manifests/talos/fluxcd-install.yaml

apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: cluster
  namespace: flux-system
spec:
  interval: 30m
  path: ./kubernetes/flux
  prune: true
  sourceRef:
    kind: GitRepository
    name: homelab
  wait: false
  postBuild:
    substituteFrom:
      - kind: ConfigMap
        name: cluster-settings
        optional: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: flux
  namespace: flux-system
spec:
  interval: 10m
  patches:
  - patch: |
      $patch: delete
      apiVersion: networking.k8s.io/v1
      kind: NetworkPolicy
      metadata:
        name: not-used
    target:
      group: networking.k8s.io
      kind: NetworkPolicy
  - patch: |
      - op: add
        path: /spec/template/spec/containers/0/args/-
        value: --concurrent=8
      - op: add
        path: /spec/template/spec/containers/0/args/-
        value: --kube-api-qps=500
      - op: add
        path: /spec/template/spec/containers/0/args/-
        value: --kube-api-burst=1000
      - op: add
        path: /spec/template/spec/containers/0/args/-
        value: --requeue-dependency=5s
    target:
      kind: Deployment
      name: (kustomize-controller|helm-controller|source-controller)
  - patch: |
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: not-used
      spec:
        template:
          spec:
            containers:
              - name: manager
                resources:
                  limits:
                    cpu: 2000m
                    memory: 2Gi
    target:
      kind: Deployment
      name: (kustomize-controller|helm-controller|source-controller)
  - patch: |
      - op: add
        path: /spec/template/spec/containers/0/args/-
        value: --feature-gates=DetectDrift=true,CorrectDrift=false
      - op: add
        path: /spec/template/spec/containers/0/args/-
        value: --log-level=debug
    target:
      kind: Deployment
      name: helm-controller
  - patch: |
      - op: add
        path: /spec/template/spec/containers/0/args/-
        value: --feature-gates=OOMWatch=true
      - op: add
        path: /spec/template/spec/containers/0/args/-
        value: --oom-watch-memory-threshold=95
      - op: add
        path: /spec/template/spec/containers/0/args/-
        value: --oom-watch-interval=500ms
    target:
      kind: Deployment
      name: helm-controller
  - patch: |
      - op: add
        path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/eventSources/items/properties/kind/enum/-
        value: Terraform
    target:
      kind: CustomResourceDefinition
      name: alerts.notification.toolkit.fluxcd.io
  - patch: |
      - op: add
        path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/resources/items/properties/kind/enum/-
        value: Terraform
    target:
      kind: CustomResourceDefinition
      name: receivers.notification.toolkit.fluxcd.io
  - patch: |
      - op: add
        path: /rules/-
        value:
          apiGroups: ["infra.contrib.fluxcd.io"]
          resources: ["*"]
          verbs: ["*"]
    target:
      kind: ClusterRole
      name: crd-controller-flux-system
  path: ./
  prune: true
  sourceRef:
    kind: OCIRepository
    name: flux-manifests
  wait: true
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
  name: homelab
  namespace: flux-system
spec:
  ignore: |
    # exclude all
    /*
    # include kubernetes directory
    !/kubernetes
  interval: 30m
  ref:
    branch: main
  secretRef:
    name: github-creds
  url: ssh://git@github.com/hcavarsan/homelab/
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
  name: flux-manifests
  namespace: flux-system
spec:
  interval: 10m
  ref:
    tag: v2.0.0-rc.1
  url: oci://ghcr.io/fluxcd/flux-manifests