From 1f6a00c005e0831a3ab130571c7c86d91499c3a1 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Tue, 22 Oct 2024 11:26:30 -0500 Subject: [PATCH] add chronyd --- .../kube-system/chronyd/app/helmrelease.yaml | 56 +++++++++++++++++++ .../chronyd/app/kustomization.yaml | 12 ++++ .../chronyd/app/resources/chrony.conf | 27 +++++++++ kubernetes/apps/kube-system/chronyd/ks.yaml | 20 +++++++ .../apps/kube-system/kustomization.yaml | 1 + 5 files changed, 116 insertions(+) create mode 100644 kubernetes/apps/kube-system/chronyd/app/helmrelease.yaml create mode 100644 kubernetes/apps/kube-system/chronyd/app/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/chronyd/app/resources/chrony.conf create mode 100644 kubernetes/apps/kube-system/chronyd/ks.yaml diff --git a/kubernetes/apps/kube-system/chronyd/app/helmrelease.yaml b/kubernetes/apps/kube-system/chronyd/app/helmrelease.yaml new file mode 100644 index 00000000..477f1d6f --- /dev/null +++ b/kubernetes/apps/kube-system/chronyd/app/helmrelease.yaml @@ -0,0 +1,56 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app chronyd +spec: + chart: + spec: + chart: app-template + version: 3.5.1 + interval: 30m + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + interval: 30m + values: + controllers: + chronyd: + type: daemonset + strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" + pod: + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + containers: + app: + image: + repository: docker.io/library/rockylinux + tag: 9 + args: + - "/bin/bash" + - "-c" + - "dnf install -y chrony iputils dnsutils && chronyd -n -d" + resources: + requests: + cpu: 23m + memory: 50M + securityContext: + privileged: true + + persistence: + config: + type: configMap + name: chronyd-configmap + globalMounts: + - path: /etc/chrony.conf + subPath: chrony.conf + readOnly: true + data: + type: emptyDir + globalMounts: + - path: /var/lib/chrony diff --git a/kubernetes/apps/kube-system/chronyd/app/kustomization.yaml b/kubernetes/apps/kube-system/chronyd/app/kustomization.yaml new file mode 100644 index 00000000..5101846f --- /dev/null +++ b/kubernetes/apps/kube-system/chronyd/app/kustomization.yaml @@ -0,0 +1,12 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml +configMapGenerator: + - name: chronyd-configmap + files: + - chrony.conf=./resources/chrony.conf +generatorOptions: + disableNameSuffixHash: true diff --git a/kubernetes/apps/kube-system/chronyd/app/resources/chrony.conf b/kubernetes/apps/kube-system/chronyd/app/resources/chrony.conf new file mode 100644 index 00000000..4814db0e --- /dev/null +++ b/kubernetes/apps/kube-system/chronyd/app/resources/chrony.conf @@ -0,0 +1,27 @@ +# Cloudflare time servers +server time.cloudflare.com iburst + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Specify file containing keys for NTP authentication. +keyfile /etc/chrony.keys + +# Save NTS keys and cookies. +ntsdumpdir /var/lib/chrony + +# Insert/delete leap seconds by slewing instead of stepping. +#leapsecmode slew + +# Get TAI-UTC offset and leap seconds from the system tz database. +leapsectz right/UTC + +# Specify directory for log files. +logdir /var/log/chrony diff --git a/kubernetes/apps/kube-system/chronyd/ks.yaml b/kubernetes/apps/kube-system/chronyd/ks.yaml new file mode 100644 index 00000000..2d758ab7 --- /dev/null +++ b/kubernetes/apps/kube-system/chronyd/ks.yaml @@ -0,0 +1,20 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app chronyd + namespace: flux-system +spec: + targetNamespace: kube-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/kube-system/chronyd/app + prune: true + sourceRef: + kind: GitRepository + name: theshire + wait: false + interval: 30m + timeout: 5m diff --git a/kubernetes/apps/kube-system/kustomization.yaml b/kubernetes/apps/kube-system/kustomization.yaml index 8abd0af6..6cdb1498 100644 --- a/kubernetes/apps/kube-system/kustomization.yaml +++ b/kubernetes/apps/kube-system/kustomization.yaml @@ -6,6 +6,7 @@ resources: # Pre Flux-Kustomizations - ./namespace.yaml # Flux-Kustomizations + - ./chronyd/ks.yaml - ./cilium/ks.yaml - ./coredns/ks.yaml - ./descheduler/ks.yaml