From 87d3776941afdb72ae02c322054e94c1b00dbbfb Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Thu, 28 Sep 2023 21:50:04 +0000 Subject: [PATCH 01/17] Removed incorrect hash. Signed-off-by: Joseph Hanson --- .../external-secrets/stores/onepassword/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/security/external-secrets/stores/onepassword/helmrelease.yaml b/kubernetes/apps/security/external-secrets/stores/onepassword/helmrelease.yaml index 60a5e15..5e293d5 100644 --- a/kubernetes/apps/security/external-secrets/stores/onepassword/helmrelease.yaml +++ b/kubernetes/apps/security/external-secrets/stores/onepassword/helmrelease.yaml @@ -23,7 +23,7 @@ spec: image: repository: docker.io/1password/connect-api - tag: 1.7.2@sha256:6aa94cf713f99c0fa58c12ffdd1b160404b4c13a7f501a73a791aa84b608c5a1 + tag: 1.7.2 env: OP_BUS_PORT: "11220" From 29bd8096e025938cac471b28b5ec5edc7f022a02 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Thu, 28 Sep 2023 22:34:05 +0000 Subject: [PATCH 02/17] Added rook task. --- .taskfiles/_scripts/wait-for-k8s-job.sh | 14 ++++ .taskfiles/rook/Taskfile.yaml | 91 +++++++++++++++++++++++ .taskfiles/rook/WipeDiskJob.tmpl.yaml | 26 +++++++ .taskfiles/rook/WipeRookDataJob.tmpl.yaml | 29 ++++++++ Taskfile.yaml | 1 + 5 files changed, 161 insertions(+) create mode 100644 .taskfiles/_scripts/wait-for-k8s-job.sh create mode 100644 .taskfiles/rook/Taskfile.yaml create mode 100644 .taskfiles/rook/WipeDiskJob.tmpl.yaml create mode 100644 .taskfiles/rook/WipeRookDataJob.tmpl.yaml diff --git a/.taskfiles/_scripts/wait-for-k8s-job.sh b/.taskfiles/_scripts/wait-for-k8s-job.sh new file mode 100644 index 0000000..32feadd --- /dev/null +++ b/.taskfiles/_scripts/wait-for-k8s-job.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +JOB_NAME=$1 +NAMESPACE="${2:-default}" + +[[ -z "${JOB_NAME}" ]] && echo "Job name not specified" && exit 1 + +while true; do + STATUS="$(kubectl -n "${NAMESPACE}" get pod -l job-name="${JOB_NAME}" -o jsonpath='{.items[*].status.phase}')" + if [ "${STATUS}" == "Pending" ]; then + break + fi + sleep 1 +done diff --git a/.taskfiles/rook/Taskfile.yaml b/.taskfiles/rook/Taskfile.yaml new file mode 100644 index 0000000..5bbfb5c --- /dev/null +++ b/.taskfiles/rook/Taskfile.yaml @@ -0,0 +1,91 @@ +--- +version: "3" + +x-task-vars: &task-vars + node: "{{.node}}" + ceph_disk: "{{.ceph_disk}}" + ts: "{{.ts}}" + jobName: "{{.jobName}}" + +vars: + waitForJobScript: "../_scripts/wait-for-k8s-job.sh" + ts: '{{now | date "150405"}}' + +tasks: + wipe-node-aule: + desc: Trigger a wipe of Rook-Ceph data on node "aule" + cmds: + - task: wipe-disk + vars: + node: "{{.node}}" + ceph_disk: "/dev/disk/by-id/scsi-0HC_Volume_37460833" + - task: wipe-data + vars: + node: "{{.node}}" + vars: + node: aule + + wipe-node-eonwe: + desc: Trigger a wipe of Rook-Ceph data on node "eonwe" + cmds: + - task: wipe-disk + vars: + node: "{{.node}}" + ceph_disk: "/dev/disk/by-id/scsi-0HC_Volume_37460887" + - task: wipe-data + vars: + node: "{{.node}}" + vars: + node: eonwe + + wipe-node-arlen: + desc: Trigger a wipe of Rook-Ceph data on node "arlen" + cmds: + - task: wipe-disk + vars: + node: "{{.node}}" + ceph_disk: "/dev/disk/by-id/scsi-0HC_Volume_37460897" + - task: wipe-data + vars: + node: "{{.node}}" + vars: + node: arlen + + wipe-disk: + desc: Wipe all remnants of rook-ceph from a given disk (ex. task rook:wipe-disk node=aule ceph_disk="/dev/nvme0n1") + silent: true + internal: true + cmds: + - envsubst < <(cat {{.wipeRookDiskJobTemplate}}) | kubectl apply -f - + - bash {{.waitForJobScript}} {{.wipeCephDiskJobName}} default + - kubectl -n default wait job/{{.wipeCephDiskJobName}} --for condition=complete --timeout=1m + - kubectl -n default logs job/{{.wipeCephDiskJobName}} --container list + - kubectl -n default delete job {{.wipeCephDiskJobName}} + vars: + node: '{{ or .node (fail "`node` is required") }}' + ceph_disk: '{{ or .ceph_disk (fail "`ceph_disk` is required") }}' + jobName: 'wipe-disk-{{- .node -}}-{{- .ceph_disk | replace "/" "-" -}}-{{- .ts -}}' + wipeRookDiskJobTemplate: "WipeDiskJob.tmpl.yaml" + env: *task-vars + preconditions: + - sh: test -f {{.waitForJobScript}} + - sh: test -f {{.wipeRookDiskJobTemplate}} + + wipe-data: + desc: Wipe all remnants of rook-ceph from a given disk (ex. task rook:wipe-data node=aule) + silent: true + internal: true + cmds: + - envsubst < <(cat {{.wipeRookDataJobTemplate}}) | kubectl apply -f - + - bash {{.waitForJobScript}} {{.wipeRookDataJobName}} default + - kubectl -n default wait job/{{.wipeRookDataJobName}} --for condition=complete --timeout=1m + - kubectl -n default logs job/{{.wipeRookDataJobName}} --container list + - kubectl -n default delete job {{.wipeRookDataJobName}} + vars: + node: '{{ or .node (fail "`node` is required") }}' + jobName: "wipe-rook-data-{{- .node -}}-{{- .ts -}}" + wipeRookDataJobTemplate: "WipeRookDataJob.tmpl.yaml" + env: *task-vars + preconditions: + - sh: test -f {{.waitForJobScript}} + - sh: test -f {{.wipeRookDataJobTemplate}} diff --git a/.taskfiles/rook/WipeDiskJob.tmpl.yaml b/.taskfiles/rook/WipeDiskJob.tmpl.yaml new file mode 100644 index 0000000..13fa4f7 --- /dev/null +++ b/.taskfiles/rook/WipeDiskJob.tmpl.