jahanson/valinor
Archived
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

re-launching valinor

Browse source
This commit is contained in:
Joseph Hanson 2023-11-27 22:31:02 -06:00
parent 0070e59aea
commit 324196e35a
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
71 changed files with 185 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
archive/fediverse/kustomization.yaml
View file

@ -1,9 +1,10 @@
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
# Pre Flux-Kustomizations # Pre Flux-Kustomizations
- ./namespace.yaml - ./namespace.yaml
# Flux-Kustomizations # Flux-Kustomizations
- ./elk/ks.yaml - ./peertube/ks.yaml
- ./mastodon/ks.yaml - ./redis/ks.yaml

2
archive/fediverse/namespace.yaml
View file

@ -5,4 +5,4 @@ metadata:
name: fediverse name: fediverse
labels: labels:
kustomize.toolkit.fluxcd.io/prune: disabled kustomize.toolkit.fluxcd.io/prune: disabled
goldilocks.fairwinds.com/enabled: "true" pgo-enabled-hsn.dev: "true"

0
kubernetes/apps/fediverse/peertube/app/config/production.yml → archive/fediverse/peertube/app/config/production.yml
View file

0
kubernetes/apps/fediverse/peertube/app/externalsecret.yaml → archive/fediverse/peertube/app/externalsecret.yaml
View file

0
kubernetes/apps/fediverse/peertube/app/helmrelease.yaml → archive/fediverse/peertube/app/helmrelease.yaml
View file

0
kubernetes/apps/fediverse/peertube/app/kustomization.yaml → archive/fediverse/peertube/app/kustomization.yaml
View file

0
archive/fediverse/peertube/postgresCluster.yaml → archive/fediverse/peertube/app/postgresCluster.yaml
View file

0
kubernetes/apps/fediverse/peertube/app/pvc.yaml → archive/fediverse/peertube/app/pvc.yaml
View file

0
kubernetes/apps/fediverse/peertube/ks.yaml → archive/fediverse/peertube/ks.yaml
View file

0
kubernetes/apps/fediverse/redis/ks.yaml → archive/fediverse/peertube/redis/ks.yaml
View file

0
kubernetes/apps/fediverse/redis/peertube/helmrelease.yaml → archive/fediverse/peertube/redis/peertube/helmrelease.yaml
View file

0
kubernetes/apps/fediverse/redis/peertube/kustomization.yaml → archive/fediverse/peertube/redis/peertube/kustomization.yaml
View file

12
kubernetes/apps/fediverse/kustomization.yaml → archive/monitoring/kube-prometheus-stack/app/kustomization.yaml
View file

@ -1,10 +1,10 @@
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json # yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: monitoring
resources: resources:
# Pre Flux-Kustomizations - ./externalsecret.yaml
- ./namespace.yaml - ./helmrelease.yaml
# Flux-Kustomizations - ./scrapeconfigs
- ./peertube/ks.yaml - ./prometheusrules
- ./redis/ks.yaml

0
kubernetes/apps/monitoring/kube-prometheus-stack/app/prometheusrules/kustomization.yaml → archive/monitoring/kube-prometheus-stack/app/prometheusrules/kustomization.yaml
View file

0
kubernetes/apps/monitoring/kube-prometheus-stack/app/prometheusrules/minio.yaml → archive/monitoring/kube-prometheus-stack/app/prometheusrules/minio.yaml
View file

0
kubernetes/apps/monitoring/kube-prometheus-stack/app/scrapeconfigs/erebor.yaml → archive/monitoring/kube-prometheus-stack/app/scrapeconfigs/erebor.yaml
View file

0
kubernetes/apps/monitoring/kube-prometheus-stack/app/scrapeconfigs/kustomization.yaml → archive/monitoring/kube-prometheus-stack/app/scrapeconfigs/kustomization.yaml
View file

8
kubernetes/apps/fediverse/namespace.yaml
View file

@ -1,8 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: fediverse
labels:
kustomize.toolkit.fluxcd.io/prune: disabled
pgo-enabled-hsn.dev: "true"

