update capacitor with ingress

kubernetes/apps/capacitor/app/manifest.yaml

@@ -0,0 +1,77 @@
+---
+# Source: onechart/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: capacitor
+  namespace: flux-system
+  labels:
+    helm.sh/chart: onechart-0.63.0
+    app.kubernetes.io/name: onechart
+    app.kubernetes.io/instance: capacitor
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 9000
+      targetPort: 9100
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: onechart
+    app.kubernetes.io/instance: capacitor
+---
+# Source: onechart/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: capacitor
+  namespace: flux-system
+  labels:
+    helm.sh/chart: onechart-0.63.0
+    app.kubernetes.io/name: onechart
+    app.kubernetes.io/instance: capacitor
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    kubectl.kubernetes.io/default-container: capacitor
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: onechart
+      app.kubernetes.io/instance: capacitor
+  template:
+    metadata:
+      annotations:
+        checksum/config: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+      labels:
+        app.kubernetes.io/name: onechart
+        app.kubernetes.io/instance: capacitor
+    spec:
+      containers:
+        - image: ghcr.io/gimlet-io/capacitor:v0.4.2
+          imagePullPolicy: IfNotPresent
+          name: capacitor
+          ports:
+            - containerPort: 9000
+              name: http
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /
+              port: 9000
+              scheme: HTTP
+            initialDelaySeconds: 0
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 3
+          resources:
+            requests:
+              cpu: 200m
+              memory: 200Mi
+          securityContext: {}
+      initContainers: null
+      securityContext:
+        fsGroup: 999
+      serviceAccountName: capacitor

kubernetes/apps/capacitor/app/rbac.yaml

@@ -0,0 +1,58 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: capacitor
+  namespace: flux-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: capacitor
+rules:
+  - apiGroups:
+      - networking.k8s.io
+      - apps
+      - ""
+    resources:
+      - pods
+      - pods/log
+      - ingresses
+      - deployments
+      - services
+      - secrets
+      - events
+      - configmaps
+    verbs:
+      - get
+      - watch
+      - list
+  - apiGroups:
+      - source.toolkit.fluxcd.io
+      - kustomize.toolkit.fluxcd.io
+      - helm.toolkit.fluxcd.io
+    resources:
+      - gitrepositories
+      - ocirepositories
+      - buckets
+      - helmrepositories
+      - helmcharts
+      - kustomizations
+      - helmreleases
+    verbs:
+      - get
+      - watch
+      - list
+      - patch # to allow force reconciling by adding an annotation
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: capacitor
+subjects:
+  - kind: ServiceAccount
+    name: capacitor
+    namespace: flux-system
+roleRef:
+  kind: ClusterRole
+  name: capacitor
+  apiGroup: rbac.authorization.k8s.io

kubernetes/apps/capacitor/capacitor.yaml

@@ -1,14 +1,3 @@
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: OCIRepository
-metadata:
-  name: capacitor
-  namespace: flux-system
-spec:
-  interval: 12h
-  url: oci://ghcr.io/gimlet-io/capacitor-manifests
-  ref:
-    semver: ">=0.1.0"
----
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
@@ -18,10 +7,43 @@ spec:
   interval: 10m
   timeout: 1m30s
   retryInterval: 30s
-  targetNamespace: flux-system
-  wait: true
+  targetNamespace: ingress-nginx
+  path: ./kubernetes/apps/capacitor/app
   prune: true
-  path: "./"
   sourceRef:
-    kind: OCIRepository
-    name: capacitor
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+  patches:
+    - target:
+        kind: (Service|Deployment)
+        name: capacitor
+        namespace: flux-system
+      patch: |
+        - op: replace
+          path: "/metadata/labels/app.kubernetes.io~1managed-by"
+          value: Flux
+        - op: remove
+          path: "/metadata/labels/helm.sh~1chart"
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: capacitor-ingress
+  namespace: flux-system
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+spec:
+  ingressClassName: nginx
+  rules:
+    - http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: capacitor
+                port:
+                  number: 9100