From 05c09ada214fe04a5d6585e5e24073f0f230b492 Mon Sep 17 00:00:00 2001 From: Ronald Philipsen Date: Mon, 20 Jan 2025 19:55:53 +0100 Subject: [PATCH 01/37] initial setup --- .../alertmanagerconfig.yaml | 84 ++++++++++ .../kube-prometheus-stack/externalsecret.yaml | 21 +++ .../kube-prometheus-stack/helmrelease.yaml | 148 ++++++++++++++++++ .../kube-prometheus-stack/kustomization.yaml | 8 + 4 files changed, 261 insertions(+) create mode 100644 kubernetes/apps/observability/kube-prometheus-stack/alertmanagerconfig.yaml create mode 100644 kubernetes/apps/observability/kube-prometheus-stack/externalsecret.yaml create mode 100644 kubernetes/apps/observability/kube-prometheus-stack/helmrelease.yaml create mode 100644 kubernetes/apps/observability/kube-prometheus-stack/kustomization.yaml diff --git a/kubernetes/apps/observability/kube-prometheus-stack/alertmanagerconfig.yaml b/kubernetes/apps/observability/kube-prometheus-stack/alertmanagerconfig.yaml new file mode 100644 index 00000000..4a369ab3 --- /dev/null +++ b/kubernetes/apps/observability/kube-prometheus-stack/alertmanagerconfig.yaml @@ -0,0 +1,84 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/alertmanagerconfig_v1alpha1.json +apiVersion: monitoring.coreos.com/v1alpha1 +kind: AlertmanagerConfig +metadata: + name: alertmanager +spec: + route: + groupBy: ["alertname", "job"] + groupInterval: 10m + groupWait: 1m + receiver: pushover + repeatInterval: 12h + routes: + - receiver: "null" + matchers: + - name: alertname + value: InfoInhibitor + matchType: = + - receiver: heartbeat + groupInterval: 5m + groupWait: 0s + repeatInterval: 5m + matchers: + - name: alertname + value: Watchdog + matchType: = + - receiver: email + matchers: + - name: severity + value: critical + matchType: = + inhibitRules: + - equal: ["alertname", "namespace"] + sourceMatch: + - name: severity + value: critical + matchType: = + targetMatch: + - name: severity + value: warning + matchType: = + receivers: + - name: "null" + - name: heartbeat + webhookConfigs: + - urlSecret: + name: &secret alertmanager-secret + key: ALERTMANAGER_HEARTBEAT_URL + - name: email + emailConfigs: + - from: 'alertmanager@${SECRET_DOMAIN}' + to: 'alerts@${SECRET_DOMAIN}' + text: >- + [{{ .Status | toUpper }}{{ if eq .Status "firing" }}:{{ .Alerts.Firing | len }}{{ end }}] + {{ .CommonLabels.alertname }} + html: |- + {{- range .Alerts }} + {{- if ne .Annotations.description "" }} + {{ .Annotations.description }} + {{- else if ne .Annotations.summary "" }} + {{ .Annotations.summary }} + {{- else if ne .Annotations.message "" }} + {{ .Annotations.message }} + {{- else }} + Alert description not available + {{- end }} + {{- if gt (len .Labels.SortedPairs) 0 }} + + {{- range .Labels.SortedPairs }} + {{ .Name }}: {{ .Value }} + {{- end }} + + {{- end }} + {{- end }} + + sendResolved: true + # The smarthost and SMTP sender used for mail notifications. + hello: k8s@${SECRET_DOMAIN} + smarthost: ${ALERTMANAGER_SMTP_HOST} + authUsername: ${ALERTMANAGER_SMTP_USERNAME} + authPassword: + key: *secret + name: ALERTMANAGER_SMTP_PASSWORD diff --git a/kubernetes/apps/observability/kube-prometheus-stack/externalsecret.yaml b/kubernetes/apps/observability/kube-prometheus-stack/externalsecret.yaml new file mode 100644 index 00000000..a2950bf9 --- /dev/null +++ b/kubernetes/apps/observability/kube-prometheus-stack/externalsecret.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: alertmanager +spec: + refreshInterval: 5m + secretStoreRef: + kind: ClusterSecretStore + name: onepassword + target: + name: alertmanager-secret + template: + data: + ALERTMANAGER_HEARTBEAT_URL: "{{ .ALERTMANAGER_HEARTBEAT_URL }}" + ALERTMANAGER_SMTP_PASSWORD: "{{ .ALERTMANAGER_SMTP_PASSWORD }}" + PUSHOVER_USER_KEY: "{{ .PUSHOVER_USER_KEY }}" + dataFrom: + - extract: + key: alertmanager diff --git a/kubernetes/apps/observability/kube-prometheus-stack/helmrelease.yaml b/kubernetes/apps/observability/kube-prometheus-stack/helmrelease.yaml new file mode 100644 index 00000000..3d5174e6 --- /dev/null +++ b/kubernetes/apps/observability/kube-prometheus-stack/helmrelease.yaml @@ -0,0 +1,148 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: kube-prometheus-stack +spec: + interval: 30m + chart: + spec: + chart: kube-prometheus-stack + version: 68.2.1 + sourceRef: + kind: HelmRepository + name: prometheus-community + namespace: flux-system + install: + crds: Skip + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + crds: Skip + remediation: + strategy: rollback + retries: 3 + dependsOn: + - name: kube-prometheus-stack-crds + namespace: observability + values: + crds: + enabled: false + cleanPrometheusOperatorObjectNames: true + alertmanager: + ingress: + enabled: true + ingressClassName: internal + hosts: ["alertmanager.${SECRET_DOMAIN}"] + pathType: Prefix + alertmanagerSpec: + alertmanagerConfiguration: + name: alertmanager + global: + resolveTimeout: 5m + externalUrl: https://alertmanager.${SECRET_DOMAIN} + storage: + volumeClaimTemplate: + spec: + storageClassName: nfs-provision + resources: + requests: + storage: 1Gi + kubeApiServer: + serviceMonitor: + selector: + k8s-app: kube-apiserver + kubeScheduler: + service: + selector: + k8s-app: kube-scheduler + kubeControllerManager: &kubeControllerManager + service: + selector: + k8s-app: kube-controller-manager + kubeEtcd: + <<: *kubeControllerManager # etcd runs on control plane nodes + kubeProxy: + enabled: false + prometheus: + ingress: + enabled: true + ingressClassName: internal + hosts: ["prometheus.${SECRET_DOMAIN}"] + pathType: Prefix + prometheusSpec: + podMonitorSelectorNilUsesHelmValues: false + probeSelectorNilUsesHelmValues: false + ruleSelectorNilUsesHelmValues: false + scrapeConfigSelectorNilUsesHelmValues: false + serviceMonitorSelectorNilUsesHelmValues: false + enableAdminAPI: true + walCompression: true + enableFeatures: + - memory-snapshot-on-shutdown + retention: 14d + retentionSize: 50GB + resources: + requests: + cpu: 100m + limits: + memory: 2000Mi + storageSpec: + volumeClaimTemplate: + spec: + storageClassName: nfs-provision + resources: + requests: + storage: 50Gi + prometheus-node-exporter: + fullnameOverride: node-exporter + prometheus: + monitor: + enabled: true + relabelings: + - action: replace + regex: (.*) + replacement: $1 + sourceLabels: ["__meta_kubernetes_pod_node_name"] + targetLabel: kubernetes_node + kube-state-metrics: + fullnameOverride: kube-state-metrics + metricLabelsAllowlist: + - pods=[*] + - deployments=[*] + - persistentvolumeclaims=[*] + prometheus: + monitor: + enabled: true + relabelings: + - action: replace + regex: (.*) + replacement: $1 + sourceLabels: ["__meta_kubernetes_pod_node_name"] + targetLabel: kubernetes_node + grafana: + enabled: false + forceDeployDashboards: true + additionalPrometheusRulesMap: + dockerhub-rules: + groups: + - name: dockerhub + rules: + - alert: DockerhubRateLimitRisk + annotations: + summary: Kubernetes cluster Dockerhub rate limit risk + expr: count(time() - container_last_seen{image=~"(docker.io).*",container!=""} < 30) > 100 + labels: + severity: critical + oom-rules: + groups: + - name: oom + rules: + - alert: OomKilled + annotations: + summary: Container {{ $labels.container }} in pod {{ $labels.namespace }}/{{ $labels.pod }} has been OOMKilled {{ $value }} times in the last 10 minutes. + expr: (kube_pod_container_status_restarts_total - kube_pod_container_status_restarts_total offset 10m >= 1) and ignoring (reason) min_over_time(kube_pod_container_status_last_terminated_reason{reason="OOMKilled"}[10m]) == 1 + labels: + severity: critical diff --git a/kubernetes/apps/observability/kube-prometheus-stack/kustomization.yaml b/kubernetes/apps/observability/kube-prometheus-stack/kustomization.yaml new file mode 100644 index 00000000..d132dc09 --- /dev/null +++ b/kubernetes/apps/observability/kube-prometheus-stack/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./alertmanagerconfig.yaml + - ./externalsecret.yaml + - ./helmrelease.yaml From f157656d234925982a2bca0aed9b97748858f32d Mon Sep 17 00:00:00 2001 From: Ronald Philipsen Date: Mon, 20 Jan 2025 20:03:16 +0100 Subject: [PATCH 02/37] barman --- .../database/cloudnative-pg/cluster/cluster16.yaml | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml b/kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml index 55aa141e..3fa55d01 100644 --- a/kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml +++ b/kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml @@ -48,14 +48,4 @@ spec: secretAccessKey: name: cloudnative-pg-secret key: AWS_SECRET_ACCESS_KEY - # Note: previousCluster needs to be set to the name of the previous - # cluster when recovering from an existing cnpg cluster - bootstrap: - recovery: - source: &previousCluster postgres16-v1 - #Note: externalClusters is needed when recovering from an existing cnpg cluster - externalClusters: - - name: *previousCluster - barmanObjectStore: - <<: *barmanObjectStore - serverName: *previousCluster + From 5a90afbf82f492de4d5eb44efa225ce53949484b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 26 Jan 2025 12:49:56 +0100 Subject: [PATCH 03/37] =?UTF-8?q?feat(container):=20update=20ghcr.io/onedr?= =?UTF-8?q?0p/actions-runner=20(=202.321.0=20=E2=86=92=202.322.0=20)=20(#2?= =?UTF-8?q?28)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .../gha-runner-scale-set-controller/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app/helmrelease.yaml b/kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app/helmrelease.yaml index a29d2a14..c5da6202 100644 --- a/kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app/helmrelease.yaml +++ b/kubernetes/apps/actions-runner-system/gha-runner-scale-set-controller/app/helmrelease.yaml @@ -50,7 +50,7 @@ spec: spec: containers: - name: runner - image: ghcr.io/onedr0p/actions-runner:2.321.0@sha256:a7539dc157f3f0129f49459826576ab53a529580916bb8a09a395e61e38354c0 + image: ghcr.io/onedr0p/actions-runner:2.322.0@sha256:34aa045b8b0b82469bcb5951e244fd2bd41b8abbd493f956092497fcdcd29209 command: ["/home/runner/run.sh"] controllerServiceAccount: name: gha-runner-scale-set-controller From a9f2ecb8be420778976b4a8186c08dbafe355456 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 26 Jan 2025 12:50:08 +0100 Subject: [PATCH 04/37] =?UTF-8?q?fix(container):=20update=20ghcr.io/onedr0?= =?UTF-8?q?p/prowlarr-develop=20(=201.30.1.4928=20=E2=86=92=201.30.2.4939?= =?UTF-8?q?=20)=20(#227)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- kubernetes/apps/default/prowlarr/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/default/prowlarr/app/helmrelease.yaml b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml index e85c6ba6..7391ce3d 100644 --- a/kubernetes/apps/default/prowlarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml @@ -49,7 +49,7 @@ spec: app: image: repository: ghcr.io/onedr0p/prowlarr-develop - tag: 1.30.1.4928@sha256:6256bcffe1658d7f2de3eb82f9fab20e800a2c84c4cdec8a0009844e2f9891da + tag: 1.30.2.4939@sha256:1cf5d5e553719085f4bffd5fab6377e7b72a6ad055a5eeaac951b2a097f3e669 env: TZ: ${TIMEZONE} PROWLARR__APP__INSTANCENAME: Prowlarr From c6af0f80b68eafb65e46fba6df482f1bb2b21420 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 26 Jan 2025 12:50:15 +0100 Subject: [PATCH 05/37] =?UTF-8?q?fix(container):=20update=20ghcr.io/onedr0?= =?UTF-8?q?p/home-assistant=20(=202025.1.2=20=E2=86=92=202025.1.4=20)=20(#?= =?UTF-8?q?226)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .../apps/home-automation/home-assistant/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml b/kubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml index bfc9c694..6152a516 100644 --- a/kubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml +++ b/kubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml @@ -33,7 +33,7 @@ spec: home-assistant: image: repository: ghcr.io/onedr0p/home-assistant - tag: 2025.1.2@sha256:7103698ead18144a39ae5412467fe1885331367aeb22a9c2046640f0c8f84cf7 + tag: 2025.1.4@sha256:0d20c912e2c2a1a8f76b22f4689b575b4498c3cc334b807a91ecf82f2cd33094 env: TZ: America/New_York HASS_HTTP_TRUSTED_PROXY_1: 192.168.0.8/24 From 8e760b749fdc2a662ad14250301bdd4b67b4c908 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 26 Jan 2025 12:50:24 +0100 Subject: [PATCH 06/37] =?UTF-8?q?fix(container):=20update=20ghcr.io/coder/?= =?UTF-8?q?code-server=20(=204.96.2=20=E2=86=92=204.96.4=20)=20(#225)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .../apps/home-automation/home-assistant/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml b/kubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml index 6152a516..2a9b7211 100644 --- a/kubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml +++ b/kubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml @@ -53,7 +53,7 @@ spec: code-server: image: repository: ghcr.io/coder/code-server - tag: 4.96.2@sha256:6b8c0e944caec80057e71d2c2f352cee38fe00ae4b7515fc4458eb300844f699 + tag: 4.96.4@sha256:f93810f7f6636b3af3b1a750faf612349cddb89fbb6d28d69123a214fc75ee9e args: [ "--auth", From bf5114bb30763dfa298553e79cde1910e035a2fb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 26 Jan 2025 12:50:34 +0100 Subject: [PATCH 07/37] =?UTF-8?q?feat(helm):=20update=20external-secrets?= =?UTF-8?q?=20(=200.12.1=20=E2=86=92=200.13.0=20)=20(#224)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .../apps/external-secrets/external-secrets/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/external-secrets/external-secrets/app/helmrelease.yaml b/kubernetes/apps/external-secrets/external-secrets/app/helmrelease.yaml index fad1aea5..b52b1b5a 100644 --- a/kubernetes/apps/external-secrets/external-secrets/app/helmrelease.yaml +++ b/kubernetes/apps/external-secrets/external-secrets/app/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: external-secrets - version: 0.12.1 + version: 0.13.0 sourceRef: kind: HelmRepository name: external-secrets From 51dce089b4ce9e1322c1f15ad4b46c2e9bafaada Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 26 Jan 2025 12:50:49 +0100 Subject: [PATCH 08/37] chore(mise): upgrade dependencies (#219) Co-authored-by: RonaldPhilipsen <8189044+RonaldPhilipsen@users.noreply.github.com> --- .mise.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.mise.toml b/.mise.toml index 7a3d82bc..0394d6e4 100644 --- a/.mise.toml +++ b/.mise.toml @@ -13,16 +13,16 @@ run = "uv pip install -r requirements.txt" [tools] # Template tools python = "3.13" -uv = "0.5.21" +uv = "0.5.24" # Operations tools "aqua:budimanjojo/talhelper" = "3.0.16" "aqua:cloudflare/cloudflared" = "2025.1.0" "aqua:FiloSottile/age" = "1.2.1" "aqua:fluxcd/flux2" = "2.4.0" -"aqua:getsops/sops" = "3.9.3" +"aqua:getsops/sops" = "3.9.4" "aqua:go-task/task" = "3.41.0" "aqua:helm/helm" = "3.17.0" -"aqua:helmfile/helmfile" = "0.170.0" +"aqua:helmfile/helmfile" = "0.170.1" "aqua:jqlang/jq" = "1.7.1" "aqua:kubernetes-sigs/kustomize" = "5.6.0" "aqua:kubernetes/kubectl" = "1.32.1" From 6325cae532ff481547e1fa45adfd08bc3598ea9f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 26 Jan 2025 12:51:23 +0100 Subject: [PATCH 09/37] =?UTF-8?q?fix(helm):=20update=20grafana=20(=208.8.4?= =?UTF-8?q?=20=E2=86=92=208.8.5=20)=20(#223)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- kubernetes/apps/observability/grafana/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/observability/grafana/app/helmrelease.yaml b/kubernetes/apps/observability/grafana/app/helmrelease.yaml index ca1edd3d..c62fa8da 100644 --- a/kubernetes/apps/observability/grafana/app/helmrelease.yaml +++ b/kubernetes/apps/observability/grafana/app/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: grafana - version: 8.8.4 + version: 8.8.5 sourceRef: kind: HelmRepository name: grafana From 5a1f4c991857dc4d3361b764252a1c12056b5fc7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 26 Jan 2025 12:52:06 +0100 Subject: [PATCH 10/37] =?UTF-8?q?fix(helm):=20update=20cilium=20(=201.16.5?= =?UTF-8?q?=20=E2=86=92=201.16.6=20)=20(#221)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- kubernetes/apps/kube-system/cilium/app/helmrelease.yaml | 2 +- kubernetes/bootstrap/helmfile.yaml | 2 +- .../kubernetes/apps/kube-system/cilium/app/helmrelease.yaml.j2 | 2 +- templates/config/kubernetes/bootstrap/helmfile.yaml.j2 | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml index a59fbfaa..8eae1175 100644 --- a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml +++ b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: cilium - version: 1.16.5 + version: 1.16.6 sourceRef: kind: HelmRepository name: cilium diff --git a/kubernetes/bootstrap/helmfile.yaml b/kubernetes/bootstrap/helmfile.yaml index d97d6de5..c1690802 100644 --- a/kubernetes/bootstrap/helmfile.yaml +++ b/kubernetes/bootstrap/helmfile.yaml @@ -23,7 +23,7 @@ releases: - name: cilium namespace: kube-system chart: cilium/cilium - version: 1.16.5 + version: 1.16.6 values: - ../apps/kube-system/cilium/app/helm-values.yaml needs: diff --git a/templates/config/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml.j2 index a59fbfaa..8eae1175 100644 --- a/templates/config/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml.j2 +++ b/templates/config/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml.j2 @@ -9,7 +9,7 @@ spec: chart: spec: chart: cilium - version: 1.16.5 + version: 1.16.6 sourceRef: kind: HelmRepository name: cilium diff --git a/templates/config/kubernetes/bootstrap/helmfile.yaml.j2 b/templates/config/kubernetes/bootstrap/helmfile.yaml.j2 index d97d6de5..c1690802 100644 --- a/templates/config/kubernetes/bootstrap/helmfile.yaml.j2 +++ b/templates/config/kubernetes/bootstrap/helmfile.yaml.j2 @@ -23,7 +23,7 @@ releases: - name: cilium namespace: kube-system chart: cilium/cilium - version: 1.16.5 + version: 1.16.6 values: - ../apps/kube-system/cilium/app/helm-values.yaml needs: From 778e92e0374819e11eebe2055f03474fb1319525 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 26 Jan 2025 12:52:40 +0100 Subject: [PATCH 11/37] =?UTF-8?q?fix(helm):=20update=20coredns=20(=201.37.?= =?UTF-8?q?2=20=E2=86=92=201.37.3=20)=20(#222)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- kubernetes/apps/kube-system/coredns/app/helmrelease.yaml | 2 +- kubernetes/bootstrap/helmfile.yaml | 2 +- .../kubernetes/apps/kube-system/coredns/app/helmrelease.yaml.j2 | 2 +- templates/config/kubernetes/bootstrap/helmfile.yaml.j2 | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml b/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml index c4a87930..f5b7e389 100644 --- a/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml +++ b/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: coredns - version: 1.37.2 + version: 1.37.3 sourceRef: kind: HelmRepository name: coredns diff --git a/kubernetes/bootstrap/helmfile.yaml b/kubernetes/bootstrap/helmfile.yaml index c1690802..8d7afaea 100644 --- a/kubernetes/bootstrap/helmfile.yaml +++ b/kubernetes/bootstrap/helmfile.yaml @@ -32,7 +32,7 @@ releases: - name: coredns namespace: kube-system chart: coredns/coredns - version: 1.37.2 + version: 1.37.3 values: - ../apps/kube-system/coredns/app/helm-values.yaml needs: diff --git a/templates/config/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml.j2 index c4a87930..f5b7e389 100644 --- a/templates/config/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml.j2 +++ b/templates/config/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml.j2 @@ -9,7 +9,7 @@ spec: chart: spec: chart: coredns - version: 1.37.2 + version: 1.37.3 sourceRef: kind: HelmRepository name: coredns diff --git a/templates/config/kubernetes/bootstrap/helmfile.yaml.j2 b/templates/config/kubernetes/bootstrap/helmfile.yaml.j2 index c1690802..8d7afaea 100644 --- a/templates/config/kubernetes/bootstrap/helmfile.yaml.j2 +++ b/templates/config/kubernetes/bootstrap/helmfile.yaml.j2 @@ -32,7 +32,7 @@ releases: - name: coredns namespace: kube-system chart: coredns/coredns - version: 1.37.2 + version: 1.37.3 values: - ../apps/kube-system/coredns/app/helm-values.yaml needs: From 1f21bf657ef3d1ab1f7f2c8572824e5ff8d88327 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 26 Jan 2025 11:55:07 +0000 Subject: [PATCH 12/37] =?UTF-8?q?fix(container):=20update=20ghcr.io/onedr0?