jahanson/theshire
1
0
Fork 0
Code Issues 1 Pull requests 3 Projects Releases Packages Wiki Activity Actions

Compare commits

base: jahanson:714a9f5a91362f6db1cab2124fde0fab4edc2194
Branches Tags
jahanson:main
jahanson:renovate/kyverno-3.x
jahanson:renovate/siderolabs-talos-1.x
jahanson:renovate/coder-2.x
jahanson:shokoserver
jahanson:kasm-wip
jahanson:multus-app-template-style
jahanson:renovate/configure
jahanson:bgp->l2
jahanson:swap-to-zfs
..
compare: jahanson:1ef291fdd465806dec72cb232bcfa004105434d9
Branches Tags
jahanson:renovate/kyverno-3.x
jahanson:main
jahanson:renovate/siderolabs-talos-1.x
jahanson:renovate/coder-2.x
jahanson:shokoserver
jahanson:kasm-wip
jahanson:multus-app-template-style
jahanson:renovate/configure
jahanson:bgp->l2
jahanson:swap-to-zfs

No commits in common. "714a9f5a91362f6db1cab2124fde0fab4edc2194" and "1ef291fdd465806dec72cb232bcfa004105434d9" have entirely different histories.
714a9f5a91 ... 1ef291fdd4

22 changed files with 97 additions and 173 deletions
Show stats Expand all files Collapse all files

26
kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
View file

@ -50,13 +50,9 @@ spec:
extraConfig: extraConfig:
allow-localhost: policy # enable policies for localhost allow-localhost: policy # enable policies for localhost
kubeProxyReplacement: true kubeProxyReplacement: true
k8sServiceHost: 127.0.0.1 k8sServiceHost: ${K8S_SERVICE_ENDPOINT}
k8sServicePort: 7445 k8sServicePort: 6443
rollOutCiliumPods: true rollOutCiliumPods: true
cgroup:
automount:
enabled: false
hostRoot: /sys/fs/cgroup
bgp: bgp:
enabled: false enabled: false
announce: announce:
@ -64,21 +60,3 @@ spec:
podCIDR: false podCIDR: false
bgpControlPlane: bgpControlPlane:
enabled: true enabled: true
securityContext:
capabilities:
ciliumAgent:
- CHOWN
- KILL
- NET_ADMIN
- NET_RAW
- IPC_LOCK
- SYS_ADMIN
- SYS_RESOURCE
- DAC_OVERRIDE
- FOWNER
- SETGID
- SETUID
cleanCiliumState:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE

34
kubernetes/apps/kube-system/spegel/app/helmrelease.yaml
View file

@ -1,34 +0,0 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: spegel
spec:
interval: 30m
chart:
spec:
chart: spegel
version: v0.0.18
sourceRef:
kind: HelmRepository
name: xenitab
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
uninstall:
keepHistory: false
values:
spegel:
containerdSock: /run/containerd/containerd.sock
containerdRegistryConfigPath: /etc/cri/conf.d/hosts
service:
registry:
hostPort: 29999
serviceMonitor:
enabled: true

9
kubernetes/apps/openebs-system/kustomization.yaml
View file

@ -1,9 +0,0 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# Pre Flux-Kustomizations
- ./namespace.yaml
# Flux-Kustomizations
- ./openebs/ks.yaml

8
kubernetes/apps/openebs-system/namespace.yaml
View file

@ -1,8 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: openebs-system
annotations:
kustomize.toolkit.fluxcd.io/prune: disabled
volsync.backube/privileged-movers: "true"

32
kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml
View file

@ -1,32 +0,0 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: openebs
spec:
interval: 30m
chart:
spec:
chart: openebs
version: 3.10.0
sourceRef:
kind: HelmRepository
name: openebs
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
uninstall:
keepHistory: false
values:
localprovisioner:
hostpathClass:
enabled: true
name: openebs-hostpath
isDefaultClass: false
basePath: /var/openebs/local

