -5,11 +5,11 @@ metadata:
   name: &app external-dns
   namespace: flux-system
 spec:
-  targetNamespace: networking
+  targetNamespace: network
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/networking/external-dns/app
+  path: ./kubernetes/apps/network/external-dns/app
   prune: true
   sourceRef:
     kind: GitRepository

bootstrap/templates/kubernetes/apps/networking/k8s-gateway/ks.yaml.j2 → bootstrap/templates/kubernetes/apps/network/k8s-gateway/ks.yaml.j2

@@ -5,11 +5,11 @@ metadata:
   name: &app k8s-gateway
   namespace: flux-system
 spec:
-  targetNamespace: networking
+  targetNamespace: network
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/networking/k8s-gateway/app
+  path: ./kubernetes/apps/network/k8s-gateway/app
   prune: true
   sourceRef:
     kind: GitRepository

bootstrap/templates/kubernetes/apps/volsync/namespace.yaml.j2 → bootstrap/templates/kubernetes/apps/network/namespace.yaml.j2

@@ -2,6 +2,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: volsync
+  name: network
   labels:
     kustomize.toolkit.fluxcd.io/prune: disabled

bootstrap/templates/kubernetes/apps/networking/nginx/external/helmrelease.yaml.j2 → bootstrap/templates/kubernetes/apps/network/nginx/external/helmrelease.yaml.j2

@@ -4,7 +4,6 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
   name: nginx-external
-  namespace: &namespace networking
 spec:
   interval: 30m
   chart:
@@ -27,7 +26,7 @@ spec:
     keepHistory: false
   dependsOn:
     - name: cloudflared
-      namespace: networking
+      namespace: network
   values:
     fullnameOverride: nginx-external
     controller:
@@ -70,14 +69,13 @@ spec:
         enabled: true
         serviceMonitor:
           enabled: true
-          namespace: *namespace
           namespaceSelector:
             any: true
       extraArgs:
         {% if bootstrap_acme_production_enabled | default(false) %}
-        default-ssl-certificate: "networking/${SECRET_DOMAIN/./-}-production-tls"
+        default-ssl-certificate: "network/${SECRET_DOMAIN/./-}-production-tls"
         {% else %}
-        default-ssl-certificate: "networking/${SECRET_DOMAIN/./-}-staging-tls"
+        default-ssl-certificate: "network/${SECRET_DOMAIN/./-}-staging-tls"
         {% endif %}
       topologySpreadConstraints:
         - maxSkew: 1

bootstrap/templates/kubernetes/apps/networking/nginx/internal/helmrelease.yaml.j2 → bootstrap/templates/kubernetes/apps/network/nginx/internal/helmrelease.yaml.j2

@@ -4,7 +4,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
   name: nginx-internal
-  namespace: &namespace networking
+  namespace: &namespace network
 spec:
   interval: 30m
   chart:
@@ -67,14 +67,13 @@ spec:
         enabled: true
         serviceMonitor:
           enabled: true
-          namespace: *namespace
           namespaceSelector:
             any: true
       extraArgs:
         {% if bootstrap_acme_production_enabled | default(false) %}
-        default-ssl-certificate: "networking/${SECRET_DOMAIN/./-}-production-tls"
+        default-ssl-certificate: "network/${SECRET_DOMAIN/./-}-production-tls"
         {% else %}
-        default-ssl-certificate: "networking/${SECRET_DOMAIN/./-}-staging-tls"
+        default-ssl-certificate: "network/${SECRET_DOMAIN/./-}-staging-tls"
         {% endif %}
       topologySpreadConstraints:
         - maxSkew: 1