= =?UTF-8?q?p/sonarr-develop=20(=204.0.12.2866=20=E2=86=92=204.0.12.2892=20?= =?UTF-8?q?)=20(#229)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- kubernetes/apps/default/sonarr/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/default/sonarr/app/helmrelease.yaml b/kubernetes/apps/default/sonarr/app/helmrelease.yaml index c04f8a5f..2603d1ec 100644 --- a/kubernetes/apps/default/sonarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/sonarr/app/helmrelease.yaml @@ -48,7 +48,7 @@ spec: main: image: repository: ghcr.io/onedr0p/sonarr-develop - tag: 4.0.12.2866@sha256:8690925866b385cbce810ae83151b0151fc3fe3579c21cd8410f081ff140c798 + tag: 4.0.12.2892@sha256:b2b3e309ac5ac85a3ad0402f9456de62916f9f59dd315bb3c497463a6e504274 env: TZ: ${TIMEZONE} From 433adc0ac966d76c701536fb257e12746b41cfcb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 26 Jan 2025 12:56:54 +0100 Subject: [PATCH 13/37] =?UTF-8?q?fix(container):=20update=20jellyfin/jelly?= =?UTF-8?q?fin=20(=2010.10.3=20=E2=86=92=2010.10.5=20)=20(#230)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- kubernetes/apps/default/jellyfin/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/default/jellyfin/app/helmrelease.yaml b/kubernetes/apps/default/jellyfin/app/helmrelease.yaml index 263f2b6a..365d6244 100644 --- a/kubernetes/apps/default/jellyfin/app/helmrelease.yaml +++ b/kubernetes/apps/default/jellyfin/app/helmrelease.yaml @@ -51,7 +51,7 @@ spec: main: image: repository: jellyfin/jellyfin - tag: 10.10.3 + tag: 10.10.5 pullPolicy: Always env: From de2f8f93dfe90d0dc67e449ea1f7bc74cc98ddd4 Mon Sep 17 00:00:00 2001 From: Ronald Philipsen Date: Sun, 26 Jan 2025 12:57:40 +0100 Subject: [PATCH 14/37] get rid of templates dir --- templates/config/.sops.yaml.j2 | 17 -- .../cert-manager/app/helmrelease.yaml.j2 | 32 ---- .../cert-manager/app/kustomization.yaml.j2 | 6 - .../cert-manager/issuers/.mjfilter.py | 1 - .../issuers/clusterissuers.yaml.j2 | 42 ----- .../issuers/kustomization.yaml.j2 | 7 - .../cert-manager/issuers/secret.sops.yaml.j2 | 8 - .../apps/cert-manager/cert-manager/ks.yaml.j2 | 44 ------ .../apps/cert-manager/kustomization.yaml.j2 | 7 - .../apps/cert-manager/namespace.yaml.j2 | 8 - .../flux-operator/app/helm-values.yaml.j2 | 3 - .../flux-operator/app/helmrelease.yaml.j2 | 27 ---- .../flux-operator/app/kustomization.yaml.j2 | 12 -- .../flux-operator/app/kustomizeconfig.yaml.j2 | 7 - .../instance/github/kustomization.yaml.j2 | 6 - .../instance/github/webhooks/ingress.yaml.j2 | 22 --- .../github/webhooks/kustomization.yaml.j2 | 10 -- .../instance/github/webhooks/receiver.yaml.j2 | 22 --- .../github/webhooks/secret.sops.yaml.j2 | 8 - .../instance/helm-values.yaml.j2 | 17 -- .../instance/helmrelease.yaml.j2 | 30 ---- .../instance/kustomization.yaml.j2 | 13 -- .../instance/kustomizeconfig.yaml.j2 | 7 - .../apps/flux-system/flux-operator/ks.yaml.j2 | 40 ----- .../apps/flux-system/kustomization.yaml.j2 | 7 - .../apps/flux-system/namespace.yaml.j2 | 8 - .../cilium/app/helm-values.yaml.j2 | 88 ----------- .../cilium/app/helmrelease.yaml.j2 | 26 --- .../cilium/app/kustomization.yaml.j2 | 12 -- .../cilium/app/kustomizeconfig.yaml.j2 | 7 - .../cilium/config/kustomization.yaml.j2 | 12 -- .../apps/kube-system/cilium/config/l2.yaml.j2 | 17 -- .../apps/kube-system/cilium/config/l3.yaml.j2 | 24 --- .../kube-system/cilium/config/pool.yaml.j2 | 10 -- .../apps/kube-system/cilium/ks.yaml.j2 | 42 ----- .../coredns/app/helm-values.yaml.j2 | 51 ------ .../coredns/app/helmrelease.yaml.j2 | 27 ---- .../coredns/app/kustomization.yaml.j2 | 12 -- .../coredns/app/kustomizeconfig.yaml.j2 | 7 - .../apps/kube-system/coredns/ks.yaml.j2 | 20 --- .../apps/kube-system/kustomization.yaml.j2 | 11 -- .../metrics-server/app/helmrelease.yaml.j2 | 34 ---- .../metrics-server/app/kustomization.yaml.j2 | 6 - .../kube-system/metrics-server/ks.yaml.j2 | 20 --- .../apps/kube-system/namespace.yaml.j2 | 8 - .../reloader/app/helmrelease.yaml.j2 | 30 ---- .../reloader/app/kustomization.yaml.j2 | 6 - .../apps/kube-system/reloader/ks.yaml.j2 | 20 --- .../spegel/app/helm-values.yaml.j2 | 11 -- .../spegel/app/helmrelease.yaml.j2 | 26 --- .../spegel/app/kustomization.yaml.j2 | 12 -- .../spegel/app/kustomizeconfig.yaml.j2 | 7 - .../apps/kube-system/spegel/ks.yaml.j2 | 20 --- .../kubernetes/apps/network/.mjfilter.py | 1 - .../cloudflared/app/configs/config.yaml.j2 | 18 --- .../cloudflared/app/dnsendpoint.yaml.j2 | 11 -- .../cloudflared/app/helmrelease.yaml.j2 | 110 ------------- .../cloudflared/app/kustomization.yaml.j2 | 14 -- .../cloudflared/app/secret.sops.yaml.j2 | 14 -- .../apps/network/cloudflared/ks.yaml.j2 | 22 --- .../echo-server/app/helmrelease.yaml.j2 | 92 ----------- .../echo-server/app/kustomization.yaml.j2 | 6 - .../apps/network/echo-server/ks.yaml.j2 | 20 --- .../external-dns/app/helmrelease.yaml.j2 | 52 ------ .../external-dns/app/kustomization.yaml.j2 | 7 - .../external-dns/app/secret.sops.yaml.j2 | 8 - .../apps/network/external-dns/ks.yaml.j2 | 20 --- .../certificates/kustomization.yaml.j2 | 9 -- .../certificates/production.yaml.j2 | 15 -- .../certificates/staging.yaml.j2 | 15 -- .../external/helmrelease.yaml.j2 | 84 ---------- .../external/kustomization.yaml.j2 | 6 - .../internal/helmrelease.yaml.j2 | 79 ---------- .../internal/kustomization.yaml.j2 | 6 - .../apps/network/ingress-nginx/ks.yaml.j2 | 66 -------- .../k8s-gateway/app/helmrelease.yaml.j2 | 34 ---- .../k8s-gateway/app/kustomization.yaml.j2 | 6 - .../apps/network/k8s-gateway/ks.yaml.j2 | 20 --- .../apps/network/kustomization.yaml.j2 | 11 -- .../kubernetes/apps/network/namespace.yaml.j2 | 8 - .../apps/observability/kustomization.yaml.j2 | 7 - .../apps/observability/namespace.yaml.j2 | 8 - .../app/helmrelease.yaml.j2 | 23 --- .../app/kustomization.yaml.j2 | 6 - .../prometheus-operator-crds/ks.yaml.j2 | 20 --- .../apps/openebs-system/kustomization.yaml.j2 | 7 - .../apps/openebs-system/namespace.yaml.j2 | 8 - .../openebs/app/helmrelease.yaml.j2 | 49 ------ .../openebs/app/kustomization.yaml.j2 | 6 - .../apps/openebs-system/openebs/ks.yaml.j2 | 20 --- .../flux/github-deploy-key.sops.yaml.j2 | 18 --- .../kubernetes/bootstrap/helmfile.yaml.j2 | 67 -------- .../bootstrap/talos/patches/README.md.j2 | 15 -- .../admission-controller-patch.yaml.j2 | 2 - .../talos/patches/controller/cluster.yaml.j2 | 17 -- .../patches/global/machine-files.yaml.j2 | 7 - .../patches/global/machine-kubelet.yaml.j2 | 13 -- .../patches/global/machine-network.yaml.j2 | 7 - .../patches/global/machine-sysctls.yaml.j2 | 6 - .../talos/patches/global/machine-time.yaml.j2 | 7 - .../bootstrap/talos/talconfig.yaml.j2 | 148 ------------------ .../config/kubernetes/flux/cluster/ks.yaml.j2 | 72 --------- .../flux/meta/kustomization.yaml.j2 | 7 - .../repositories/git/kustomization.yaml.j2 | 5 - .../flux/meta/repositories/helm/bjw-s.yaml.j2 | 11 -- .../meta/repositories/helm/cilium.yaml.j2 | 10 -- .../repositories/helm/controlplaneio.yaml.j2 | 11 -- .../meta/repositories/helm/coredns.yaml.j2 | 10 -- .../repositories/helm/external-dns.yaml.j2 | 10 -- .../repositories/helm/ingress-nginx.yaml.j2 | 10 -- .../meta/repositories/helm/jetstack.yaml.j2 | 10 -- .../repositories/helm/k8s-gateway.yaml.j2 | 10 -- .../repositories/helm/kustomization.yaml.j2 | 18 --- .../repositories/helm/metrics-server.yaml.j2 | 10 -- .../meta/repositories/helm/openebs.yaml.j2 | 10 -- .../helm/prometheus-community.yaml.j2 | 11 -- .../meta/repositories/helm/spegel.yaml.j2 | 11 -- .../meta/repositories/helm/stakater.yaml.j2 | 11 -- .../meta/repositories/kustomization.yaml.j2 | 8 - .../repositories/oci/kustomization.yaml.j2 | 5 - .../settings/cluster-secrets.sops.yaml.j2 | 15 -- .../meta/settings/cluster-settings.yaml.j2 | 8 - .../flux/meta/settings/kustomization.yaml.j2 | 7 - templates/overrides/readme.partial.yaml.j2 | 5 - templates/scripts/plugin.py | 81 ---------- templates/scripts/validation.py | 118 -------------- 126 files changed, 2676 deletions(-) delete mode 100644 templates/config/.sops.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/.mjfilter.py delete mode 100644 templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/clusterissuers.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/cert-manager/cert-manager/ks.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/cert-manager/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/cert-manager/namespace.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/flux-system/flux-operator/app/helm-values.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/flux-system/flux-operator/app/helmrelease.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/flux-system/flux-operator/app/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/flux-system/flux-operator/app/kustomizeconfig.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/ingress.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/receiver.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/secret.sops.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/flux-system/flux-operator/instance/helm-values.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/flux-system/flux-operator/instance/helmrelease.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/flux-system/flux-operator/instance/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/flux-system/flux-operator/instance/kustomizeconfig.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/flux-system/flux-operator/ks.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/flux-system/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/flux-system/namespace.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/cilium/app/helm-values.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/cilium/app/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/cilium/config/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/cilium/config/l2.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/cilium/config/l3.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/cilium/config/pool.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/cilium/ks.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/coredns/app/helm-values.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/coredns/app/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/coredns/ks.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/metrics-server/ks.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/namespace.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/reloader/app/helmrelease.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/reloader/app/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/reloader/ks.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/spegel/app/helm-values.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/spegel/app/helmrelease.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/spegel/app/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/spegel/app/kustomizeconfig.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/kube-system/spegel/ks.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/.mjfilter.py delete mode 100644 templates/config/kubernetes/apps/network/cloudflared/app/configs/config.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/cloudflared/app/dnsendpoint.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/cloudflared/app/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/cloudflared/app/secret.sops.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/cloudflared/ks.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/echo-server/app/helmrelease.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/echo-server/app/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/echo-server/ks.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/external-dns/app/helmrelease.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/external-dns/app/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/external-dns/app/secret.sops.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/external-dns/ks.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/ingress-nginx/certificates/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/ingress-nginx/certificates/production.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/ingress-nginx/certificates/staging.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/ingress-nginx/external/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/ingress-nginx/internal/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/ingress-nginx/ks.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/k8s-gateway/app/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/k8s-gateway/ks.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/network/namespace.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/observability/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/observability/namespace.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/observability/prometheus-operator-crds/app/helmrelease.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/observability/prometheus-operator-crds/app/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/observability/prometheus-operator-crds/ks.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/openebs-system/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/openebs-system/namespace.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/openebs-system/openebs/app/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/apps/openebs-system/openebs/ks.yaml.j2 delete mode 100644 templates/config/kubernetes/bootstrap/flux/github-deploy-key.sops.yaml.j2 delete mode 100644 templates/config/kubernetes/bootstrap/helmfile.yaml.j2 delete mode 100644 templates/config/kubernetes/bootstrap/talos/patches/README.md.j2 delete mode 100644 templates/config/kubernetes/bootstrap/talos/patches/controller/admission-controller-patch.yaml.j2 delete mode 100644 templates/config/kubernetes/bootstrap/talos/patches/controller/cluster.yaml.j2 delete mode 100644 templates/config/kubernetes/bootstrap/talos/patches/global/machine-files.yaml.j2 delete mode 100644 templates/config/kubernetes/bootstrap/talos/patches/global/machine-kubelet.yaml.j2 delete mode 100644 templates/config/kubernetes/bootstrap/talos/patches/global/machine-network.yaml.j2 delete mode 100644 templates/config/kubernetes/bootstrap/talos/patches/global/machine-sysctls.yaml.j2 delete mode 100644 templates/config/kubernetes/bootstrap/talos/patches/global/machine-time.yaml.j2 delete mode 100644 templates/config/kubernetes/bootstrap/talos/talconfig.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/cluster/ks.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/repositories/git/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/repositories/helm/bjw-s.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/repositories/helm/cilium.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/repositories/helm/controlplaneio.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/repositories/helm/coredns.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/repositories/helm/external-dns.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/repositories/helm/ingress-nginx.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/repositories/helm/jetstack.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/repositories/helm/k8s-gateway.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/repositories/helm/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/repositories/helm/metrics-server.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/repositories/helm/openebs.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/repositories/helm/prometheus-community.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/repositories/helm/spegel.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/repositories/helm/stakater.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/repositories/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/repositories/oci/kustomization.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/settings/cluster-secrets.sops.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/settings/cluster-settings.yaml.j2 delete mode 100644 templates/config/kubernetes/flux/meta/settings/kustomization.yaml.j2 delete mode 100644 templates/overrides/readme.partial.yaml.j2 delete mode 100644 templates/scripts/plugin.py delete mode 100644 templates/scripts/validation.py diff --git a/templates/config/.sops.yaml.j2 b/templates/config/.sops.yaml.j2 deleted file mode 100644 index 82c8ab4b..00000000 --- a/templates/config/.sops.yaml.j2 +++ /dev/null @@ -1,17 +0,0 @@ ---- -creation_rules: - - # IMPORTANT: This rule MUST be above the others - path_regex: talos/.*\.sops\.ya?ml - mac_only_encrypted: true - key_groups: - - age: - - "#{ age_pubkey }#" - - path_regex: kubernetes/.*\.sops\.ya?ml - encrypted_regex: "^(data|stringData)$" - mac_only_encrypted: true - key_groups: - - age: - - "#{ age_pubkey }#" -stores: - yaml: - indent: 2 diff --git a/templates/config/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml.j2 deleted file mode 100644 index 03d11c68..00000000 --- a/templates/config/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml.j2 +++ /dev/null @@ -1,32 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: cert-manager -spec: - interval: 30m - chart: - spec: - chart: cert-manager - version: v1.16.3 - sourceRef: - kind: HelmRepository - name: jetstack - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - values: - crds: - enabled: true - dns01RecursiveNameservers: https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query - dns01RecursiveNameserversOnly: true - prometheus: - enabled: true - servicemonitor: - enabled: true diff --git a/templates/config/kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml.j2 b/templates/config/kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml.j2 deleted file mode 100644 index 17cbc72b..00000000 --- a/templates/config/kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml.j2 +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml diff --git a/templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/.mjfilter.py b/templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/.mjfilter.py deleted file mode 100644 index b3d52646..00000000 --- a/templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/.mjfilter.py +++ /dev/null @@ -1 +0,0 @@ -main = lambda data: data.get("cloudflare", {}).get("enabled", False) == True diff --git a/templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/clusterissuers.yaml.j2 b/templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/clusterissuers.yaml.j2 deleted file mode 100644 index bbee529b..00000000 --- a/templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/clusterissuers.yaml.j2 +++ /dev/null @@ -1,42 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cert-manager.io/clusterissuer_v1.json -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-production -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: "${SECRET_ACME_EMAIL}" - privateKeySecretRef: - name: letsencrypt-production - solvers: - - dns01: - cloudflare: - apiTokenSecretRef: - name: cert-manager-secret - key: api-token - selector: - dnsZones: - - "${SECRET_DOMAIN}" ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cert-manager.io/clusterissuer_v1.json -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: "${SECRET_ACME_EMAIL}" - privateKeySecretRef: - name: letsencrypt-staging - solvers: - - dns01: - cloudflare: - apiTokenSecretRef: - name: cert-manager-secret - key: api-token - selector: - dnsZones: - - "${SECRET_DOMAIN}" diff --git a/templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml.j2 b/templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml.j2 deleted file mode 100644 index 74f27f03..00000000 --- a/templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./secret.sops.yaml - - ./clusterissuers.yaml diff --git a/templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml.j2 b/templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml.j2 deleted file mode 100644 index 76d98ebf..00000000 --- a/templates/config/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml.j2 +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetesjsonschema.dev/v1.18.1-standalone-strict/secret-v1.json -apiVersion: v1 -kind: Secret -metadata: - name: cert-manager-secret -stringData: - api-token: "#{ cloudflare.token }#" diff --git a/templates/config/kubernetes/apps/cert-manager/cert-manager/ks.yaml.j2 b/templates/config/kubernetes/apps/cert-manager/cert-manager/ks.yaml.j2 deleted file mode 100644 index 06440442..00000000 --- a/templates/config/kubernetes/apps/cert-manager/cert-manager/ks.yaml.j2 +++ /dev/null @@ -1,44 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app cert-manager - namespace: flux-system -spec: - targetNamespace: cert-manager - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./kubernetes/apps/cert-manager/cert-manager/app - prune: true - sourceRef: - kind: GitRepository - name: flux-system - wait: true - interval: 30m - timeout: 5m -#% if cloudflare.enabled %# ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app cert-manager-issuers - namespace: flux-system -spec: - targetNamespace: cert-manager - commonMetadata: - labels: - app.kubernetes.io/name: *app - dependsOn: - - name: cert-manager - path: ./kubernetes/apps/cert-manager/cert-manager/issuers - prune: true - sourceRef: - kind: GitRepository - name: flux-system - wait: true - interval: 30m - timeout: 5m -#% endif %# diff --git a/templates/config/kubernetes/apps/cert-manager/kustomization.yaml.j2 b/templates/config/kubernetes/apps/cert-manager/kustomization.yaml.j2 deleted file mode 100644 index abbe7755..00000000 --- a/templates/config/kubernetes/apps/cert-manager/kustomization.