Compare commits
1 commit
134cc34515
...
ad9bd94481
Author | SHA1 | Date | |
---|---|---|---|
ad9bd94481 |
69 changed files with 81 additions and 769 deletions
|
@ -20,6 +20,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -22,6 +22,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -20,6 +20,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -20,4 +20,5 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -19,6 +19,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
@ -41,4 +42,5 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -19,6 +19,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
@ -41,4 +42,5 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -20,6 +20,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -20,6 +20,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -17,6 +17,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -19,6 +19,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -3,55 +3,53 @@
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
name: it-tools
|
name: &app it-tools
|
||||||
spec:
|
spec:
|
||||||
interval: 30m
|
interval: 30m
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: app-template
|
chart: app-template
|
||||||
version: 3.5.1
|
version: 3.5.1
|
||||||
interval: 30m
|
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: bjw-s
|
name: bjw-s
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
|
install:
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
upgrade:
|
||||||
|
cleanupOnFail: true
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
strategy: rollback
|
||||||
values:
|
values:
|
||||||
controllers:
|
controllers:
|
||||||
it-tools:
|
it-tools:
|
||||||
replicas: 1
|
|
||||||
strategy: RollingUpdate
|
|
||||||
annotations:
|
annotations:
|
||||||
reloader.stakater.com/auto: "true"
|
reloader.stakater.com/auto: "true"
|
||||||
pod:
|
|
||||||
securityContext:
|
|
||||||
runAsUser: 101
|
|
||||||
runAsGroup: 101
|
|
||||||
fsGroup: 101
|
|
||||||
fsGroupChangePolicy: "OnRootMismatch"
|
|
||||||
containers:
|
containers:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/bjw-s-labs/it-tools
|
repository: ghcr.io/corentinth/it-tools
|
||||||
tag: 2024.5.13
|
tag: 2024.5.13-a0bc346
|
||||||
|
env:
|
||||||
|
TZ: America/Chicago
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: true
|
||||||
|
readiness:
|
||||||
|
enabled: true
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 5m
|
cpu: 100m
|
||||||
memory: 32Mi
|
|
||||||
limits:
|
limits:
|
||||||
memory: 256Mi
|
memory: 500Mi
|
||||||
securityContext:
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
readOnlyRootFilesystem: true
|
|
||||||
capabilities:
|
|
||||||
drop:
|
|
||||||
- ALL
|
|
||||||
service:
|
service:
|
||||||
app:
|
app:
|
||||||
controller: it-tools
|
controller: *app
|
||||||
ports:
|
ports:
|
||||||
http:
|
http:
|
||||||
port: 8080
|
port: 80
|
||||||
ingress:
|
ingress:
|
||||||
app:
|
app:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -70,7 +68,3 @@ spec:
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- *host
|
- *host
|
||||||
|
|
||||||
persistence:
|
|
||||||
tmp:
|
|
||||||
type: emptyDir
|
|
||||||
|
|
|
@ -17,6 +17,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false # no flux ks dependents
|
wait: false # no flux ks dependents
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -22,7 +22,6 @@ resources:
|
||||||
- ./recyclarr/ks.yaml
|
- ./recyclarr/ks.yaml
|
||||||
- ./redlib/ks.yaml
|
- ./redlib/ks.yaml
|
||||||
- ./sabnzbd/ks.yaml
|
- ./sabnzbd/ks.yaml
|
||||||
- ./scrypted/ks.yaml
|
|
||||||
- ./searxng/ks.yaml
|
- ./searxng/ks.yaml
|
||||||
- ./sonarr/ks.yaml
|
- ./sonarr/ks.yaml
|
||||||
- ./tautulli/ks.yaml
|
- ./tautulli/ks.yaml
|
||||||
|
|
|
@ -22,6 +22,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false # no flux ks dependents
|
wait: false # no flux ks dependents
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -19,6 +19,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -20,6 +20,7 @@ spec:
|
||||||
- name: volsync
|
- name: volsync
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -19,6 +19,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -20,6 +20,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -22,6 +22,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -20,6 +20,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -38,7 +38,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: quay.io/redlib/redlib
|
repository: quay.io/redlib/redlib
|
||||||
tag: latest@sha256:f07a1531d520121e1260bfd9d4b3dbadb26a8ad20a8a7b8639723907160839e4
|
tag: latest@sha256:d7d4f7b85ce3ba17c9d713c48d56b459cd935d0af4e090c818a4f74212f3ed71
|
||||||
env:
|
env:
|
||||||
REDLIB_DEFAULT_SHOW_NSFW: on
|