1
kubernetes/apps/flux-system/add-ons/monitoring/kustomization.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: flux-system namespace: flux-system

1
kubernetes/apps/flux-system/add-ons/monitoring/podmonitor.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://ks.hsn.dev/monitoring.coreos.com/podmonitor_v1.json
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: PodMonitor kind: PodMonitor
metadata: metadata:

1
kubernetes/apps/flux-system/add-ons/monitoring/prometheusrule.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://ks.hsn.dev/monitoring.coreos.com/prometheusrule_v1.json
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule kind: PrometheusRule
metadata: metadata:

7
kubernetes/apps/flux-system/add-ons/webhooks/github/externalsecret.yaml → kubernetes/apps/flux-system/add-ons/webhooks/git/externalsecret.yaml
View file

@ -1,18 +1,19 @@
--- ---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: github-webhook-token name: git-webhook-token
namespace: flux-system namespace: flux-system
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: onepassword-connect name: onepassword-connect
target: target:
name: github-webhook-token name: git-webhook-token
creationPolicy: Owner creationPolicy: Owner
data: data:
- secretKey: token - secretKey: token
remoteRef: remoteRef:
key: flux key: flux
property: github_webhook_token property: git_webhook_token

4
kubernetes/apps/flux-system/add-ons/webhooks/github/ingress.yaml → kubernetes/apps/flux-system/add-ons/webhooks/git/ingress.yaml
View file

@ -5,11 +5,11 @@ metadata:
name: webhook-receiver name: webhook-receiver
namespace: flux-system namespace: flux-system
annotations: annotations:
external-dns.alpha.kubernetes.io/target: ingress.valinor.social external-dns.alpha.kubernetes.io/target: valinor.hsn.dev
spec: spec:
ingressClassName: "nginx" ingressClassName: "nginx"
rules: rules:
- host: &host "flux-receiver-valinor.valinor.social" - host: &host "flux-receiver-valinor.hsn.dev"
http: http:
paths: paths:
- path: /hook/ - path: /hook/

0
kubernetes/apps/flux-system/add-ons/webhooks/github/kustomization.yaml → kubernetes/apps/flux-system/add-ons/webhooks/git/kustomization.yaml
View file

4
kubernetes/apps/flux-system/add-ons/webhooks/github/receiver.yaml → kubernetes/apps/flux-system/add-ons/webhooks/git/receiver.yaml
View file

@ -3,7 +3,7 @@
apiVersion: notification.toolkit.fluxcd.io/v1 apiVersion: notification.toolkit.fluxcd.io/v1
kind: Receiver kind: Receiver
metadata: metadata:
name: github-receiver name: git-receiver
namespace: flux-system namespace: flux-system
spec: spec:
type: github type: github
@ -11,7 +11,7 @@ spec:
- "ping" - "ping"
- "push" - "push"
secretRef: secretRef:
name: github-webhook-token name: git-webhook-token
resources: resources:
- apiVersion: source.toolkit.fluxcd.io/v1 - apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository kind: GitRepository

3
kubernetes/apps/flux-system/add-ons/webhooks/kustomization.yaml
View file

@ -1,5 +1,6 @@
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./github - ./git

1
kubernetes/apps/kube-system/hccm/app/externalsecret.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:

2
kubernetes/apps/kube-system/hccm/app/helmrelease.yaml
View file

@ -1,5 +1,5 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1 apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease kind: HelmRelease
metadata: metadata:

2
kubernetes/apps/kube-system/hccm/app/kustomization.yaml
View file

@ -1,5 +1,5 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: kube-system namespace: kube-system

1
kubernetes/apps/kube-system/hccm/ks.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:

2
kubernetes/apps/kube-system/kustomization.yaml
View file

@ -1,5 +1,5 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:

1
kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1 apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease kind: HelmRelease
metadata: metadata:

2
kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml
View file

@ -1,5 +1,5 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: kube-system namespace: kube-system