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./namespace.yaml - - ./cert-manager/ks.yaml diff --git a/templates/config/kubernetes/apps/cert-manager/namespace.yaml.j2 b/templates/config/kubernetes/apps/cert-manager/namespace.yaml.j2 deleted file mode 100644 index 4c97ba2a..00000000 --- a/templates/config/kubernetes/apps/cert-manager/namespace.yaml.j2 +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetesjsonschema.dev/v1.18.1-standalone-strict/namespace-v1.json -apiVersion: v1 -kind: Namespace -metadata: - name: cert-manager - labels: - kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/templates/config/kubernetes/apps/flux-system/flux-operator/app/helm-values.yaml.j2 b/templates/config/kubernetes/apps/flux-system/flux-operator/app/helm-values.yaml.j2 deleted file mode 100644 index 8c63a545..00000000 --- a/templates/config/kubernetes/apps/flux-system/flux-operator/app/helm-values.yaml.j2 +++ /dev/null @@ -1,3 +0,0 @@ ---- -serviceMonitor: - create: true diff --git a/templates/config/kubernetes/apps/flux-system/flux-operator/app/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/flux-system/flux-operator/app/helmrelease.yaml.j2 deleted file mode 100644 index e42a6f62..00000000 --- a/templates/config/kubernetes/apps/flux-system/flux-operator/app/helmrelease.yaml.j2 +++ /dev/null @@ -1,27 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: flux-operator -spec: - interval: 30m - chart: - spec: - chart: flux-operator - version: 0.13.0 - sourceRef: - kind: HelmRepository - name: controlplaneio - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - strategy: rollback - retries: 3 - valuesFrom: - - kind: ConfigMap - name: flux-operator-helm-values diff --git a/templates/config/kubernetes/apps/flux-system/flux-operator/app/kustomization.yaml.j2 b/templates/config/kubernetes/apps/flux-system/flux-operator/app/kustomization.yaml.j2 deleted file mode 100644 index 51ab2028..00000000 --- a/templates/config/kubernetes/apps/flux-system/flux-operator/app/kustomization.yaml.j2 +++ /dev/null @@ -1,12 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml -configMapGenerator: - - name: flux-operator-helm-values - files: - - values.yaml=./helm-values.yaml -configurations: - - kustomizeconfig.yaml diff --git a/templates/config/kubernetes/apps/flux-system/flux-operator/app/kustomizeconfig.yaml.j2 b/templates/config/kubernetes/apps/flux-system/flux-operator/app/kustomizeconfig.yaml.j2 deleted file mode 100644 index 58f92ba1..00000000 --- a/templates/config/kubernetes/apps/flux-system/flux-operator/app/kustomizeconfig.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ ---- -nameReference: - - kind: ConfigMap - version: v1 - fieldSpecs: - - path: spec/valuesFrom/name - kind: HelmRelease diff --git a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/kustomization.yaml.j2 b/templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/kustomization.yaml.j2 deleted file mode 100644 index b693651a..00000000 --- a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/kustomization.yaml.j2 +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./webhooks diff --git a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/ingress.yaml.j2 b/templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/ingress.yaml.j2 deleted file mode 100644 index 85de85e1..00000000 --- a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/ingress.yaml.j2 +++ /dev/null @@ -1,22 +0,0 @@ -#% if cloudflare.enabled %# ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: flux-webhook - annotations: - external-dns.alpha.kubernetes.io/target: "external.${SECRET_DOMAIN}" -spec: - ingressClassName: external - rules: - - host: "flux-webhook.${SECRET_DOMAIN}" - http: - paths: - - path: /hook/ - pathType: Prefix - backend: - service: - name: webhook-receiver - port: - number: 80 -#% endif %# diff --git a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/kustomization.yaml.j2 b/templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/kustomization.yaml.j2 deleted file mode 100644 index 53960f95..00000000 --- a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/kustomization.yaml.j2 +++ /dev/null @@ -1,10 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./secret.sops.yaml - #% if cloudflare.enabled %# - - ./ingress.yaml - #% endif %# - - ./receiver.yaml diff --git a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/receiver.yaml.j2 b/templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/receiver.yaml.j2 deleted file mode 100644 index 882adfa2..00000000 --- a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/receiver.yaml.j2 +++ /dev/null @@ -1,22 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/receiver-notification-v1.json -apiVersion: notification.toolkit.fluxcd.io/v1 -kind: Receiver -metadata: - name: github-receiver -spec: - type: github - events: - - ping - - push - secretRef: - name: github-webhook-token-secret - resources: - - apiVersion: source.toolkit.fluxcd.io/v1 - kind: GitRepository - name: flux-system - namespace: flux-system - - apiVersion: kustomize.toolkit.fluxcd.io/v1 - kind: Kustomization - name: flux-system - namespace: flux-system diff --git a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/secret.sops.yaml.j2 b/templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/secret.sops.yaml.j2 deleted file mode 100644 index ae3b6eea..00000000 --- a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/github/webhooks/secret.sops.yaml.j2 +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetesjsonschema.dev/v1.18.1-standalone-strict/secret-v1.json -apiVersion: v1 -kind: Secret -metadata: - name: github-webhook-token-secret -stringData: - token: "#{ github.webhook_token }#" diff --git a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/helm-values.yaml.j2 b/templates/config/kubernetes/apps/flux-system/flux-operator/instance/helm-values.yaml.j2 deleted file mode 100644 index 3849051d..00000000 --- a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/helm-values.yaml.j2 +++ /dev/null @@ -1,17 +0,0 @@ ---- -instance: - cluster: - networkPolicy: false - components: - - source-controller - - kustomize-controller - - helm-controller - - notification-controller - sync: - kind: GitRepository - url: "#{ github.address }#" - ref: "refs/heads/#{ github.branch | default('main', true) }#" - path: kubernetes/flux/cluster - #% if github.private_key %# - pullSecret: github-deploy-key - #% endif %# diff --git a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/flux-system/flux-operator/instance/helmrelease.yaml.j2 deleted file mode 100644 index fca59ace..00000000 --- a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/helmrelease.yaml.j2 +++ /dev/null @@ -1,30 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: flux-instance -spec: - interval: 30m - chart: - spec: - chart: flux-instance - version: 0.13.0 - sourceRef: - kind: HelmRepository - name: controlplaneio - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - strategy: rollback - retries: 3 - dependsOn: - - name: flux-operator - namespace: flux-system - valuesFrom: - - kind: ConfigMap - name: flux-instance-helm-values diff --git a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/kustomization.yaml.j2 b/templates/config/kubernetes/apps/flux-system/flux-operator/instance/kustomization.yaml.j2 deleted file mode 100644 index 24ebe9ad..00000000 --- a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/kustomization.yaml.j2 +++ /dev/null @@ -1,13 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./github - - ./helmrelease.yaml -configMapGenerator: - - name: flux-instance-helm-values - files: - - values.yaml=./helm-values.yaml -configurations: - - kustomizeconfig.yaml diff --git a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/kustomizeconfig.yaml.j2 b/templates/config/kubernetes/apps/flux-system/flux-operator/instance/kustomizeconfig.yaml.j2 deleted file mode 100644 index 58f92ba1..00000000 --- a/templates/config/kubernetes/apps/flux-system/flux-operator/instance/kustomizeconfig.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ ---- -nameReference: - - kind: ConfigMap - version: v1 - fieldSpecs: - - path: spec/valuesFrom/name - kind: HelmRelease diff --git a/templates/config/kubernetes/apps/flux-system/flux-operator/ks.yaml.j2 b/templates/config/kubernetes/apps/flux-system/flux-operator/ks.yaml.j2 deleted file mode 100644 index 7791dedf..00000000 --- a/templates/config/kubernetes/apps/flux-system/flux-operator/ks.yaml.j2 +++ /dev/null @@ -1,40 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app flux-operator - namespace: flux-system -spec: - targetNamespace: flux-system - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./kubernetes/apps/flux-system/flux-operator/app - prune: false # never should be deleted - sourceRef: - kind: GitRepository - name: flux-system - wait: false - interval: 30m - timeout: 5m ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app flux-instance - namespace: flux-system -spec: - targetNamespace: flux-system - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./kubernetes/apps/flux-system/flux-operator/instance - prune: false # never should be deleted - sourceRef: - kind: GitRepository - name: flux-system - wait: false - interval: 30m - timeout: 5m diff --git a/templates/config/kubernetes/apps/flux-system/kustomization.yaml.j2 b/templates/config/kubernetes/apps/flux-system/kustomization.yaml.j2 deleted file mode 100644 index fcfb6a18..00000000 --- a/templates/config/kubernetes/apps/flux-system/kustomization.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./namespace.yaml - - ./flux-operator/ks.yaml diff --git a/templates/config/kubernetes/apps/flux-system/namespace.yaml.j2 b/templates/config/kubernetes/apps/flux-system/namespace.yaml.j2 deleted file mode 100644 index 2f99e332..00000000 --- a/templates/config/kubernetes/apps/flux-system/namespace.yaml.j2 +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetesjsonschema.dev/v1.18.1-standalone-strict/namespace-v1.json -apiVersion: v1 -kind: Namespace -metadata: - name: flux-system - labels: - kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/templates/config/kubernetes/apps/kube-system/cilium/app/helm-values.yaml.j2 b/templates/config/kubernetes/apps/kube-system/cilium/app/helm-values.yaml.j2 deleted file mode 100644 index c725b7f2..00000000 --- a/templates/config/kubernetes/apps/kube-system/cilium/app/helm-values.yaml.j2 +++ /dev/null @@ -1,88 +0,0 @@ ---- -autoDirectNodeRoutes: true -bpf: - masquerade: true - # Ref: https://github.com/siderolabs/talos/issues/10002 - hostLegacyRouting: true -#% if bgp.enabled %# -bgpControlPlane: - enabled: true -#% endif %# -cni: - # Required for pairing with Multus CNI - exclusive: false -cgroup: - automount: - enabled: false - hostRoot: /sys/fs/cgroup -# NOTE: devices might need to be set if you have more than one active NIC on your hosts -# devices: eno+ eth+ -endpointRoutes: - enabled: true -envoy: - enabled: false -dashboards: - enabled: true -hubble: - enabled: false -ipam: - mode: kubernetes -ipv4NativeRoutingCIDR: "#{ pod_network.split(',')[0] }#" -#% if dual_stack_ipv4_first %# -ipv6NativeRoutingCIDR: "#{ pod_network.split(',')[1] }#" -ipv6: - enabled: true -#% endif %# -k8sServiceHost: 127.0.0.1 -k8sServicePort: 7445 -kubeProxyReplacement: true -kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256 -l2announcements: - #% if not dual_stack_ipv4_first %# - enabled: true - #% else %# - # Ref: https://github.com/cilium/cilium/issues/28985 - enabled: false - #% endif %# -loadBalancer: - algorithm: maglev - mode: "#{ loadbalancer_mode | default('dsr', true) }#" -localRedirectPolicy: true -operator: - replicas: 1 - rollOutPods: true - prometheus: - enabled: true - serviceMonitor: - enabled: true - dashboards: - enabled: true -prometheus: - enabled: true - serviceMonitor: - enabled: true - trustCRDsExist: true -rollOutCiliumPods: true -routingMode: native -securityContext: - capabilities: - ciliumAgent: - - CHOWN - - KILL - - NET_ADMIN - - NET_RAW - - IPC_LOCK - - SYS_ADMIN - - SYS_RESOURCE - - PERFMON - - BPF - - DAC_OVERRIDE - - FOWNER - - SETGID - - SETUID - cleanCiliumState: - - NET_ADMIN - - SYS_ADMIN - - SYS_RESOURCE -socketLB: - hostNamespaceOnly: true diff --git a/templates/config/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml.j2 deleted file mode 100644 index 8eae1175..00000000 --- a/templates/config/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml.j2 +++ /dev/null @@ -1,26 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: cilium -spec: - interval: 30m - chart: - spec: - chart: cilium - version: 1.16.6 - sourceRef: - kind: HelmRepository - name: cilium - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - valuesFrom: - - kind: ConfigMap - name: cilium-helm-values diff --git a/templates/config/kubernetes/apps/kube-system/cilium/app/kustomization.yaml.j2 b/templates/config/kubernetes/apps/kube-system/cilium/app/kustomization.yaml.j2 deleted file mode 100644 index 25781ef1..00000000 --- a/templates/config/kubernetes/apps/kube-system/cilium/app/kustomization.yaml.j2 +++ /dev/null @@ -1,12 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml -configMapGenerator: - - name: cilium-helm-values - files: - - values.yaml=./helm-values.yaml -configurations: - - kustomizeconfig.yaml diff --git a/templates/config/kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml.j2 b/templates/config/kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml.j2 deleted file mode 100644 index 58f92ba1..00000000 --- a/templates/config/kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ ---- -nameReference: - - kind: ConfigMap - version: v1 - fieldSpecs: - - path: spec/valuesFrom/name - kind: HelmRelease diff --git a/templates/config/kubernetes/apps/kube-system/cilium/config/kustomization.yaml.j2 b/templates/config/kubernetes/apps/kube-system/cilium/config/kustomization.yaml.j2 deleted file mode 100644 index f1905984..00000000 --- a/templates/config/kubernetes/apps/kube-system/cilium/config/kustomization.yaml.j2 +++ /dev/null @@ -1,12 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - #% if not dual_stack_ipv4_first %# - - ./l2.yaml - #% endif %# - #% if bgp.enabled %# - - ./l3.yaml - #% endif %# - - ./pool.yaml diff --git a/templates/config/kubernetes/apps/kube-system/cilium/config/l2.yaml.j2 b/templates/config/kubernetes/apps/kube-system/cilium/config/l2.yaml.j2 deleted file mode 100644 index 88f65d5b..00000000 --- a/templates/config/kubernetes/apps/kube-system/cilium/config/l2.yaml.j2 +++ /dev/null @@ -1,17 +0,0 @@ -#% if not dual_stack_ipv4_first %# ---- -# yaml-language-server: $schema=https://datreeio.github.io/CRDs-catalog/cilium.io/ciliuml2announcementpolicy_v2alpha1.json -apiVersion: cilium.io/v2alpha1 -kind: CiliumL2AnnouncementPolicy -metadata: - name: l2-policy -spec: - loadBalancerIPs: true - # NOTE: interfaces might need to be set if you have more than one active NIC on your hosts - # interfaces: - # - ^eno[0-9]+ - # - ^eth[0-9]+ - nodeSelector: - matchLabels: - kubernetes.io/os: linux -#% endif %# diff --git a/templates/config/kubernetes/apps/kube-system/cilium/config/l3.yaml.j2 b/templates/config/kubernetes/apps/kube-system/cilium/config/l3.yaml.j2 deleted file mode 100644 index ae0e2dcf..00000000 --- a/templates/config/kubernetes/apps/kube-system/cilium/config/l3.yaml.j2 +++ /dev/null @@ -1,24 +0,0 @@ -#% if bgp.enabled %# ---- -# yaml-language-server: $schema=https://datreeio.github.io/CRDs-catalog/cilium.io/ciliumbgppeeringpolicy_v2alpha1.json -apiVersion: cilium.io/v2alpha1 -kind: CiliumBGPPeeringPolicy -metadata: - name: l3-policy -spec: - nodeSelector: - matchLabels: - kubernetes.io/os: linux - virtualRouters: - - localASN: #{ bgp.node_asn }# - exportPodCIDR: false - serviceSelector: - matchExpressions: - - key: thisFakeSelector - operator: NotIn - values: - - will-match-and-announce-all-services - neighbors: - - peerAddress: "#{ bgp.router_address }#/32" - peerASN: #{ bgp.router_asn }# -#% endif %# diff --git a/templates/config/kubernetes/apps/kube-system/cilium/config/pool.yaml.j2 b/templates/config/kubernetes/apps/kube-system/cilium/config/pool.yaml.j2 deleted file mode 100644 index 8e45b20f..00000000 --- a/templates/config/kubernetes/apps/kube-system/cilium/config/pool.yaml.j2 +++ /dev/null @@ -1,10 +0,0 @@ ---- -# yaml-language-server: $schema=https://datreeio.github.io/CRDs-catalog/cilium.io/ciliumloadbalancerippool_v2alpha1.json -apiVersion: cilium.io/v2alpha1 -kind: CiliumLoadBalancerIPPool -metadata: - name: pool -spec: - allowFirstLastIPs: "Yes" - blocks: - - cidr: "#{ node_network }#" diff --git a/templates/config/kubernetes/apps/kube-system/cilium/ks.yaml.j2 b/templates/config/kubernetes/apps/kube-system/cilium/ks.yaml.j2 deleted file mode 100644 index 673daebf..00000000 --- a/templates/config/kubernetes/apps/kube-system/cilium/ks.yaml.j2 +++ /dev/null @@ -1,42 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app cilium - namespace: flux-system -spec: - targetNamespace: kube-system - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./kubernetes/apps/kube-system/cilium/app - prune: false # never should be deleted - sourceRef: - kind: GitRepository - name: flux-system - wait: true - interval: 30m - timeout: 5m ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app cilium-config - namespace: flux-system -spec: - targetNamespace: kube-system - commonMetadata: - labels: - app.kubernetes.io/name: *app - dependsOn: - - name: cilium - path: ./kubernetes/apps/kube-system/cilium/config - prune: false # never should be deleted - sourceRef: - kind: GitRepository - name: flux-system - wait: false - interval: 30m - timeout: 5m diff --git a/templates/config/kubernetes/apps/kube-system/coredns/app/helm-values.yaml.j2 b/templates/config/kubernetes/apps/kube-system/coredns/app/helm-values.yaml.j2 deleted file mode 100644 index 0fc62cbf..00000000 --- a/templates/config/kubernetes/apps/kube-system/coredns/app/helm-values.yaml.j2 +++ /dev/null @@ -1,51 +0,0 @@ ---- -fullnameOverride: coredns -k8sAppLabelOverride: kube-dns -serviceAccount: - create: true -service: - name: kube-dns - clusterIP: "#{ service_network | nthhost(10) }#" -replicaCount: 2 -servers: - - zones: - - zone: . - scheme: dns:// - use_tcp: true - port: 53 - plugins: - - name: errors - - name: health - configBlock: |- - lameduck 5s - - name: ready - - name: log - configBlock: |- - class error - - name: prometheus - parameters: 0.0.0.0:9153 - - name: kubernetes - parameters: cluster.local in-addr.arpa ip6.arpa - configBlock: |- - pods insecure - fallthrough in-addr.arpa ip6.arpa - - name: forward - parameters: . /etc/resolv.conf - - name: cache - parameters: 30 - - name: loop - - name: reload - - name: loadbalance -affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists -tolerations: - - key: CriticalAddonsOnly - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoSchedule diff --git a/templates/config/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml.j2 deleted file mode 100644 index f5b7e389..00000000 --- a/templates/config/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml.j2 +++ /dev/null @@ -1,27 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: coredns -spec: - interval: 30m - chart: - spec: - chart: coredns - version: 1.37.3 - sourceRef: - kind: HelmRepository - name: coredns - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - strategy: rollback - retries: 3 - valuesFrom: - - kind: ConfigMap - name: coredns-helm-values diff --git a/templates/config/kubernetes/apps/kube-system/coredns/app/kustomization.yaml.j2 b/templates/config/kubernetes/apps/kube-system/coredns/app/kustomization.yaml.j2 deleted file mode 100644 index 39444bbd..00000000 --- a/templates/config/kubernetes/apps/kube-system/coredns/app/kustomization.yaml.j2 +++ /dev/null @@ -1,12 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml -configMapGenerator: - - name: coredns-helm-values - files: - - values.yaml=./helm-values.yaml -configurations: - - kustomizeconfig.yaml diff --git a/templates/config/kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml.j2 b/templates/config/kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml.j2 deleted file mode 100644 index 58f92ba1..00000000 --- a/templates/config/kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ ---- -nameReference: - - kind: ConfigMap - version: v1 - fieldSpecs: - - path: spec/valuesFrom/name - kind: HelmRelease diff --git a/templates/config/kubernetes/apps/kube-system/coredns/ks.yaml.j2 b/templates/config/kubernetes/apps/kube-system/coredns/ks.yaml.j2 deleted file mode 100644 index 2e8c6ec4..00000000 --- a/templates/config/kubernetes/apps/kube-system/coredns/ks.yaml.j2 +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app coredns - namespace: flux-system -spec: - targetNamespace: kube-system - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./kubernetes/apps/kube-system/coredns/app - prune: false # never should be deleted - sourceRef: - kind: GitRepository - name: flux-system - wait: false - interval: 30m - timeout: 5m diff --git a/templates/config/kubernetes/apps/kube-system/kustomization.yaml.j2 b/templates/config/kubernetes/apps/kube-system/kustomization.yaml.j2 deleted file mode 100644 index 76d8d748..00000000 --- a/templates/config/kubernetes/apps/kube-system/kustomization.yaml.j2 +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./namespace.yaml - - ./cilium/ks.yaml - - ./coredns/ks.yaml - - ./metrics-server/ks.yaml - - ./reloader/ks.yaml - - ./spegel/ks.yaml diff --git a/templates/config/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml.j2 deleted file mode 100644 index 953ce4d0..00000000 --- a/templates/config/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml.j2 +++ /dev/null @@ -1,34 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: metrics-server -spec: - interval: 30m - chart: - spec: - chart: metrics-server - version: 3.12.2 - sourceRef: - kind: HelmRepository - name: metrics-server - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - values: - args: - - --kubelet-insecure-tls - - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - - --kubelet-use-node-status-port - - --metric-resolution=10s - - --kubelet-request-timeout=2s - metrics: - enabled: true - serviceMonitor: - enabled: true diff --git a/templates/config/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml.j2 b/templates/config/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml.j2 deleted file mode 100644 index 17cbc72b..00000000 --- a/templates/config/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml.j2 +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml diff --git a/templates/config/kubernetes/apps/kube-system/metrics-server/ks.yaml.j2 b/templates/config/kubernetes/apps/kube-system/metrics-server/ks.yaml.j2 deleted file mode 100644 index ee41ce7c..00000000 --- a/templates/config/kubernetes/apps/kube-system/metrics-server/ks.yaml.j2 +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app metrics-server - namespace: flux-system -spec: - targetNamespace: kube-system - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./kubernetes/apps/kube-system/metrics-server/app - prune: true - sourceRef: - kind: GitRepository - name: flux-system - wait: false - interval: 30m - timeout: 5m diff --git a/templates/config/kubernetes/apps/kube-system/namespace.yaml.j2 b/templates/config/kubernetes/apps/kube-system/namespace.yaml.j2 deleted file mode 100644 index efe70796..00000000 --- a/templates/config/kubernetes/apps/kube-system/namespace.yaml.j2 +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetesjsonschema.dev/v1.18.1-standalone-strict/namespace-v1.json -apiVersion: v1 -kind: Namespace -metadata: - name: kube-system - labels: - kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/templates/config/kubernetes/apps/kube-system/reloader/app/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/kube-system/reloader/app/helmrelease.yaml.j2 deleted file mode 100644 index efff1531..00000000 --- a/templates/config/kubernetes/apps/kube-system/reloader/app/helmrelease.yaml.j2 +++ /dev/null @@ -1,30 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: reloader -spec: - interval: 30m - chart: - spec: - chart: reloader - version: 1.2.1 - sourceRef: - kind: HelmRepository - name: stakater - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - values: - fullnameOverride: reloader - reloader: - readOnlyRootFileSystem: true - podMonitor: - enabled: true - namespace: "{{ .Release.Namespace }}" diff --git a/templates/config/kubernetes/apps/kube-system/reloader/app/kustomization.yaml.j2 b/templates/config/kubernetes/apps/kube-system/reloader/app/kustomization.yaml.j2 deleted file mode 100644 index 17cbc72b..00000000 --- a/templates/config/kubernetes/apps/kube-system/reloader/app/kustomization.yaml.j2 +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml diff --git a/templates/config/kubernetes/apps/kube-system/reloader/ks.yaml.j2 b/templates/config/kubernetes/apps/kube-system/reloader/ks.yaml.j2 deleted file mode 100644 index 74e70d67..00000000 --- a/templates/config/kubernetes/apps/kube-system/reloader/ks.yaml.j2 +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app reloader - namespace: flux-system -spec: - targetNamespace: kube-system - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./kubernetes/apps/kube-system/reloader/app - prune: true - sourceRef: - kind: GitRepository - name: flux-system - wait: false - interval: 30m - timeout: 5m diff --git a/templates/config/kubernetes/apps/kube-system/spegel/app/helm-values.yaml.j2 b/templates/config/kubernetes/apps/kube-system/spegel/app/helm-values.yaml.j2 deleted file mode 100644 index ad240bf9..00000000 --- a/templates/config/kubernetes/apps/kube-system/spegel/app/helm-values.yaml.j2 +++ /dev/null @@ -1,11 +0,0 @@ ---- -grafanaDashboard: - enabled: true -service: - registry: - hostPort: 29999 -serviceMonitor: - enabled: true -spegel: - containerdSock: /run/containerd/containerd.sock - containerdRegistryConfigPath: /etc/cri/conf.d/hosts diff --git a/templates/config/kubernetes/apps/kube-system/spegel/app/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/kube-system/spegel/app/helmrelease.yaml.j2 deleted file mode 100644 index 85a0dde0..00000000 --- a/templates/config/kubernetes/apps/kube-system/spegel/app/helmrelease.yaml.j2 +++ /dev/null @@ -1,26 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: spegel -spec: - interval: 30m - chart: - spec: - chart: spegel - version: v0.0.30 - sourceRef: - kind: HelmRepository - name: spegel - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - valuesFrom: - - kind: ConfigMap - name: spegel-helm-values diff --git a/templates/config/kubernetes/apps/kube-system/spegel/app/kustomization.yaml.j2 b/templates/config/kubernetes/apps/kube-system/spegel/app/kustomization.yaml.j2 deleted file mode 100644 index 8c7c0551..00000000 --- a/templates/config/kubernetes/apps/kube-system/spegel/app/kustomization.yaml.j2 +++ /dev/null @@ -1,12 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml -configMapGenerator: - - name: spegel-helm-values - files: - - values.yaml=./helm-values.yaml -configurations: - - kustomizeconfig.yaml diff --git a/templates/config/kubernetes/apps/kube-system/spegel/app/kustomizeconfig.yaml.j2 b/templates/config/kubernetes/apps/kube-system/spegel/app/kustomizeconfig.yaml.j2 deleted file mode 100644 index 58f92ba1..00000000 --- a/templates/config/kubernetes/apps/kube-system/spegel/app/kustomizeconfig.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ ---- -nameReference: - - kind: ConfigMap - version: v1 - fieldSpecs: - - path: spec/valuesFrom/name - kind: HelmRelease diff --git a/templates/config/kubernetes/apps/kube-system/spegel/ks.yaml.j2 b/templates/config/kubernetes/apps/kube-system/spegel/ks.yaml.j2 deleted file mode 100644 index dfc1d70a..00000000 --- a/templates/config/kubernetes/apps/kube-system/spegel/ks.yaml.j2 +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app spegel - namespace: flux-system -spec: - targetNamespace: kube-system - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./kubernetes/apps/kube-system/spegel/app - prune: true - sourceRef: - kind: GitRepository - name: flux-system - wait: false - interval: 30m - timeout: 5m diff --git a/templates/config/kubernetes/apps/network/.mjfilter.py b/templates/config/kubernetes/apps/network/.mjfilter.py deleted file mode 100644 index b3d52646..00000000 --- a/templates/config/kubernetes/apps/network/.mjfilter.py +++ /dev/null @@ -1 +0,0 @@ -main = lambda data: data.get("cloudflare", {}).get("enabled", False) == True diff --git a/templates/config/kubernetes/apps/network/cloudflared/app/configs/config.yaml.j2 b/templates/config/kubernetes/apps/network/cloudflared/app/configs/config.yaml.j2 deleted file mode 100644 index 025a4e18..00000000 --- a/templates/config/kubernetes/apps/network/cloudflared/app/configs/config.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ ---- -originRequest: - originServerName: "external.${SECRET_DOMAIN}" - -ingress: - - hostname: "${SECRET_DOMAIN}" - service: https://ingress-nginx-external-controller.network.svc.cluster.local:443 - #% if not cloudflare.acme.production %# - originRequest: - noTLSVerify: true - #% endif %# - - hostname: "*.${SECRET_DOMAIN}" - service: https://ingress-nginx-external-controller.network.svc.cluster.local:443 - #% if not cloudflare.acme.production %# - originRequest: - noTLSVerify: true - #% endif %# - - service: http_status:404 diff --git a/templates/config/kubernetes/apps/network/cloudflared/app/dnsendpoint.yaml.j2 b/templates/config/kubernetes/apps/network/cloudflared/app/dnsendpoint.yaml.j2 deleted file mode 100644 index 32d50ee6..00000000 --- a/templates/config/kubernetes/apps/network/cloudflared/app/dnsendpoint.yaml.j2 +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/externaldns.k8s.io/dnsendpoint_v1alpha1.json -apiVersion: externaldns.k8s.io/v1alpha1 -kind: DNSEndpoint -metadata: - name: cloudflared -spec: - endpoints: - - dnsName: "external.${SECRET_DOMAIN}" - recordType: CNAME - targets: ["${SECRET_CLOUDFLARE_TUNNEL_ID}.cfargotunnel.com"] diff --git a/templates/config/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2 deleted file mode 100644 index 22d40a5b..00000000 --- a/templates/config/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2 +++ /dev/null @@ -1,110 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: cloudflared -spec: - interval: 30m - chart: - spec: - chart: app-template - version: 3.6.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - values: - controllers: - cloudflared: - strategy: RollingUpdate - annotations: - reloader.stakater.com/auto: "true" - containers: - app: - image: - repository: docker.io/cloudflare/cloudflared - tag: 2025.1.0 - env: - NO_AUTOUPDATE: true - TUNNEL_CRED_FILE: /etc/cloudflared/creds/credentials.json - TUNNEL_METRICS: 0.0.0.0:8080 - TUNNEL_ORIGIN_ENABLE_HTTP2: true - TUNNEL_TRANSPORT_PROTOCOL: quic - TUNNEL_POST_QUANTUM: true - TUNNEL_ID: - valueFrom: - secretKeyRef: - name: cloudflared-secret - key: TUNNEL_ID - args: - - tunnel - - --config - - /etc/cloudflared/config/config.yaml - - run - - "$(TUNNEL_ID)" - probes: - liveness: &probes - enabled: true - custom: true - spec: - httpGet: - path: /ready - port: &port 8080 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: *probes - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } - resources: - requests: - cpu: 10m - limits: - memory: 256Mi - defaultPodOptions: - securityContext: - runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - seccompProfile: { type: RuntimeDefault } - service: - app: - controller: cloudflared - ports: - http: - port: *port - serviceMonitor: - app: - serviceName: cloudflared - endpoints: - - port: http - scheme: http - path: /metrics - interval: 1m - scrapeTimeout: 10s - persistence: - config: - type: configMap - name: cloudflared-configmap - globalMounts: - - path: /etc/cloudflared/config/config.yaml - subPath: config.yaml - readOnly: true - creds: - type: secret - name: cloudflared-secret - globalMounts: - - path: /etc/cloudflared/creds/credentials.json - subPath: credentials.json - readOnly: true diff --git a/templates/config/kubernetes/apps/network/cloudflared/app/kustomization.yaml.j2 b/templates/config/kubernetes/apps/network/cloudflared/app/kustomization.yaml.j2 deleted file mode 100644 index 37b1f4e4..00000000 --- a/templates/config/kubernetes/apps/network/cloudflared/app/kustomization.yaml.j2 +++ /dev/null @@ -1,14 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./dnsendpoint.yaml - - ./secret.sops.yaml - - ./helmrelease.yaml -configMapGenerator: - - name: cloudflared-configmap - files: - - ./configs/config.yaml -generatorOptions: - disableNameSuffixHash: true diff --git a/templates/config/kubernetes/apps/network/cloudflared/app/secret.sops.yaml.j2 b/templates/config/kubernetes/apps/network/cloudflared/app/secret.sops.yaml.j2 deleted file mode 100644 index 08f59ae3..00000000 --- a/templates/config/kubernetes/apps/network/cloudflared/app/secret.sops.yaml.j2 +++ /dev/null @@ -1,14 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetesjsonschema.dev/v1.18.1-standalone-strict/secret-v1.json -apiVersion: v1 -kind: Secret -metadata: - name: cloudflared-secret -stringData: - TUNNEL_ID: "#{ cloudflare.tunnel.id }#" - credentials.json: | - { - "AccountTag": "#{ cloudflare.tunnel.account_id }#", - "TunnelSecret": "#{ cloudflare.tunnel.secret }#", - "TunnelID": "#{ cloudflare.tunnel.id }#" - } diff --git a/templates/config/kubernetes/apps/network/cloudflared/ks.yaml.j2 b/templates/config/kubernetes/apps/network/cloudflared/ks.yaml.j2 deleted file mode 100644 index 85e5350f..00000000 --- a/templates/config/kubernetes/apps/network/cloudflared/ks.yaml.j2 +++ /dev/null @@ -1,22 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app cloudflared - namespace: flux-system -spec: - targetNamespace: network - commonMetadata: - labels: - app.kubernetes.io/name: *app - dependsOn: - - name: external-dns - path: ./kubernetes/apps/network/cloudflared/app - prune: true - sourceRef: - kind: GitRepository - name: flux-system - wait: false - interval: 30m - timeout: 5m diff --git a/templates/config/kubernetes/apps/network/echo-server/app/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/network/echo-server/app/helmrelease.yaml.j2 deleted file mode 100644 index 36c290d9..00000000 --- a/templates/config/kubernetes/apps/network/echo-server/app/helmrelease.yaml.j2 +++ /dev/null @@ -1,92 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: echo-server -spec: - interval: 30m - chart: - spec: - chart: app-template - version: 3.6.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - values: - controllers: - echo-server: - strategy: RollingUpdate - containers: - app: - image: - repository: ghcr.io/mendhak/http-https-echo - tag: 35 - env: - HTTP_PORT: &port 8080 - LOG_WITHOUT_NEWLINE: true - LOG_IGNORE_PATH: /healthz - PROMETHEUS_ENABLED: true - probes: - liveness: &probes - enabled: true - custom: true - spec: - httpGet: - path: /healthz - port: *port - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: *probes - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } - resources: - requests: - cpu: 10m - limits: - memory: 64Mi - defaultPodOptions: - securityContext: - runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - seccompProfile: { type: RuntimeDefault } - service: - app: - controller: echo-server - ports: - http: - port: *port - serviceMonitor: - app: - serviceName: echo-server - endpoints: - - port: http - scheme: http - path: /metrics - interval: 1m - scrapeTimeout: 10s - ingress: - app: - className: external - annotations: - external-dns.alpha.kubernetes.io/target: "external.${SECRET_DOMAIN}" - hosts: - - host: "{{ .Release.Name }}.${SECRET_DOMAIN}" - paths: - - path: / - service: - identifier: app - port: http diff --git a/templates/config/kubernetes/apps/network/echo-server/app/kustomization.yaml.j2 b/templates/config/kubernetes/apps/network/echo-server/app/kustomization.yaml.j2 deleted file mode 100644 index 17cbc72b..00000000 --- a/templates/config/kubernetes/apps/network/echo-server/app/kustomization.yaml.j2 +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml diff --git a/templates/config/kubernetes/apps/network/echo-server/ks.yaml.j2 b/templates/config/kubernetes/apps/network/echo-server/ks.yaml.j2 deleted file mode 100644 index d316bef6..00000000 --- a/templates/config/kubernetes/apps/network/echo-server/ks.yaml.j2 +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app echo-server - namespace: flux-system -spec: - targetNamespace: network - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./kubernetes/apps/network/echo-server/app - prune: true - sourceRef: - kind: GitRepository - name: flux-system - wait: false - interval: 30m - timeout: 5m diff --git a/templates/config/kubernetes/apps/network/external-dns/app/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/network/external-dns/app/helmrelease.yaml.j2 deleted file mode 100644 index 5a94df0b..00000000 --- a/templates/config/kubernetes/apps/network/external-dns/app/helmrelease.yaml.j2 +++ /dev/null @@ -1,52 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: &app external-dns -spec: - interval: 30m - chart: - spec: - chart: external-dns - version: 1.15.0 - sourceRef: - kind: HelmRepository - name: external-dns - namespace: flux-system - install: - crds: CreateReplace - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - crds: CreateReplace - remediation: - strategy: rollback - retries: 3 - values: - fullnameOverride: *app - provider: cloudflare - env: - - name: CF_API_TOKEN - valueFrom: - secretKeyRef: - name: external-dns-secret - key: api-token - extraArgs: - - --cloudflare-dns-records-per-page=1000 - - --cloudflare-proxied - - --crd-source-apiversion=externaldns.k8s.io/v1alpha1 - - --crd-source-kind=DNSEndpoint - - --events - - --ignore-ingress-tls-spec - - --ingress-class=external - policy: sync - sources: ["crd", "ingress"] - txtPrefix: k8s. - txtOwnerId: default - domainFilters: ["${SECRET_DOMAIN}"] - serviceMonitor: - enabled: true - podAnnotations: - secret.reloader.stakater.com/reload: external-dns-secret diff --git a/templates/config/kubernetes/apps/network/external-dns/app/kustomization.yaml.j2 b/templates/config/kubernetes/apps/network/external-dns/app/kustomization.yaml.j2 deleted file mode 100644 index 16a6ce30..00000000 --- a/templates/config/kubernetes/apps/network/external-dns/app/kustomization.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./secret.sops.yaml - - ./helmrelease.yaml diff --git a/templates/config/kubernetes/apps/network/external-dns/app/secret.sops.yaml.j2 b/templates/config/kubernetes/apps/network/external-dns/app/secret.sops.yaml.j2 deleted file mode 100644 index 72e14fcb..00000000 --- a/templates/config/kubernetes/apps/network/external-dns/app/secret.sops.yaml.j2 +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetesjsonschema.dev/v1.18.1-standalone-strict/secret-v1.json -apiVersion: v1 -kind: Secret -metadata: - name: external-dns-secret -stringData: - api-token: "#{ cloudflare.token }#" diff --git a/templates/config/kubernetes/apps/network/external-dns/ks.yaml.j2 b/templates/config/kubernetes/apps/network/external-dns/ks.yaml.j2 deleted file mode 100644 index 364109eb..00000000 --- a/templates/config/kubernetes/apps/network/external-dns/ks.yaml.j2 +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app external-dns - namespace: flux-system -spec: - targetNamespace: network - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./kubernetes/apps/network/external-dns/app - prune: true - sourceRef: - kind: GitRepository - name: flux-system - wait: true - interval: 30m - timeout: 5m diff --git a/templates/config/kubernetes/apps/network/ingress-nginx/certificates/kustomization.yaml.j2 b/templates/config/kubernetes/apps/network/ingress-nginx/certificates/kustomization.yaml.j2 deleted file mode 100644 index 68da93c5..00000000 --- a/templates/config/kubernetes/apps/network/ingress-nginx/certificates/kustomization.yaml.j2 +++ /dev/null @@ -1,9 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./staging.yaml - #% if cloudflare.acme.production %# - - ./production.yaml - #% endif %# diff --git a/templates/config/kubernetes/apps/network/ingress-nginx/certificates/production.yaml.j2 b/templates/config/kubernetes/apps/network/ingress-nginx/certificates/production.yaml.j2 deleted file mode 100644 index 3853a103..00000000 --- a/templates/config/kubernetes/apps/network/ingress-nginx/certificates/production.yaml.j2 +++ /dev/null @@ -1,15 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cert-manager.io/certificate_v1.json -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "${SECRET_DOMAIN/./-}-production" -spec: - secretName: "${SECRET_DOMAIN/./-}-production-tls" - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "${SECRET_DOMAIN}" - dnsNames: - - "${SECRET_DOMAIN}" - - "*.${SECRET_DOMAIN}" diff --git a/templates/config/kubernetes/apps/network/ingress-nginx/certificates/staging.yaml.j2 b/templates/config/kubernetes/apps/network/ingress-nginx/certificates/staging.yaml.j2 deleted file mode 100644 index 20cc4cec..00000000 --- a/templates/config/kubernetes/apps/network/ingress-nginx/certificates/staging.yaml.j2 +++ /dev/null @@ -1,15 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cert-manager.io/certificate_v1.json -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "${SECRET_DOMAIN/./-}-staging" -spec: - secretName: "${SECRET_DOMAIN/./-}-staging-tls" - issuerRef: - name: letsencrypt-staging - kind: ClusterIssuer - commonName: "${SECRET_DOMAIN}" - dnsNames: - - "${SECRET_DOMAIN}" - - "*.${SECRET_DOMAIN}" diff --git a/templates/config/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml.j2 deleted file mode 100644 index c5d9a2c5..00000000 --- a/templates/config/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml.j2 +++ /dev/null @@ -1,84 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: ingress-nginx-external -spec: - interval: 30m - chart: - spec: - chart: ingress-nginx - version: 4.12.0 - sourceRef: - kind: HelmRepository - name: ingress-nginx - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - dependsOn: - - name: cloudflared - namespace: network - values: - fullnameOverride: ingress-nginx-external - controller: - service: - annotations: - external-dns.alpha.kubernetes.io/hostname: "external.${SECRET_DOMAIN}" - lbipam.cilium.io/ips: "#{ cloudflare.tunnel.ingress_vip }#" - externalTrafficPolicy: Cluster - ingressClassResource: - name: external - default: false - controllerValue: k8s.io/external - admissionWebhooks: - objectSelector: - matchExpressions: - - key: ingress-class - operator: In - values: ["external"] - config: - allow-snippet-annotations: true - annotations-risk-level: Critical - client-body-buffer-size: 100M - client-body-timeout: 120 - client-header-timeout: 120 - enable-brotli: "true" - enable-ocsp: "true" - enable-real-ip: "true" - force-ssl-redirect: "true" - hide-headers: Server,X-Powered-By - hsts-max-age: 31449600 - keep-alive-requests: 10000 - keep-alive: 120 - log-format-escape-json: "true" - log-format-upstream: > - {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", - "x_forwarded_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", - "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, - "status": $status, "vhost": "$host", "request_proto": "$server_protocol", - "path": "$uri", "request_query": "$args", "request_length": $request_length, - "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer", - "http_user_agent": "$http_user_agent"} - proxy-body-size: 0 - proxy-buffer-size: 16k - ssl-protocols: TLSv1.3 TLSv1.2 - use-forwarded-headers: "true" - metrics: - enabled: true - serviceMonitor: - enabled: true - namespaceSelector: - any: true - extraArgs: - default-ssl-certificate: "network/${SECRET_DOMAIN/./-}-#{ 'production' if cloudflare.acme.production else 'staging' }#-tls" - resources: - requests: - cpu: 100m - limits: - memory: 500Mi diff --git a/templates/config/kubernetes/apps/network/ingress-nginx/external/kustomization.yaml.j2 b/templates/config/kubernetes/apps/network/ingress-nginx/external/kustomization.yaml.j2 deleted file mode 100644 index 17cbc72b..00000000 --- a/templates/config/kubernetes/apps/network/ingress-nginx/external/kustomization.yaml.j2 +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml diff --git a/templates/config/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml.j2 deleted file mode 100644 index 2391ed97..00000000 --- a/templates/config/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml.j2 +++ /dev/null @@ -1,79 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: ingress-nginx-internal -spec: - interval: 30m - chart: - spec: - chart: ingress-nginx - version: 4.12.0 - sourceRef: - kind: HelmRepository - name: ingress-nginx - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - values: - fullnameOverride: ingress-nginx-internal - controller: - service: - annotations: - lbipam.cilium.io/ips: "#{ cloudflare.ingress_vip }#" - externalTrafficPolicy: Cluster - ingressClassResource: - name: internal - default: true - controllerValue: k8s.io/internal - admissionWebhooks: - objectSelector: - matchExpressions: - - key: ingress-class - operator: In - values: ["internal"] - config: - allow-snippet-annotations: true - annotations-risk-level: Critical - block-user-agents: "AdsBot-Google,Amazonbot,anthropic-ai,Applebot-Extended,Bytespider,CCBot,ChatGPT-User,ClaudeBot,Claude-Web,cohere-ai,Diffbot,FacebookBot,FriendlyCrawler,Google-Extended,GoogleOther,GPTBot,img2dataset,omgili,omgilibot,peer39_crawler,peer39_crawler/1.0,PerplexityBot,YouBot," # taken from https://github.com/ai-robots-txt/ai.robots.txt - client-body-buffer-size: 100M - client-body-timeout: 120 - client-header-timeout: 120 - enable-brotli: "true" - enable-ocsp: "true" - enable-real-ip: "true" - force-ssl-redirect: "true" - hide-headers: Server,X-Powered-By - hsts-max-age: 31449600 - keep-alive-requests: 10000 - keep-alive: 120 - log-format-escape-json: "true" - log-format-upstream: > - {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", - "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, - "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", - "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", - "http_user_agent": "$http_user_agent"} - proxy-body-size: 0 - proxy-buffer-size: 16k - ssl-protocols: TLSv1.3 TLSv1.2 - use-forwarded-headers: "true" - metrics: - enabled: true - serviceMonitor: - enabled: true - namespaceSelector: - any: true - extraArgs: - default-ssl-certificate: "network/${SECRET_DOMAIN/./-}-#{ 'production' if cloudflare.acme.production else 'staging' }#-tls" - resources: - requests: - cpu: 100m - limits: - memory: 500Mi diff --git a/templates/config/kubernetes/apps/network/ingress-nginx/internal/kustomization.yaml.j2 b/templates/config/kubernetes/apps/network/ingress-nginx/internal/kustomization.yaml.j2 deleted file mode 100644 index 17cbc72b..00000000 --- a/templates/config/kubernetes/apps/network/ingress-nginx/internal/kustomization.yaml.j2 +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml diff --git a/templates/config/kubernetes/apps/network/ingress-nginx/ks.yaml.j2 b/templates/config/kubernetes/apps/network/ingress-nginx/ks.yaml.j2 deleted file mode 100644 index 80b785d2..00000000 --- a/templates/config/kubernetes/apps/network/ingress-nginx/ks.yaml.j2 +++ /dev/null @@ -1,66 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app ingress-nginx-certificates - namespace: flux-system -spec: - targetNamespace: network - commonMetadata: - labels: - app.kubernetes.io/name: *app - dependsOn: - - name: cert-manager-issuers - path: ./kubernetes/apps/network/ingress-nginx/certificates - prune: true - sourceRef: - kind: GitRepository - name: flux-system - wait: true - interval: 30m - timeout: 5m ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app ingress-nginx-internal - namespace: flux-system -spec: - targetNamespace: network - commonMetadata: - labels: - app.kubernetes.io/name: *app - dependsOn: - - name: ingress-nginx-certificates - path: ./kubernetes/apps/network/ingress-nginx/internal - prune: true - sourceRef: - kind: GitRepository - name: flux-system - wait: false - interval: 30m - timeout: 5m ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app ingress-nginx-external - namespace: flux-system -spec: - targetNamespace: network - commonMetadata: - labels: - app.kubernetes.io/name: *app - dependsOn: - - name: ingress-nginx-certificates - path: ./kubernetes/apps/network/ingress-nginx/external - prune: true - sourceRef: - kind: GitRepository - name: flux-system - wait: false - interval: 30m - timeout: 5m diff --git a/templates/config/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml.j2 deleted file mode 100644 index 10cacd76..00000000 --- a/templates/config/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml.j2 +++ /dev/null @@ -1,34 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: k8s-gateway -spec: - interval: 30m - chart: - spec: - chart: k8s-gateway - version: 2.4.0 - sourceRef: - kind: HelmRepository - name: k8s-gateway - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - values: - fullnameOverride: k8s-gateway - domain: "${SECRET_DOMAIN}" - ttl: 1 - service: - type: LoadBalancer - port: 53 - annotations: - lbipam.cilium.io/ips: "#{ cloudflare.gateway_vip }#" - externalTrafficPolicy: Cluster - watchedResources: ["Ingress", "Service"] diff --git a/templates/config/kubernetes/apps/network/k8s-gateway/app/kustomization.yaml.j2 b/templates/config/kubernetes/apps/network/k8s-gateway/app/kustomization.yaml.j2 deleted file mode 100644 index 17cbc72b..00000000 --- a/templates/config/kubernetes/apps/network/k8s-gateway/app/kustomization.yaml.j2 +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml diff --git a/templates/config/kubernetes/apps/network/k8s-gateway/ks.yaml.j2 b/templates/config/kubernetes/apps/network/k8s-gateway/ks.yaml.j2 deleted file mode 100644 index 6eb942c6..00000000 --- a/templates/config/kubernetes/apps/network/k8s-gateway/ks.yaml.j2 +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app k8s-gateway - namespace: flux-system -spec: - targetNamespace: network - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./kubernetes/apps/network/k8s-gateway/app - prune: true - sourceRef: - kind: GitRepository - name: flux-system - wait: false - interval: 30m - timeout: 5m diff --git a/templates/config/kubernetes/apps/network/kustomization.yaml.j2 b/templates/config/kubernetes/apps/network/kustomization.yaml.j2 deleted file mode 100644 index 2dc9a0db..00000000 --- a/templates/config/kubernetes/apps/network/kustomization.yaml.j2 +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./namespace.yaml - - ./cloudflared/ks.yaml - - ./echo-server/ks.yaml - - ./external-dns/ks.yaml - - ./ingress-nginx/ks.yaml - - ./k8s-gateway/ks.yaml diff --git a/templates/config/kubernetes/apps/network/namespace.yaml.j2 b/templates/config/kubernetes/apps/network/namespace.yaml.j2 deleted file mode 100644 index da22bc6b..00000000 --- a/templates/config/kubernetes/apps/network/namespace.yaml.j2 +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetesjsonschema.dev/v1.18.1-standalone-strict/namespace-v1.json -apiVersion: v1 -kind: Namespace -metadata: - name: network - labels: - kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/templates/config/kubernetes/apps/observability/kustomization.yaml.j2 b/templates/config/kubernetes/apps/observability/kustomization.yaml.j2 deleted file mode 100644 index 2f6a3f8e..00000000 --- a/templates/config/kubernetes/apps/observability/kustomization.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./namespace.yaml - - ./prometheus-operator-crds/ks.yaml diff --git a/templates/config/kubernetes/apps/observability/namespace.yaml.j2 b/templates/config/kubernetes/apps/observability/namespace.yaml.j2 deleted file mode 100644 index 6e8f157d..00000000 --- a/templates/config/kubernetes/apps/observability/namespace.yaml.j2 +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetesjsonschema.dev/v1.18.1-standalone-strict/namespace-v1.json -apiVersion: v1 -kind: Namespace -metadata: - name: observability - labels: - kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/templates/config/kubernetes/apps/observability/prometheus-operator-crds/app/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/observability/prometheus-operator-crds/app/helmrelease.yaml.j2 deleted file mode 100644 index 68a7cef0..00000000 --- a/templates/config/kubernetes/apps/observability/prometheus-operator-crds/app/helmrelease.yaml.j2 +++ /dev/null @@ -1,23 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: prometheus-operator-crds -spec: - interval: 30m - chart: - spec: - chart: prometheus-operator-crds - version: 17.0.2 - sourceRef: - kind: HelmRepository - name: prometheus-community - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 diff --git a/templates/config/kubernetes/apps/observability/prometheus-operator-crds/app/kustomization.yaml.j2 b/templates/config/kubernetes/apps/observability/prometheus-operator-crds/app/kustomization.yaml.j2 deleted file mode 100644 index 17cbc72b..00000000 --- a/templates/config/kubernetes/apps/observability/prometheus-operator-crds/app/kustomization.yaml.j2 +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml diff --git a/templates/config/kubernetes/apps/observability/prometheus-operator-crds/ks.yaml.j2 b/templates/config/kubernetes/apps/observability/prometheus-operator-crds/ks.yaml.j2 deleted file mode 100644 index 7835b335..00000000 --- a/templates/config/kubernetes/apps/observability/prometheus-operator-crds/ks.yaml.j2 +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app prometheus-operator-crds - namespace: flux-system -spec: - targetNamespace: observability - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./kubernetes/apps/observability/prometheus-operator-crds/app - prune: false # never should be deleted - sourceRef: - kind: GitRepository - name: flux-system - wait: false - interval: 30m - timeout: 5m diff --git a/templates/config/kubernetes/apps/openebs-system/kustomization.yaml.j2 b/templates/config/kubernetes/apps/openebs-system/kustomization.yaml.j2 deleted file mode 100644 index 2de7d673..00000000 --- a/templates/config/kubernetes/apps/openebs-system/kustomization.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./namespace.yaml - - ./openebs/ks.yaml diff --git a/templates/config/kubernetes/apps/openebs-system/namespace.yaml.j2 b/templates/config/kubernetes/apps/openebs-system/namespace.yaml.j2 deleted file mode 100644 index e6b60553..00000000 --- a/templates/config/kubernetes/apps/openebs-system/namespace.yaml.j2 +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetesjsonschema.dev/v1.18.1-standalone-strict/namespace-v1.json -apiVersion: v1 -kind: Namespace -metadata: - name: openebs-system - labels: - kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/templates/config/kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml.j2 deleted file mode 100644 index b23f8e53..00000000 --- a/templates/config/kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml.j2 +++ /dev/null @@ -1,49 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: openebs -spec: - interval: 30m - chart: - spec: - chart: openebs - version: 4.1.2 - sourceRef: - kind: HelmRepository - name: openebs - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - values: - engines: - local: - lvm: - enabled: false - zfs: - enabled: false - replicated: - mayastor: - enabled: false - openebs-crds: - csi: - volumeSnapshots: - enabled: false - localpv-provisioner: - localpv: - image: - registry: quay.io/ - helperPod: - image: - registry: quay.io/ - hostpathClass: - enabled: true - name: openebs-hostpath - isDefaultClass: false - basePath: /var/openebs/local diff --git a/templates/config/kubernetes/apps/openebs-system/openebs/app/kustomization.yaml.j2 b/templates/config/kubernetes/apps/openebs-system/openebs/app/kustomization.yaml.j2 deleted file mode 100644 index 17cbc72b..00000000 --- a/templates/config/kubernetes/apps/openebs-system/openebs/app/kustomization.yaml.j2 +++ /dev/null @@ -1,6 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./helmrelease.yaml diff --git a/templates/config/kubernetes/apps/openebs-system/openebs/ks.yaml.j2 b/templates/config/kubernetes/apps/openebs-system/openebs/ks.yaml.j2 deleted file mode 100644 index bcff471b..00000000 --- a/templates/config/kubernetes/apps/openebs-system/openebs/ks.yaml.j2 +++ /dev/null @@ -1,20 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app openebs - namespace: flux-system -spec: - targetNamespace: openebs-system - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./kubernetes/apps/openebs-system/openebs/app - prune: true - sourceRef: - kind: GitRepository - name: flux-system - wait: false - interval: 30m - timeout: 5m diff --git a/templates/config/kubernetes/bootstrap/flux/github-deploy-key.sops.yaml.j2 b/templates/config/kubernetes/bootstrap/flux/github-deploy-key.sops.yaml.j2 deleted file mode 100644 index c62310c5..00000000 --- a/templates/config/kubernetes/bootstrap/flux/github-deploy-key.sops.