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "${jobName}" + namespace: "default" +spec: + ttlSecondsAfterFinished: 3600 + template: + spec: + automountServiceAccountToken: false + restartPolicy: Never + nodeName: ${node} + containers: + - name: disk-wipe + image: ghcr.io/onedr0p/alpine:3.17.3@sha256:999384960b6114496a5e4036e945141c205d064ce23b87326bd3f8d878c5a9d4 + securityContext: + privileged: true + resources: {} + command: ["/bin/sh", "-c"] + args: + - apk add --no-cache sgdisk util-linux parted; + sgdisk --zap-all ${ceph_disk}; + blkdiscard ${ceph_disk}; + dd if=/dev/zero bs=1M count=10000 oflag=direct of=${ceph_disk}; + partprobe ${ceph_disk}; diff --git a/.taskfiles/rook/WipeRookDataJob.tmpl.yaml b/.taskfiles/rook/WipeRookDataJob.tmpl.yaml new file mode 100644 index 0000000..e5e5eef --- /dev/null +++ b/.taskfiles/rook/WipeRookDataJob.tmpl.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "${jobName}" + namespace: "default" +spec: + ttlSecondsAfterFinished: 3600 + template: + spec: + automountServiceAccountToken: false + restartPolicy: Never + nodeName: ${node} + containers: + - name: disk-wipe + image: ghcr.io/onedr0p/alpine:3.17.3@sha256:999384960b6114496a5e4036e945141c205d064ce23b87326bd3f8d878c5a9d4 + securityContext: + privileged: true + resources: {} + command: ["/bin/sh", "-c"] + args: + - rm -rf /mnt/host_var/lib/rook + volumeMounts: + - mountPath: /mnt/host_var + name: host-var + volumes: + - name: host-var + hostPath: + path: /var diff --git a/Taskfile.yaml b/Taskfile.yaml index 443e678..e533d85 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -21,6 +21,7 @@ env: includes: volsync: .taskfiles/VolSync/Tasks.yaml precommit: .taskfiles/PreCommit/Tasks.yaml + rook: .taskfiles/rook/Taskfile.yaml tasks: From 1fc12c300c166f00c0eb7f6f02b4607f748b3ec0 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Fri, 29 Sep 2023 13:03:48 +0000 Subject: [PATCH 03/17] Update thanos config and rook config. --- Taskfile.yaml | 4 ++- .../monitoring/thanos/app/externalsecret.yaml | 31 ++++++++++++++++++ .../monitoring/thanos/app/helmrelease.yaml | 32 +++---------------- .../monitoring/thanos/app/kustomization.yaml | 2 +- .../thanos/app/objectbucketclaim.yaml | 9 ------ .../rook-ceph/cluster/helmrelease.yaml | 12 +++---- talos/deploy-integrations.sh | 10 +++--- 7 files changed, 50 insertions(+), 50 deletions(-) create mode 100644 kubernetes/apps/monitoring/thanos/app/externalsecret.yaml delete mode 100644 kubernetes/apps/monitoring/thanos/app/objectbucketclaim.yaml diff --git a/Taskfile.yaml b/Taskfile.yaml index e533d85..ef08fa5 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -21,7 +21,9 @@ env: includes: volsync: .taskfiles/VolSync/Tasks.yaml precommit: .taskfiles/PreCommit/Tasks.yaml - rook: .taskfiles/rook/Taskfile.yaml + rook: + taskfile: ".taskfiles/rook" + dir: .taskfiles/rook tasks: diff --git a/kubernetes/apps/monitoring/thanos/app/externalsecret.yaml b/kubernetes/apps/monitoring/thanos/app/externalsecret.yaml new file mode 100644 index 0000000..a9ecd49 --- /dev/null +++ b/kubernetes/apps/monitoring/thanos/app/externalsecret.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: thanos + namespace: monitoring +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: thanos-s3-secret + creationPolicy: Owner + template: + engineVersion: v2 + data: + objstore.yml: |- + type: s3 + config: + access_key: {{ .minio_thanos_access_key }} + bucket: thanos + endpoint: {{ .minio_s3_host }} + region: us-east-1 + secret_key: {{ .minio_thanos_secret_key }} + dataFrom: + - extract: + key: minio + rewrite: + - regexp: + source: "(.