Update chart ingress-nginx to 4.12.0

.forgejo/workflows/schemas.yaml

@@ -1,138 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
-name: "K8S json Schemas --> Cloudflare R2"
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 0 * * *" # Every day at midnight
-  push:
-    branches: ["main"]
-    paths: [".forgejo/workflows/schemas.yaml"]
-
-jobs:
-  publish:
-    name: Schemas
-    runs-on: ["ubuntu-x86_64"]
-    permissions:
-      contents: read
-      packages: write
-    steps:
-      - name: Checkout
-        uses: https://github.com/actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Setup Workflow Tools
-        shell: bash
-        run: |
-          curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
-          chmod +x kubectl
-          mv kubectl /usr/local/bin/
-
-          curl -LO "https://dl.min.io/client/mc/release/linux-amd64/mc"
-          chmod +x mc
-          mv mc /usr/local/bin/
-
-      - name: Setup Python
-        run: |
-          apt-get update
-          apt-get install -y python3 python3-pip python3-yaml
-          pip3 install --upgrade pip
-
-      - name: Write kubeconfig
-        id: kubeconfig
-        uses: https://github.com/timheuer/base64-to-file@v1
-        with:
-          encodedString: "${{ secrets.KUBECONFIG }}"
-          fileName: kubeconfig
-          fileDir: ${{ env.GITHUB_WORKSPACE }}
-      - name: Write mc
-        id: mcconfig
-        uses: https://github.com/timheuer/base64-to-file@v1
-        with:
-          encodedString: "${{ secrets.MCCONFIG }}"
-          fileName: config.json
-          fileDir: ${{ env.GITHUB_WORKSPACE }}
-
-      - name: Extracting CRDs to yaml and converting to JSON schema
-        env:
-          KUBECONFIG: "${{ steps.kubeconfig.outputs.filePath }}"
-        run: |
-          # kubeconfig
-          echo "kubeconfig location: $KUBECONFIG"
-          # Create temp folder for CRDs
-          TMP_CRD_DIR=$(mktemp -d)
-          echo "Temp directory: $TMP_CRD_DIR"
-
-          # Create final schemas directory
-          SCHEMAS_DIR=$GITHUB_WORKSPACE/crdSchemas
-          mkdir -p $SCHEMAS_DIR
-          echo "Schemas directory: $SCHEMAS_DIR"
-
-          # Create array to store CRD kinds and groups
-          ORGANIZE_BY_GROUP=true
-          declare -A CRD_GROUPS 2>/dev/null
-          if [ $? -ne 0 ]; then
-              # Array creation failed, signal to skip organization by group
-              ORGANIZE_BY_GROUP=false
-          fi
-
-          # Extract CRDs from cluster
-          NUM_OF_CRDS=0
-          while read -r crd
-          do
-              filename=${crd%% *}
-              kubectl get crds "$filename" -o yaml > "$TMP_CRD_DIR/$filename.yaml" 2>&1
-              echo "Extracted CRD: $filename"
-
-              resourceKind=$(grep "kind:" "$TMP_CRD_DIR/$filename.yaml" | awk 'NR==2{print $2}' | tr '[:upper:]' '[:lower:]')
-              resourceGroup=$(grep "group:" "$TMP_CRD_DIR/$filename.yaml" | awk 'NR==1{print $2}')
-
-              # Save name and group for later directory organization
-              CRD_GROUPS["$resourceKind"]="$resourceGroup"
-
-              let ++NUM_OF_CRDS
-          done < <(kubectl get crds 2>&1 | sed -n '/NAME/,$p' | tail -n +2)
-          echo numCRDs: $NUM_OF_CRDS
-
-          # Download converter script
-          curl https://raw.githubusercontent.com/yannh/kubeconform/master/scripts/openapi2jsonschema.py --output $TMP_CRD_DIR/openapi2jsonschema.py 2>/dev/null
-
-          # Convert crds to jsonSchema
-          cd $SCHEMAS_DIR
-          python3 $TMP_CRD_DIR/openapi2jsonschema.py $TMP_CRD_DIR/*.yaml
-          conversionResult=$?
-
-          # Copy and rename files to support kubeval
-          rm -rf $SCHEMAS_DIR/master-standalone
-          mkdir -p $SCHEMAS_DIR/master-standalone
-          cp $SCHEMAS_DIR/*.json $SCHEMAS_DIR/master-standalone
-          find $SCHEMAS_DIR/master-standalone -name '*json' -exec bash -c ' mv -f $0 ${0/\_/-stable-}' {} \;
-
-          # Organize schemas by group
-          if [ $ORGANIZE_BY_GROUP == true ]; then
-              for schema in $SCHEMAS_DIR/*.json
-              do
-              crdFileName=$(basename $schema .json)
-              crdKind=${crdFileName%%_*}
-              crdGroup=${CRD_GROUPS[$crdKind]}
-              if [ -z $crdGroup ]; then
-                  crdGroup="uncategorized"
-                  echo "CRD kind $crdKind has no group, moving to $crdGroup"
-              fi
-              echo making directory $crdGroup
-              mkdir -p $crdGroup
-              mv $schema ./$crdGroup
-              done
-          fi
-
-          rm -rf $TMP_CRD_DIR
-
-      - name: Deploy to Cloudflare R2
-        env:
-          MC_CONFIG_DIR: "${{ steps.mcconfig.outputs.fileDir }}"
-          shell: bash
-        run: |
-          echo $GITHUB_WORKSPACE/crdSchemas/
-          mc cp --recursive $GITHUB_WORKSPACE/crdSchemas/ r2-ks/kubernetes-schema

