Catchup #2352
Merged
Catchup #2352
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…odule and update ceph version to v19.2.0
ro-bott
bot
added
area/kubernetes
--- kubernetes/main/apps/kube-system/cilium/app Kustomization: flux-system/cilium HelmRelease: kube-system/cilium
+++ kubernetes/main/apps/kube-system/cilium/app Kustomization: flux-system/cilium HelmRelease: kube-system/cilium
@@ -78,8 +78,8 @@
enabled: true
serviceMonitor:
enabled: true
trustCRDsExist: true
valuesFrom:
- kind: ConfigMap
- name: cilium-helm-values-h7548hmfc6
+ name: cilium-helm-values-96f67hk764
--- kubernetes/main/apps/kube-system/cilium/app Kustomization: flux-system/cilium ConfigMap: kube-system/cilium-helm-values-h7548hmfc6
+++ kubernetes/main/apps/kube-system/cilium/app Kustomization: flux-system/cilium ConfigMap: kube-system/cilium-helm-values-h7548hmfc6
@@ -1,76 +0,0 @@
----
-apiVersion: v1
-data:
- values.yaml: |
- ---
- autoDirectNodeRoutes: true
- bandwidthManager:
- enabled: true
- bbr: true
- bpf:
- masquerade: true
- tproxy: true
- bgpControlPlane:
- enabled: true
- cgroup:
- automount:
- enabled: false
- hostRoot: /sys/fs/cgroup
- cluster:
- id: 1
- name: main
- cni:
- exclusive: false
- devices:
- - eth+
- - enp+
- endpointRoutes:
- enabled: true
- externalIPs:
- enabled: true
- hubble:
- enabled: false
- ipam:
- mode: kubernetes
- ipv4NativeRoutingCIDR: 10.42.0.0/16
- k8sServiceHost: 127.0.0.1
- k8sServicePort: 7445
- kubeProxyReplacement: true
- kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
- l2announcements:
- enabled: true
- loadBalancer:
- algorithm: maglev
- mode: dsr
- localRedirectPolicy: true
- operator:
- rollOutPods: true
- rollOutCiliumPods: true
- routingMode: native
- securityContext:
- capabilities:
- ciliumAgent:
- - CHOWN
- - KILL
- - NET_ADMIN
- - NET_RAW
- - IPC_LOCK
- - SYS_ADMIN
- - SYS_RESOURCE
- - DAC_OVERRIDE
- - FOWNER
- - SETGID
- - SETUID
- cleanCiliumState:
- - NET_ADMIN
- - SYS_ADMIN
- - SYS_RESOURCE
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: cilium
- kustomize.toolkit.fluxcd.io/name: cilium
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: cilium-helm-values-h7548hmfc6
- namespace: kube-system
-
--- kubernetes/main/apps/kube-system/cilium/app Kustomization: flux-system/cilium ConfigMap: kube-system/cilium-helm-values-96f67hk764
+++ kubernetes/main/apps/kube-system/cilium/app Kustomization: flux-system/cilium ConfigMap: kube-system/cilium-helm-values-96f67hk764
@@ -0,0 +1,78 @@
+---
+apiVersion: v1
+data:
+ values.yaml: |
+ ---
+ autoDirectNodeRoutes: true
+ bandwidthManager:
+ enabled: true
+ bbr: true
+ bpf:
+ datapathMode: netkit
+ masquerade: true
+ tproxy: true
+ bgpControlPlane:
+ enabled: true
+ cgroup:
+ automount:
+ enabled: false
+ hostRoot: /sys/fs/cgroup
+ cluster:
+ id: 1
+ name: main
+ cni:
+ exclusive: false
+ devices:
+ - eth+
+ - enp+
+ endpointRoutes:
+ enabled: true
+ externalIPs:
+ enabled: true
+ hubble:
+ enabled: false
+ ipam:
+ mode: kubernetes
+ ipv4NativeRoutingCIDR: 10.42.0.0/16
+ k8sServiceHost: 127.0.0.1
+ k8sServicePort: 7445
+ kubeProxyReplacement: true
+ kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
+ l2announcements:
+ enabled: true
+ loadBalancer:
+ acceleration: best-effort
+ algorithm: maglev
+ mode: dsr
+ localRedirectPolicy: true
+ operator:
+ rollOutPods: true
+ rollOutCiliumPods: true
+ routingMode: native
+ securityContext:
+ capabilities:
+ ciliumAgent:
+ - CHOWN
+ - KILL
+ - NET_ADMIN
+ - NET_RAW
+ - IPC_LOCK
+ - SYS_ADMIN
+ - SYS_RESOURCE
+ - DAC_OVERRIDE
+ - FOWNER
+ - SETGID
+ - SETUID
+ cleanCiliumState:
+ - NET_ADMIN
+ - SYS_ADMIN
+ - SYS_RESOURCE
+kind: ConfigMap
+metadata:
+ labels:
+ app.kubernetes.io/name: cilium
+ kustomize.toolkit.fluxcd.io/name: cilium
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: cilium-helm-values-96f67hk764
+ namespace: kube-system
+
--- kubernetes/main/apps/selfhosted/it-tools/app Kustomization: flux-system/it-tools HelmRelease: selfhosted/it-tools
+++ kubernetes/main/apps/selfhosted/it-tools/app Kustomization: flux-system/it-tools HelmRelease: selfhosted/it-tools
@@ -58,14 +58,12 @@
seccompProfile:
type: RuntimeDefault
supplementalGroups:
- 10000
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
className: external
hosts:
- host: '{{ .Release.Name }}.rodent.cc'
paths:
- path: /
service:
--- kubernetes/main/apps/observability/kromgo/app Kustomization: flux-system/kromgo HelmRelease: observability/kromgo
+++ kubernetes/main/apps/observability/kromgo/app Kustomization: flux-system/kromgo HelmRelease: observability/kromgo
@@ -83,14 +83,12 @@
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
className: external
hosts:
- host: '{{ .Release.Name }}.rodent.cc'
paths:
- path: /
service:
--- kubernetes/main/apps/selfhosted/hoarder/app Kustomization: flux-system/hoarder HelmRelease: selfhosted/hoarder
+++ kubernetes/main/apps/selfhosted/hoarder/app Kustomization: flux-system/hoarder HelmRelease: selfhosted/hoarder
@@ -78,14 +78,12 @@
limits:
memory: 128Mi
requests:
cpu: 10m
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
className: external
hosts:
- host: '{{ .Release.Name }}.rodent.cc'
paths:
- path: /
service:
--- kubernetes/main/apps/system/fstrim/app Kustomization: flux-system/fstrim HelmRelease: system/fstrim
+++ kubernetes/main/apps/system/fstrim/app Kustomization: flux-system/fstrim HelmRelease: system/fstrim
@@ -38,21 +38,19 @@
tag: 2024.12.2@sha256:ee207e744afe4b398c5a53542ce4905b8b1a1a3003f9549d25e2bbbc58a9f8d8
resources:
limits:
memory: 128Mi
requests:
cpu: 25m
- memory: 128Mi
securityContext:
privileged: true
cronjob:
failedJobsHistory: 1
- parallelism: 6
- schedule: 0 0 * * 1
+ parallelism: 5
+ schedule: 0 0 * * 0
successfulJobsHistory: 1
- timeZone: Europe/Oslo
type: cronjob
defaultPodOptions:
hostNetwork: true
hostPID: true
topologySpreadConstraints:
- labelSelector:
--- kubernetes/main/apps/rook-ceph/rook-ceph/app Kustomization: flux-system/rook-ceph HelmRelease: rook-ceph/rook-ceph-operator
+++ kubernetes/main/apps/rook-ceph/rook-ceph/app Kustomization: flux-system/rook-ceph HelmRelease: rook-ceph/rook-ceph-operator
@@ -33,12 +33,13 @@
values:
csi:
cephFSKernelMountOptions: ms_mode=prefer-crc
enableLiveness: true
serviceMonitor:
enabled: true
+ enableDiscoveryDaemon: true
monitoring:
enabled: true
resources:
limits: {}
requests:
cpu: 100m
--- kubernetes/main/apps/rook-ceph/rook-ceph/cluster Kustomization: flux-system/rook-ceph-cluster HelmRelease: rook-ceph/rook-ceph-cluster
+++ kubernetes/main/apps/rook-ceph/rook-ceph/cluster Kustomization: flux-system/rook-ceph-cluster HelmRelease: rook-ceph/rook-ceph-cluster
@@ -59,23 +59,29 @@
cephBlockPoolsVolumeSnapshotClass:
deletionPolicy: Delete
enabled: true
isDefault: false
name: csi-ceph-blockpool
cephClusterSpec:
+ cephVersion:
+ image: quay.io/ceph/ceph:v19.2.0
crashCollector:
disable: false
dashboard:
enabled: true
prometheusEndpoint: http://prometheus-operated.observability.svc.cluster.local:9090
ssl: false
urlPrefix: /
mgr:
modules:
- enabled: true
+ name: insights
