diff --git a/archive/fediverse/kustomization.yaml b/archive/fediverse/kustomization.yaml index b6d3173..cad87af 100644 --- a/archive/fediverse/kustomization.yaml +++ b/archive/fediverse/kustomization.yaml @@ -1,9 +1,10 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: # Pre Flux-Kustomizations - ./namespace.yaml # Flux-Kustomizations - - ./elk/ks.yaml - - ./mastodon/ks.yaml + - ./peertube/ks.yaml + - ./redis/ks.yaml diff --git a/archive/fediverse/namespace.yaml b/archive/fediverse/namespace.yaml index b70197c..c416efa 100644 --- a/archive/fediverse/namespace.yaml +++ b/archive/fediverse/namespace.yaml @@ -5,4 +5,4 @@ metadata: name: fediverse labels: kustomize.toolkit.fluxcd.io/prune: disabled - goldilocks.fairwinds.com/enabled: "true" + pgo-enabled-hsn.dev: "true" diff --git a/kubernetes/apps/fediverse/peertube/app/config/production.yml b/archive/fediverse/peertube/app/config/production.yml similarity index 100% rename from kubernetes/apps/fediverse/peertube/app/config/production.yml rename to archive/fediverse/peertube/app/config/production.yml diff --git a/kubernetes/apps/fediverse/peertube/app/externalsecret.yaml b/archive/fediverse/peertube/app/externalsecret.yaml similarity index 100% rename from kubernetes/apps/fediverse/peertube/app/externalsecret.yaml rename to archive/fediverse/peertube/app/externalsecret.yaml diff --git a/kubernetes/apps/fediverse/peertube/app/helmrelease.yaml b/archive/fediverse/peertube/app/helmrelease.yaml similarity index 100% rename from kubernetes/apps/fediverse/peertube/app/helmrelease.yaml rename to archive/fediverse/peertube/app/helmrelease.yaml diff --git a/kubernetes/apps/fediverse/peertube/app/kustomization.yaml b/archive/fediverse/peertube/app/kustomization.yaml similarity index 100% rename from kubernetes/apps/fediverse/peertube/app/kustomization.yaml rename to archive/fediverse/peertube/app/kustomization.yaml diff --git a/archive/fediverse/peertube/postgresCluster.yaml b/archive/fediverse/peertube/app/postgresCluster.yaml similarity index 100% rename from archive/fediverse/peertube/postgresCluster.yaml rename to archive/fediverse/peertube/app/postgresCluster.yaml diff --git a/kubernetes/apps/fediverse/peertube/app/pvc.yaml b/archive/fediverse/peertube/app/pvc.yaml similarity index 100% rename from kubernetes/apps/fediverse/peertube/app/pvc.yaml rename to archive/fediverse/peertube/app/pvc.yaml diff --git a/kubernetes/apps/fediverse/peertube/ks.yaml b/archive/fediverse/peertube/ks.yaml similarity index 100% rename from kubernetes/apps/fediverse/peertube/ks.yaml rename to archive/fediverse/peertube/ks.yaml diff --git a/kubernetes/apps/fediverse/redis/ks.yaml b/archive/fediverse/peertube/redis/ks.yaml similarity index 100% rename from kubernetes/apps/fediverse/redis/ks.yaml rename to archive/fediverse/peertube/redis/ks.yaml diff --git a/kubernetes/apps/fediverse/redis/peertube/helmrelease.yaml b/archive/fediverse/peertube/redis/peertube/helmrelease.yaml similarity index 100% rename from kubernetes/apps/fediverse/redis/peertube/helmrelease.yaml rename to archive/fediverse/peertube/redis/peertube/helmrelease.yaml diff --git a/kubernetes/apps/fediverse/redis/peertube/kustomization.yaml b/archive/fediverse/peertube/redis/peertube/kustomization.yaml similarity index 100% rename from kubernetes/apps/fediverse/redis/peertube/kustomization.yaml rename to archive/fediverse/peertube/redis/peertube/kustomization.yaml diff --git a/kubernetes/apps/fediverse/kustomization.yaml b/archive/monitoring/kube-prometheus-stack/app/kustomization.yaml similarity index 52% rename from kubernetes/apps/fediverse/kustomization.yaml rename to archive/monitoring/kube-prometheus-stack/app/kustomization.yaml index cad87af..c57d670 100644 --- a/kubernetes/apps/fediverse/kustomization.yaml +++ b/archive/monitoring/kube-prometheus-stack/app/kustomization.yaml @@ -1,10 +1,10 @@ --- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json +# yaml-language-server: $schema=https://json.schemastore.org/kustomization apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: monitoring resources: - # Pre Flux-Kustomizations - - ./namespace.yaml - # Flux-Kustomizations - - ./peertube/ks.yaml - - ./redis/ks.yaml + - ./externalsecret.yaml + - ./helmrelease.yaml + - ./scrapeconfigs + - ./prometheusrules diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/app/prometheusrules/kustomization.yaml b/archive/monitoring/kube-prometheus-stack/app/prometheusrules/kustomization.yaml similarity index 100% rename from kubernetes/apps/monitoring/kube-prometheus-stack/app/prometheusrules/kustomization.yaml rename to archive/monitoring/kube-prometheus-stack/app/prometheusrules/kustomization.yaml diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/app/prometheusrules/minio.yaml b/archive/monitoring/kube-prometheus-stack/app/prometheusrules/minio.yaml similarity index 100% rename from kubernetes/apps/monitoring/kube-prometheus-stack/app/prometheusrules/minio.yaml rename to archive/monitoring/kube-prometheus-stack/app/prometheusrules/minio.yaml diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/app/scrapeconfigs/erebor.yaml b/archive/monitoring/kube-prometheus-stack/app/scrapeconfigs/erebor.yaml similarity index 100% rename from kubernetes/apps/monitoring/kube-prometheus-stack/app/scrapeconfigs/erebor.yaml rename to archive/monitoring/kube-prometheus-stack/app/scrapeconfigs/erebor.yaml diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/app/scrapeconfigs/kustomization.yaml b/archive/monitoring/kube-prometheus-stack/app/scrapeconfigs/kustomization.yaml similarity index 100% rename from kubernetes/apps/monitoring/kube-prometheus-stack/app/scrapeconfigs/kustomization.yaml rename to archive/monitoring/kube-prometheus-stack/app/scrapeconfigs/kustomization.yaml diff --git a/kubernetes/apps/fediverse/namespace.yaml b/kubernetes/apps/fediverse/namespace.yaml deleted file mode 100644 index c416efa..0000000 --- a/kubernetes/apps/fediverse/namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: fediverse - labels: - kustomize.toolkit.fluxcd.io/prune: disabled - pgo-enabled-hsn.dev: "true" diff --git a/kubernetes/apps/flux-system/add-ons/monitoring/kustomization.yaml b/kubernetes/apps/flux-system/add-ons/monitoring/kustomization.yaml index 0de2676..7183475 100644 --- a/kubernetes/apps/flux-system/add-ons/monitoring/kustomization.yaml +++ b/kubernetes/apps/flux-system/add-ons/monitoring/kustomization.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: flux-system diff --git a/kubernetes/apps/flux-system/add-ons/monitoring/podmonitor.yaml b/kubernetes/apps/flux-system/add-ons/monitoring/podmonitor.yaml index d4e4c25..b3f1a05 100644 --- a/kubernetes/apps/flux-system/add-ons/monitoring/podmonitor.yaml +++ b/kubernetes/apps/flux-system/add-ons/monitoring/podmonitor.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://ks.hsn.dev/monitoring.coreos.com/podmonitor_v1.json apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: diff --git a/kubernetes/apps/flux-system/add-ons/monitoring/prometheusrule.yaml b/kubernetes/apps/flux-system/add-ons/monitoring/prometheusrule.yaml index 227314c..addd64e 100644 --- a/kubernetes/apps/flux-system/add-ons/monitoring/prometheusrule.yaml +++ b/kubernetes/apps/flux-system/add-ons/monitoring/prometheusrule.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://ks.hsn.dev/monitoring.coreos.com/prometheusrule_v1.json apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: diff --git a/kubernetes/apps/flux-system/add-ons/webhooks/github/externalsecret.yaml b/kubernetes/apps/flux-system/add-ons/webhooks/git/externalsecret.yaml similarity index 60% rename from kubernetes/apps/flux-system/add-ons/webhooks/github/externalsecret.yaml rename to kubernetes/apps/flux-system/add-ons/webhooks/git/externalsecret.yaml index 6674551..06aaadc 100644 --- a/kubernetes/apps/flux-system/add-ons/webhooks/github/externalsecret.yaml +++ b/kubernetes/apps/flux-system/add-ons/webhooks/git/externalsecret.yaml @@ -1,18 +1,19 @@ --- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: github-webhook-token + name: git-webhook-token namespace: flux-system spec: secretStoreRef: kind: ClusterSecretStore name: onepassword-connect target: - name: github-webhook-token + name: git-webhook-token creationPolicy: Owner data: - secretKey: token remoteRef: key: flux - property: github_webhook_token + property: git_webhook_token diff --git a/kubernetes/apps/flux-system/add-ons/webhooks/github/ingress.yaml b/kubernetes/apps/flux-system/add-ons/webhooks/git/ingress.yaml similarity index 77% rename from kubernetes/apps/flux-system/add-ons/webhooks/github/ingress.yaml rename to kubernetes/apps/flux-system/add-ons/webhooks/git/ingress.yaml index 701b45e..10295f9 100644 --- a/kubernetes/apps/flux-system/add-ons/webhooks/github/ingress.yaml +++ b/kubernetes/apps/flux-system/add-ons/webhooks/git/ingress.yaml @@ -5,11 +5,11 @@ metadata: name: webhook-receiver namespace: flux-system annotations: - external-dns.alpha.kubernetes.io/target: ingress.valinor.social + external-dns.alpha.kubernetes.io/target: valinor.hsn.dev spec: ingressClassName: "nginx" rules: - - host: &host "flux-receiver-valinor.valinor.social" + - host: &host "flux-receiver-valinor.hsn.dev" http: paths: - path: /hook/ diff --git a/kubernetes/apps/flux-system/add-ons/webhooks/github/kustomization.yaml b/kubernetes/apps/flux-system/add-ons/webhooks/git/kustomization.yaml similarity index 100% rename from kubernetes/apps/flux-system/add-ons/webhooks/github/kustomization.yaml rename to kubernetes/apps/flux-system/add-ons/webhooks/git/kustomization.yaml diff --git a/kubernetes/apps/flux-system/add-ons/webhooks/github/receiver.yaml b/kubernetes/apps/flux-system/add-ons/webhooks/git/receiver.yaml similarity index 92% rename from kubernetes/apps/flux-system/add-ons/webhooks/github/receiver.yaml rename to kubernetes/apps/flux-system/add-ons/webhooks/git/receiver.yaml index 45ba0d6..6b79854 100644 --- a/kubernetes/apps/flux-system/add-ons/webhooks/github/receiver.yaml +++ b/kubernetes/apps/flux-system/add-ons/webhooks/git/receiver.yaml @@ -3,7 +3,7 @@ apiVersion: notification.toolkit.fluxcd.io/v1 kind: Receiver metadata: - name: github-receiver + name: git-receiver namespace: flux-system spec: type: github @@ -11,7 +11,7 @@ spec: - "ping" - "push" secretRef: - name: github-webhook-token + name: git-webhook-token resources: - apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository diff --git a/kubernetes/apps/flux-system/add-ons/webhooks/kustomization.yaml b/kubernetes/apps/flux-system/add-ons/webhooks/kustomization.yaml index ccd8b3e..c0a6cd3 100644 --- a/kubernetes/apps/flux-system/add-ons/webhooks/kustomization.yaml +++ b/kubernetes/apps/flux-system/add-ons/webhooks/kustomization.yaml @@ -1,5 +1,6 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./github + - ./git diff --git a/kubernetes/apps/kube-system/hccm/app/externalsecret.yaml b/kubernetes/apps/kube-system/hccm/app/externalsecret.yaml index 6e9f3a4..2ec4b41 100644 --- a/kubernetes/apps/kube-system/hccm/app/externalsecret.yaml +++ b/kubernetes/apps/kube-system/hccm/app/externalsecret.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: diff --git a/kubernetes/apps/kube-system/hccm/app/helmrelease.yaml b/kubernetes/apps/kube-system/hccm/app/helmrelease.yaml index 09fc1ed..d6bf598 100644 --- a/kubernetes/apps/kube-system/hccm/app/helmrelease.yaml +++ b/kubernetes/apps/kube-system/hccm/app/helmrelease.yaml @@ -1,5 +1,5 @@ -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: diff --git a/kubernetes/apps/kube-system/hccm/app/kustomization.yaml b/kubernetes/apps/kube-system/hccm/app/kustomization.yaml index d868f4a..61a64be 100644 --- a/kubernetes/apps/kube-system/hccm/app/kustomization.yaml +++ b/kubernetes/apps/kube-system/hccm/app/kustomization.yaml @@ -1,5 +1,5 @@ -# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kube-system diff --git a/kubernetes/apps/kube-system/hccm/ks.yaml b/kubernetes/apps/kube-system/hccm/ks.yaml index 916a824..21ff067 100644 --- a/kubernetes/apps/kube-system/hccm/ks.yaml +++ b/kubernetes/apps/kube-system/hccm/ks.