add environment

environment/cloudflare-issuer.yaml

@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cloudflare-issuer
+  namespace: argocd
+spec:
+  project: foundation
+  source:
+    repoURL: https://gitea.olsen.cloud/homelab/foundation.git
+    targetRevision: main
+    path: environment/cloudflare-issuer
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: cert-manager
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+

environment/cloudflare-issuer/certificate.yaml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-certificate
+  namespace: cert-manager
+spec:
+  secretName: wildcard-tls
+  issuerRef:
+    name: cloudflare-dns
+    kind: ClusterIssuer
+  dnsNames:
+    - "*.PLACEHOLDER_DOMAIN"
+    - PLACEHOLDER_DOMAIN
+

environment/cloudflare-issuer/cluster-issuer.yaml

@@ -0,0 +1,20 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: cloudflare-dns
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: PLACEHOLDER_EMAIL
+    privateKeySecretRef:
+      name: cloudflare-dns-issuer-key
+    solvers:
+      - dns01:
+          cloudflare:
+            apiTokenSecretRef:
+              name: cloudflare-api-token
+              key: api-token
+        selector:
+          dnsZones:
+            - PLACEHOLDER_DOMAIN
+

environment/cloudflare-issuer/kustomization.yaml

@@ -0,0 +1,52 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - cluster-issuer.yaml
+  - certificate.yaml
+
+# Configuration: Edit the domain and email values below
+replacements:
+  - source:
+      kind: ConfigMap
+      name: cloudflare-config
+      fieldPath: data.domain
+    targets:
+      - select:
+          kind: ClusterIssuer
+          name: cloudflare-dns
+        fieldPaths:
+          - spec.acme.solvers[0].selector.dnsZones[0]
+      - select:
+          kind: Certificate
+          name: wildcard-certificate
+        fieldPaths:
+          - spec.dnsNames[1]
+  - source:
+      kind: ConfigMap
+      name: cloudflare-config
+      fieldPath: data.wildcard-domain
+    targets:
+      - select:
+          kind: Certificate
+          name: wildcard-certificate
+        fieldPaths:
+          - spec.dnsNames[0]
+  - source:
+      kind: ConfigMap
+      name: cloudflare-config
+      fieldPath: data.email
+    targets:
+      - select:
+          kind: ClusterIssuer
+          name: cloudflare-dns
+        fieldPaths:
+          - spec.acme.email
+
+configMapGenerator:
+  - name: cloudflare-config
+    literals:
+      # Change these values to match your domain and email
+      - domain=demo.olsen.cloud
+      - wildcard-domain=*.demo.olsen.cloud
+      - email=admin@demo.olsen.cloud
+

environment/istio-gateway.yaml

@@ -0,0 +1,33 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: istio-gateway
+  namespace: argocd
+spec:
+  project: foundation
+  source:
+    repoURL: https://istio-release.storage.googleapis.com/charts
+    targetRevision: 1.28.0
+    chart: gateway
+    helm:
+      releaseName: istio-gateway
+      values: |
+        service:
+          type: LoadBalancer
+          ports:
+            - name: http2
+              port: 80
+              targetPort: 8080
+            - name: https
+              port: 443
+              targetPort: 8443
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: istio-system
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+

environment/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - root-application.yaml
+  - istio-gateway.yaml
+  - cloudflare-issuer.yaml
+  - postgres-cluster.yaml
+

environment/postgres-cluster.yaml

@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: postgres-cluster
+  namespace: argocd
+spec:
+  project: foundation
+  source:
+    repoURL: https://gitea.olsen.cloud/homelab/foundation.git
+    targetRevision: main
+    path: environment/postgres-cluster
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+

environment/postgres-cluster/cluster.yaml

@@ -0,0 +1,31 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: postgres-cluster
+spec:
+  instances: 3
+  postgresql:
+    parameters:
+      max_connections: "100"
+      shared_buffers: "256MB"
+      effective_cache_size: "1GB"
+      maintenance_work_mem: "64MB"
+      checkpoint_completion_target: "0.9"
+      wal_buffers: "16MB"
+      default_statistics_target: "100"
+      random_page_cost: "1.1"
+      effective_io_concurrency: "200"
+      work_mem: "4MB"
+      min_wal_size: "1GB"
+      max_wal_size: "4GB"
+  storage:
+    size: 20Gi
+    storageClass: local-path
+  resources:
+    requests:
+      memory: "256Mi"
+      cpu: "250m"
+    limits:
+      memory: "512Mi"
+      cpu: "500m"
+

environment/postgres-cluster/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - cluster.yaml
+

environment/root-application.yaml

@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: environment-root
+  namespace: argocd
+spec:
+  project: foundation
+  source:
+    repoURL: https://gitea.olsen.cloud/homelab/foundation.git
+    targetRevision: main
+    path: environment
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: argocd
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+