diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 963a4c51c..94d57b47a 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -32,18 +32,18 @@ "fileMatch": ["ansible/.+/docker-compose.*\\.ya?ml(\\.j2)?$"] }, "flux": { - "fileMatch": ["cluster/.+\\.ya?ml$"] + "fileMatch": ["kubernetes/.+\\.ya?ml$"] }, "helm-values": { - "fileMatch": ["cluster/.+\\.ya?ml$"] + "fileMatch": ["kubernetes/.+\\.ya?ml$"] }, "kubernetes": { - "fileMatch": ["cluster/.+\\.ya?ml$"] + "fileMatch": ["kubernetes/.+\\.ya?ml$"] }, "regexManagers": [ { "description": "Process CRD dependencies", - "fileMatch": ["cluster/.+\\.ya?ml$"], + "fileMatch": ["kubernetes/.+\\.ya?ml$"], "matchStrings": [ // GitRepository where 'Git release/tag' matches 'Helm' version "registryUrl=(?\\S+) chart=(?\\S+)\n.*?(?[^-\\s]*)\n", @@ -54,7 +54,10 @@ }, { "description": "Process various dependencies", - "fileMatch": ["ansible/.+\\.ya?ml$", "cluster/.+\\.ya?ml$"], + "fileMatch": [ + "infrastructure/ansible/.+\\.ya?ml$", + "kubernetes/.+\\.ya?ml$" + ], "matchStrings": [ "datasource=(?\\S+) depName=(?\\S+)( versioning=(?\\S+))?\n.*?\"(?.*)\"\n" ], @@ -63,7 +66,7 @@ }, { "description": "Process raw GitHub URLs", - "fileMatch": ["cluster/.+\\.ya?ml$"], + "fileMatch": ["kubernetes/.+\\.ya?ml$"], "matchStrings": [ "https:\\/\\/raw.githubusercontent.com\\/(?[\\w\\d\\-_]+\\/[\\w\\d\\-_]+)\\/(?[\\w\\d\\.\\-_]+)\\/.*" ], @@ -86,13 +89,15 @@ { "matchDatasources": ["docker"], "versioning": "loose", - "matchPackageNames": ["ghcr.io/onedr0p/qbittorrent", "docker.io/zedeus/nitter", "quay.io/invidious/invidious"] + "matchPackageNames": [ + "ghcr.io/onedr0p/qbittorrent", + "docker.io/zedeus/nitter", + "quay.io/invidious/invidious" + ] }, { "matchDatasources": ["docker"], - "matchPackageNames": [ - "ghcr.io/linuxserver/calibre" - ], + "matchPackageNames": ["ghcr.io/linuxserver/calibre"], "versioning": "regex:^version-v?(?\\d+)\\.(?\\d+)\\.(?\\d+)$" } ] diff --git a/.github/renovate/autoMerge.json5 b/.github/renovate/autoMerge.json5 index e897eb0b9..84bb93fcc 100644 --- a/.github/renovate/autoMerge.json5 +++ b/.github/renovate/autoMerge.json5 @@ -18,6 +18,15 @@ "matchUpdateTypes": ["minor", "patch"], "matchPackageNames": ["ghcr.io/onedr0p/prowlarr-nightly"] }, + { + "description": "Auto merge containers (patch only)", + "matchDatasources": ["docker"], + "automerge": true, + "automergeType": "branch", + "requiredStatusChecks": null, + "matchUpdateTypes": ["patch"], + "matchPackageNames": ["ghcr.io/auricom/kubectl"] + }, { "description": "Auto merge GitHub Actions", "matchDatasources": ["github-tags"], diff --git a/.sops.yaml b/.sops.yaml index 9ce925ea6..5cef33cc8 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,15 +1,20 @@ creation_rules: - - path_regex: cluster/.*\.sops\.ya?ml - encrypted_regex: "^(data|stringData)$" - key_groups: - - age: - - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - - path_regex: ansible/.*\.sops\.ya?ml - unencrypted_regex: "^(kind)$" - key_groups: - - age: - - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - - path_regex: cluster/.*\.sops\.toml - key_groups: - - age: - - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + - path_regex: kubernetes/.*\.sops\.ya?ml + encrypted_regex: ^(data|stringData)$ + key_groups: + - age: + - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + - path_regex: kubernetes/.*\.sops\.toml + key_groups: + - age: + - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + - path_regex: infrastructure/ansible/.*\.sops\.ya?ml + unencrypted_regex: ^(kind)$ + key_groups: + - age: + - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + - path_regex: .*\.sops\.ya?ml + key_groups: + - age: + - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + diff --git a/.taskfiles/kopia.yaml b/.taskfiles/kopia.yaml index 809fc8f7e..58f057887 100644 --- a/.taskfiles/kopia.yaml +++ b/.taskfiles/kopia.yaml @@ -12,8 +12,8 @@ x-preconditions: &preconditions msg: "Claim '{{.CLAIM}}' in namespace '{{.NAMESPACE}}' not found" sh: kubectl get pvc -n {{.NAMESPACE}} {{.CLAIM}} - &has-restore-job-file - msg: "File '{{.PROJECT_DIR}}/hack/kopia-restore.yaml' not found" - sh: "test -f {{.PROJECT_DIR}}/hack/kopia-restore.yaml" + msg: "File '{{.PROJECT_DIR}}/kubernetes/tools/kopia-restore.yaml' not found" + sh: "test -f {{.PROJECT_DIR}}/kubernetes/tools/kopia-restore.yaml" x-vars: &vars NAMESPACE: @@ -54,7 +54,7 @@ tasks: - flux -n {{.NAMESPACE}} suspend helmrelease {{.APP}} - kubectl -n {{.NAMESPACE}} scale {{.NAME}} --replicas 0 - kubectl -n {{.NAMESPACE}} wait pod --for delete --selector="app.kubernetes.io/name={{.APP}}" --timeout=2m - - envsubst < <(cat ./hack/kopia-restore.yaml) | kubectl apply -f - + - envsubst < <(cat ./kubernetes/tools/kopia-restore.yaml) | kubectl apply -f - - sleep 2 - kubectl -n {{.NAMESPACE}} wait job --for condition=complete {{.APP}}-{{.CLAIM}}-restore --timeout={{.TIMEOUT | default "60m"}} - flux -n {{.NAMESPACE}} resume helmrelease {{.APP}} diff --git a/ansible/inventory/group_vars/all/calico.yml b/ansible/inventory/group_vars/all/calico.yml deleted file mode 100644 index 32d1a7e75..000000000 --- a/ansible/inventory/group_vars/all/calico.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# -- Encapsulation type -calico_encapsulation: "None" -# -- BGP Peer IP -# -- (usually your router IP address) -calico_bgp_peer_ip: 192.168.8.1 -# -- BGP Autonomous System Number -# -- (must be the same across all BGP peers) -calico_bgp_as_number: 64512 -# -- BGP Network you want services to consume -# -- (this network should not exist or be defined anywhere in your network) -calico_bgp_external_ips: 192.168.169.0/24 -# -- CIDR of the host node interface Calico should use -calico_node_cidr: 10.69.0.0/16 diff --git a/ansible/inventory/group_vars/all/k3s.yml b/ansible/inventory/group_vars/all/k3s.yml deleted file mode 100644 index 79560c939..000000000 --- a/ansible/inventory/group_vars/all/k3s.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -# -# Below vars are for the xanmanning.k3s role -# ...see https://github.com/PyratLabs/ansible-role-k3s#globalcluster-variables -# - -# Use a specific version of k3s -# renovate: datasource=github-releases depName=k3s-io/k3s -k3s_release_version: "v1.25.3+k3s1" - -# -- Install using hard links rather than symbolic links. -# ...if you are using the system-upgrade-controller you will need to -# use hard links rather than symbolic links as the controller will -# not be able to follow symbolic links. -k3s_install_hard_links: true - -# -- Escalate user privileges for all tasks. -k3s_become: true - -# -- Enable debugging -k3s_debug: false - -# -- Enabled embedded etcd -# k3s_etcd_datastore: false - -# -- Enable for single or even number of masters -k3s_use_unsupported_config: false - -# -- /var/lib/rancher/k3s/server/manifests -k3s_server_manifests_templates: - - "calico/calico-installation.yaml.j2" - - "calico/calico-bgpconfiguration.yaml.j2" - - "calico/calico-bgppeer.yaml.j2" - -# -- /var/lib/rancher/k3s/server/manifests -k3s_server_manifests_urls: - - url: https://docs.projectcalico.org/archive/v3.24/manifests/tigera-operator.yaml - filename: tigera-operator.yaml - -# -- /etc/rancher/k3s/registries.yaml -# k3s_registries: -# mirrors: -# "docker.io": -# endpoint: -# - "https://mirror.{{ SECRET_PRIVATE_DOMAIN }}" -# "*": -# endpoint: -# - "https://mirror.{{ SECRET_PRIVATE_DOMAIN }}" -# config: -# "https://registry.{{ SECRET_PRIVATE_DOMAIN }}": -# auth: -# username: "{{ SECRET_NEXUS_USERNAME }}" -# password: "{{ SECRET_NEXUS_PASSWORD }}" - -timezone: Europe/Paris - -public_ssh_keys: - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora" - -packages: - - "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm" - - "https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-{{ ansible_distribution_major_version }}.noarch.rpm" - - dnf-automatic - - dnf-plugin-system-upgrade - - dnf-utils - - fish - - hdparm - - htop - - intel-gpu-tools - - ipvsadm - - lm_sensors - - nano - - nvme-cli - - python3-libselinux - - socat - - cockpit-pcp - -k3s_registration_address: 192.168.9.100 diff --git a/ansible/inventory/group_vars/master/k3s.yml b/ansible/inventory/group_vars/master/k3s.yml deleted file mode 100644 index 69c8d236e..000000000 --- a/ansible/inventory/group_vars/master/k3s.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- -# https://rancher.com/docs/k3s/latest/en/installation/install-options/server-config/ -# https://github.com/PyratLabs/ansible-role-k3s#server-control-plane-configuration - -# Define the host as control plane nodes -k3s_control_node: true - -k3s_etcd_datastore: false - -# k3s settings for all control-plane nodes -k3s_server: - node-ip: "{{ ansible_host }}" - tls-san: - # # kube-vip - # - "{{ kubevip_address }}" - # haproxy - - "{{ k3s_registration_address }}" - docker: false - flannel-backend: "none" # This needs to be in quotes - disable: - - flannel - - traefik - - servicelb - - metrics-server - - local-storage - disable-network-policy: true - disable-cloud-controller: true - # Network CIDR to use for pod IPs - cluster-cidr: "10.95.0.0/16" - # Network CIDR to use for service IPs - service-cidr: "10.96.0.0/16" - # Required to monitor component with kube-prometheus-stack - # etcd-expose-metrics: true - kubelet-arg: - # Enable Alpha/Beta features - - "feature-gates=EphemeralContainers=true,MixedProtocolLBService=true,ReadWriteOncePod=true" - # Allow pods to be rescheduled quicker in the case of a node failure - # https://github.com/k3s-io/k3s/issues/1264 - - "node-status-update-frequency=4s" - kube-controller-manager-arg: - # Enable Alpha/Beta features - - "feature-gates=EphemeralContainers=true,MixedProtocolLBService=true,ReadWriteOncePod=true" - # Required to monitor component with kube-prometheus-stack - - "bind-address=0.0.0.0" - # Allow pods to be rescheduled quicker in the case of a node failure - # https://github.com/k3s-io/k3s/issues/1264 - - "node-monitor-period=4s" - - "node-monitor-grace-period=16s" - - "pod-eviction-timeout=20s" - kube-proxy-arg: - # Enable Alpha/Beta features - - "feature-gates=EphemeralContainers=true,MixedProtocolLBService=true,ReadWriteOncePod=true" - # Required to monitor component with kube-prometheus-stack - - "metrics-bind-address=0.0.0.0" - kube-scheduler-arg: - # Enable Alpha/Beta features - - "feature-gates=EphemeralContainers=true,MixedProtocolLBService=true,ReadWriteOncePod=true" - # Required to monitor component with kube-prometheus-stack - - "bind-address=0.0.0.0" - kube-apiserver-arg: - # Enable Alpha/Beta features - - "feature-gates=EphemeralContainers=true,MixedProtocolLBService=true,ReadWriteOncePod=true" - # Required for HAProxy health-checks - - "anonymous-auth=true" - # Allow pods to be rescheduled quicker in the case of a node failure - # https://github.com/k3s-io/k3s/issues/1264 - - "default-not-ready-toleration-seconds=20" - - "default-unreachable-toleration-seconds=20" - # Stop k3s control plane having workloads scheduled on them - node-taint: - - "node-role.kubernetes.io/control-plane:NoSchedule" - node-label: - - "upgrade.cattle.io/plan=k3s-server" diff --git a/ansible/inventory/group_vars/worker/k3s.yml b/ansible/inventory/group_vars/worker/k3s.yml deleted file mode 100644 index 9b300015d..000000000 --- a/ansible/inventory/group_vars/worker/k3s.