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/kube-system/kustomization.yaml b/kubernetes/apps/kube-system/kustomization.yaml index 77119be..f915b4a 100644 --- a/kubernetes/apps/kube-system/kustomization.yaml +++ b/kubernetes/apps/kube-system/kustomization.yaml @@ -1,5 +1,5 @@ -# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: diff --git a/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml b/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml index 8b2f500..1db0277 100644 --- a/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml +++ b/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: diff --git a/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml b/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml index 749cbd1..d8365e6 100644 --- a/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml +++ b/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml @@ -1,5 +1,5 @@ -# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kube-system diff --git a/kubernetes/apps/kube-system/metrics-server/ks.yaml b/kubernetes/apps/kube-system/metrics-server/ks.yaml index 9b9e271..6c4f7f1 100644 --- a/kubernetes/apps/kube-system/metrics-server/ks.yaml +++ b/kubernetes/apps/kube-system/metrics-server/ks.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/kyverno/kyverno/ks.yaml b/kubernetes/apps/kyverno/kyverno/ks.yaml index 1ba5560..471f56b 100644 --- a/kubernetes/apps/kyverno/kyverno/ks.yaml +++ b/kubernetes/apps/kyverno/kyverno/ks.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -15,6 +16,7 @@ spec: retryInterval: 1m timeout: 5m --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/kyverno/kyverno/policies/remove-cpu-limits.yaml b/kubernetes/apps/kyverno/kyverno/policies/remove-cpu-limits.yaml index 5a063c3..6b48726 100644 --- a/kubernetes/apps/kyverno/kyverno/policies/remove-cpu-limits.yaml +++ b/kubernetes/apps/kyverno/kyverno/policies/remove-cpu-limits.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://ks.hsn.dev/kyverno.io/clusterpolicy_v1.json apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: diff --git a/kubernetes/apps/monitoring/alertmanager/ks.yaml b/kubernetes/apps/monitoring/alertmanager/ks.yaml index ad21037..f052439 100644 --- a/kubernetes/apps/monitoring/alertmanager/ks.yaml +++ b/kubernetes/apps/monitoring/alertmanager/ks.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/monitoring/grafana/app/externalsecret.yaml b/kubernetes/apps/monitoring/grafana/app/externalsecret.yaml index 57f10c8..d08a3b8 100644 --- a/kubernetes/apps/monitoring/grafana/app/externalsecret.yaml +++ b/kubernetes/apps/monitoring/grafana/app/externalsecret.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: diff --git a/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml b/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml index b9a4b4e..235ccc3 100644 --- a/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml @@ -78,7 +78,7 @@ spec: allow_embedding: true cookie_samesite: grafana server: - root_url: https://grafana.valinor.social + root_url: https://gv.hsn.dev datasources: datasources.yaml: apiVersion: 1 @@ -161,28 +161,28 @@ spec: gnetId: 15038 revision: 1 datasource: Prometheus - minio: - # renovate: depName="MinIO Dashboard" - gnetId: 13502 - revision: 24 - datasource: - - { name: DS_PROMETHEUS, value: Prometheus } - ceph: - ceph-cluster: - # renovate: depName="Ceph Cluster" - gnetId: 2842 - revision: 17 - datasource: Prometheus - ceph-osd: - # renovate: depName="Ceph - OSD (Single)" - gnetId: 5336 - revision: 9 - datasource: Prometheus - ceph-pools: - # renovate: depName="Ceph - Pools" - gnetId: 5342 - revision: 9 - datasource: Prometheus + # minio: + # # renovate: depName="MinIO Dashboard" + # gnetId: 13502 + # revision: 24 + # datasource: + # - { name: DS_PROMETHEUS, value: Prometheus } + # ceph: + # ceph-cluster: + # # renovate: depName="Ceph