REDLIB_DEFAULT_SHOW_NSFW: on
|
||||||
REDLIB_DEFAULT_WIDE: on
|
REDLIB_DEFAULT_WIDE: on
|
||||||
|
|
|
@ -19,6 +19,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -21,6 +21,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,111 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: scrypted
|
|
||||||
spec:
|
|
||||||
interval: 30m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: app-template
|
|
||||||
version: 3.5.1
|
|
||||||
interval: 30m
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: bjw-s
|
|
||||||
namespace: flux-system
|
|
||||||
|
|
||||||
values:
|
|
||||||
controllers:
|
|
||||||
scrypted:
|
|
||||||
annotations:
|
|
||||||
reloader.stakater.com/auto: "true"
|
|
||||||
pod:
|
|
||||||
nodeSelector:
|
|
||||||
google.feature.node.kubernetes.io/coral: "true"
|
|
||||||
nvidia.com/gpu.present: "true"
|
|
||||||
securityContext:
|
|
||||||
supplementalGroups:
|
|
||||||
- 568
|
|
||||||
containers:
|
|
||||||
app:
|
|
||||||
image:
|
|
||||||
repository: ghcr.io/koush/scrypted
|
|
||||||
tag: v0.119.1-jammy-nvidia
|
|
||||||
probes:
|
|
||||||
liveness:
|
|
||||||
enabled: true
|
|
||||||
readiness:
|
|
||||||
enabled: true
|
|
||||||
startup:
|
|
||||||
enabled: true
|
|
||||||
spec:
|
|
||||||
failureThreshold: 30
|
|
||||||
periodSeconds: 5
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 136m
|
|
||||||
memory: 1024Mi
|
|
||||||
limits:
|
|
||||||
nvidia.com/gpu: 1
|
|
||||||
memory: 8192Mi
|
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
service:
|
|
||||||
app:
|
|
||||||
controller: scrypted
|
|
||||||
ports:
|
|
||||||
http:
|
|
||||||
port: 11080
|
|
||||||
primary: true
|
|
||||||
rebroadcast1: # driveway
|
|
||||||
port: 39655
|
|
||||||
rebroadcast2: # sideyard
|
|
||||||
port: 46561
|
|
||||||
rebroadcast3: # doorbell
|
|
||||||
port: 44759
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
app:
|
|
||||||
className: "internal-nginx"
|
|
||||||
annotations:
|
|
||||||
hosts:
|
|
||||||
- host: &host scrypted.jahanson.tech
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
service:
|
|
||||||
identifier: app
|
|
||||||
port: http
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- *host
|
|
||||||
persistence:
|
|
||||||
config:
|
|
||||||
existingClaim: scrypted
|
|
||||||
advancedMounts:
|
|
||||||
scrypted:
|
|
||||||
app:
|
|
||||||
- path: /server/volume
|
|
||||||
cache:
|
|
||||||
type: emptyDir
|
|
||||||
globalMounts:
|
|
||||||
- path: /.cache
|
|
||||||
cache-npm:
|
|
||||||
type: emptyDir
|
|
||||||
globalMounts:
|
|
||||||
- path: /.npm
|
|
||||||
dev-bus-usb:
|
|
||||||
type: hostPath
|
|
||||||
hostPath: /dev/bus/usb
|
|
||||||
hostPathType: Directory
|
|
||||||
sys-bus-usb:
|
|
||||||
type: hostPath
|
|
||||||
hostPath: /sys/bus/usb
|
|
||||||
hostPathType: Directory
|
|
||||||
recordings:
|
|
||||||
type: nfs
|
|
||||||
server: shadowfax.jahanson.tech
|
|
||||||
path: /nahar/scrypted
|
|
||||||
globalMounts:
|
|
||||||
- path: /recordings
|
|
|
@ -1,7 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- ./helmrelease.yaml
|
|
||||||
- ../../../../templates/volsync
|
|
|
@ -1,30 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: &appname scrypted
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
targetNamespace: default
|
|
||||||
commonMetadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: *appname
|
|
||||||
interval: 30m
|
|
||||||
timeout: 5m
|
|
||||||
path: "./kubernetes/apps/default/scrypted/app"
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: theshire
|
|
||||||
wait: false
|
|
||||||
dependsOn:
|
|
||||||
- name: rook-ceph-cluster
|
|
||||||
- name: volsync
|
|
||||||
- name: external-secrets-stores
|
|
||||||
postBuild:
|
|
||||||
substitute:
|
|
||||||
APP: *appname
|
|
||||||
APP_UID: "0"
|
|
||||||
APP_GID: "0"
|
|
||||||
VOLSYNC_CAPACITY: 5Gi
|
|
|
@ -20,6 +20,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -22,6 +22,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -20,6 +20,7 @@ spec:
|
||||||
- name: volsync
|
- name: volsync
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -19,4 +19,5 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -17,6 +17,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -17,6 +17,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
@ -39,4 +40,5 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -17,4 +17,5 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -17,4 +17,5 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -17,4 +17,5 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json
|
|
||||||
apiVersion: nfd.k8s-sigs.io/v1alpha1
|
|
||||||
kind: NodeFeatureRule
|
|
||||||
metadata:
|
|
||||||
name: google-coral-device
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