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ -#% if github.private_key %# ---- -# yaml-language-server: $schema=https://kubernetesjsonschema.dev/v1.18.1-standalone-strict/secret-v1.json -apiVersion: v1 -kind: Secret -metadata: - name: github-deploy-key - namespace: flux-system -stringData: - identity: | - #% filter indent(width=4, first=False) %# - #{ github.private_key }# - #%- endfilter %# - known_hosts: | - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= -#% endif %# diff --git a/templates/config/kubernetes/bootstrap/helmfile.yaml.j2 b/templates/config/kubernetes/bootstrap/helmfile.yaml.j2 deleted file mode 100644 index 8d7afaea..00000000 --- a/templates/config/kubernetes/bootstrap/helmfile.yaml.j2 +++ /dev/null @@ -1,67 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/helmfile - -helmDefaults: - timeout: 600 - force: true - wait: true - waitForJobs: true - -repositories: - - name: cilium - url: https://helm.cilium.io - - - name: coredns - url: https://coredns.github.io/helm - -releases: - - name: prometheus-operator-crds - namespace: observability - chart: oci://ghcr.io/prometheus-community/charts/prometheus-operator-crds - version: 17.0.2 - - - name: cilium - namespace: kube-system - chart: cilium/cilium - version: 1.16.6 - values: - - ../apps/kube-system/cilium/app/helm-values.yaml - needs: - - observability/prometheus-operator-crds - - - name: coredns - namespace: kube-system - chart: coredns/coredns - version: 1.37.3 - values: - - ../apps/kube-system/coredns/app/helm-values.yaml - needs: - - kube-system/cilium - - - name: spegel - namespace: kube-system - chart: oci://ghcr.io/spegel-org/helm-charts/spegel - version: v0.0.30 - values: - - ../apps/kube-system/spegel/app/helm-values.yaml - needs: - - kube-system/coredns - - - name: flux-operator - namespace: flux-system - chart: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator - version: 0.13.0 - values: - - ../apps/flux-system/flux-operator/app/helm-values.yaml - needs: - - kube-system/spegel - - - name: flux-instance - namespace: flux-system - chart: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-instance - version: 0.13.0 - wait: false - values: - - ../apps/flux-system/flux-operator/instance/helm-values.yaml - needs: - - flux-system/flux-operator diff --git a/templates/config/kubernetes/bootstrap/talos/patches/README.md.j2 b/templates/config/kubernetes/bootstrap/talos/patches/README.md.j2 deleted file mode 100644 index b9681888..00000000 --- a/templates/config/kubernetes/bootstrap/talos/patches/README.md.j2 +++ /dev/null @@ -1,15 +0,0 @@ -# Talos Patching - -This directory contains Kustomization patches that are added to the talhelper configuration file. - - - -## Patch Directories - -Under this `patches` directory, there are several sub-directories that can contain patches that are added to the talhelper configuration file. -Each directory is optional and therefore might not created by default. - -- `global/`: patches that are applied to both the controller and worker configurations -- `controller/`: patches that are applied to the controller configurations -- `worker/`: patches that are applied to the worker configurations -- `${node-hostname}/`: patches that are applied to the node with the specified name diff --git a/templates/config/kubernetes/bootstrap/talos/patches/controller/admission-controller-patch.yaml.j2 b/templates/config/kubernetes/bootstrap/talos/patches/controller/admission-controller-patch.yaml.j2 deleted file mode 100644 index e311789f..00000000 --- a/templates/config/kubernetes/bootstrap/talos/patches/controller/admission-controller-patch.yaml.j2 +++ /dev/null @@ -1,2 +0,0 @@ -- op: remove - path: /cluster/apiServer/admissionControl diff --git a/templates/config/kubernetes/bootstrap/talos/patches/controller/cluster.yaml.j2 b/templates/config/kubernetes/bootstrap/talos/patches/controller/cluster.yaml.j2 deleted file mode 100644 index e52e2971..00000000 --- a/templates/config/kubernetes/bootstrap/talos/patches/controller/cluster.yaml.j2 +++ /dev/null @@ -1,17 +0,0 @@ -cluster: - allowSchedulingOnControlPlanes: true - controllerManager: - extraArgs: - bind-address: 0.0.0.0 - coreDNS: - disabled: true - etcd: - extraArgs: - listen-metrics-urls: http://0.0.0.0:2381 - advertisedSubnets: - - #{ node_network }# - proxy: - disabled: true - scheduler: - extraArgs: - bind-address: 0.0.0.0 diff --git a/templates/config/kubernetes/bootstrap/talos/patches/global/machine-files.yaml.j2 b/templates/config/kubernetes/bootstrap/talos/patches/global/machine-files.yaml.j2 deleted file mode 100644 index 35ad3f3d..00000000 --- a/templates/config/kubernetes/bootstrap/talos/patches/global/machine-files.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ -machine: - files: - - op: create - path: /etc/cri/conf.d/20-customization.part - content: |- - [plugins."io.containerd.cri.v1.images"] - discard_unpacked_layers = false diff --git a/templates/config/kubernetes/bootstrap/talos/patches/global/machine-kubelet.yaml.j2 b/templates/config/kubernetes/bootstrap/talos/patches/global/machine-kubelet.yaml.j2 deleted file mode 100644 index 0b9befdf..00000000 --- a/templates/config/kubernetes/bootstrap/talos/patches/global/machine-kubelet.yaml.j2 +++ /dev/null @@ -1,13 +0,0 @@ -machine: - kubelet: - extraMounts: - - destination: /var/openebs/local - type: bind - source: /var/openebs/local - options: - - bind - - rshared - - rw - nodeIP: - validSubnets: - - #{ node_network }# diff --git a/templates/config/kubernetes/bootstrap/talos/patches/global/machine-network.yaml.j2 b/templates/config/kubernetes/bootstrap/talos/patches/global/machine-network.yaml.j2 deleted file mode 100644 index 1f66d7de..00000000 --- a/templates/config/kubernetes/bootstrap/talos/patches/global/machine-network.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ -machine: - network: - disableSearchDomain: true - nameservers: - #% for item in dns_servers | default(["1.1.1.1","1.0.0.1"], true) %# - - #{ item }# - #% endfor %# diff --git a/templates/config/kubernetes/bootstrap/talos/patches/global/machine-sysctls.yaml.j2 b/templates/config/kubernetes/bootstrap/talos/patches/global/machine-sysctls.yaml.j2 deleted file mode 100644 index 62fcd296..00000000 --- a/templates/config/kubernetes/bootstrap/talos/patches/global/machine-sysctls.yaml.j2 +++ /dev/null @@ -1,6 +0,0 @@ -machine: - sysctls: - fs.inotify.max_user_watches: "1048576" # Watchdog - fs.inotify.max_user_instances: "8192" # Watchdog - net.core.rmem_max: "7500000" # Cloudflared | QUIC - net.core.wmem_max: "7500000" # Cloudflared | QUIC diff --git a/templates/config/kubernetes/bootstrap/talos/patches/global/machine-time.yaml.j2 b/templates/config/kubernetes/bootstrap/talos/patches/global/machine-time.yaml.j2 deleted file mode 100644 index 73ed2e17..00000000 --- a/templates/config/kubernetes/bootstrap/talos/patches/global/machine-time.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ -machine: - time: - disabled: false - servers: - #% for item in ntp_servers | default(["162.159.200.1","162.159.200.123"], true) %# - - #{ item }# - #% endfor %# diff --git a/templates/config/kubernetes/bootstrap/talos/talconfig.yaml.j2 b/templates/config/kubernetes/bootstrap/talos/talconfig.yaml.j2 deleted file mode 100644 index f8e21f2f..00000000 --- a/templates/config/kubernetes/bootstrap/talos/talconfig.yaml.j2 +++ /dev/null @@ -1,148 +0,0 @@ -# yaml-language-server: $schema=https://raw.githubusercontent.com/budimanjojo/talhelper/master/pkg/config/schemas/talconfig.json ---- -# renovate: datasource=docker depName=ghcr.io/siderolabs/installer -talosVersion: v1.9.2 -# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet -kubernetesVersion: v1.32.1 - -clusterName: kubernetes -endpoint: https://#{ controller_vip }#:6443 - -clusterPodNets: - - "#{ pod_network.split(',')[0] }#" -clusterSvcNets: - - "#{ service_network.split(',')[0] }#" - -additionalApiServerCertSans: &sans - - "#{ controller_vip }#" - #% for item in tls_sans %# - - "#{ item }#" - #% endfor %# - - "127.0.0.1" -additionalMachineCertSans: *sans - -# Disable built-in Flannel to use Cilium -cniConfig: - name: none - -nodes: - #% for item in node_inventory %# - - hostname: "#{ item.name }#" - ipAddress: "#{ item.address }#" - #% if item.disk.startswith('/') %# - installDisk: "#{ item.disk }#" - #% else %# - installDiskSelector: - serial: "#{ item.disk }#" - #% endif %# - machineSpec: - secureboot: #{ true if item.secureboot else false | lower }# - talosImageURL: factory.talos.dev/installer#{ "-secureboot" if item.secureboot else ""}#/#{ item.schematic_id }# - controlPlane: #{ (item.controller) | string | lower }# - networkInterfaces: - - deviceSelector: - hardwareAddr: "#{ item.mac_addr | lower }#" - #% if vlan %# - vlans: - - vlanId: #{ vlan }# - addresses: - - "#{ item.address }#/#{ node_network.split('/') | last }#" - mtu: #{ item.mtu | default(1500, true) }# - routes: - - network: "0.0.0.0/0" - #% if node_default_gateway %# - gateway: "#{ node_default_gateway }#" - #% else %# - gateway: "#{ node_network | nthhost(1) }#" - #% endif %# - #% if item.controller %# - vip: - ip: "#{ controller_vip }#" - #% endif %# - #% else %# - dhcp: false - addresses: - - "#{ item.address }#/#{ node_network.split('/') | last }#" - routes: - - network: "0.0.0.0/0" - #% if node_default_gateway %# - gateway: "#{ node_default_gateway }#" - #% else %# - gateway: "#{ node_network | nthhost(1) }#" - #% endif %# - mtu: #{ item.mtu | default(1500, true) }# - #% if item.controller %# - vip: - ip: "#{ controller_vip }#" - #% endif %# - #% endif %# - #% if talos_patches('%s' % (item.name)) | length == 0 %# - #% if item.encrypt_disk %# - patches: - - # Encrypt system disk with TPM - |- - machine: - systemDiskEncryption: - state: - provider: luks2 - keys: - - slot: 0 - tpm: {} - ephemeral: - provider: luks2 - keys: - - slot: 0 - tpm: {} - #% endif %# - #% else %# - #% for file in talos_patches('%s' % (item.name)) %# - #% if loop.index == 1 %# - patches: - #% if item.encrypt_disk %# - - |- - machine: - systemDiskEncryption: - state: - provider: luks2 - keys: - - slot: 0 - tpm: {} - ephemeral: - provider: luks2 - keys: - - slot: 0 - tpm: {} - #% endif %# - #% endif %# - - "@./patches/#{ item.name }#/#{ file | basename }#" - #% endfor %# - #% endif %# - #% endfor %# - -#% for file in talos_patches('global') %# -#% if loop.index == 1 %# -# Global patches -patches: -#% endif %# - - "@./patches/global/#{ file | basename }#" -#% endfor %# - -#% for file in talos_patches('controller') %# -#% if loop.index == 1 %# -# Controller patches -controlPlane: - patches: -#% endif %# - - "@./patches/controller/#{ file | basename }#" -#% endfor %# - -#% if (node_inventory | selectattr('controller', 'equalto', False) | list | length) and (talos_patches('worker') | length) %# -#% for file in talos_patches('worker') %# -#% if loop.index == 1 %# -# Worker patches -worker: - patches: -#% endif %# - - "@./patches/worker/#{ file | basename }#" -#% endfor %# -#% endif %# diff --git a/templates/config/kubernetes/flux/cluster/ks.yaml.j2 b/templates/config/kubernetes/flux/cluster/ks.yaml.j2 deleted file mode 100644 index bd56d0f3..00000000 --- a/templates/config/kubernetes/flux/cluster/ks.yaml.j2 +++ /dev/null @@ -1,72 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: cluster-meta - namespace: flux-system -spec: - # Flux repositories under this need flux-system hardcoded as namespace for Renovate lookups - targetNamespace: flux-system - interval: 30m - path: ./kubernetes/flux/meta - prune: true - wait: true - sourceRef: - kind: GitRepository - name: flux-system - decryption: - provider: sops - secretRef: - name: sops-age ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: cluster-apps - namespace: flux-system -spec: - interval: 30m - dependsOn: - - name: cluster-meta - path: ./kubernetes/apps - prune: true - sourceRef: - kind: GitRepository - name: flux-system - decryption: - provider: sops - secretRef: - name: sops-age - postBuild: - substituteFrom: - - name: cluster-settings - kind: ConfigMap - optional: true - - name: cluster-secrets - kind: Secret - optional: true - patches: - - patch: |- - apiVersion: kustomize.toolkit.fluxcd.io/v1 - kind: Kustomization - metadata: - name: not-used - spec: - decryption: - provider: sops - secretRef: - name: sops-age - postBuild: - substituteFrom: - - name: cluster-settings - kind: ConfigMap - optional: true - - name: cluster-secrets - kind: Secret - optional: true - target: - group: kustomize.toolkit.fluxcd.io - kind: Kustomization - labelSelector: substitution.flux.home.arpa/disabled notin (true) diff --git a/templates/config/kubernetes/flux/meta/kustomization.yaml.j2 b/templates/config/kubernetes/flux/meta/kustomization.yaml.j2 deleted file mode 100644 index 24a9b1c4..00000000 --- a/templates/config/kubernetes/flux/meta/kustomization.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./repositories - - ./settings diff --git a/templates/config/kubernetes/flux/meta/repositories/git/kustomization.yaml.j2 b/templates/config/kubernetes/flux/meta/repositories/git/kustomization.yaml.j2 deleted file mode 100644 index 8fb7c142..00000000 --- a/templates/config/kubernetes/flux/meta/repositories/git/kustomization.yaml.j2 +++ /dev/null @@ -1,5 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: [] diff --git a/templates/config/kubernetes/flux/meta/repositories/helm/bjw-s.yaml.j2 b/templates/config/kubernetes/flux/meta/repositories/helm/bjw-s.yaml.j2 deleted file mode 100644 index 150623a2..00000000 --- a/templates/config/kubernetes/flux/meta/repositories/helm/bjw-s.yaml.j2 +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: bjw-s - namespace: flux-system -spec: - type: oci - interval: 5m - url: oci://ghcr.io/bjw-s/helm diff --git a/templates/config/kubernetes/flux/meta/repositories/helm/cilium.yaml.j2 b/templates/config/kubernetes/flux/meta/repositories/helm/cilium.yaml.j2 deleted file mode 100644 index c028336b..00000000 --- a/templates/config/kubernetes/flux/meta/repositories/helm/cilium.yaml.j2 +++ /dev/null @@ -1,10 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: cilium - namespace: flux-system -spec: - interval: 1h - url: https://helm.cilium.io diff --git a/templates/config/kubernetes/flux/meta/repositories/helm/controlplaneio.yaml.j2 b/templates/config/kubernetes/flux/meta/repositories/helm/controlplaneio.yaml.j2 deleted file mode 100644 index 620d293c..00000000 --- a/templates/config/kubernetes/flux/meta/repositories/helm/controlplaneio.yaml.j2 +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: controlplaneio - namespace: flux-system -spec: - type: oci - interval: 5m - url: oci://ghcr.io/controlplaneio-fluxcd/charts diff --git a/templates/config/kubernetes/flux/meta/repositories/helm/coredns.yaml.j2 b/templates/config/kubernetes/flux/meta/repositories/helm/coredns.yaml.j2 deleted file mode 100644 index 639fa9df..00000000 --- a/templates/config/kubernetes/flux/meta/repositories/helm/coredns.yaml.j2 +++ /dev/null @@ -1,10 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: coredns - namespace: flux-system -spec: - interval: 1h - url: https://coredns.github.io/helm diff --git a/templates/config/kubernetes/flux/meta/repositories/helm/external-dns.yaml.j2 b/templates/config/kubernetes/flux/meta/repositories/helm/external-dns.yaml.j2 deleted file mode 100644 index cb9b115e..00000000 --- a/templates/config/kubernetes/flux/meta/repositories/helm/external-dns.yaml.j2 +++ /dev/null @@ -1,10 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: external-dns - namespace: flux-system -spec: - interval: 1h - url: https://kubernetes-sigs.github.io/external-dns diff --git a/templates/config/kubernetes/flux/meta/repositories/helm/ingress-nginx.yaml.j2 b/templates/config/kubernetes/flux/meta/repositories/helm/ingress-nginx.yaml.j2 deleted file mode 100644 index b8c67a0b..00000000 --- a/templates/config/kubernetes/flux/meta/repositories/helm/ingress-nginx.yaml.j2 +++ /dev/null @@ -1,10 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: ingress-nginx - namespace: flux-system -spec: - interval: 1h - url: https://kubernetes.github.io/ingress-nginx diff --git a/templates/config/kubernetes/flux/meta/repositories/helm/jetstack.yaml.j2 b/templates/config/kubernetes/flux/meta/repositories/helm/jetstack.yaml.j2 deleted file mode 100644 index 936d2f41..00000000 --- a/templates/config/kubernetes/flux/meta/repositories/helm/jetstack.yaml.j2 +++ /dev/null @@ -1,10 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: jetstack - namespace: flux-system -spec: - interval: 1h - url: https://charts.jetstack.io diff --git a/templates/config/kubernetes/flux/meta/repositories/helm/k8s-gateway.yaml.j2 b/templates/config/kubernetes/flux/meta/repositories/helm/k8s-gateway.yaml.j2 deleted file mode 100644 index a3a82dbb..00000000 --- a/templates/config/kubernetes/flux/meta/repositories/helm/k8s-gateway.yaml.j2 +++ /dev/null @@ -1,10 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: k8s-gateway - namespace: flux-system -spec: - interval: 1h - url: https://ori-edge.github.io/k8s_gateway diff --git a/templates/config/kubernetes/flux/meta/repositories/helm/kustomization.yaml.j2 b/templates/config/kubernetes/flux/meta/repositories/helm/kustomization.yaml.j2 deleted file mode 100644 index a47714d7..00000000 --- a/templates/config/kubernetes/flux/meta/repositories/helm/kustomization.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./bjw-s.yaml - - ./cilium.yaml - - ./controlplaneio.yaml - - ./coredns.yaml - - ./external-dns.yaml - - ./ingress-nginx.yaml - - ./jetstack.yaml - - ./k8s-gateway.yaml - - ./metrics-server.yaml - - ./openebs.yaml - - ./prometheus-community.yaml - - ./spegel.yaml - - ./stakater.yaml diff --git a/templates/config/kubernetes/flux/meta/repositories/helm/metrics-server.yaml.j2 b/templates/config/kubernetes/flux/meta/repositories/helm/metrics-server.yaml.j2 deleted file mode 100644 index 02219440..00000000 --- a/templates/config/kubernetes/flux/meta/repositories/helm/metrics-server.yaml.j2 +++ /dev/null @@ -1,10 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: metrics-server - namespace: flux-system -spec: - interval: 1h - url: https://kubernetes-sigs.github.io/metrics-server diff --git a/templates/config/kubernetes/flux/meta/repositories/helm/openebs.yaml.j2 b/templates/config/kubernetes/flux/meta/repositories/helm/openebs.yaml.j2 deleted file mode 100644 index c8419a96..00000000 --- a/templates/config/kubernetes/flux/meta/repositories/helm/openebs.yaml.j2 +++ /dev/null @@ -1,10 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: openebs - namespace: flux-system -spec: - interval: 1h - url: https://openebs.github.io/openebs diff --git a/templates/config/kubernetes/flux/meta/repositories/helm/prometheus-community.yaml.j2 b/templates/config/kubernetes/flux/meta/repositories/helm/prometheus-community.yaml.j2 deleted file mode 100644 index 3cd8be67..00000000 --- a/templates/config/kubernetes/flux/meta/repositories/helm/prometheus-community.yaml.j2 +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: prometheus-community - namespace: flux-system -spec: - type: oci - interval: 5m - url: oci://ghcr.io/prometheus-community/charts diff --git a/templates/config/kubernetes/flux/meta/repositories/helm/spegel.yaml.j2 b/templates/config/kubernetes/flux/meta/repositories/helm/spegel.yaml.j2 deleted file mode 100644 index 33b617fe..00000000 --- a/templates/config/kubernetes/flux/meta/repositories/helm/spegel.yaml.j2 +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: spegel - namespace: flux-system -spec: - type: oci - interval: 5m - url: oci://ghcr.io/spegel-org/helm-charts diff --git a/templates/config/kubernetes/flux/meta/repositories/helm/stakater.yaml.j2 b/templates/config/kubernetes/flux/meta/repositories/helm/stakater.yaml.j2 deleted file mode 100644 index 5221640b..00000000 --- a/templates/config/kubernetes/flux/meta/repositories/helm/stakater.yaml.j2 +++ /dev/null @@ -1,11 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: stakater - namespace: flux-system -spec: - type: oci - interval: 5m - url: oci://ghcr.io/stakater/charts diff --git a/templates/config/kubernetes/flux/meta/repositories/kustomization.yaml.j2 b/templates/config/kubernetes/flux/meta/repositories/kustomization.yaml.j2 deleted file mode 100644 index ae7e0ad4..00000000 --- a/templates/config/kubernetes/flux/meta/repositories/kustomization.yaml.j2 +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./git - - ./helm - - ./oci diff --git a/templates/config/kubernetes/flux/meta/repositories/oci/kustomization.yaml.j2 b/templates/config/kubernetes/flux/meta/repositories/oci/kustomization.yaml.j2 deleted file mode 100644 index 8fb7c142..00000000 --- a/templates/config/kubernetes/flux/meta/repositories/oci/kustomization.yaml.j2 +++ /dev/null @@ -1,5 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: [] diff --git a/templates/config/kubernetes/flux/meta/settings/cluster-secrets.sops.yaml.j2 b/templates/config/kubernetes/flux/meta/settings/cluster-secrets.sops.yaml.j2 deleted file mode 100644 index ce2fc0c8..00000000 --- a/templates/config/kubernetes/flux/meta/settings/cluster-secrets.sops.yaml.j2 +++ /dev/null @@ -1,15 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetesjsonschema.dev/v1.18.1-standalone-strict/secret-v1.json -apiVersion: v1 -kind: Secret -metadata: - name: cluster-secrets - namespace: flux-system -#% if cloudflare.enabled %# -stringData: - SECRET_DOMAIN: "#{ cloudflare.domain }#" - SECRET_ACME_EMAIL: "#{ cloudflare.acme.email }#" - SECRET_CLOUDFLARE_TUNNEL_ID: "#{ cloudflare.tunnel.id }#" -#% else %# -stringData: {} -#% endif %# diff --git a/templates/config/kubernetes/flux/meta/settings/cluster-settings.yaml.j2 b/templates/config/kubernetes/flux/meta/settings/cluster-settings.yaml.j2 deleted file mode 100644 index a4b7c459..00000000 --- a/templates/config/kubernetes/flux/meta/settings/cluster-settings.yaml.j2 +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetesjsonschema.dev/v1.18.1-standalone-strict/configmap-v1.json -apiVersion: v1 -kind: ConfigMap -metadata: - name: cluster-settings - namespace: flux-system -data: {} diff --git a/templates/config/kubernetes/flux/meta/settings/kustomization.yaml.j2 b/templates/config/kubernetes/flux/meta/settings/kustomization.yaml.j2 deleted file mode 100644 index 9ea91972..00000000 --- a/templates/config/kubernetes/flux/meta/settings/kustomization.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./cluster-settings.yaml - - ./cluster-secrets.sops.yaml diff --git a/templates/overrides/readme.partial.yaml.j2 b/templates/overrides/readme.partial.yaml.j2 deleted file mode 100644 index b73f7538..00000000 --- a/templates/overrides/readme.partial.yaml.j2 +++ /dev/null @@ -1,5 +0,0 @@ -#| Place user jinja template overrides in this file's directory |# -#| Docs: https://mirkolenz.github.io/makejinja/makejinja.html |# -#| Example: https://github.com/mirkolenz/makejinja/blob/main/tests/data/makejinja.toml |# -#| Example: https://github.com/mirkolenz/makejinja/blob/main/tests/data/input1/not-empty.yaml.jinja |# -#| Example: https://github.com/mirkolenz/makejinja/blob/main/tests/data/input2/not-empty.yaml.jinja |# diff --git a/templates/scripts/plugin.py b/templates/scripts/plugin.py deleted file mode 100644 index 7c02271c..00000000 --- a/templates/scripts/plugin.py +++ /dev/null @@ -1,81 +0,0 @@ -import importlib.util -import sys -from collections.abc import Callable -from pathlib import Path -from typing import Any - -from typing import Any -from netaddr import IPNetwork - -import makejinja -import validation - - -# Return the filename of a path without the j2 extension -def basename(value: str) -> str: - return Path(value).stem - - -# Return a list of files in the talos patches directory -def talos_patches(value: str) -> list[str]: - path = Path(f'templates/config/kubernetes/bootstrap/talos/patches/{value}') - if not path.is_dir(): - return [] - return [str(f) for f in sorted(path.glob('*.yaml.j2')) if f.is_file()] - - -# Return the nth host in a CIDR range -def nthhost(value: str, query: int) -> str: - value = IPNetwork(value) - try: - nth = int(query) - if value.size > nth: - return str(value[nth]) - except ValueError: - return False - return value - - -def import_filter(file: Path) -> Callable[[dict[str, Any]], bool]: - module_path = file.relative_to(Path.cwd()).with_suffix("") - module_name = str(module_path).replace("/", ".") - spec = importlib.util.spec_from_file_location(module_name, file) - assert spec is not None - module = importlib.util.module_from_spec(spec) - sys.modules[module_name] = module - assert spec.loader is not None - spec.loader.exec_module(module) - return module.main - - -class Plugin(makejinja.plugin.Plugin): - def __init__(self, data: dict[str, Any], config: makejinja.config.Config): - self._data = data - self._config = config - - self._excluded_dirs: set[Path] = set() - for input_path in config.inputs: - for filter_file in input_path.rglob(".mjfilter.py"): - filter_func = import_filter(filter_file) - if filter_func(data) is False: - self._excluded_dirs.add(filter_file.parent) - - validation.validate(data) - - - def filters(self) -> makejinja.plugin.Filters: - return [basename, nthhost] - - - def functions(self) -> makejinja.plugin.Functions: - return [talos_patches] - - - def path_filters(self): - return [self._mjfilter_func] - - - def _mjfilter_func(self, path: Path) -> bool: - return not any( - path.is_relative_to(excluded_dir) for excluded_dir in self._excluded_dirs - ) diff --git a/templates/scripts/validation.py b/templates/scripts/validation.py deleted file mode 100644 index d1872c21..00000000 --- a/templates/scripts/validation.py +++ /dev/null @@ -1,118 +0,0 @@ -from functools import wraps -from typing import Callable -import dns.resolver -import netaddr -import ntplib -import re -import socket -import sys - -RESERVED_NODE_NAMES = ["global", "controller", "worker"] - -def required(*keys: str): - def wrapper_outter(func: Callable): - @wraps(func) - def wrapper(data: dict, *_, **kwargs) -> None: - for key in keys: - if data.get(key) is None: - raise ValueError(f"Missing required key {key}") - return func(*[data[key] for key in keys], **kwargs) - return wrapper - return wrapper_outter - - -def validate_python_version() -> None: - required_version = (3, 11, 0) - if sys.version_info < required_version: - raise ValueError(f"Invalid Python version {sys.version_info}, must be 3.11 or higher") - - -def validate_node(node: dict, node_cidr: str) -> None: - if not node.get('name') or not re.match(r"^[a-z0-9-]+$", node.get('name')): - raise ValueError(f"Invalid node name {node.get('name')} for {node.get('name')}, must be not empty and match [a-z0-9-]") - if node.get('name') in RESERVED_NODE_NAMES: - raise ValueError(f"Invalid node name {node.get('name')} for {node.get('name')}, must not be any of {', '.join(RESERVED_NODE_NAMES)}") - if not node.get('disk'): - raise ValueError(f"Invalid node disk {node.get('disk')} for {node.get('name')}, must be not empty") - if not node.get('mac_addr') or not re.match(r"^([0-9a-f]{2}[:]){5}([0-9a-f]{2})$", node.get('mac_addr')): - raise ValueError(f"Invalid node mac_addr {node.get('mac_addr')} for {node.get('name')}, must be not empty and match ([0-9a-f]{{2}}[:]){{5}}([0-9a-f]{{2}})") - if not re.match(r"^[a-z0-9]{64}$", node.get('schematic_id')): - raise ValueError(f"Invalid node schematic_id {node.get('schematic_id')} for {node.get('name')}, must match [a-z0-9]{64}") - - try: - netaddr.IPAddress(node.get('address')) - except netaddr.core.AddrFormatError as e: - raise ValueError(f"Invalid IP address {node.get('address')}") from e - - if netaddr.IPAddress(node.get('address'), 4) not in netaddr.IPNetwork(node_cidr): - raise ValueError( - f"Invalid node address {node.get('address')} for {node.get('name')}, must be in CIDR {node_cidr}" - ) - - with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: - sock.settimeout(5) - result = sock.connect_ex((node.get('address'), 50000)) - if result != 0: - raise ValueError( - f"Unable to connect to node {node.get('name')}, port 50000 is not connectable" - ) - - -@required("node_network", "node_inventory") -def validate_nodes(node_cidr: str, nodes: dict[list], **_) -> None: - try: - network = netaddr.IPNetwork(node_cidr) - if network.version != 4: - raise ValueError(f"Invalid node_network {network.version}, must be IPv4") - except netaddr.core.AddrFormatError as e: - raise ValueError(f"Invalid node_network {node_cidr}") from e - - controllers = [node for node in nodes if node.get('controller') == True] - if len(controllers) < 1 or len(controllers) % 2 == 0: - raise ValueError(f"Invalid number of controllers {len(controllers)}, must be odd and at least 1") - for node in controllers: - validate_node(node, node_cidr) - - workers = [node for node in nodes if node.get('controller') == False] - for node in workers: - validate_node(node, node_cidr) - - -@required("dns_servers") -def validate_dns_servers(servers: list = ["1.1.1.1","1.0.0.1"], **_) -> None: - resolver = dns.resolver.Resolver() - resolver.nameservers = servers - resolver.timeout = 5 - resolver.lifetime = 5 - - try: - resolver.resolve("cloudflare.com") - except Exception as e: - raise ValueError(f"Unable to resolve cloudflare.com with DNS servers {servers}") from e - - -@required("ntp_servers") -def validate_ntp_servers(servers: list = ["162.159.200.1","162.159.200.123"], **_) -> None: - client = ntplib.NTPClient() - for server in servers: - try: - client.request(server, version=3) - except Exception as e: - raise ValueError(f"Unable to connect to NTP server {server}") from e - - -@required("age_pubkey") -def validate_age(key: str, **_) -> None: - if not re.match(r"^age1[a-z0-9]{0,58}$", key): - raise ValueError(f"Invalid age_pubkey {key}, must be not empty and match age1[a-z0-9]{0,58}") - - -def validate(data: dict) -> None: - validate_python_version() - validate_age(data) - - if not data.get('skip_tests', False): - validate_nodes(data) - - validate_dns_servers(data) - validate_ntp_servers(data) From cecf9678681e25876b4d0a460ccaa138c48f0a6a Mon Sep 17 00:00:00 2001 From: Ronald Philipsen Date: Sun, 26 Jan 2025 13:10:08 +0100 Subject: [PATCH 15/37] disable db --- kubernetes/apps/database/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/database/kustomization.yaml b/kubernetes/apps/database/kustomization.yaml index bc888ee4..30b32a45 100644 --- a/kubernetes/apps/database/kustomization.yaml +++ b/kubernetes/apps/database/kustomization.yaml @@ -4,6 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./namespace.yaml - - ./cloudnative-pg/ks.yaml + # ./cloudnative-pg/ks.yaml - ./emqx/ks.yaml - ./minio/ks.yaml From 7b5d53d46dc0c3bd39091a9a558da8bdcbd3f9d2 Mon Sep 17 00:00:00 2001 From: Ronald Date: Sun, 26 Jan 2025 13:25:48 +0100 Subject: [PATCH 16/37] rework postgres (#231) Co-authored-by: Ronald Philipsen --- .../cluster/{cluster16.yaml => cluster.yaml} | 26 ++++++++++++++++--- .../cloudnative-pg/cluster/kustomization.yaml | 3 +-- .../cluster/scheduledbackup.yaml | 2 +- .../cloudnative-pg/cluster/service.yaml | 18 ------------- kubernetes/apps/database/kustomization.yaml | 2 +- 5 files changed, 26 insertions(+), 25 deletions(-) rename kubernetes/apps/database/cloudnative-pg/cluster/{cluster16.yaml => cluster.yaml} (64%) delete mode 100644 kubernetes/apps/database/cloudnative-pg/cluster/service.yaml diff --git a/kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml b/kubernetes/apps/database/cloudnative-pg/cluster/cluster.yaml similarity index 64% rename from kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml rename to kubernetes/apps/database/cloudnative-pg/cluster/cluster.yaml index 3fa55d01..39c14b84 100644 --- a/kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml +++ b/kubernetes/apps/database/cloudnative-pg/cluster/cluster.yaml @@ -6,7 +6,8 @@ metadata: name: postgres16 spec: instances: 3 - imageName: ghcr.io/cloudnative-pg/postgresql:16.3-7 + # renovate: datasource=docker depName=ghcr.io/cloudnative-pg/postgresql + imageName: ghcr.io/cloudnative-pg/postgresql:17.2 primaryUpdateStrategy: unsupervised storage: size: 20Gi @@ -16,7 +17,7 @@ spec: enableSuperuserAccess: true postgresql: parameters: - max_connections: "400" + max_connections: "200" shared_buffers: 256MB nodeMaintenanceWindow: inProgress: false @@ -40,7 +41,7 @@ spec: endpointURL: https://s3.rphilipsen.nl # Note: serverName version needs to be inclemented # when recovering from an existing cnpg cluster - serverName: ¤tCluster postgres16-v2 + serverName: ¤tCluster postgres-v1 s3Credentials: accessKeyId: name: cloudnative-pg-secret @@ -49,3 +50,22 @@ spec: name: cloudnative-pg-secret key: AWS_SECRET_ACCESS_KEY +--- +# yaml-language-server: $schema=https://kubernetesjsonschema.dev/v1.10.3-standalone/service-v1.json +apiVersion: v1 +kind: Service +metadata: + name: postgres-lb + annotations: + external-dns.alpha.kubernetes.io/hostname: postgres.${SECRET_DOMAIN} + lbipam.cilium.io/ips: ${POSTGRES_IP} +spec: + type: LoadBalancer + ports: + - name: postgres + port: 5432 + protocol: TCP + targetPort: 5432 + selector: + cnpg.io/cluster: postgres16 + role: primary diff --git a/kubernetes/apps/database/cloudnative-pg/cluster/kustomization.yaml b/kubernetes/apps/database/cloudnative-pg/cluster/kustomization.yaml index fd759b55..1d329b78 100644 --- a/kubernetes/apps/database/cloudnative-pg/cluster/kustomization.yaml +++ b/kubernetes/apps/database/cloudnative-pg/cluster/kustomization.yaml @@ -3,6 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./cluster16.yaml + - ./cluster.yaml - ./scheduledbackup.yaml - - ./service.yaml diff --git a/kubernetes/apps/database/cloudnative-pg/cluster/scheduledbackup.yaml b/kubernetes/apps/database/cloudnative-pg/cluster/scheduledbackup.yaml index f73a74f7..ca346fc1 100644 --- a/kubernetes/apps/database/cloudnative-pg/cluster/scheduledbackup.yaml +++ b/kubernetes/apps/database/cloudnative-pg/cluster/scheduledbackup.yaml @@ -9,4 +9,4 @@ spec: immediate: true backupOwnerReference: self cluster: - name: postgres16 + name: postgres diff --git a/kubernetes/apps/database/cloudnative-pg/cluster/service.yaml b/kubernetes/apps/database/cloudnative-pg/cluster/service.yaml deleted file mode 100644 index 5490e299..00000000 --- a/kubernetes/apps/database/cloudnative-pg/cluster/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: postgres-lb - annotations: - external-dns.alpha.kubernetes.io/hostname: postgres.${SECRET_DOMAIN} - lbipam.cilium.io/ips: ${POSTGRES_IP} -spec: - type: LoadBalancer - ports: - - name: postgres - port: 5432 - protocol: TCP - targetPort: 5432 - selector: - cnpg.io/cluster: postgres16 - role: primary diff --git a/kubernetes/apps/database/kustomization.yaml b/kubernetes/apps/database/kustomization.yaml index 30b32a45..bc888ee4 100644 --- a/kubernetes/apps/database/kustomization.yaml +++ b/kubernetes/apps/database/kustomization.yaml @@ -4,6 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./namespace.yaml - # ./cloudnative-pg/ks.yaml + - ./cloudnative-pg/ks.yaml - ./emqx/ks.yaml - ./minio/ks.yaml From 72547d580ae1624ac1205a881f57bdf4c3ef8353 Mon Sep 17 00:00:00 2001 From: Ronald Philipsen Date: Sun, 26 Jan 2025 13:28:23 +0100 Subject: [PATCH 17/37] do not reference 16 --- kubernetes/apps/database/cloudnative-pg/cluster/cluster.yaml | 4 ++-- kubernetes/apps/default/jellyseerr/app/externalsecret.yaml | 2 +- kubernetes/apps/default/prowlarr/app/externalsecret.yaml | 2 +- kubernetes/apps/default/radarr/app/externalsecret.yaml | 2 +- kubernetes/apps/default/sonarr/app/externalsecret.yaml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/kubernetes/apps/database/cloudnative-pg/cluster/cluster.yaml b/kubernetes/apps/database/cloudnative-pg/cluster/cluster.yaml index 39c14b84..3177a448 100644 --- a/kubernetes/apps/database/cloudnative-pg/cluster/cluster.yaml +++ b/kubernetes/apps/database/cloudnative-pg/cluster/cluster.yaml @@ -3,7 +3,7 @@ apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: - name: postgres16 + name: postgres spec: instances: 3 # renovate: datasource=docker depName=ghcr.io/cloudnative-pg/postgresql @@ -67,5 +67,5 @@ spec: protocol: TCP targetPort: 5432 selector: - cnpg.io/cluster: postgres16 + cnpg.io/cluster: postgres role: primary diff --git a/kubernetes/apps/default/jellyseerr/app/externalsecret.yaml b/kubernetes/apps/default/jellyseerr/app/externalsecret.yaml index 9f164bdb..881569a9 100644 --- a/kubernetes/apps/default/jellyseerr/app/externalsecret.yaml +++ b/kubernetes/apps/default/jellyseerr/app/externalsecret.yaml @@ -14,7 +14,7 @@ spec: engineVersion: v2 data: DB_TYPE: 'postgres' - DB_HOST: &dbHost postgres16-rw.database.svc.cluster.local + DB_HOST: &dbHost postgres-rw.database.svc.cluster.local DB_PORT: "5432" DB_USER: &dbUser "{{ .JELLYSEERR_POSTGRES_USER }}" DB_PASS: &dbPass "{{ .JELLYSEERR_POSTGRES_PASSWORD }}" diff --git a/kubernetes/apps/default/prowlarr/app/externalsecret.yaml b/kubernetes/apps/default/prowlarr/app/externalsecret.yaml index af32197e..d9edab8a 100644 --- a/kubernetes/apps/default/prowlarr/app/externalsecret.yaml +++ b/kubernetes/apps/default/prowlarr/app/externalsecret.yaml @@ -14,7 +14,7 @@ spec: engineVersion: v2 data: PROWLARR__AUTH__APIKEY: "{{ .PROWLARR_API_KEY }}" - PROWLARR__POSTGRES__HOST: &dbHost postgres16-rw.database.svc.cluster.local + PROWLARR__POSTGRES__HOST: &dbHost postgres-rw.database.svc.cluster.local PROWLARR__POSTGRES__PORT: "5432" PROWLARR__POSTGRES__USER: &dbUser "{{ .PROWLARR_POSTGRES_USER }}" PROWLARR__POSTGRES__PASSWORD: &dbPass "{{ .PROWLARR_POSTGRES_PASSWORD }}" diff --git a/kubernetes/apps/default/radarr/app/externalsecret.yaml b/kubernetes/apps/default/radarr/app/externalsecret.yaml index a40c7b27..aeb212c3 100644 --- a/kubernetes/apps/default/radarr/app/externalsecret.yaml +++ b/kubernetes/apps/default/radarr/app/externalsecret.yaml @@ -14,7 +14,7 @@ spec: engineVersion: v2 data: RADARR__AUTH__APIKEY: "{{ .RADARR_API_KEY }}" - RADARR__POSTGRES__HOST: &dbHost postgres16-rw.database.svc.cluster.local + RADARR__POSTGRES__HOST: &dbHost postgres-rw.database.svc.cluster.local RADARR__POSTGRES__PORT: "5432" RADARR__POSTGRES__USER: &dbUser "{{ .RADARR_POSTGRES_USER }}" RADARR__POSTGRES__PASSWORD: &dbPass "{{ .RADARR_POSTGRES_PASSWORD }}" diff --git a/kubernetes/apps/default/sonarr/app/externalsecret.yaml b/kubernetes/apps/default/sonarr/app/externalsecret.yaml index 81d3bf39..084479b4 100644 --- a/kubernetes/apps/default/sonarr/app/externalsecret.yaml +++ b/kubernetes/apps/default/sonarr/app/externalsecret.yaml @@ -14,7 +14,7 @@ spec: engineVersion: v2 data: SONARR__AUTH__APIKEY: "{{ .SONARR_API_KEY }}" - SONARR__POSTGRES__HOST: &dbHost postgres16-rw.database.svc.cluster.local + SONARR__POSTGRES__HOST: &dbHost postgres-rw.database.svc.cluster.local SONARR__POSTGRES__PORT: "5432" SONARR__POSTGRES__USER: &dbUser "{{ .SONARR_POSTGRES_USER }}" SONARR__POSTGRES__PASSWORD: &dbPass "{{ .SONARR_POSTGRES_PASSWORD }}" From f688de142201a4081a67a2d49955c7e426f059a2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 07:12:36 +0100 Subject: [PATCH 18/37] =?UTF-8?q?feat(helm):=20update=20coredns=20(=201.37?= =?UTF-8?q?.3=20=E2=86=92=201.38.1=20)=20(#232)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- kubernetes/apps/kube-system/coredns/app/helmrelease.yaml | 2 +- kubernetes/bootstrap/helmfile.