Cluster" + # gnetId: 2842 + # revision: 17 + # datasource: Prometheus + # ceph-osd: + # # renovate: depName="Ceph - OSD (Single)" + # gnetId: 5336 + # revision: 9 + # datasource: Prometheus + # ceph-pools: + # # renovate: depName="Ceph - Pools" + # gnetId: 5342 + # revision: 9 + # datasource: Prometheus flux: flux-cluster: url: https://raw.githubusercontent.com/fluxcd/flux2/main/manifests/monitoring/monitoring-config/dashboards/cluster.json @@ -267,10 +267,10 @@ spec: ingress: enabled: true annotations: - external-dns.alpha.kubernetes.io/target: ingress.valinor.social + external-dns.alpha.kubernetes.io/target: valinor.hsn.dev ingressClassName: nginx hosts: - - &host grafana.valinor.social + - &host grafana.hsn.dev tls: - hosts: - *host diff --git a/kubernetes/apps/monitoring/grafana/ks.yaml b/kubernetes/apps/monitoring/grafana/ks.yaml index 9c367a1..405a5fa 100644 --- a/kubernetes/apps/monitoring/grafana/ks.yaml +++ b/kubernetes/apps/monitoring/grafana/ks.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/app/kustomization.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/app/kustomization.yaml index c57d670..96afd80 100644 --- a/kubernetes/apps/monitoring/kube-prometheus-stack/app/kustomization.yaml +++ b/kubernetes/apps/monitoring/kube-prometheus-stack/app/kustomization.yaml @@ -6,5 +6,3 @@ namespace: monitoring resources: - ./externalsecret.yaml - ./helmrelease.yaml - - ./scrapeconfigs - - ./prometheusrules diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/ks.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/ks.yaml index 8716c70..c5ad1e6 100644 --- a/kubernetes/apps/monitoring/kube-prometheus-stack/ks.yaml +++ b/kubernetes/apps/monitoring/kube-prometheus-stack/ks.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/monitoring/kustomization.yaml b/kubernetes/apps/monitoring/kustomization.yaml index 4a6e504..0a06efc 100644 --- a/kubernetes/apps/monitoring/kustomization.yaml +++ b/kubernetes/apps/monitoring/kustomization.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: diff --git a/kubernetes/apps/monitoring/node-exporter/app/kustomization.yaml b/kubernetes/apps/monitoring/node-exporter/app/kustomization.yaml index 2469b52..dd2ae70 100644 --- a/kubernetes/apps/monitoring/node-exporter/app/kustomization.yaml +++ b/kubernetes/apps/monitoring/node-exporter/app/kustomization.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: monitoring diff --git a/kubernetes/apps/monitoring/node-exporter/ks.yaml b/kubernetes/apps/monitoring/node-exporter/ks.yaml index 480845f..93b5b9b 100644 --- a/kubernetes/apps/monitoring/node-exporter/ks.yaml +++ b/kubernetes/apps/monitoring/node-exporter/ks.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/monitoring/thanos/app/externalsecret.yaml b/kubernetes/apps/monitoring/thanos/app/externalsecret.yaml index a9ecd49..81c7d10 100644 --- a/kubernetes/apps/monitoring/thanos/app/externalsecret.yaml +++ b/kubernetes/apps/monitoring/thanos/app/externalsecret.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: diff --git a/kubernetes/apps/monitoring/thanos/ks.yaml b/kubernetes/apps/monitoring/thanos/ks.yaml index 126a61a..1e580d5 100644 --- a/kubernetes/apps/monitoring/thanos/ks.yaml +++ b/kubernetes/apps/monitoring/thanos/ks.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/network/echo-server/app/helmrelease.yaml b/kubernetes/apps/network/echo-server/app/helmrelease.yaml index a3085e8..9f8002d 100644 --- a/kubernetes/apps/network/echo-server/app/helmrelease.yaml +++ b/kubernetes/apps/network/echo-server/app/helmrelease.yaml @@ -41,9 +41,9 @@ spec: enabled: true className: "nginx" annotations: - external-dns.alpha.kubernetes.io/target: "ingress.valinor.social" + external-dns.alpha.kubernetes.io/target: "valinor.hsn.dev" hosts: - - host: &host "echo-server.valinor.social" + - host: &host "esv.hsn.dev" paths: - path: / service: diff --git a/kubernetes/apps/network/echo-server/app/kustomization.yaml b/kubernetes/apps/network/echo-server/app/kustomization.yaml index dce3d6c..689f842 100644 --- a/kubernetes/apps/network/echo-server/app/kustomization.yaml +++ b/kubernetes/apps/network/echo-server/app/kustomization.