6
kubernetes/apps/openebs-system/openebs/app/kustomization.yaml
View file

@ -1,6 +0,0 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml

21
kubernetes/apps/openebs-system/openebs/ks.yaml
View file

@ -1,21 +0,0 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app openebs
namespace: flux-system
spec:
targetNamespace: openebs-system
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/openebs-system/openebs/app
prune: true
sourceRef:
kind: GitRepository
name: homelab
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m

1
kubernetes/apps/volsync-system/kustomization.yaml → kubernetes/apps/storage/kustomization.yaml
View file

@ -6,5 +6,6 @@ resources:
# Pre Flux-Kustomizations # Pre Flux-Kustomizations
- ./namespace.yaml - ./namespace.yaml
# Flux-Kustomizations # Flux-Kustomizations
- ./local-path-provisioner/ks.yaml
- ./snapshot-controller/ks.yaml - ./snapshot-controller/ks.yaml
- ./volsync/ks.yaml - ./volsync/ks.yaml

77
kubernetes/apps/storage/local-path-provisioner/app/helmrelease.yaml Normal file
View file

@ -0,0 +1,77 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: local-path-provisioner
spec:
interval: 30m
chart:
spec:
chart: democratic-csi
version: 0.14.5
sourceRef:
name: democratic-csi
kind: HelmRepository
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
uninstall:
keepHistory: false
values:
fullnameOverride: local-path-provisioner
controller:
strategy: node
externalProvisioner:
image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0
extraArgs:
- --leader-election=false
- --node-deployment=true
- --node-deployment-immediate-binding=false
- --feature-gates=Topology=true
- --strict-topology=true
- --enable-capacity=true
- --capacity-ownerref-level=1
externalResizer:
enabled: false
externalAttacher:
enabled: false
externalSnapshotter:
enabled: false
csiDriver:
name: local-hostpath.cluster.local
storageCapacity: true
attachRequired: false
fsGroupPolicy: File
storageClasses:
- name: local-hostpath
defaultClass: false
reclaimPolicy: Delete
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
driver:
config:
driver: local-hostpath
local-hostpath:
shareBasePath: &storagePath /var/lib/rancher/k3s/local-hostpath
controllerBasePath: *storagePath
dirPermissionsMode: "0770"
dirPermissionsUser: 0
dirPermissionsGroup: 0
node:
driver:
image: ghcr.io/democratic-csi/democratic-csi:v1.8.4
extraVolumeMounts:
- name: local-hostpath
mountPath: *storagePath
mountPropagation: Bidirectional
extraVolumes:
- name: local-hostpath
hostPath:
path: *storagePath
type: DirectoryOrCreate

2
kubernetes/apps/kube-system/spegel/app/kustomization.yaml → kubernetes/apps/storage/local-path-provisioner/app/kustomization.yaml
View file

@ -3,4 +3,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./helmrelease.yaml - ./helmrelease.yaml

10
kubernetes/apps/kube-system/spegel/ks.yaml → kubernetes/apps/storage/local-path-provisioner/ks.yaml
View file

@ -1,16 +1,16 @@
--- ---
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:
name: &app spegel name: &app local-path-provisioner
namespace: flux-system namespace: flux-system
spec: spec:
targetNamespace: kube-system targetNamespace: storage
commonMetadata: commonMetadata:
labels: labels:
app.kubernetes.io/name: *app app.kubernetes.io/name: *app
path: ./kubernetes/apps/kube-system/spegel/app path: ./kubernetes/apps/storage/local-path-provisioner/app
prune: true prune: true
sourceRef: sourceRef:
kind: GitRepository kind: GitRepository
@ -18,4 +18,4 @@ spec:
wait: false wait: false
interval: 30m interval: 30m
retryInterval: 1m retryInterval: 1m
timeout: 5m timeout: 5m

2
kubernetes/apps/volsync-system/namespace.yaml → kubernetes/apps/storage/namespace.yaml
View file

@ -2,6 +2,6 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: volsync-system name: storage
labels: labels:
kustomize.toolkit.fluxcd.io/prune: disabled kustomize.toolkit.fluxcd.io/prune: disabled

0
kubernetes/apps/volsync-system/snapshot-controller/app/helmrelease.yaml → kubernetes/apps/storage/snapshot-controller/app/helmrelease.yaml
View file