- # Google Coral USB Accelerator
|
|
||||||
name: google.coral
|
|
||||||
labels:
|
|
||||||
google.feature.node.kubernetes.io/coral: "true"
|
|
||||||
matchFeatures:
|
|
||||||
- feature: usb.device
|
|
||||||
matchExpressions:
|
|
||||||
vendor: {op: In, value: ["1a6e", "18d1"]}
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json
|
||||||
|
---
|
||||||
apiVersion: nfd.k8s-sigs.io/v1alpha1
|
apiVersion: nfd.k8s-sigs.io/v1alpha1
|
||||||
kind: NodeFeatureRule
|
kind: NodeFeatureRule
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -4,13 +4,13 @@ metadata:
|
||||||
name: rocky-nenya
|
name: rocky-nenya
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
spec:
|
spec:
|
||||||
nodeName: shadowfax-01
|
# nodeName: nenya
|
||||||
containers:
|
containers:
|
||||||
- name: rocky
|
- name: rocky
|
||||||
image: rockylinux:9
|
image: rockylinux:9
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
command: ["/bin/bash", "-c", "dnf install -y iputils dnsutils && while true; do sleep 10; done"]
|
command: ["/bin/bash", "-c", "while true; do sleep 10; done"]
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 100m
|
cpu: 100m
|
||||||
|
|
|
@ -9,7 +9,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: spegel
|
chart: spegel
|
||||||
version: v0.0.26
|
version: v0.0.25
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: spegel-org
|
name: spegel-org
|
||||||
|
|
|
@ -17,4 +17,5 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -66,7 +66,6 @@ spec:
|
||||||
- ""
|
- ""
|
||||||
resources:
|
resources:
|
||||||
- pods
|
- pods
|
||||||
- nodes
|
|
||||||
verbs:
|
verbs:
|
||||||
- create
|
- create
|
||||||
- update
|
- update
|
||||||
|
@ -79,114 +78,3 @@ spec:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/instance: kyverno
|
app.kubernetes.io/instance: kyverno
|
||||||
app.kubernetes.io/component: kyverno
|
app.kubernetes.io/component: kyverno
|
||||||
config:
|
|
||||||
# -- Resource types to be skipped by the Kyverno policy engine.
|
|
||||||
# Make sure to surround each entry in quotes so that it doesn't get parsed as a nested YAML list.
|
|
||||||
# These are joined together without spaces, run through `tpl`, and the result is set in the config map.
|
|
||||||
# @default -- See [values.yaml](https://github.com/kyverno/kyverno/blob/ed1906a0dc281c2aeb9b7046b843708825310330/charts/kyverno/values.yaml#L207C3-L316C1)
|
|
||||||
resourceFilters:
|
|
||||||
- '[Event,*,*]'
|
|
||||||
- '[*/*,kube-system,*]'
|
|
||||||
- '[*/*,kube-public,*]'
|
|
||||||
- '[*/*,kube-node-lease,*]'
|
|
||||||
- '[Node,*,*]'
|
|
||||||
- '[Node/*,*,*]'
|
|
||||||
- '[APIService,*,*]'
|
|
||||||
- '[APIService/*,*,*]'
|
|
||||||
- '[TokenReview,*,*]'
|
|
||||||
- '[SubjectAccessReview,*,*]'
|
|
||||||
- '[SelfSubjectAccessReview,*,*]'
|
|
||||||
# remove the following to allow for schematic-to-pod.yaml to work
|
|
||||||
# - '[Binding,*,*]'
|
|
||||||
# - '[Pod/binding,*,*]'
|
|
||||||
- '[ReplicaSet,*,*]'
|
|
||||||
- '[ReplicaSet/*,*,*]'
|
|
||||||
- '[EphemeralReport,*,*]'
|
|
||||||
- '[ClusterEphemeralReport,*,*]'
|
|
||||||
# exclude resources from the chart
|
|
||||||
- '[ClusterRole,*,{{ template "kyverno.admission-controller.roleName" . }}]'
|
|
||||||
- '[ClusterRole,*,{{ template "kyverno.admission-controller.roleName" . }}:core]'
|
|
||||||
- '[ClusterRole,*,{{ template "kyverno.admission-controller.roleName" . }}:additional]'
|
|
||||||
- '[ClusterRole,*,{{ template "kyverno.background-controller.roleName" . }}]'
|
|
||||||
- '[ClusterRole,*,{{ template "kyverno.background-controller.roleName" . }}:core]'
|
|
||||||
- '[ClusterRole,*,{{ template "kyverno.background-controller.roleName" . }}:additional]'
|
|
||||||
- '[ClusterRole,*,{{ template "kyverno.cleanup-controller.roleName" . }}]'
|
|
||||||
- '[ClusterRole,*,{{ template "kyverno.cleanup-controller.roleName" . }}:core]'
|
|
||||||
- '[ClusterRole,*,{{ template "kyverno.cleanup-controller.roleName" . }}:additional]'
|
|
||||||
- '[ClusterRole,*,{{ template "kyverno.reports-controller.roleName" . }}]'
|
|
||||||
- '[ClusterRole,*,{{ template "kyverno.reports-controller.roleName" . }}:core]'
|
|
||||||
- '[ClusterRole,*,{{ template "kyverno.reports-controller.roleName" . }}:additional]'
|
|
||||||
- '[ClusterRoleBinding,*,{{ template "kyverno.admission-controller.roleName" . }}]'
|
|
||||||
- '[ClusterRoleBinding,*,{{ template "kyverno.background-controller.roleName" . }}]'
|
|
||||||
- '[ClusterRoleBinding,*,{{ template "kyverno.cleanup-controller.roleName" . }}]'
|
|
||||||
- '[ClusterRoleBinding,*,{{ template "kyverno.reports-controller.roleName" . }}]'
|
|
||||||
- '[ServiceAccount,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceAccountName" . }}]'
