jahanson/theshire
1
0
Fork 0
Code Issues 1 Pull requests 10 Projects Releases Packages Wiki Activity Actions

talos #61

Merged
jahanson merged 5 commits from talos into main 2024-02-15 17:26:33 -06:00
Conversation 0 Commits 5 Files changed 22 +173 -97
22 changed files with 173 additions and 97 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
View file

@ -50,9 +50,13 @@ spec:
extraConfig: extraConfig:
allow-localhost: policy # enable policies for localhost allow-localhost: policy # enable policies for localhost
kubeProxyReplacement: true kubeProxyReplacement: true
k8sServiceHost: ${K8S_SERVICE_ENDPOINT} k8sServiceHost: 127.0.0.1
k8sServicePort: 6443 k8sServicePort: 7445
rollOutCiliumPods: true rollOutCiliumPods: true
cgroup:
automount:
enabled: false
hostRoot: /sys/fs/cgroup
bgp: bgp:
enabled: false enabled: false
announce: announce:
@ -60,3 +64,21 @@ spec:
podCIDR: false podCIDR: false
bgpControlPlane: bgpControlPlane:
enabled: true enabled: true
securityContext:
capabilities:
ciliumAgent:
- CHOWN
- KILL
- NET_ADMIN
- NET_RAW
- IPC_LOCK
- SYS_ADMIN
- SYS_RESOURCE
- DAC_OVERRIDE
- FOWNER
- SETGID
- SETUID
cleanCiliumState:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE

34
kubernetes/apps/kube-system/spegel/app/helmrelease.yaml Normal file
View file

@ -0,0 +1,34 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: spegel
spec:
interval: 30m
chart:
spec:
chart: spegel
version: v0.0.18
sourceRef:
kind: HelmRepository
name: xenitab
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
uninstall:
keepHistory: false
values:
spegel:
containerdSock: /run/containerd/containerd.sock
containerdRegistryConfigPath: /etc/cri/conf.d/hosts
service:
registry:
hostPort: 29999
serviceMonitor:
enabled: true

2
kubernetes/apps/storage/local-path-provisioner/app/kustomization.yaml → kubernetes/apps/kube-system/spegel/app/kustomization.yaml
View file

@ -3,4 +3,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./helmrelease.yaml - ./helmrelease.yaml

10
kubernetes/apps/storage/local-path-provisioner/ks.yaml → kubernetes/apps/kube-system/spegel/ks.yaml
View file

@ -1,16 +1,16 @@
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:
name: &app local-path-provisioner name: &app spegel
namespace: flux-system namespace: flux-system
spec: spec:
targetNamespace: storage targetNamespace: kube-system
commonMetadata: commonMetadata:
labels: labels:
app.kubernetes.io/name: *app app.kubernetes.io/name: *app
path: ./kubernetes/apps/storage/local-path-provisioner/app path: ./kubernetes/apps/kube-system/spegel/app
prune: true prune: true
sourceRef: sourceRef:
kind: GitRepository kind: GitRepository
@ -18,4 +18,4 @@ spec:
wait: false wait: false
interval: 30m interval: 30m
retryInterval: 1m retryInterval: 1m
timeout: 5m timeout: 5m

9
kubernetes/apps/openebs-system/kustomization.yaml Normal file
View file

@ -0,0 +1,9 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# Pre Flux-Kustomizations
- ./namespace.yaml
# Flux-Kustomizations
- ./openebs/ks.yaml

8
kubernetes/apps/openebs-system/namespace.yaml Normal file
View file

@ -0,0 +1,8 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: openebs-system
annotations:
kustomize.toolkit.fluxcd.io/prune: disabled
volsync.backube/privileged-movers: "true"

32
kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml Normal file
View file

@ -0,0 +1,32 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: openebs
spec:
interval: 30m
chart:
spec:
chart: openebs
version: 3.10.0
sourceRef:
kind: HelmRepository
name: openebs
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
uninstall:
keepHistory: false
values:
localprovisioner:
hostpathClass:
enabled: true
name: openebs-hostpath
isDefaultClass: false
basePath: /var/openebs/local

6
kubernetes/apps/openebs-system/openebs/app/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml

21
kubernetes/apps/openebs-system/openebs/ks.yaml Normal file
View file

@ -0,0 +1,21 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app openebs
namespace: flux-system
spec:
targetNamespace: openebs-system
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/openebs-system/openebs/app
prune: true
sourceRef:
kind: GitRepository
name: homelab
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m

77
kubernetes/apps/storage/local-path-provisioner/app/helmrelease.yaml
View file

@ -1,77 +0,0 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: local-path-provisioner
spec:
interval: 30m
chart:
spec:
chart: democratic-csi
version: 0.14.5
sourceRef:
name: democratic-csi
kind: HelmRepository
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
uninstall:
keepHistory: false
values:
fullnameOverride: local-path-provisioner
controller:
strategy: node
externalProvisioner:
image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0
extraArgs:
- --leader-election=false
- --node-deployment=true
- --node-deployment-immediate-binding=false
- --feature-gates=Topology=true
- --strict-topology=true
- --enable-capacity=true
- --capacity-ownerref-level=1
externalResizer:
enabled: false
externalAttacher:
enabled: false
externalSnapshotter:
enabled: false
csiDriver:
name: local-hostpath.cluster.local
storageCapacity: true
attachRequired: false
fsGroupPolicy: File
storageClasses:
- name: local-hostpath
defaultClass: false
reclaimPolicy: Delete
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
driver:
config:
driver: local-hostpath
local-hostpath:
shareBasePath: &storagePath /var/lib/rancher/k3s/local-hostpath
controllerBasePath: *storagePath
dirPermissionsMode: "0770"
dirPermissionsUser: 0
dirPermissionsGroup: 0
node:
driver:
image: ghcr.io/democratic-csi/democratic-csi:v1.8.4
extraVolumeMounts:
- name: local-hostpath
mountPath: *storagePath
mountPropagation: Bidirectional
extraVolumes:
- name: local-hostpath
hostPath:
path: *storagePath
type: DirectoryOrCreate

1
kubernetes/apps/storage/kustomization.yaml → kubernetes/apps/volsync-system/kustomization.yaml
View file

@ -6,6 +6,5 @@ resources:
# Pre Flux-Kustomizations # Pre Flux-Kustomizations
- ./namespace.yaml - ./namespace.yaml
# Flux-Kustomizations # Flux-Kustomizations
- ./local-path-provisioner/ks.yaml
- ./snapshot-controller/ks.yaml - ./snapshot-controller/ks.yaml
- ./volsync/ks.yaml - ./volsync/ks.yaml

2
kubernetes/apps/storage/namespace.yaml → kubernetes/apps/volsync-system/namespace.yaml
View file

@ -2,6 +2,6 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: storage name: volsync-system
labels: labels:
kustomize.toolkit.fluxcd.io/prune: disabled kustomize.toolkit.fluxcd.io/prune: disabled

0
kubernetes/apps/storage/snapshot-controller/app/helmrelease.yaml → kubernetes/apps/volsync-system/snapshot-controller/app/helmrelease.yaml
View file

2
kubernetes/apps/storage/snapshot-controller/ks.yaml → kubernetes/apps/volsync-system/snapshot-controller/ks.yaml
View file

@ -10,7 +10,7 @@ spec:
commonMetadata: commonMetadata:
labels: labels:
app.kubernetes.io/name: *app app.kubernetes.io/name: *app
path: ./kubernetes/apps/storage/snapshot-controller/app path: ./kubernetes/apps/volsync-system/snapshot-controller/app
prune: true prune: true
sourceRef: sourceRef:
kind: GitRepository kind: GitRepository

0
kubernetes/apps/storage/volsync/app/helmrelease.yaml → kubernetes/apps/volsync-system/volsync/app/helmrelease.yaml
View file

0
kubernetes/apps/storage/volsync/app/kustomization.yaml → kubernetes/apps/volsync-system/volsync/app/kustomization.yaml
View file

2
kubernetes/apps/storage/volsync/ks.yaml → kubernetes/apps/volsync-system/volsync/ks.yaml
View file

@ -11,7 +11,7 @@ spec:
labels: labels:
app.kubernetes.io/name: *appname app.kubernetes.io/name: *appname
interval: 10m interval: 10m
path: "./kubernetes/apps/storage/volsync/app" path: "./kubernetes/apps/volsync-system/volsync/app"
prune: true prune: true
sourceRef: sourceRef:
kind: GitRepository kind: GitRepository

5
kubernetes/flux/repositories/helm/kustomization.yaml
View file

@ -11,7 +11,7 @@ resources:
- cloudnative-pg.yaml - cloudnative-pg.yaml
- crowdsec.yaml - crowdsec.yaml
- crunchydata.yaml - crunchydata.yaml
- democratic-csi.yaml # - democratic-csi.yaml
- dragonflydb.yaml - dragonflydb.yaml
- elastic.yaml - elastic.yaml
- external-secrets.yaml - external-secrets.yaml
@ -28,9 +28,10 @@ resources:
- kubernetes-sigs-metrics-server.yaml - kubernetes-sigs-metrics-server.yaml
- kubernetes-sigs-external-dns.yaml - kubernetes-sigs-external-dns.yaml
- nvidia.yaml - nvidia.yaml
- openebs.yaml
- piraeus.yaml - piraeus.yaml
- postfinance.yaml - postfinance.yaml
- prometheus-community.yaml - prometheus-community.yaml
- rook-ceph.yaml - rook-ceph.yaml
- stakater.yaml - stakater.yaml
# - weave-gitops.yaml - xenitab.yaml

10
kubernetes/flux/repositories/helm/openebs.yaml Normal file
View file

@ -0,0 +1,10 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: openebs
namespace: flux-system
spec:
interval: 2h
url: https://openebs.github.io/charts

11
kubernetes/flux/repositories/helm/xenitab.yaml Normal file
View file

@ -0,0 +1,11 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: xenitab
namespace: flux-system
spec:
type: oci
interval: 5m
url: oci://ghcr.io/xenitab/helm-charts

8
kubernetes/templates/volsync/minio.yaml
View file

@ -37,8 +37,8 @@ spec:
pruneIntervalDays: 7 pruneIntervalDays: 7
repository: "${APP}-volsync-secret" repository: "${APP}-volsync-secret"
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}" volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}" cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-local-hostpath}" cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"] cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}" storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
@ -63,9 +63,9 @@ spec:
repository: "${APP}-volsync-secret" repository: "${APP}-volsync-secret"
copyMethod: Snapshot # must be Snapshot copyMethod: Snapshot # must be Snapshot
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}" volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-local-hostpath}" cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"] cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}" cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}" storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
capacity: "${VOLSYNC_CAPACITY}" capacity: "${VOLSYNC_CAPACITY}"

4
kubernetes/templates/volsync/r2.yaml
View file

@ -37,8 +37,8 @@ spec:
pruneIntervalDays: 7 pruneIntervalDays: 7
repository: "${APP}-volsync-r2-secret" repository: "${APP}-volsync-r2-secret"
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}" volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}" cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-local-hostpath}" cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"] cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}" storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]