chore: Refactor flux structure

.github/workflows/create.yml

@@ -0,0 +1,22 @@
+name: "create"
+
+on:
+  pull_request:
+    types:
+      - "labeled"
+      - "synchronize"
+      - "opened"
+      - "reopened"
+
+jobs:
+  k8s:
+    if: >
+        contains(github.event.pull_request.labels.*.name, 'create') &&
+        !github.event.pull_request.head.repo.fork
+    uses: ./.github/workflows/terraform.yml
+    with:
+      command: create
+      workspace: "spectrum-${{ github.head_ref }}"
+      branch: ${{ github.event.pull_request.head.ref }}
+    secrets:
+      PAT: ${{ secrets.FLUENCEBOT_RELEASE_PLEASE_PAT }}

.github/workflows/terraform.yml

@@ -16,15 +16,14 @@ on:
         required: false
         type: string
         default: "main"
-      sha:
-        description: "Last commit in the branch"
-        required: false
-        type: string
     secrets:
       PAT:
         description: "Used in Flux to clone the repo"
         required: true
 
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+
 jobs:
   terraform:
     runs-on: ubuntu-latest
@@ -41,14 +40,6 @@ jobs:
       TF_VAR_github_branch: ${{ inputs.branch }}
 
     steps:
-      - name: Set latest commit status as pending
-        if: inputs.sha
-        uses: myrotvorets/[email protected]
-        with:
-          sha: ${{ inputs.sha }}
-          token: ${{ secrets.PAT }}
-          status: pending
-
       - name: Checkout
         uses: actions/checkout@v4
         with:
@@ -81,6 +72,27 @@ jobs:
           WORKSPACE="${WORKSPACE,,}" # Convert to lowercase
           echo "workspace=${WORKSPACE}" >> $GITHUB_OUTPUT
 
+      - name: Find comment
+        if: inputs.command == 'create' || inputs.command == 'reset'
+        uses: peter-evans/find-comment@v3
+        id: comment
+        with:
+          token: ${{ secrets.PAT }}
+          issue-number: "${{ github.event.pull_request.number }}"
+          body-includes: "## ephemeral: ${{ steps.sanitize.outputs.workspace }}"
+
+      - name: Add comment
+        if: steps.comment.outputs.comment-id == null
+        uses: peter-evans/create-or-update-comment@v3
+        with:
+          comment-id: "${{ steps.comment.outputs.comment-id }}"
+          token: ${{ secrets.PAT }}
+          issue-number: "${{ github.event.pull_request.number }}"
+          body: |
+            ## ephemeral: ${{ steps.sanitize.outputs.workspace }}
+            Your instance is getting ready. Please wait.
+          edit-mode: replace
+
       - name: Setup terraform
         uses: hashicorp/setup-terraform@v3
 
@@ -111,16 +123,35 @@ jobs:
       - name: Upload Artifacts
         if: inputs.command == 'create' || inputs.command == 'reset'
         uses: actions/upload-artifact@v4
+        id: artifact
         with:
           name: configs
           path: |
             terraform/kubeconfig
             terraform/talosconfig
 
-      - name: Set latest commit status as ${{ job.status }}
-        uses: myrotvorets/set-commit-status-action@master
-        if: inputs.sha && always()
+      - name: Update comment
+        if: inputs.command == 'create' || inputs.command == 'reset'
+        uses: peter-evans/create-or-update-comment@v3
         with:
-          sha: ${{ inputs.sha }}
+          comment-id: "${{ steps.comment.outputs.comment-id }}"
           token: ${{ secrets.PAT }}
-          status: ${{ job.status }}
+          issue-number: "${{ github.event.pull_request.number }}"
+          body: |
+            ## ephemeral: ${{ steps.sanitize.outputs.workspace }}
+            Your ephemeral k8s cluster is ready.
+
+            Visit the dashboard at https://home.rnd-${{ steps.sanitize.outputs.workspace }}.fluence.dev
+
+            You can obtain kubeconfig and talos config from this [artifact](${{ steps.artifact.outputs.artifact-url }}).
+            Download and unarchive the artifact, then run this command to export variables:
+            ```shell
+            [[ -f ./kubeconfig ]] && export KUBECONFIG=$(realpath ./kubeconfig)
+            [[ -f ./talosconfig ]] && export TALOSCONFIG=$(realpath ./talosconfig)
+            ```
+
+            To get the token for kubernetes-dashboard auth run:
+            ```shell
+            kubectl -n kubernetes-dashboard create token kubernetes-dashboard-admin
+            ```
+          edit-mode: replace

README.md

@@ -12,20 +12,7 @@
 
 #### Create a cluster
 
-Create a PR with changes and add a comment to PR:
-
-```
-/create
-```
-
-This will trigger the workflow that will setup talos cluster from you PR.
-Comment
-
-```
-/help
-```
-
-to see all available commands.
+Create a PR with changes and add a a label `create` to PR.
 