1
kubernetes/apps/kube-system/metrics-server/ks.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:

2
kubernetes/apps/kyverno/kyverno/ks.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:
@ -15,6 +16,7 @@ spec:
retryInterval: 1m retryInterval: 1m
timeout: 5m timeout: 5m
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:

1
kubernetes/apps/kyverno/kyverno/policies/remove-cpu-limits.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://ks.hsn.dev/kyverno.io/clusterpolicy_v1.json
apiVersion: kyverno.io/v1 apiVersion: kyverno.io/v1
kind: ClusterPolicy kind: ClusterPolicy
metadata: metadata:

1
kubernetes/apps/monitoring/alertmanager/ks.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:

1
kubernetes/apps/monitoring/grafana/app/externalsecret.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:

50
kubernetes/apps/monitoring/grafana/app/helmrelease.yaml
View file

@ -78,7 +78,7 @@ spec:
allow_embedding: true allow_embedding: true
cookie_samesite: grafana cookie_samesite: grafana
server: server:
root_url: https://grafana.valinor.social root_url: https://gv.hsn.dev
datasources: datasources:
datasources.yaml: datasources.yaml:
apiVersion: 1 apiVersion: 1
@ -161,28 +161,28 @@ spec:
gnetId: 15038 gnetId: 15038
revision: 1 revision: 1
datasource: Prometheus datasource: Prometheus
minio: # minio:
# renovate: depName="MinIO Dashboard" # # renovate: depName="MinIO Dashboard"
gnetId: 13502 # gnetId: 13502
revision: 24 # revision: 24
datasource: # datasource:
- { name: DS_PROMETHEUS, value: Prometheus } # - { name: DS_PROMETHEUS, value: Prometheus }
ceph: # ceph:
ceph-cluster: # ceph-cluster:
# renovate: depName="Ceph Cluster" # # renovate: depName="Ceph Cluster"
gnetId: 2842 # gnetId: 2842
revision: 17 # revision: 17
datasource: Prometheus # datasource: Prometheus
ceph-osd: # ceph-osd:
# renovate: depName="Ceph - OSD (Single)" # # renovate: depName="Ceph - OSD (Single)"
gnetId: 5336 # gnetId: 5336
revision: 9 # revision: 9
datasource: Prometheus # datasource: Prometheus
ceph-pools: # ceph-pools:
# renovate: depName="Ceph - Pools" # # renovate: depName="Ceph - Pools"
gnetId: 5342 # gnetId: 5342
revision: 9 # revision: 9
datasource: Prometheus # datasource: Prometheus
flux: flux:
flux-cluster: flux-cluster:
url: https://raw.githubusercontent.com/fluxcd/flux2/main/manifests/monitoring/monitoring-config/dashboards/cluster.json url: https://raw.githubusercontent.com/fluxcd/flux2/main/manifests/monitoring/monitoring-config/dashboards/cluster.json
@ -267,10 +267,10 @@ spec:
ingress: ingress:
enabled: true enabled: true
annotations: annotations:
external-dns.alpha.kubernetes.io/target: ingress.valinor.social external-dns.alpha.kubernetes.io/target: valinor.hsn.dev
ingressClassName: nginx ingressClassName: nginx
hosts: hosts:
- &host grafana.valinor.social - &host grafana.hsn.dev
tls: tls:
- hosts: - hosts:
- *host - *host

1
kubernetes/apps/monitoring/grafana/ks.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:

2
kubernetes/apps/monitoring/kube-prometheus-stack/app/kustomization.yaml
View file

@ -6,5 +6,3 @@ namespace: monitoring
resources: resources:
- ./externalsecret.yaml - ./externalsecret.yaml
- ./helmrelease.yaml - ./helmrelease.yaml
- ./scrapeconfigs
- ./prometheusrules

1
kubernetes/apps/monitoring/kube-prometheus-stack/ks.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:

1
kubernetes/apps/monitoring/kustomization.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:

1
kubernetes/apps/monitoring/node-exporter/app/kustomization.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: monitoring namespace: monitoring