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: network diff --git a/kubernetes/apps/network/echo-server/ks.yaml b/kubernetes/apps/network/echo-server/ks.yaml index bb30200..e4bd6a2 100644 --- a/kubernetes/apps/network/echo-server/ks.yaml +++ b/kubernetes/apps/network/echo-server/ks.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/network/external-dns/app/hsn-dev/externalsecret.yaml b/kubernetes/apps/network/external-dns/app/hsn-dev/externalsecret.yaml new file mode 100644 index 0000000..5cc0445 --- /dev/null +++ b/kubernetes/apps/network/external-dns/app/hsn-dev/externalsecret.yaml @@ -0,0 +1,19 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: externaldns-hsn-dev-secrets + namespace: cert-manager +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: externaldns-hsn-dev-secrets + creationPolicy: Owner + data: + - secretKey: cloudflare_api_token + remoteRef: + key: Cloudflare + property: external-dns diff --git a/kubernetes/apps/network/external-dns/app/hsn-dev/helmrelease.yaml b/kubernetes/apps/network/external-dns/app/hsn-dev/helmrelease.yaml new file mode 100644 index 0000000..9de2ce4 --- /dev/null +++ b/kubernetes/apps/network/external-dns/app/hsn-dev/helmrelease.yaml @@ -0,0 +1,69 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: externaldns-external + namespace: network +spec: + interval: 30m + chart: + spec: + chart: external-dns + version: 1.13.1 + sourceRef: + kind: HelmRepository + name: kubernetes-sigs-external-dns + namespace: flux-system + interval: 30m + + values: + fullnameOverride: &name externaldns-external + + domainFilters: + - hsn.dev + + env: + - name: CF_API_TOKEN + valueFrom: + secretKeyRef: + name: externaldns-hsn-dev-secrets + key: cloudflare_api_token + + extraArgs: + - --crd-source-apiversion=externaldns.k8s.io/v1alpha1 + - --ingress-class=hsn-nginx + + podAnnotations: + secret.reloader.stakater.com/reload: externaldns-external-secrets + + policy: sync + provider: cloudflare + + resources: + requests: + cpu: 5m + memory: 24M + limits: + memory: 48M + + serviceMonitor: + enabled: true + + sources: + - ingress + - crd + + txtPrefix: "k8s." + + postRenderers: + - kustomize: + patches: + - target: + version: v1 + kind: Deployment + name: *name + patch: | + - op: add + path: /spec/template/spec/enableServiceLinks + value: false diff --git a/kubernetes/apps/network/external-dns/app/kustomization.yaml b/kubernetes/apps/network/external-dns/app/kustomization.yaml index dedaf8e..2d4b588 100644 --- a/kubernetes/apps/network/external-dns/app/kustomization.yaml +++ b/kubernetes/apps/network/external-dns/app/kustomization.yaml @@ -1,8 +1,9 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: network resources: - - ./helmrelease.yaml - - ./externalsecret.yaml + - ./hsn-dev/helmrelease.yaml + - ./hsn-dev/externalsecret.yaml - ./dns_endpoint-crd.yaml diff --git a/kubernetes/apps/network/external-dns/app/externalsecret.yaml b/kubernetes/apps/network/external-dns/app/valinor-social/externalsecret.yaml similarity index 64% rename from kubernetes/apps/network/external-dns/app/externalsecret.yaml rename to kubernetes/apps/network/external-dns/app/valinor-social/externalsecret.yaml index b3906c5..4950bfd 100644 --- a/kubernetes/apps/network/external-dns/app/externalsecret.yaml +++ b/kubernetes/apps/network/external-dns/app/valinor-social/externalsecret.yaml @@ -1,15 +1,16 @@ --- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: externaldns-secrets + name: externaldns-valinor-social-secrets namespace: cert-manager spec: secretStoreRef: kind: ClusterSecretStore name: onepassword-connect target: - name: externaldns-secrets + name: externaldns-valinor-social-secrets creationPolicy: Owner data: - secretKey: dnsimple_api_token diff --git a/kubernetes/apps/network/external-dns/app/helmrelease.yaml b/kubernetes/apps/network/external-dns/app/valinor-social/helmrelease.yaml