2
kubernetes/apps/volsync-system/snapshot-controller/ks.yaml → kubernetes/apps/storage/snapshot-controller/ks.yaml
View file

@ -10,7 +10,7 @@ spec:
commonMetadata: commonMetadata:
labels: labels:
app.kubernetes.io/name: *app app.kubernetes.io/name: *app
path: ./kubernetes/apps/volsync-system/snapshot-controller/app path: ./kubernetes/apps/storage/snapshot-controller/app
prune: true prune: true
sourceRef: sourceRef:
kind: GitRepository kind: GitRepository

0
kubernetes/apps/volsync-system/volsync/app/helmrelease.yaml → kubernetes/apps/storage/volsync/app/helmrelease.yaml
View file

0
kubernetes/apps/volsync-system/volsync/app/kustomization.yaml → kubernetes/apps/storage/volsync/app/kustomization.yaml
View file

2
kubernetes/apps/volsync-system/volsync/ks.yaml → kubernetes/apps/storage/volsync/ks.yaml
View file

@ -11,7 +11,7 @@ spec:
labels: labels:
app.kubernetes.io/name: *appname app.kubernetes.io/name: *appname
interval: 10m interval: 10m
path: "./kubernetes/apps/volsync-system/volsync/app" path: "./kubernetes/apps/storage/volsync/app"
prune: true prune: true
sourceRef: sourceRef:
kind: GitRepository kind: GitRepository

5
kubernetes/flux/repositories/helm/kustomization.yaml
View file

@ -11,7 +11,7 @@ resources:
- cloudnative-pg.yaml - cloudnative-pg.yaml
- crowdsec.yaml - crowdsec.yaml
- crunchydata.yaml - crunchydata.yaml
# - democratic-csi.yaml - democratic-csi.yaml
- dragonflydb.yaml - dragonflydb.yaml
- elastic.yaml - elastic.yaml
- external-secrets.yaml - external-secrets.yaml
@ -28,10 +28,9 @@ resources:
- kubernetes-sigs-metrics-server.yaml - kubernetes-sigs-metrics-server.yaml
- kubernetes-sigs-external-dns.yaml - kubernetes-sigs-external-dns.yaml
- nvidia.yaml - nvidia.yaml
- openebs.yaml
- piraeus.yaml - piraeus.yaml
- postfinance.yaml - postfinance.yaml
- prometheus-community.yaml - prometheus-community.yaml
- rook-ceph.yaml - rook-ceph.yaml
- stakater.yaml - stakater.yaml
- xenitab.yaml # - weave-gitops.yaml

10
kubernetes/flux/repositories/helm/openebs.yaml
View file

@ -1,10 +0,0 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: openebs
namespace: flux-system
spec:
interval: 2h
url: https://openebs.github.io/charts

11
kubernetes/flux/repositories/helm/xenitab.yaml
View file

@ -1,11 +0,0 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: xenitab
namespace: flux-system
spec:
type: oci
interval: 5m
url: oci://ghcr.io/xenitab/helm-charts

8
kubernetes/templates/volsync/minio.yaml
View file

@ -37,8 +37,8 @@ spec:
pruneIntervalDays: 7 pruneIntervalDays: 7
repository: "${APP}-volsync-secret" repository: "${APP}-volsync-secret"
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}" volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}" cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}" cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-local-hostpath}"
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"] cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}" storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
@ -63,9 +63,9 @@ spec:
repository: "${APP}-volsync-secret" repository: "${APP}-volsync-secret"
copyMethod: Snapshot # must be Snapshot copyMethod: Snapshot # must be Snapshot
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}" volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}" cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-local-hostpath}"
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"] cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}" cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}" storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
capacity: "${VOLSYNC_CAPACITY}" capacity: "${VOLSYNC_CAPACITY}"

4
kubernetes/templates/volsync/r2.yaml
View file

@ -37,8 +37,8 @@ spec:
pruneIntervalDays: 7 pruneIntervalDays: 7
repository: "${APP}-volsync-r2-secret" repository: "${APP}-volsync-r2-secret"
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}" volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}" cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}" cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-local-hostpath}"
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"] cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}" storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]