adding clusterissuser

high/apps/monica/gitrepository.yml

@@ -0,0 +1,15 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: monicahq
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: https://github.com/monicahq/helm
+  ref:
+    tag: monica-1.0.6
+  ignore: |
+    # exclude all
+    /*
+    # include charts directory
+    !/charts/

high/apps/monica/helmrelease.yml

@@ -0,0 +1,24 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: monicahq
+  namespace: flux-system
+spec:
+  interval: 10m
+  releaseName: monicahq
+  targetNamespace: monicahq
+  chart:
+    spec:
+      chart: monica
+      sourceRef:
+        kind: GitRepository
+        name: monicahq
+        namespace: flux-system
+      interval: 10m
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  valuesFrom:
+    - kind: ConfigMap
+      name: monicahq-values

high/apps/monica/kustomization.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - gitrepository.yaml
+  - helmrelease.yaml
+configMapGenerator:
+  - name: monicahq-values
+    namespace: flux-system
+    files:
+      - values.yaml=values.yaml
+configurations:
+  - kustomizeconfig.yaml

high/apps/monica/kustomizeconfig.yaml

@@ -0,0 +1,7 @@
+# Inject Configmap/Secrets generate by Kustomize into HelmRelease object
+nameReference:
+- kind: ConfigMap
+  version: v1
+  fieldSpecs:
+  - path: spec/valuesFrom/name
+    kind: HelmRelease

high/apps/monica/values.yaml

@@ -0,0 +1,173 @@
+image:
+  repository: ghcr.io/monicahq/monica-next
+  tag: main
+  pullPolicy: IfNotPresent
+
+replicaCount: 1
+
+ingress:
+  enabled: true
+  # className: nginx
+  annotations:
+  #  nginx.ingress.kubernetes.io/proxy-body-size: 4G
+    kubernetes.io/tls-acme: "true"
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+  labels: {}
+  path: /
+  pathType: Prefix
+
+monica:
+  host: monica.k.zroot.org
+  existingSecret:
+    enabled: false
+  storagedir: /var/www/html/storage
+  mail:
+    enabled: false
+    fromAddress: user
+    replyToAddress: user
+    smtp:
+      host: domain.com
+      encryption: tls
+      port: 465
+      username: user
+      password: pass
+
+##
+## Internal database configuration (SQLite)
+##
+internalDatabase:
+  enabled: false
+  ## Database fullpath file
+  name: /var/www/html/database/monica.sqlite
+
+
+##
+## External database configuration
+##
+externalDatabase:
+  enabled: false
+
+##
+## MariaDB chart configuration
+##
+mariadb:
+  ## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters
+  enabled: true
+
+  auth:
+    database: monica
+    username: monica-XSAc6uTM2tJQdy
+    password: iHXkP5qM7MRVMR
+
+  architecture: standalone
+
+  ## Enable persistence using Persistent Volume Claims
+  ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+  ##
+  primary:
+    persistence:
+      enabled: true
+      # storageClass: ""
+      accessMode: ReadWriteOnce
+      size: 8Gi
+
+##
+## Redis chart configuration
+## for more options see https://github.com/bitnami/charts/tree/master/bitnami/redis
+##
+redis:
+  enabled: true
+  auth:
+    enabled: true
+    password: iHXkP5qM7MRVMR
+    # existingSecret
+    # existingSecretPasswordKey
+
+##
+## Meilisearch chart configuration
+## for more options see https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
+##
+meilisearch:
+  enabled: false
+  environment:
+    MEILI_ENV: production
+    # MEILI_MASTER_KEY
+  auth:
+    # existingMasterKeySecret
+
+## Cronjob to execute monica scheduled tasks
+cronjob:
+  enabled: true
+
+  # Allow configuration of lifecycle hooks
+  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
+  lifecycle: {}
+    # postStartCommand: []
+    # preStopCommand: []
+
+service:
+  type: ClusterIP
+  port: 8080
+  loadBalancerIP: nil
+  nodePort: nil
+
+## Enable persistence using Persistent Volume Claims
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+##
+persistence:
+  # monica storage (/var/www/html/storage)
+  enabled: true
+  annotations: {}
+  ## monica storage Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner. (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  # storageClass: "-"
+
+  ## A manually managed Persistent Volume and Claim
+  ## Requires persistence.enabled: true
+  ## If defined, PVC must be created manually before volume will be bound
+  # existingClaim:
+
+  accessMode: ReadWriteOnce
+  size: 4Gi
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+tests:
+  unitTests:
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 200m
+        memory: 256Mi

high/envs/astrid/certs.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: certs
+  namespace: flux-system
+  labels:
+    org.zroot.gitops: infra
+spec:
+  interval: 10m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./high/infra/certs/overlays/astrid
+  prune: true
+  dependsOn:
+    - name: cert-manager
+      namespace: flux-system

high/infra/certs/overlays/astrid/ClusterIssuer.yaml

@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    email: [email protected]
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      # Secret resource that will be used to store the account's private key.
+      name: letsencrypt-prod-secret
+    # Add a single challenge solver, HTTP01 using nginx
+    solvers:
+    - http01:
+        ingress:
+          ingressClassName: treafik

high/infra/certs/overlays/astrid/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ClusterIssuer.yaml