 #### Download and export kubeconfig
 
@@ -40,9 +27,10 @@ export KUBECONFIG=./kubeconfig
 
 https://kubernetes.io/docs/reference/kubectl/quick-reference/
 
-
 ## Misc
+
 ### Accessing kubernetes dashboard
+
 ```
 kubectl -n kubernetes-dashboard create token kubernetes-dashboard-admin
 ```

flux/dev/cert-issuer/app/cluster-issuer.yml → flux/apps/cert-manager/issuer/cluster-issuer.yml

@@ -2,12 +2,12 @@ apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   name: letsencrypt
-  namespace: kube-system
+  namespace: cert-manager
 spec:
   acme:
     email: [email protected]
-    # server: https://acme-v02.api.letsencrypt.org/directory
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # server: https://acme-staging-v02.api.letsencrypt.org/directory
     privateKeySecretRef:
       name: letsencrypt
     solvers:

flux/dev/cert-issuer/app/kustomization.yml → flux/apps/cert-manager/issuer/kustomization.yml

@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - cluster-issuer.yml
+  - secret.yml

flux/apps/cert-manager/issuer/secret.yml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: digitalocean-token
+  namespace: cert-manager
+data:
+  access-token: "${DOTOKEN}"

flux/apps/cert-manager/ks.yml

@@ -0,0 +1,33 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: cert-manager
+  namespace: flux-system
+spec:
+  interval: 1m0s
+  path: ./flux/apps/cert-manager/manager
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: spectrum
+    namespace: flux-system
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: cluster-issuer
+  namespace: flux-system
+spec:
+  interval: 2m0s
+  path: ./flux/apps/cert-manager/issuer
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: spectrum
+    namespace: flux-system
+  dependsOn:
+    - name: cert-manager
+  postBuild:
+    substituteFrom:
+    - kind: ConfigMap
+      name: terraform-config

flux/dev/cert-issuer/kustomization.yml → flux/apps/cert-manager/kustomization.yml

@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ks.yml
+  - namespace.yml

flux/dev/cert-manager/app/helm-release.yml → flux/apps/cert-manager/manager/helm-release.yml

@@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: cert-manager
-  namespace: kube-system
+  namespace: cert-manager
 spec:
   interval: 30m
   chart:

flux/apps/cert-manager/namespace.yml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager

flux/dev/external-dns/helm-release.yml → flux/apps/external-dns/helm-release.yml

@@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: external-dns
-  namespace: kube-system
+  namespace: external-dns
 spec:
   interval: 5m
   chart:
@@ -20,7 +20,7 @@ spec:
         valueFrom:
           secretKeyRef:
             name: digitalocean-token
-            key: token
+            key: access-token
     txtOwnerId: "${PREFIX}"
     sources:
       - ingress

flux/dev/external-dns/kustomization.yml → flux/apps/external-dns/kustomization.yml

@@ -1,5 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  - namespace.yml
   - helm-release.yml
   - helm-repository.yml
+  - secret.yml

flux/apps/external-dns/namespace.yml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: external-dns

flux/apps/external-dns/secret.yml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: digitalocean-token
+  namespace: external-dns
+data:
+  access-token: "${DOTOKEN}"

flux/apps/homepage/configs/bookmarks.yaml

@@ -0,0 +1,4 @@
+- Spectrum:
+  - Github:
+      - abbr: GH
+        href: https://github.com/fluencelabs/spectrum

flux/apps/homepage/configs/docker.yaml

@@ -0,0 +1 @@
+---

flux/apps/homepage/configs/kubernetes.yaml

@@ -0,0 +1 @@
+mode: cluster

flux/apps/homepage/configs/services.yaml

@@ -0,0 +1 @@
+---

flux/apps/homepage/configs/settings.yaml

@@ -0,0 +1,10 @@
+title: Spectrum Dashboard
+favicon: https://kubernetes.io/images/favicon.png
+theme: dark
+color: slate
+target: _self
+headerStyle: clean
+layout:
+  Home:
+    style: row
+    columns: 4