From 99a70c2acb5d422273354a0634a41b11714168e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= <marcio.fernandes@outlook.pt>
Date: Tue, 2 Jun 2026 21:46:04 +0000
Subject: [PATCH] flux: infra observability

---
 .gitignore                          |  2 +-
 README.md                           | 11 +-----
 deploy/flux/.env.d/.gitignore       |  3 ++
 deploy/flux/infra-sync.yaml         | 12 +++++++
 deploy/flux/kustomization.yaml      |  1 +
 deploy/infra/cd-serviceaccount.yaml | 53 -----------------------------
 deploy/infra/kustomization.yaml     |  5 ---
 ops-scripts/apply-infra.sh          |  7 ----
 8 files changed, 18 insertions(+), 76 deletions(-)
 create mode 100644 deploy/flux/.env.d/.gitignore
 create mode 100644 deploy/flux/infra-sync.yaml
 delete mode 100644 deploy/infra/cd-serviceaccount.yaml
 delete mode 100755 ops-scripts/apply-infra.sh

diff --git a/.gitignore b/.gitignore
index 8b031e0..eb8e6e1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,5 @@
 tmp
 **.env
-**.private.**
+**.dec.**
 **.local.**
 .kube/**
\ No newline at end of file
diff --git a/README.md b/README.md
index a4c686c..5f49f2c 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,6 @@ Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server.
 - [Deploy](#deploy)
   - [Continuous Deploy](#continuous-deploy)
   - [App](#app)
-  - [Infra](#infra)
 - [Backups](#backups)
 
 ## SSO
@@ -22,7 +21,7 @@ References:
 - <https://gitea.com/gitea/helm-gitea>
 - <https://dl.gitea.com/charts/>
 
-Migration to flux
+Migration to flux.
 
 For fluxcd setup execute.
 
@@ -67,14 +66,6 @@ Deploy App
 
 - [backups-kustomization](/deploy/app/kustomization.yaml)
 
-### Infra
-
-```bash
-./ops-scripts/apply-infra.sh
-```
-
-- [kustomization](/deploy/infra/kustomization.yaml)
-
 
   
 ## Backups
diff --git a/deploy/flux/.env.d/.gitignore b/deploy/flux/.env.d/.gitignore
new file mode 100644
index 0000000..3b05193
--- /dev/null
+++ b/deploy/flux/.env.d/.gitignore
@@ -0,0 +1,3 @@
+**
+!.sops.pub.asc
+!.gitignore
\ No newline at end of file
diff --git a/deploy/flux/infra-sync.yaml b/deploy/flux/infra-sync.yaml
new file mode 100644
index 0000000..159b6f8
--- /dev/null
+++ b/deploy/flux/infra-sync.yaml
@@ -0,0 +1,12 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: infra
+  namespace: git-limbosolutions-com
+spec:
+  interval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: git-limbosolutions-com
+  path: deploy/infra
+  prune: true
diff --git a/deploy/flux/kustomization.yaml b/deploy/flux/kustomization.yaml
index 898d105..b30e32d 100644
--- a/deploy/flux/kustomization.yaml
+++ b/deploy/flux/kustomization.yaml
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - git-repo.yaml
+ - infra-sync.yaml
 secretGenerator:
   - name: flux-repo-ssh-credentials
     files:
diff --git a/deploy/infra/cd-serviceaccount.yaml b/deploy/infra/cd-serviceaccount.yaml
deleted file mode 100644
index c3981aa..0000000
--- a/deploy/infra/cd-serviceaccount.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
-
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: continuous-deploy
-  namespace: git-limbosolutions-com
-
----
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: continuous-deploy
-  annotations:
-    kubernetes.io/service-account.name: continuous-deploy
-type: kubernetes.io/service-account-token
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  namespace: git-limbosolutions-com
-  name: continuous-deploy
-rules:
-- apiGroups: [""]
-  resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims"]
-  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
-
-- apiGroups: ["apps"]
-  resources: ["deployments", "statefulsets"]
-  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
-
-- apiGroups: ["batch"]
-  resources: ["cronjobs", "jobs"]
-  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: continuous-deploy
-  namespace:  git-limbosolutions-com
-subjects:
-- kind: ServiceAccount
-  name: continuous-deploy
-  namespace: git-limbosolutions-com
-roleRef:
-  kind: Role
-  name: continuous-deploy
-  apiGroup: rbac.authorization.k8s.io
-
diff --git a/deploy/infra/kustomization.yaml b/deploy/infra/kustomization.yaml
index 7ef48a4..f9e87ae 100644
--- a/deploy/infra/kustomization.yaml
+++ b/deploy/infra/kustomization.yaml
@@ -1,15 +1,10 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - namespace.yaml
-  - cd-serviceaccount.yaml
   - network-policies.yaml
   - certificate.yaml
   - ingress-web.yaml
   - ingress-web-public.yaml
   - ingress-ssh.yaml
   - ingress-ssh-public.yaml
-generatorOptions:
-  disableNameSuffixHash: true
-
 
diff --git a/ops-scripts/apply-infra.sh b/ops-scripts/apply-infra.sh
deleted file mode 100755
index cc07598..0000000
--- a/ops-scripts/apply-infra.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-set -e
-echo "Executing infra deploy."
-
-kubectl kustomize deploy/infra | kubectl -n git-limbosolutions-com apply -f -
-
-