1
kubernetes/apps/monitoring/node-exporter/ks.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:

1
kubernetes/apps/monitoring/thanos/app/externalsecret.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:

1
kubernetes/apps/monitoring/thanos/ks.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:

4
kubernetes/apps/network/echo-server/app/helmrelease.yaml
View file

@ -41,9 +41,9 @@ spec:
enabled: true enabled: true
className: "nginx" className: "nginx"
annotations: annotations:
external-dns.alpha.kubernetes.io/target: "ingress.valinor.social" external-dns.alpha.kubernetes.io/target: "valinor.hsn.dev"
hosts: hosts:
- host: &host "echo-server.valinor.social" - host: &host "esv.hsn.dev"
paths: paths:
- path: / - path: /
service: service:

1
kubernetes/apps/network/echo-server/app/kustomization.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: network namespace: network

1
kubernetes/apps/network/echo-server/ks.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:

19
kubernetes/apps/network/external-dns/app/hsn-dev/externalsecret.yaml Normal file
View file

@ -0,0 +1,19 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: externaldns-hsn-dev-secrets
namespace: cert-manager
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: externaldns-hsn-dev-secrets
creationPolicy: Owner
data:
- secretKey: cloudflare_api_token
remoteRef:
key: Cloudflare
property: external-dns

69
kubernetes/apps/network/external-dns/app/hsn-dev/helmrelease.yaml Normal file
View file

@ -0,0 +1,69 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: externaldns-external
namespace: network
spec:
interval: 30m
chart:
spec:
chart: external-dns
version: 1.13.1
sourceRef:
kind: HelmRepository
name: kubernetes-sigs-external-dns
namespace: flux-system
interval: 30m
values:
fullnameOverride: &name externaldns-external
domainFilters:
- hsn.dev
env:
- name: CF_API_TOKEN
valueFrom:
secretKeyRef:
name: externaldns-hsn-dev-secrets
key: cloudflare_api_token
extraArgs:
- --crd-source-apiversion=externaldns.k8s.io/v1alpha1
- --ingress-class=hsn-nginx
podAnnotations:
secret.reloader.stakater.com/reload: externaldns-external-secrets
policy: sync
provider: cloudflare
resources:
requests:
cpu: 5m
memory: 24M
limits:
memory: 48M
serviceMonitor:
enabled: true
sources:
- ingress
- crd
txtPrefix: "k8s."
postRenderers:
- kustomize:
patches:
- target:
version: v1
kind: Deployment
name: *name
patch: |
- op: add
path: /spec/template/spec/enableServiceLinks
value: false

5
kubernetes/apps/network/external-dns/app/kustomization.yaml
View file

@ -1,8 +1,9 @@
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: network namespace: network
resources: resources:
- ./helmrelease.yaml - ./hsn-dev/helmrelease.yaml
- ./externalsecret.yaml - ./hsn-dev/externalsecret.yaml
- ./dns_endpoint-crd.yaml - ./dns_endpoint-crd.yaml

5
kubernetes/apps/network/external-dns/app/externalsecret.yaml → kubernetes/apps/network/external-dns/app/valinor-social/externalsecret.yaml
View file

@ -1,15 +1,16 @@
--- ---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: externaldns-secrets name: externaldns-valinor-social-secrets
namespace: cert-manager namespace: cert-manager
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: onepassword-connect name: onepassword-connect
target: target:
name: externaldns-secrets name: externaldns-valinor-social-secrets
creationPolicy: Owner creationPolicy: Owner
data: data:
- secretKey: dnsimple_api_token - secretKey: dnsimple_api_token

0
kubernetes/apps/network/external-dns/app/helmrelease.yaml → kubernetes/apps/network/external-dns/app/valinor-social/helmrelease.yaml
View file

