diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml index 1877c56e6..3613a5e6c 100644 --- a/.github/workflows/flux-diff.yaml +++ b/.github/workflows/flux-diff.yaml @@ -36,6 +36,7 @@ jobs: uses: tj-actions/changed-files@v45 with: files: kubernetes/** + files_ignore: kubernetes/shared/** dir_names: true dir_names_max_depth: 2 matrix: true @@ -93,13 +94,18 @@ jobs: - name: Generate Diff id: diff run: | - echo "diff<> $GITHUB_OUTPUT - cat diff.patch >> $GITHUB_OUTPUT - echo "EOF" >> $GITHUB_OUTPUT - echo "### Diff" >> $GITHUB_STEP_SUMMARY - echo '```diff' >> $GITHUB_STEP_SUMMARY - cat diff.patch >> $GITHUB_STEP_SUMMARY - echo '```' >> $GITHUB_STEP_SUMMARY + cat diff.patch; + { + echo 'diff<> "$GITHUB_OUTPUT"; + { + echo "### Diff" + echo '```diff' + cat diff.patch + echo '```' + } >> "$GITHUB_STEP_SUMMARY" - if: ${{ steps.diff.outputs.diff != '' }} name: Add comment diff --git a/.github/workflows/flux-image-test.yaml b/.github/workflows/flux-image-test.yaml index e00efac8d..608c39d78 100644 --- a/.github/workflows/flux-image-test.yaml +++ b/.github/workflows/flux-image-test.yaml @@ -36,6 +36,7 @@ jobs: uses: tj-actions/changed-files@v45 with: files: kubernetes/** + files_ignore: kubernetes/shared/** dir_names: true dir_names_max_depth: 2 matrix: true diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml index 7296cf1d4..ef5c43af7 100644 --- a/.github/workflows/labeler.yaml +++ b/.github/workflows/labeler.yaml @@ -11,9 +11,7 @@ jobs: labeler: name: Labeler runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write + if: ${{ github.event.pull_request.head.repo.full_name == github.repository }} steps: - name: Generate Token uses: actions/create-github-app-token@v1 diff --git a/kubernetes/main/apps/kube-system/cilium/config/ip-pools.yaml b/kubernetes/main/apps/kube-system/cilium/config/ip-pools.yaml index 919664e50..c61dfd20b 100644 --- a/kubernetes/main/apps/kube-system/cilium/config/ip-pools.yaml +++ b/kubernetes/main/apps/kube-system/cilium/config/ip-pools.yaml @@ -13,7 +13,7 @@ spec: apiVersion: cilium.io/v2alpha1 kind: CiliumLoadBalancerIPPool metadata: - name: networking-pool + name: network-pool spec: allowFirstLastIPs: "Yes" blocks: @@ -21,4 +21,4 @@ spec: stop: 10.1.1.160 serviceSelector: matchLabels: - "io.kubernetes.service.namespace": "networking" + "io.kubernetes.service.namespace": "network" diff --git a/kubernetes/main/apps/kube-system/coredns/app/helm-values.yaml b/kubernetes/main/apps/kube-system/coredns/app/helm-values.yaml new file mode 100644 index 000000000..8a03b8432 --- /dev/null +++ b/kubernetes/main/apps/kube-system/coredns/app/helm-values.yaml @@ -0,0 +1,51 @@ +--- +fullnameOverride: coredns +replicaCount: 3 +k8sAppLabelOverride: kube-dns +serviceAccount: + create: true +service: + name: kube-dns + clusterIP: 10.43.0.10 +servers: + - zones: + - zone: . + scheme: dns:// + use_tcp: true + port: 53 + plugins: + - name: errors + - name: health + configBlock: |- + lameduck 5s + - name: ready + - name: log + configBlock: |- + class error + - name: prometheus + parameters: 0.0.0.0:9153 + - name: kubernetes + parameters: cluster.local in-addr.arpa ip6.arpa + configBlock: |- + pods insecure + fallthrough in-addr.arpa ip6.arpa + - name: forward + parameters: . /etc/resolv.conf + - name: cache + parameters: 30 + - name: loop + - name: reload + - name: loadbalance +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists +tolerations: + - key: CriticalAddonsOnly + operator: Exists + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule diff --git a/kubernetes/main/apps/kube-system/coredns/app/helmrelease.yaml b/kubernetes/main/apps/kube-system/coredns/app/helmrelease.yaml new file mode 100644 index 000000000..ce31f06de --- /dev/null +++ b/kubernetes/main/apps/kube-system/coredns/app/helmrelease.yaml @@ -0,0 +1,27 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: coredns +spec: + interval: 30m + chart: + spec: + chart: coredns + version: 1.36.1 + sourceRef: + kind: HelmRepository + name: coredns + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + valuesFrom: + - kind: ConfigMap + name: coredns-helm-values diff --git a/kubernetes/main/apps/kube-system/coredns/app/kustomization.yaml b/kubernetes/main/apps/kube-system/coredns/app/kustomization.yaml new file mode 100644 index 000000000..39444bbd4 --- /dev/null +++ b/kubernetes/main/apps/kube-system/coredns/app/kustomization.yaml @@ -0,0 +1,12 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml +configMapGenerator: + - name: coredns-helm-values + files: + - values.yaml=./helm-values.yaml +configurations: + - kustomizeconfig.yaml diff --git a/kubernetes/main/apps/kube-system/coredns/app/kustomizeconfig.yaml b/kubernetes/main/apps/kube-system/coredns/app/kustomizeconfig.yaml new file mode 100644 index 000000000..58f92ba15 --- /dev/null +++ b/kubernetes/main/apps/kube-system/coredns/app/kustomizeconfig.yaml @@ -0,0 +1,7 @@ +--- +nameReference: + - kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease diff --git a/kubernetes/main/apps/kube-system/coredns/ks.yaml b/kubernetes/main/apps/kube-system/coredns/ks.yaml new file mode 100644 index 000000000..269f52ede --- /dev/null +++ b/kubernetes/main/apps/kube-system/coredns/ks.yaml @@ -0,0 +1,20 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app coredns + namespace: flux-system +spec: + targetNamespace: kube-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/main/apps/kube-system/coredns/app + prune: false # never should be deleted + sourceRef: + kind: GitRepository + name: home-kubernetes + wait: false + interval: 30m + timeout: 5m diff --git a/kubernetes/main/apps/kube-system/kustomization.yaml b/kubernetes/main/apps/kube-system/kustomization.yaml index cfe4a04f5..5b905c6e5 100644 --- a/kubernetes/main/apps/kube-system/kustomization.yaml +++ b/kubernetes/main/apps/kube-system/kustomization.yaml @@ -7,6 +7,7 @@ resources: - ./namespace.yaml # Flux-Kustomizations - ./cilium/ks.yaml + # - ./coredns/ks.yaml - ./kubelet-csr-approver/ks.yaml - ./metrics-server/ks.yaml - ./spegel/ks.yaml diff --git