|
|
||||||
- '[ServiceAccount/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceAccountName" . }}]'
|
|
||||||
- '[ServiceAccount,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.serviceAccountName" . }}]'
|
|
||||||
- '[ServiceAccount/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.serviceAccountName" . }}]'
|
|
||||||
- '[ServiceAccount,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.serviceAccountName" . }}]'
|
|
||||||
- '[ServiceAccount/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.serviceAccountName" . }}]'
|
|
||||||
- '[ServiceAccount,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.serviceAccountName" . }}]'
|
|
||||||
- '[ServiceAccount/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.serviceAccountName" . }}]'
|
|
||||||
- '[Role,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.roleName" . }}]'
|
|
||||||
- '[Role,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.roleName" . }}]'
|
|
||||||
- '[Role,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.roleName" . }}]'
|
|
||||||
- '[Role,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.roleName" . }}]'
|
|
||||||
- '[RoleBinding,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.roleName" . }}]'
|
|
||||||
- '[RoleBinding,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.roleName" . }}]'
|
|
||||||
- '[RoleBinding,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.roleName" . }}]'
|
|
||||||
- '[RoleBinding,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.roleName" . }}]'
|
|
||||||
- '[ConfigMap,{{ include "kyverno.namespace" . }},{{ template "kyverno.config.configMapName" . }}]'
|
|
||||||
- '[ConfigMap,{{ include "kyverno.namespace" . }},{{ template "kyverno.config.metricsConfigMapName" . }}]'
|
|
||||||
- '[Deployment,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
|
|
||||||
- '[Deployment/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
|
|
||||||
- '[Deployment,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
|
|
||||||
- '[Deployment/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
|
|
||||||
- '[Deployment,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
|
||||||
- '[Deployment/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
|
||||||
- '[Deployment,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
|
|
||||||
- '[Deployment/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
|
|
||||||
- '[Pod,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}-*]'
|
|
||||||
- '[Pod/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}-*]'
|
|
||||||
- '[Pod,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}-*]'
|
|
||||||
- '[Pod/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}-*]'
|
|
||||||
- '[Pod,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}-*]'
|
|
||||||
- '[Pod/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}-*]'
|
|
||||||
- '[Pod,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}-*]'
|
|
||||||
- '[Pod/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}-*]'
|
|
||||||
- '[Job,{{ include "kyverno.namespace" . }},{{ template "kyverno.fullname" . }}-hook-pre-delete]'
|
|
||||||
- '[Job/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.fullname" . }}-hook-pre-delete]'
|
|
||||||
- '[NetworkPolicy,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
|
|
||||||
- '[NetworkPolicy/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
|
|
||||||
- '[NetworkPolicy,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
|
|
||||||
- '[NetworkPolicy/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
|
|
||||||
- '[NetworkPolicy,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
|
||||||
- '[NetworkPolicy/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
|
||||||
- '[NetworkPolicy,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
|
|
||||||
- '[NetworkPolicy/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
|
|
||||||
- '[PodDisruptionBudget,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
|
|
||||||
- '[PodDisruptionBudget/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
|
|
||||||
- '[PodDisruptionBudget,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
|
|
||||||
- '[PodDisruptionBudget/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
|
|
||||||
- '[PodDisruptionBudget,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
|
||||||
- '[PodDisruptionBudget/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
|
||||||
- '[PodDisruptionBudget,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
|
|
||||||
- '[PodDisruptionBudget/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
|
|
||||||
- '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}]'