similarity index 100% rename from kubernetes/apps/network/external-dns/app/helmrelease.yaml rename to kubernetes/apps/network/external-dns/app/valinor-social/helmrelease.yaml diff --git a/kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml b/kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml index 64e65a1..a366086 100644 --- a/kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml +++ b/kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml @@ -44,6 +44,7 @@ spec: any: true ingressClassResource: + name: hsn-nginx default: true config: @@ -69,7 +70,7 @@ spec: resolver local=on ipv6=off; extraArgs: - default-ssl-certificate: "network/valinor-social-tls" + default-ssl-certificate: "network/hsn-dev-tls" topologySpreadConstraints: - maxSkew: 2 diff --git a/kubernetes/apps/network/kustomization.yaml b/kubernetes/apps/network/kustomization.yaml index 36cbb04..a4de423 100644 --- a/kubernetes/apps/network/kustomization.yaml +++ b/kubernetes/apps/network/kustomization.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: diff --git a/kubernetes/apps/network/namespace.yaml b/kubernetes/apps/network/namespace.yaml index 488086b..4d78d7b 100644 --- a/kubernetes/apps/network/namespace.yaml +++ b/kubernetes/apps/network/namespace.yaml @@ -5,4 +5,3 @@ metadata: name: network labels: kustomize.toolkit.fluxcd.io/prune: disabled - goldilocks.fairwinds.com/enabled: "true" diff --git a/kubernetes/apps/security/external-secrets/app/helmrelease.yaml b/kubernetes/apps/security/external-secrets/app/helmrelease.yaml index 4d4e19d..8dd1d55 100644 --- a/kubernetes/apps/security/external-secrets/app/helmrelease.yaml +++ b/kubernetes/apps/security/external-secrets/app/helmrelease.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: diff --git a/kubernetes/apps/security/external-secrets/app/kustomization.yaml b/kubernetes/apps/security/external-secrets/app/kustomization.yaml index dbd58aa..5a7bd4d 100644 --- a/kubernetes/apps/security/external-secrets/app/kustomization.yaml +++ b/kubernetes/apps/security/external-secrets/app/kustomization.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: security diff --git a/kubernetes/apps/security/external-secrets/cluster-secrets/pgo-s3-creds.yaml b/kubernetes/apps/security/external-secrets/cluster-secrets/pgo-s3-creds.yaml index d39fcc5..a96fba7 100644 --- a/kubernetes/apps/security/external-secrets/cluster-secrets/pgo-s3-creds.yaml +++ b/kubernetes/apps/security/external-secrets/cluster-secrets/pgo-s3-creds.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/clusterexternalsecret_v1beta1.json apiVersion: external-secrets.io/v1beta1 kind: ClusterExternalSecret metadata: diff --git a/kubernetes/apps/security/external-secrets/ks.yaml b/kubernetes/apps/security/external-secrets/ks.yaml index 845f292..a954601 100644 --- a/kubernetes/apps/security/external-secrets/ks.yaml +++ b/kubernetes/apps/security/external-secrets/ks.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -13,6 +14,7 @@ spec: name: valinor wait: true --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/security/external-secrets/stores/kustomization.yaml b/kubernetes/apps/security/external-secrets/stores/kustomization.yaml index f248b0c..eb23e28 100644 --- a/kubernetes/apps/security/external-secrets/stores/kustomization.yaml +++ b/kubernetes/apps/security/external-secrets/stores/kustomization.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: diff --git a/kubernetes/apps/security/external-secrets/stores/onepassword/kustomization.yaml b/kubernetes/apps/security/external-secrets/stores/onepassword/kustomization.yaml index ad2da2b..70fa87d 100644 --- a/kubernetes/apps/security/external-secrets/stores/onepassword/kustomization.yaml +++ b/kubernetes/apps/security/external-secrets/stores/onepassword/kustomization.