+ - enabled: true
name: pg_autoscaler
+ - enabled: true
+ name: rook
network:
connections:
requireMsgr2: true
provider: host
placement:
mgr:
@@ -179,14 +185,12 @@
[global]
bdev_enable_discard = true
bdev_async_discard = true
osd_class_update_on_start = false
ingress:
dashboard:
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
host:
name: rook.rodent.cc
path: /
ingressClassName: internal
monitoring:
createPrometheusRules: true
--- kubernetes/main/apps/media/qbittorrent/tools Kustomization: flux-system/qbittorrent-tools HelmRelease: media/qbtools
+++ kubernetes/main/apps/media/qbittorrent/tools Kustomization: flux-system/qbittorrent-tools HelmRelease: media/qbtools
@@ -28,172 +28,195 @@
cleanupOnFail: true
remediation:
retries: 3
strategy: rollback
values:
controllers:
+ limiter:
+ containers:
+ app:
+ args:
+ - limiter
+ - --max-line-speed-mbps
+ - '800'
+ - --max-percent
+ - '0.8'
+ - --limit-percent
+ - '0.4'
+ - --interval
+ - '5'
+ env:
+ QBITTORRENT_HOST: qbittorrent.media.svc.cluster.local
+ QBITTORRENT_PORT: 80
+ image:
+ repository: ghcr.io/buroa/qbtools
+ tag: v0.19.10@sha256:fc9c2fd65a454d39084d3b7ea802c92dba4032fb0b4eaadf6a684fdf740b8c17
+ resources:
+ limits:
+ memory: 256M
+ requests:
+ cpu: 25m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
orphaned:
containers:
app:
args:
- orphaned
- - --exclude-pattern="*_unpackerred"
- - --exclude-pattern="*/manual/*"
- env:
- QBITTORRENT_HOST: qbittorrent.media.svc.cluster.local
- QBITTORRENT_PORT: 80
- TZ: Europe/Oslo
- image:
- repository: ghcr.io/buroa/qbtools
- tag: v0.19.11@sha256:a133bd7f02ecb9ea0111a4016724f33404136c41295217f163991910e1d2784c
- resources:
- limits:
- memory: 256Mi
+ - --exclude-pattern
+ - '*_unpackerred*'
+ env:
+ QBITTORRENT_HOST: qbittorrent.media.svc.cluster.local
+ QBITTORRENT_PORT: 80
+ image:
+ repository: ghcr.io/buroa/qbtools
+ tag: v0.19.10@sha256:fc9c2fd65a454d39084d3b7ea802c92dba4032fb0b4eaadf6a684fdf740b8c17
+ resources:
+ limits:
+ memory: 256M
requests:
cpu: 25m
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
cronjob:
+ backoffLimit: 0
concurrencyPolicy: Forbid
failedJobsHistory: 1
- schedule: '@weekly'
+ schedule: 0 0 * * 0
successfulJobsHistory: 1
- timeZone: Europe/Oslo
+ suspend: true
+ ttlSecondsAfterFinished: 3600
pod:
- restartPolicy: OnFailure
- securityContext:
- fsGroup: 568
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 568
- runAsNonRoot: true
- runAsUser: 568
- supplementalGroups:
- - 65536
+ restartPolicy: Never
type: cronjob
reannounce:
containers:
app:
args:
- reannounce
- env:
- QBITTORRENT_HOST: qbittorrent.media.svc.cluster.local
- QBITTORRENT_PORT: 80
- TZ: Europe/Oslo
- image:
- repository: ghcr.io/buroa/qbtools
- tag: v0.19.11@sha256:a133bd7f02ecb9ea0111a4016724f33404136c41295217f163991910e1d2784c
- resources:
- limits:
- memory: 256Mi
- requests:
- cpu: 25m
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- pod:
- securityContext:
- runAsGroup: 568
- runAsNonRoot: true
- runAsUser: 568
+ - --process-seeding
+ env:
+ QBITTORRENT_HOST: qbittorrent.media.svc.cluster.local
+ QBITTORRENT_PORT: 80
+ image:
+ repository: ghcr.io/buroa/qbtools
+ tag: v0.19.10@sha256:fc9c2fd65a454d39084d3b7ea802c92dba4032fb0b4eaadf6a684fdf740b8c17
+ resources:
+ limits:
+ memory: 256M
+ requests:
+ cpu: 25m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
tagging:
containers:
expired:
args:
- prune
- - --exclude-category=manual
- - --exclude-tag=activity:1d
- - --include-tag=expired
- env:
- QBITTORRENT_HOST: qbittorrent.media.svc.cluster.local
- QBITTORRENT_PORT: 80
- TZ: Europe/Oslo
- image:
- repository: ghcr.io/buroa/qbtools
- tag: v0.19.11@sha256:a133bd7f02ecb9ea0111a4016724f33404136c41295217f163991910e1d2784c
- resources:
- limits:
- memory: 256Mi
+ - --exclude-tag
+ - added:1d
+ - --include-tag
+ - expired
+ - --with-data
+ env:
+ QBITTORRENT_HOST: qbittorrent.media.svc.cluster.local
+ QBITTORRENT_PORT: 80
+ image:
+ repository: ghcr.io/buroa/qbtools
+ tag: v0.19.10@sha256:fc9c2fd65a454d39084d3b7ea802c92dba4032fb0b4eaadf6a684fdf740b8c17
+ resources:
+ limits:
+ memory: 256M
requests:
cpu: 25m
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
unregistered:
args:
- prune
- - --exclude-tag=expired
- - --exclude-tag=added:1d
- - --include-tag=unregistered
- env:
- QBITTORRENT_HOST: qbittorrent.media.svc.cluster.local
- QBITTORRENT_PORT: 80
- TZ: Europe/Oslo
- image:
- repository: ghcr.io/buroa/qbtools
- tag: v0.19.11@sha256:a133bd7f02ecb9ea0111a4016724f33404136c41295217f163991910e1d2784c
- resources:
- limits:
- memory: 256Mi
+ - --exclude-tag
+ - added:1d
+ - --include-tag
+ - unregistered
+ - --with-data
+ env:
+ QBITTORRENT_HOST: qbittorrent.media.svc.cluster.local
+ QBITTORRENT_PORT: 80
+ image:
+ repository: ghcr.io/buroa/qbtools
+ tag: v0.19.10@sha256:fc9c2fd65a454d39084d3b7ea802c92dba4032fb0b4eaadf6a684fdf740b8c17
+ resources:
+ limits:
+ memory: 256M
requests:
cpu: 25m
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
cronjob:
+ backoffLimit: 0
concurrencyPolicy: Forbid
failedJobsHistory: 1
- schedule: '@hourly'
+ schedule: 0 * * * *
successfulJobsHistory: 1
- timeZone: Europe/Oslo
+ ttlSecondsAfterFinished: 3600
initContainers:
- tagging:
+ tag:
args:
- tagging
- --added-on
- --expired
- --last-activity
- --sites
- --unregistered
env:
QBITTORRENT_HOST: qbittorrent.media.svc.cluster.local
QBITTORRENT_PORT: 80
- TZ: Europe/Oslo
- image:
- repository: ghcr.io/buroa/qbtools
- tag: v0.19.11@sha256:a133bd7f02ecb9ea0111a4016724f33404136c41295217f163991910e1d2784c
- resources:
- limits:
- memory: 256Mi
+ image:
+ repository: ghcr.io/buroa/qbtools
+ tag: v0.19.10@sha256:fc9c2fd65a454d39084d3b7ea802c92dba4032fb0b4eaadf6a684fdf740b8c17
+ resources:
+ limits:
+ memory: 256M
requests:
cpu: 25m
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
pod:
- restartPolicy: OnFailure
- securityContext:
- runAsGroup: 568
- runAsNonRoot: true
- runAsUser: 568
+ restartPolicy: Never
type: cronjob
+ defaultPodOptions:
+ securityContext:
+ runAsGroup: 568
+ runAsNonRoot: true
+ runAsUser: 568
+ seccompProfile:
+ type: RuntimeDefault
persistence:
media:
advancedMounts:
orphaned:
app:
- path: /media
@@ -202,9 +225,9 @@
type: nfs
secret-file:
globalMounts:
- path: /config/config.yaml
readOnly: true
subPath: config.yaml
- name: qbtools-secret
+ name: qbtools-config-secret
type: secret
--- kubernetes/main/apps/security/authentik/app Kustomization: flux-system/authentik HelmRelease: security/authentik
+++ kubernetes/main/apps/security/authentik/app Kustomization: flux-system/authentik HelmRelease: security/authentik
@@ -42,14 +42,12 @@
- secretRef:
name: authentik-secret
podAnnotations:
secret.reloader.stakater.com/reload: authentik-secret
server:
ingress:
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
enabled: true
hosts:
- auth.rodent.cc
ingressClassName: external
tls:
- hosts:
--- kubernetes/main/apps/system/atuin/app Kustomization: flux-system/atuin HelmRelease: system/atuin
+++ kubernetes/main/apps/system/atuin/app Kustomization: flux-system/atuin HelmRelease: system/atuin