*)" + target: "minio_$1" diff --git a/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml b/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml index 0b55404..d3fa3ea 100644 --- a/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml @@ -35,10 +35,7 @@ spec: registry: quay.io repository: thanos/thanos tag: v0.32.3 - objstoreConfig: - type: s3 - config: - insecure: true + existingObjstoreSecret: thanos-s3-secret queryFrontend: enabled: true replicaCount: 3 @@ -71,14 +68,14 @@ spec: persistence: enabled: true storageClass: ceph-block - size: 100Gi + size: 20Gi storegateway: enabled: true replicaCount: 3 persistence: enabled: true storageClass: ceph-block - size: 20Gi + size: 10Gi ruler: enabled: true replicaCount: 3 @@ -99,29 +96,8 @@ spec: persistence: enabled: true storageClass: ceph-block - size: 20Gi + size: 5Gi metrics: enabled: true serviceMonitor: enabled: true - valuesFrom: - - targetPath: objstoreConfig.config.bucket - kind: ConfigMap - name: thanos-bucket-v1 - valuesKey: BUCKET_NAME - - targetPath: objstoreConfig.config.endpoint - kind: ConfigMap - name: thanos-bucket-v1 - valuesKey: BUCKET_HOST - - targetPath: objstoreConfig.config.region - kind: ConfigMap - name: thanos-bucket-v1 - valuesKey: BUCKET_REGION - - targetPath: objstoreConfig.config.access_key - kind: Secret - name: thanos-bucket-v1 - valuesKey: AWS_ACCESS_KEY_ID - - targetPath: objstoreConfig.config.secret_key - kind: Secret - name: thanos-bucket-v1 - valuesKey: AWS_SECRET_ACCESS_KEY diff --git a/kubernetes/apps/monitoring/thanos/app/kustomization.yaml b/kubernetes/apps/monitoring/thanos/app/kustomization.yaml index f5ab648..e4bccc4 100644 --- a/kubernetes/apps/monitoring/thanos/app/kustomization.yaml +++ b/kubernetes/apps/monitoring/thanos/app/kustomization.yaml @@ -4,7 +4,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: monitoring resources: - - ./objectbucketclaim.yaml + - ./externalsecret.yaml - ./helmrelease.yaml configMapGenerator: - name: thanos-bucket-replicate-dashboard diff --git a/kubernetes/apps/monitoring/thanos/app/objectbucketclaim.yaml b/kubernetes/apps/monitoring/thanos/app/objectbucketclaim.yaml deleted file mode 100644 index 080841c..0000000 --- a/kubernetes/apps/monitoring/thanos/app/objectbucketclaim.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: objectbucket.io/v1alpha1 -kind: ObjectBucketClaim -metadata: - name: thanos-bucket-v1 - namespace: monitoring -spec: - bucketName: thanos-v1 - storageClassName: ceph-bucket diff --git a/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml index 91bc6ff..2d0bd86 100644 --- a/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml +++ b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml @@ -53,15 +53,15 @@ spec: config: osdsPerDevice: "1" nodes: - - name: "valinor-1" + - name: "aule" devices: - - name: /dev/disk/by-id/scsi-0HC_Volume_37231496 - - name: "valinor-2" + - name: /dev/disk/by-id/scsi-0HC_Volume_37460833 + - name: "eonwe" devices: - - name: /dev/disk/by-id/scsi-0HC_Volume_37231521 - - name: "valinor-3" + - name: /dev/disk/by-id/scsi-0HC_Volume_37460887 + - name: "arlen" devices: - - name: /dev/disk/by-id/scsi-0HC_Volume_37231596 + - name: /dev/disk/by-id/scsi-0HC_Volume_37460897 ingress: ingressClassName: "nginx" diff --git a/talos/deploy-integrations.sh b/talos/deploy-integrations.sh index 17d6b7b..cab2aff 100755 --- a/talos/deploy-integrations.sh +++ b/talos/deploy-integrations.sh @@ -2,11 +2,11 @@ # shellcheck disable=2312 pushd integrations >/dev/null 2>&1 || exit 1 -rm -rf cni/charts -envsubst < ../../kubernetes/apps/kube-system/cilium/app/values.yaml > cni/values.yaml -kustomize build --enable-helm cni | kubectl apply -f - -rm cni/values.yaml -rm -rf cni/charts +#rm -rf cni/charts +#envsubst < ../../kubernetes/apps/kube-system/cilium/app/values.yaml > cni/values.yaml +#kustomize build --enable-helm cni | kubectl apply -f - +#rm cni/values.yaml +#rm -rf cni/charts rm -rf kubelet-csr-approver/charts envsubst < ../../kubernetes/apps/system/kubelet-csr-approver/app/values.yaml > kubelet-csr-approver/values.yaml From 5af8b49ccff8680f0d5437a3c9af66dbf5a09bf0 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Fri, 29 Sep 2023 13:19:59 +0000 Subject: [PATCH 04/17] Update Cilium values. --- .../apps/kube-system/cilium/app/values.yaml | 62 ------------------- 1 file changed, 62 deletions(-) diff --git a/kubernetes/apps/kube-system/cilium/app/values.yaml b/kubernetes/apps/kube-system/cilium/app/values.yaml index 00e10f0..253e809 100644 --- a/kubernetes/apps/kube-system/cilium/app/values.yaml +++ b/kubernetes/apps/kube-system/cilium/app/values.yaml @@ -1,72 +1,12 @@ -autoDirectNodeRoutes: true -bandwidthManager: - enabled: true - bbr: true -bpf: - masquerade: true -bgp: - enabled: false -cluster: - name: valinor - id: 1 -containerRuntime: - integration: containerd -endpointRoutes: - enabled: true cgroup: autoMount: enabled: false hostRoot: /sys/fs/cgroup -hubble: - enabled: true - metrics: - enabled: - - dns:query - - drop - - tcp - - flow - - port-distribution - - icmp - - http - serviceMonitor: - enabled: true - dashboards: - enabled: true - annotations: - grafana_folder: Cilium - relay: - enabled: true - rollOutPods: true - prometheus: - serviceMonitor: - enabled: true - ui: - enabled: true - rollOutPods: true - ingress: - enabled: true - className: internal - hosts: - - &host hubble.hsn.dev - tls: - - hosts: - - *host ipam: mode: kubernetes -ipv4NativeRoutingCIDR: 10.32.0.0/16 k8sServiceHost: localhost k8sServicePort: 7445 kubeProxyReplacement: true -kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256 -l2announcements: - enabled: true - leaseDuration: 120s - leaseRenewDeadline: 60s - leaseRetryPeriod: 1s -loadBalancer: - algorithm: maglev - mode: dsr -localRedirectPolicy: true operator: rollOutPods: true prometheus: @@ -88,7 +28,6 @@ dashboards: grafana_folder: Cilium rollOutCiliumPods: true securityContext: - privileged: true capabilities: ciliumAgent: - CHOWN @@ -106,4 +45,3 @@ securityContext: - NET_ADMIN - SYS_ADMIN - SYS_RESOURCE -tunnel: disabled From c2412b6e26035aa844538626662dc1431c11d5c8 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Fri, 29 Sep 2023 13:20:22 +0000 Subject: [PATCH 05/17] Added flux taskfile. --- .taskfiles/flux/Taskfile.yaml | 47 +++++++++++++++++++++++++++++++++++ Taskfile.yaml | 3 +++ 2 files changed, 50 insertions(+) create mode 100644 .taskfiles/flux/Taskfile.yaml diff --git a/.taskfiles/flux/Taskfile.yaml b/.taskfiles/flux/Taskfile.yaml new file mode 100644 index 0000000..2f3768a --- /dev/null +++ b/.taskfiles/flux/Taskfile.yaml @@ -0,0 +1,47 @@ +--- +version: "3" + +tasks: + gr-sync: + desc: Sync all Flux GitRepositories + cmds: + - | + kubectl get gitrepositories --all-namespaces --no-headers | awk '{print $1, $2}' \ + | xargs -P 4 -L 1 bash -c \ + 'kubectl -n $0 annotate gitrepository/$1 reconcile.fluxcd.io/requestedAt=$(date +%s) --field-manager=flux-client-side-apply --overwrite' + + ks-sync: + desc: Sync all Flux Kustomizations + cmds: + - | + kubectl get kustomization --all-namespaces --no-headers | awk '{print $1, $2}' \ + | xargs -P 4 -L 1 bash -c \ + 'kubectl -n $0 annotate kustomization/$1 reconcile.fluxcd.io/requestedAt="$(date +%s)" --field-manager=flux-client-side-apply --overwrite' + + hr-sync: + desc: Sync all Flux HelmReleases + cmds: + - | + kubectl get helmreleases --all-namespaces --no-headers | awk '{print $1, $2}' \ + | xargs -P 4 -L 1 bash -c \ + 'kubectl -n $0 annotate helmrelease/$1 reconcile.fluxcd.io/requestedAt="$(date +%s)" --overwrite' + + tf-sync: + desc: Sync Flux Terraforms + cmds: + - | + kubectl get terraforms --all-namespaces --no-headers | awk '{print $1, $2}' \ + | xargs -P 4 -L 1 bash -c \ + 'kubectl -n $0 annotate terraform/$1 reconcile.fluxcd.io/requestedAt="$(date +%s)" --overwrite' + hr-suspend: + desc: Suspend all Flux HelmReleases + cmds: + - | + flux get helmrelease --all-namespaces --no-header | awk '{print $1, $2}' \ + | xargs -L 1 bash -c 'flux -n $0 suspend helmrelease $1' + hr-resume: + desc: Resume all Flux HelmReleases + cmds: + - | + flux get helmrelease --all-namespaces --no-header | awk '{print $1, $2}' \ + | xargs -L 1 bash -c 'flux -n $0 resume helmrelease $1' diff --git a/Taskfile.yaml b/Taskfile.yaml index ef08fa5..e1caf3f 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -24,6 +24,9 @@ includes: rook: taskfile: ".taskfiles/rook" dir: .taskfiles/rook + flux: + dir: .taskfiles/flux + taskfile: .taskfiles/flux tasks: From 15a68f3238489d941b2972820f851c4185eccecc Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Fri, 29 Sep 2023 13:26:15 +0000 Subject: [PATCH 06/17] Remove cilium helm chart. --- .../kube-system/cilium/app/cilium-l2.yaml | 20 --- .../kube-system/cilium/app/helmrelease.yaml | 114 ------------------ .../kube-system/cilium/app/kustomization.yaml | 15 --- .../cilium/app/kustomizeconfig.yaml | 7 -- .../apps/kube-system/cilium/app/values.yaml | 47 -------- kubernetes/apps/kube-system/cilium/ks.yaml | 14 --- .../apps/kube-system/kustomization.yaml | 1 - 7 files changed, 218 deletions(-) delete mode 100644 kubernetes/apps/kube-system/cilium/app/cilium-l2.yaml delete mode 100644 kubernetes/apps/kube-system/cilium/app/helmrelease.yaml delete mode 100644 kubernetes/apps/kube-system/cilium/app/kustomization.yaml delete mode 100644 kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml delete mode 100644 kubernetes/apps/kube-system/cilium/app/values.yaml delete mode 100644 kubernetes/apps/kube-system/cilium/ks.yaml diff --git a/kubernetes/apps/kube-system/cilium/app/cilium-l2.yaml b/kubernetes/apps/kube-system/cilium/app/cilium-l2.yaml deleted file mode 100644 index 6869ccd..0000000 --- a/kubernetes/apps/kube-system/cilium/app/cilium-l2.