|
|
||||||
- '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}]'
|
|
||||||
- '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}-metrics]'
|
|
||||||
- '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}-metrics]'
|
|
||||||
- '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}-metrics]'
|
|
||||||
- '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}-metrics]'
|
|
||||||
- '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
|
||||||
- '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
|
||||||
- '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}-metrics]'
|
|
||||||
- '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}-metrics]'
|
|
||||||
- '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}-metrics]'
|
|
||||||
- '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}-metrics]'
|
|
||||||
- '[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template "kyverno.namespace" . }}{{ end }},{{ template "kyverno.admission-controller.name" . }}]'
|
|
||||||
- '[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template "kyverno.namespace" . }}{{ end }},{{ template "kyverno.background-controller.name" . }}]'
|
|
||||||
- '[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template "kyverno.namespace" . }}{{ end }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
|
||||||
- '[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template "kyverno.namespace" . }}{{ end }},{{ template "kyverno.reports-controller.name" . }}]'
|
|
||||||
- '[Secret,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}.{{ template "kyverno.namespace" . }}.svc.*]'
|
|
||||||
- '[Secret,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}.{{ template "kyverno.namespace" . }}.svc.*]'
|
|
||||||
|
|
|
@ -13,6 +13,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||||
|
@ -31,4 +32,5 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -4,4 +4,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./remove-cpu-limits.yaml
|
- ./remove-cpu-limits.yaml
|
||||||
- ./schematic-to-pod.yaml
|
|
||||||
|
|
|
@ -1,39 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kyverno.io/clusterpolicy_v1.json
|
|
||||||
apiVersion: kyverno.io/v1
|
|
||||||
kind: ClusterPolicy
|
|
||||||
metadata:
|
|
||||||
name: mutate-pod-binding
|
|
||||||
annotations:
|
|
||||||
pod-policies.kyverno.io/autogen-controllers: none
|
|
||||||
policies.kyverno.io/title: Mutate Pod Add Schematic
|
|
||||||
policies.kyverno.io/category: Other
|
|
||||||
policies.kyverno.io/subject: Pod
|
|
||||||
kyverno.io/kyverno-version: 1.10.0
|
|
||||||
policies.kyverno.io/minversion: 1.10.0
|
|
||||||
kyverno.io/kubernetes-version: "1.30"
|
|
||||||
spec:
|
|
||||||
background: false
|
|
||||||
rules:
|
|
||||||
- name: project-foo
|
|
||||||
match:
|
|
||||||
any:
|
|
||||||
- resources:
|
|
||||||
kinds:
|
|
||||||
- Pod/binding
|
|
||||||
names:
|
|
||||||
- apply-talos*
|
|
||||||
context:
|
|
||||||
- name: node
|
|
||||||
variable:
|
|
||||||
jmesPath: request.object.target.name
|
|
||||||
default: ""
|
|
||||||
- name: schematic
|
|
||||||
apiCall:
|
|
||||||
urlPath: "/api/v1/nodes/{{node}}"
|
|
||||||
jmesPath: 'metadata.annotations."extensions.talos.dev/schematic" || ''empty'''
|
|
||||||
mutate:
|
|
||||||
patchStrategicMerge:
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
extensions.talos.dev/schematic: "{{ schematic }}"
|
|
|
@ -22,4 +22,5 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -21,24 +21,3 @@ spec:
|
||||||
dependsOn:
|
dependsOn:
|
||||||
- name: external-secrets-stores
|
- name: external-secrets-stores
|
||||||
- name: rook-ceph-cluster
|
- name: rook-ceph-cluster
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: &app alertmanager-silencer
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
targetNamespace: observability
|
|
||||||
commonMetadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: *app
|
|
||||||
path: "./kubernetes/apps/observability/alertmanager/silencer"
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: theshire
|
|
||||||
wait: false
|
|
||||||
interval: 30m
|
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
|
||||||
|
|
|
@ -1,56 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: alertmanager-silencer
|
|
||||||
spec:
|
|
||||||
interval: 30m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: app-template
|
|
||||||
version: 3.0.4
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: bjw-s
|
|
||||||
namespace: flux-system
|
|
||||||
install:
|
|
||||||
remediation:
|
|
||||||
retries: 3
|
|
||||||
upgrade:
|
|
||||||
cleanupOnFail: true
|
|
||||||
remediation:
|
|
||||||
retries: 3
|
|
||||||
strategy: rollback
|
|
||||||
dependsOn:
|
|
||||||