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: security diff --git a/kubernetes/apps/system/kubelet-csr-approver/app/kustomization.yaml b/kubernetes/apps/system/kubelet-csr-approver/app/kustomization.yaml index 2bc0805..8b237ba 100644 --- a/kubernetes/apps/system/kubelet-csr-approver/app/kustomization.yaml +++ b/kubernetes/apps/system/kubelet-csr-approver/app/kustomization.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: system diff --git a/kubernetes/apps/system/kustomization.yaml b/kubernetes/apps/system/kustomization.yaml index 20ddf63..f05296b 100644 --- a/kubernetes/apps/system/kustomization.yaml +++ b/kubernetes/apps/system/kustomization.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: diff --git a/kubernetes/apps/system/namespace.yaml b/kubernetes/apps/system/namespace.yaml index f21a681..210c268 100644 --- a/kubernetes/apps/system/namespace.yaml +++ b/kubernetes/apps/system/namespace.yaml @@ -5,4 +5,3 @@ metadata: name: system labels: goldilocks.fairwinds.com/enabled: "true" - kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/kubernetes/apps/system/reloader/app/helmrelease.yaml b/kubernetes/apps/system/reloader/app/helmrelease.yaml index 41c7b73..3b0fa70 100644 --- a/kubernetes/apps/system/reloader/app/helmrelease.yaml +++ b/kubernetes/apps/system/reloader/app/helmrelease.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: diff --git a/kubernetes/apps/system/reloader/app/kustomization.yaml b/kubernetes/apps/system/reloader/app/kustomization.yaml index b04f802..045ec0c 100644 --- a/kubernetes/apps/system/reloader/app/kustomization.yaml +++ b/kubernetes/apps/system/reloader/app/kustomization.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: system diff --git a/kubernetes/apps/system/reloader/ks.yaml b/kubernetes/apps/system/reloader/ks.yaml index e18841f..cf78456 100644 --- a/kubernetes/apps/system/reloader/ks.yaml +++ b/kubernetes/apps/system/reloader/ks.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/flux/vars/cluster-secrets.sops.yaml b/kubernetes/flux/vars/cluster-secrets.sops.yaml index c6a5f13..c373af0 100644 --- a/kubernetes/flux/vars/cluster-secrets.sops.yaml +++ b/kubernetes/flux/vars/cluster-secrets.sops.yaml @@ -6,7 +6,7 @@ metadata: stringData: SECRET_PUSHOVER_USERKEY: ENC[AES256_GCM,data:MeaD8iRbieNr5W9PqpjZ5ywdbMijX9nYQJbbVj6s,iv:42QymFlr47PYNjorJc5tgDjzZ9WHPVIk543GGChalVM=,tag:qyk1chI/IpPdfyEMdOqsbQ==,type:str] SECRET_PUSHOVER_ALERT_MANAGER_APIKEY: ENC[AES256_GCM,data:4+9e/tWQBszoPakAo+1vNhWsdKz8qfoioeUz+dTb,iv:sY4dkzMEmvi8kCLesBiknmoYHWq3uqXpWs5Y4FeFSuk=,tag:rPxH+5m6rPiSnhm2JrrT4w==,type:str] - SECRET_HEALTHCHECKS_WEBHOOK: ENC[AES256_GCM,data:EaCR6grPycx8RTdW286v7ocgzNdoNEynCNn2avNuhkWLEDm5yiejlRAl82ir9V/OODSWIPD00UmHG8LK8X23Mnk/OhKvqsD4,iv:eFbQABHQGNGOycI+clXnOQ1orJr/yFUyRX8WSJtogNU=,tag:Fc9q3zv/8l1c3ugy8NoS7A==,type:str] + SECRET_HEALTHCHECKS_WEBHOOK: ENC[AES256_GCM,data:a6hjTy2HRy7s2+KHxfop8077CgAzzILCF/g5I9TIXdhRiziUrLpJVzC0mqNmfdooJsZyErrJ9ihamFKLFoK8S/PmD5IgWuZu,iv:l5JTxmiWct5nr7eJM/Rtl7AclhCoIQ4KW6nJK6Slhg0=,tag:K5yGxYBTNSSoxYJt8Kmhyw==,type:str] SECRET_CLOUDFLARE_ACCOUNT_ID: ENC[AES256_GCM,data:X63a7aMBMyd9Be6bik0knOyMXnYx/Kg3SoOrG0bkAHU=,iv:POcU1kIRWekrzUdzqPopKDovviK+fMZRVuZVWp9Vuuc=,tag:n9UamxITJCiLbH37Ta2lTg==,type:str] sops: kms: [] @@ -23,8 +23,8 @@ sops: dDhWMDZYait3UzNRZy9oVk85cHBPdEUKa7e22jHlW1chaLDKBB1in8ZTFnfKMXug QJQ/9z6z/RjmnnFam2FWg++Xg2A8LQ7XTZcfR97csf59DQ/xwu7sVw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-09-23T15:52:55Z" - mac: ENC[AES256_GCM,data:PrmBMH4L7CtF83A7OFEr/MtOH1IM4iMZTWYA5VgbhscxonWzgH9t5hbNqI1M2etnB8HydhwiapyZwJYnTjGmvXBsVzdtU2H31s5/Jj3Bx1px1zvj7kEjPCZTib5zbFjdvXk8vfmVYf7IQ8tUKz5frqbvEtP/W1/OxSAWmOWXTZI=,iv:HUsB9siGrsvi8DmbUVAvUQXD3Qf+GLhCZPdT50xoPVo=,tag:MpkPTYV08flOZumyX6gnPg==,type:str] + lastmodified: "2023-11-28T03:23:26Z" + mac: ENC[AES256_GCM,data:pymGYIauY1QsSuepCBNRi+s1g2UypI5/RIe+c4auKfyv0QFdgPHTPHYhT0q4g8nfFwFp8E6u9oxFlDZSR1Vy3BHc4RqZCREA6+kKHG7bwH25xvhtWUQnLq7bDkNhm7ZzjEeIgNq5pEXeeNr12nlHJqTFw++lvnGjJRJJ5Rzl0AQ=,iv:EMrOFhLoNodX0KCiMqoA/FI+WqypChI+53JCg+eu6OE=,tag:DUOR4uf2ib0eYlJOdTfNNg==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ - version: 3.8.0 + version: 3.8.1