jahanson/theshire
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: jahanson:40dfdd3b697098764e077f7e34df629e781a889f
Branches Tags
jahanson:main
jahanson:renovate/ghcr.io-onedr0p-sonarr-develop-4.x
jahanson:kasm-wip
jahanson:multus-app-template-style
jahanson:renovate/configure
jahanson:bgp->l2
jahanson:swap-to-zfs
..
compare: jahanson:865c44aee4aa01c3be74b925465e435afddd72ff
Branches Tags
jahanson:renovate/ghcr.io-onedr0p-sonarr-develop-4.x
jahanson:main
jahanson:kasm-wip
jahanson:multus-app-template-style
jahanson:renovate/configure
jahanson:bgp->l2
jahanson:swap-to-zfs

1 commit
40dfdd3b69 ... 865c44aee4

Author SHA1 Message Date
Renovate Bot
865c44aee4 Update dependency HelmRelease to helm.toolkit.fluxcd.io/v2 2024-05-20 13:01:57 +00:00
12 changed files with 12 additions and 327 deletions
Show stats Expand all files Collapse all files

16
kubernetes/apps/ci-runners/forgejo/app/helmrelease.yaml
View file

@ -41,29 +41,27 @@ spec:
- $(RUNNER_NAME)
- "--instance"
- $(FORGEJO_INSTANCE_URL)
- "--labels"
- "docker:docker://node:20-bullseye,x86_64:docker://node:20-bullseye,linux:docker://node:20-bullseye,pc:docker://node:20-bullseye,ubuntu-x86_64:docker://node:20-bullseye"
env:
- name: RUNNER_NAME
valueFrom:
secretKeyRef:
name: forgejo-runner-secret
name: runner-secret
key: RUNNER_NAME
- name: RUNNER_TOKEN
valueFrom:
secretKeyRef:
name: forgejo-runner-secret
name: runner-secret
key: RUNNER_TOKEN
- name: FORGEJO_INSTANCE_URL
valueFrom:
secretKeyRef:
name: forgejo-runner-secret
name: runner-secret
key: FORGEJO_INSTANCE_URL
containers:
daemon:
image:
repository: docker
tag: 26.1.3-dind
tag: 23.0.6-dind
securityContext:
privileged: true
env:
@ -94,8 +92,10 @@ spec:
port: 45315
persistence:
docker-certs:
type: emptyDir
globalMounts:
name: docker-certs
advancedMounts:
forgejo-runner:
app:
- path: /certs
runner-data:
type: emptyDir

2
kubernetes/apps/default/radarr/app/helmrelease.yaml
View file

@ -72,7 +72,7 @@ spec:
requests:
cpu: 10m
limits:
memory: 8Gi
memory: 4Gi
pod:
securityContext:
runAsUser: 568

2
kubernetes/apps/kube-system/descheduler/app/helmrelease.yaml
View file

@ -9,7 +9,7 @@ spec:
chart:
spec:
chart: descheduler
version: 0.30.0
version: 0.29.0
sourceRef:
kind: HelmRepository
name: descheduler

2
kubernetes/apps/kube-system/multus/app/helmrelease.yaml
View file

@ -23,7 +23,7 @@ spec:
cni:
image:
repository: ghcr.io/angelnu/cni-plugins
tag: 1.5.0
tag: 1.4.1
paths:
config: /etc/cni/net.d

22
kubernetes/apps/kubevirt/cdi/ingress.yaml
View file

@ -1,22 +0,0 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cdi-uploadproxy
namespace: cdi
spec:
ingressClassName: internal-nginx
rules:
- host: &host "cdi.jahanson.tech"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cdi-uploadproxy
port:
number: 443
tls:
- hosts:
- *host

9
kubernetes/apps/kubevirt/kustomization.yaml
View file

@ -1,9 +0,0 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# Pre Flux-Kustomizations
- ./namespace.yaml
# Flux-Kustomizations
- ./manager/ks.yaml

83
kubernetes/apps/kubevirt/manager/app/helmrelease.yaml
View file

@ -1,83 +0,0 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app kubevirt-manager
spec:
interval: 30m
chart:
spec:
chart: app-template
version: 3.1.0
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
maxHistory: 2
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
values:
controllers:
kubevirt-manager:
annotations:
reloader.stakater.com/auto: "true"
containers:
app:
image:
repository: docker.io/kubevirtmanager/kubevirt-manager
tag: 1.3.3
env:
TZ: America/Chicago
resources:
requests:
cpu: 5m
memory: 50Mi
limits:
memory: 150Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
pod:
securityContext:
runAsUser: 10000
runAsGroup: 30000
serviceAccount:
create: true
name: kubevirt-manager
service:
app:
controller: kubevirt-manager
ports:
http:
port: 8001
ingress:
app:
className: internal-nginx
hosts:
- host: &host "kubevirt.jahanson.tech"
paths:
- path: /
pathType: Prefix
service:
identifier: app
port: http
tls:
- hosts:
- *host
persistence:
cache:
type: emptyDir
globalMounts:
- path: /var/cache/nginx
run:
type: emptyDir
globalMounts:
- path: /var/run