- name: alertmanager
|
|
||||||
namespace: observability
|
|
||||||
values:
|
|
||||||
controllers:
|
|
||||||
alertmanager-silencer:
|
|
||||||
type: cronjob
|
|
||||||
cronjob:
|
|
||||||
schedule: "@daily"
|
|
||||||
containers:
|
|
||||||
app:
|
|
||||||
image:
|
|
||||||
repository: ghcr.io/onedr0p/kubanetics
|
|
||||||
tag: 2024.10.6
|
|
||||||
env:
|
|
||||||
SCRIPT_NAME: alertmanager-silencer.sh
|
|
||||||
ALERTMANAGER_URL: http://alertmanager.observability.svc.cluster.local:9093
|
|
||||||
MATCHERS_0: alertname=CephPGImbalance job=rook-ceph-exporter
|
|
||||||
securityContext:
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
readOnlyRootFilesystem: true
|
|
||||||
capabilities: { drop: ["ALL"] }
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 25m
|
|
||||||
limits:
|
|
||||||
memory: 128Mi
|
|
||||||
pod:
|
|
||||||
securityContext:
|
|
||||||
runAsUser: 568
|
|
||||||
runAsGroup: 568
|
|
||||||
runAsNonRoot: true
|
|
|
@ -1,6 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- ./helmrelease.yaml
|
|
|
@ -20,6 +20,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -17,4 +17,5 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -17,6 +17,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
@ -39,3 +40,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
|
|
|
@ -17,4 +17,5 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -19,6 +19,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -22,6 +22,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -47,4 +47,5 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -75,7 +75,7 @@ spec:
|
||||||
"--exclude-category", "music",
|
"--exclude-category", "music",
|
||||||
"--exclude-tag", "added:24h",
|
"--exclude-tag", "added:24h",
|
||||||
"--include-tag", "unregistered",
|
"--include-tag", "unregistered",
|
||||||
# "--dry-run",
|
"--dry-run",
|
||||||
"--server", "qbittorrent.$(POD_NAMESPACE).svc.cluster.local",
|
"--server", "qbittorrent.$(POD_NAMESPACE).svc.cluster.local",
|
||||||
"--port", "80"
|
"--port", "80"
|
||||||
]
|
]
|
||||||
|
@ -87,7 +87,7 @@ spec:
|
||||||
"--exclude-category", "music",
|
"--exclude-category", "music",
|
||||||
"--include-tag", "expired", # defined in config.yaml
|
"--include-tag", "expired", # defined in config.yaml
|
||||||
"--include-tag", "added:7d",
|
"--include-tag", "added:7d",
|
||||||
# "--dry-run",
|
"--dry-run",
|
||||||
"--server", "qbittorrent.$(POD_NAMESPACE).svc.cluster.local",
|
"--server", "qbittorrent.$(POD_NAMESPACE).svc.cluster.local",
|
||||||
"--port", "80"
|
"--port", "80"
|
||||||
]
|
]
|
||||||
|
|
|
@ -17,6 +17,7 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
@ -37,4 +38,5 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 15m
|
timeout: 15m
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
# Pre Flux-Kustomizations
|
|
||||||
- ./namespace.yaml
|
|
||||||
# Flux-Kustomizations
|
|
||||||
- ./system-upgrade-controller/ks.yaml
|
|
|
@ -1,38 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: system-upgrade
|
|
||||||
annotations:
|
|
||||||
kustomize.toolkit.fluxcd.io/prune: disabled
|
|
||||||
volsync.backube/privileged-movers: "true"
|
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/provider_v1beta3.json
|
|
||||||
apiVersion: notification.toolkit.fluxcd.io/v1beta3
|
|
||||||
kind: Provider
|
|
||||||
metadata:
|
|
||||||
name: alert-manager
|
|
||||||
namespace: system-upgrade
|
|
||||||
spec:
|
|
||||||
type: alertmanager
|
|
||||||
address: http://alertmanager.observability.svc.cluster.local:9093/api/v2/alerts/
|
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/alert_v1beta3.json
|
|
||||||
apiVersion: notification.toolkit.fluxcd.io/v1beta3
|
|
||||||
kind: Alert
|
|
||||||
metadata:
|
|
||||||
name: alert-manager
|
|
||||||
namespace: system-upgrade
|
|
||||||
spec:
|
|
||||||
providerRef:
|
|
||||||
name: alert-manager
|
|
||||||
eventSeverity: error
|
|
||||||
eventSources:
|
|
||||||
- kind: HelmRelease
|
|
||||||
name: "*"
|
|
||||||
exclusionList:
|
|
||||||
- "error.*lookup github\\.com"
|
|
||||||
- "error.*lookup raw\\.githubusercontent\\.com"
|
|
||||||
- "dial.*tcp.*timeout"
|
|
||||||
- "waiting.*socket"
|
|
||||||
suspend: false
|
|
|
@ -1,101 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: &app system-upgrade-controller
|
|
||||||
spec:
|
|
||||||
interval: 30m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: app-template
|
|
||||||
version: 3.5.1
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: bjw-s
|
|
||||||
namespace: flux-system
|
|
||||||
install:
|
|
||||||
remediation:
|
|
||||||
retries: 3
|
|
||||||
upgrade:
|
|
||||||
cleanupOnFail: true
|
|
||||||
remediation:
|
|
||||||
strategy: rollback
|
|
||||||
retries: 3
