Restructuring to rocky-jump.

kubernetes/apps/default/kustomization.yaml

@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  # Pre Flux-Kustomizations
+  - ./namespace.yaml
+  # Flux-Kustomizations
+  - ./rocky-jump/ks.yaml

kubernetes/apps/default/rocky-jump/app/externalsecret.yaml

@@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: tailscale
+  namespace: default
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: tailscale-jump-secret
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        TS_AUTHKEY: "{{ .TS_AUTHKEY }}"
+  dataFrom:
+    - extract:
+        key: tailscale-jump

kubernetes/apps/default/rocky-jump/app/helmrelease.yaml

@@ -0,0 +1,73 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: tailscale
+  namespace: networking
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 2.0.3
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 2
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    controllers:
+      main:
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          main:
+            image:
+              repository: ghcr.io/tailscale/tailscale
+              tag: v1.52.0
+            env:
+              TZ: "America/Chicago"
+              SA_NAME: valinor-jump
+              TS_USERSPACE: true
+              TS_KUBE_SECRET: tailscale-state
+              TS_EXTRA_ARGS: --advertise-exit-node
+              TS_TAILSCALED_EXTRA_ARGS: --debug=0.0.0.0:2000
+            envFrom:
+              - secretRef:
+                  name: tailscale-jump-secret
+            resources:
+              requests:
+                cpu: 5m
+                memory: 128M
+              limits:
+                memory: 256M
+        pod:
+          securityContext:
+            runAsUser: 568
+            runAsGroup: 568
+    service:
+      main:
+        ports:
+          http:
+            port: 2000
+    serviceAccount:
+      name: tailscale
+    serviceMonitor:
+      main:
+        enabled: true
+        endpoints:
+          - port: http
+            scheme: http
+            path: /debug/metrics
+            interval: 1m
+            scrapeTimeout: 30s

kubernetes/apps/default/rocky-jump/app/kustomization.yaml

@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: networking
+resources:
+  - ./rbac.yaml
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml

kubernetes/apps/default/rocky-jump/app/rbac.yaml

@@ -0,0 +1,43 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: tailscale
+  namespace: networking
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+    resourceNames:
+      - tailscale-state
+    resources:
+      - secrets
+    verbs:
+      - get
+      - update
+      - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: tailscale
+  namespace: networking
+subjects:
+  - kind: ServiceAccount
+    name: tailscale
+    namespace: networking
+roleRef:
+  kind: Role
+  name: tailscale
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tailscale
+  namespace: networking

kubernetes/apps/default/rocky-jump/ks.yaml

@@ -0,0 +1,15 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cluster-apps-rocky-jump
+  namespace: flux-system
+spec:
+  interval: 10m
+  path: "./kubernetes/apps/default/rocky-jump/app"
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: valinor
+  wait: false

kubernetes/apps/default/rocky.yaml

@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: rocky-linux
-  namespace: default
-spec:
-  containers:
-    - name: rocky
-      image: rockylinux:9
-      command: ["/bin/bash", "-c", "while true; do sleep 10; done"]
-      resources:
-        requests:
-          cpu: 50m
-          memory: 443M
-        limits:
-          cpu: 323m
-          memory: 886M