7
kubernetes/apps/kubevirt/manager/app/kustomization.yaml
View file

@ -1,7 +0,0 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml
- ./rbac.yaml

110
kubernetes/apps/kubevirt/manager/app/rbac.yaml
View file

@ -1,110 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubevirt-manager
rules:
- apiGroups: [""]
resources: ["nodes", "namespaces"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["customresourcedefinitions"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["persistentvolumeclaims", "persistentvolumes", "services", "secrets", "serviceaccounts", "configmaps", "deployments"]
verbs: ["*"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["rolebindings"]
verbs: ["*"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["*"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list"]
- apiGroups: ["k8s.cni.cncf.io"]
resources: ["network-attachment-definitions"]
verbs: ["get", "list"]
- apiGroups: ["kubevirt.io"]
resources: ["virtualmachines", "virtualmachineinstances"]
verbs: ["*"]
- apiGroups: ["subresources.kubevirt.io"]
resources: ["*"]
verbs: ["get", "list", "update", "patch"]
- apiGroups: ["instancetype.kubevirt.io"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["cdi.kubevirt.io"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["pool.kubevirt.io"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["scheduling.k8s.io"]
resources: ["priorityclasses"]
verbs: ["get", "list"]
- apiGroups: ["autoscaling"]
resources: ["horizontalpodautoscalers"]
verbs: ["*"]
- apiGroups: ["cluster.x-k8s.io"]
resources: ["clusters", "machinedeployments"]
verbs: ["*"]
- apiGroups: ["controlplane.cluster.x-k8s.io"]
resources: ["kubeadmcontrolplanes"]
verbs: ["*"]
- apiGroups: ["infrastructure.cluster.x-k8s.io"]
resources: ["kubevirtmachinetemplates", "kubevirtclusters"]
verbs: ["*"]
- apiGroups: ["bootstrap.cluster.x-k8s.io"]
resources: ["kubeadmconfigtemplates"]
verbs: ["*"]
- apiGroups: ["addons.cluster.x-k8s.io"]
resources: ["clusterresourcesets"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubevirt-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-manager
subjects:
- kind: ServiceAccount
name: kubevirt-manager
namespace: kubevirt
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubevirt-manager-kccm
rules:
- apiGroups: ["kubevirt.io"]
resources: ["virtualmachines"]
verbs: ["get", "list", "watch"]
- apiGroups: ["kubevirt.io"]
resources: ["virtualmachineinstances"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["services"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubevirt-manager-kccm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-manager-kccm
subjects:
- kind: ServiceAccount
name: kubevirt-manager
namespace: kubevirt

18
kubernetes/apps/kubevirt/manager/ks.yaml
View file

@ -1,18 +0,0 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app kubevirt-manager
namespace: flux-system
spec:
targetNamespace: kubevirt
path: ./kubernetes/apps/kubevirt/manager/app
prune: true
sourceRef:
kind: GitRepository
name: homelab
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m

10
kubernetes/apps/kubevirt/namespace.yaml
View file

@ -1,10 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: kubevirt
labels:
kustomize.toolkit.fluxcd.io/prune: disabled
volsync.backube/privileged-movers: "true"
pod-security.kubernetes.io/enforce: "privileged"
kubevirt.io: ""

56
kubernetes/apps/kubevirt/vms/fj-runner-01.yaml
View file

@ -1,56 +0,0 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/kubevirt.io/virtualmachine_v1.json
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: fj-runner-01
namespace: default
uid: e0725361-eb07-44bc-bb01-7a1dba39622a
labels:
kubevirt-manager.io/managed: "true"
kubevirt.io/domain: fj-runner-01
spec:
running: true
template:
metadata:
creationTimestamp: null
labels:
kubevirt-manager.io/managed: "true"
kubevirt.io/domain: fj-runner-01
spec:
architecture: amd64
domain:
cpu:
cores: 4
sockets: 1
threads: 2
devices:
disks:
- disk: {}
name: disk1
bootOrder: 0
- disk: {}
name: disk2
bootOrder: 1
interfaces:
- bridge: {}
name: net1
networkInterfaceMultiqueue: true
machine:
type: q35
resources:
requests:
memory: 8Gi
networks:
- name: net1
pod: {}
nodeSelector:
kubernetes.io/hostname: shadowfax
priorityClassName: vm-standard
volumes:
- dataVolume:
name: default-fj-runner-01-disk1
name: disk1
- dataVolume:
name: default-fj-runner-01-disk2
name: disk2