Merge branch 'main' into renovate/community.sops-1.x
This commit is contained in:
commit
08e9af7267
75 changed files with 51 additions and 38 deletions
10
.vscode/extensions.json
vendored
Normal file
10
.vscode/extensions.json
vendored
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"recommendations": [
|
||||||
|
"mikestead.dotenv",
|
||||||
|
"redhat.ansible",
|
||||||
|
"redhat.vscode-yaml",
|
||||||
|
"signageos.signageos-vscode-sops",
|
||||||
|
"pkief.material-icon-theme",
|
||||||
|
"ms-vscode-remote.remote-ssh"
|
||||||
|
]
|
||||||
|
}
|
||||||
7
.vscode/settings.json
vendored
7
.vscode/settings.json
vendored
|
|
@ -5,7 +5,6 @@
|
||||||
"**/ansible/**/*.yaml": "ansible",
|
"**/ansible/**/*.yaml": "ansible",
|
||||||
"**/ansible/**/*.sops.yaml": "yaml",
|
"**/ansible/**/*.sops.yaml": "yaml",
|
||||||
"**/ansible/**/inventory/**/*.yaml": "yaml",
|
"**/ansible/**/inventory/**/*.yaml": "yaml",
|
||||||
"**/terraform/**/*.tf": "terraform",
|
|
||||||
"**/kubernetes/**/*.sops.toml": "plaintext"
|
"**/kubernetes/**/*.sops.toml": "plaintext"
|
||||||
},
|
},
|
||||||
"material-icon-theme.folders.associations": {
|
"material-icon-theme.folders.associations": {
|
||||||
|
|
@ -14,7 +13,6 @@
|
||||||
"charts": "kubernetes",
|
"charts": "kubernetes",
|
||||||
"hack": "scripts",
|
"hack": "scripts",
|
||||||
"repositories": "database",
|
"repositories": "database",
|
||||||
"terraforms": "terraform",
|
|
||||||
"vars": "other",
|
"vars": "other",
|
||||||
// namespaces
|
// namespaces
|
||||||
"cert-manager": "guard",
|
"cert-manager": "guard",
|
||||||
|
|
@ -27,8 +25,7 @@
|
||||||
"yaml.schemaStore.enable": true,
|
"yaml.schemaStore.enable": true,
|
||||||
"yaml.schemas": {
|
"yaml.schemas": {
|
||||||
"ansible": "ansible/**/*.yaml",
|
"ansible": "ansible/**/*.yaml",
|
||||||
"kubernetes": "kubernetes/**/*.yaml",
|
"kubernetes": "kubernetes/**/*.yaml"
|
||||||
"schemaservice://combinedschema/ansible": "file:///home/jahanson/projects/k3s-ops/ansible/kubernetes/inventory/hosts.yaml"
|
|
||||||
},
|
},
|
||||||
"editor.fontFamily": "FiraCode Nerd Font",
|
"editor.fontFamily": "FiraCode Nerd Font",
|
||||||
"editor.fontLigatures": true,
|
"editor.fontLigatures": true,
|
||||||
|
|
@ -45,5 +42,5 @@
|
||||||
"files.trimTrailingWhitespace": true,
|
"files.trimTrailingWhitespace": true,
|
||||||
"ansible.python.interpreterPath": "/usr/bin/python3",
|
"ansible.python.interpreterPath": "/usr/bin/python3",
|
||||||
"sops.defaults.ageKeyFile": "age.key",
|
"sops.defaults.ageKeyFile": "age.key",
|
||||||
"ansible.validation.lint.path": "~/projects/k3s-ops/.venv/bin/ansible-lint"
|
"ansible.validation.lint.path": "~/projects/valinor/.venv/bin/ansible-lint"
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
---
|
---
|
||||||
# renovate: datasource=github-releases depName=k3s-io/k3s
|
# renovate: datasource=github-releases depName=k3s-io/k3s
|
||||||
k3s_release_version: "v1.27.4+k3s1"
|
k3s_release_version: "v1.27.5+k3s1"
|
||||||
k3s_install_hard_links: true
|
k3s_install_hard_links: true
|
||||||
k3s_become: true
|
k3s_become: true
|
||||||
k3s_etcd_datastore: true
|
k3s_etcd_datastore: true
|
||||||
k3s_registration_address: 10.2.0.3
|
k3s_registration_address: 10.2.0.6
|
||||||
# /var/lib/rancher/k3s/server/manifests
|
# /var/lib/rancher/k3s/server/manifests
|
||||||
k3s_server_manifests_urls:
|
k3s_server_manifests_urls:
|
||||||
# Essential Prometheus Operator CRDs (the rest are installed with the kube-prometheus-stack helm release)
|
# Essential Prometheus Operator CRDs (the rest are installed with the kube-prometheus-stack helm release)
|
||||||
|
|
|
||||||
|
|
@ -6,23 +6,9 @@ kubernetes:
|
||||||
children:
|
children:
|
||||||
master:
|
master:
|
||||||
hosts:
|
hosts:
|
||||||
eonwe:
|
valinor-1:
|
||||||
ansible_host: 10.2.1.13
|
ansible_host: 10.2.0.3
|
||||||
arlen:
|
valinor-2:
|
||||||
ansible_host: 10.2.1.14
|
ansible_host: 10.2.0.4
|
||||||
nienna:
|
valinor-3:
|
||||||
ansible_host: 10.2.1.15
|
ansible_host: 10.2.0.5
|
||||||
worker:
|
|
||||||
hosts:
|
|
||||||
aule:
|
|
||||||
ansible_host: 10.2.1.10
|
|
||||||
ceph_drives:
|
|
||||||
- /dev/disk/by-id/nvme-SAMSUNG_MZQL2960HCJR-00A07_S64FNE0RA01210
|
|
||||||
manwe:
|
|
||||||
ansible_host: 10.2.1.11
|
|
||||||
ceph_drives:
|
|
||||||
- /dev/disk/by-id/nvme-SAMSUNG_MZQL2960HCJR-00A07_S64FNE0R801843
|
|
||||||
varda:
|
|
||||||
ansible_host: 10.2.1.12
|
|
||||||
ceph_drives:
|
|
||||||
- /dev/disk/by-id/nvme-SAMSUNG_MZQL2960HCJR-00A07_S64FNE0R801309
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
namespace: cert-manager
|
namespace: cert-manager
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
namespace: cert-manager
|
namespace: cert-manager
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
metadata:
|
metadata:
|
||||||
|
|
@ -13,6 +14,7 @@ spec:
|
||||||
name: valinor
|
name: valinor
|
||||||
wait: true
|
wait: true
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1beta1.json
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
metadata:
|
metadata:
|
||||||
|
|
@ -15,6 +16,7 @@ spec:
|
||||||
name: valinor
|
name: valinor
|
||||||
wait: true
|
wait: true
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1beta1.json
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/receiver-notification-v1.json
|
||||||
apiVersion: notification.toolkit.fluxcd.io/v1
|
apiVersion: notification.toolkit.fluxcd.io/v1
|
||||||
kind: Receiver
|
kind: Receiver
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1beta1.json
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
@ -9,7 +10,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: cilium
|
chart: cilium
|
||||||
version: 1.14.1
|
version: 1.14.2
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: cilium
|
name: cilium
|
||||||
|
|
@ -75,7 +76,7 @@ spec:
|
||||||
ipam:
|
ipam:
|
||||||
mode: kubernetes
|
mode: kubernetes
|
||||||
ipv4NativeRoutingCIDR: 10.32.0.0/16
|
ipv4NativeRoutingCIDR: 10.32.0.0/16
|
||||||
k8sServiceHost: 10.2.0.3
|
k8sServiceHost: 10.2.0.6
|
||||||
k8sServicePort: 6443
|
k8sServicePort: 6443
|
||||||
kubeProxyReplacement: strict
|
kubeProxyReplacement: strict
|
||||||
kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
|
kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
namespace: monitoring
|
namespace: monitoring
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
@ -200,7 +201,7 @@ spec:
|
||||||
enableAdminAPI: true
|
enableAdminAPI: true
|
||||||
walCompression: true
|
walCompression: true
|
||||||
thanos:
|
thanos:
|
||||||
image: quay.io/thanos/thanos:v0.32.0
|
image: quay.io/thanos/thanos:v0.32.3
|
||||||
objectStorageConfig:
|
objectStorageConfig:
|
||||||
name: thanos-objstore-secret
|
name: thanos-objstore-secret
|
||||||
key: objstore.yml
|
key: objstore.yml
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: prometheus-node-exporter
|
chart: prometheus-node-exporter
|
||||||
version: 4.22.0
|
version: 4.23.1
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: prometheus-community
|
name: prometheus-community
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: thanos
|
chart: thanos
|
||||||
version: 12.11.4
|
version: 12.13.5
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: bitnami
|
name: bitnami
|
||||||
|
|
@ -33,7 +33,7 @@ spec:
|
||||||
image:
|
image:
|
||||||
registry: quay.io
|
registry: quay.io
|
||||||
repository: thanos/thanos
|
repository: thanos/thanos
|
||||||
tag: v0.32.0
|
tag: v0.32.3
|
||||||
objstoreConfig:
|
objstoreConfig:
|
||||||
type: s3
|
type: s3
|
||||||
config:
|
config:
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: external-dns
|
chart: external-dns
|
||||||
version: 1.13.0
|
version: 1.13.1
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: kubernetes-sigs-external-dns
|
name: kubernetes-sigs-external-dns
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: rook-ceph-cluster
|
chart: rook-ceph-cluster
|
||||||
version: v1.12.2
|
version: v1.12.4
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: rook-ceph
|
name: rook-ceph
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: rook-ceph
|
chart: rook-ceph
|
||||||
version: v1.12.2
|
version: v1.12.4
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: rook-ceph
|
name: rook-ceph
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: crowdsec
|
chart: crowdsec
|
||||||
version: 0.9.7
|
version: 0.9.8
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: crowdsec
|
name: crowdsec
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: external-secrets
|
chart: external-secrets
|
||||||
version: 0.9.4
|
version: 0.9.5
|
||||||
interval: 30m
|
interval: 30m
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
|
|
|
||||||
Reference in a new issue