@@ -99,14 +99,12 @@
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
className: internal
hosts:
- host: sh.rodent.cc
paths:
- path: /
service:
--- kubernetes/main/apps/media/radarr/app Kustomization: flux-system/radarr HelmRelease: media/radarr
+++ kubernetes/main/apps/media/radarr/app Kustomization: flux-system/radarr HelmRelease: media/radarr
@@ -104,14 +104,12 @@
seccompProfile:
type: RuntimeDefault
supplementalGroups:
- 10000
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
className: internal
hosts:
- host: '{{ .Release.Name }}.rodent.cc'
paths:
- path: /
service:
--- kubernetes/main/apps/observability/grafana/app Kustomization: flux-system/grafana HelmRelease: observability/grafana
+++ kubernetes/main/apps/observability/grafana/app Kustomization: flux-system/grafana HelmRelease: observability/grafana
@@ -231,14 +231,12 @@
role_attribute_path: contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*],
'Grafana Editors') && 'Editor' || 'Viewer'
scopes: openid email profile offline_access
news:
news_feed_enabled: false
ingress:
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
enabled: true
hosts:
- grafana.rodent.cc
ingressClassName: internal
persistence:
enabled: false
--- kubernetes/main/apps/observability/kube-prometheus-stack/app Kustomization: flux-system/kube-prometheus-stack HelmRelease: observability/kube-prometheus-stack
+++ kubernetes/main/apps/observability/kube-prometheus-stack/app Kustomization: flux-system/kube-prometheus-stack HelmRelease: observability/kube-prometheus-stack
@@ -81,14 +81,12 @@
resources:
requests:
storage: 1Gi
storageClassName: openebs-hostpath
useExistingSecret: true
ingress:
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
enabled: true
hosts:
- alertmanager.rodent.cc
ingressClassName: internal
pathType: Prefix
cleanPrometheusOperatorObjectNames: true
@@ -130,25 +128,25 @@
kubeScheduler:
service:
selector:
k8s-app: kube-scheduler
prometheus:
ingress:
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
enabled: true
hosts:
- prometheus.rodent.cc
ingressClassName: internal
pathType: Prefix
prometheusSpec:
enableAdminAPI: true
enableFeatures:
- - auto-gomemlimit
- memory-snapshot-on-shutdown
- - new-service-discovery-manager
+ image:
+ registry: quay.io
+ repository: prometheus/prometheus
+ tag: v3.0.1
podMonitorSelectorNilUsesHelmValues: false
probeSelectorNilUsesHelmValues: false
resources:
limits:
memory: 1500Mi
requests:
--- kubernetes/main/apps/media/prowlarr/app Kustomization: flux-system/prowlarr HelmRelease: media/prowlarr
+++ kubernetes/main/apps/media/prowlarr/app Kustomization: flux-system/prowlarr HelmRelease: media/prowlarr
@@ -99,14 +99,12 @@
runAsNonRoot: true
runAsUser: 568
seccompProfile:
type: RuntimeDefault
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
className: internal
hosts:
- host: '{{ .Release.Name }}.rodent.cc'
paths:
- path: /
service:
--- kubernetes/main/apps/media/readarr/app Kustomization: flux-system/readarr HelmRelease: media/readarr
+++ kubernetes/main/apps/media/readarr/app Kustomization: flux-system/readarr HelmRelease: media/readarr
@@ -74,14 +74,12 @@
seccompProfile:
type: RuntimeDefault
supplementalGroups:
- 10000
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
className: internal
hosts:
- host: '{{ .Release.Name }}.rodent.cc'
paths:
- path: /
service:
--- kubernetes/main/apps/media/sonarr/app Kustomization: flux-system/sonarr HelmRelease: media/sonarr
+++ kubernetes/main/apps/media/sonarr/app Kustomization: flux-system/sonarr HelmRelease: media/sonarr
@@ -104,14 +104,12 @@
seccompProfile:
type: RuntimeDefault
supplementalGroups:
- 10000
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
className: internal
hosts:
- host: '{{ .Release.Name }}.rodent.cc'
paths:
- path: /
service:
--- kubernetes/main/apps/flux-system/addons/app Kustomization: flux-system/flux-addons Ingress: flux-system/webhook-receiver
+++ kubernetes/main/apps/flux-system/addons/app Kustomization: flux-system/flux-addons Ingress: flux-system/webhook-receiver
@@ -1,12 +1,10 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
labels:
app.kubernetes.io/name: flux-addons
kustomize.toolkit.fluxcd.io/name: flux-addons
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: webhook-receiver
namespace: flux-system
--- kubernetes/main/apps/database/emqx/cluster Kustomization: flux-system/emqx-cluster Ingress: database/emqx-dashboard
+++ kubernetes/main/apps/database/emqx/cluster Kustomization: flux-system/emqx-cluster Ingress: database/emqx-dashboard
@@ -1,12 +1,10 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
labels:
app.kubernetes.io/name: emqx-cluster
kustomize.toolkit.fluxcd.io/name: emqx-cluster
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: emqx-dashboard
namespace: database
--- kubernetes/main/apps/database/emqx/cluster Kustomization: flux-system/emqx-cluster ConfigMap: database/emqx-gatus-ep
+++ kubernetes/main/apps/database/emqx/cluster Kustomization: flux-system/emqx-cluster ConfigMap: database/emqx-gatus-ep
@@ -0,0 +1,26 @@
+---
+apiVersion: v1
+data:
+ config.yaml: |
+ endpoints:
+ - name: emqx
+ group: infrastructure
+ url: tcp://emqx-listeners.database.svc.cluster.local:1883
+ interval: 1m
+ ui:
+ hide-url: true
+ hide-hostname: true
+ conditions:
+ - "[CONNECTED] == true"
+ alerts:
+ - type: pushover
+kind: ConfigMap
+metadata:
+ labels:
+ app.kubernetes.io/name: emqx-cluster
+ gatus.io/enabled: 'true'
+ kustomize.toolkit.fluxcd.io/name: emqx-cluster
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: emqx-gatus-ep
+ namespace: database
+
--- kubernetes/main/apps/media/plex/app Kustomization: flux-system/plex HelmRelease: media/plex
+++ kubernetes/main/apps/media/plex/app Kustomization: flux-system/plex HelmRelease: media/plex
@@ -97,13 +97,12 @@
supplementalGroups:
- 44
- 10000
ingress:
app:
annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
className: external
hosts:
- host: '{{ .Release.Name }}.rodent.cc'
paths:
- path: /
--- kubernetes/main/apps/media/recyclarr/app Kustomization: flux-system/recyclarr HelmRelease: media/recyclarr
+++ kubernetes/main/apps/media/recyclarr/app Kustomization: flux-system/recyclarr HelmRelease: media/recyclarr
@@ -33,14 +33,12 @@
controllers:
recyclarr:
containers:
app:
args:
- sync
- env:
- TZ: Europe/Oslo
envFrom:
- secretRef:
name: recyclarr-secret
image:
repository: ghcr.io/recyclarr/recyclarr
tag: 7.4.0@sha256:619c3b8920a179f2c578acd0f54e9a068f57c049aff840469eed66e93a4be2cf
@@ -56,13 +54,13 @@
- ALL
readOnlyRootFilesystem: true
cronjob:
backoffLimit: 0
concurrencyPolicy: Forbid
failedJobsHistory: 1
- schedule: '@daily'
+ schedule: 0 0 * * *
successfulJobsHistory: 1
ttlSecondsAfterFinished: 86400
pod:
restartPolicy: Never
type: cronjob
defaultPodOptions:
--- kubernetes/main/apps/selfhosted/stirling-pdf/app Kustomization: flux-system/stirling-pdf HelmRelease: selfhosted/stirling-pdf
+++ kubernetes/main/apps/selfhosted/stirling-pdf/app Kustomization: flux-system/stirling-pdf HelmRelease: selfhosted/stirling-pdf
@@ -56,14 +56,12 @@