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: cilium.io/v2alpha1 -kind: CiliumL2AnnouncementPolicy -metadata: - name: policy -spec: - loadBalancerIPs: true - interfaces: - - ^eth1$ - nodeSelector: - matchLabels: - kubernetes.io/os: linux ---- -apiVersion: cilium.io/v2alpha1 -kind: CiliumLoadBalancerIPPool -metadata: - name: pool -spec: - cidrs: - - cidr: 10.2.42.0/24 diff --git a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml deleted file mode 100644 index a032c66..0000000 --- a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml +++ /dev/null @@ -1,114 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: cilium - namespace: kube-system -spec: - interval: 30m - chart: - spec: - chart: cilium - version: 1.14.2 - sourceRef: - kind: HelmRepository - name: cilium - namespace: flux-system - maxHistory: 2 - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - autoDirectNodeRoutes: true - bpf: - masquerade: true - bgp: - enabled: false - cluster: - name: kubernetes - id: 1 - containerRuntime: - integration: containerd - socketPath: /var/run/k3s/containerd/containerd.sock - endpointRoutes: - enabled: true - hubble: - enabled: true - metrics: - enabled: - - dns:query - - drop - - tcp - - flow - - port-distribution - - icmp - - http - serviceMonitor: - enabled: true - dashboards: - enabled: true - annotations: - grafana_folder: Cilium - relay: - enabled: true - rollOutPods: true - prometheus: - serviceMonitor: - enabled: true - ui: - enabled: true - rollOutPods: true - ingress: - enabled: true - className: nginx - hosts: - - &host hubble.valinor.social - tls: - - hosts: - - *host - ipam: - mode: kubernetes - ipv4NativeRoutingCIDR: 10.32.0.0/16 - k8sServiceHost: 10.2.0.6 - k8sServicePort: 6443 - kubeProxyReplacement: true - kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256 - l2announcements: - enabled: true - leaseDuration: 120s - leaseRenewDeadline: 60s - leaseRetryPeriod: 1s - loadBalancer: - algorithm: maglev - mode: dsr - localRedirectPolicy: true - operator: - rollOutPods: true - prometheus: - enabled: true - serviceMonitor: - enabled: true - dashboards: - enabled: true - annotations: - grafana_folder: Cilium - prometheus: - enabled: true - serviceMonitor: - enabled: true - trustCRDsExist: true - dashboards: - enabled: true - annotations: - grafana_folder: Cilium - rollOutCiliumPods: true - securityContext: - privileged: true - tunnel: disabled diff --git a/kubernetes/apps/kube-system/cilium/app/kustomization.yaml b/kubernetes/apps/kube-system/cilium/app/kustomization.yaml deleted file mode 100644 index d5ca0be..0000000 --- a/kubernetes/apps/kube-system/cilium/app/kustomization.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kube-system -resources: - - ./helmrelease.yaml - - ./cilium-l2.yaml -configMapGenerator: - - name: cilium-values - files: - - values.yaml=./values.yaml - -configurations: - - kustomizeconfig.yaml \ No newline at end of file diff --git a/kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml b/kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml deleted file mode 100644 index 1fcad09..0000000 --- a/kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -nameReference: - - kind: ConfigMap - version: v1 - fieldSpecs: - - path: spec/valuesFrom/name - kind: HelmRelease \ No newline at end of file diff --git a/kubernetes/apps/kube-system/cilium/app/values.yaml b/kubernetes/apps/kube-system/cilium/app/values.yaml deleted file mode 100644 index 253e809..0000000 --- a/kubernetes/apps/kube-system/cilium/app/values.yaml +++ /dev/null @@ -1,47 +0,0 @@ -cgroup: - autoMount: - enabled: false - hostRoot: /sys/fs/cgroup -ipam: - mode: kubernetes -k8sServiceHost: localhost -k8sServicePort: 7445 -kubeProxyReplacement: true -operator: - rollOutPods: true - prometheus: - enabled: true - serviceMonitor: - enabled: true - dashboards: - enabled: true - annotations: - grafana_folder: Cilium -prometheus: - enabled: true - serviceMonitor: - enabled: true - trustCRDsExist: true -dashboards: - enabled: true - annotations: - grafana_folder: Cilium -rollOutCiliumPods: true -securityContext: - capabilities: - ciliumAgent: - - CHOWN - - KILL - - NET_ADMIN - - NET_RAW - - IPC_LOCK - - SYS_ADMIN - - SYS_RESOURCE - - DAC_OVERRIDE - - FOWNER - - SETGID - - SETUID - cleanCiliumState: - - NET_ADMIN - - SYS_ADMIN - - SYS_RESOURCE diff --git a/kubernetes/apps/kube-system/cilium/ks.yaml b/kubernetes/apps/kube-system/cilium/ks.yaml deleted file mode 100644 index 3d994ab..0000000 --- a/kubernetes/apps/kube-system/cilium/ks.