kubernetes/apps/tailscale/tailscale/cluster/connector.yaml

@@ -0,0 +1,14 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/tailscale.com/connector_v1alpha1.json
+apiVersion: tailscale.com/v1alpha1
+kind: Connector
+metadata:
+  name: connector
+spec:
+  hostname: theshire-connector
+  exitNode: true
+  proxyClass: kernel-org-tun
+  subnetRouter:
+    advertiseRoutes:
+      - "10.5.0.0/16" # load-balancers
+      - "10.4.0.0/16" # services

kubernetes/apps/tailscale/tailscale/cluster/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./connector.yaml
+  - ./proxyclass.yaml

kubernetes/apps/tailscale/tailscale/cluster/proxyclass.yaml

@@ -1,4 +1,5 @@
 ---
+# yaml-language-server: $schema=https://ks.hsn.dev/tailscale.com/proxyclass_v1alpha1.json
 apiVersion: tailscale.com/v1alpha1
 kind: ProxyClass
 metadata:

kubernetes/apps/tailscale/tailscale/operator/externalsecret.yaml

@@ -10,6 +10,15 @@ spec:
     name: onepassword-connect
   target:
     name: k8s-operator-oauth-secret
+    template:
+      engineVersion: v2
+      data:
+        OAUTH_CLIENT_ID: "{{ .k8s_theshire_oauth_clientid }}"
+        OAUTH_CLIENT_SECRET: "{{ .k8s_theshire_oauth_clientsecret }}"
   dataFrom:
     - extract:
-        key: k8s-operator-oauth
+        key: tailscale
+      rewrite:
+        - regexp:
+            source: "[-]"
+            target: "_"

kubernetes/apps/tailscale/tailscale/operator/helmrelease.yaml

@@ -20,6 +20,15 @@ spec:
     crds: CreateReplace
   upgrade:
     crds: CreateReplace
+  valuesFrom:
+    - kind: Secret
+      name: k8s-operator-oauth-secret
+      valuesKey: OAUTH_CLIENT_ID
+      targetPath: oauth.clientId
+    - kind: Secret
+      name: k8s-operator-oauth-secret
+      valuesKey: OAUTH_CLIENT_SECRET
+      targetPath: oauth.clientSecret
   values:
     operatorConfig:
       defaultTags:

kubernetes/apps/tailscale/tailscale/operator/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml