Compare commits
94 commits
renovate/g
...
main
Author | SHA1 | Date | |
---|---|---|---|
82cf626562 | |||
23f4d92e50 | |||
7861e27b6b | |||
2a3e7139fc | |||
c5b36d8ce2 | |||
b48e4a02c2 | |||
0cf1087754 | |||
4214515c6a | |||
acc8c0b920 | |||
5cde98f529 | |||
dde7c66b70 | |||
acf7bc72f0 | |||
302bdd77b2 | |||
cf3cd03a04 | |||
368dfad63f | |||
82eb531702 | |||
867f6a97ea | |||
db791c40c3 | |||
f65c3bb2b6 | |||
0582ccd81d | |||
16b79d9447 | |||
bc7e3294df | |||
68cdf5531e | |||
dbb62d28eb | |||
0bf3a2e727 | |||
362ffcdccc | |||
83e86b4b23 | |||
75a288c381 | |||
5e23e0fddd | |||
857d5f9f25 | |||
be59ac6eb6 | |||
491639f911 | |||
5e8a66dbf9 | |||
af1d0827c1 | |||
11470b3ddd | |||
f0d3933cd0 | |||
21394584fe | |||
eb0eacf99f | |||
94bee873e7 | |||
a567eda576 | |||
d6199e8db2 | |||
4154700932 | |||
279096ea11 | |||
9fed1b350f | |||
e45976ebf1 | |||
19c1d0d618 | |||
5e51ebcb9c | |||
3c8e5baa7b | |||
7cfc65d647 | |||
b0063fe8c4 | |||
9e94135f55 | |||
6abe2b9c4b | |||
fd8eb9cf19 | |||
fbe5c55308 | |||
9a0afa2aa4 | |||
877380899e | |||
93afdb3fe7 | |||
d85993b354 | |||
750b19f1e5 | |||
5f034598a9 | |||
6aea997c48 | |||
c05674b76b | |||
28d581634d | |||
5e8add9c86 | |||
338004fa0a | |||
a7b8662796 | |||
76e7901a2f | |||
4f604ba608 | |||
de94de0b2a | |||
4bc53661ad | |||
f1fdda6bdd | |||
6aaf58e8be | |||
ae41bd8a6e | |||
a894c9932b | |||
134cc34515 | |||
52a4fc077b | |||
5051f5b6f4 | |||
587565c0ed | |||
ba526c130b | |||
c7037694fa | |||
45d91c392d | |||
acba2f290f | |||
aa7119a6e4 | |||
b56314020a | |||
d67ed006ca | |||
d0d86351c1 | |||
1ee483d322 | |||
efb553e50b | |||
487976e388 | |||
7c8802e3bf | |||
e906b8239d | |||
e6b1302167 | |||
4ec7a417e7 | |||
fdc61be74e |
100 changed files with 444 additions and 193 deletions
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
"automerge": true,
|
"automerge": true,
|
||||||
"automergeType": "branch",
|
"automergeType": "branch",
|
||||||
"matchUpdateTypes": ["digest"],
|
"matchUpdateTypes": ["digest"],
|
||||||
"matchPackagePrefixes": ["ghcr.io/onedr0p", "ghcr.io/bjw-s"],
|
"matchPackagePrefixes": ["ghcr.io/onedr0p", "ghcr.io/bjw-s", "ghcr.io/bjw-s-labs"],
|
||||||
"ignoreTests": true
|
"ignoreTests": true
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -35,7 +35,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: docker.io/ollama/ollama
|
repository: docker.io/ollama/ollama
|
||||||
tag: 0.3.12
|
tag: 0.3.13
|
||||||
env:
|
env:
|
||||||
- name: OLLAMA_HOST
|
- name: OLLAMA_HOST
|
||||||
value: 0.0.0.0
|
value: 0.0.0.0
|
||||||
|
|
|
@ -22,7 +22,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -20,5 +20,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -39,7 +39,7 @@ spec:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: crunchy-postgres
|
app.kubernetes.io/name: crunchy-postgres
|
||||||
replicas: &replica 1
|
replicas: &replica 2
|
||||||
dataVolumeClaimSpec:
|
dataVolumeClaimSpec:
|
||||||
storageClassName: openebs-hostpath
|
storageClassName: openebs-hostpath
|
||||||
accessModes:
|
accessModes:
|
||||||
|
|
|
@ -9,7 +9,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: pgo
|
chart: pgo
|
||||||
version: 5.6.1
|
version: 5.7.0
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: crunchydata
|
name: crunchydata
|
||||||
|
|
|
@ -5,7 +5,7 @@ kind: Dragonfly
|
||||||
metadata:
|
metadata:
|
||||||
name: dragonfly
|
name: dragonfly
|
||||||
spec:
|
spec:
|
||||||
image: ghcr.io/dragonflydb/dragonfly:v1.23.2
|
image: ghcr.io/dragonflydb/dragonfly:v1.24.0
|
||||||
replicas: 3
|
replicas: 3
|
||||||
env:
|
env:
|
||||||
- name: MAX_MEMORY
|
- name: MAX_MEMORY
|
||||||
|
|
|
@ -19,7 +19,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
@ -42,5 +41,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -44,17 +44,17 @@ spec:
|
||||||
{
|
{
|
||||||
"user_id": "tasmota",
|
"user_id": "tasmota",
|
||||||
"password": "{{ .x_emqx_tasmota_password }}",
|
"password": "{{ .x_emqx_tasmota_password }}",
|
||||||
"is_superuser": true # Until I can figure out authorization in emqx
|
"is_superuser": true
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"user_id": "zwave",
|
"user_id": "zwave",
|
||||||
"password": "{{ .x_emqx_homeassistant_password }}",
|
"password": "{{ .x_emqx_homeassistant_password }}",
|
||||||
"is_superuser": true # Until I can figure out authorization in emqx
|
"is_superuser": true
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"user_id": "zwave",
|
"user_id": "zwave",
|
||||||
"password": "{{ .x_emqx_zwave_password }}",
|
"password": "{{ .x_emqx_zwave_password }}",
|
||||||
"is_superuser": true # Until I can figure out authorization in emqx
|
"is_superuser": true
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: emqx-operator
|
chart: emqx-operator
|
||||||
version: 2.2.24
|
version: 2.2.25
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: emqx
|
name: emqx
|
||||||
|
|
|
@ -5,7 +5,7 @@ kind: EMQX
|
||||||
metadata:
|
metadata:
|
||||||
name: emqx
|
name: emqx
|
||||||
spec:
|
spec:
|
||||||
image: public.ecr.aws/emqx/emqx:5.8.0
|
image: public.ecr.aws/emqx/emqx:5.8.1
|
||||||
config:
|
config:
|
||||||
mode: Merge
|
mode: Merge
|
||||||
coreTemplate:
|
coreTemplate:
|
||||||
|
|
|
@ -19,7 +19,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
@ -42,5 +41,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -17,7 +17,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -36,7 +36,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/onedr0p/home-assistant
|
repository: ghcr.io/onedr0p/home-assistant
|
||||||
tag: 2024.10.1@sha256:04614835418d2bdacd64685b516e58e7c5446f72485d446e7635282ba1a06c43
|
tag: 2024.10.2@sha256:65cdf4722e85785a67842810e1c747e42aca4650262a3eb9649ccab3246fc5d3
|
||||||
env:
|
env:
|
||||||
TZ: America/Chicago
|
TZ: America/Chicago
|
||||||
envFrom:
|
envFrom:
|
||||||
|
|
|
@ -19,7 +19,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -17,7 +17,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false # no flux ks dependents
|
wait: false # no flux ks dependents
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -22,6 +22,7 @@ resources:
|
||||||
- ./recyclarr/ks.yaml
|
- ./recyclarr/ks.yaml
|
||||||
- ./redlib/ks.yaml
|
- ./redlib/ks.yaml
|
||||||
- ./sabnzbd/ks.yaml
|
- ./sabnzbd/ks.yaml
|
||||||
|
- ./scrypted/ks.yaml
|
||||||
- ./searxng/ks.yaml
|
- ./searxng/ks.yaml
|
||||||
- ./sonarr/ks.yaml
|
- ./sonarr/ks.yaml
|
||||||
- ./tautulli/ks.yaml
|
- ./tautulli/ks.yaml
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ../../../../templates/gatus/internal
|
|
||||||
- ../../../../templates/volsync
|
|
||||||
- ./externalsecret.yaml
|
- ./externalsecret.yaml
|
||||||
- ./helmrelease.yaml
|
- ./helmrelease.yaml
|
||||||
|
- ../../../../templates/gatus/internal
|
||||||
|
- ../../../../templates/volsync
|
||||||
|
|
|
@ -22,7 +22,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false # no flux ks dependents
|
wait: false # no flux ks dependents
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -5,4 +5,4 @@ kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./helmrelease.yaml
|
- ./helmrelease.yaml
|
||||||
- ../../../../templates/volsync
|
- ../../../../templates/volsync
|
||||||
# - ../../../../templates/gatus/internal
|
- ../../../../templates/gatus/internal
|
||||||
|
|
|
@ -19,7 +19,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
- name: volsync
|
- name: volsync
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -18,6 +18,11 @@ spec:
|
||||||
values:
|
values:
|
||||||
defaultPodOptions:
|
defaultPodOptions:
|
||||||
automountServiceAccountToken: false
|
automountServiceAccountToken: false
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
|
fsGroup: 1000
|
||||||
|
fsGroupChangePolicy: "OnRootMismatch"
|
||||||
|
|
||||||
controllers:
|
controllers:
|
||||||
backend:
|
backend:
|
||||||
|
@ -25,13 +30,6 @@ spec:
|
||||||
annotations:
|
annotations:
|
||||||
secret.reloader.stakater.com/reload: piped-secret
|
secret.reloader.stakater.com/reload: piped-secret
|
||||||
|
|
||||||
pod:
|
|
||||||
securityContext:
|
|
||||||
runAsUser: 1000
|
|
||||||
runAsGroup: 1000
|
|
||||||
fsGroup: 1000
|
|
||||||
fsGroupChangePolicy: "OnRootMismatch"
|
|
||||||
|
|
||||||
containers:
|
containers:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
|
@ -58,21 +56,13 @@ spec:
|
||||||
|
|
||||||
frontend:
|
frontend:
|
||||||
strategy: RollingUpdate
|
strategy: RollingUpdate
|
||||||
pod:
|
|
||||||
securityContext:
|
|
||||||
runAsUser: 101
|
|
||||||
runAsGroup: 101
|
|
||||||
fsGroup: 101
|
|
||||||
fsGroupChangePolicy: "OnRootMismatch"
|
|
||||||
|
|
||||||
containers:
|
containers:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/bjw-s-labs/piped-frontend
|
repository: ghcr.io/bjw-s-labs/piped-frontend
|
||||||
tag: latest@sha256:c4cb0cfbdf149cdb738fb9e41a5cc748a7ea53053f4c5e036b9f7578d9273328
|
tag: 2024.10.17@sha256:2d11886aef42a280e6ee924126882f7bb3593d87f0b27f8d035067cbc29c8edb
|
||||||
env:
|
env:
|
||||||
HTTP_PORT: 8080
|
|
||||||
HTTP_WORKERS: 4
|
|
||||||
BACKEND_HOSTNAME: piped-api.hsn.dev
|
BACKEND_HOSTNAME: piped-api.hsn.dev
|
||||||
probes:
|
probes:
|
||||||
liveness:
|
liveness:
|
||||||
|
@ -87,21 +77,19 @@ spec:
|
||||||
memory: 256Mi
|
memory: 256Mi
|
||||||
securityContext:
|
securityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
|
||||||
ytproxy:
|
ytproxy:
|
||||||
strategy: RollingUpdate
|
strategy: RollingUpdate
|
||||||
pod:
|
|
||||||
securityContext:
|
|
||||||
runAsUser: 1000
|
|
||||||
runAsGroup: 1000
|
|
||||||
fsGroup: 1000
|
|
||||||
fsGroupChangePolicy: "OnRootMismatch"
|
|
||||||
|
|
||||||
containers:
|
containers:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: 1337kavin/piped-proxy
|
repository: 1337kavin/piped-proxy
|
||||||
tag: latest@sha256:9872edd2c47c9c33dfa44c334e4cef4e2c6ec91638eb2dcf6ca36b7b3037fd59
|
tag: latest@sha256:5d069df4b959eb544eb62d966d11eb2a1e785abcb7e1716a8143e9f02ddfcba7
|
||||||
command:
|
command:
|
||||||
- /app/piped-proxy
|
- /app/piped-proxy
|
||||||
probes:
|
probes:
|
||||||
|
|
|
@ -19,7 +19,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -31,7 +31,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/onedr0p/prowlarr-develop
|
repository: ghcr.io/onedr0p/prowlarr-develop
|
||||||
tag: 1.25.1.4770@sha256:8b59eb7f9e5321b702bdacae3468b63d71720091ba3b0e9dfaca686a7705d2b8
|
tag: 1.25.2.4794@sha256:4ff88b9911a9d8232bc1a0065b9423ea631c591c5fe0959effb3b1c093ef4930
|
||||||
env:
|
env:
|
||||||
# Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
|
# Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
|
||||||
# Ref: https://github.com/dotnet/runtime/issues/9336
|
# Ref: https://github.com/dotnet/runtime/issues/9336
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -31,7 +31,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/onedr0p/radarr-develop
|
repository: ghcr.io/onedr0p/radarr-develop
|
||||||
tag: 5.12.0.9255
|
tag: 5.12.2.9335
|
||||||
env:
|
env:
|
||||||
RADARR__APP__INSTANCENAME: Radarr
|
RADARR__APP__INSTANCENAME: Radarr
|
||||||
RADARR__APP__THEME: dark
|
RADARR__APP__THEME: dark
|
||||||
|
|
|
@ -22,7 +22,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -38,7 +38,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: quay.io/redlib/redlib
|
repository: quay.io/redlib/redlib
|
||||||
tag: latest@sha256:e61e2535518e0b574f92642612f33f6fbee1aa22b2ff36ee740e26a025bb0039
|
tag: latest@sha256:f07a1531d520121e1260bfd9d4b3dbadb26a8ad20a8a7b8639723907160839e4
|
||||||
env:
|
env:
|
||||||
REDLIB_DEFAULT_SHOW_NSFW: on
|
REDLIB_DEFAULT_SHOW_NSFW: on
|
||||||
REDLIB_DEFAULT_WIDE: on
|
REDLIB_DEFAULT_WIDE: on
|
||||||
|
|
|
@ -19,7 +19,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -21,7 +21,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
120
kubernetes/apps/default/scrypted/app/helmrelease.yaml
Normal file
120
kubernetes/apps/default/scrypted/app/helmrelease.yaml
Normal file
|
@ -0,0 +1,120 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: &app scrypted
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 3.5.1
|
||||||
|
interval: 30m
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjw-s
|
||||||
|
namespace: flux-system
|
||||||
|
|
||||||
|
values:
|
||||||
|
controllers:
|
||||||
|
scrypted:
|
||||||
|
annotations:
|
||||||
|
reloader.stakater.com/auto: "true"
|
||||||
|
pod:
|
||||||
|
nodeSelector:
|
||||||
|
google.feature.node.kubernetes.io/coral: "true"
|
||||||
|
nvidia.com/gpu.present: "true"
|
||||||
|
securityContext:
|
||||||
|
supplementalGroups:
|
||||||
|
- 568
|
||||||
|
containers:
|
||||||
|
app:
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/koush/scrypted
|
||||||
|
tag: v0.121.0-jammy-nvidia
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: true
|
||||||
|
readiness:
|
||||||
|
enabled: true
|
||||||
|
startup:
|
||||||
|
enabled: true
|
||||||
|
spec:
|
||||||
|
failureThreshold: 30
|
||||||
|
periodSeconds: 5
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 136m
|
||||||
|
memory: 1024Mi
|
||||||
|
limits:
|
||||||
|
nvidia.com/gpu: 1
|
||||||
|
memory: 8192Mi
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
service:
|
||||||
|
app:
|
||||||
|
controller: *app
|
||||||
|
type: LoadBalancer
|
||||||
|
annotations:
|
||||||
|
io.cilium/lb-ipam-ips: 10.1.1.33
|
||||||
|
nameOverride: *app
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: 11080
|
||||||
|
primary: true
|
||||||
|
rebroadcast1: # driveway
|
||||||
|
port: 39655
|
||||||
|
rebroadcast2: # sideyard
|
||||||
|
port: 46561
|
||||||
|
rebroadcast3: # doorbell
|
||||||
|
port: 44759
|
||||||
|
homekit: # homekit
|
||||||
|
port: 42010
|
||||||
|
homekit-bridge: # bridge
|
||||||
|
port: 33961
|
||||||
|
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
app:
|
||||||
|
className: "internal-nginx"
|
||||||
|
annotations:
|
||||||
|
hosts:
|
||||||
|
- host: &host scrypted.jahanson.tech
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
service:
|
||||||
|
identifier: app
|
||||||
|
port: http
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
existingClaim: scrypted
|
||||||
|
advancedMounts:
|
||||||
|
scrypted:
|
||||||
|
app:
|
||||||
|
- path: /server/volume
|
||||||
|
cache:
|
||||||
|
type: emptyDir
|
||||||
|
globalMounts:
|
||||||
|
- path: /.cache
|
||||||
|
cache-npm:
|
||||||
|
type: emptyDir
|
||||||
|
globalMounts:
|
||||||
|
- path: /.npm
|
||||||
|
dev-bus-usb:
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /dev/bus/usb
|
||||||
|
hostPathType: Directory
|
||||||
|
sys-bus-usb:
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /sys/bus/usb
|
||||||
|
hostPathType: Directory
|
||||||
|
recordings:
|
||||||
|
type: nfs
|
||||||
|
server: shadowfax.jahanson.tech
|
||||||
|
path: /nahar/scrypted
|
||||||
|
globalMounts:
|
||||||
|
- path: /recordings
|
7
kubernetes/apps/default/scrypted/app/kustomization.yaml
Normal file
7
kubernetes/apps/default/scrypted/app/kustomization.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ./helmrelease.yaml
|
||||||
|
- ../../../../templates/volsync
|
30
kubernetes/apps/default/scrypted/ks.yaml
Normal file
30
kubernetes/apps/default/scrypted/ks.yaml
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: &appname scrypted
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
targetNamespace: default
|
||||||
|
commonMetadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: *appname
|
||||||
|
interval: 30m
|
||||||
|
timeout: 5m
|
||||||
|
path: "./kubernetes/apps/default/scrypted/app"
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: theshire
|
||||||
|
wait: false
|
||||||
|
dependsOn:
|
||||||
|
- name: rook-ceph-cluster
|
||||||
|
- name: volsync
|
||||||
|
- name: external-secrets-stores
|
||||||
|
postBuild:
|
||||||
|
substitute:
|
||||||
|
APP: *appname
|
||||||
|
APP_UID: "0"
|
||||||
|
APP_GID: "0"
|
||||||
|
VOLSYNC_CAPACITY: 5Gi
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -22,7 +22,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -31,7 +31,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/tautulli/tautulli
|
repository: ghcr.io/tautulli/tautulli
|
||||||
tag: v2.14.5@sha256:6017b491d8e9100a97391b639fff5824ad36a315c69aae3c9ed78407994a626e
|
tag: v2.14.6@sha256:f54d2d3a78780c765cd7a10b882474909f50247b5d2d118badaa9c035421effd
|
||||||
env:
|
env:
|
||||||
TZ: America/Chicago
|
TZ: America/Chicago
|
||||||
command: ["/usr/local/bin/python", "Tautulli.py"]
|
command: ["/usr/local/bin/python", "Tautulli.py"]
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
- name: volsync
|
- name: volsync
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -19,5 +19,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -36,7 +36,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/zwave-js/zwave-js-ui
|
repository: ghcr.io/zwave-js/zwave-js-ui
|
||||||
tag: 9.21.1@sha256:a28eaf01060dbe2fa30045d6b2ac6a31bc34efbebb7aa7d19787929929aea16a
|
tag: 9.24.0@sha256:ed648be6b058c6aa74abca1868c3ac48cb82b06b22ef0ef4f7ba66dd9d331bfc
|
||||||
env:
|
env:
|
||||||
TZ: America/Chicago
|
TZ: America/Chicago
|
||||||
PORT: &port 80
|
PORT: &port 80
|
||||||
|
|
|
@ -17,7 +17,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -10,7 +10,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: cilium
|
chart: cilium
|
||||||
version: 1.16.2
|
version: 1.16.3
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: cilium
|
name: cilium
|
||||||
|
|
|
@ -7,7 +7,8 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
loadBalancerIPs: true
|
loadBalancerIPs: true
|
||||||
# interfaces: ["^enp.*|^eth.*|^ens.*|^eno.*"]
|
# interfaces: ["^enp.*|^eth.*|^ens.*|^eno.*"]
|
||||||
interfaces: ["^eno+|^enp+"]
|
interfaces: ["^eno+|^enp+|^bond+"]
|
||||||
|
# interfaces: ["^bond+"]
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
kubernetes.io/os: linux
|
kubernetes.io/os: linux
|
||||||
|
|
|
@ -17,7 +17,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
@ -40,5 +39,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -17,5 +17,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -17,5 +17,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -9,7 +9,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: kubelet-csr-approver
|
chart: kubelet-csr-approver
|
||||||
version: 1.2.2
|
version: 1.2.3
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: postfinance
|
name: postfinance
|
||||||
|
|
|
@ -17,5 +17,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -10,7 +10,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: node-feature-discovery
|
chart: node-feature-discovery
|
||||||
version: 0.16.4
|
version: 0.16.5
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: kubernetes-sigs-nfd
|
name: kubernetes-sigs-nfd
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json
|
||||||
|
apiVersion: nfd.k8s-sigs.io/v1alpha1
|
||||||
|
kind: NodeFeatureRule
|
||||||
|
metadata:
|
||||||
|
name: google-coral-device
|
||||||
|
spec:
|
||||||
|
rules:
|
||||||
|
- # Google Coral USB Accelerator
|
||||||
|
name: google.coral
|
||||||
|
labels:
|
||||||
|
google.feature.node.kubernetes.io/coral: "true"
|
||||||
|
matchFeatures:
|
||||||
|
- feature: usb.device
|
||||||
|
matchExpressions:
|
||||||
|
vendor: {op: In, value: ["1a6e", "18d1"]}
|
|
@ -1,5 +1,5 @@
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json
|
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json
|
||||||
apiVersion: nfd.k8s-sigs.io/v1alpha1
|
apiVersion: nfd.k8s-sigs.io/v1alpha1
|
||||||
kind: NodeFeatureRule
|
kind: NodeFeatureRule
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -4,13 +4,13 @@ metadata:
|
||||||
name: rocky-nenya
|
name: rocky-nenya
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
spec:
|
spec:
|
||||||
# nodeName: nenya
|
nodeName: shadowfax-01
|
||||||
containers:
|
containers:
|
||||||
- name: rocky
|
- name: rocky
|
||||||
image: rockylinux:9
|
image: rockylinux:9
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
command: ["/bin/bash", "-c", "while true; do sleep 10; done"]
|
command: ["/bin/bash", "-c", "dnf install -y iputils dnsutils && while true; do sleep 10; done"]
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 100m
|
cpu: 100m
|
||||||
|
|
|
@ -9,7 +9,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: spegel
|
chart: spegel
|
||||||
version: v0.0.26
|
version: v0.0.27
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: spegel-org
|
name: spegel-org
|
||||||
|
|
|
@ -17,5 +17,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -66,6 +66,7 @@ spec:
|
||||||
- ""
|
- ""
|
||||||
resources:
|
resources:
|
||||||
- pods
|
- pods
|
||||||
|
- nodes
|
||||||
verbs:
|
verbs:
|
||||||
- create
|
- create
|
||||||
- update
|
- update
|
||||||
|
@ -78,3 +79,114 @@ spec:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/instance: kyverno
|
app.kubernetes.io/instance: kyverno
|
||||||
app.kubernetes.io/component: kyverno
|
app.kubernetes.io/component: kyverno
|
||||||
|
config:
|
||||||
|
# -- Resource types to be skipped by the Kyverno policy engine.
|
||||||
|
# Make sure to surround each entry in quotes so that it doesn't get parsed as a nested YAML list.
|
||||||
|
# These are joined together without spaces, run through `tpl`, and the result is set in the config map.
|
||||||
|
# @default -- See [values.yaml](https://github.com/kyverno/kyverno/blob/ed1906a0dc281c2aeb9b7046b843708825310330/charts/kyverno/values.yaml#L207C3-L316C1)
|
||||||
|
resourceFilters:
|
||||||
|
- '[Event,*,*]'
|
||||||
|
- '[*/*,kube-system,*]'
|
||||||
|
- '[*/*,kube-public,*]'
|
||||||
|
- '[*/*,kube-node-lease,*]'
|
||||||
|
- '[Node,*,*]'
|
||||||
|
- '[Node/*,*,*]'
|
||||||
|
- '[APIService,*,*]'
|
||||||
|
- '[APIService/*,*,*]'
|
||||||
|
- '[TokenReview,*,*]'
|
||||||
|
- '[SubjectAccessReview,*,*]'
|
||||||
|
- '[SelfSubjectAccessReview,*,*]'
|
||||||
|
# remove the following to allow for schematic-to-pod.yaml to work
|
||||||
|
# - '[Binding,*,*]'
|
||||||
|
# - '[Pod/binding,*,*]'
|
||||||
|
- '[ReplicaSet,*,*]'
|
||||||
|
- '[ReplicaSet/*,*,*]'
|
||||||
|
- '[EphemeralReport,*,*]'
|
||||||
|
- '[ClusterEphemeralReport,*,*]'
|
||||||
|
# exclude resources from the chart
|
||||||
|
- '[ClusterRole,*,{{ template "kyverno.admission-controller.roleName" . }}]'
|
||||||
|
- '[ClusterRole,*,{{ template "kyverno.admission-controller.roleName" . }}:core]'
|
||||||
|
- '[ClusterRole,*,{{ template "kyverno.admission-controller.roleName" . }}:additional]'
|
||||||
|
- '[ClusterRole,*,{{ template "kyverno.background-controller.roleName" . }}]'
|
||||||
|
- '[ClusterRole,*,{{ template "kyverno.background-controller.roleName" . }}:core]'
|
||||||
|
- '[ClusterRole,*,{{ template "kyverno.background-controller.roleName" . }}:additional]'
|
||||||
|
- '[ClusterRole,*,{{ template "kyverno.cleanup-controller.roleName" . }}]'
|
||||||
|
- '[ClusterRole,*,{{ template "kyverno.cleanup-controller.roleName" . }}:core]'
|
||||||
|
- '[ClusterRole,*,{{ template "kyverno.cleanup-controller.roleName" . }}:additional]'
|
||||||
|
- '[ClusterRole,*,{{ template "kyverno.reports-controller.roleName" . }}]'
|
||||||
|
- '[ClusterRole,*,{{ template "kyverno.reports-controller.roleName" . }}:core]'
|
||||||
|
- '[ClusterRole,*,{{ template "kyverno.reports-controller.roleName" . }}:additional]'
|
||||||
|
- '[ClusterRoleBinding,*,{{ template "kyverno.admission-controller.roleName" . }}]'
|
||||||
|
- '[ClusterRoleBinding,*,{{ template "kyverno.background-controller.roleName" . }}]'
|
||||||
|
- '[ClusterRoleBinding,*,{{ template "kyverno.cleanup-controller.roleName" . }}]'
|
||||||
|
- '[ClusterRoleBinding,*,{{ template "kyverno.reports-controller.roleName" . }}]'
|
||||||
|
- '[ServiceAccount,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceAccountName" . }}]'
|
||||||
|
- '[ServiceAccount/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceAccountName" . }}]'
|
||||||
|
- '[ServiceAccount,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.serviceAccountName" . }}]'
|
||||||
|
- '[ServiceAccount/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.serviceAccountName" . }}]'
|
||||||
|
- '[ServiceAccount,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.serviceAccountName" . }}]'
|
||||||
|
- '[ServiceAccount/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.serviceAccountName" . }}]'
|
||||||
|
- '[ServiceAccount,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.serviceAccountName" . }}]'
|
||||||
|
- '[ServiceAccount/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.serviceAccountName" . }}]'
|
||||||
|
- '[Role,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.roleName" . }}]'
|
||||||
|
- '[Role,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.roleName" . }}]'
|
||||||
|
- '[Role,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.roleName" . }}]'
|
||||||
|
- '[Role,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.roleName" . }}]'
|
||||||
|
- '[RoleBinding,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.roleName" . }}]'
|
||||||
|
- '[RoleBinding,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.roleName" . }}]'
|
||||||
|
- '[RoleBinding,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.roleName" . }}]'
|
||||||
|
- '[RoleBinding,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.roleName" . }}]'
|
||||||
|
- '[ConfigMap,{{ include "kyverno.namespace" . }},{{ template "kyverno.config.configMapName" . }}]'
|
||||||
|
- '[ConfigMap,{{ include "kyverno.namespace" . }},{{ template "kyverno.config.metricsConfigMapName" . }}]'
|
||||||
|
- '[Deployment,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
|
||||||
|
- '[Deployment/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
|
||||||
|
- '[Deployment,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
|
||||||
|
- '[Deployment/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
|
||||||
|
- '[Deployment,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
||||||
|
- '[Deployment/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
||||||
|
- '[Deployment,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
|
||||||
|
- '[Deployment/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
|
||||||
|
- '[Pod,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}-*]'
|
||||||
|
- '[Pod/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}-*]'
|
||||||
|
- '[Pod,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}-*]'
|
||||||
|
- '[Pod/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}-*]'
|
||||||
|
- '[Pod,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}-*]'
|
||||||
|
- '[Pod/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}-*]'
|
||||||
|
- '[Pod,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}-*]'
|
||||||
|
- '[Pod/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}-*]'
|
||||||
|
- '[Job,{{ include "kyverno.namespace" . }},{{ template "kyverno.fullname" . }}-hook-pre-delete]'
|
||||||
|
- '[Job/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.fullname" . }}-hook-pre-delete]'
|
||||||
|
- '[NetworkPolicy,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
|
||||||
|
- '[NetworkPolicy/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
|
||||||
|
- '[NetworkPolicy,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
|
||||||
|
- '[NetworkPolicy/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
|
||||||
|
- '[NetworkPolicy,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
||||||
|
- '[NetworkPolicy/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
||||||
|
- '[NetworkPolicy,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
|
||||||
|
- '[NetworkPolicy/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
|
||||||
|
- '[PodDisruptionBudget,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
|
||||||
|
- '[PodDisruptionBudget/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.name" . }}]'
|
||||||
|
- '[PodDisruptionBudget,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
|
||||||
|
- '[PodDisruptionBudget/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}]'
|
||||||
|
- '[PodDisruptionBudget,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
||||||
|
- '[PodDisruptionBudget/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
||||||
|
- '[PodDisruptionBudget,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
|
||||||
|
- '[PodDisruptionBudget/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}]'
|
||||||
|
- '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}]'
|
||||||
|
- '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}]'
|
||||||
|
- '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}-metrics]'
|
||||||
|
- '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}-metrics]'
|
||||||
|
- '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}-metrics]'
|
||||||
|
- '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.background-controller.name" . }}-metrics]'
|
||||||
|
- '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
||||||
|
- '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
||||||
|
- '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}-metrics]'
|
||||||
|
- '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}-metrics]'
|
||||||
|
- '[Service,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}-metrics]'
|
||||||
|
- '[Service/*,{{ include "kyverno.namespace" . }},{{ template "kyverno.reports-controller.name" . }}-metrics]'
|
||||||
|
- '[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template "kyverno.namespace" . }}{{ end }},{{ template "kyverno.admission-controller.name" . }}]'
|
||||||
|
- '[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template "kyverno.namespace" . }}{{ end }},{{ template "kyverno.background-controller.name" . }}]'
|
||||||
|
- '[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template "kyverno.namespace" . }}{{ end }},{{ template "kyverno.cleanup-controller.name" . }}]'
|
||||||
|
- '[ServiceMonitor,{{ if .Values.admissionController.serviceMonitor.namespace }}{{ .Values.admissionController.serviceMonitor.namespace }}{{ else }}{{ template "kyverno.namespace" . }}{{ end }},{{ template "kyverno.reports-controller.name" . }}]'
|
||||||
|
- '[Secret,{{ include "kyverno.namespace" . }},{{ template "kyverno.admission-controller.serviceName" . }}.{{ template "kyverno.namespace" . }}.svc.*]'
|
||||||
|
- '[Secret,{{ include "kyverno.namespace" . }},{{ template "kyverno.cleanup-controller.name" . }}.{{ template "kyverno.namespace" . }}.svc.*]'
|
||||||
|
|
|
@ -13,7 +13,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||||
|
@ -32,5 +31,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -36,7 +36,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: docker.io/cloudflare/cloudflared
|
repository: docker.io/cloudflare/cloudflared
|
||||||
tag: 2024.9.1@sha256:0b88e00d8f93f9d18197f11506f0f6bf0d9266b5a0361c068930a3fe45b68b72
|
tag: 2024.10.0@sha256:060f16531b1ed6dcb382cd2b35d1a845f8dbcb445003b9ec48eef0078cb08bf4
|
||||||
env:
|
env:
|
||||||
NO_AUTOUPDATE: "true"
|
NO_AUTOUPDATE: "true"
|
||||||
TUNNEL_CRED_FILE: /etc/cloudflared/creds/credentials.json
|
TUNNEL_CRED_FILE: /etc/cloudflared/creds/credentials.json
|
||||||
|
|
|
@ -22,5 +22,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -9,7 +9,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: ingress-nginx
|
chart: ingress-nginx
|
||||||
version: 4.11.2
|
version: 4.11.3
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: ingress-nginx
|
name: ingress-nginx
|
||||||
|
|
|
@ -10,7 +10,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: ingress-nginx
|
chart: ingress-nginx
|
||||||
version: 4.11.2
|
version: 4.11.3
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: ingress-nginx
|
name: ingress-nginx
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -21,3 +21,24 @@ spec:
|
||||||
dependsOn:
|
dependsOn:
|
||||||
- name: external-secrets-stores
|
- name: external-secrets-stores
|
||||||
- name: rook-ceph-cluster
|
- name: rook-ceph-cluster
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: &app alertmanager-silencer
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
targetNamespace: observability
|
||||||
|
commonMetadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: *app
|
||||||
|
path: "./kubernetes/apps/observability/alertmanager/silencer"
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: theshire
|
||||||
|
wait: false
|
||||||
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
|
timeout: 5m
|
||||||
|
|
|
@ -0,0 +1,57 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: alertmanager-silencer
|
||||||
|
spec:
|
||||||
|
interval: 30m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 3.5.1
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjw-s
|
||||||
|
namespace: flux-system
|
||||||
|
install:
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
upgrade:
|
||||||
|
cleanupOnFail: true
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
strategy: rollback
|
||||||
|
dependsOn:
|
||||||
|
- name: alertmanager
|
||||||
|
namespace: observability
|
||||||
|
values:
|
||||||
|
controllers:
|
||||||
|
alertmanager-silencer:
|
||||||
|
type: cronjob
|
||||||
|
cronjob:
|
||||||
|
schedule: "@daily"
|
||||||
|
containers:
|
||||||
|
app:
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/onedr0p/kubanetics
|
||||||
|
tag: 2024.10.6
|
||||||
|
env:
|
||||||
|
SCRIPT_NAME: alertmanager-silencer.sh
|
||||||
|
ALERTMANAGER_URL: http://alertmanager.observability.svc.cluster.local:9093
|
||||||
|
MATCHERS_0: alertname=CephPGImbalance job=rook-ceph-exporter
|
||||||
|
MATCHERS_1: alertname=CephMonClockSkew job=rook-ceph-mgr
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
capabilities: { drop: ["ALL"] }
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 25m
|
||||||
|
limits:
|
||||||
|
memory: 128Mi
|
||||||
|
pod:
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 568
|
||||||
|
runAsGroup: 568
|
||||||
|
runAsNonRoot: true
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ./helmrelease.yaml
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -35,16 +35,6 @@ endpoints:
|
||||||
- "[STATUS] == 200"
|
- "[STATUS] == 200"
|
||||||
alerts:
|
alerts:
|
||||||
- type: pushover
|
- type: pushover
|
||||||
# - name: Umami
|
|
||||||
# group: external
|
|
||||||
# url: https://umi.hsn.dev/script.js
|
|
||||||
# interval: 1m
|
|
||||||
# client:
|
|
||||||
# dns-resolver: tcp://1.1.1.1:53
|
|
||||||
# conditions:
|
|
||||||
# - "[STATUS] == 200"
|
|
||||||
# alerts:
|
|
||||||
# - type: pushover
|
|
||||||
- name: Nextcloud External
|
- name: Nextcloud External
|
||||||
group: external
|
group: external
|
||||||
url: https://nc.hsn.dev
|
url: https://nc.hsn.dev
|
||||||
|
@ -78,16 +68,6 @@ endpoints:
|
||||||
- "[STATUS] == 200"
|
- "[STATUS] == 200"
|
||||||
alerts:
|
alerts:
|
||||||
- type: pushover
|
- type: pushover
|
||||||
- name: Gollum
|
|
||||||
group: internal
|
|
||||||
url: http://gollum.jahanson.tech
|
|
||||||
interval: 1m
|
|
||||||
client:
|
|
||||||
dns-resolver: tcp://10.1.1.1:53
|
|
||||||
conditions:
|
|
||||||
- "[STATUS] == 200"
|
|
||||||
alerts:
|
|
||||||
- type: pushover
|
|
||||||
- name: Nextcloud Internal
|
- name: Nextcloud Internal
|
||||||
group: internal
|
group: internal
|
||||||
url: https://nc.hsn.dev
|
url: https://nc.hsn.dev
|
||||||
|
@ -101,34 +81,3 @@ endpoints:
|
||||||
- "[STATUS] == 200"
|
- "[STATUS] == 200"
|
||||||
alerts:
|
alerts:
|
||||||
- type: pushover
|
- type: pushover
|
||||||
### No clue why icmp is not working.
|
|
||||||
# - name: Shadowfax
|
|
||||||
# group: internal
|
|
||||||
# url: icmp://shadowfax.jahanson.tech
|
|
||||||
# interval: 1m
|
|
||||||
# client:
|
|
||||||
# dns-resolver: tcp://10.1.1.1:53
|
|
||||||
# conditions:
|
|
||||||
# - "[CONNECTED] == true"
|
|
||||||
# alerts:
|
|
||||||
# - type: pushover
|
|
||||||
# - name: Gandalf
|
|
||||||
# group: internal
|
|
||||||
# url: icmp://gandalf.jahanson.tech
|
|
||||||
# interval: 1m
|
|
||||||
# client:
|
|
||||||
# dns-resolver: tcp://10.1.1.1:53
|
|
||||||
# conditions:
|
|
||||||
# - "[CONNECTED] == true"
|
|
||||||
# alerts:
|
|
||||||
# - type: pushover
|
|
||||||
# - name: Home Assistant
|
|
||||||
# group: internal
|
|
||||||
# url: icmp://hass.jahanson.tech
|
|
||||||
# interval: 1m
|
|
||||||
# client:
|
|
||||||
# dns-resolver: tcp://10.1.1.1:53
|
|
||||||
# conditions:
|
|
||||||
# - "[CONNECTED] == true"
|
|
||||||
# alerts:
|
|
||||||
# - type: pushover
|
|
||||||
|
|
|
@ -20,7 +20,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -17,5 +17,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -17,7 +17,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: true
|
wait: true
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
@ -40,4 +39,3 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
|
|
|
@ -17,5 +17,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -35,7 +35,7 @@ spec:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/cross-seed/cross-seed
|
repository: ghcr.io/cross-seed/cross-seed
|
||||||