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: cluster-apps-cilium - namespace: flux-system -spec: - interval: 10m - path: "./kubernetes/apps/kube-system/cilium/app" - prune: true - sourceRef: - kind: GitRepository - name: valinor - wait: true diff --git a/kubernetes/apps/kube-system/kustomization.yaml b/kubernetes/apps/kube-system/kustomization.yaml index f269ea1..a8875ab 100644 --- a/kubernetes/apps/kube-system/kustomization.yaml +++ b/kubernetes/apps/kube-system/kustomization.yaml @@ -6,4 +6,3 @@ resources: - ./namespace.yaml # Flux-Kustomizations - ./metrics-server/ks.yaml - - ./cilium/ks.yaml From 05191c24781daf095356f111a14a44643b6cf112 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Fri, 29 Sep 2023 14:22:09 +0000 Subject: [PATCH 07/17] Update s3 bucket config --- .../monitoring/kube-prometheus-stack/app/helmrelease.yaml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml index c311cbe..4163148 100644 --- a/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml @@ -203,7 +203,7 @@ spec: thanos: image: quay.io/thanos/thanos:v0.32.3 objectStorageConfig: - name: thanos-objstore-secret + name: thanos-s3-secret key: objstore.yml retention: 2d retentionSize: 15GB @@ -222,8 +222,3 @@ spec: resources: requests: storage: 20Gi - valuesFrom: - - targetPath: objstoreConfig.config.bucket - kind: ConfigMap - name: thanos-bucket-v1 - valuesKey: BUCKET_NAME From e9189d79f75ea8f8bb4cb285254770ef52b042d3 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Fri, 29 Sep 2023 14:47:19 +0000 Subject: [PATCH 08/17] Update rook config. --- .../rook-ceph/cluster/helmrelease.yaml | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml index 2d0bd86..83a35ad 100644 --- a/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml +++ b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml @@ -101,3 +101,68 @@ spec: csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph csi.storage.k8s.io/fstype: ext4 + cephFileSystems: + - name: ceph-filesystem + spec: + metadataPool: + replicated: + size: 3 + dataPools: + - failureDomain: host + replicated: + size: 3 + metadataServer: + activeCount: 1 + activeStandby: true + resources: + requests: + cpu: "35m" + memory: "64M" + limits: + memory: "144M" + storageClass: + enabled: true + isDefault: false + name: ceph-filesystem + reclaimPolicy: Delete + allowVolumeExpansion: true + mountOptions: [] + parameters: + csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner + csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph + csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner + csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph + csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node + csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph + csi.storage.k8s.io/fstype: ext4 + cephObjectStores: + - name: ceph-objectstore + spec: + metadataPool: + failureDomain: host + replicated: + size: 3 + dataPool: + failureDomain: host + erasureCoded: + dataChunks: 2 + codingChunks: 1 + preservePoolsOnDelete: true + gateway: + port: 80 + resources: + requests: + cpu: 100m + memory: 128M + limits: + memory: 2Gi + instances: 1 + healthCheck: + bucket: + interval: 60s + storageClass: + enabled: true + name: ceph-bucket + reclaimPolicy: Delete + parameters: + region: us-east-1 From 5598d3baafe18272a285dc7ce9077936766c9040 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Sat, 30 Sep 2023 14:25:46 +0000 Subject: [PATCH 09/17] Update DNSimple Issuer. --- .../apps/cert-manager/cert-manager/issuers/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/helmrelease.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/helmrelease.yaml index 7783bc2..a62c0a5 100644 --- a/kubernetes/apps/cert-manager/cert-manager/issuers/helmrelease.yaml +++ b/kubernetes/apps/cert-manager/cert-manager/issuers/helmrelease.yaml @@ -10,7 +10,7 @@ spec: chart: spec: chart: cert-manager-webhook-dnsimple - version: 0.0.6 + version: 0.0.7 interval: 30m sourceRef: kind: HelmRepository From f9b96df17500809d869832aa96b04643ef906fef Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Sat, 30 Sep 2023 14:45:54 +0000 Subject: [PATCH 10/17] Image renderer has no arm64 binary. --- kubernetes/apps/monitoring/grafana/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml b/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml index 9b898af..4b27f9c 100644 --- a/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml @@ -184,7 +184,7 @@ spec: root_url: https://grafana.valinor.social imageRenderer: - enabled: true + enabled: false ingress: enabled: true From 7cb2ea263d4f3cb9fdb68a5b1188c7ea6994b202 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Sun, 1 Oct 2023 19:12:11 -0500 Subject: [PATCH 11/17] Adding hetzner cloud controller manager for hetzner cloud load balancers. --- .../kube-system/hccm/app/externalsecret.yaml | 18 ++++++++++++++++ .../kube-system/hccm/app/helmrelease.yaml | 21 +++++++++++++++++++ .../kube-system/hccm/app/kustomization.yaml | 7 +++++++ kubernetes/apps/kube-system/hccm/ks.yaml | 16 ++++++++++++++ .../apps/kube-system/kustomization.yaml | 1 + .../metrics-server/app/kustomization.yaml | 1 + .../flux/repositories/helm/hetzner.yaml | 10 +++++++++ .../flux/repositories/helm/kustomization.yaml | 2 ++ 8 files changed, 76 insertions(+) create mode 100644 kubernetes/apps/kube-system/hccm/app/externalsecret.yaml create mode 100644 kubernetes/apps/kube-system/hccm/app/helmrelease.yaml create mode 100644 kubernetes/apps/kube-system/hccm/app/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/hccm/ks.yaml create mode 100644 kubernetes/flux/repositories/helm/hetzner.yaml diff --git a/kubernetes/apps/kube-system/hccm/app/externalsecret.yaml b/kubernetes/apps/kube-system/hccm/app/externalsecret.yaml new file mode 100644 index 0000000..c629077 --- /dev/null +++ b/kubernetes/apps/kube-system/hccm/app/externalsecret.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: hcloud + namespace: kube-system +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: hcloud + creationPolicy: Owner + data: + - secretKey: network + remoteRef: + key: hetzner + property: cloud-api-token diff --git a/kubernetes/apps/kube-system/hccm/app/helmrelease.yaml b/kubernetes/apps/kube-system/hccm/app/helmrelease.yaml new file mode 100644 index 0000000..1d4d1ef --- /dev/null +++ b/kubernetes/apps/kube-system/hccm/app/helmrelease.yaml @@ -0,0 +1,21 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: hccm + namespace: kube-system +spec: + interval: 30m + chart: + spec: + chart: hcloud-cloud-controller-manager + version: v1.18.0 + sourceRef: + kind: HelmRepository + name: hetzner + namespace: flux-system + interval: 30m + values: + metrics: + enabled: true diff --git a/kubernetes/apps/kube-system/hccm/app/kustomization.yaml b/kubernetes/apps/kube-system/hccm/app/kustomization.yaml new file mode 100644 index 0000000..749cbd1 --- /dev/null +++ b/kubernetes/apps/kube-system/hccm/app/kustomization.yaml @@ -0,0 +1,7 @@ +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/kube-system/hccm/ks.yaml b/kubernetes/apps/kube-system/hccm/ks.yaml new file mode 100644 index 0000000..916a824 --- /dev/null +++ b/kubernetes/apps/kube-system/hccm/ks.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cluster-apps-hetzner-hccm + namespace: flux-system + labels: + substitution.flux.home.arpa/enabled: "true" +spec: + interval: 10m + path: "./kubernetes/apps/kube-system/hccm/app" + prune: true + sourceRef: + kind: GitRepository + name: valinor + wait: true diff --git a/kubernetes/apps/kube-system/kustomization.yaml b/kubernetes/apps/kube-system/kustomization.yaml index a8875ab..2318d64 100644 --- a/kubernetes/apps/kube-system/kustomization.yaml +++ b/kubernetes/apps/kube-system/kustomization.yaml @@ -1,3 +1,4 @@ +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml b/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml index 1c3fdb0..749cbd1 100644 --- a/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml +++ b/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml @@ -1,3 +1,4 @@ +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/kubernetes/flux/repositories/helm/hetzner.yaml b/kubernetes/flux/repositories/helm/hetzner.yaml new file mode 100644 index 0000000..668285e --- /dev/null +++ b/kubernetes/flux/repositories/helm/hetzner.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: hetzner + namespace: flux-system +spec: + interval: 30m + url: https://charts.hetzner.cloud + timeout: 3m diff --git a/kubernetes/flux/repositories/helm/kustomization.yaml b/kubernetes/flux/repositories/helm/kustomization.yaml index deddf11..1ba2b62 100644 --- a/kubernetes/flux/repositories/helm/kustomization.yaml +++ b/kubernetes/flux/repositories/helm/kustomization.yaml @@ -1,3 +1,4 @@ +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization @@ -12,6 +13,7 @@ resources: - external-secrets.yaml - fairwinds.yaml - grafana.yaml + - hetzner.yaml - ingress-nginx.yaml - jahanson.yaml - jetstack.yaml From 2b7279bb2821610a133f566ff435a46841fe5316 