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml b/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml index f5b7e389..a3e914c4 100644 --- a/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml +++ b/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: coredns - version: 1.37.3 + version: 1.38.1 sourceRef: kind: HelmRepository name: coredns diff --git a/kubernetes/bootstrap/helmfile.yaml b/kubernetes/bootstrap/helmfile.yaml index 8d7afaea..33fb0e81 100644 --- a/kubernetes/bootstrap/helmfile.yaml +++ b/kubernetes/bootstrap/helmfile.yaml @@ -32,7 +32,7 @@ releases: - name: coredns namespace: kube-system chart: coredns/coredns - version: 1.37.3 + version: 1.38.1 values: - ../apps/kube-system/coredns/app/helm-values.yaml needs: From 28f6b892f3381ebb31dff7591b93ac075c345ebf Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 29 Jan 2025 22:34:11 +0100 Subject: [PATCH 19/37] chore(mise): upgrade dependencies (#233) Co-authored-by: RonaldPhilipsen <8189044+RonaldPhilipsen@users.noreply.github.com> --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 0394d6e4..0486dce5 100644 --- a/.mise.toml +++ b/.mise.toml @@ -27,5 +27,5 @@ uv = "0.5.24" "aqua:kubernetes-sigs/kustomize" = "5.6.0" "aqua:kubernetes/kubectl" = "1.32.1" "aqua:mikefarah/yq" = "4.45.1" -"aqua:siderolabs/talos" = "1.9.2" +"aqua:siderolabs/talos" = "1.9.3" "aqua:yannh/kubeconform" = "0.6.7" From b9673619f4c0697b534725cbabe6186cf5961b6d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 30 Jan 2025 06:53:29 +0100 Subject: [PATCH 20/37] chore(mise): upgrade dependencies (#242) Co-authored-by: RonaldPhilipsen <8189044+RonaldPhilipsen@users.noreply.github.com> --- .mise.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 0486dce5..96ee0da7 100644 --- a/.mise.toml +++ b/.mise.toml @@ -13,7 +13,7 @@ run = "uv pip install -r requirements.txt" [tools] # Template tools python = "3.13" -uv = "0.5.24" +uv = "0.5.25" # Operations tools "aqua:budimanjojo/talhelper" = "3.0.16" "aqua:cloudflare/cloudflared" = "2025.1.0" From 2a07e47a74d3be97b52eedd34722d79253b11b63 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 30 Jan 2025 06:53:55 +0100 Subject: [PATCH 21/37] =?UTF-8?q?feat(helm):=20update=20coredns=20(=201.38?= =?UTF-8?q?.1=20=E2=86=92=201.39.0=20)=20(#241)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- kubernetes/apps/kube-system/coredns/app/helmrelease.yaml | 2 +- kubernetes/bootstrap/helmfile.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml b/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml index a3e914c4..d340b6da 100644 --- a/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml +++ b/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: coredns - version: 1.38.1 + version: 1.39.0 sourceRef: kind: HelmRepository name: coredns diff --git a/kubernetes/bootstrap/helmfile.yaml b/kubernetes/bootstrap/helmfile.yaml index 33fb0e81..c3b46d02 100644 --- a/kubernetes/bootstrap/helmfile.yaml +++ b/kubernetes/bootstrap/helmfile.yaml @@ -32,7 +32,7 @@ releases: - name: coredns namespace: kube-system chart: coredns/coredns - version: 1.38.1 + version: 1.39.0 values: - ../apps/kube-system/coredns/app/helm-values.yaml needs: From 65c828cc82b1c49fe3c908bad5c8b889a7d38822 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 30 Jan 2025 06:54:10 +0100 Subject: [PATCH 22/37] =?UTF-8?q?fix(helm):=20update=20openebs=20(=204.1.2?= =?UTF-8?q?=20=E2=86=92=204.1.3=20)=20(#240)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml b/kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml index b23f8e53..040a1df7 100644 --- a/kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml +++ b/kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: openebs - version: 4.1.2 + version: 4.1.3 sourceRef: kind: HelmRepository name: openebs From 4e9763568ec2d300118bfea1dc8a269038cf0177 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 30 Jan 2025 06:54:22 +0100 Subject: [PATCH 23/37] =?UTF-8?q?fix(helm):=20update=20external-dns=20(=20?= =?UTF-8?q?1.15.0=20=E2=86=92=201.15.1=20)=20(#239)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- kubernetes/apps/network/external-dns/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/network/external-dns/app/helmrelease.yaml b/kubernetes/apps/network/external-dns/app/helmrelease.yaml index 5a94df0b..6bb09360 100644 --- a/kubernetes/apps/network/external-dns/app/helmrelease.yaml +++ b/kubernetes/apps/network/external-dns/app/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: external-dns - version: 1.15.0 + version: 1.15.1 sourceRef: kind: HelmRepository name: external-dns From 67d4fef453cb07d54d055a3857bb49e748108a93 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 30 Jan 2025 06:54:34 +0100 Subject: [PATCH 24/37] =?UTF-8?q?chore(container):=20update=20ghcr.io/oned?= =?UTF-8?q?r0p/sonarr-develop=20(=20b2b3e30=20=E2=86=92=206564922=20)=20(#?= =?UTF-8?q?238)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- kubernetes/apps/default/sonarr/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/default/sonarr/app/helmrelease.yaml b/kubernetes/apps/default/sonarr/app/helmrelease.yaml index 2603d1ec..7dd3f7aa 100644 --- a/kubernetes/apps/default/sonarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/sonarr/app/helmrelease.yaml @@ -48,7 +48,7 @@ spec: main: image: repository: ghcr.io/onedr0p/sonarr-develop - tag: 4.0.12.2892@sha256:b2b3e309ac5ac85a3ad0402f9456de62916f9f59dd315bb3c497463a6e504274 + tag: 4.0.12.2892@sha256:656492266c4f59b1e702277e8c25c7727e48f8fc21443c823afa4333e6d5549c env: TZ: ${TIMEZONE} From 9afb6e2f0e25c3d7a849b8b2cd463fb8237feb21 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 30 Jan 2025 06:54:46 +0100 Subject: [PATCH 25/37] =?UTF-8?q?chore(container):=20update=20ghcr.io/oned?= =?UTF-8?q?r0p/sabnzbd=20(=204188d3c=20=E2=86=92=20fd85776=20)=20(#237)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- kubernetes/apps/default/sabnzbd/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml b/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml index d5d6396a..ca607251 100644 --- a/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml +++ b/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml @@ -42,7 +42,7 @@ spec: app: image: repository: ghcr.io/onedr0p/sabnzbd - tag: 4.4.1@sha256:4188d3c29c53de1018edcfd5dc2d0a0c7955b9a239b91ff6c859626abd3494dc + tag: 4.4.1@sha256:fd85776610865ba5bd8da40415759871ee70dfe9371f88ee88f18a847391ce6a env: TZ: "${TIMEZONE}" SABNZBD__PORT: &port 8080 From da7744d4d68cd3aacf1b24b3dcd1a66fe6f5476a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 30 Jan 2025 06:54:54 +0100 Subject: [PATCH 26/37] =?UTF-8?q?chore(container):=20update=20ghcr.io/oned?= =?UTF-8?q?r0p/radarr-develop=20(=2064364aa=20=E2=86=92=20f19b5e8=20)=20(#?= =?UTF-8?q?236)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- kubernetes/apps/default/radarr/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/default/radarr/app/helmrelease.yaml b/kubernetes/apps/default/radarr/app/helmrelease.yaml index 7845e739..36e1e45b 100644 --- a/kubernetes/apps/default/radarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/radarr/app/helmrelease.yaml @@ -49,7 +49,7 @@ spec: main: image: repository: ghcr.io/onedr0p/radarr-develop - tag: 5.18.1.9612@sha256:64364aa80c8e7bb1350c77a0400dcf7da298cf06c44c84081937955bbbd01e4c + tag: 5.18.1.9612@sha256:f19b5e8f22e1b807a563d50ebef0b47aca1a2d61cea63599c2c4ca85425a2320 env: TZ: ${TIMEZONE} From e6935aa5772f37227ef085f6bffae64eb704a272 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 30 Jan 2025 06:55:03 +0100 Subject: [PATCH 27/37] =?UTF-8?q?chore(container):=20update=20ghcr.io/oned?= =?UTF-8?q?r0p/prowlarr-develop=20(=201cf5d5e=20=E2=86=92=20cf9e51a=20)=20?= =?UTF-8?q?(#235)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- kubernetes/apps/default/prowlarr/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/default/prowlarr/app/helmrelease.yaml b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml index 7391ce3d..7870570f 100644 --- a/kubernetes/apps/default/prowlarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml @@ -49,7 +49,7 @@ spec: app: image: repository: ghcr.io/onedr0p/prowlarr-develop - tag: 1.30.2.4939@sha256:1cf5d5e553719085f4bffd5fab6377e7b72a6ad055a5eeaac951b2a097f3e669 + tag: 1.30.2.4939@sha256:cf9e51aaabc9c6b745b34af7c5b5280ac62eb07f62b397b6b1834ba4c9862616 env: TZ: ${TIMEZONE} PROWLARR__APP__INSTANCENAME: Prowlarr From a21d88c8ecea21f3762cdca36581a8cf0ff2dad3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 30 Jan 2025 06:55:13 +0100 Subject: [PATCH 28/37] =?UTF-8?q?chore(container):=20update=20ghcr.io/oned?= =?UTF-8?q?r0p/home-assistant=20(=200d20c91=20=E2=86=92=206389f95=20)=20(#?= =?UTF-8?q?234)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .../apps/home-automation/home-assistant/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml b/kubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml index 2a9b7211..ad276dc6 100644 --- a/kubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml +++ b/kubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml @@ -33,7 +33,7 @@ spec: home-assistant: image: repository: ghcr.io/onedr0p/home-assistant - tag: 2025.1.4@sha256:0d20c912e2c2a1a8f76b22f4689b575b4498c3cc334b807a91ecf82f2cd33094 + tag: 2025.1.4@sha256:6389f9593b4acd80c74322f56c9229fae631e752a3bf49839be12442a153e0dc env: TZ: America/New_York HASS_HTTP_TRUSTED_PROXY_1: 192.168.0.8/24 From 23fd84769d5c638444ddbf808d11bf809e042c97 Mon Sep 17 00:00:00 2001 From: Ronald Date: Thu, 30 Jan 2025 06:56:44 +0100 Subject: [PATCH 29/37] Update flux-diff.yaml --- .github/workflows/flux-diff.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index 053a5def..8177e111 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -3,6 +3,7 @@ name: "Flux Diff" on: + push: pull_request: branches: ["main"] paths: ["kubernetes/**"] From b77c2de4cb4bded6e87fea870ef6b2ed99738c62 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 30 Jan 2025 05:57:22 +0000 Subject: [PATCH 30/37] =?UTF-8?q?fix(container):=20update=20ghcr.io/sidero?= =?UTF-8?q?labs/installer=20(=20v1.9.2=20=E2=86=92=20v1.9.3=20)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kubernetes/bootstrap/talos/talconfig.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/bootstrap/talos/talconfig.yaml b/kubernetes/bootstrap/talos/talconfig.yaml index 545a8449..6a5b3c03 100644 --- a/kubernetes/bootstrap/talos/talconfig.yaml +++ b/kubernetes/bootstrap/talos/talconfig.yaml @@ -1,7 +1,7 @@ # yaml-language-server: $schema=https://raw.githubusercontent.com/budimanjojo/talhelper/master/pkg/config/schemas/talconfig.json --- # renovate: datasource=docker depName=ghcr.io/siderolabs/installer -talosVersion: v1.9.2 +talosVersion: v1.9.3 # renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet kubernetesVersion: v1.32.1 From c3f82fdaa63080cdc2ee90da277ee059814c62b6 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 1 Feb 2025 10:59:40 +0100 Subject: [PATCH 31/37] chore(mise): upgrade dependencies (#243) Co-authored-by: RonaldPhilipsen <8189044+RonaldPhilipsen@users.noreply.github.com> --- .mise.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.mise.toml b/.mise.toml index 96ee0da7..09570d46 100644 --- a/.mise.toml +++ b/.mise.toml @@ -13,10 +13,10 @@ run = "uv pip install -r requirements.txt" [tools] # Template tools python = "3.13" -uv = "0.5.25" +uv = "0.5.26" # Operations tools "aqua:budimanjojo/talhelper" = "3.0.16" -"aqua:cloudflare/cloudflared" = "2025.1.0" +"aqua:cloudflare/cloudflared" = "2025.1.1" "aqua:FiloSottile/age" = "1.2.1" "aqua:fluxcd/flux2" = "2.4.0" "aqua:getsops/sops" = "3.9.4" From d81683a2697fea08dc4bc3b8e6d70aa15a633b08 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 1 Feb 2025 11:49:02 +0100 Subject: [PATCH 32/37] =?UTF-8?q?feat(helm):=20update=20intel-device-plugi?= =?UTF-8?q?ns-operator=20(=200.31.1=20=E2=86=92=200.32.0=20)=20(#246)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .../apps/kube-system/intel-device-plugin/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/kube-system/intel-device-plugin/app/helmrelease.yaml b/kubernetes/apps/kube-system/intel-device-plugin/app/helmrelease.yaml index 076b55ea..58c75b05 100644 --- a/kubernetes/apps/kube-system/intel-device-plugin/app/helmrelease.yaml +++ b/kubernetes/apps/kube-system/intel-device-plugin/app/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: intel-device-plugins-operator - version: 0.31.1 + version: 0.32.0 sourceRef: kind: HelmRepository name: intel From e7e80ec0e1a4f1b542d88b4e521d57aa01844c09 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 1 Feb 2025 11:49:12 +0100 Subject: [PATCH 33/37] =?UTF-8?q?feat(helm):=20update=20intel-device-plugi?= =?UTF-8?q?ns-gpu=20(=200.31.1=20=E2=86=92=200.32.0=20)=20(#245)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .../apps/kube-system/intel-device-plugin/gpu/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/kube-system/intel-device-plugin/gpu/helmrelease.yaml b/kubernetes/apps/kube-system/intel-device-plugin/gpu/helmrelease.yaml index b435e86c..ece728e8 100644 --- a/kubernetes/apps/kube-system/intel-device-plugin/gpu/helmrelease.yaml +++ b/kubernetes/apps/kube-system/intel-device-plugin/gpu/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: intel-device-plugins-gpu - version: 0.31.1 + version: 0.32.0 sourceRef: kind: HelmRepository name: intel From fc1dec502be355633790d63192efe99dfc61e4de Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 1 Feb 2025 11:49:20 +0100 Subject: [PATCH 34/37] =?UTF-8?q?fix(helm):=20update=20grafana=20(=208.8.5?= =?UTF-8?q?=20=E2=86=92=208.8.6=20)=20(#244)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- kubernetes/apps/observability/grafana/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/observability/grafana/app/helmrelease.yaml b/kubernetes/apps/observability/grafana/app/helmrelease.yaml index c62fa8da..78e562c3 100644 --- a/kubernetes/apps/observability/grafana/app/helmrelease.yaml +++ b/kubernetes/apps/observability/grafana/app/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: grafana - version: 8.8.5 + version: 8.8.6 sourceRef: kind: HelmRepository name: grafana From efa51c6cb3f7bb971e05750943f3160c71271995 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 1 Feb 2025 10:50:00 +0000 Subject: [PATCH 35/37] =?UTF-8?q?fix(container):=20update=20docker.io/clou?= =?UTF-8?q?dflare/cloudflared=20(=202025.1.0=20=E2=86=92=202025.1.1=20)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kubernetes/apps/network/cloudflared/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/network/cloudflared/app/helmrelease.yaml b/kubernetes/apps/network/cloudflared/app/helmrelease.yaml index 22d40a5b..bb59f557 100644 --- a/kubernetes/apps/network/cloudflared/app/helmrelease.yaml +++ b/kubernetes/apps/network/cloudflared/app/helmrelease.yaml @@ -31,7 +31,7 @@ spec: app: image: repository: docker.io/cloudflare/cloudflared - tag: 2025.1.0 + tag: 2025.1.1 env: NO_AUTOUPDATE: true TUNNEL_CRED_FILE: /etc/cloudflared/creds/credentials.json From 0dfca03ace14dd62badcbc7fd29c90ab0dadf5a4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 1 Feb 2025 13:53:25 +0100 Subject: [PATCH 36/37] =?UTF-8?q?fix(container):=20update=20ghcr.io/onedr0?= =?UTF-8?q?p/sonarr-develop=20(=204.0.12.2892=20=E2=86=92=204.0.12.2900=20?= =?UTF-8?q?)=20(#247)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- kubernetes/apps/default/sonarr/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/default/sonarr/app/helmrelease.yaml b/kubernetes/apps/default/sonarr/app/helmrelease.yaml index 7dd3f7aa..64dbb8de 100644 --- a/kubernetes/apps/default/sonarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/sonarr/app/helmrelease.yaml @@ -48,7 +48,7 @@ spec: main: image: repository: ghcr.io/onedr0p/sonarr-develop - tag: 4.0.12.2892@sha256:656492266c4f59b1e702277e8c25c7727e48f8fc21443c823afa4333e6d5549c + tag: 4.0.12.2900@sha256:e4de8879c00d0d5ac2d616e325259cf0afef0b3715fcdcf081292c25c5072760 env: TZ: ${TIMEZONE} From a94453242be77988c8bf3466085cf0c2e57d612b Mon Sep 17 00:00:00 2001 From: Ronald Philipsen Date: Sat, 1 Feb 2025 14:32:04 +0100 Subject: [PATCH 37/37] add kube-prometheis-stack --- .../alertmanagerconfig.yaml | 19 ++++++++++--------- .../kube-prometheus-stack/externalsecret.yaml | 1 - .../meta/settings/cluster-secrets.sops.yaml | 9 ++++++--- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/kubernetes/apps/observability/kube-prometheus-stack/alertmanagerconfig.yaml b/kubernetes/apps/observability/kube-prometheus-stack/alertmanagerconfig.yaml index 4a369ab3..7fb5f9a9 100644 --- a/kubernetes/apps/observability/kube-prometheus-stack/alertmanagerconfig.yaml +++ b/kubernetes/apps/observability/kube-prometheus-stack/alertmanagerconfig.yaml @@ -49,8 +49,17 @@ spec: key: ALERTMANAGER_HEARTBEAT_URL - name: email emailConfigs: - - from: 'alertmanager@${SECRET_DOMAIN}' + # Whether to notify about resolved alerts. + - sendResolved: true to: 'alerts@${SECRET_DOMAIN}' + from: 'alertmanager@${SECRET_DOMAIN}' + hello: k8s@${SECRET_DOMAIN} + # The smarthost and SMTP sender used for mail notifications. + smarthost: ${ALERTMANAGER_SMTP_HOST} + authUsername: ${ALERTMANAGER_SMTP_USERNAME} + authPassword: + key: *secret + name: ALERTMANAGER_SMTP_PASSWORD text: >- [{{ .Status | toUpper }}{{ if eq .Status "firing" }}:{{ .Alerts.Firing | len }}{{ end }}] {{ .CommonLabels.alertname }} @@ -74,11 +83,3 @@ spec: {{- end }} {{- end }} - sendResolved: true - # The smarthost and SMTP sender used for mail notifications. - hello: k8s@${SECRET_DOMAIN} - smarthost: ${ALERTMANAGER_SMTP_HOST} - authUsername: ${ALERTMANAGER_SMTP_USERNAME} - authPassword: - key: *secret - name: ALERTMANAGER_SMTP_PASSWORD diff --git a/kubernetes/apps/observability/kube-prometheus-stack/externalsecret.yaml b/kubernetes/apps/observability/kube-prometheus-stack/externalsecret.yaml index a2950bf9..b9daed03 100644 --- a/kubernetes/apps/observability/kube-prometheus-stack/externalsecret.yaml +++ b/kubernetes/apps/observability/kube-prometheus-stack/externalsecret.yaml @@ -15,7 +15,6 @@ spec: data: ALERTMANAGER_HEARTBEAT_URL: "{{ .ALERTMANAGER_HEARTBEAT_URL }}" ALERTMANAGER_SMTP_PASSWORD: "{{ .ALERTMANAGER_SMTP_PASSWORD }}" - PUSHOVER_USER_KEY: "{{ .PUSHOVER_USER_KEY }}" dataFrom: - extract: key: alertmanager diff --git a/kubernetes/flux/meta/settings/cluster-secrets.sops.yaml b/kubernetes/flux/meta/settings/cluster-secrets.sops.yaml index 11da95b1..f17e41e0 100644 --- a/kubernetes/flux/meta/settings/cluster-secrets.sops.yaml +++ b/kubernetes/flux/meta/settings/cluster-secrets.sops.yaml @@ -14,6 +14,9 @@ stringData: CLUSTER_SVC_V6_PREFIX: ENC[AES256_GCM,data:qVmaFX2V2/TF1z9gLij+ZEzblucO,iv:T8UYxEN8r1A7nSqalS7Mxw0Dn8saDKckYFbHP+V38JM=,tag:RJswikeCI4a0xZv4i7Yegg==,type:str] CLUSTER_LBA_V6_CIDR: ENC[AES256_GCM,data:BUDk53jJv3VYKiMPaHwh69omm7QCB8zmksNy,iv:rTkABwkYE84F36OrY1AsUdx1/3EryaCo8in91Vqwuxk=,tag:Ot/288eN/+u4T9Wg8otezA==,type:str] CLUSTER_NODE_V6_CIDR: ENC[AES256_GCM,data:9EtUqN4vA5pzYGPigwqhVc8oMw==,iv:rpnJtQ7E1sW/D7IYxOYtA7TU+cl+tMyAe3oEZ+Kgqks=,tag:n0muTnj1K0dgJgQjcUiuDQ==,type:str] + #ENC[AES256_GCM,data:brFBypll5QOb7yyqt/gHs5rH75+FXbW753m8,iv:wC1nkZUN3nBS+7ZCvGi1K8aYWXG7E0Ywr+H/vZORzAM=,tag:ZN3sr+XSdxDz9zPO+vRZFw==,type:comment] + ALERTMANAGER_SMTP_USERNAME: ENC[AES256_GCM,data:33AiYpDOJ41hHhTgfLsGUglWVk8KwVw=,iv:MBDtmvhgo4urPMHJDRIgPmS5avRg8//5N+YhWeECqtw=,tag:aP6ht3OlN902f9877OaAng==,type:str] + ALERTMANAGER_SMTP_HOST: ENC[AES256_GCM,data:O8rXlZjoe9xwRqXd0Iy7eNS4,iv:oJHPANSEbV2LYf0+z8JQS4kK25gZoOS66STciO4yneI=,tag:7svebzCwZU5JbhTLgrFtiw==,type:str] sops: kms: [] gcp_kms: [] @@ -29,9 +32,9 @@ sops: dEJCQ0VzcEVlWmdDYUs5Nm9jYTVXckkKr8OGj284W6dhf5uUFtpwPX1eaz0dYWx2 uy6dvYEY+SSVSGaojydt8IFU80vhaQIslI2A7hIjNmGY6s5Pl2Zpnw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-18T21:51:24Z" - mac: ENC[AES256_GCM,data:rmU+URrHaloXPKthGXfStu4T2/2XhL7NYrwK5ZjUkFmFGNCHlihEjpOW+gowPPA2Dhb7I6wVCAT9Ix+2ir4EYi+xx3Q3Zkbc4dh+QzvbgXnFuWQcTgb6l8ePpsNDVVWDz6fRyI/1m+bky67vhqRXmXjJglxnD+ZIEIBOIdI2bsA=,iv:sklvnbvwADKvrr2LlLCtmCLFOPYqSVwFkzsv3xV0mHE=,tag:9B3AxDUa1CMenwatD77pVA==,type:str] + lastmodified: "2025-02-01T13:32:02Z" + mac: ENC[AES256_GCM,data:ww6bzEoYf0i2ChcHXsQzv1j4ijpoO5O/3o5r1urAckvH9UnO5Dg2mDd8wv2ZZSbueibBpgJAV/V+FpUPIyAqaN6m5aLsGHSz/usfhz62fCownI9zv/gnfCbvGNTa19EL5Cnniv6gc5dtUZOlkyMOfmO0Ps++fsgeG1TyF3q+gZM=,iv:eRcpVyQUzr1YeIpurtqklMKv3y3F2Vn+oiiTIddfKWk=,tag:6+cuyd7fLGBGBb4jNqoENg==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ mac_only_encrypted: true - version: 3.9.3 + version: 3.9.4