|
|
||||||
values:
|
|
||||||
controllers:
|
|
||||||
system-upgrade-controller:
|
|
||||||
strategy: RollingUpdate
|
|
||||||
containers:
|
|
||||||
app:
|
|
||||||
image:
|
|
||||||
repository: docker.io/rancher/system-upgrade-controller
|
|
||||||
tag: v0.14.1@sha256:7e13a9b2b984f0c0fd6328439b575348723cc6954b91db3453057fcb784e2d29
|
|
||||||
env:
|
|
||||||
SYSTEM_UPGRADE_CONTROLLER_DEBUG: false
|
|
||||||
SYSTEM_UPGRADE_CONTROLLER_THREADS: 2
|
|
||||||
SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: 900
|
|
||||||
SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: 99
|
|
||||||
SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: IfNotPresent
|
|
||||||
SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: registry.k8s.io/kubectl:v1.31.1
|
|
||||||
SYSTEM_UPGRADE_JOB_POD_REPLACEMENT_POLICY: Failed
|
|
||||||
SYSTEM_UPGRADE_JOB_PRIVILEGED: true
|
|
||||||
SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: 900
|
|
||||||
SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: 15m
|
|
||||||
SYSTEM_UPGRADE_CONTROLLER_NAME: *app
|
|
||||||
SYSTEM_UPGRADE_CONTROLLER_NAMESPACE:
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: metadata.namespace
|
|
||||||
securityContext:
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
readOnlyRootFilesystem: true
|
|
||||||
capabilities: { drop: ["ALL"] }
|
|
||||||
seccompProfile:
|
|
||||||
type: RuntimeDefault
|
|
||||||
defaultPodOptions:
|
|
||||||
securityContext:
|
|
||||||
runAsNonRoot: true
|
|
||||||
runAsUser: 65534
|
|
||||||
runAsGroup: 65534
|
|
||||||
seccompProfile: { type: RuntimeDefault }
|
|
||||||
affinity:
|
|
||||||
nodeAffinity:
|
|
||||||
requiredDuringSchedulingIgnoredDuringExecution:
|
|
||||||
nodeSelectorTerms:
|
|
||||||
- matchExpressions:
|
|
||||||
- key: node-role.kubernetes.io/control-plane
|
|
||||||
operator: Exists
|
|
||||||
tolerations:
|
|
||||||
- key: CriticalAddonsOnly
|
|
||||||
operator: Exists
|
|
||||||
- key: node-role.kubernetes.io/control-plane
|
|
||||||
operator: Exists
|
|
||||||
effect: NoSchedule
|
|
||||||
- key: node-role.kubernetes.io/master
|
|
||||||
operator: Exists
|
|
||||||
effect: NoSchedule
|
|
||||||
serviceAccount:
|
|
||||||
create: true
|
|
||||||
name: system-upgrade
|
|
||||||
persistence:
|
|
||||||
tmp:
|
|
||||||
type: emptyDir
|
|
||||||
etc-ssl:
|
|
||||||
type: hostPath
|
|
||||||
hostPath: /etc/ssl
|
|
||||||
hostPathType: DirectoryOrCreate
|
|
||||||
globalMounts:
|
|
||||||
- readOnly: true
|
|
||||||
etc-pki:
|
|
||||||
type: hostPath
|
|
||||||
hostPath: /etc/pki
|
|
||||||
hostPathType: DirectoryOrCreate
|
|
||||||
globalMounts:
|
|
||||||
- readOnly: true
|
|
||||||
etc-ca-certificates:
|
|
||||||
type: hostPath
|
|
||||||
hostPath: /etc/ca-certificates
|
|
||||||
hostPathType: DirectoryOrCreate
|
|
||||||
globalMounts:
|
|
||||||
- readOnly: true
|
|
|
@ -1,7 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- helmrelease.yaml
|
|
||||||
- rbac.yaml
|
|
|
@ -1,21 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: system-upgrade
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: cluster-admin
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: system-upgrade
|
|
||||||
namespace: system-upgrade
|
|
||||||
---
|
|
||||||
apiVersion: talos.dev/v1alpha1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
name: talos
|
|
||||||
spec:
|
|
||||||
roles:
|
|
||||||
- os:admin
|
|
|
@ -1,50 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: &app system-upgrade-controller
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
targetNamespace: system-upgrade
|
|
||||||
commonMetadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: *app
|
|
||||||
dependsOn:
|
|
||||||
- name: node-feature-discovery-rules
|
|
||||||
path: ./kubernetes/apps/system-upgrade/system-upgrade-controller/app
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: theshire
|
|
||||||
wait: true
|
|
||||||
interval: 30m
|
|
||||||
timeout: 5m
|
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: &app system-upgrade-controller-plans
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
targetNamespace: system-upgrade
|
|
||||||
commonMetadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: *app
|
|
||||||
dependsOn:
|
|
||||||
- name: system-upgrade-controller
|
|
||||||
path: ./kubernetes/apps/system-upgrade/system-upgrade-controller/plans
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: theshire
|
|
||||||
wait: false
|
|
||||||
interval: 30m
|
|
||||||
timeout: 5m
|
|
||||||
postBuild:
|
|
||||||
substitute:
|
|
||||||
# renovate: datasource=docker depName=ghcr.io/siderolabs/installer
|
|
||||||
TALOS_VERSION: v1.8.1
|
|
||||||
# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
|
|
||||||
KUBERNETES_VERSION: v1.30.2
|
|
|
@ -1,45 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/upgrade.cattle.io/plan_v1.json
|
|
||||||
apiVersion: upgrade.cattle.io/v1
|
|
||||||
kind: Plan
|
|
||||||
metadata:
|
|
||||||
name: kubernetes
|
|
||||||
spec:
|
|
||||||
version: ${KUBERNETES_VERSION}
|
|
||||||
serviceAccountName: system-upgrade
|
|
||||||
secrets:
|
|
||||||
- name: talos
|
|
||||||
path: /var/run/secrets/talos.dev
|
|
||||||
ignoreUpdates: true
|
|
||||||
concurrency: 1
|
|
||||||
exclusive: true
|
|
||||||
nodeSelector:
|
|
||||||
matchExpressions:
|
|
||||||
- key: feature.node.kubernetes.io/system-os_release.ID
|
|
||||||
operator: In
|
|
||||||
values: ["talos"]
|
|
||||||
- key: node-role.kubernetes.io/control-plane
|
|
||||||
operator: Exists
|
|
||||||
tolerations:
|
|
||||||
- key: CriticalAddonsOnly
|
|
||||||
operator: Exists
|
|
||||||
- key: node-role.kubernetes.io/control-plane
|
|
||||||
operator: Exists
|
|
||||||
effect: NoSchedule
|
|
||||||
prepare: &prepare
|
|
||||||
image: ghcr.io/siderolabs/talosctl:${TALOS_VERSION}
|
|
||||||
envs:
|
|
||||||
- name: NODE_IP
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: status.hostIP
|
|
||||||
args:
|
|
||||||
- --nodes=$(NODE_IP)
|
|
||||||
- health
|
|
||||||
- --server=false
|
|
||||||
upgrade:
|
|
||||||
<<: *prepare
|
|
||||||
args:
|
|
||||||
- --nodes=$(NODE_IP)
|
|
||||||
- upgrade-k8s
|
|
||||||
- --to=$(SYSTEM_UPGRADE_PLAN_LATEST_VERSION)
|
|
|
@ -1,7 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- ./kubernetes.yaml
|
|
||||||
- ./talos.yaml
|
|
|
@ -1,51 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/upgrade.cattle.io/plan_v1.json
|
|
||||||
apiVersion: upgrade.cattle.io/v1
|
|
||||||
kind: Plan
|
|
||||||
metadata:
|
|
||||||
name: talos
|
|
||||||
spec:
|
|
||||||
version: ${TALOS_VERSION}
|
|
||||||
serviceAccountName: system-upgrade
|
|
||||||
secrets:
|
|
||||||
- name: talos
|
|
||||||
path: /var/run/secrets/talos.dev
|
|
||||||
ignoreUpdates: true
|
|
||||||
concurrency: 1
|
|
||||||
exclusive: true
|
|
||||||
nodeSelector:
|
|
||||||
matchExpressions:
|
|
||||||
- key: feature.node.kubernetes.io/system-os_release.ID
|
|
||||||
operator: In
|
|
||||||
values: ["talos"]
|
|
||||||
- key: feature.node.kubernetes.io/system-os_release.VERSION_ID
|
|
||||||
operator: NotIn
|
|
||||||
values: ["${TALOS_VERSION}"]
|
|
||||||
tolerations:
|
|
||||||
- key: CriticalAddonsOnly
|
|
||||||
operator: Exists
|
|
||||||
- key: node-role.kubernetes.io/control-plane
|
|
||||||
operator: Exists
|
|
||||||
effect: NoSchedule
|
|
||||||
prepare: &prepare
|
|
||||||
image: ghcr.io/siderolabs/talosctl:${TALOS_VERSION}
|
|
||||||
envs:
|
|
||||||
- name: NODE_IP
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: status.hostIP
|
|
||||||
- name: TALOS_SCHEMATIC_ID
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: metadata.annotations['extensions.talos.dev/schematic']
|
|
||||||
args:
|
|
||||||
- --nodes=$(NODE_IP)
|
|
||||||
- health
|
|
||||||
- --server=false
|
|
||||||
upgrade:
|
|
||||||
<<: *prepare
|
|
||||||
args:
|
|
||||||
- --nodes=$(NODE_IP)
|
|
||||||
- upgrade
|
|
||||||
- --image=factory.talos.dev/installer/$(TALOS_SCHEMATIC_ID):$(SYSTEM_UPGRADE_PLAN_LATEST_VERSION)
|
|
||||||
- --wait=false
|
|
|
@ -17,4 +17,5 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -50,7 +50,7 @@ releases:
|
||||||
- name: spegel
|
- name: spegel
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
chart: oci://ghcr.io/spegel-org/helm-charts/spegel
|
chart: oci://ghcr.io/spegel-org/helm-charts/spegel
|
||||||
version: v0.0.26
|
version: v0.0.25
|
||||||
values:
|
values:
|
||||||
- ../apps/kube-system/spegel/app/helm-values.yml
|
- ../apps/kube-system/spegel/app/helm-values.yml
|
||||||
needs:
|
needs:
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/talconfig.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/talconfig.json
|
||||||
clusterName: theshire
|
clusterName: theshire
|
||||||
|
|
||||||
talosVersion: v1.8.1
|
talosVersion: v1.7.6
|
||||||
kubernetesVersion: 1.30.2
|
kubernetesVersion: 1.30.2
|
||||||
endpoint: "https://10.1.1.57:6444"
|
endpoint: "https://10.1.1.57:6444"
|
||||||
|
|
||||||
|
@ -107,8 +107,8 @@ nodes:
|
||||||
systemExtensions:
|
systemExtensions:
|
||||||
officialExtensions:
|
officialExtensions:
|
||||||
- siderolabs/amd-ucode
|
- siderolabs/amd-ucode
|
||||||
- siderolabs/nonfree-kmod-nvidia-production
|
- siderolabs/nonfree-kmod-nvidia
|
||||||
- siderolabs/nvidia-container-toolkit-production
|
- siderolabs/nvidia-container-toolkit
|
||||||
|
|
||||||
worker:
|
worker:
|
||||||
schematic:
|
schematic:
|
||||||
|
|
Loading…
Reference in a new issue