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Sun, 1 Oct 2023 19:17:40 -0500 Subject: [PATCH 12/17] Updated ks for hccm. --- kubernetes/apps/kube-system/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/kubernetes/apps/kube-system/kustomization.yaml b/kubernetes/apps/kube-system/kustomization.yaml index 2318d64..f2fee2c 100644 --- a/kubernetes/apps/kube-system/kustomization.yaml +++ b/kubernetes/apps/kube-system/kustomization.yaml @@ -7,3 +7,4 @@ resources: - ./namespace.yaml # Flux-Kustomizations - ./metrics-server/ks.yaml + - ./hccm/ks.yaml From 670f719a1578c40ce6261fd26998f98acbd0cc16 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Mon, 2 Oct 2023 00:21:52 +0000 Subject: [PATCH 13/17] Adding external secret to ks. --- kubernetes/apps/kube-system/hccm/app/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/kubernetes/apps/kube-system/hccm/app/kustomization.yaml b/kubernetes/apps/kube-system/hccm/app/kustomization.yaml index 749cbd1..d868f4a 100644 --- a/kubernetes/apps/kube-system/hccm/app/kustomization.yaml +++ b/kubernetes/apps/kube-system/hccm/app/kustomization.yaml @@ -4,4 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kube-system resources: + - ./externalsecret.yaml - ./helmrelease.yaml From e1b9ae0268242a92fc98ba2fc710295638131ba4 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Mon, 2 Oct 2023 00:36:02 +0000 Subject: [PATCH 14/17] Update secret for hccm. --- kubernetes/apps/kube-system/hccm/app/externalsecret.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kubernetes/apps/kube-system/hccm/app/externalsecret.yaml b/kubernetes/apps/kube-system/hccm/app/externalsecret.yaml index c629077..6e9f3a4 100644 --- a/kubernetes/apps/kube-system/hccm/app/externalsecret.yaml +++ b/kubernetes/apps/kube-system/hccm/app/externalsecret.yaml @@ -12,7 +12,11 @@ spec: name: hcloud creationPolicy: Owner data: - - secretKey: network + - secretKey: token remoteRef: key: hetzner property: cloud-api-token + - secretKey: network + remoteRef: + key: hetzner + property: cloud-network-name From a53db34ed3d91396b06cd6e6e67a7dd85311e2f4 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Mon, 2 Oct 2023 00:53:28 +0000 Subject: [PATCH 15/17] Apply hetzner lb annotations. --- .../network/ingress-nginx/app/helmrelease.yaml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml b/kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml index 7904581..848b278 100644 --- a/kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml +++ b/kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml @@ -18,11 +18,11 @@ spec: controller: replicaCount: 3 - hostPort: - enabled: true - ports: - http: 81 - https: 444 + # hostPort: + # enabled: true + # ports: + # http: 81 + # https: 444 updateStrategy: type: Recreate @@ -31,8 +31,9 @@ spec: enabled: true type: LoadBalancer annotations: - external-dns.alpha.kubernetes.io/hostname: "ingress.valinor.social" - io.cilium/lb-ipam-ips: "10.2.42.1" + load-balancer.hetzner.cloud/location: fsn1 + load-balancer.hetzner.cloud/use-private-ip: "true" + externalTrafficPolicy: Local publishService: From 26445021def6e4bc45b086482523a333a7b9b6be Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Mon, 2 Oct 2023 02:32:49 +0000 Subject: [PATCH 16/17] Update nginx annotations. --- kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml b/kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml index 848b278..bd6a98b 100644 --- a/kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml +++ b/kubernetes/apps/network/ingress-nginx/app/helmrelease.yaml @@ -32,7 +32,10 @@ spec: type: LoadBalancer annotations: load-balancer.hetzner.cloud/location: fsn1 - load-balancer.hetzner.cloud/use-private-ip: "true" + load-balancer.hetzner.cloud/protocol: tcp + load-balancer.hetzner.cloud/name: valinor-nginx + load-balancer.hetzner.cloud/use-private-ip: true + load-balancer.hetzner.cloud/uses-proxyprotocol: true externalTrafficPolicy: Local From d1045d28a923396ce31ee727d18b8890b95e222d Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Mon, 2 Oct 2023 03:02:41 +0000 Subject: [PATCH 17/17] Enabling hetzner networks --- kubernetes/apps/kube-system/hccm/app/helmrelease.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kubernetes/apps/kube-system/hccm/app/helmrelease.yaml b/kubernetes/apps/kube-system/hccm/app/helmrelease.yaml index 1d4d1ef..09fc1ed 100644 --- a/kubernetes/apps/kube-system/hccm/app/helmrelease.yaml +++ b/kubernetes/apps/kube-system/hccm/app/helmrelease.yaml @@ -19,3 +19,6 @@ spec: values: metrics: enabled: true + networking: + enabled: true + clusterCIDR: 10.244.0.0/16