tag: 6.0.0-39@sha256:d871f4204840cb67fec4d417bd4cc5b3fe42abd98aa0f3304b309e410c02f40b
|
tag: 6.0.0-42@sha256:d8828453010135f7b38e30bdda2965b3399c07d6e78efa22cbdaf7d3c6f6d43d
|
||||||
env:
|
env:
|
||||||
TZ: America/Chicago
|
TZ: America/Chicago
|
||||||
args: ["daemon"]
|
args: ["daemon"]
|
||||||
|
|
|
@ -19,7 +19,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -22,7 +22,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute:
|
substitute:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -47,5 +47,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -39,7 +39,7 @@ spec:
|
||||||
tagging: &container
|
tagging: &container
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/buroa/qbtools
|
repository: ghcr.io/buroa/qbtools
|
||||||
tag: v0.19.2@sha256:98b84b4b0e1e5f4fcff3cd2e6b5c5fe2168d415bccd38169dc80b161139c955f
|
tag: v0.19.3@sha256:ac16aa76a78d3ece395f3e037defaf48328f73f4f83afc9c772bf814b9ded56e
|
||||||
env:
|
env:
|
||||||
TZ: *timeZone
|
TZ: *timeZone
|
||||||
POD_NAMESPACE:
|
POD_NAMESPACE:
|
||||||
|
|
|
@ -10,7 +10,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: rook-ceph
|
chart: rook-ceph
|
||||||
version: v1.15.3
|
version: v1.15.4
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: rook-ceph
|
name: rook-ceph
|
||||||
|
|
|
@ -10,7 +10,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: rook-ceph-cluster
|
chart: rook-ceph-cluster
|
||||||
version: v1.15.3
|
version: v1.15.4
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: rook-ceph
|
name: rook-ceph
|
||||||
|
|
|
@ -17,7 +17,6 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
@ -38,5 +37,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 15m
|
timeout: 15m
|
||||||
|
|
|
@ -21,15 +21,6 @@ spec:
|
||||||
- key: feature.node.kubernetes.io/system-os_release.VERSION_ID
|
- key: feature.node.kubernetes.io/system-os_release.VERSION_ID
|
||||||
operator: NotIn
|
operator: NotIn
|
||||||
values: ["${TALOS_VERSION}"]
|
values: ["${TALOS_VERSION}"]
|
||||||
- key: kubernetes.io/hostname
|
|
||||||
operator: NotIn
|
|
||||||
values: ["gandalf-01", "shadowfax-01"]
|
|
||||||
# - key: factory.talos.dev/schematic-id.part-0
|
|
||||||
# operator: In
|
|
||||||
# values: ["${TALOS_SCHEMATIC_ID:0:32}"]
|
|
||||||
# - key: factory.talos.dev/schematic-id.part-1
|
|
||||||
# operator: In
|
|
||||||
# values: ["${TALOS_SCHEMATIC_ID:32}"]
|
|
||||||
tolerations:
|
tolerations:
|
||||||
- key: CriticalAddonsOnly
|
- key: CriticalAddonsOnly
|
||||||
operator: Exists
|
operator: Exists
|
||||||
|
@ -56,5 +47,5 @@ spec:
|
||||||
args:
|
args:
|
||||||
- --nodes=$(NODE_IP)
|
- --nodes=$(NODE_IP)
|
||||||
- upgrade
|
- upgrade
|
||||||
- --image=factory.talos.dev/installer/${TALOS_SCHEMATIC_ID}:$(SYSTEM_UPGRADE_PLAN_LATEST_VERSION)
|
- --image=factory.talos.dev/installer/$(TALOS_SCHEMATIC_ID):$(SYSTEM_UPGRADE_PLAN_LATEST_VERSION)
|
||||||
- --wait=false
|
- --wait=false
|
||||||
|
|
|
@ -17,5 +17,4 @@ spec:
|
||||||
name: theshire
|
name: theshire
|
||||||
wait: false
|
wait: false
|
||||||
interval: 30m
|
interval: 30m
|
||||||
retryInterval: 1m
|
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
|
|
|
@ -23,7 +23,7 @@ releases:
|
||||||
- name: cilium
|
- name: cilium
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
chart: cilium/cilium
|
chart: cilium/cilium
|
||||||
version: 1.16.2
|
version: 1.16.3
|
||||||
values:
|
values:
|
||||||
- ../apps/kube-system/cilium/app/helm-values.yml
|
- ../apps/kube-system/cilium/app/helm-values.yml
|
||||||
needs:
|
needs:
|
||||||
|
@ -40,7 +40,7 @@ releases:
|
||||||
- name: kubelet-csr-approver
|
- name: kubelet-csr-approver
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
chart: postfinance/kubelet-csr-approver
|
chart: postfinance/kubelet-csr-approver
|
||||||
version: 1.2.2
|
version: 1.2.3
|
||||||
values:
|
values:
|
||||||
- ../apps/kube-system/kubelet-csr-approver/app/helm-values.yml
|
- ../apps/kube-system/kubelet-csr-approver/app/helm-values.yml
|
||||||
needs:
|
needs:
|
||||||
|
@ -50,7 +50,7 @@ releases:
|
||||||
- name: spegel
|
- name: spegel
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
chart: oci://ghcr.io/spegel-org/helm-charts/spegel
|
chart: oci://ghcr.io/spegel-org/helm-charts/spegel
|
||||||
version: v0.0.26
|
version: v0.0.27
|
||||||
values:
|
values:
|
||||||
- ../apps/kube-system/spegel/app/helm-values.yml
|
- ../apps/kube-system/spegel/app/helm-values.yml
|
||||||
needs:
|
needs:
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/talconfig.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/talconfig.json
|
||||||
clusterName: theshire
|
clusterName: theshire
|
||||||
|
|
||||||
talosVersion: v1.8.0
|
talosVersion: v1.8.1
|
||||||
kubernetesVersion: 1.30.2
|
kubernetesVersion: 1.30.2
|
||||||
endpoint: "https://10.1.1.57:6444"
|
endpoint: "https://10.1.1.57:6444"
|
||||||
|
|
||||||
|
@ -76,8 +76,7 @@ nodes:
|
||||||
disableSearchDomain: true
|
disableSearchDomain: true
|
||||||
ipAddress: 10.1.1.68
|
ipAddress: 10.1.1.68
|
||||||
controlPlane: false
|
controlPlane: false
|
||||||
installDiskSelector:
|
installDisk: /dev/sda
|
||||||
busPath: /pci0000:00/0000:00:01.1/0000:02:00.0/virtio6/host6/target6:0:0/6:0:0:1/
|
|
||||||
networkInterfaces:
|
networkInterfaces:
|
||||||
- interface: enp5s0
|
- interface: enp5s0
|
||||||
dhcp: true
|
dhcp: true
|
||||||
|
|
Loading…
Reference in a new issue