3
kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml
View file

@ -44,6 +44,7 @@ spec:
any: true any: true
ingressClassResource: ingressClassResource:
name: hsn-nginx
default: true default: true
config: config:
@ -69,7 +70,7 @@ spec:
resolver local=on ipv6=off; resolver local=on ipv6=off;
extraArgs: extraArgs:
default-ssl-certificate: "network/valinor-social-tls" default-ssl-certificate: "network/hsn-dev-tls"
topologySpreadConstraints: topologySpreadConstraints:
- maxSkew: 2 - maxSkew: 2

1
kubernetes/apps/network/kustomization.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:

1
kubernetes/apps/network/namespace.yaml
View file

@ -5,4 +5,3 @@ metadata:
name: network name: network
labels: labels:
kustomize.toolkit.fluxcd.io/prune: disabled kustomize.toolkit.fluxcd.io/prune: disabled
goldilocks.fairwinds.com/enabled: "true"

1
kubernetes/apps/security/external-secrets/app/helmrelease.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1 apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease kind: HelmRelease
metadata: metadata:

1
kubernetes/apps/security/external-secrets/app/kustomization.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: security namespace: security

1
kubernetes/apps/security/external-secrets/cluster-secrets/pgo-s3-creds.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/clusterexternalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ClusterExternalSecret kind: ClusterExternalSecret
metadata: metadata:

2
kubernetes/apps/security/external-secrets/ks.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:
@ -13,6 +14,7 @@ spec:
name: valinor name: valinor
wait: true wait: true
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:

1
kubernetes/apps/security/external-secrets/stores/kustomization.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:

1
kubernetes/apps/security/external-secrets/stores/onepassword/kustomization.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: security namespace: security

1
kubernetes/apps/system/kubelet-csr-approver/app/kustomization.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: system namespace: system

1
kubernetes/apps/system/kustomization.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:

1
kubernetes/apps/system/namespace.yaml
View file

@ -5,4 +5,3 @@ metadata:
name: system name: system
labels: labels:
goldilocks.fairwinds.com/enabled: "true" goldilocks.fairwinds.com/enabled: "true"
kustomize.toolkit.fluxcd.io/prune: disabled

1
kubernetes/apps/system/reloader/app/helmrelease.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1 apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease kind: HelmRelease
metadata: metadata:

1
kubernetes/apps/system/reloader/app/kustomization.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: system namespace: system

1
kubernetes/apps/system/reloader/ks.yaml
View file

@ -1,4 +1,5 @@
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:

8
kubernetes/flux/vars/cluster-secrets.sops.yaml
View file

@ -6,7 +6,7 @@ metadata:
stringData: stringData:
SECRET_PUSHOVER_USERKEY: ENC[AES256_GCM,data:MeaD8iRbieNr5W9PqpjZ5ywdbMijX9nYQJbbVj6s,iv:42QymFlr47PYNjorJc5tgDjzZ9WHPVIk543GGChalVM=,tag:qyk1chI/IpPdfyEMdOqsbQ==,type:str] SECRET_PUSHOVER_USERKEY: ENC[AES256_GCM,data:MeaD8iRbieNr5W9PqpjZ5ywdbMijX9nYQJbbVj6s,iv:42QymFlr47PYNjorJc5tgDjzZ9WHPVIk543GGChalVM=,tag:qyk1chI/IpPdfyEMdOqsbQ==,type:str]
SECRET_PUSHOVER_ALERT_MANAGER_APIKEY: ENC[AES256_GCM,data:4+9e/tWQBszoPakAo+1vNhWsdKz8qfoioeUz+dTb,iv:sY4dkzMEmvi8kCLesBiknmoYHWq3uqXpWs5Y4FeFSuk=,tag:rPxH+5m6rPiSnhm2JrrT4w==,type:str] SECRET_PUSHOVER_ALERT_MANAGER_APIKEY: ENC[AES256_GCM,data:4+9e/tWQBszoPakAo+1vNhWsdKz8qfoioeUz+dTb,iv:sY4dkzMEmvi8kCLesBiknmoYHWq3uqXpWs5Y4FeFSuk=,tag:rPxH+5m6rPiSnhm2JrrT4w==,type:str]
SECRET_HEALTHCHECKS_WEBHOOK: ENC[AES256_GCM,data:EaCR6grPycx8RTdW286v7ocgzNdoNEynCNn2avNuhkWLEDm5yiejlRAl82ir9V/OODSWIPD00UmHG8LK8X23Mnk/OhKvqsD4,iv:eFbQABHQGNGOycI+clXnOQ1orJr/yFUyRX8WSJtogNU=,tag:Fc9q3zv/8l1c3ugy8NoS7A==,type:str] SECRET_HEALTHCHECKS_WEBHOOK: ENC[AES256_GCM,data:a6hjTy2HRy7s2+KHxfop8077CgAzzILCF/g5I9TIXdhRiziUrLpJVzC0mqNmfdooJsZyErrJ9ihamFKLFoK8S/PmD5IgWuZu,iv:l5JTxmiWct5nr7eJM/Rtl7AclhCoIQ4KW6nJK6Slhg0=,tag:K5yGxYBTNSSoxYJt8Kmhyw==,type:str]
SECRET_CLOUDFLARE_ACCOUNT_ID: ENC[AES256_GCM,data:X63a7aMBMyd9Be6bik0knOyMXnYx/Kg3SoOrG0bkAHU=,iv:POcU1kIRWekrzUdzqPopKDovviK+fMZRVuZVWp9Vuuc=,tag:n9UamxITJCiLbH37Ta2lTg==,type:str] SECRET_CLOUDFLARE_ACCOUNT_ID: ENC[AES256_GCM,data:X63a7aMBMyd9Be6bik0knOyMXnYx/Kg3SoOrG0bkAHU=,iv:POcU1kIRWekrzUdzqPopKDovviK+fMZRVuZVWp9Vuuc=,tag:n9UamxITJCiLbH37Ta2lTg==,type:str]
sops: sops:
kms: [] kms: []
@ -23,8 +23,8 @@ sops:
dDhWMDZYait3UzNRZy9oVk85cHBPdEUKa7e22jHlW1chaLDKBB1in8ZTFnfKMXug dDhWMDZYait3UzNRZy9oVk85cHBPdEUKa7e22jHlW1chaLDKBB1in8ZTFnfKMXug
QJQ/9z6z/RjmnnFam2FWg++Xg2A8LQ7XTZcfR97csf59DQ/xwu7sVw== QJQ/9z6z/RjmnnFam2FWg++Xg2A8LQ7XTZcfR97csf59DQ/xwu7sVw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-23T15:52:55Z" lastmodified: "2023-11-28T03:23:26Z"
mac: ENC[AES256_GCM,data:PrmBMH4L7CtF83A7OFEr/MtOH1IM4iMZTWYA5VgbhscxonWzgH9t5hbNqI1M2etnB8HydhwiapyZwJYnTjGmvXBsVzdtU2H31s5/Jj3Bx1px1zvj7kEjPCZTib5zbFjdvXk8vfmVYf7IQ8tUKz5frqbvEtP/W1/OxSAWmOWXTZI=,iv:HUsB9siGrsvi8DmbUVAvUQXD3Qf+GLhCZPdT50xoPVo=,tag:MpkPTYV08flOZumyX6gnPg==,type:str] mac: ENC[AES256_GCM,data:pymGYIauY1QsSuepCBNRi+s1g2UypI5/RIe+c4auKfyv0QFdgPHTPHYhT0q4g8nfFwFp8E6u9oxFlDZSR1Vy3BHc4RqZCREA6+kKHG7bwH25xvhtWUQnLq7bDkNhm7ZzjEeIgNq5pEXeeNr12nlHJqTFw++lvnGjJRJJ5Rzl0AQ=,iv:EMrOFhLoNodX0KCiMqoA/FI+WqypChI+53JCg+eu6OE=,tag:DUOR4uf2ib0eYlJOdTfNNg==,type:str]
pgp: [] pgp: []
encrypted_regex: ^(data|stringData)$ encrypted_regex: ^(data|stringData)$
version: 3.8.0 version: 3.8.1