From 218263d970f4e1ccfcdd5d78cb3fd302c3046a74 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Mon, 5 Feb 2024 20:57:19 +0100
Subject: [PATCH] feat(vpa): Add Verticial Pod Autoscaler as infrastructure
 component

---
 infrastructure/kubenav/kustomization.yaml |  9 ---------
 infrastructure/kubenav/namespace.yaml     | 12 ------------
 infrastructure/kustomization.yaml         |  2 +-
 infrastructure/vpa/certificate.yaml       | 23 +++++++++++++++++++++++
 infrastructure/vpa/kustomization.yaml     | 14 ++++++++++++++
 infrastructure/vpa/namespace.yaml         |  5 +++++
 6 files changed, 43 insertions(+), 22 deletions(-)
 delete mode 100644 infrastructure/kubenav/kustomization.yaml
 delete mode 100644 infrastructure/kubenav/namespace.yaml
 create mode 100644 infrastructure/vpa/certificate.yaml
 create mode 100644 infrastructure/vpa/kustomization.yaml
 create mode 100644 infrastructure/vpa/namespace.yaml

diff --git a/infrastructure/kubenav/kustomization.yaml b/infrastructure/kubenav/kustomization.yaml
deleted file mode 100644
index 1134e63d1..000000000
--- a/infrastructure/kubenav/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: kubenav-system
-resources:
-  - namespace.yaml
-  - https://git.shivering-isles.com/github-mirror/kubenav/deploy/-/raw/ed66ab3bf470fe7a43c6990e39d158b249f5ff7c/dashboards/prometheus-dashboard.yaml
-  - https://git.shivering-isles.com/github-mirror/kubenav/deploy/-/raw/ed66ab3bf470fe7a43c6990e39d158b249f5ff7c/dashboards/cert-manager-dashboard.yaml
-  - https://git.shivering-isles.com/github-mirror/kubenav/deploy/-/raw/ed66ab3bf470fe7a43c6990e39d158b249f5ff7c/dashboards/nginx-ingress-request-handling-performance-dashboard.yaml
-  - https://git.shivering-isles.com/github-mirror/kubenav/deploy/-/raw/ed66ab3bf470fe7a43c6990e39d158b249f5ff7c/dashboards/nginx-ingress-dashboard.yaml
diff --git a/infrastructure/kubenav/namespace.yaml b/infrastructure/kubenav/namespace.yaml
deleted file mode 100644
index 905d3132c..000000000
--- a/infrastructure/kubenav/namespace.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: kubenav-system
-  labels:
-    pod-security.kubernetes.io/audit: restricted
-    pod-security.kubernetes.io/enforce: restricted
-    pod-security.kubernetes.io/warn: restricted
-    pod-security.kubernetes.io/audit-version: v1.26
-    pod-security.kubernetes.io/enforce-version: v1.23
-    pod-security.kubernetes.io/warn-version: v1.26
-    kyverno.shivering-isles.com/class: "system"
diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml
index 111f96220..bb3eab013 100644
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@@ -14,4 +14,4 @@ resources:
   - flux-system
   - postgres
   - redis
-  - kubenav
+  - vpa
diff --git a/infrastructure/vpa/certificate.yaml b/infrastructure/vpa/certificate.yaml
new file mode 100644
index 000000000..570f0d8e6
--- /dev/null
+++ b/infrastructure/vpa/certificate.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: admission-vpa-tls-secret
+spec:
+  commonName: vpa-webhook.vpa-system.svc
+  isCA: false
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+    encoding: PKCS1
+  usages:
+    - server auth
+  dnsNames:
+    - vpa-webhook
+    - vpa-webhook.vpa-system
+    - vpa-webhook.vpa-system.svc
+  issuerRef:
+    name: selfsigned-cluster-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+  secretName: vpa-tls-certs
\ No newline at end of file
diff --git a/infrastructure/vpa/kustomization.yaml b/infrastructure/vpa/kustomization.yaml
new file mode 100644
index 000000000..cf18a9532
--- /dev/null
+++ b/infrastructure/vpa/kustomization.yaml
@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: vpa-system
+resources:
+  - namespace.yaml
+  - certificate.yaml
+  - https://git.shivering-isles.com/github-mirror/kubernetes/autoscaler.git//vertical-pod-autoscaler/deploy?ref=vpa-release-1.0
+
+commonLabels:
+  app.kubernetes.io/name: vertical-pod-autoscaler
+  app.kubernetes.io/instance: vpa-system
+
+components:
+  - ../../shared/components/namespace-restricted
diff --git a/infrastructure/vpa/namespace.yaml b/infrastructure/vpa/namespace.yaml
new file mode 100644
index 000000000..de8147da2
--- /dev/null
+++ b/infrastructure/vpa/namespace.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: vpa-system
+  labels: {}
-- 
GitLab