a/kubernetes/main/apps/media/audiobookshelf/app/helmrelease.yaml b/kubernetes/main/apps/media/audiobookshelf/app/helmrelease.yaml index 765dde015..15038cd66 100644 --- a/kubernetes/main/apps/media/audiobookshelf/app/helmrelease.yaml +++ b/kubernetes/main/apps/media/audiobookshelf/app/helmrelease.yaml @@ -25,8 +25,6 @@ spec: dependsOn: - name: rook-ceph-cluster namespace: rook-ceph - - name: volsync - namespace: volsync-system values: controllers: audiobookshelf: diff --git a/kubernetes/main/apps/media/audiobookshelf/ks.yaml b/kubernetes/main/apps/media/audiobookshelf/ks.yaml index 2b7215d66..e8d6a2119 100644 --- a/kubernetes/main/apps/media/audiobookshelf/ks.yaml +++ b/kubernetes/main/apps/media/audiobookshelf/ks.yaml @@ -12,6 +12,7 @@ spec: app.kubernetes.io/name: *app dependsOn: - name: external-secrets-stores + - name: volsync path: ./kubernetes/main/apps/media/audiobookshelf/app prune: true sourceRef: diff --git a/kubernetes/main/apps/media/bazarr/app/helmrelease.yaml b/kubernetes/main/apps/media/bazarr/app/helmrelease.yaml index 8aa20c892..8ede6e964 100644 --- a/kubernetes/main/apps/media/bazarr/app/helmrelease.yaml +++ b/kubernetes/main/apps/media/bazarr/app/helmrelease.yaml @@ -25,8 +25,6 @@ spec: dependsOn: - name: rook-ceph-cluster namespace: rook-ceph - - name: volsync - namespace: volsync-system values: controllers: bazarr: diff --git a/kubernetes/main/apps/media/bazarr/ks.yaml b/kubernetes/main/apps/media/bazarr/ks.yaml index 77ca2ae67..f7e6973b2 100644 --- a/kubernetes/main/apps/media/bazarr/ks.yaml +++ b/kubernetes/main/apps/media/bazarr/ks.yaml @@ -12,6 +12,7 @@ spec: app.kubernetes.io/name: *app dependsOn: - name: external-secrets-stores + - name: volsync path: ./kubernetes/main/apps/media/bazarr/app prune: true sourceRef: diff --git a/kubernetes/main/apps/media/jellyfin/app/helmrelease.yaml b/kubernetes/main/apps/media/jellyfin/app/helmrelease.yaml index b48b426e1..3fd5652d7 100644 --- a/kubernetes/main/apps/media/jellyfin/app/helmrelease.yaml +++ b/kubernetes/main/apps/media/jellyfin/app/helmrelease.yaml @@ -27,8 +27,6 @@ spec: namespace: system - name: rook-ceph-cluster namespace: rook-ceph - - name: volsync - namespace: volsync-system values: controllers: jellyfin: diff --git a/kubernetes/main/apps/media/jellyfin/ks.yaml b/kubernetes/main/apps/media/jellyfin/ks.yaml index 50a835bc5..8801d0324 100644 --- a/kubernetes/main/apps/media/jellyfin/ks.yaml +++ b/kubernetes/main/apps/media/jellyfin/ks.yaml @@ -10,6 +10,8 @@ spec: commonMetadata: labels: app.kubernetes.io/name: *app + dependsOn: + - name: volsync path: ./kubernetes/main/apps/media/jellyfin/app prune: true sourceRef: diff --git a/kubernetes/main/apps/media/overseerr/app/helmrelease.yaml b/kubernetes/main/apps/media/overseerr/app/helmrelease.yaml index e3a583523..787e0a68f 100644 --- a/kubernetes/main/apps/media/overseerr/app/helmrelease.yaml +++ b/kubernetes/main/apps/media/overseerr/app/helmrelease.yaml @@ -25,8 +25,6 @@ spec: dependsOn: - name: rook-ceph-cluster namespace: rook-ceph - - name: volsync - namespace: volsync-system values: controllers: overseerr: diff --git a/kubernetes/main/apps/media/overseerr/ks.yaml b/kubernetes/main/apps/media/overseerr/ks.yaml index 60bd85d91..74a7e5113 100644 --- a/kubernetes/main/apps/media/overseerr/ks.yaml +++ b/kubernetes/main/apps/media/overseerr/ks.yaml @@ -10,6 +10,8 @@ spec: commonMetadata: labels: app.kubernetes.io/name: *app + dependsOn: + - name: volsync path: ./kubernetes/main/apps/media/overseerr/app prune: true sourceRef: diff --git a/kubernetes/main/apps/media/plex/app/helmrelease.yaml b/kubernetes/main/apps/media/plex/app/helmrelease.yaml index 424c8b118..5841d12b7 100644 --- a/kubernetes/main/apps/media/plex/app/helmrelease.yaml +++ b/kubernetes/main/apps/media/plex/app/helmrelease.yaml @@ -27,8 +27,6 @@ spec: namespace: system - name: rook-ceph-cluster namespace: rook-ceph - - name: volsync - namespace: volsync-system values: controllers: plex: diff --git a/kubernetes/main/apps/media/plex/ks.yaml b/kubernetes/main/apps/media/plex/ks.yaml index c5c2856a3..13bef5404 100644 --- a/kubernetes/main/apps/media/plex/ks.yaml +++ b/kubernetes/main/apps/media/plex/ks.yaml @@ -10,6 +10,8 @@ spec: commonMetadata: labels: app.kubernetes.io/name: *app + dependsOn: + - name: volsync path: ./kubernetes/main/apps/media/plex/app prune: true sourceRef: diff --git a/kubernetes/main/apps/media/qbittorrent/app/helmrelease.yaml b/kubernetes/main/apps/media/qbittorrent/app/helmrelease.yaml index ba59fc366..1a9e87829 100644 --- a/kubernetes/main/apps/media/qbittorrent/app/helmrelease.yaml +++ b/kubernetes/main/apps/media/qbittorrent/app/helmrelease.yaml @@ -25,8 +25,6 @@ spec: dependsOn: - name: rook-ceph-cluster namespace: rook-ceph - - name: volsync - namespace: volsync-system values: controllers: qbittorrent: diff --git a/kubernetes/main/apps/media/qbittorrent/ks.yaml b/kubernetes/main/apps/media/qbittorrent/ks.yaml index 9bf8e519a..42c8c4593 100644 --- a/kubernetes/main/apps/media/qbittorrent/ks.yaml +++ b/kubernetes/main/apps/media/qbittorrent/ks.yaml @@ -10,6 +10,8 @@ spec: commonMetadata: labels: app.kubernetes.io/name: *app + dependsOn: + - name: volsync path: ./kubernetes/main/apps/media/qbittorrent/app prune: true sourceRef: diff --git a/kubernetes/main/apps/media/recyclarr/app/helmrelease.yaml b/kubernetes/main/apps/media/recyclarr/app/helmrelease.yaml index e67b49135..82daf2cdc 100644 --- a/kubernetes/main/apps/media/recyclarr/app/helmrelease.yaml +++ b/kubernetes/main/apps/media/recyclarr/app/helmrelease.yaml @@ -25,8 +25,6 @@ spec: dependsOn: - name: rook-ceph-cluster namespace: rook-ceph - - name: volsync - namespace: volsync-system values: controllers: recyclarr: diff --git a/kubernetes/main/apps/media/recyclarr/ks.yaml b/kubernetes/main/apps/media/recyclarr/ks.yaml index 09073a188..06799010a 100644 --- a/kubernetes/main/apps/media/recyclarr/ks.yaml +++ b/kubernetes/main/apps/media/recyclarr/ks.yaml @@ -12,6 +12,7 @@ spec: app.kubernetes.io/name: *app dependsOn: - name: external-secrets-stores + - name: volsync path: ./kubernetes/main/apps/media/recyclarr/app prune: true sourceRef: diff --git a/kubernetes/main/apps/media/tautulli/app/helmrelease.yaml b/kubernetes/main/apps/media/tautulli/app/helmrelease.yaml index 317fa34a7..645bd73e0 100644 --- a/kubernetes/main/apps/media/tautulli/app/helmrelease.yaml +++ b/kubernetes/main/apps/media/tautulli/app/helmrelease.yaml @@ -25,8 +25,6 @@ spec: dependsOn: - name: rook-ceph-cluster namespace: rook-ceph - - name: volsync - namespace: volsync-system values: controllers: tautulli: diff --git a/kubernetes/main/apps/media/tautulli/ks.yaml b/kubernetes/main/apps/media/tautulli/ks.yaml index d2654179f..5fe2c7a65 100644 --- a/kubernetes/main/apps/media/tautulli/ks.yaml +++ b/kubernetes/main/apps/media/tautulli/ks.yaml @@ -10,6 +10,8 @@ spec: commonMetadata: labels: app.kubernetes.io/name: *app + dependsOn: + - name: volsync path: ./kubernetes/main/apps/media/tautulli/app prune: true sourceRef: diff --git a/kubernetes/main/apps/media/xteve/app/helmrelease.yaml b/kubernetes/main/apps/media/xteve/app/helmrelease.yaml index e2e0cb704..03d5a5521 100644 --- a/kubernetes/main/apps/media/xteve/app/helmrelease.yaml +++ b/kubernetes/main/apps/media/xteve/app/helmrelease.yaml @@ -25,8 +25,6 @@ spec: dependsOn: - name: rook-ceph-cluster namespace: rook-ceph - - name: volsync - namespace: volsync-system values: controllers: xteve: diff --git a/kubernetes/main/apps/media/xteve/ks.yaml b/kubernetes/main/apps/media/xteve/ks.yaml index 93f67c9f0..7924cd1ab 100644 --- a/kubernetes/main/apps/media/xteve/ks.yaml +++ b/kubernetes/main/apps/media/xteve/ks.yaml @@ -10,6 +10,8 @@ spec: commonMetadata: labels: app.kubernetes.io/name: *app + dependsOn: + - name: volsync path: ./kubernetes/main/apps/media/xteve/app prune: true sourceRef: diff --git a/kubernetes/main/apps/networking/cloudflared/app/dnsendpoint.yaml b/kubernetes/main/apps/networking/cloudflared/app/dnsendpoint.yaml index 92ee5083e..9c252d6c7 100644 --- a/kubernetes/main/apps/networking/cloudflared/app/dnsendpoint.yaml +++ b/kubernetes/main/apps/networking/cloudflared/app/dnsendpoint.yaml @@ -8,4 +8,4 @@ spec: endpoints: - dnsName: external.rodent.cc recordType: CNAME - targets: ["${CLUSTER_CLOUDFLARE_TUNNEL_ID}.cfargotunnel.com"] + targets: ["73f66c1e-1048-49b5-bba5-c535ca8162d9.cfargotunnel.com"] diff --git a/kubernetes/main/apps/networking/cloudflared/app/externalsecret.yaml b/kubernetes/main/apps/networking/cloudflared/app/externalsecret.yaml index 38932e003..64dce9476 100644 --- a/kubernetes/main/apps/networking/cloudflared/app/externalsecret.yaml +++ b/kubernetes/main/apps/networking/cloudflared/app/externalsecret.yaml @@ -17,7 +17,7 @@ spec: { "AccountTag": "{{ .CLOUDFLARE_ACCOUNT_TAG }}", "TunnelSecret": "{{ .CLOUDFLARE_TUNNEL_SECRET }}", - "TunnelID": "${CLUSTER_CLOUDFLARE_TUNNEL_ID}" + "TunnelID": "73f66c1e-1048-49b5-bba5-c535ca8162d9" } dataFrom: - extract: diff --git a/kubernetes/main/apps/networking/cloudflared/app/helmrelease.yaml b/kubernetes/main/apps/networking/cloudflared/app/helmrelease.yaml index 578a52b90..41ad8a869 100644 --- a/kubernetes/main/apps/networking/cloudflared/app/helmrelease.yaml +++ b/kubernetes/main/apps/networking/cloudflared/app/helmrelease.yaml @@ -24,7 +24,7 @@ spec: retries: 3 dependsOn: - name: nginx-external - namespace: networking + namespace: network values: controllers: cloudflared: @@ -49,7 +49,7 @@ spec: - --config - /etc/cloudflared/config/config.yaml - run - - "${CLUSTER_CLOUDFLARE_TUNNEL_ID}" + - "73f66c1e-1048-49b5-bba5-c535ca8162d9" probes: liveness: &probes enabled: true diff --git a/kubernetes/main/apps/networking/cloudflared/app/resources/config.yaml b/kubernetes/main/apps/networking/cloudflared/app/resources/config.yaml index 5cc2ab481..5a3cef481 100644 --- a/kubernetes/main/apps/networking/cloudflared/app/resources/config.yaml +++ b/kubernetes/main/apps/networking/cloudflared/app/resources/config.yaml @@ -4,7 +4,7 @@ originRequest: ingress: - hostname: rodent.cc - service: https://nginx-external-controller.networking.svc.cluster.local:443 + service: https://nginx-external-controller.network.svc.cluster.local:443 - hostname: "*.rodent.cc" - service: https://nginx-external-controller.networking.svc.cluster.local:443 + service: https://nginx-external-controller.network.svc.cluster.local:443 - service: http_status:404 diff --git a/kubernetes/main/apps/networking/cloudflared/ks.yaml b/kubernetes/main/apps/networking/cloudflared/ks.yaml index 66cdaef8e..70e081d68 100644 --- a/kubernetes/main/apps/networking/cloudflared/ks.yaml +++ b/kubernetes/main/apps/networking/cloudflared/ks.yaml @@ -8,14 +8,14 @@ metadata: labels: substitution.flux.home.arpa/enabled: "true" spec: - targetNamespace: networking + targetNamespace: network commonMetadata: labels: app.kubernetes.io/name: *app dependsOn: - name: external-dns-cloudflare - name: external-secrets-stores - path: ./kubernetes/main/apps/networking/cloudflared/app + path: ./kubernetes/main/apps/network/cloudflared/app prune: false sourceRef: kind: GitRepository diff --git a/kubernetes/main/apps/networking/external-dns/ks.yaml b/kubernetes/main/apps/networking/external-dns/ks.yaml index 5a4e82c85..ae7abab6e 100644 --- a/kubernetes/main/apps/networking/external-dns/ks.yaml +++ b/kubernetes/main/apps/networking/external-dns/ks.yaml @@ -6,13 +6,13 @@ metadata: name: &app external-dns-cloudflare namespace: flux-system spec: - targetNamespace: networking + targetNamespace: network commonMetadata: labels: app.kubernetes.io/name: *app dependsOn: - name: external-secrets-stores - path: ./kubernetes/main/apps/networking/external-dns/cloudflare + path: ./kubernetes/main/apps/network/external-dns/cloudflare prune: false sourceRef: kind: GitRepository @@ -29,13 +29,13 @@ metadata: name: &app external-dns-unifi namespace: flux-system spec: - targetNamespace: networking + targetNamespace: network commonMetadata: labels: app.kubernetes.io/name: *app dependsOn: - name: external-secrets-stores - path: ./kubernetes/main/apps/networking/external-dns/unifi + path: ./kubernetes/main/apps/network/external-dns/unifi prune: false sourceRef: kind: GitRepository diff --git a/kubernetes/main/apps/networking/multus/app/rbac.yaml b/kubernetes/main/apps/networking/multus/app/rbac.yaml index 49856a804..620dc9786 100644 --- a/kubernetes/main/apps/networking/multus/app/rbac.yaml +++ b/kubernetes/main/apps/networking/multus/app/rbac.yaml @@ -40,4 +40,4 @@ roleRef: subjects: - kind: ServiceAccount name: multus - namespace: networking + namespace: network diff --git a/kubernetes/main/apps/networking/multus/ks.yaml b/kubernetes/main/apps/networking/multus/ks.yaml index b6693db29..edde5851a 100644 --- a/kubernetes/main/apps/networking/multus/ks.yaml +++ b/kubernetes/main/apps/networking/multus/ks.yaml @@ -6,11 +6,11 @@ metadata: name: &app multus namespace: flux-system spec: - targetNamespace: networking + targetNamespace: network commonMetadata: labels: app.kubernetes.io/name: *app - path: ./kubernetes/main/apps/networking/multus/app + path: ./kubernetes/main/apps/network/multus/app prune: true sourceRef: kind: GitRepository @@ -27,13 +27,13 @@ metadata: name: &app multus-config namespace: flux-system spec: - targetNamespace: networking + targetNamespace: network commonMetadata: labels: app.kubernetes.io/name: *app dependsOn: - name: multus - path: ./kubernetes/main/apps/networking/multus/config + path: ./kubernetes/main/apps/network/multus/config prune: true sourceRef: kind: GitRepository diff --git a/kubernetes/main/apps/networking/namespace.yaml b/kubernetes/main/apps/networking/namespace.yaml index 70c149310..356e3dc5a 100644 --- a/kubernetes/main/apps/networking/namespace.yaml +++ b/kubernetes/main/apps/networking/namespace.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Namespace metadata: - name: networking + name: network annotations: kustomize.toolkit.fluxcd.io/prune: disabled volsync.backube/privileged-movers: "true" @@ -12,7 +12,7 @@ apiVersion: notification.toolkit.fluxcd.io/v1beta3 kind: Provider metadata: name: alert-manager - namespace: networking + namespace: network spec: type: alertmanager address: http://alertmanager-operated.observability.svc.cluster.local:9093/api/v2/alerts/ @@ -22,7 +22,7 @@ apiVersion: notification.toolkit.fluxcd.io/v1beta3 kind: Alert metadata: name: alert-manager - namespace: networking + namespace: network spec: providerRef: name: alert-manager diff --git a/kubernetes/main/apps/networking/nginx/external/helmrelease.yaml b/kubernetes/main/apps/networking/nginx/external/helmrelease.yaml index d42cb1bee..a35bdfc78 100644 --- a/kubernetes/main/apps/networking/nginx/external/helmrelease.yaml +++ b/kubernetes/main/apps/networking/nginx/external/helmrelease.yaml @@ -78,7 +78,7 @@ spec: namespaceSelector: any: true extraArgs: - default-ssl-certificate: networking/rodent-cc-tls + default-ssl-certificate: network/rodent-cc-tls terminationGracePeriodSeconds: 120 topologySpreadConstraints: - maxSkew: 1 diff --git a/kubernetes/main/apps/networking/nginx/internal/helmrelease.yaml b/kubernetes/main/apps/networking/nginx/internal/helmrelease.yaml index 0a764d88a..a7fde6139 100644 --- a/kubernetes/main/apps/networking/nginx/internal/helmrelease.yaml +++ b/kubernetes/main/apps/networking/nginx/internal/helmrelease.yaml @@ -72,7 +72,7 @@ spec: namespaceSelector: any: true extraArgs: - default-ssl-certificate: networking/rodent-cc-tls + default-ssl-certificate: network/rodent-cc-tls terminationGracePeriodSeconds: 120 topologySpreadConstraints: - maxSkew: 1 diff --git a/kubernetes/main/apps/networking/nginx/ks.yaml b/kubernetes/main/apps/networking/nginx/ks.yaml index 5f556d666..17346b8de 100644 --- a/kubernetes/main/apps/networking/nginx/ks.yaml +++ b/kubernetes/main/apps/networking/nginx/ks.yaml @@ -6,13 +6,13 @@ metadata: name: &app nginx-certificates namespace: flux-system spec: - targetNamespace: networking + targetNamespace: network commonMetadata: labels: app.kubernetes.io/name: *app dependsOn: - name: external-secrets-stores - path: ./kubernetes/main/apps/networking/nginx/certificates + path: ./kubernetes/main/apps/network/nginx/certificates prune: false sourceRef: kind: GitRepository @@ -28,13 +28,13 @@ metadata: name: &app nginx-external namespace: flux-system spec: - targetNamespace: networking + targetNamespace: network commonMetadata: labels: app.kubernetes.io/name: *app dependsOn: - name: nginx-certificates - path: ./kubernetes/main/apps/networking/nginx/external + path: ./kubernetes/main/apps/network/nginx/external prune: false sourceRef: kind: GitRepository @@ -51,13 +51,13 @@ metadata: name: &app nginx-internal namespace: flux-system spec: - targetNamespace: networking + targetNamespace: network commonMetadata: labels: app.kubernetes.io/name: *app dependsOn: - name: nginx-certificates - path: ./kubernetes/main/apps/networking/nginx/internal + path: ./kubernetes/main/apps/network/nginx/internal prune: false sourceRef: kind: GitRepository diff --git a/kubernetes/main/apps/observability/gatus/app/kustomization.yaml b/kubernetes/main/apps/observability/gatus/app/kustomization.yaml index 30bf43b95..2d6661201 100644 --- a/kubernetes/main/apps/observability/gatus/app/kustomization.yaml +++ b/kubernetes/main/apps/observability/gatus/app/kustomization.yaml @@ -12,3 +12,5 @@ configMapGenerator: - config.yaml=./resources/config.yaml generatorOptions: disableNameSuffixHash: true + annotations: + kustomize.toolkit.fluxcd.io/substitute: disabled diff --git a/kubernetes/main/apps/observability/gatus/app/resources/config.yaml b/kubernetes/main/apps/observability/gatus/app/resources/config.yaml index 9aebaba7e..270ca9fa1 100644 --- a/kubernetes/main/apps/observability/gatus/app/resources/config.yaml +++ b/kubernetes/main/apps/observability/gatus/app/resources/config.yaml @@ -1,10 +1,10 @@ --- # Note: Gatus vars should be escaped with $${VAR_NAME} to avoid interpolation by Flux web: - port: $${WEB_PORT} + port: ${WEB_PORT} storage: type: postgres - path: postgres://$${INIT_POSTGRES_USER}:$${INIT_POSTGRES_PASS}@$${INIT_POSTGRES_HOST}:5432/$${INIT_POSTGRES_DBNAME}?sslmode=disable + path: postgres://${INIT_POSTGRES_USER}:${INIT_POSTGRES_PASS}@${INIT_POSTGRES_HOST}:5432/${INIT_POSTGRES_DBNAME}?sslmode=disable caching: true metrics: true debug: false @@ -14,8 +14,8 @@ ui: alerting: pushover: title: Gatus - application-token: $${PUSHOVER_TOKEN} - user-key: $${PUSHOVER_USER_KEY} + application-token: ${PUSHOVER_TOKEN} + user-key: ${PUSHOVER_USER_KEY} priority: 1 default-alert: description: health-check failed diff --git a/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml b/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml index 3c3674b9a..48f63431b 100644 --- a/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml +++ b/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml @@ -129,7 +129,8 @@ spec: volumeBindingMode: Immediate parameters: imageFormat: "2" - imageFeatures: layering + imageFeatures: layering # TODO: append on next cluster rebuild ,fast-diff,object-map,deep-flatten,exclusive-lock + csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner diff --git a/kubernetes/main/apps/selfhosted/home-assistant/app/helmrelease.yaml b/kubernetes/main/apps/selfhosted/home-assistant/app/helmrelease.yaml index 89893a0ab..03b13e42d 100644 --- a/kubernetes/main/apps/selfhosted/home-assistant/app/helmrelease.yaml +++ b/kubernetes/main/apps/selfhosted/home-assistant/app/helmrelease.yaml @@ -25,8 +25,6 @@ spec: dependsOn: - name: rook-ceph-cluster namespace: rook-ceph - - name: volsync - namespace: volsync-system values: controllers: home-assistant: @@ -63,7 +61,7 @@ spec: k8s.v1.cni.cncf.io/networks: | [{ "name":"multus-iot", - "namespace": "networking", + "namespace": "network", "ips": ["10.1.4.10/24"] }] service: diff --git a/kubernetes/main/apps/selfhosted/home-assistant/ks.yaml b/kubernetes/main/apps/selfhosted/home-assistant/ks.yaml index 692d7fd78..a9cd57be8 100644 --- a/kubernetes/main/apps/selfhosted/home-assistant/ks.yaml +++ b/kubernetes/main/apps/selfhosted/home-assistant/ks.yaml @@ -12,6 +12,7 @@ spec: app.kubernetes.io/name: *app dependsOn: - name: external-secrets-stores + - name: volsync path: ./kubernetes/main/apps/selfhosted/home-assistant/app prune: true sourceRef: diff --git a/kubernetes/main/apps/selfhosted/immich/app/helmrelease.yaml b/kubernetes/main/apps/selfhosted/immich/app/helmrelease.yaml index fe100346a..e50cb78ae 100644 --- a/kubernetes/main/apps/selfhosted/immich/app/helmrelease.yaml +++ b/kubernetes/main/apps/selfhosted/immich/app/helmrelease.yaml @@ -29,8 +29,6 @@ spec: namespace: database - name: rook-ceph-cluster namespace: rook-ceph - - name: volsync - namespace: volsync-system values: defaultPodOptions: securityContext: diff --git a/kubernetes/main/apps/selfhosted/immich/ks.yaml b/kubernetes/main/apps/selfhosted/immich/ks.yaml index 4eddfb47c..5a907e4fb 100644 --- a/kubernetes/main/apps/selfhosted/immich/ks.yaml +++ b/kubernetes/main/apps/selfhosted/immich/ks.yaml @@ -12,6 +12,7 @@ spec: app.kubernetes.io/name: *app dependsOn: - name: external-secrets-stores + - name: volsync path: ./kubernetes/main/apps/selfhosted/immich/app prune: true sourceRef: diff --git a/kubernetes/main/apps/selfhosted/paperless/app/helmrelease.yaml b/kubernetes/main/apps/selfhosted/paperless/app/helmrelease.yaml index 107cad670..254005ffd 100644 --- a/kubernetes/main/apps/selfhosted/paperless/app/helmrelease.yaml +++ b/kubernetes/main/apps/selfhosted/paperless/app/helmrelease.yaml @@ -27,8 +27,6 @@ spec: namespace: database - name: rook-ceph-cluster namespace: rook-ceph - - name: volsync - namespace: volsync-system values: controllers: paperless: diff --git a/kubernetes/main/apps/selfhosted/paperless/ks.yaml b/kubernetes/main/apps/selfhosted/paperless/ks.yaml index 0c1956035..df115e58c 100644 --- a/kubernetes/main/apps/selfhosted/paperless/ks.yaml +++ b/kubernetes/main/apps/selfhosted/paperless/ks.yaml @@ -10,6 +10,9 @@ spec: commonMetadata: labels: app.kubernetes.io/name: *appname + dependsOn: + - name: external-secrets-stores + - name: volsync interval: 10m path: ./kubernetes/main/apps/selfhosted/paperless/app prune: true @@ -17,8 +20,6 @@ spec: kind: GitRepository name: home-kubernetes wait: false - dependsOn: - - name: external-secrets-stores postBuild: substitute: APP: *appname diff --git a/kubernetes/main/apps/selfhosted/stirling-pdf/app/helmrelease.yaml b/kubernetes/main/apps/selfhosted/stirling-pdf/app/helmrelease.yaml index f0f5bf74f..4f70c1d63 100644 --- a/kubernetes/main/apps/selfhosted/stirling-pdf/app/helmrelease.yaml +++ b/kubernetes/main/apps/selfhosted/stirling-pdf/app/helmrelease.yaml @@ -25,8 +25,6 @@ spec: dependsOn: - name: rook-ceph-cluster namespace: rook-ceph - - name: volsync - namespace: volsync-system values: controllers: stirling-pdf: diff --git a/kubernetes/main/apps/selfhosted/stirling-pdf/ks.yaml b/kubernetes/main/apps/selfhosted/stirling-pdf/ks.yaml index f2c6d1b8e..9f2ffa7d9 100644 --- a/kubernetes/main/apps/selfhosted/stirling-pdf/ks.yaml +++ b/kubernetes/main/apps/selfhosted/stirling-pdf/ks.yaml @@ -10,6 +10,9 @@ spec: commonMetadata: labels: app.kubernetes.io/name: *appname + dependsOn: + - name: external-secrets-stores + - name: volsync interval: 10m path: ./kubernetes/main/apps/selfhosted/stirling-pdf/app prune: true @@ -17,8 +20,6 @@ spec: kind: GitRepository name: home-kubernetes wait: false - dependsOn: - - name: external-secrets-stores postBuild: substitute: APP: *appname diff --git a/kubernetes/main/apps/selfhosted/vikunja/app/helmrelease.yaml b/kubernetes/main/apps/selfhosted/vikunja/app/helmrelease.yaml index ca96129e1..aa656004d 100644 --- a/kubernetes/main/apps/selfhosted/vikunja/app/helmrelease.yaml +++ b/kubernetes/main/apps/selfhosted/vikunja/app/helmrelease.yaml @@ -25,8 +25,6 @@ spec: dependsOn: - name: rook-ceph-cluster namespace: rook-ceph - - name: volsync - namespace: volsync-system values: controllers: vikunja: diff --git a/kubernetes/main/apps/selfhosted/vikunja/ks.yaml b/kubernetes/main/apps/selfhosted/vikunja/ks.yaml index 10574b93c..c50b20121 100644 --- a/kubernetes/main/apps/selfhosted/vikunja/ks.yaml +++ b/kubernetes/main/apps/selfhosted/vikunja/ks.yaml @@ -12,6 +12,7 @@ spec: app.kubernetes.io/name: *app dependsOn: - name: external-secrets-stores + - name: volsync path: ./kubernetes/main/apps/selfhosted/vikunja/app prune: true sourceRef: diff --git a/kubernetes/main/bootstrap/apps/helmfile.yaml b/kubernetes/main/bootstrap/apps/helmfile.yaml index 4bb580239..2ccd0203a 100644 --- a/kubernetes/main/bootstrap/apps/helmfile.yaml +++ b/kubernetes/main/bootstrap/apps/helmfile.yaml @@ -1,15 +1,23 @@ --- # yaml-language-server: $schema=https://json.schemastore.org/helmfile + +# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet +kubeVersion: v1.31.2 + helmDefaults: + force: true + recreatePods: true + timeout: 600 wait: true waitForJobs: true - timeout: 600 - recreatePods: true - force: true repositories: - name: cilium url: https://helm.cilium.io + + - name: coredns + url: https://coredns.github.io/helm + - name: postfinance url: https://postfinance.github.io/kubelet-csr-approver @@ -17,31 +25,32 @@ releases: - name: prometheus-operator-crds namespace: observability chart: oci://ghcr.io/prometheus-community/charts/prometheus-operator-crds - version: 16.0.0 + version: 15.0.0 + - name: cilium namespace: kube-system chart: cilium/cilium version: 1.16.3 - values: - - ../apps/kube-system/cilium/app/helm-values.yaml - needs: - - observability/prometheus-operator-crds + values: ["../apps/kube-system/cilium/app/helm-values.yaml"] + needs: ["observability/prometheus-operator-crds"] + + - name: coredns + namespace: kube-system + chart: coredns/coredns + version: 1.36.1 + values: ["../apps/kube-system/coredns/app/helm-values.yaml"] + needs: ["kube-system/cilium"] + - name: kubelet-csr-approver namespace: kube-system chart: postfinance/kubelet-csr-approver version: 1.2.3 - values: - - ../apps/kube-system/kubelet-csr-approver/app/helm-values.yaml - needs: - - observability/prometheus-operator-crds - - kube-system/cilium + values: ["../apps/kube-system/kubelet-csr-approver/app/helm-values.yaml"] + needs: ["kube-system/coredns"] + - name: spegel namespace: kube-system chart: oci://ghcr.io/spegel-org/helm-charts/spegel version: v0.0.27 - values: - - ../apps/kube-system/spegel/app/helm-values.yaml - needs: - - observability/prometheus-operator-crds - - kube-system/cilium - - kube-system/kubelet-csr-approver + values: ["../apps/kube-system/spegel/app/helm-values.yaml"] + needs: ["kube-system/kubelet-csr-approver"] diff --git a/kubernetes/main/bootstrap/talos/talconfig.yaml b/kubernetes/main/bootstrap/talos/talconfig.yaml index c060baef8..a8f6c6b19 100644 --- a/kubernetes/main/bootstrap/talos/talconfig.yaml +++ b/kubernetes/main/bootstrap/talos/talconfig.yaml @@ -100,6 +100,9 @@ controlPlane: customization: extraKernelArgs: - net.ifnames=0 + - apparmor=0 + - mitigations=off + - security=none systemExtensions: officialExtensions: - siderolabs/intel-ucode @@ -171,11 +174,10 @@ controlPlane: nfsvers=4.2 async=True hard=True + nconnect=16 noatime=True - nodiratime=True rsize=1048576 wsize=1048576 - nconnect=4 # Configure NTP - &ntpPatch |- @@ -200,8 +202,6 @@ controlPlane: sysctls: fs.inotify.max_user_watches: 1048576 fs.inotify.max_user_instances: 8192 - kernel.kexec_load_disabled: 1 - kernel.randomize_va_space: 0 net.core.netdev_max_backlog: 30000 net.core.rmem_max: 67108864 net.core.wmem_max: 67108864 @@ -209,6 +209,8 @@ controlPlane: net.ipv4.tcp_wmem: 4096 65536 33554432 net.ipv4.tcp_tw_reuse: 1 net.ipv4.tcp_window_scaling: 1 + net.ipv4.tcp_congestion_control: bbr + vm.nr_hugepages: 1024 # Cluster configuration - |- @@ -285,6 +287,7 @@ worker: systemExtensions: officialExtensions: - siderolabs/amd-ucode + patches: - *disableSearchDomainPatch - *discoveryPatch diff --git a/kubernetes/main/flux/apps.yaml b/kubernetes/main/flux/apps.yaml index 86462e6fa..2181c0165 100644 --- a/kubernetes/main/flux/apps.yaml +++ b/kubernetes/main/flux/apps.yaml @@ -6,7 +6,7 @@ metadata: name: cluster-apps namespace: flux-system spec: - interval: 10m + interval: 30m path: ./kubernetes/main/apps prune: true sourceRef: @@ -20,7 +20,7 @@ spec: substituteFrom: - name: cluster-settings kind: ConfigMap - optional: false + optional: true - name: cluster-secrets kind: Secret optional: true @@ -39,7 +39,7 @@ spec: substituteFrom: - name: cluster-settings kind: ConfigMap - optional: false + optional: true - name: cluster-secrets kind: Secret optional: true diff --git a/kubernetes/main/flux/config/cluster.yaml b/kubernetes/main/flux/config/cluster.yaml index 177eb76bc..5910414c5 100644 --- a/kubernetes/main/flux/config/cluster.yaml +++ b/kubernetes/main/flux/config/cluster.yaml @@ -15,8 +15,24 @@ spec: ignore: | # exclude all /* - # include flux directories + # include dirs !/kubernetes/main + !/kubernetes/shared +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cluster-shared + namespace: flux-system +spec: + interval: 30m + path: ./kubernetes/shared + prune: true + wait: true + sourceRef: + kind: GitRepository + name: home-kubernetes --- # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 @@ -26,6 +42,8 @@ metadata: namespace: flux-system spec: interval: 30m + dependsOn: + - name: cluster-shared path: ./kubernetes/main/flux prune: true wait: false @@ -40,7 +58,7 @@ spec: substituteFrom: - name: cluster-settings kind: ConfigMap - optional: false + optional: true - name: cluster-secrets kind: Secret optional: true diff --git a/kubernetes/main/flux/config/crds/.gitkeep b/kubernetes/main/flux/config/crds/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/kubernetes/main/flux/config/kustomization.yaml b/kubernetes/main/flux/config/kustomization.yaml index 2ff3c784d..27dcadbf4 100644 --- a/kubernetes/main/flux/config/kustomization.yaml +++ b/kubernetes/main/flux/config/kustomization.yaml @@ -2,6 +2,7 @@ # yaml-language-server: $schema=https://json.schemastore.org/kustomization apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: flux-system resources: - - ./flux.yaml - ./cluster.yaml + - ./flux.yaml diff --git a/kubernetes/main/flux/repositories/oci/kustomization.yaml b/kubernetes/main/flux/repos/kustomization.yaml similarity index 87% rename from kubernetes/main/flux/repositories/oci/kustomization.yaml rename to kubernetes/main/flux/repos/kustomization.yaml index 8fb7c1427..9a9b327ef 100644 --- a/kubernetes/main/flux/repositories/oci/kustomization.yaml +++ b/kubernetes/main/flux/repos/kustomization.yaml @@ -2,4 +2,5 @@ # yaml-language-server: $schema=https://json.schemastore.org/kustomization apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: flux-system resources: [] diff --git a/kubernetes/main/flux/repositories/git/kustomization.yaml b/kubernetes/main/flux/settings/kustomization.yaml similarity index 87% rename from kubernetes/main/flux/repositories/git/kustomization.yaml rename to kubernetes/main/flux/settings/kustomization.yaml index 8fb7c1427..9a9b327ef 100644 --- a/kubernetes/main/flux/repositories/git/kustomization.yaml +++ b/kubernetes/main/flux/settings/kustomization.yaml @@ -2,4 +2,5 @@ # yaml-language-server: $schema=https://json.schemastore.org/kustomization apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: flux-system resources: [] diff --git a/kubernetes/main/flux/vars/cluster-secrets.secret.sops.yaml b/kubernetes/main/flux/vars/cluster-secrets.secret.sops.yaml deleted file mode 100644 index e55a35592..000000000 --- a/kubernetes/main/flux/vars/cluster-secrets.secret.sops.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: cluster-secrets - namespace: flux-system -stringData: - SECRET_CLOUDFLARE_ACCOUNT_ID: ENC[AES256_GCM,data:T9BVcczXbZtQYloSKb8FnU0lCx1W8GJLyC71Q4q7Goc=,iv:NXOSG3JThL5RAa1z9CPVniwDY1wrQvh8GdlGs2X+Xm0=,tag:tDewbqc8SDm77v0SQnQuOg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1rhtsfe9lw4k5ccfzp354f3q0747un9a070swltl6997s8s0yvu0qes0v5w - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKSSsyWDBVaGY3NDAyckNR - MHFrcmJQQ0UxdDJ4YUFWdHIvclFQblIwUmdzCkJtdCtlWlM1SGVXc255VmU5eU5K - RTYyZFliWHdKYVZVNUtEZUxGeHRhZWMKLS0tIDZhaFY2S2ZlRnhDaUNLalhLVXc0 - Zm44OWE1VXlneWlGaEswKzkvbkRCV2sKvhbv8ojCLAkVEVexruWGyUrnAVQre2cS - j5ZR4ueju2UQGPubc52yHN1f5cSMHg0+0aF8wNsMxpnOvYxxBUvQOw== - -----END AGE ENCRYPTED FILE----- - - recipient: age14k7pn24n6xn3kpg3n6w49ur4x9g4x0x4zt7yq6pw3gscqqph99csyf8xz9 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcnFlUVZVWG1aR1I4WTVH - c1l5dVFYN3o2dTNRbWl4NDg3Nml6WCtIcG0wCmp0UGpBZFZZald0eTlFaEpnUlV2 - T2hUSTZkRG45VVVEQXljb29mZUlwcTAKLS0tIGhPVjQyWS9KYzV5b09WVVl0d3d6 - S3N4cnhIQ1VlSjUxVHU4OWRvMWdwNWMKmwDdooRGPPZ/oZQ7pD6tbiDF5sPN4bEH - gy85x3NH/gEjp1XKDjBUspiAlTLGnPDGXXRDJ3DsahIHVlXJlOd75A== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-27T08:52:44Z" - mac: ENC[AES256_GCM,data:iDOxjGC0UYp+fmXMWIR0PD/+oI9F33J+nJtpMJNbLjQAO4ie16NJ2/9qY4IvDBHsKLWtqZnMQD0ZYLdMtnpJpQrtulEH+/iScDETONZr6VZsHssKIl5PvkZK6H+2qAG9mnBAOOM+P137R2VVtMupJ+XA4Jppy0SYmPFgry0V83s=,iv:wlsQaWezuEw9Mbj6hrMFKd2GmHXc+2zLGvs/Wh6gUj8=,tag:RcHlBAufH5GUtLfn3pAUdQ==,type:str] - pgp: [] - encrypted_regex: ^(data|stringData)$ - version: 3.8.1 diff --git a/kubernetes/main/flux/vars/cluster-settings.yaml b/kubernetes/main/flux/vars/cluster-settings.yaml deleted file mode 100644 index 4b7cdf74f..000000000 --- a/kubernetes/main/flux/vars/cluster-settings.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: cluster-settings - namespace: flux-system -data: - CLUSTER_NAME: main - CLUSTER_CLOUDFLARE_TUNNEL_ID: 73f66c1e-1048-49b5-bba5-c535ca8162d9 diff --git a/kubernetes/main/flux/vars/kustomization.yaml b/kubernetes/shared/repos/git/kustomization.yaml similarity index 64% rename from kubernetes/main/flux/vars/kustomization.yaml rename to kubernetes/shared/repos/git/kustomization.yaml index e45257bb4..9a9b327ef 100644 --- a/kubernetes/main/flux/vars/kustomization.yaml +++ b/kubernetes/shared/repos/git/kustomization.yaml @@ -2,6 +2,5 @@ # yaml-language-server: $schema=https://json.schemastore.org/kustomization apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: - - ./cluster-settings.yaml - - ./cluster-secrets.secret.sops.yaml +namespace: flux-system +resources: [] diff --git a/kubernetes/main/flux/repositories/helm/actions-runner-controller.yaml b/kubernetes/shared/repos/helm/actions-runner-controller.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/actions-runner-controller.yaml rename to kubernetes/shared/repos/helm/actions-runner-controller.yaml diff --git a/kubernetes/main/flux/repositories/helm/angelnu.yaml b/kubernetes/shared/repos/helm/angelnu.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/angelnu.yaml rename to kubernetes/shared/repos/helm/angelnu.yaml diff --git a/kubernetes/main/flux/repositories/helm/authentik.yaml b/kubernetes/shared/repos/helm/authentik.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/authentik.yaml rename to kubernetes/shared/repos/helm/authentik.yaml diff --git a/kubernetes/main/flux/repositories/helm/backube.yaml b/kubernetes/shared/repos/helm/backube.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/backube.yaml rename to kubernetes/shared/repos/helm/backube.yaml diff --git a/kubernetes/main/flux/repositories/helm/bjw-s.yaml b/kubernetes/shared/repos/helm/bjw-s.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/bjw-s.yaml rename to kubernetes/shared/repos/helm/bjw-s.yaml diff --git a/kubernetes/main/flux/repositories/helm/cilium.yaml b/kubernetes/shared/repos/helm/cilium.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/cilium.yaml rename to kubernetes/shared/repos/helm/cilium.yaml diff --git a/kubernetes/main/flux/repositories/helm/cloudnative-pg.yaml b/kubernetes/shared/repos/helm/cloudnative-pg.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/cloudnative-pg.yaml rename to kubernetes/shared/repos/helm/cloudnative-pg.yaml diff --git a/kubernetes/main/flux/repositories/helm/coder.yaml b/kubernetes/shared/repos/helm/coder.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/coder.yaml rename to kubernetes/shared/repos/helm/coder.yaml diff --git a/kubernetes/main/flux/repositories/helm/descheduler.yaml b/kubernetes/shared/repos/helm/descheduler.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/descheduler.yaml rename to kubernetes/shared/repos/helm/descheduler.yaml diff --git a/kubernetes/main/flux/repositories/helm/emqx.yaml b/kubernetes/shared/repos/helm/emqx.