memory: 500Mi
requests:
cpu: 10m
memory: 500Mi
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
className: external
enabled: true
hosts:
- host: pdf.rodent.cc
paths:
- path: /
--- kubernetes/main/apps/media/bazarr/app Kustomization: flux-system/bazarr HelmRelease: media/bazarr
+++ kubernetes/main/apps/media/bazarr/app Kustomization: flux-system/bazarr HelmRelease: media/bazarr
@@ -108,14 +108,12 @@
seccompProfile:
type: RuntimeDefault
supplementalGroups:
- 10000
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
className: internal
hosts:
- host: bazarr.rodent.cc
paths:
- path: /
service:
--- kubernetes/main/apps/media/qbittorrent/app Kustomization: flux-system/qbittorrent HelmRelease: media/qbittorrent
+++ kubernetes/main/apps/media/qbittorrent/app Kustomization: flux-system/qbittorrent HelmRelease: media/qbittorrent
@@ -93,14 +93,12 @@
type: RuntimeDefault
supplementalGroups:
- 10000
terminationGracePeriodSeconds: 300
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
className: internal
hosts:
- host: qb.rodent.cc
paths:
- path: /
service:
--- kubernetes/main/apps/media/tautulli/app Kustomization: flux-system/tautulli HelmRelease: media/tautulli
+++ kubernetes/main/apps/media/tautulli/app Kustomization: flux-system/tautulli HelmRelease: media/tautulli
@@ -113,14 +113,12 @@
runAsNonRoot: true
runAsUser: 568
seccompProfile:
type: RuntimeDefault
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
className: internal
hosts:
- host: '{{ .Release.Name }}.rodent.cc'
paths:
- path: /
service:
--- kubernetes/main/apps/selfhosted/home-assistant/app Kustomization: flux-system/home-assistant HelmRelease: selfhosted/home-assistant
+++ kubernetes/main/apps/selfhosted/home-assistant/app Kustomization: flux-system/home-assistant HelmRelease: selfhosted/home-assistant
@@ -83,25 +83,21 @@
runAsNonRoot: true
runAsUser: 568
seccompProfile:
type: RuntimeDefault
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
className: external
hosts:
- host: hass.rodent.cc
paths:
- path: /
service:
identifier: app
port: http
code-server:
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
className: internal
hosts:
- host: hass-code.rodent.cc
paths:
- path: /
service:
--- kubernetes/main/apps/selfhosted/paperless/app Kustomization: flux-system/paperless HelmRelease: selfhosted/paperless
+++ kubernetes/main/apps/selfhosted/paperless/app Kustomization: flux-system/paperless HelmRelease: selfhosted/paperless
@@ -84,14 +84,12 @@
limits:
memory: 2Gi
requests:
cpu: 100m
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
className: external
enabled: true
hosts:
- host: paperless.rodent.cc
paths:
- path: /
--- kubernetes/main/apps/media/audiobookshelf/app Kustomization: flux-system/audiobookshelf HelmRelease: media/audiobookshelf
+++ kubernetes/main/apps/media/audiobookshelf/app Kustomization: flux-system/audiobookshelf HelmRelease: media/audiobookshelf
@@ -82,14 +82,12 @@
runAsGroup: 568
runAsUser: 568
supplementalGroups:
- 10000
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
className: external
enabled: true
hosts:
- host: '{{ .Release.Name }}.rodent.cc'
paths:
- path: /
--- kubernetes/main/apps/media/overseerr/app Kustomization: flux-system/overseerr HelmRelease: media/overseerr
+++ kubernetes/main/apps/media/overseerr/app Kustomization: flux-system/overseerr HelmRelease: media/overseerr
@@ -83,14 +83,12 @@
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 568
runAsNonRoot: true
runAsUser: 568
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
className: external
hosts:
- host: requests.rodent.cc
paths:
- path: /
service:
--- kubernetes/main/apps/selfhosted/vikunja/app Kustomization: flux-system/vikunja HelmRelease: selfhosted/vikunja
+++ kubernetes/main/apps/selfhosted/vikunja/app Kustomization: flux-system/vikunja HelmRelease: selfhosted/vikunja
@@ -74,14 +74,12 @@
seccompProfile:
type: RuntimeDefault
supplementalGroups:
- 10000
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
className: external
enabled: true
hosts:
- host: tasks.rodent.cc
paths:
- path: /
--- kubernetes/main/apps/selfhosted/immich/app Kustomization: flux-system/immich HelmRelease: selfhosted/immich
+++ kubernetes/main/apps/selfhosted/immich/app Kustomization: flux-system/immich HelmRelease: selfhosted/immich
@@ -100,14 +100,12 @@
app.kubernetes.io/name: immich
maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
ingress:
main:
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
className: external
enabled: true
hosts:
- host: photos.rodent.cc
paths:
- path: /
--- kubernetes/main/apps/selfhosted/memos/app Kustomization: flux-system/memos HelmRelease: selfhosted/memos
+++ kubernetes/main/apps/selfhosted/memos/app Kustomization: flux-system/memos HelmRelease: selfhosted/memos
@@ -88,14 +88,12 @@
type: RuntimeDefault
supplementalGroups:
- 44
- 10000
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
className: external
hosts:
- host: '{{ .Release.Name }}.rodent.cc'
paths:
- path: /
service:
--- kubernetes/main/apps/network/nginx/external Kustomization: flux-system/nginx-external HelmRelease: network/nginx-external
+++ kubernetes/main/apps/network/nginx/external Kustomization: flux-system/nginx-external HelmRelease: network/nginx-external
@@ -56,22 +56,25 @@
proxy-buffer-size: 16k
ssl-protocols: TLSv1.3 TLSv1.2
use-forwarded-headers: 'true'
use-geoip2: true
extraArgs:
default-ssl-certificate: network/rodent-cc-tls
+ publish-status-address: external.rodent.cc
ingressClassResource:
controllerValue: k8s.io/external
default: false
name: external
metrics:
enabled: true
serviceMonitor:
enabled: true
namespaceSelector:
any: true
+ publishService:
+ enabled: false
replicaCount: 2
resources:
limits:
memory: 500Mi
requests:
cpu: 100m
--- kubernetes/main/apps/selfhosted/miniflux/app Kustomization: flux-system/miniflux HelmRelease: selfhosted/miniflux
+++ kubernetes/main/apps/selfhosted/miniflux/app Kustomization: flux-system/miniflux HelmRelease: selfhosted/miniflux
@@ -99,14 +99,12 @@
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
className: external
hosts:
- host: '{{ .Release.Name }}.rodent.cc'
paths:
- path: /
service:
--- kubernetes/main/apps/observability/gatus/app Kustomization: flux-system/gatus HelmRelease: observability/gatus
+++ kubernetes/main/apps/observability/gatus/app Kustomization: flux-system/gatus HelmRelease: observability/gatus
@@ -116,14 +116,12 @@
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
ingress:
app:
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
className: external
hosts:
- host: status.rodent.cc
paths:
- path: /
service:
--- kubernetes/main/apps/network/nginx/internal Kustomization: flux-system/nginx-internal HelmRelease: network/nginx-internal
+++ kubernetes/main/apps/network/nginx/internal Kustomization: flux-system/nginx-internal HelmRelease: network/nginx-internal
@@ -55,22 +55,25 @@
proxy-body-size: 0
proxy-buffer-size: 16k
ssl-protocols: TLSv1.3 TLSv1.2
use-forwarded-headers: 'true'
extraArgs:
default-ssl-certificate: network/rodent-cc-tls
+ publish-status-address: internal.rodent.cc
ingressClassResource:
controllerValue: k8s.io/internal
default: true
name: internal
metrics:
enabled: true
serviceMonitor:
enabled: true
namespaceSelector:
any: true
+ publishService:
+ enabled: false
replicaCount: 2
resources:
limits:
memory: 500Mi
requests:
cpu: 100m |
--- HelmRelease: media/bazarr Ingress: media/bazarr
+++ HelmRelease: media/bazarr Ingress: media/bazarr
@@ -4,14 +4,12 @@
metadata:
name: bazarr
labels:
app.kubernetes.io/instance: bazarr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: bazarr
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
spec:
ingressClassName: internal
rules:
- host: bazarr.rodent.cc
http:
paths:
--- HelmRelease: observability/kromgo Ingress: observability/kromgo
+++ HelmRelease: observability/kromgo Ingress: observability/kromgo
@@ -4,14 +4,12 @@
metadata:
name: kromgo
labels:
app.kubernetes.io/instance: kromgo
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kromgo
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
spec:
ingressClassName: external
rules:
- host: kromgo.rodent.cc
http:
paths:
--- HelmRelease: system/atuin Ingress: system/atuin
+++ HelmRelease: system/atuin Ingress: system/atuin
@@ -4,14 +4,12 @@
metadata:
name: atuin
labels:
app.kubernetes.io/instance: atuin
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: atuin
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
spec:
ingressClassName: internal
rules:
- host: sh.rodent.cc
http:
paths:
--- HelmRelease: system/fstrim CronJob: system/fstrim
+++ HelmRelease: system/fstrim CronJob: system/fstrim
@@ -9,19 +9,18 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fstrim
spec:
suspend: false
concurrencyPolicy: Forbid
startingDeadlineSeconds: 30
- timeZone: Europe/Oslo
- schedule: 0 0 * * 1
+ schedule: 0 0 * * 0
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
- parallelism: 6
+ parallelism: 5
backoffLimit: 6
template:
metadata:
labels:
app.kubernetes.io/component: fstrim
app.kubernetes.io/instance: fstrim
@@ -50,13 +49,12 @@
name: app
resources:
limits:
memory: 128Mi
requests:
cpu: 25m
- memory: 128Mi
securityContext:
privileged: true
volumeMounts:
- mountPath: /host/net
name: netfs
readOnly: true
--- HelmRelease: network/nginx-internal Deployment: network/nginx-internal-controller
+++ HelmRelease: network/nginx-internal Deployment: network/nginx-internal-controller
@@ -37,21 +37,21 @@
preStop:
exec:
command:
- /wait-shutdown
args:
- /nginx-ingress-controller
- - --publish-service=$(POD_NAMESPACE)/nginx-internal-controller
- --election-id=nginx-internal-leader
- --controller-class=k8s.io/internal
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/nginx-internal-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
- --default-ssl-certificate=network/rodent-cc-tls
+ - --publish-status-address=internal.rodent.cc
securityContext:
runAsNonRoot: true
runAsUser: 101
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
--- HelmRelease: selfhosted/immich Ingress: selfhosted/immich
+++ HelmRelease: selfhosted/immich Ingress: selfhosted/immich
@@ -4,14 +4,12 @@
metadata:
name: immich
labels:
app.kubernetes.io/instance: immich
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: immich
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
spec:
ingressClassName: external
tls:
- hosts:
- photos.rodent.cc
rules:
--- HelmRelease: network/nginx-external Deployment: network/nginx-external-controller
+++ HelmRelease: network/nginx-external Deployment: network/nginx-external-controller
@@ -37,22 +37,22 @@
preStop:
exec:
command:
- /wait-shutdown
args:
- /nginx-ingress-controller
- - --publish-service=$(POD_NAMESPACE)/nginx-external-controller
- --election-id=nginx-external-leader
- --controller-class=k8s.io/external
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/nginx-external-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
- --maxmind-license-key=..PLACEHOLDER_nginx-external-maxmind-secret..
- --default-ssl-certificate=network/rodent-cc-tls
+ - --publish-status-address=external.rodent.cc
securityContext:
runAsNonRoot: true
runAsUser: 101
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
--- HelmRelease: selfhosted/memos Ingress: selfhosted/memos
+++ HelmRelease: selfhosted/memos Ingress: selfhosted/memos
@@ -4,14 +4,12 @@
metadata:
name: memos
labels:
app.kubernetes.io/instance: memos
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: memos
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
spec:
ingressClassName: external
rules:
- host: memos.rodent.cc
http:
paths:
--- HelmRelease: media/plex Ingress: media/plex
+++ HelmRelease: media/plex Ingress: media/plex
@@ -5,13 +5,12 @@
name: plex
labels:
app.kubernetes.io/instance: plex
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: plex
annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
spec:
ingressClassName: external
tls:
- hosts:
- plex.rodent.cc
--- HelmRelease: media/overseerr Ingress: media/overseerr
+++ HelmRelease: media/overseerr Ingress: media/overseerr
@@ -4,14 +4,12 @@
metadata:
name: overseerr
labels:
app.kubernetes.io/instance: overseerr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: overseerr
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
spec:
ingressClassName: external
tls:
- hosts:
- requests.rodent.cc
rules:
--- HelmRelease: selfhosted/home-assistant Ingress: selfhosted/home-assistant-app
+++ HelmRelease: selfhosted/home-assistant Ingress: selfhosted/home-assistant-app
@@ -4,14 +4,12 @@
metadata:
name: home-assistant-app
labels:
app.kubernetes.io/instance: home-assistant
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: home-assistant
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
spec:
ingressClassName: external
rules:
- host: hass.rodent.cc
http:
paths:
--- HelmRelease: selfhosted/home-assistant Ingress: selfhosted/home-assistant-code-server
+++ HelmRelease: selfhosted/home-assistant Ingress: selfhosted/home-assistant-code-server
@@ -4,14 +4,12 @@
metadata:
name: home-assistant-code-server
labels:
app.kubernetes.io/instance: home-assistant
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: home-assistant
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
spec:
ingressClassName: internal
rules:
- host: hass-code.rodent.cc
http:
paths:
--- HelmRelease: media/qbtools Deployment: media/qbtools-reannounce
+++ HelmRelease: media/qbtools Deployment: media/qbtools-reannounce
@@ -29,31 +29,32 @@
serviceAccountName: default
automountServiceAccountToken: true
securityContext:
runAsGroup: 568
runAsNonRoot: true
runAsUser: 568
+ seccompProfile:
+ type: RuntimeDefault
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- args:
- reannounce
+ - --process-seeding
env:
- name: QBITTORRENT_HOST
value: qbittorrent.media.svc.cluster.local
- name: QBITTORRENT_PORT
value: '80'
- - name: TZ
- value: Europe/Oslo
- image: ghcr.io/buroa/qbtools:v0.19.11@sha256:a133bd7f02ecb9ea0111a4016724f33404136c41295217f163991910e1d2784c
+ image: ghcr.io/buroa/qbtools:v0.19.10@sha256:fc9c2fd65a454d39084d3b7ea802c92dba4032fb0b4eaadf6a684fdf740b8c17
name: app
resources:
limits:
- memory: 256Mi
+ memory: 256M
requests:
cpu: 25m
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
@@ -64,8 +65,8 @@
name: secret-file
readOnly: true
subPath: config.yaml
volumes:
- name: secret-file
secret:
- secretName: qbtools-secret
+ secretName: qbtools-config-secret
--- HelmRelease: media/qbtools CronJob: media/qbtools-orphaned
+++ HelmRelease: media/qbtools CronJob: media/qbtools-orphaned
@@ -6,62 +6,58 @@
labels:
app.kubernetes.io/component: orphaned
app.kubernetes.io/instance: qbtools
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: qbtools
spec:
- suspend: false
+ suspend: true
concurrencyPolicy: Forbid
startingDeadlineSeconds: 30
- timeZone: Europe/Oslo
- schedule: '@weekly'
+ schedule: 0 0 * * 0
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
- backoffLimit: 6
+ ttlSecondsAfterFinished: 3600
+ backoffLimit: 0
template:
metadata:
labels:
app.kubernetes.io/component: orphaned
app.kubernetes.io/instance: qbtools
app.kubernetes.io/name: qbtools
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
securityContext:
- fsGroup: 568
- fsGroupChangePolicy: OnRootMismatch
runAsGroup: 568
runAsNonRoot: true
runAsUser: 568
- supplementalGroups:
- - 65536
+ seccompProfile:
+ type: RuntimeDefault
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
- restartPolicy: OnFailure
+ restartPolicy: Never
containers:
- args:
- orphaned
- - --exclude-pattern="*_unpackerred"
- - --exclude-pattern="*/manual/*"
+ - --exclude-pattern
+ - '*_unpackerred*'
env:
- name: QBITTORRENT_HOST
value: qbittorrent.media.svc.cluster.local
- name: QBITTORRENT_PORT
value: '80'
- - name: TZ
- value: Europe/Oslo
- image: ghcr.io/buroa/qbtools:v0.19.11@sha256:a133bd7f02ecb9ea0111a4016724f33404136c41295217f163991910e1d2784c
+ image: ghcr.io/buroa/qbtools:v0.19.10@sha256:fc9c2fd65a454d39084d3b7ea802c92dba4032fb0b4eaadf6a684fdf740b8c17
name: app
resources:
limits:
- memory: 256Mi
+ memory: 256M
requests:
cpu: 25m
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
@@ -78,8 +74,8 @@
- name: media
nfs:
path: /mnt/tank/Media
server: tank.internal
- name: secret-file
secret:
- secretName: qbtools-secret
+ secretName: qbtools-config-secret
--- HelmRelease: media/qbtools CronJob: media/qbtools-tagging
+++ HelmRelease: media/qbtools CronJob: media/qbtools-tagging
@@ -9,19 +9,19 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: qbtools
spec:
suspend: false
concurrencyPolicy: Forbid
startingDeadlineSeconds: 30
- timeZone: Europe/Oslo
- schedule: '@hourly'
+ schedule: 0 * * * *
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
- backoffLimit: 6
+ ttlSecondsAfterFinished: 3600
+ backoffLimit: 0
template:
metadata:
labels:
app.kubernetes.io/component: tagging
app.kubernetes.io/instance: qbtools
app.kubernetes.io/name: qbtools
@@ -30,17 +30,19 @@
serviceAccountName: default
automountServiceAccountToken: true
securityContext:
runAsGroup: 568
runAsNonRoot: true
runAsUser: 568
+ seccompProfile:
+ type: RuntimeDefault
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
- restartPolicy: OnFailure
+ restartPolicy: Never
initContainers:
- args:
- tagging
- --added-on
- --expired
- --last-activity
@@ -48,19 +50,17 @@
- --unregistered
env:
- name: QBITTORRENT_HOST
value: qbittorrent.media.svc.cluster.local
- name: QBITTORRENT_PORT
value: '80'
- - name: TZ
- value: Europe/Oslo
- image: ghcr.io/buroa/qbtools:v0.19.11@sha256:a133bd7f02ecb9ea0111a4016724f33404136c41295217f163991910e1d2784c
- name: tagging
+ image: ghcr.io/buroa/qbtools:v0.19.10@sha256:fc9c2fd65a454d39084d3b7ea802c92dba4032fb0b4eaadf6a684fdf740b8c17
+ name: tag
resources:
limits:
- memory: 256Mi
+ memory: 256M
requests:
cpu: 25m
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
@@ -71,27 +71,27 @@
name: secret-file
readOnly: true
subPath: config.yaml
containers:
- args:
- prune
- - --exclude-category=manual
- - --exclude-tag=activity:1d
- - --include-tag=expired
+ - --exclude-tag
+ - added:1d
+ - --include-tag
+ - expired
+ - --with-data
env:
- name: QBITTORRENT_HOST
value: qbittorrent.media.svc.cluster.local
- name: QBITTORRENT_PORT
value: '80'
- - name: TZ
- value: Europe/Oslo
- image: ghcr.io/buroa/qbtools:v0.19.11@sha256:a133bd7f02ecb9ea0111a4016724f33404136c41295217f163991910e1d2784c
+ image: ghcr.io/buroa/qbtools:v0.19.10@sha256:fc9c2fd65a454d39084d3b7ea802c92dba4032fb0b4eaadf6a684fdf740b8c17
name: expired
resources:
limits:
- memory: 256Mi
+ memory: 256M
requests:
cpu: 25m
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
@@ -101,27 +101,27 @@
- mountPath: /config/config.yaml
name: secret-file
readOnly: true
subPath: config.yaml
- args:
- prune
- - --exclude-tag=expired
- - --exclude-tag=added:1d
- - --include-tag=unregistered
+ - --exclude-tag
+ - added:1d
+ - --include-tag
+ - unregistered
+ - --with-data
env:
- name: QBITTORRENT_HOST
value: qbittorrent.media.svc.cluster.local
- name: QBITTORRENT_PORT
value: '80'
- - name: TZ
- value: Europe/Oslo
- image: ghcr.io/buroa/qbtools:v0.19.11@sha256:a133bd7f02ecb9ea0111a4016724f33404136c41295217f163991910e1d2784c
+ image: ghcr.io/buroa/qbtools:v0.19.10@sha256:fc9c2fd65a454d39084d3b7ea802c92dba4032fb0b4eaadf6a684fdf740b8c17
name: unregistered
resources:
limits:
- memory: 256Mi
+ memory: 256M
requests:
cpu: 25m
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
@@ -132,8 +132,8 @@
name: secret-file
readOnly: true
subPath: config.yaml
volumes:
- name: secret-file
secret:
- secretName: qbtools-secret
+ secretName: qbtools-config-secret
--- HelmRelease: media/qbtools Deployment: media/qbtools-limiter
+++ HelmRelease: media/qbtools Deployment: media/qbtools-limiter
@@ -0,0 +1,79 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: qbtools-limiter
+ labels:
+ app.kubernetes.io/component: limiter
+ app.kubernetes.io/instance: qbtools
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: qbtools
+spec:
+ revisionHistoryLimit: 3
+ replicas: 1
+ strategy:
+ type: Recreate
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: limiter
+ app.kubernetes.io/name: qbtools
+ app.kubernetes.io/instance: qbtools
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/component: limiter
+ app.kubernetes.io/instance: qbtools
+ app.kubernetes.io/name: qbtools
+ spec:
+ enableServiceLinks: false
+ serviceAccountName: default
+ automountServiceAccountToken: true
+ securityContext:
+ runAsGroup: 568
+ runAsNonRoot: true
+ runAsUser: 568
+ seccompProfile:
+ type: RuntimeDefault
+ hostIPC: false
+ hostNetwork: false
+ hostPID: false
+ dnsPolicy: ClusterFirst
+ containers:
+ - args:
+ - limiter
+ - --max-line-speed-mbps
+ - '800'
+ - --max-percent
+ - '0.8'
+ - --limit-percent
+ - '0.4'
+ - --interval
+ - '5'
+ env:
+ - name: QBITTORRENT_HOST
+ value: qbittorrent.media.svc.cluster.local
+ - name: QBITTORRENT_PORT
+ value: '80'
+ image: ghcr.io/buroa/qbtools:v0.19.10@sha256:fc9c2fd65a454d39084d3b7ea802c92dba4032fb0b4eaadf6a684fdf740b8c17
+ name: app
+ resources:
+ limits:
+ memory: 256M
+ requests:
+ cpu: 25m
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - mountPath: /config/config.yaml
+ name: secret-file
+ readOnly: true
+ subPath: config.yaml
+ volumes:
+ - name: secret-file
+ secret:
+ secretName: qbtools-config-secret
+
--- HelmRelease: observability/gatus Ingress: observability/gatus
+++ HelmRelease: observability/gatus Ingress: observability/gatus
@@ -4,14 +4,12 @@
metadata:
name: gatus
labels:
app.kubernetes.io/instance: gatus
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: gatus
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
spec:
ingressClassName: external
rules:
- host: status.rodent.cc
http:
paths:
--- HelmRelease: observability/grafana Ingress: observability/grafana
+++ HelmRelease: observability/grafana Ingress: observability/grafana
@@ -4,14 +4,12 @@
metadata:
name: grafana
namespace: observability
labels:
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: grafana
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
spec:
ingressClassName: internal
rules:
- host: grafana.rodent.cc
http:
paths:
--- HelmRelease: security/authentik Ingress: security/authentik-server
+++ HelmRelease: security/authentik Ingress: security/authentik-server
@@ -7,14 +7,12 @@
labels:
app.kubernetes.io/name: authentik
app.kubernetes.io/instance: authentik
app.kubernetes.io/component: server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: authentik
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
spec:
ingressClassName: external
rules:
- host: auth.rodent.cc
http:
paths:
--- HelmRelease: media/audiobookshelf Ingress: media/audiobookshelf
+++ HelmRelease: media/audiobookshelf Ingress: media/audiobookshelf
@@ -4,14 +4,12 @@
metadata:
name: audiobookshelf
labels:
app.kubernetes.io/instance: audiobookshelf
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: audiobookshelf
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
spec:
ingressClassName: external
tls:
- hosts:
- audiobookshelf.rodent.cc
rules:
--- HelmRelease: selfhosted/it-tools Ingress: selfhosted/it-tools
+++ HelmRelease: selfhosted/it-tools Ingress: selfhosted/it-tools
@@ -4,14 +4,12 @@
metadata:
name: it-tools
labels:
app.kubernetes.io/instance: it-tools
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: it-tools
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
spec:
ingressClassName: external
rules:
- host: it-tools.rodent.cc
http:
paths:
--- HelmRelease: selfhosted/hoarder Ingress: selfhosted/hoarder
+++ HelmRelease: selfhosted/hoarder Ingress: selfhosted/hoarder
@@ -4,14 +4,12 @@
metadata:
name: hoarder
labels:
app.kubernetes.io/instance: hoarder
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: hoarder
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
spec:
ingressClassName: external
rules:
- host: hoarder.rodent.cc
http:
paths:
--- HelmRelease: observability/kube-prometheus-stack Ingress: observability/kube-prometheus-stack-alertmanager
+++ HelmRelease: observability/kube-prometheus-stack Ingress: observability/kube-prometheus-stack-alertmanager
@@ -1,14 +1,12 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kube-prometheus-stack-alertmanager
namespace: observability
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
labels:
app: kube-prometheus-stack-alertmanager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: kube-prometheus-stack
app.kubernetes.io/part-of: kube-prometheus-stack
release: kube-prometheus-stack
--- HelmRelease: observability/kube-prometheus-stack Ingress: observability/kube-prometheus-stack-prometheus
+++ HelmRelease: observability/kube-prometheus-stack Ingress: observability/kube-prometheus-stack-prometheus
@@ -1,12 +1,10 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
name: kube-prometheus-stack-prometheus
namespace: observability
labels:
app: kube-prometheus-stack-prometheus
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: kube-prometheus-stack
--- HelmRelease: observability/kube-prometheus-stack Prometheus: observability/kube-prometheus-stack
+++ HelmRelease: observability/kube-prometheus-stack Prometheus: observability/kube-prometheus-stack
@@ -17,26 +17,24 @@
alertmanagers:
- namespace: observability
name: kube-prometheus-stack-alertmanager
port: http-web
pathPrefix: /
apiVersion: v2
- image: quay.io/prometheus/prometheus:v2.55.1
- version: v2.55.1
+ image: quay.io/prometheus/prometheus:v3.0.1
+ version: v3.0.1
externalUrl: http://prometheus.rodent.cc/
paused: false
replicas: 1
shards: 1
logLevel: info
logFormat: logfmt
listenLocal: false
enableAdminAPI: true
enableFeatures:
- - auto-gomemlimit
- memory-snapshot-on-shutdown
- - new-service-discovery-manager
scrapeInterval: 1m
resources:
limits:
memory: 1500Mi
requests:
cpu: 100m
--- HelmRelease: media/qbittorrent Ingress: media/qbittorrent
+++ HelmRelease: media/qbittorrent Ingress: media/qbittorrent
@@ -4,14 +4,12 @@
metadata:
name: qbittorrent
labels:
app.kubernetes.io/instance: qbittorrent
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: qbittorrent
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
spec:
ingressClassName: internal
rules:
- host: qb.rodent.cc
http:
paths:
--- HelmRelease: media/recyclarr CronJob: media/recyclarr
+++ HelmRelease: media/recyclarr CronJob: media/recyclarr
@@ -9,13 +9,13 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: recyclarr
spec:
suspend: false
concurrencyPolicy: Forbid
startingDeadlineSeconds: 30
- schedule: '@daily'
+ schedule: 0 0 * * *
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
ttlSecondsAfterFinished: 86400
backoffLimit: 0
@@ -42,15 +42,12 @@
hostPID: false
dnsPolicy: ClusterFirst
restartPolicy: Never
containers:
- args:
- sync
- env:
- - name: TZ
- value: Europe/Oslo
envFrom:
- secretRef:
name: recyclarr-secret
image: ghcr.io/recyclarr/recyclarr:7.4.0@sha256:619c3b8920a179f2c578acd0f54e9a068f57c049aff840469eed66e93a4be2cf
name: app
resources:
--- HelmRelease: selfhosted/paperless Ingress: selfhosted/paperless
+++ HelmRelease: selfhosted/paperless Ingress: selfhosted/paperless
@@ -4,14 +4,12 @@
metadata:
name: paperless
labels:
app.kubernetes.io/instance: paperless
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: paperless
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
spec:
ingressClassName: external
tls:
- hosts:
- paperless.rodent.cc
rules:
--- HelmRelease: media/readarr Ingress: media/readarr
+++ HelmRelease: media/readarr Ingress: media/readarr
@@ -4,14 +4,12 @@
metadata:
name: readarr
labels:
app.kubernetes.io/instance: readarr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: readarr
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
spec:
ingressClassName: internal
rules:
- host: readarr.rodent.cc
http:
paths:
--- HelmRelease: media/radarr Ingress: media/radarr
+++ HelmRelease: media/radarr Ingress: media/radarr
@@ -4,14 +4,12 @@
metadata:
name: radarr
labels:
app.kubernetes.io/instance: radarr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: radarr
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
spec:
ingressClassName: internal
rules:
- host: radarr.rodent.cc
http:
paths:
--- HelmRelease: media/prowlarr Ingress: media/prowlarr
+++ HelmRelease: media/prowlarr Ingress: media/prowlarr
@@ -4,14 +4,12 @@
metadata:
name: prowlarr
labels:
app.kubernetes.io/instance: prowlarr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: prowlarr
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
spec:
ingressClassName: internal
rules:
- host: prowlarr.rodent.cc
http:
paths:
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-config
+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-config
@@ -41,13 +41,13 @@
enable-l7-proxy: 'true'
enable-ipv4-masquerade: 'true'
enable-ipv4-big-tcp: 'false'
enable-ipv6-big-tcp: 'false'
enable-ipv6-masquerade: 'true'
enable-tcx: 'true'
- datapath-mode: veth
+ datapath-mode: netkit
enable-bpf-masquerade: 'true'
enable-masquerade-to-route-source: 'false'
enable-xt-socket-fallback: 'true'
install-no-conntrack-iptables-rules: 'false'
auto-direct-node-routes: 'true'
direct-routing-skip-unreachable: 'false'
@@ -65,13 +65,13 @@
enable-health-check-nodeport: 'true'
enable-health-check-loadbalancer-ip: 'false'
node-port-bind-protection: 'true'
enable-auto-protect-node-port-range: 'true'
bpf-lb-mode: dsr
bpf-lb-algorithm: maglev
- bpf-lb-acceleration: disabled
+ bpf-lb-acceleration: best-effort
enable-svc-source-range-check: 'true'
enable-l2-neigh-discovery: 'true'
arping-refresh-period: 30s
k8s-require-ipv4-pod-cidr: 'false'
k8s-require-ipv6-pod-cidr: 'false'
enable-endpoint-routes: 'true'
--- HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium
+++ HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium
@@ -16,13 +16,13 @@
rollingUpdate:
maxUnavailable: 2
type: RollingUpdate
template:
metadata:
annotations:
- cilium.io/cilium-configmap-checksum: 166af535880bd4a822be380f3c31c7231d69dc8dbb79d647840e529c59ad2316
+ cilium.io/cilium-configmap-checksum: 964cb6fd6012851f78b4b435cda6d81c5dd934a1d531e27ceecfec366e48bbc3
labels:
k8s-app: cilium
app.kubernetes.io/name: cilium-agent
app.kubernetes.io/part-of: cilium
spec:
securityContext:
--- HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator
+++ HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator
@@ -20,13 +20,13 @@
maxSurge: 25%
maxUnavailable: 50%
type: RollingUpdate
template:
metadata:
annotations:
- cilium.io/cilium-configmap-checksum: 166af535880bd4a822be380f3c31c7231d69dc8dbb79d647840e529c59ad2316
+ cilium.io/cilium-configmap-checksum: 964cb6fd6012851f78b4b435cda6d81c5dd934a1d531e27ceecfec366e48bbc3
prometheus.io/port: '9963'
prometheus.io/scrape: 'true'
labels:
io.cilium/app: operator
name: cilium-operator
app.kubernetes.io/part-of: cilium
--- HelmRelease: rook-ceph/rook-ceph-cluster Deployment: rook-ceph/rook-ceph-tools
+++ HelmRelease: rook-ceph/rook-ceph-cluster Deployment: rook-ceph/rook-ceph-tools
@@ -17,13 +17,13 @@
app: rook-ceph-tools
spec:
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
containers:
- name: rook-ceph-tools
- image: quay.io/ceph/ceph:v18.2.4
+ image: quay.io/ceph/ceph:v19.2.0
command:
- /bin/bash
- -c
- |
# Replicate the script from toolbox.sh inline so the ceph image
# can be run directly, instead of requiring the rook toolbox
--- HelmRelease: rook-ceph/rook-ceph-cluster Ingress: rook-ceph/rook-ceph-dashboard
+++ HelmRelease: rook-ceph/rook-ceph-cluster Ingress: rook-ceph/rook-ceph-dashboard
@@ -1,14 +1,12 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: rook-ceph-dashboard
namespace: rook-ceph
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
spec:
rules:
- host: rook.rodent.cc
http:
paths:
- path: /
--- HelmRelease: rook-ceph/rook-ceph-cluster CephCluster: rook-ceph/rook-ceph
+++ HelmRelease: rook-ceph/rook-ceph-cluster CephCluster: rook-ceph/rook-ceph
@@ -6,13 +6,13 @@
namespace: rook-ceph
spec:
monitoring:
enabled: true
cephVersion:
allowUnsupported: false
- image: quay.io/ceph/ceph:v18.2.4
+ image: quay.io/ceph/ceph:v19.2.0
cleanupPolicy:
allowUninstallWithVolumes: false
confirmation: ''
sanitizeDisks:
dataSource: zero
iteration: 1
@@ -54,13 +54,17 @@
periodicity: daily
mgr:
allowMultiplePerNode: false
count: 2
modules:
- enabled: true
+ name: insights
+ - enabled: true
name: pg_autoscaler
+ - enabled: true
+ name: rook
mon:
allowMultiplePerNode: false
count: 3
network:
connections:
compression:
--- HelmRelease: selfhosted/stirling-pdf Ingress: selfhosted/stirling-pdf
+++ HelmRelease: selfhosted/stirling-pdf Ingress: selfhosted/stirling-pdf
@@ -4,14 +4,12 @@
metadata:
name: stirling-pdf
labels:
app.kubernetes.io/instance: stirling-pdf
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: stirling-pdf
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
spec:
ingressClassName: external
tls:
- hosts:
- pdf.rodent.cc
rules:
--- HelmRelease: media/sonarr Ingress: media/sonarr
+++ HelmRelease: media/sonarr Ingress: media/sonarr
@@ -4,14 +4,12 @@
metadata:
name: sonarr
labels:
app.kubernetes.io/instance: sonarr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: sonarr
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
spec:
ingressClassName: internal
rules:
- host: sonarr.rodent.cc
http:
paths:
--- HelmRelease: selfhosted/miniflux Ingress: selfhosted/miniflux
+++ HelmRelease: selfhosted/miniflux Ingress: selfhosted/miniflux
@@ -4,14 +4,12 @@
metadata:
name: miniflux
labels:
app.kubernetes.io/instance: miniflux
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: miniflux
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
spec:
ingressClassName: external
rules:
- host: miniflux.rodent.cc
http:
paths:
--- HelmRelease: media/tautulli Ingress: media/tautulli
+++ HelmRelease: media/tautulli Ingress: media/tautulli
@@ -4,14 +4,12 @@
metadata:
name: tautulli
labels:
app.kubernetes.io/instance: tautulli
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: tautulli
- annotations:
- external-dns.alpha.kubernetes.io/target: internal.rodent.cc
spec:
ingressClassName: internal
rules:
- host: tautulli.rodent.cc
http:
paths:
--- HelmRelease: selfhosted/vikunja Ingress: selfhosted/vikunja
+++ HelmRelease: selfhosted/vikunja Ingress: selfhosted/vikunja
@@ -4,14 +4,12 @@
metadata:
name: vikunja
labels:
app.kubernetes.io/instance: vikunja
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: vikunja
- annotations:
- external-dns.alpha.kubernetes.io/target: external.rodent.cc
spec:
ingressClassName: external
tls:
- hosts:
- tasks.rodent.cc
rules:
--- HelmRelease: rook-ceph/rook-ceph-operator ConfigMap: rook-ceph/rook-ceph-operator-config
+++ HelmRelease: rook-ceph/rook-ceph-operator ConfigMap: rook-ceph/rook-ceph-operator-config
@@ -6,13 +6,13 @@
namespace: rook-ceph
data:
ROOK_LOG_LEVEL: INFO
ROOK_CEPH_COMMANDS_TIMEOUT_SECONDS: '15'
ROOK_OBC_WATCH_OPERATOR_NAMESPACE: 'true'
ROOK_CEPH_ALLOW_LOOP_DEVICES: 'false'
- ROOK_ENABLE_DISCOVERY_DAEMON: 'false'
+ ROOK_ENABLE_DISCOVERY_DAEMON: 'true'
ROOK_CSI_ENABLE_RBD: 'true'
ROOK_CSI_ENABLE_CEPHFS: 'true'
ROOK_CSI_DISABLE_DRIVER: 'false'
CSI_ENABLE_CEPHFS_SNAPSHOTTER: 'true'
CSI_ENABLE_NFS_SNAPSHOTTER: 'true'
CSI_ENABLE_RBD_SNAPSHOTTER: 'true' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Yoinking a bunch of stuff from onedr0p to catch up!