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# https://rancher.com/docs/k3s/latest/en/installation/install-options/agent-config/ -# https://github.com/PyratLabs/ansible-role-k3s#agent-worker-configuration - -# Don't define the host as control plane nodes -k3s_control_node: false - -# k3s settings for all worker nodes -k3s_agent: - node-ip: "{{ ansible_host }}" - kubelet-arg: - # Enable Alpha/Beta features - - "feature-gates=EphemeralContainers=true,MixedProtocolLBService=true,ReadWriteOncePod=true" - # Allow pods to be rescheduled quicker in the case of a node failure - # https://github.com/k3s-io/k3s/issues/1264 - - "node-status-update-frequency=4s" - - "max-pods=150" - node-label: - - "upgrade.cattle.io/plan=k3s-agent" diff --git a/ansible/inventory/host_vars/k3s-master.sops.yaml b/ansible/inventory/host_vars/k3s-master.sops.yaml deleted file mode 100644 index 4a22c00b2..000000000 --- a/ansible/inventory/host_vars/k3s-master.sops.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: Secret -ansible_password: ENC[AES256_GCM,data:NTaCi8mqE7kAQA==,iv:yfHBgrBCf2CqWPyuVTKSwH/WUy6bkgiSoyL4hWQHG7s=,tag:e3311IReXe0RHGgttNg3pg==,type:str] -ansible_become_pass: ENC[AES256_GCM,data:ChsZxKZ1qvICFA==,iv:vuc4eZG4Ls2CiSP/vLazCy/sZkiPjjpGPZr97CvIoX4=,tag:onYhcvFkmAMN6PTFSp0Ikg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5azdoWUV2SWdxaDl1NXVF - U1pvRjBncEpzM2E4TEs1MGlRbTRseG1zS0dNCnF6QmRmNU1iZ0J5K28rSlB4emFF - ODlnU1lXVFZrTHlyTEg5VlFXUERJNGcKLS0tIGhMQUhsa0xaUVU0RTRpbkx0Vk5r - NjJBcHVOSmUvNkt3b3I3dmJwTlJWS3MKw/hRA/oh1fiWts2aqbzTV3TTTcnSk3mi - fsw9jQF3QRL5PGbdT6iz7j58IokV32ilJubQHtfrxus29hd/qAn0yQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-07-03T14:40:36Z" - mac: ENC[AES256_GCM,data:c5yyBdFVs1wqDe8nsQOLeSzFv4QJ2n+VbrSf0dP5oW8593WBcdI8fXn9Q8fdY+wN2BOLn5vRdXBx7btlw0OrEIOOZ/Wz9tUxqIEUFZU6tT4TIB9g5jEqMgs2eKJmgLUoW/fcPC6QJ8ATApF6y8lI4RIV2LOItqK4AUpiVy4E2SU=,iv:kfrYGRaKY37OEl8ilrFFkRkItHpz/1VuAgWimjhujGA=,tag:STGaUOdwNlOAMcbU3Po1HQ==,type:str] - pgp: [] - unencrypted_regex: ^(kind)$ - version: 3.7.3 diff --git a/ansible/inventory/host_vars/k3s-worker1.sops.yaml b/ansible/inventory/host_vars/k3s-worker1.sops.yaml deleted file mode 100644 index 7c5c64e08..000000000 --- a/ansible/inventory/host_vars/k3s-worker1.sops.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: Secret -ansible_password: ENC[AES256_GCM,data:AihMvIUjgEpCjg==,iv:Bk9uFrbhOvlQvoYaJz+JhtMJTAiQ0u9TcaS8eKO0+fE=,tag:R2sLCjH/my9kcsu4Ddg9jg==,type:str] -ansible_become_pass: ENC[AES256_GCM,data:nR/Wkn8NqM3vaA==,iv:iV8c6Qg59qKtHoaQReUTX+KDB+iSboxpSM/K8+gcZvQ=,tag://89MQ4jmQPib/D595YTbA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlZSs4aVZ5VGdyVllEMXl3 - c2NGS2d0dkd4NVZlSVlBd2V3RVEzQ2FiaHlrCld0SkNKUjcvRHNEQ1dZZFUzM014 - ejd5QW5uUzJmMERLR2h4R2M3UmdKWU0KLS0tIFdYOStkVG40TXIzVjRkK0RzZStj - UmhGcmVidTVKbWQ5VVpHSklYN2NyWGMKsfv/KG02qk3EJoNJQ9HNl1iyfyic6Puf - 5owrc62PfohWnLVQby9SaVK80PJVaMRU/kcHIJvbt1Iv2f47qpKczg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-07-03T14:40:40Z" - mac: ENC[AES256_GCM,data:6BqgWJTOzQKwu6Mr7/2WemzOmFNnIilSLH9LPG01UtvaO7FnOQXV1ezgYntKdSXGJWza/pvvqDURaBT7O7Rwv5kR25B6Fo3XWdVSuTLf+N4fGnWKiINaa6UjZhosm5KLs7VB0I3eiBTcHrxqb9jupgPkUErwy0H0LT8yLYRGpe8=,iv:kXeAB7zUoZoZPgEntWV80DNKSEiFiH4xQtbYpStO36U=,tag:gWusG9MGl+bYcjYfQGMbWA==,type:str] - pgp: [] - unencrypted_regex: ^(kind)$ - version: 3.7.3 diff --git a/ansible/inventory/host_vars/k3s-worker2.sops.yaml b/ansible/inventory/host_vars/k3s-worker2.sops.yaml deleted file mode 100644 index 79d6996e4..000000000 --- a/ansible/inventory/host_vars/k3s-worker2.sops.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: Secret -ansible_password: ENC[AES256_GCM,data:495JSVNY5Rn0hg==,iv:ZvJb1M4Ys8FkQpekm5jnGWKE5q63Z44OUhhtYWsJUvQ=,tag:KxgvJbsEMsdYu59yCOCjMg==,type:str] -ansible_become_pass: ENC[AES256_GCM,data:O8lTma7A2n6+5g==,iv:ggmSecFPtTI9vy81of5I6AHnRX2YWOw0VtVldv4PZmo=,tag:IfIuN8xcKHBF6Ojlmki5Tw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0d21nNHZQRkloNnd1M2xF - RlJCUzBZK04rQ1RSa0hFSXUrVTlzK0V1dEdjCkg0ZnVJNGJOZjN3RlZ2RGRmRFdV - akRPQzhwN3NqNHJlK0o1VVFncDVnd1kKLS0tIDhhRGlhNXJmanM5amR6eHZERElj - RndiYkJFaWZuUmVIU3JwSWYzTFZlS3cKHFe4yce/091eEvtrSBYggNgyO88eHA4s - 3TvjHmS7tLv7BnBAT9LLcQVSIW0UOszzF3PvVWIqFqzB/wn0j370kw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-07-03T14:40:42Z" - mac: ENC[AES256_GCM,data:qFIsrbqI+c3fe88H40KkWhwOnZ2aePoorpfxeTjhBtPviT4jBMvIGYZKULCehcdULNMxe7QWuPWsdYY/o5ruqZC49/OrV9qI0XVU6gdiCsM1jcXXiyFkVFfMoMhj5c5yAIMoUKRWbZe2kFtJxaG7ng8VusMgCc9f7LofWiFToVo=,iv:BI2hEL/AsaZoZ4RL7QNy4vins877XgZwxCdJ0ciFEUo=,tag:7tOEfmkFEApTy5wIgJLEBA==,type:str] - pgp: [] - unencrypted_regex: ^(kind)$ - version: 3.7.3 diff --git a/ansible/inventory/host_vars/k3s-worker3.sops.yaml b/ansible/inventory/host_vars/k3s-worker3.sops.yaml deleted file mode 100644 index 800eee362..000000000 --- a/ansible/inventory/host_vars/k3s-worker3.sops.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: Secret -ansible_password: ENC[AES256_GCM,data:n0ASYgah4hAFvw==,iv:P0OPjAGh4AWkw0HUpBNEom6twa3sAXsh0Ei+2UDj/qo=,tag:GNcmaw2BQr5TV755NL/0vw==,type:str] -ansible_become_pass: ENC[AES256_GCM,data:a2wZnzPgf91HvQ==,iv:8wIjFmwSkYZIZmLLhvZTG1EnMmNffuSoPkpao6Kk9wI=,tag:gta1yPH1tRzBdViIO9WOAg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQL2pJWVRDU0lBVVgxNkd6 - MStqdFRFNGdwTEpUWUxEaVVMUVBkY2RXWFUwCmJmbGZnMzVPZjhQMWh0eWhybXdi - K1FIa1YrNDZjMnhONDBiSEFtTW80WlkKLS0tIHJJTFpINUowclNUZXVsa2I1Vjdw - NkhyZm5SVnlBYWxlajh6NjV0OVBCSE0Kl6ovgsGkzq4XetwG5b77mvztpa3bD5ej - mWlPbSV66yw4eENVuDtZRX5/lrnbW7EqkwjfGoEJ9YGA7ya0G6IVQw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-07-03T14:40:44Z" - mac: ENC[AES256_GCM,data:/AA8sbAxsYhGAad8/ymYq0YgzwmNvnnwK+p9J7+NUpFC9YGWwuR/dV8oxKzqOs/zEzFTwyBTvOrGeQ59xyJ/Id/xSt5Av0FTmrOXQxFwIOsMUsH5RP8khQpp9yO1c2cvxwNLi1oWGzLLE63Zl2JwutQdTVH0KgibPhtdL0sV8eQ=,iv:rTpWgrMAZrCymFqKGcEGOyQJdPAw/SmeW8vdVNX/Ptg=,tag:rlg3dcQhVwcXUKkEc4Jdww==,type:str] - pgp: [] - unencrypted_regex: ^(kind)$ - version: 3.7.3 diff --git a/ansible/playbooks/cluster-installation.yml b/ansible/playbooks/cluster-installation.yml deleted file mode 100644 index 7fe77ded1..000000000 --- a/ansible/playbooks/cluster-installation.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- -- hosts: - - master - - worker - become: true - gather_facts: true - any_errors_fatal: true - pre_tasks: - - name: Pausing for 5 seconds... - ansible.builtin.pause: - seconds: 5 - tasks: - - name: Check if cluster is installed - check_mode: false - ansible.builtin.stat: - path: "/etc/rancher/k3s/config.yaml" - register: k3s_check_installed - - - name: Set manifest facts - ansible.builtin.set_fact: - k3s_server_manifests_templates: [] - k3s_server_manifests_urls: [] - when: k3s_check_installed.stat.exists - - - name: Install Kubernetes - ansible.builtin.include_role: - name: xanmanning.k3s - public: true - vars: - k3s_state: installed - - - name: Get absolute path to this Git repository - delegate_to: localhost - become: false - run_once: true - check_mode: false - ansible.builtin.command: |- - git rev-parse --show-toplevel - register: repo_abs_path - changed_when: "repo_abs_path.rc != 2" - - - name: Copy kubeconfig to provision folder - run_once: true - ansible.builtin.fetch: - src: "/etc/rancher/k3s/k3s.yaml" - dest: "{{ repo_abs_path.stdout }}/provision/kubeconfig" - flat: true - when: - - k3s_control_node is defined - - k3s_control_node - - - name: Update kubeconfig with the correct IPv4 address - delegate_to: localhost - become: false - run_once: true - ansible.builtin.replace: - path: "{{ repo_abs_path.stdout }}/provision/kubeconfig" - regexp: "https://127.0.0.1:6443" - replace: "https://{{ k3s_registration_address }}:6443" - - # Cleaning up the manifests from the /var/lib/rancher/k3s/server/manifests - # directory is needed because k3s has an awesome - # "feature" to always deploy these on restarting - # the k3s systemd service. Removing them does - # not uninstall the manifests. - - # Removing them means we can manage the lifecycle - # of these components outside of the - # /var/lib/rancher/k3s/server/manifests directory - - # FIXME(ansible): Check for deployments to be happy rather than waiting - - name: Wait for k3s to finish installing the deployed manifests - ansible.builtin.wait_for: - timeout: 15 - when: k3s_server_manifests_templates | length > 0 - or k3s_server_manifests_dir | length > 0 - - - name: Remove deployed manifest templates - ansible.builtin.file: - path: "{{ k3s_server_manifests_dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}" - state: absent - loop: "{{ k3s_server_manifests_templates | default([]) }}" - - - name: Remove deployed manifest urls - ansible.builtin.file: - path: "{{ k3s_server_manifests_dir }}/{{ item.filename }}" - state: absent - loop: "{{ k3s_server_manifests_urls | default([]) }}" diff --git a/ansible/playbooks/cluster-nuke.yml b/ansible/playbooks/cluster-nuke.yml deleted file mode 100644 index eada19707..000000000 --- a/ansible/playbooks/cluster-nuke.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- hosts: - - master - - worker - become: true - gather_facts: true - any_errors_fatal: true - vars_prompt: - - name: nuke - prompt: |- - Are you sure you want to nuke this cluster? - Type YES I WANT TO DESTROY THIS CLUSTER to proceed - default: "n" - private: false - pre_tasks: - - name: Check for confirmation - ansible.builtin.fail: - msg: Aborted nuking the cluster - when: nuke != 'YES I WANT TO DESTROY THIS CLUSTER' - - - name: Pausing for 5 seconds... - ansible.builtin.pause: - seconds: 5 - tasks: - - name: Uninstall k3s - ansible.builtin.include_role: - name: xanmanning.k3s - public: true - vars: - k3s_state: uninstalled - - name: Gather list of CNI files - ansible.builtin.find: - paths: /etc/cni/net.d - patterns: "*" - hidden: true - register: directory_contents - - name: Delete CNI files - ansible.builtin.file: - path: "{{ item.path }}" - state: absent - loop: "{{ directory_contents.files }}" diff --git a/ansible/playbooks/cluster-prepare.yml b/ansible/playbooks/cluster-prepare.yml deleted file mode 100644 index 43e121f87..000000000 --- a/ansible/playbooks/cluster-prepare.yml +++ /dev/null @@ -1,184 +0,0 @@ ---- -- hosts: - - master - - worker - become: true - gather_facts: true - serial: 1 - any_errors_fatal: true - pre_tasks: - - name: Pausing for 5 seconds... - ansible.builtin.pause: - seconds: 5 - tasks: - - name: Locale - block: - - name: Locale | Set timezone - community.general.timezone: - name: "{{ timezone | default('Europe/Paris') }}" - - name: Networking - block: - - name: Networking | Set hostname to inventory hostname - ansible.builtin.hostname: - name: "{{ inventory_hostname }}" - - name: Networking | Update /etc/hosts to include inventory hostname - ansible.builtin.blockinfile: - path: /etc/hosts - block: | - 127.0.1.1 {{ inventory_hostname }} - - name: Packages - block: - - name: Packages | Improve dnf performance - ansible.builtin.blockinfile: - path: /etc/dnf/dnf.conf - block: | - defaultyes=True - deltarpm=True - install_weak_deps=False - max_parallel_downloads={{ ansible_processor_vcpus | default('8') }} - - name: Packages | Import rpmfusion keys - ansible.builtin.rpm_key: - state: present - key: "{{ item }}" - loop: - - https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-fedora-2020 - - https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020 - - name: Packages | Install required packages - ansible.builtin.dnf: - name: "{{ packages | default([]) }}" - state: present - update_cache: true - - name: Packages | Remove leaf packages - ansible.builtin.dnf: - autoremove: true - - name: Packages | Enable automatic download of updates - ansible.builtin.systemd: - service: dnf-automatic-download.timer - enabled: true - state: started - - name: Packages | Enable cockpit - ansible.builtin.systemd: - service: cockpit.socket - enabled: true - state: started - - name: User Configuration - block: - - name: User Configuration | Change shell to fish - ansible.builtin.user: - name: "{{ item }}" - shell: /usr/bin/fish - loop: - - root - - fedora - - name: User Configuration | Disable password sudo - ansible.builtin.lineinfile: - dest: /etc/sudoers - state: present - regexp: "^%wheel" - line: "%wheel ALL=(ALL) NOPASSWD: ALL" - validate: visudo -cf %s - become: true - - name: User Configuration | Add additional SSH public keys - ansible.posix.authorized_key: - user: "{{ ansible_user }}" - key: "{{ item }}" - loop: "{{ public_ssh_keys | default([]) }}" - - name: System Configuration (1) - block: - - name: System Configuration (1) | Configure smartd - ansible.builtin.copy: - dest: /etc/smartd.conf - mode: 0644 - content: DEVICESCAN -a -o on -S on -n standby,q -s (S/../.././02|L/../../6/03) -W 4,35,40 - notify: Restart smartd - - name: System Configuration (1) | Disable firewalld - ansible.builtin.systemd: - service: firewalld.service - enabled: false - masked: true - state: stopped - - name: System Configuration (1) | Enable fstrim - ansible.builtin.systemd: - service: fstrim.timer - enabled: true - - name: System Configuration (1) | Enable chronyd - ansible.builtin.systemd: - service: chronyd - enabled: true - - name: System Configuration (2) - block: - - name: System Configuration (2) | Enable kernel modules now - community.general.modprobe: - name: "{{ item }}" - state: present - loop: [br_netfilter, overlay, rbd] - - name: System Configuration (2) | Enable kernel modules on boot - ansible.builtin.copy: - mode: 0644 - content: "{{ item }}" - dest: "/etc/modules-load.d/{{ item }}.conf" - loop: [br_netfilter, overlay, rbd] - - name: System Configuration (2) | Set sysctls - ansible.posix.sysctl: - name: "{{ item.key }}" - value: "{{ item.value }}" - sysctl_file: /etc/sysctl.d/99-kubernetes.conf - reload: true - with_dict: "{{ sysctl_config }}" - vars: - sysctl_config: - net.ipv4.ip_forward: 1 - net.ipv4.conf.all.forwarding: 1 - net.ipv4.conf.all.rp_filter: 0 - net.ipv4.conf.default.rp_filter: 0 - net.ipv6.conf.all.forwarding: 1 - net.bridge.bridge-nf-call-iptables: 1 - net.bridge.bridge-nf-call-ip6tables: 1 - fs.inotify.max_user_watches: 524288 - fs.inotify.max_user_instances: 512 - - name: System Configuration (2) | Disable swap - ansible.builtin.dnf: - name: zram-generator-defaults - state: absent - - name: System Configuration (2) | Permissive SELinux - ansible.posix.selinux: - state: permissive - policy: targeted - - name: System Configuration (2) | Disable mitigations - ansible.builtin.replace: - path: /etc/default/grub - regexp: '^(GRUB_CMDLINE_LINUX=(?:(?![" ]{{ item.key | regex_escape }}=).)*)(?:[" ]{{ item.key | regex_escape }}=\S+)?(.*")$' - replace: '\1 {{ item.key }}={{ item.value }}\2' - with_dict: "{{ grub_config }}" - vars: - grub_config: - mitigations: "off" - register: grub_status - - name: System Configuration (2) | Reconfigure grub and initramfs - ansible.builtin.command: "{{ item }}" - loop: - - grub2-mkconfig -o /boot/grub2/grub.cfg - - dracut --force --regenerate-all -v - when: grub_status.changed - - name: System Configuration (3) | NetworkManager - Calico fix - ansible.builtin.blockinfile: - path: /etc/NetworkManager/conf.d/calico.conf - create: true - block: | - [keyfile] - unmanaged-devices=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico;interface-name:vxlan-v6.calico;interface-name:wireguard.cali;interface-name:wg-v6.cali - - name: System Configuration (3) | NetworkManager - RX Ring buffer size check - ansible.builtin.command: - cmd: "cat /etc/NetworkManager/system-connections/eno1.nmconnection" - register: rx_ring_cat - changed_when: false - - name: System Configuration (3) | NetworkManager - RX Ring buffer size - ansible.builtin.command: - cmd: "nmcli connection modify eno1 ethtool.ring-rx 1024" - when: rx_ring_cat.stdout.find("ring-rx=1024") == -1 - - # notify: Reboot - handlers: - - name: Reboot - ansible.builtin.reboot: - msg: Rebooting nodes diff --git a/ansible/playbooks/cluster-reboot.yml b/ansible/playbooks/cluster-reboot.yml deleted file mode 100644 index 4f109d3ac..000000000 --- a/ansible/playbooks/cluster-reboot.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- hosts: - - master - - worker - become: true - gather_facts: true - any_errors_fatal: true - pre_tasks: - - name: Pausing for 5 seconds... - ansible.builtin.pause: - seconds: 5 - tasks: - - name: Reboot - ansible.builtin.reboot: - msg: Rebooting nodes diff --git a/ansible/playbooks/rook-nuke.yml b/ansible/playbooks/rook-nuke.yml deleted file mode 100644 index 05f5fd7ce..000000000 --- a/ansible/playbooks/rook-nuke.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- hosts: - - worker - become: true - gather_facts: true - any_errors_fatal: true - pre_tasks: - - name: Pausing for 5 seconds... - ansible.builtin.pause: - seconds: 5 - tasks: - - name: Remove /var/lib/rook - ansible.builtin.file: - state: absent - path: "/var/lib/rook" - - name: Zap the drives - ansible.builtin.shell: "sgdisk --zap-all {{ item }} || true" - register: rc - changed_when: "rc.rc != 2" - loop: - - "{{ rook_devices | default([]) }}" - - name: Remove lvm partitions - ansible.builtin.shell: "{{ item }}" - loop: - - ls /dev/mapper/ceph--* | xargs -I% -- fuser --kill % - - ls /dev/mapper/ceph--* | xargs -I% -- dmsetup clear % - - ls /dev/mapper/ceph--* | xargs -I% -- dmsetup remove -f % - - ls /dev/mapper/ceph--* | xargs -I% -- rm -rf % - register: rc - changed_when: "rc.rc != 2" - - name: Wipe the block device - ansible.builtin.command: "wipefs -af {{ item }}" - register: rc - changed_when: "rc.rc != 2" - with_items: - - "{{ rook_devices | default([]) }}" diff --git a/ansible/playbooks/templates/calico/calico-bgpconfiguration.yaml.j2 b/ansible/playbooks/templates/calico/calico-bgpconfiguration.yaml.j2 deleted file mode 100644 index 538bcff55..000000000 --- a/ansible/playbooks/templates/calico/calico-bgpconfiguration.yaml.j2 +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: crd.projectcalico.org/v1 -kind: BGPConfiguration -metadata: - name: default -spec: - asNumber: {{ calico_bgp_as_number }} - serviceExternalIPs: - - cidr: "{{ calico_bgp_external_ips }}" diff --git a/ansible/playbooks/templates/calico/calico-bgppeer.yaml.j2 b/ansible/playbooks/templates/calico/calico-bgppeer.yaml.j2 deleted file mode 100644 index bfa7cb01e..000000000 --- a/ansible/playbooks/templates/calico/calico-bgppeer.yaml.j2 +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: crd.projectcalico.org/v1 -kind: BGPPeer -metadata: - name: global -spec: - peerIP: {{ calico_bgp_peer_ip }} - asNumber: {{ calico_bgp_as_number }} diff --git a/ansible/playbooks/templates/calico/calico-installation.yaml.j2 b/ansible/playbooks/templates/calico/calico-installation.yaml.j2 deleted file mode 100644 index 386a54dfc..000000000 --- a/ansible/playbooks/templates/calico/calico-installation.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: operator.tigera.io/v1 -kind: Installation -metadata: - name: default -spec: - registry: quay.io - imagePath: calico - calicoNetwork: - # Note: The ipPools section cannot be modified post-install. - ipPools: - - blockSize: 26 - cidr: "{{ k3s_server['cluster-cidr'] }}" - encapsulation: "{{ calico_encapsulation }}" - natOutgoing: Enabled - nodeSelector: all() - nodeMetricsPort: 9091 - typhaMetricsPort: 9093 diff --git a/cluster/apps/kube-tools/system-upgrade/kustomization.yaml b/cluster/apps/kube-tools/system-upgrade/kustomization.yaml deleted file mode 100644 index d8d3d0c17..000000000 --- a/cluster/apps/kube-tools/system-upgrade/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: system-upgrade -resources: - # renovate: datasource=docker image=rancher/system-upgrade-controller - - https://github.com/rancher/system-upgrade-controller/releases/download/v0.9.1/crd.yaml - - system-upgrade-controller diff --git a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/kustomization.yaml b/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/kustomization.yaml deleted file mode 100644 index 531d6c97d..000000000 --- a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/kustomization.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - github.com/rancher/system-upgrade-controller?ref=v0.9.1 - - plans -images: - - name: rancher/system-upgrade-controller - newTag: v0.9.1 -patchesStrategicMerge: - # Delete namespace resource - - ./system-upgrade-patches.yaml - # Add labels - - |- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: system-upgrade-controller - namespace: system-upgrade - labels: - app.kubernetes.io/name: system-upgrade-controller - app.kubernetes.io/instance: system-upgrade-controller diff --git a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/agent.yaml b/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/agent.yaml deleted file mode 100644 index c7212783d..000000000 --- a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/agent.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -apiVersion: upgrade.cattle.io/v1 -kind: Plan -metadata: - name: k3s-agent - namespace: system-upgrade - labels: - k3s-upgrade: agent -spec: - # renovate: datasource=github-releases depName=k3s-io/k3s - version: "v1.25.3+k3s1" - serviceAccountName: system-upgrade - concurrency: 1 - nodeSelector: - matchExpressions: - - { key: node-role.kubernetes.io/control-plane, operator: DoesNotExist } - prepare: - image: rancher/k3s-upgrade - args: ["prepare", "k3s-server"] - upgrade: - image: rancher/k3s-upgrade diff --git a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/server.yaml b/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/server.yaml deleted file mode 100644 index a00044f83..000000000 --- a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/server.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: upgrade.cattle.io/v1 -kind: Plan -metadata: - name: k3s-server - namespace: system-upgrade - labels: - k3s-upgrade: server -spec: - # renovate: datasource=github-releases depName=k3s-io/k3s - version: "v1.25.3+k3s1" - serviceAccountName: system-upgrade - concurrency: 1 - cordon: true - nodeSelector: - matchExpressions: - - { key: node-role.kubernetes.io/control-plane, operator: Exists } - tolerations: - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - upgrade: - image: rancher/k3s-upgrade diff --git a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/system-upgrade-patches.yaml b/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/system-upgrade-patches.yaml deleted file mode 100644 index 2161d7b0e..000000000 --- a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/system-upgrade-patches.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# Namespace should already exist -# Delete the system-upgrade namespace -# from the kustomization -$patch: delete -apiVersion: v1 -kind: Namespace -metadata: - name: system-upgrade diff --git a/cluster/apps/logs/vector/agent/helm-release.yaml b/cluster/apps/logs/vector/agent/helm-release.yaml deleted file mode 100644 index c7f5b8009..000000000 --- a/cluster/apps/logs/vector/agent/helm-release.yaml +++ /dev/null @@ -1,66 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: vector-agent - namespace: monitoring -spec: - interval: 15m - chart: - spec: - chart: vector - version: 0.17.0 - sourceRef: - kind: HelmRepository - name: vector-charts - namespace: flux-system - install: - createNamespace: true - remediation: - retries: 5 - upgrade: - remediation: - retries: 5 - dependsOn: - - name: loki - namespace: monitoring - - name: vector-aggregator - namespace: monitoring - values: - image: - repository: timberio/vector - tag: 0.25.1-debian - role: Agent - customConfig: - data_dir: /vector-data-dir - api: - enabled: false - sources: - journal_logs: - type: journald - journal_directory: /var/log/journal - kubernetes_logs: - type: kubernetes_logs - pod_annotation_fields: - container_image: container_image - container_name: container_name - pod_annotations: pod_annotations - pod_labels: pod_labels - pod_name: pod_name - sinks: - loki_journal_sink: - type: vector - inputs: - - journal_logs - address: vector-aggregator:6000 - version: "2" - loki_kubernetes_sink: - type: vector - inputs: - - kubernetes_logs - address: vector-aggregator:6010 - version: "2" - service: - enabled: false - securityContext: - privileged: true diff --git a/cluster/apps/logs/vector/aggregator/helm-release.yaml b/cluster/apps/logs/vector/aggregator/helm-release.yaml deleted file mode 100644 index df9655881..000000000 --- a/cluster/apps/logs/vector/aggregator/helm-release.yaml +++ /dev/null @@ -1,179 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: vector-aggregator - namespace: monitoring -spec: - interval: 15m - chart: - spec: - chart: vector - version: 0.17.0 - sourceRef: - kind: HelmRepository - name: vector-charts - namespace: flux-system - install: - createNamespace: true - remediation: - retries: 5 - upgrade: - remediation: - retries: 5 - dependsOn: - - name: loki - namespace: monitoring - values: - image: - repository: timberio/vector - tag: 0.25.1-debian - role: Stateless-Aggregator - replicas: 2 - customConfig: - data_dir: /vector-data-dir - api: - enabled: false - sources: - journal_logs: - type: vector - address: 0.0.0.0:6000 - version: "2" - kubernetes_logs: - type: vector - address: 0.0.0.0:6010 - version: "2" - opnsense_filterlog_logs: - type: syslog - address: 0.0.0.0:5140 - mode: udp - transforms: - kubernetes_logs_remap: - type: remap - inputs: - - kubernetes_logs - source: | - # Standardize 'app' index - .custom_app_name = .pod_labels."app.kubernetes.io/name" || .pod_labels.app || .pod_labels."k8s-app" || "unknown" - opnsense_filterlog_remap: - type: remap - inputs: - - opnsense_filterlog_logs - source: | - msg = parse_csv!(string!(.message)) - # Only parse IPv4 / IPv6 - if msg[8] == "4" || msg[8] == "6" { - .filter_interface = msg[4] - .filter_direction = msg[7] - .filter_action = msg[6] - .filter_ip_version = msg[8] - .filter_protocol = msg[16] - .filter_source_ip = msg[18] - .filter_destination_ip = msg[19] - if (msg[16] == "icmp" || msg[16] == "igmp" || msg[16] == "gre") { - .filter_data = msg[20] - } else { - .filter_source_port = msg[20] - .filter_destination_port = msg[21] - .filter_data_length = msg[22] - if msg[8] == "4" && msg[16] == "tcp" { - .filter_tcp_flags = msg[23] - } - } - } - opnsense_filterlog_route: - type: route - inputs: - - opnsense_filterlog_remap - route: - pass_action: >- - .filter_action == "pass" - opnsense_filterlog_geoip: - type: geoip - inputs: - - opnsense_filterlog_route.pass_action - database: /geoip/GeoLite2-City.mmdb - source: filter_source_ip - target: geoip - sinks: - loki_journal: - type: loki - inputs: - - journal_logs - endpoint: http://loki-gateway:80 - encoding: - codec: json - batch: - max_bytes: 2049000 - out_of_order_action: accept - remove_label_fields: true - remove_timestamp: true - labels: - hostname: >- - {{`{{ host }}`}} - loki_kubernetes: - type: loki - inputs: - - kubernetes_logs_remap - endpoint: http://loki-gateway:80 - encoding: - codec: json - batch: - max_bytes: 2049000 - out_of_order_action: accept - remove_label_fields: true - remove_timestamp: true - labels: - app: >- - {{`{{ custom_app_name }}`}} - namespace: >- - {{`{{ kubernetes.pod_namespace }}`}} - node: >- - {{`{{ kubernetes.pod_node_name }}`}} - loki_opnsense_filterlog: - type: loki - inputs: - - opnsense_filterlog_route._unmatched - - opnsense_filterlog_geoip - endpoint: http://loki-gateway:80 - encoding: - codec: json - batch: - max_bytes: 2049000 - out_of_order_action: accept - labels: - hostname: opnsense - extraVolumeMounts: - - name: geoip - mountPath: /geoip - extraVolumes: - - name: geoip - persistentVolumeClaim: - claimName: vector-geoipupdate-config - service: - enabled: true - type: LoadBalancer - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: In - values: ["Stateless-Aggregator"] - topologyKey: kubernetes.io/hostname - postRenderers: - - kustomize: - patchesJson6902: - - target: - kind: Service - name: vector-aggregator - patch: - - op: add - path: /spec/externalIPs - value: ["${CLUSTER_LB_SYSLOG}"] - - op: replace - path: /spec/externalTrafficPolicy - value: Local diff --git a/cluster/apps/networking/tigera-operator/helm-release.yaml b/cluster/apps/networking/tigera-operator/helm-release.yaml deleted file mode 100644 index a007e9ef7..000000000 --- a/cluster/apps/networking/tigera-operator/helm-release.yaml +++ /dev/null @@ -1,47 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: tigera-operator - namespace: tigera-operator -spec: - interval: 15m - chart: - spec: - chart: tigera-operator - version: v3.24.5 - sourceRef: - kind: HelmRepository - name: project-calico-charts - namespace: flux-system - install: - createNamespace: true - crds: CreateReplace - remediation: - retries: 5 - upgrade: - crds: CreateReplace - remediation: - retries: 5 - values: - installation: - enabled: true - registry: quay.io - imagePath: calico - calicoNetwork: - bgp: Enabled - hostPorts: Disabled - # Note: The ipPools section cannot be modified post-install. - ipPools: - - blockSize: 26 - cidr: "${NET_POD_CIDR}" - encapsulation: None - natOutgoing: Enabled - nodeSelector: all() - linuxDataplane: Iptables - multiInterfaceMode: None - nodeAddressAutodetectionV4: - cidrs: - - "${NET_NODE_CIDR}" - nodeMetricsPort: 9091 - typhaMetricsPort: 9093 diff --git a/cluster/charts/jetstack-charts.yaml b/cluster/charts/jetstack-charts.yaml deleted file mode 100644 index f0ab55f39..000000000 --- a/cluster/charts/jetstack-charts.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta1 -kind: HelmRepository -metadata: - name: jetstack-charts - namespace: flux-system -spec: - interval: 1h - url: https://charts.jetstack.io/ - timeout: 3m diff --git a/cluster/charts/kustomization.yaml b/cluster/charts/kustomization.yaml deleted file mode 100644 index 559e7c2ff..000000000 --- a/cluster/charts/kustomization.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - bitnami-charts.yaml - - bjw-s-charts.yaml - - cert-manager-webhook-ovh.yaml - - cloudnative-pg-charts.yaml - - descheduler-charts.yaml - - drone-charts.yaml - - dysnix-charts.yaml - - emxq-charts.yaml - - external-dns-charts.yaml - - gitea-charts.yaml - - grafana-charts.yaml - - ingress-nginx-charts.yaml - - jetstack-charts.yaml - - k8s-gateway-charts.yaml - - kyverno-charts.yaml - - metrics-server-charts.yaml - - node-feature-discovery.yaml - - project-calico-charts.yaml - - prometheus-community-charts.yaml - - rook-ceph-charts.yaml - - stakater-charts.yaml - - vector-charts.yaml diff --git a/cluster/charts/project-calico-charts.yaml b/cluster/charts/project-calico-charts.yaml deleted file mode 100644 index 4911c3bd8..000000000 --- a/cluster/charts/project-calico-charts.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: project-calico-charts - namespace: flux-system -spec: - interval: 1h - url: https://projectcalico.docs.tigera.io/charts diff --git a/cluster/core/rook-ceph/rook-direct-mount/deployment.yaml b/cluster/core/rook-ceph/rook-direct-mount/deployment.yaml deleted file mode 100644 index 34d25ba69..000000000 --- a/cluster/core/rook-ceph/rook-direct-mount/deployment.yaml +++ /dev/null @@ -1,67 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: rook-direct-mount - namespace: rook-ceph - labels: - app: rook-direct-mount -spec: - replicas: 1 - selector: - matchLabels: - app: rook-direct-mount - template: - metadata: - labels: - app: rook-direct-mount - spec: - dnsPolicy: ClusterFirstWithHostNet - containers: - - name: rook-direct-mount - image: rook/ceph:v1.10.5 - command: ["/usr/local/bin/toolbox.sh"] - imagePullPolicy: IfNotPresent - env: - - name: ROOK_CEPH_USERNAME - valueFrom: - secretKeyRef: - name: rook-ceph-mon - key: ceph-username - - name: ROOK_CEPH_SECRET - valueFrom: - secretKeyRef: - name: rook-ceph-mon - key: ceph-secret - securityContext: - privileged: true - volumeMounts: - - mountPath: /dev - name: dev - - mountPath: /sys/bus - name: sysbus - - mountPath: /lib/modules - name: libmodules - - name: mon-endpoint-volume - mountPath: /etc/rook - securityContext: - runAsUser: 0 - runAsGroup: 0 - # if hostNetwork: false, the "rbd map" command hangs, see https://github.com/rook/rook/issues/2021 - hostNetwork: true - volumes: - - name: dev - hostPath: - path: /dev - - name: sysbus - hostPath: - path: /sys/bus - - name: libmodules - hostPath: - path: /lib/modules - - name: mon-endpoint-volume - configMap: - name: rook-ceph-mon-endpoints - items: - - key: data - path: mon-endpoints diff --git a/cluster/core/rook-ceph/snapshot-controller/deployment.yaml b/cluster/core/rook-ceph/snapshot-controller/deployment.yaml deleted file mode 100644 index 66af9f63a..000000000 --- a/cluster/core/rook-ceph/snapshot-controller/deployment.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: snapshot-controller - namespace: rook-ceph -spec: - replicas: 2 - selector: - matchLabels: - app.kubernetes.io/name: snapshot-controller - minReadySeconds: 15 - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/name: snapshot-controller - spec: - serviceAccount: snapshot-controller - containers: - - name: snapshot-controller - image: k8s.gcr.io/sig-storage/snapshot-controller:v6.1.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--leader-election=true" diff --git a/cluster/core/rook-ceph/snapshot-controller/rbac.yaml b/cluster/core/rook-ceph/snapshot-controller/rbac.yaml deleted file mode 100644 index 8f8c65c4a..000000000 --- a/cluster/core/rook-ceph/snapshot-controller/rbac.yaml +++ /dev/null @@ -1,75 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: snapshot-controller - namespace: rook-ceph ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-runner -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-role -subjects: - - kind: ServiceAccount - name: snapshot-controller - namespace: rook-ceph -roleRef: - kind: ClusterRole - name: snapshot-controller-runner - apiGroup: rbac.authorization.k8s.io ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-leaderelection - namespace: rook-ceph -rules: - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-leaderelection - namespace: rook-ceph -subjects: - - kind: ServiceAccount - name: snapshot-controller -roleRef: - kind: Role - name: snapshot-controller-leaderelection - apiGroup: rbac.authorization.k8s.io diff --git a/cluster/crds/kube-prometheus-stack/crds.yaml b/cluster/crds/kube-prometheus-stack/crds.yaml deleted file mode 100644 index fe6fc7fb2..000000000 --- a/cluster/crds/kube-prometheus-stack/crds.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta1 -kind: GitRepository -metadata: - name: kube-prometheus-stack-source - namespace: flux-system -spec: - interval: 1h - url: https://github.com./prometheus-community/helm-charts.git - ref: - # renovate: registryUrl=https://prometheus-community.github.io/helm-charts - tag: kube-prometheus-stack-36.2.0 - ignore: | - # exclude all - /* - # include deploy crds dir - !/charts/kube-prometheus-stack/crds ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: kube-prometheus-stack-crds - namespace: flux-system -spec: - interval: 15m - prune: false - sourceRef: - kind: GitRepository - name: kube-prometheus-stack-source - healthChecks: - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: alertmanagerconfigs.monitoring.coreos.com - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: alertmanagers.monitoring.coreos.com - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: podmonitors.monitoring.coreos.com - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: probes.monitoring.coreos.com - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: prometheuses.monitoring.coreos.com - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: prometheusrules.monitoring.coreos.com - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: servicemonitors.monitoring.coreos.com - - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: thanosrulers.monitoring.coreos.com diff --git a/cluster/flux/apps.yaml b/cluster/flux/apps.yaml deleted file mode 100644 index a780610ac..000000000 --- a/cluster/flux/apps.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: apps - namespace: flux-system -spec: - interval: 10m0s - dependsOn: - - name: core - path: ./cluster/apps - prune: true - sourceRef: - kind: GitRepository - name: flux-cluster - decryption: - provider: sops - secretRef: - name: sops-age - postBuild: - substitute: {} - substituteFrom: - - kind: ConfigMap - name: cluster-settings - - kind: Secret - name: cluster-secrets diff --git a/cluster/flux/charts.yaml b/cluster/flux/charts.yaml deleted file mode 100644 index 42a21b891..000000000 --- a/cluster/flux/charts.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: charts - namespace: flux-system -spec: - interval: 10m0s - path: ./cluster/charts - prune: true - sourceRef: - kind: GitRepository - name: flux-cluster diff --git a/cluster/flux/configuration.yaml b/cluster/flux/configuration.yaml deleted file mode 100644 index 3795a5061..000000000 --- a/cluster/flux/configuration.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: configuration - namespace: flux-system -spec: - interval: 10m0s - path: ./cluster/configuration - prune: true - sourceRef: - kind: GitRepository - name: flux-cluster - decryption: - provider: sops - secretRef: - name: sops-age diff --git a/cluster/flux/core.yaml b/cluster/flux/core.yaml deleted file mode 100644 index a4f823339..000000000 --- a/cluster/flux/core.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: core - namespace: flux-system -spec: - interval: 10m0s - dependsOn: - - name: charts - - name: configuration - - name: crds - path: ./cluster/core - prune: false - sourceRef: - kind: GitRepository - name: flux-cluster - decryption: - provider: sops - secretRef: - name: sops-age - postBuild: - substitute: {} - substituteFrom: - - kind: ConfigMap - name: cluster-settings - - kind: Secret - name: cluster-secrets diff --git a/cluster/flux/crds.yaml b/cluster/flux/crds.yaml deleted file mode 100644 index 0908934f3..000000000 --- a/cluster/flux/crds.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: crds - namespace: flux-system -spec: - interval: 10m0s - path: ./cluster/crds - prune: false - sourceRef: - kind: GitRepository - name: flux-cluster diff --git a/cluster/flux/flux-system/flux-cluster.yaml b/cluster/flux/flux-system/flux-cluster.yaml deleted file mode 100644 index aa5509322..000000000 --- a/cluster/flux/flux-system/flux-cluster.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: GitRepository -metadata: - name: flux-cluster - namespace: flux-system -spec: - interval: 30m - # https://github.com/k8s-at-home/template-cluster-k3s/issues/324 - url: ssh://git@github.com/auricom/home-ops - ref: - branch: main - secretRef: - name: github-deploy-key ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: flux-cluster - namespace: flux-system -spec: - interval: 30m - path: ./cluster/flux - prune: true - wait: false - sourceRef: - kind: GitRepository - name: flux-cluster diff --git a/docs/files/pxe_opnsense_services_dhcpv4_network.png b/docs/files/pxe_opnsense_services_dhcpv4_network.png deleted file mode 100644 index 87acb1626..000000000 Binary files a/docs/files/pxe_opnsense_services_dhcpv4_network.png and /dev/null differ diff --git a/docs/files/pxe_opnsense_services_dnsmasq.png b/docs/files/pxe_opnsense_services_dnsmasq.png deleted file mode 100644 index f46b6771f..000000000 Binary files a/docs/files/pxe_opnsense_services_dnsmasq.png and /dev/null differ diff --git a/docs/files/pxe_opnsense_services_nginx_http_server.png b/docs/files/pxe_opnsense_services_nginx_http_server.png deleted file mode 100644 index d3bd96154..000000000 Binary files a/docs/files/pxe_opnsense_services_nginx_http_server.png and /dev/null differ diff --git a/docs/files/pxe_opnsense_services_nginx_location.png b/docs/files/pxe_opnsense_services_nginx_location.png deleted file mode 100644 index fdb2fcc83..000000000 Binary files a/docs/files/pxe_opnsense_services_nginx_location.png and /dev/null differ diff --git a/docs/flux.md b/docs/flux.md deleted file mode 100644 index d49193493..000000000 --- a/docs/flux.md +++ /dev/null @@ -1,49 +0,0 @@ -# Flux - -## Install the CLI tool - -```sh -brew install fluxcd/tap/flux -``` - -## Install the cluster components - -_For full installation guide visit the [Flux installation guide](https://toolkit.fluxcd.io/guides/installation/)_ - -Check if you cluster is ready for Flux - -```sh -flux check --pre -``` - -Install Flux into your cluster - -```sh -flux bootstrap github \ ---owner=auricom \ ---repository=home-ops \ ---path=cluster/base \ ---personal \ ---private=false \ ---network-policy=false -``` - -## Useful commands - -Force flux to sync your repository: - -```sh -flux reconcile source git flux-system -``` - -Force flux to sync a helm release: - -```sh -flux reconcile helmrelease sonarr -n default -``` - -Force flux to sync a helm repository: - -```sh -flux reconcile source helm ingress-nginx-charts -n flux-system -``` diff --git a/docs/post-install.md b/docs/post-install.md deleted file mode 100644 index 9d09e2f9d..000000000 --- a/docs/post-install.md +++ /dev/null @@ -1,9 +0,0 @@ -# post-install - -/etc/rancher/k3s/ - -add - -```bash -kubelet-arg: ['cluster-dns=169.254.20.10'] -``` diff --git a/docs/pxe.md b/docs/pxe.md deleted file mode 100644 index 26114e584..000000000 --- a/docs/pxe.md +++ /dev/null @@ -1,27 +0,0 @@ -# Opnsense | PXE - -## Setting up TFTP - -- Setup TFTP and network booting on DHCPv4 server -- Create an `nginx` location to file system `/var/lib/tftpboot` -- Create an nginx http server listening on 30080 TCP -- Enable `dnsmasq` in the Opnsense services settings (set port to `63`) -- Copy over `pxe.conf` to `/usr/local/etc/dnsmasq.conf.d/pxe.conf` -- SSH into opnsense and run the following commands... - -```console -$ mkdir -p /var/lib/tftpboot/pxelinux/ -$ curl https://releases.ubuntu.com/20.04/ubuntu-20.04.4-live-server-amd64.iso -o /var/lib/tftpboot/ubuntu-20.04.4-live-server-amd64.iso -$ mount -t cd9660 /dev/`mdconfig -f /var/lib/tftpboot/ubuntu-20.04.4-live-server-amd64.iso` /mnt -$ cp /mnt/casper/vmlinuz /var/lib/tftpboot/pxelinux/ -$ cp /mnt/casper/initrd /var/lib/tftpboot/pxelinux/ -$ umount /mnt -$ curl http://archive.ubuntu.com/ubuntu/dists/focal/main/uefi/grub2-amd64/current/grubnetx64.efi.signed -o /var/lib/tftpboot/pxelinux/pxelinux.0 -``` - -- Copy `grub/grub.conf` into `/var/lib/tftpboot/grub/grub.conf` -- Copy `nodes/` into `/var/lib/tftpboot/nodes` - -## PXE boot on bare-metal servers - -Press F12 key during 15-20 seconds to enter PXE IPv4 boot option diff --git a/ansible/.ansible-lint b/infrastructure/ansible/.ansible-lint similarity index 100% rename from ansible/.ansible-lint rename to infrastructure/ansible/.ansible-lint diff --git a/ansible/.envrc b/infrastructure/ansible/.envrc similarity index 100% rename from ansible/.envrc rename to infrastructure/ansible/.envrc diff --git a/ansible/ansible.cfg b/infrastructure/ansible/ansible.cfg similarity index 100% rename from ansible/ansible.cfg rename to infrastructure/ansible/ansible.cfg diff --git a/ansible/inventory/group_vars/all/all.sops.yml b/infrastructure/ansible/inventory/group_vars/all/all.sops.yml similarity index 100% rename from ansible/inventory/group_vars/all/all.sops.yml rename to infrastructure/ansible/inventory/group_vars/all/all.sops.yml diff --git a/ansible/inventory/group_vars/all/wireguard.sops.yml b/infrastructure/ansible/inventory/group_vars/all/wireguard.sops.yml similarity index 100% rename from ansible/inventory/group_vars/all/wireguard.sops.yml rename to infrastructure/ansible/inventory/group_vars/all/wireguard.sops.yml diff --git a/ansible/inventory/host_vars/truenas-remote.sops.yaml b/infrastructure/ansible/inventory/host_vars/truenas-remote.sops.yaml similarity index 100% rename from ansible/inventory/host_vars/truenas-remote.sops.yaml rename to infrastructure/ansible/inventory/host_vars/truenas-remote.sops.yaml diff --git a/ansible/inventory/host_vars/truenas-remote.yaml b/infrastructure/ansible/inventory/host_vars/truenas-remote.yaml similarity index 100% rename from ansible/inventory/host_vars/truenas-remote.yaml rename to infrastructure/ansible/inventory/host_vars/truenas-remote.yaml diff --git a/ansible/inventory/host_vars/truenas.sops.yaml b/infrastructure/ansible/inventory/host_vars/truenas.sops.yaml similarity index 100% rename from ansible/inventory/host_vars/truenas.sops.yaml rename to infrastructure/ansible/inventory/host_vars/truenas.sops.yaml diff --git a/ansible/inventory/host_vars/truenas.yaml b/infrastructure/ansible/inventory/host_vars/truenas.yaml similarity index 100% rename from ansible/inventory/host_vars/truenas.yaml rename to infrastructure/ansible/inventory/host_vars/truenas.yaml diff --git a/ansible/inventory/hosts.yml b/infrastructure/ansible/inventory/hosts.yml similarity index 100% rename from ansible/inventory/hosts.yml rename to infrastructure/ansible/inventory/hosts.yml diff --git a/ansible/playbooks/bootstrap_ansible.yml b/infrastructure/ansible/playbooks/bootstrap_ansible.yml similarity index 100% rename from ansible/playbooks/bootstrap_ansible.yml rename to infrastructure/ansible/playbooks/bootstrap_ansible.yml diff --git a/ansible/playbooks/coreelec.yml b/infrastructure/ansible/playbooks/coreelec.yml similarity index 100% rename from ansible/playbooks/coreelec.yml rename to infrastructure/ansible/playbooks/coreelec.yml diff --git a/ansible/playbooks/truenas.yml b/infrastructure/ansible/playbooks/truenas.yml similarity index 100% rename from ansible/playbooks/truenas.yml rename to infrastructure/ansible/playbooks/truenas.yml diff --git a/ansible/playbooks/workstation-work.yaml b/infrastructure/ansible/playbooks/workstation-work.yaml similarity index 100% rename from ansible/playbooks/workstation-work.yaml rename to infrastructure/ansible/playbooks/workstation-work.yaml diff --git a/ansible/playbooks/workstation.yml b/infrastructure/ansible/playbooks/workstation.yml similarity index 100% rename from ansible/playbooks/workstation.yml rename to infrastructure/ansible/playbooks/workstation.yml diff --git a/ansible/requirements.yml b/infrastructure/ansible/requirements.yml similarity index 100% rename from ansible/requirements.yml rename to infrastructure/ansible/requirements.yml diff --git a/ansible/roles/coreelec/defaults/main.yml b/infrastructure/ansible/roles/coreelec/defaults/main.yml similarity index 100% rename from ansible/roles/coreelec/defaults/main.yml rename to infrastructure/ansible/roles/coreelec/defaults/main.yml diff --git a/ansible/roles/coreelec/files/backup.bash b/infrastructure/ansible/roles/coreelec/files/backup.bash similarity index 100% rename from ansible/roles/coreelec/files/backup.bash rename to infrastructure/ansible/roles/coreelec/files/backup.bash diff --git a/ansible/roles/coreelec/tasks/backup.yml b/infrastructure/ansible/roles/coreelec/tasks/backup.yml similarity index 100% rename from ansible/roles/coreelec/tasks/backup.yml rename to infrastructure/ansible/roles/coreelec/tasks/backup.yml diff --git a/ansible/roles/coreelec/tasks/main.yml b/infrastructure/ansible/roles/coreelec/tasks/main.yml similarity index 100% rename from ansible/roles/coreelec/tasks/main.yml rename to infrastructure/ansible/roles/coreelec/tasks/main.yml diff --git a/ansible/roles/coreelec/tasks/nfs.yml b/infrastructure/ansible/roles/coreelec/tasks/nfs.yml similarity index 100% rename from ansible/roles/coreelec/tasks/nfs.yml rename to infrastructure/ansible/roles/coreelec/tasks/nfs.yml diff --git a/ansible/roles/coreelec/templates/storage-nfs.mount b/infrastructure/ansible/roles/coreelec/templates/storage-nfs.mount similarity index 100% rename from ansible/roles/coreelec/templates/storage-nfs.mount rename to infrastructure/ansible/roles/coreelec/templates/storage-nfs.mount diff --git a/ansible/roles/truenas/defaults/main.yml b/infrastructure/ansible/roles/truenas/defaults/main.yml similarity index 100% rename from ansible/roles/truenas/defaults/main.yml rename to infrastructure/ansible/roles/truenas/defaults/main.yml diff --git a/ansible/roles/truenas/files/borgserver/rc.d b/infrastructure/ansible/roles/truenas/files/borgserver/rc.d similarity index 100% rename from ansible/roles/truenas/files/borgserver/rc.d rename to infrastructure/ansible/roles/truenas/files/borgserver/rc.d diff --git a/ansible/roles/truenas/files/borgserver/sshd_config b/infrastructure/ansible/roles/truenas/files/borgserver/sshd_config similarity index 100% rename from ansible/roles/truenas/files/borgserver/sshd_config rename to infrastructure/ansible/roles/truenas/files/borgserver/sshd_config diff --git a/ansible/roles/truenas/files/scripts/certificates_deploy.py b/infrastructure/ansible/roles/truenas/files/scripts/certificates_deploy.py similarity index 100% rename from ansible/roles/truenas/files/scripts/certificates_deploy.py rename to infrastructure/ansible/roles/truenas/files/scripts/certificates_deploy.py diff --git a/ansible/roles/truenas/files/scripts/snapshots_clearempty.py b/infrastructure/ansible/roles/truenas/files/scripts/snapshots_clearempty.py similarity index 100% rename from ansible/roles/truenas/files/scripts/snapshots_clearempty.py rename to infrastructure/ansible/roles/truenas/files/scripts/snapshots_clearempty.py diff --git a/ansible/roles/truenas/files/scripts/snapshots_prune.py b/infrastructure/ansible/roles/truenas/files/scripts/snapshots_prune.py similarity index 100% rename from ansible/roles/truenas/files/scripts/snapshots_prune.py rename to infrastructure/ansible/roles/truenas/files/scripts/snapshots_prune.py diff --git a/ansible/roles/truenas/files/scripts/telegraf_hddtemp.bash b/infrastructure/ansible/roles/truenas/files/scripts/telegraf_hddtemp.bash similarity index 100% rename from ansible/roles/truenas/files/scripts/telegraf_hddtemp.bash rename to infrastructure/ansible/roles/truenas/files/scripts/telegraf_hddtemp.bash diff --git a/ansible/roles/truenas/handlers/main.yml b/infrastructure/ansible/roles/truenas/handlers/main.yml similarity index 100% rename from ansible/roles/truenas/handlers/main.yml rename to infrastructure/ansible/roles/truenas/handlers/main.yml diff --git a/ansible/roles/truenas/tasks/directories.yml b/infrastructure/ansible/roles/truenas/tasks/directories.yml similarity index 100% rename from ansible/roles/truenas/tasks/directories.yml rename to infrastructure/ansible/roles/truenas/tasks/directories.yml diff --git a/ansible/roles/truenas/tasks/jails/borgserver-init.yml b/infrastructure/ansible/roles/truenas/tasks/jails/borgserver-init.yml similarity index 100% rename from ansible/roles/truenas/tasks/jails/borgserver-init.yml rename to infrastructure/ansible/roles/truenas/tasks/jails/borgserver-init.yml diff --git a/ansible/roles/truenas/tasks/jails/init.yml b/infrastructure/ansible/roles/truenas/tasks/jails/init.yml similarity index 100% rename from ansible/roles/truenas/tasks/jails/init.yml rename to infrastructure/ansible/roles/truenas/tasks/jails/init.yml diff --git a/ansible/roles/truenas/tasks/jails/main.yml b/infrastructure/ansible/roles/truenas/tasks/jails/main.yml similarity index 100% rename from ansible/roles/truenas/tasks/jails/main.yml rename to infrastructure/ansible/roles/truenas/tasks/jails/main.yml diff --git a/ansible/roles/truenas/tasks/jails/postgres-conf.yml b/infrastructure/ansible/roles/truenas/tasks/jails/postgres-conf.yml similarity index 100% rename from ansible/roles/truenas/tasks/jails/postgres-conf.yml rename to infrastructure/ansible/roles/truenas/tasks/jails/postgres-conf.yml diff --git a/ansible/roles/truenas/tasks/jails/postgres-init.yml b/infrastructure/ansible/roles/truenas/tasks/jails/postgres-init.yml similarity index 100% rename from ansible/roles/truenas/tasks/jails/postgres-init.yml rename to infrastructure/ansible/roles/truenas/tasks/jails/postgres-init.yml diff --git a/ansible/roles/truenas/tasks/main.yml b/infrastructure/ansible/roles/truenas/tasks/main.yml similarity index 100% rename from ansible/roles/truenas/tasks/main.yml rename to infrastructure/ansible/roles/truenas/tasks/main.yml diff --git a/ansible/roles/truenas/tasks/scripts.yml b/infrastructure/ansible/roles/truenas/tasks/scripts.yml similarity index 100% rename from ansible/roles/truenas/tasks/scripts.yml rename to infrastructure/ansible/roles/truenas/tasks/scripts.yml diff --git a/ansible/roles/truenas/tasks/telegraf.yml b/infrastructure/ansible/roles/truenas/tasks/telegraf.yml similarity index 100% rename from ansible/roles/truenas/tasks/telegraf.yml rename to infrastructure/ansible/roles/truenas/tasks/telegraf.yml diff --git a/ansible/roles/truenas/tasks/wireguard.yml b/infrastructure/ansible/roles/truenas/tasks/wireguard.yml similarity index 100% rename from ansible/roles/truenas/tasks/wireguard.yml rename to infrastructure/ansible/roles/truenas/tasks/wireguard.yml diff --git a/ansible/roles/truenas/templates/postgres/pg_hba.conf b/infrastructure/ansible/roles/truenas/templates/postgres/pg_hba.conf similarity index 100% rename from ansible/roles/truenas/templates/postgres/pg_hba.conf rename to infrastructure/ansible/roles/truenas/templates/postgres/pg_hba.conf diff --git a/ansible/roles/truenas/templates/scripts/backupconfig_cloudsync_pre.bash b/infrastructure/ansible/roles/truenas/templates/scripts/backupconfig_cloudsync_pre.bash similarity index 100% rename from ansible/roles/truenas/templates/scripts/backupconfig_cloudsync_pre.bash rename to infrastructure/ansible/roles/truenas/templates/scripts/backupconfig_cloudsync_pre.bash diff --git a/ansible/roles/truenas/templates/scripts/certificates_deploy.bash b/infrastructure/ansible/roles/truenas/templates/scripts/certificates_deploy.bash similarity index 100% rename from ansible/roles/truenas/templates/scripts/certificates_deploy.bash rename to infrastructure/ansible/roles/truenas/templates/scripts/certificates_deploy.bash diff --git a/ansible/roles/truenas/templates/scripts/certificates_deploy.conf b/infrastructure/ansible/roles/truenas/templates/scripts/certificates_deploy.conf similarity index 100% rename from ansible/roles/truenas/templates/scripts/certificates_deploy.conf rename to infrastructure/ansible/roles/truenas/templates/scripts/certificates_deploy.conf diff --git a/ansible/roles/truenas/templates/scripts/report_pools.sh b/infrastructure/ansible/roles/truenas/templates/scripts/report_pools.sh similarity index 100% rename from ansible/roles/truenas/templates/scripts/report_pools.sh rename to infrastructure/ansible/roles/truenas/templates/scripts/report_pools.sh diff --git a/ansible/roles/truenas/templates/scripts/report_smart.sh b/infrastructure/ansible/roles/truenas/templates/scripts/report_smart.sh similarity index 100% rename from ansible/roles/truenas/templates/scripts/report_smart.sh rename to infrastructure/ansible/roles/truenas/templates/scripts/report_smart.sh diff --git a/ansible/roles/truenas/templates/scripts/report_ups.sh b/infrastructure/ansible/roles/truenas/templates/scripts/report_ups.sh similarity index 100% rename from ansible/roles/truenas/templates/scripts/report_ups.sh rename to infrastructure/ansible/roles/truenas/templates/scripts/report_ups.sh diff --git a/ansible/roles/truenas/templates/scripts/snapshots_prune.sh b/infrastructure/ansible/roles/truenas/templates/scripts/snapshots_prune.sh similarity index 100% rename from ansible/roles/truenas/templates/scripts/snapshots_prune.sh rename to infrastructure/ansible/roles/truenas/templates/scripts/snapshots_prune.sh diff --git a/ansible/roles/truenas/templates/telegraf/telegraf.conf b/infrastructure/ansible/roles/truenas/templates/telegraf/telegraf.conf similarity index 100% rename from ansible/roles/truenas/templates/telegraf/telegraf.conf rename to infrastructure/ansible/roles/truenas/templates/telegraf/telegraf.conf diff --git a/ansible/roles/truenas/templates/wireguard/ip-check.bash b/infrastructure/ansible/roles/truenas/templates/wireguard/ip-check.bash similarity index 100% rename from ansible/roles/truenas/templates/wireguard/ip-check.bash rename to infrastructure/ansible/roles/truenas/templates/wireguard/ip-check.bash diff --git a/ansible/roles/truenas/templates/wireguard/truenas-remote.xpander.ovh.conf b/infrastructure/ansible/roles/truenas/templates/wireguard/truenas-remote.xpander.ovh.conf similarity index 100% rename from ansible/roles/truenas/templates/wireguard/truenas-remote.xpander.ovh.conf rename to infrastructure/ansible/roles/truenas/templates/wireguard/truenas-remote.xpander.ovh.conf diff --git a/ansible/roles/truenas/vars/main.yml b/infrastructure/ansible/roles/truenas/vars/main.yml similarity index 100% rename from ansible/roles/truenas/vars/main.yml rename to infrastructure/ansible/roles/truenas/vars/main.yml diff --git a/ansible/roles/workstation/defaults/main.yml b/infrastructure/ansible/roles/workstation/defaults/main.yml similarity index 100% rename from ansible/roles/workstation/defaults/main.yml rename to infrastructure/ansible/roles/workstation/defaults/main.yml diff --git a/ansible/roles/workstation/files/scripts/backup-local-usb-disk-one.bash b/infrastructure/ansible/roles/workstation/files/scripts/backup-local-usb-disk-one.bash similarity index 100% rename from ansible/roles/workstation/files/scripts/backup-local-usb-disk-one.bash rename to infrastructure/ansible/roles/workstation/files/scripts/backup-local-usb-disk-one.bash diff --git a/ansible/roles/workstation/files/scripts/backup-local-usb-disk-two.bash b/infrastructure/ansible/roles/workstation/files/scripts/backup-local-usb-disk-two.bash similarity index 100% rename from ansible/roles/workstation/files/scripts/backup-local-usb-disk-two.bash rename to infrastructure/ansible/roles/workstation/files/scripts/backup-local-usb-disk-two.bash diff --git a/ansible/roles/workstation/files/scripts/update-pip.bash b/infrastructure/ansible/roles/workstation/files/scripts/update-pip.bash similarity index 100% rename from ansible/roles/workstation/files/scripts/update-pip.bash rename to infrastructure/ansible/roles/workstation/files/scripts/update-pip.bash diff --git a/ansible/roles/workstation/files/throttled/throttled.conf b/infrastructure/ansible/roles/workstation/files/throttled/throttled.conf similarity index 100% rename from ansible/roles/workstation/files/throttled/throttled.conf rename to infrastructure/ansible/roles/workstation/files/throttled/throttled.conf diff --git a/ansible/roles/workstation/files/yum/vscodium.repo b/infrastructure/ansible/roles/workstation/files/yum/vscodium.repo similarity index 100% rename from ansible/roles/workstation/files/yum/vscodium.repo rename to infrastructure/ansible/roles/workstation/files/yum/vscodium.repo diff --git a/ansible/roles/workstation/files/yum/yum.conf b/infrastructure/ansible/roles/workstation/files/yum/yum.conf similarity index 100% rename from ansible/roles/workstation/files/yum/yum.conf rename to infrastructure/ansible/roles/workstation/files/yum/yum.conf diff --git a/ansible/roles/workstation/tasks/chezmoi.yml b/infrastructure/ansible/roles/workstation/tasks/chezmoi.yml similarity index 100% rename from ansible/roles/workstation/tasks/chezmoi.yml rename to infrastructure/ansible/roles/workstation/tasks/chezmoi.yml diff --git a/ansible/roles/workstation/tasks/gnome.yml b/infrastructure/ansible/roles/workstation/tasks/gnome.yml similarity index 100% rename from ansible/roles/workstation/tasks/gnome.yml rename to infrastructure/ansible/roles/workstation/tasks/gnome.yml diff --git a/ansible/roles/workstation/tasks/gpg.yml b/infrastructure/ansible/roles/workstation/tasks/gpg.yml similarity index 100% rename from ansible/roles/workstation/tasks/gpg.yml rename to infrastructure/ansible/roles/workstation/tasks/gpg.yml diff --git a/ansible/roles/workstation/tasks/main.yml b/infrastructure/ansible/roles/workstation/tasks/main.yml similarity index 100% rename from ansible/roles/workstation/tasks/main.yml rename to infrastructure/ansible/roles/workstation/tasks/main.yml diff --git a/ansible/roles/workstation/tasks/nfs.yml b/infrastructure/ansible/roles/workstation/tasks/nfs.yml similarity index 100% rename from ansible/roles/workstation/tasks/nfs.yml rename to infrastructure/ansible/roles/workstation/tasks/nfs.yml diff --git a/ansible/roles/workstation/tasks/packages-claude-fixe-fedora.yml b/infrastructure/ansible/roles/workstation/tasks/packages-claude-fixe-fedora.yml similarity index 100% rename from ansible/roles/workstation/tasks/packages-claude-fixe-fedora.yml rename to infrastructure/ansible/roles/workstation/tasks/packages-claude-fixe-fedora.yml diff --git a/ansible/roles/workstation/tasks/packages-claude-thinkpad-fedora.yml b/infrastructure/ansible/roles/workstation/tasks/packages-claude-thinkpad-fedora.yml similarity index 100% rename from ansible/roles/workstation/tasks/packages-claude-thinkpad-fedora.yml rename to infrastructure/ansible/roles/workstation/tasks/packages-claude-thinkpad-fedora.yml diff --git a/ansible/roles/workstation/tasks/packages-common.yml b/infrastructure/ansible/roles/workstation/tasks/packages-common.yml similarity index 98% rename from ansible/roles/workstation/tasks/packages-common.yml rename to infrastructure/ansible/roles/workstation/tasks/packages-common.yml index 17dd1d426..db6718bf2 100644 --- a/ansible/roles/workstation/tasks/packages-common.yml +++ b/infrastructure/ansible/roles/workstation/tasks/packages-common.yml @@ -60,6 +60,8 @@ - joplin - librewolf - go-task + - kopia + - kopia-ui state: present update_cache: true become: true @@ -94,6 +96,7 @@ - helm - kustomize - fluxcd/tap/flux + - weaveworks/tap/gitops - sops - gh - derailed/popeye/popeye diff --git a/ansible/roles/workstation/tasks/packages-post.yml b/infrastructure/ansible/roles/workstation/tasks/packages-post.yml similarity index 100% rename from ansible/roles/workstation/tasks/packages-post.yml rename to infrastructure/ansible/roles/workstation/tasks/packages-post.yml diff --git a/ansible/roles/workstation/tasks/packages-prerequisites.yml b/infrastructure/ansible/roles/workstation/tasks/packages-prerequisites.yml similarity index 100% rename from ansible/roles/workstation/tasks/packages-prerequisites.yml rename to infrastructure/ansible/roles/workstation/tasks/packages-prerequisites.yml diff --git a/ansible/roles/workstation/tasks/repositories.yml b/infrastructure/ansible/roles/workstation/tasks/repositories.yml similarity index 82% rename from ansible/roles/workstation/tasks/repositories.yml rename to infrastructure/ansible/roles/workstation/tasks/repositories.yml index 33e924884..cab3bd7e8 100644 --- a/ansible/roles/workstation/tasks/repositories.yml +++ b/infrastructure/ansible/roles/workstation/tasks/repositories.yml @@ -86,6 +86,29 @@ - name: repositories | librewolf - import asc ansible.builtin.command: cmd: rpm --import https://keys.openpgp.org/vks/v1/by-fingerprint/034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3 - warn: false become: true when: not librewolf.stat.exists + +- name: repositories | kopia - check presence + ansible.builtin.stat: + path: /etc/yum.repos.d/kopia.repo + register: kopia + +- name: repositories | kopia - import asc + ansible.builtin.command: + cmd: rpm --import https://kopia.io/signing-key + become: true + when: not kopia.stat.exists + +- name: repositories | kopia - add repository + ansible.builtin.blockinfile: + path: /etc/yum.repos.d/kopia.repo + block: | + [Kopia] + name=Kopia + baseurl=http://packages.kopia.io/rpm/stable/$basearch/ + gpgcheck=1 + enabled=1 + gpgkey=https://kopia.io/signing-key + create: true + become: true diff --git a/ansible/roles/workstation/tasks/scripts.yml b/infrastructure/ansible/roles/workstation/tasks/scripts.yml similarity index 100% rename from ansible/roles/workstation/tasks/scripts.yml rename to infrastructure/ansible/roles/workstation/tasks/scripts.yml diff --git a/ansible/roles/workstation/tasks/shell.yml b/infrastructure/ansible/roles/workstation/tasks/shell.yml similarity index 100% rename from ansible/roles/workstation/tasks/shell.yml rename to infrastructure/ansible/roles/workstation/tasks/shell.yml diff --git a/ansible/roles/workstation/tasks/system.yml b/infrastructure/ansible/roles/workstation/tasks/system.yml similarity index 100% rename from ansible/roles/workstation/tasks/system.yml rename to infrastructure/ansible/roles/workstation/tasks/system.yml diff --git a/ansible/roles/workstation/tasks/wireguard.yml b/infrastructure/ansible/roles/workstation/tasks/wireguard.yml similarity index 100% rename from ansible/roles/workstation/tasks/wireguard.yml rename to infrastructure/ansible/roles/workstation/tasks/wireguard.yml diff --git a/ansible/roles/workstation/templates/application.desktop b/infrastructure/ansible/roles/workstation/templates/application.desktop similarity index 100% rename from ansible/roles/workstation/templates/application.desktop rename to infrastructure/ansible/roles/workstation/templates/application.desktop diff --git a/ansible/roles/workstation/templates/chezmoi.toml.j2 b/infrastructure/ansible/roles/workstation/templates/chezmoi.toml.j2 similarity index 100% rename from ansible/roles/workstation/templates/chezmoi.toml.j2 rename to infrastructure/ansible/roles/workstation/templates/chezmoi.toml.j2 diff --git a/ansible/roles/workstation/templates/wireguard/claude-thinkpad-fedora.conf b/infrastructure/ansible/roles/workstation/templates/wireguard/claude-thinkpad-fedora.conf similarity index 100% rename from ansible/roles/workstation/templates/wireguard/claude-thinkpad-fedora.conf rename to infrastructure/ansible/roles/workstation/templates/wireguard/claude-thinkpad-fedora.conf diff --git a/ansible/roles/workstation/vars/claude-fixe-fedora.yml b/infrastructure/ansible/roles/workstation/vars/claude-fixe-fedora.yml similarity index 100% rename from ansible/roles/workstation/vars/claude-fixe-fedora.yml rename to infrastructure/ansible/roles/workstation/vars/claude-fixe-fedora.yml diff --git a/ansible/roles/workstation/vars/claude-thinkpad-fedora.yml b/infrastructure/ansible/roles/workstation/vars/claude-thinkpad-fedora.yml similarity index 100% rename from ansible/roles/workstation/vars/claude-thinkpad-fedora.yml rename to infrastructure/ansible/roles/workstation/vars/claude-thinkpad-fedora.yml diff --git a/infrastructure/talos/.gitignore b/infrastructure/talos/.gitignore new file mode 100644 index 000000000..8b234633c --- /dev/null +++ b/infrastructure/talos/.gitignore @@ -0,0 +1,2 @@ +charts +clusterconfig \ No newline at end of file diff --git a/talos/README.md b/infrastructure/talos/README.md similarity index 54% rename from talos/README.md rename to infrastructure/talos/README.md index 907ab5470..0c3f19c21 100644 --- a/talos/README.md +++ b/infrastructure/talos/README.md @@ -1,5 +1,7 @@ +
+ ### Talos Linux cluster @@ -27,18 +29,19 @@ Feel free to open a [Github issue](https://github.com/budimanjojo/home-cluster/i 5. Run `sops -e -i talsecret.sops.yaml` to encrypt your secrets (make sure you already have your own `.sops.yaml`) file. 6. Run `talhelper genconfig` and the files will be generated in `./clusterconfig` directory by default. 7. Copy the generated `./clusterconfig/talosconfig` to your `~/.talos/config`. -8. Run `talosctl -n apply-config --insecure ./clusterconfig/-.yaml` on each of your node. Don't forget to run `talosctl -n bootstrap` on one of your controlplane node. +8. Run `talosctl -n apply-config --insecure --file ./clusterconfig/-.yaml` on each of your node. Don't forget to run `talosctl -n bootstrap` on one of your controlplane node. 9. Push your current directory to your git repository of choice. :wink: --- ## :memo:  After bootstrap -After you're done with bootstrapping, you can now install your `Kubernetes CNI` of your choice. -If you want to use cilium, you can look at my [cni](./cni) directory. -You can do `kubectl kustomize --enable-helm ./cni | kubectl apply -f -` to do this. - -If you also want to deploy [kubelet-csr-approver](https://github.com/postfinance/kubelet-csr-approver) like I do, you can also do the above step to my [kubelet-csr-approver](./kubelet-csr-approver) directory. - -Now, you can continue to work on your cluster. -Check out my [cluster](../cluster) directory to see how I manage my cluster with [Flux](https://github.com/fluxcd/flux2). +1. Deploy [cilium](https://cilium.io/) : `kubectl kustomize --enable-helm ./cni | kubectl apply -f -` +2. Deploy [kubelet-csr-approver](https://github.com/postfinance/kubelet-csr-approver) `kubectl kustomize --enable-helm ./kubelet-csr-approver | kubectl apply -f -` to approve csr issued by talos nodes (that will allow to see pods logs). +3. Deploy [flux](https://github.com/fluxcd/flux2) `kubectl apply -k ./flux` +4. Create flux github secret `kubectl apply -f ./flux/.decrypted\~github-deploy-key.sops.yaml` +5. Create sops secret `cat ~/.config/sops/age/keys.txt | kubectl create secret generic sops-age --namespace=flux-system --from-file=age.agekey=/dev/stdin` +6. Apply flux cluster configuration `kubectl apply -k kubernetes/flux` +7. Apply flux base configuration `kubectl apply -f kubernetes/base/flux.yaml` +8. Apply flux core `kubectl apply -f kubernetes/cluster-0/core/flux.yaml` +9. Apply flux apps `kubectl apply -f kubernetes/cluster-0/apps/flux.yaml` diff --git a/infrastructure/talos/cluster-0/cni/kustomization.yaml b/infrastructure/talos/cluster-0/cni/kustomization.yaml new file mode 100644 index 000000000..5fb0f6284 --- /dev/null +++ b/infrastructure/talos/cluster-0/cni/kustomization.