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/emqx.yaml rename to kubernetes/shared/repos/helm/emqx.yaml diff --git a/kubernetes/main/flux/repositories/helm/external-dns.yaml b/kubernetes/shared/repos/helm/external-dns.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/external-dns.yaml rename to kubernetes/shared/repos/helm/external-dns.yaml diff --git a/kubernetes/main/flux/repositories/helm/external-secrets.yaml b/kubernetes/shared/repos/helm/external-secrets.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/external-secrets.yaml rename to kubernetes/shared/repos/helm/external-secrets.yaml diff --git a/kubernetes/main/flux/repositories/helm/grafana.yaml b/kubernetes/shared/repos/helm/grafana.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/grafana.yaml rename to kubernetes/shared/repos/helm/grafana.yaml diff --git a/kubernetes/main/flux/repositories/helm/ingress-nginx.yaml b/kubernetes/shared/repos/helm/ingress-nginx.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/ingress-nginx.yaml rename to kubernetes/shared/repos/helm/ingress-nginx.yaml diff --git a/kubernetes/main/flux/repositories/helm/intel.yaml b/kubernetes/shared/repos/helm/intel.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/intel.yaml rename to kubernetes/shared/repos/helm/intel.yaml diff --git a/kubernetes/main/flux/repositories/helm/jetstack.yaml b/kubernetes/shared/repos/helm/jetstack.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/jetstack.yaml rename to kubernetes/shared/repos/helm/jetstack.yaml diff --git a/kubernetes/main/flux/repositories/helm/kustomization.yaml b/kubernetes/shared/repos/helm/kustomization.yaml similarity index 87% rename from kubernetes/main/flux/repositories/helm/kustomization.yaml rename to kubernetes/shared/repos/helm/kustomization.yaml index ef284dc0f..40981e644 100644 --- a/kubernetes/main/flux/repositories/helm/kustomization.yaml +++ b/kubernetes/shared/repos/helm/kustomization.yaml @@ -1,6 +1,8 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: flux-system resources: - ./actions-runner-controller.yaml - ./angelnu.yaml diff --git a/kubernetes/main/flux/repositories/helm/kyverno.yaml b/kubernetes/shared/repos/helm/kyverno.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/kyverno.yaml rename to kubernetes/shared/repos/helm/kyverno.yaml diff --git a/kubernetes/main/flux/repositories/helm/metrics-server.yaml b/kubernetes/shared/repos/helm/metrics-server.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/metrics-server.yaml rename to kubernetes/shared/repos/helm/metrics-server.yaml diff --git a/kubernetes/main/flux/repositories/helm/node-feature-discovery.yaml b/kubernetes/shared/repos/helm/node-feature-discovery.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/node-feature-discovery.yaml rename to kubernetes/shared/repos/helm/node-feature-discovery.yaml diff --git a/kubernetes/main/flux/repositories/helm/openebs.yaml b/kubernetes/shared/repos/helm/openebs.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/openebs.yaml rename to kubernetes/shared/repos/helm/openebs.yaml diff --git a/kubernetes/main/flux/repositories/helm/piraeus.yaml b/kubernetes/shared/repos/helm/piraeus.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/piraeus.yaml rename to kubernetes/shared/repos/helm/piraeus.yaml diff --git a/kubernetes/main/flux/repositories/helm/postfinance.yaml b/kubernetes/shared/repos/helm/postfinance.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/postfinance.yaml rename to kubernetes/shared/repos/helm/postfinance.yaml diff --git a/kubernetes/main/flux/repositories/helm/prometheus-community.yaml b/kubernetes/shared/repos/helm/prometheus-community.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/prometheus-community.yaml rename to kubernetes/shared/repos/helm/prometheus-community.yaml diff --git a/kubernetes/main/flux/repositories/helm/rook-ceph.yaml b/kubernetes/shared/repos/helm/rook-ceph.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/rook-ceph.yaml rename to kubernetes/shared/repos/helm/rook-ceph.yaml diff --git a/kubernetes/main/flux/repositories/helm/spegel.yaml b/kubernetes/shared/repos/helm/spegel.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/spegel.yaml rename to kubernetes/shared/repos/helm/spegel.yaml diff --git a/kubernetes/main/flux/repositories/helm/stakater.yaml b/kubernetes/shared/repos/helm/stakater.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/stakater.yaml rename to kubernetes/shared/repos/helm/stakater.yaml diff --git a/kubernetes/main/flux/repositories/helm/weaveworks.yaml b/kubernetes/shared/repos/helm/weaveworks.yaml similarity index 100% rename from kubernetes/main/flux/repositories/helm/weaveworks.yaml rename to kubernetes/shared/repos/helm/weaveworks.yaml diff --git a/kubernetes/main/flux/repositories/kustomization.yaml b/kubernetes/shared/repos/kustomization.yaml similarity index 79% rename from kubernetes/main/flux/repositories/kustomization.yaml rename to kubernetes/shared/repos/kustomization.yaml index d6b26ce53..7cbf47a59 100644 --- a/kubernetes/main/flux/repositories/kustomization.yaml +++ b/kubernetes/shared/repos/kustomization.yaml @@ -2,7 +2,8 @@ # yaml-language-server: $schema=https://json.schemastore.org/kustomization apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: flux-system resources: - # - ./git + - ./git - ./helm - # - ./oci + - ./oci diff --git a/kubernetes/shared/repos/oci/kustomization.yaml b/kubernetes/shared/repos/oci/kustomization.yaml new file mode 100644 index 000000000..9a9b327ef --- /dev/null +++ b/kubernetes/shared/repos/oci/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: flux-system +resources: [] diff --git a/kubernetes/shared/settings/kustomization.yaml b/kubernetes/shared/settings/kustomization.yaml new file mode 100644 index 000000000..9a9b327ef --- /dev/null +++ b/kubernetes/shared/settings/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: flux-system +resources: []