13 changed files with 15 additions and 200 deletions
--- a/kubernetes/apps/database/dragonfly/app/dragonfly.yaml
+++ b/kubernetes/apps/database/dragonfly/app/dragonfly.yaml
@ -16,7 +16,6 @@ spec:
      memory: 3Gi
  args:
    - "--proactor_threads=4"
    - "--default_lua_flags=allow-undeclared-keys"
  # Need retention policy before this is enabled
  # Or add S3 details and enable retention policy on the bucket.
  # snapshot:
--- a/kubernetes/apps/default/prowlarr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml
@ -31,7 +31,7 @@ spec:
          app:
            image:
              repository: ghcr.io/onedr0p/prowlarr-develop
-              tag: 1.15.0.4361@sha256:833d7ca0c25e6ad28b48c0624fc54947bdaa724bba1a25c85b21d8484a96db3c
+              tag: 1.15.0.4361@sha256:0b6b55c6b230da58c73dce53976c3ff866cab099eefc9d5a1e85bf6b1c610ae1
            env:
              # Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
              # Ref: https://github.com/dotnet/runtime/issues/9336
--- a/kubernetes/apps/kube-system/intel-device-plugin/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/intel-device-plugin/app/helmrelease.yaml
@ -1,29 +0,0 @@
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: intel-device-plugin-operator
 spec:
  interval: 30m
  chart:
    spec:
      chart: intel-device-plugins-operator
      version: 0.29.0
      sourceRef:
        kind: HelmRepository
        name: intel
        namespace: flux-system
  install:
    crds: CreateReplace
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    crds: CreateReplace
    remediation:
      strategy: rollback
      retries: 3
  dependsOn:
    - name: node-feature-discovery
      namespace: kube-system
--- a/kubernetes/apps/kube-system/intel-device-plugin/app/kustomization.yaml
+++ b/kubernetes/apps/kube-system/intel-device-plugin/app/kustomization.yaml
@ -1,6 +0,0 @@
 ---
 # yaml-language-server: $schema=https://json.schemastore.org/kustomization
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./helmrelease.yaml
--- a/kubernetes/apps/kube-system/intel-device-plugin/gpu/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/intel-device-plugin/gpu/helmrelease.yaml
@ -1,31 +0,0 @@
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: intel-device-plugin-gpu
 spec:
  interval: 30m
  chart:
    spec:
      chart: intel-device-plugins-gpu
      version: 0.29.0
      sourceRef:
        kind: HelmRepository
        name: intel
        namespace: flux-system
  install:
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      strategy: rollback
      retries: 3
  dependsOn:
    - name: intel-device-plugin-operator
      namespace: kube-system
  values:
    name: intel-gpu-plugin
    sharedDevNum: 3
    nodeFeatureRule: true
--- a/kubernetes/apps/kube-system/intel-device-plugin/gpu/kustomization.yaml
+++ b/kubernetes/apps/kube-system/intel-device-plugin/gpu/kustomization.yaml
@ -1,6 +0,0 @@
 ---
 # yaml-language-server: $schema=https://json.schemastore.org/kustomization
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./helmrelease.yaml
--- a/kubernetes/apps/kube-system/intel-device-plugin/ks.yaml
+++ b/kubernetes/apps/kube-system/intel-device-plugin/ks.yaml
@ -1,42 +0,0 @@
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: &app intel-device-plugin
  namespace: flux-system
 spec:
  targetNamespace: kube-system
  commonMetadata:
    labels:
      app.kubernetes.io/name: *app
  path: ./kubernetes/apps/kube-system/intel-device-plugin/app
  prune: true
  sourceRef:
    kind: GitRepository
    name: homelab
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: &app intel-device-plugin-gpu
  namespace: flux-system
 spec:
  targetNamespace: kube-system
  commonMetadata:
    labels:
      app.kubernetes.io/name: *app
  path: ./kubernetes/apps/kube-system/intel-device-plugin/gpu
  prune: true
  sourceRef:
    kind: GitRepository
    name: homelab
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/kube-system/kustomization.yaml
+++ b/kubernetes/apps/kube-system/kustomization.yaml
@ -10,7 +10,6 @@ resources:
  - ./descheduler/ks.yaml
  - ./fstrim/ks.yaml
  - ./metrics-server/ks.yaml
  - ./intel-device-plugin/ks.yaml
  - ./nvidia-device-plugin/ks.yaml
  - ./node-feature-discovery/ks.yaml
  - ./reloader/ks.yaml
--- a/kubernetes/apps/media/immich/app/machine-learning/helmrelease.yaml
+++ b/kubernetes/apps/media/immich/app/machine-learning/helmrelease.yaml
@ -59,10 +59,6 @@ spec:
                  secretKeyRef:
                    name: immich-pguser-immich
                    key: uri
    pod:
      nodeSelector:
        nvidia.com/gpu.present: "true"
      runtimeClassName: nvidia
    service:
      app:
        controller: immich-machine-learning
--- a/kubernetes/apps/media/immich/app/microservices/helmrelease.yaml
+++ b/kubernetes/apps/media/immich/app/microservices/helmrelease.yaml
@ -62,10 +62,6 @@ spec:
                  secretKeyRef:
                    name: immich-pguser-immich
                    key: uri
    pod:
      nodeSelector:
        nvidia.com/gpu.present: "true"
      runtimeClassName: nvidia
    service:
      app:
        controller: immich-microservices
--- a/kubernetes/bootstrap/readme.md
+++ b/kubernetes/bootstrap/readme.md
@ -7,27 +7,8 @@
 ```sh
 omnictl cluster template sync -f ./template.yaml --omniconfig ./omniconfig.yaml
 ```
 ## CNI
-### Install Cilium
+## Flux
 ```sh
 cilium install \
    --helm-set=ipam.mode=kubernetes \
    --helm-set=kubeProxyReplacement=true \
    --helm-set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
    --helm-set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
    --helm-set=cgroup.autoMount.enabled=false \
    --helm-set=cgroup.hostRoot=/sys/fs/cgroup \
    --helm-set=k8sServiceHost=127.0.0.1 \
    --helm-set=k8sServicePort=7445 \
    --helm-set=bgpControlPlane.enabled=true \
    --helm-set=bgp.enabled=false \
    --helm-set=bgp.announce.loadbalancerIP=true \
    --helm-set=bgp.announce.podCIDR=false
 ```
 ## Flux Prep
 ### Install Flux
@ -44,15 +25,10 @@ sops --decrypt kubernetes/bootstrap/flux/age-key.sops.yaml | kubectl apply -f -
 sops --decrypt kubernetes/bootstrap/flux/git-deploy-key.sops.yaml | kubectl apply -f -
 sops --decrypt kubernetes/flux/vars/cluster-secrets.sops.yaml | kubectl apply -f -
 kubectl apply -f kubernetes/flux/vars/cluster-settings.yaml
 kubectl apply -k kubernetes/bootstrap/kps-crds/
 ```
-## Wipe Rook Ceph
+### Kick off Flux applying this repository
 ```sh
 kubectl apply -f kubernetes/tools/wiperook.yaml
 ```
 ## Kick off Flux applying this repository
 ```sh
 kubectl apply --server-side --kustomize ./kubernetes/flux/config
--- a/kubernetes/tools/wipeone.yaml
+++ b/kubernetes/tools/wipeone.yaml
@ -1,37 +0,0 @@
 ---
 apiVersion: v1
 kind: Pod
 metadata:
  name: disk-wipe-one
  namespace: rook-ceph
 spec:
  restartPolicy: Never
  nodeName: talos-ltk-p4a
  containers:
    - name: disk-wipe
      image: ghcr.io/onedr0p/alpine:3.19.1@sha256:3fbc581cb0fe29830376161ae026e2a765dcc11e1747477fe9ebf155720b8638
      securityContext:
        privileged: true
      resources: {}
      env:
        - name: CEPH_DISK
          value: "/dev/xvdb"
      command:
        [
          "/bin/sh",
          "-c"
        ]
      args:
        - apk add --no-cache sgdisk util-linux parted;
          sgdisk --zap-all $CEPH_DISK;
          blkdiscard $CEPH_DISK;
          dd if=/dev/zero bs=1M count=1000 oflag=direct of=$CEPH_DISK;
          partprobe $CEPH_DISK;
      volumeMounts:
        - mountPath: /mnt/host_var
          name: host-var
  volumes:
    - name: host-var
      hostPath:
        path: /var
--- a/kubernetes/tools/wiperook.yaml
+++ b/kubernetes/tools/wiperook.yaml
@ -2,11 +2,11 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: disk-wipe-s01
+  name: disk-wipe-nessa
-  namespace: kube-system
+  namespace: rook-ceph
 spec:
  restartPolicy: Never
-  nodeName: talos-0ye-ep1
+  nodeName: talos-nz9-4fz
  containers:
    - name: disk-wipe
      image: ghcr.io/onedr0p/alpine:3.19.1@sha256:3fbc581cb0fe29830376161ae026e2a765dcc11e1747477fe9ebf155720b8638
@ -39,11 +39,11 @@ spec:
 apiVersion: v1
 kind: Pod
 metadata:
-  name: disk-wipe-anduril
+  name: disk-wipe-nienna
-  namespace: kube-system
+  namespace: rook-ceph
 spec:
  restartPolicy: Never
-  nodeName: talos-9pw-zvs
+  nodeName: talos-9c9-dj0
  containers:
    - name: disk-wipe
      image: ghcr.io/onedr0p/alpine:3.19.1@sha256:3fbc581cb0fe29830376161ae026e2a765dcc11e1747477fe9ebf155720b8638
@ -52,7 +52,7 @@ spec:
      resources: {}
      env:
        - name: CEPH_DISK
-          value: "/dev/nvme1n1"
+          value: "/dev/xvdb"
      command:
        [
          "/bin/sh",
@ -76,11 +76,11 @@ spec:
 apiVersion: v1
 kind: Pod
 metadata:
-  name: disk-wipe-g01
+  name: disk-wipe-orome
-  namespace: kube-system
+  namespace: rook-ceph
 spec:
  restartPolicy: Never
-  nodeName: 
+  nodeName: talos-dz9-5ys
  containers:
    - name: disk-wipe
      image: ghcr.io/onedr0p/alpine:3.19.1@sha256:3fbc581cb0fe29830376161ae026e2a765dcc11e1747477fe9ebf155720b8638
@ -89,7 +89,7 @@ spec:
      resources: {}
      env:
        - name: CEPH_DISK
-          value: "/dev/nvme0n1"
+          value: "/dev/xvdb"
      command:
        [