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +helmCharts: + - name: cilium + repo: https://helm.cilium.io/ + version: 1.12.4 + releaseName: cilium + namespace: kube-system + valuesFile: values.yaml +commonAnnotations: + meta.helm.sh/release-name: cilium + meta.helm.sh/release-namespace: kube-system +commonLabels: + app.kubernetes.io/managed-by: Helm diff --git a/infrastructure/talos/cluster-0/cni/values.yaml b/infrastructure/talos/cluster-0/cni/values.yaml new file mode 100644 index 000000000..a13b8439a --- /dev/null +++ b/infrastructure/talos/cluster-0/cni/values.yaml @@ -0,0 +1,28 @@ +--- +autoDirectNodeRoutes: true +bgp: + announce: + loadbalancerIP: true + enabled: false +containerRuntime: + integration: containerd +endpointRoutes: + enabled: true +hubble: + enabled: false +ipam: + mode: kubernetes +ipv4NativeRoutingCIDR: 10.244.0.0/16 +k8sServiceHost: 192.168.9.100 +k8sServicePort: 6443 +kubeProxyReplacement: strict +loadBalancer: + algorithm: maglev + mode: dsr +localRedirectPolicy: true +operator: + rollOutPods: true +rollOutCiliumPods: true +securityContext: + privileged: true +tunnel: disabled diff --git a/cluster/flux/flux-system/github-deploy-key.sops.yaml b/infrastructure/talos/cluster-0/flux/github-deploy-key.sops.yaml similarity index 100% rename from cluster/flux/flux-system/github-deploy-key.sops.yaml rename to infrastructure/talos/cluster-0/flux/github-deploy-key.sops.yaml diff --git a/cluster/bootstrap/kustomization.yaml b/infrastructure/talos/cluster-0/flux/kustomization.yaml similarity index 100% rename from cluster/bootstrap/kustomization.yaml rename to infrastructure/talos/cluster-0/flux/kustomization.yaml diff --git a/infrastructure/talos/cluster-0/kubelet-csr-approver/kustomization.yaml b/infrastructure/talos/cluster-0/kubelet-csr-approver/kustomization.yaml new file mode 100644 index 000000000..784f052cc --- /dev/null +++ b/infrastructure/talos/cluster-0/kubelet-csr-approver/kustomization.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +helmCharts: + - name: kubelet-csr-approver + repo: https://postfinance.github.io/kubelet-csr-approver + version: 0.2.4 + releaseName: kubelet-csr-approver + namespace: kube-system + valuesInline: + providerRegex: | + ^(talos-node)$ +commonAnnotations: + meta.helm.sh/release-name: kubelet-csr-approver + meta.helm.sh/release-namespace: kube-system +commonLabels: + app.kubernetes.io/managed-by: Helm diff --git a/infrastructure/talos/cluster-0/talconfig.yaml b/infrastructure/talos/cluster-0/talconfig.yaml new file mode 100644 index 000000000..420ba586a --- /dev/null +++ b/infrastructure/talos/cluster-0/talconfig.yaml @@ -0,0 +1,89 @@ +--- +clusterName: cluster-0 + +talosVersion: v1.2.5 +kubernetesVersion: v1.25.3 +endpoint: https://cluster-0.${domainName}:6443 + +cniConfig: + name: none + +additionalApiServerCertSans: + - ${clusterEndpointIP} + +additionalMachineCertSans: + - ${clusterEndpointIP} + - cluster-0.${domainName} + +nodes: + - hostname: talos-node-1 + ipAddress: 192.168.9.101 + controlPlane: true + installDisk: /dev/sda + - hostname: talos-node-2 + ipAddress: 192.168.9.102 + controlPlane: true + installDisk: /dev/sda + - hostname: talos-node-3 + ipAddress: 192.168.9.103 + controlPlane: true + installDisk: /dev/sda + - hostname: talos-node-4 + ipAddress: 192.168.9.104 + controlPlane: true + installDisk: /dev/sda + +controlPlane: + patches: + - |- + cluster: + allowSchedulingOnMasters: true + apiServer: + extraArgs: + feature-gates: MixedProtocolLBService=true,EphemeralContainers=True + controllerManager: + extraArgs: + feature-gates: MixedProtocolLBService=true,EphemeralContainers=True + discovery: + registries: + service: + disabled: true + proxy: + disabled: true + extraArgs: + feature-gates: MixedProtocolLBService=true,EphemeralContainers=True + scheduler: + extraArgs: + feature-gates: MixedProtocolLBService=true,EphemeralContainers=True + + machine: + files: + - content: | + [plugins."io.containerd.grpc.v1.cri"] + enable_unprivileged_ports = true + enable_unprivileged_icmp = true + path: /var/cri/conf.d/allow-unpriv-ports.toml + op: create + kubelet: + extraArgs: + feature-gates: GracefulNodeShutdown=true,MixedProtocolLBService=true + rotate-server-certificates: "true" + install: + extraKernelArgs: + - "talos.logging.kernel=udp://vector.${ingressDomain}:6050/" + logging: + destinations: + - endpoint: "udp://vector.${ingressDomain}:6051/" + format: json_lines + network: + extraHostEntries: + - ip: ${clusterEndpointIP} + aliases: + - cluster-0.${domainName} + sysctls: + fs.inotify.max_user_watches: "1048576" + fs.inotify.max_user_instances: "8192" + time: + disabled: false + servers: + - 192.168.8.1 diff --git a/infrastructure/talos/cluster-0/talenv.sops.yaml b/infrastructure/talos/cluster-0/talenv.sops.yaml new file mode 100644 index 000000000..409419d40 --- /dev/null +++ b/infrastructure/talos/cluster-0/talenv.sops.yaml @@ -0,0 +1,23 @@ +domainName: ENC[AES256_GCM,data:HjLGZvUsYQ99Bpg=,iv:JorYiGtHq4+CVz9eoP+/1lDTM+751/nENKkRavkQvS8=,tag:Bg9oP5phcGOv9h7/7BhFug==,type:str] +clusterEndpointIP: ENC[AES256_GCM,data:6Ual1ymP6c+F7FUCdw==,iv:h2n4l/oAN9tmUmJ7ZJVvalMyAwSVbIH+T9QehbRBmvk=,tag:zCjee63afjbyBGz3+qn22Q==,type:str] +ingressDomain: ENC[AES256_GCM,data:kmyjqYEGNdNJx+1+xIPe,iv:7l7jtcaOp4vnBgr6YCYy0DLxy3fF07bgr80CZ35+DmA=,tag:fMYpigoMF2msNtmbdwrdmQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTem5nM3JpRjVoVXhIakh4 + bE5sTHJtck9aUkpZUHpVVitHdmF3ckFuRlg0Ckttbm5rT3BSMzcwdkE0bkZPYlRT + MmFRNEptcGpyQ09YVkhKeUVsc2ZFeWcKLS0tIFZpcmJneUdYZlBSZ09GSHhiR2FW + QXZCejNUNG5IbnJUb2dzU1lvbFNiYUkKm2TnIcxEM14wKgvfa/rDb/mB4oJt++g6 + AortgmCcD6DvdNEvbNXeXUaYhnxF5Vpzi5+B1bEwB1WnBMSKSYhKkw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-11-19T01:07:57Z" + mac: ENC[AES256_GCM,data:/bwRU006Dp+lsuk/Ue8ALLueFN8E463jMuJToZgw4Kkw8heB8P1AYK0k2gN8/KDRKSKgvEVlRKPvhe5M0NF1X4PMA7vcTjP+4S9KSGJi2pYSjg9WQV+PsjxzrqEjt/jXUjy5T1ebpuVQxmYeLvy7eUPDtTMWLsuUgI8BhEuMA4E=,iv:ligX//kAuztu3410Gv/nlZyPjpLzrCMOlfLahshQf04=,tag:1jjDv78yUgaddVmiRmRN7A==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/infrastructure/talos/cluster-0/talsecret.sops.yaml b/infrastructure/talos/cluster-0/talsecret.sops.yaml new file mode 100644 index 000000000..2f00afd92 --- /dev/null +++ b/infrastructure/talos/cluster-0/talsecret.sops.yaml @@ -0,0 +1,43 @@ +cluster: + id: ENC[AES256_GCM,data:Uq/4zd6ZgohxVKeu+/MW+rOM/BaNuLYdGTIascu1ShtOHA6Bq2k/Tbn4Eqg=,iv:lg39LK/W0/iCFioktz8R29dXBAPYP9D+Kzm/qaJmd7k=,tag:G5cFpzfMRmNTVEfB32ksCA==,type:str] + secret: ENC[AES256_GCM,data:Cnpz7hd3qHv+qIXxjkqTJPvz5JDR3fNryq0li4VYNn4+cELQl4c05gzC1kE=,iv:NLxR+WWvzudE61MzGyNZsw/WIId1AtSSnvIBD0HpynU=,tag:NiuM5bEVQIAhhFa7/Fdb7g==,type:str] +secrets: + bootstraptoken: ENC[AES256_GCM,data:xwZ6A1yVdnYTdRzYhKhH/xGG12V535U=,iv:505Oqjd3BzACrdxHbYqr8i+pMfWe/euEkC4B2mzVxqo=,tag:d8QTmhtgMD53slTWOFn0fQ==,type:str] + aescbcencryptionsecret: ENC[AES256_GCM,data:R/5x7Q/oDrFqoToJj8TdfLa0c6jyQGsiwkbpxO0/iRSb1U/8IThH8VdCm/0=,iv:HSFB4sfcFcRLA4F8+zi4GXXibbF8jaLGWvFI8c335CQ=,tag:L8kvdfxBl7PLyzEA2bK3kQ==,type:str] +trustdinfo: + token: ENC[AES256_GCM,data:hKb7/Ir+WyrSO2dYvwNh4a+t7P+iavA=,iv:CvT9faK+wgifltM3ywwtEGr+G/2O5b1DGm/Fg5ShJFU=,tag:liOpi/Iq8NkWmPaJhrvPmA==,type:str] +certs: + etcd: + crt: ENC[AES256_GCM,data:4H4jRW5qblO2COHH3URB4cN0TruaykHq84q4/S9cDDcTGNBmLWQb0C+gIAz6q+967Y8L/6FxIxJcrgEqiD7upOHQujr9ZIDH1ShInnI0BGWIuGtK7jXQdDHdvf3BaIn991xOLIzwoki2JD2ZZL8CjQJtfwXn+XQ3xpmL5saRFBpV/LyDe8HDffZtSVkKoqNAvzX6aVKd+mh8IXPgMwDhAkIcubkJs1gWaVf74WRMXkPS1O4CJ+gi0wBBZCdYEX1LLcPXn3tEgeur7NfV7/dpEe24r58bocYaezZaXh2riQP3zJy7/5V8g/xMZWQZl+H7JDQTktZhK6S/QoDV9wx0uxHes7EyW8KDzwLd5ecibvLPqlUSaDRDh2AS79/19YJbQworja/KsnoEggZ3M1nbC3J2RHYPMm3DXEoEg9daRpfnCgpCoRl0zVN0qnTnGJbJwkzGuw3TbIJp0Z0269A+Yt5aAtFmnR3WjVuG0ecGY+O9X1K1K+Hho+ut1QXr+CSM1CCqa0pEoa7OuOMsczp23y+yLfEDea7RzeMbjhdShgZhdjG2wPrx2OuYlPdnEOGUmAVuEU/wIyMBCQmcmJrrqUnm2DKBgPomN9D3yPaq9r9S5N8dNVsxdmJZHXdmQ7DtU3mPvHjN/LxyrFzfGVxvVMfyPanWe20fZ4NZJu0jyDgPVx+8NbqMKu5ESnslG7An+xADQcdHmv5UGYlhuTvFQMtvz9d0W7T5o1iCgxBwXuFR3T5rf92R4MgeYVNi+gEERxipKZGsXoYfOr0/DzcPICOv6WQrH1Y89LTudWitCxk+xYE1JKEjHePsfPMAkzvHcRKXles/Jtaumj+l5evd9IlZAPReWjBHxE31sb1JMVQ+nMNaB0p48sD8djkRpSnPU6qec9xz2PQuOnk3HVNyl0aCx1FCXhQc0iWU0Mic6l9dNigXPoEuM/hD9tNkMwhe06QGGFlukpErhmvlbnlQPy0cNgckBXERU48oCpQvAPsF/hpv2qf6e/8KlosBRiNrKQvU5w==,iv:6AshvepkYAnqSkRKBcf3+HElMbeoEjm8gfrvmmH0KW4=,tag:/UKmIP7EOHGYaladg6Oicg==,type:str] + key: ENC[AES256_GCM,data:BUVz4RNz+G2tX6HHiHr0+rYIv7J4VcIR94Xfl5659SFR2pe3WXw0srWmFPorT6gjBbIKVyUHJl5TZ9Oc2Mlw3Q3Fr/ixxvmG56/xecbUIlHyUgekDvRoODK8f5jiN9mEAtfnwIqqZmvvCkIDLETMFan0M3nIlpjwAEGRvPmI+eR+3LQyaYuEJ6fxF1Vm5lHSu87lxWSIFqo4aCWYqYJpZltv2E1YgCZmwZM4KSMVU7AHr7JYiZIh5WfHfjEDQ/C/I/accQVm4Tchie115yQ2d2lvx3IngmYfr38j6UZdPh5VS7ztP8tHub6d1IbsAWiCgFLVaNX3fH1xDMvNl5w4AmsarPzuGovsgEqfsdWbsT3oNf3bqvk5isjz+ObxbnyEePcTb0DnYg0VBv/7NQCj8w==,iv:G93AM9v8y+v8Nqi59MPJ8i2+b3pOKGtcTo/z8vHHegc=,tag:B3qvhNgBd17HbiDAJtElHg==,type:str] + k8s: + crt: ENC[AES256_GCM,data:xOgwZLtbdXgDoLlPO0lClkLcV2Ipa2eAz00t20xzH8R98cc1bnuYGNreh6l5G44CFkbHR5sU3F948bM+CC0ebbnEM82lvdOoyKo7ZbsUnA74+gu3mVJJyvAj0ctaLw5FbL1nEEgHa8N6Jju8W//E7/cMNedy5joAOBKFEjtuXAWbEYdZWMfNgntmHM7cPDf+VI8Qd8KHZOShgJ2PyipFmMJ7Uil1K3cwvwTIPJemhIT0qosVxpnhacglliNQf1mPU9lEuBvJkNnrQ+bBO0xrHRxgWRarzaTK9066pNKx0QJGTU1mDTTZ5R1K+WP1E4IvzBYbEPZaXR56f8X95r+p1hMML4ydzjzbWRkkzQv76wd8Zz1qcf0J6Z03gj4Gxu19Gx4Q81LtbZdDHbMdvqdW7X83cUZFHB8DRbmMTMp77QEjV8T3aQ/qMCKPNDwgZPuDDowxsDCDNa0vtD5URCYAc5ouwqxR+X0iWfyRVehhEP7d/dYD5yW0wJNie+HCo7QMRxhGrIcrOgn/4c6LPZY15cKHF80suPnG4N9xlXjGRTu4siV0VdK0bcF68RJAVBYFH1CxNLZIp8RHhiOmf6sg2ponZKJGxgAFa/L3yTxZeMydfeTSEIWt937KYgC11winJxQcd+ybchpzM6CGAtKzAgjhqmm9sSLAZz9awmqIAQusjEdIU+qkqOwgUwHf9b0T9XhKhJbq/UENCywGXETpoVeorIHamOyfkv7PPZHSOkRRGtYUO/7gdXn5m93vxR+nzCTEnazkn2scdgvms1CXUPugPTAUe/ser3uxMjWd2wFfwb/9p5oi0WrfdsfDhJr1KXRMbCiVs4lIVuAtK7jF7nYvpRbMhLzc2cZjzQQ8YoOROOj5W2KBetF1VayHugBYYZQKY+nxusxclDL7AHSYZWlJqxsZNSubHYzonFOuHYTyj+V3aTptQWDH9Oh1o66nOimHvy46QNXoMy+W2Pewrl5a/Wx9o37XhFc+CKmsbrKBJSxpiexdVIkp/6iyuSwZ75vyPqX819EZ+fL5lkr71Hh1CwTsjGo0n2qleQ==,iv:PUhiCUBDV2kjN3br7+XmegfVs/vvb1o5ksCCFdAr2SA=,tag:h0yfZKXYGu87Lp77668a7Q==,type:str] + key: ENC[AES256_GCM,data:TEHwAYX3q7JvQ8xKnj1kGJ4jf8CfYwUT5TT+/MZsWPBtyqq3B9Rwi3MLZJjgG0S9mp4BQ58llutTpyyZDTBdKD9WTc4vnjVKKY9byGl2f3QIMrLo1O30OtvBTDFLFMD5t28qH2F6GzMe9IQlvibgx07bsbC3uYA5iS5JbR+hyx82aY0PcNsz3G5j+HK1+Vv8QiUCz1qdbns5E7rnwoVFKA1tcccxVP8QHjrloYYEGhJwgBrwqTyLBilM7moymT8QNSRrfFu0iyb0YoVxSy19kEnut67vYlkoR+3syp0hU3NZ67tLK5yJ5Mu3twULqeBQe3AKqzHmlPmDPmvOQhx3YIQxcMno+aWH7XH8DaWZrgII/U3JAvZ9HOSsjMrNi8+5XvER3P7ExYQC5Un3UszImw==,iv:T+IbfPD5BsGiTMskHpIhlK0KH7HzbyGHDHnGQsMHtGA=,tag:dfU6hTxEypLad6eOpGw+ug==,type:str] + k8saggregator: + crt: ENC[AES256_GCM,data:sG1z7weAoTUGV0kGOIkpXmmJD0pdlalkySmibRlg9kuwbW5kN3CqS2HAEV3ay/u1wlK7YVT2Hbdg6Ca66mbdAw8iml8OqnLa8BNYX7uS/apDShWVi3zwrWwpPgGGvSOlI3yUDiP3DqWlfFuHBpd5vfIGQJDA7zjcMaXWG+2L80u+yv0RB7GtjssrT5OZxP1+rDiXMfd194viqA7ZWR0ikWeRGDsNTYXQJ/R09APqr5XgBualkVK9iEb707LRnUGgFOfuNkwyHtNC4HTA5FipbTVNMFahBfpVvpxp3LCQd0IoNIVJX5tgqysalx762CriRzE5XrAK9ACNWHNv8s17Obj8OIV/IjRW7zBORJk2MEasvnM2wv6cIQwczknzNtqGcLFd8w+y/uTmU9sgyz2+J/LUHfhzROd1+D2L4+rCuInatpA/+6NqsrFcYQcrlXfbKtHdnbleQEHyQ0SppfKkNL2QyDeGaTaaoDXfJmX6WTcEBlzGARGzD19PtuPR/u7n9nptPGc7rZebX7Lel0AOG/TMcujiSFLHeSeX98UgsU5RbTMnCYbBipiRqOGCDyU29CM5CRqfQyhw8ee+fBql+mBgJ/s2eZbq4FGmp83OgmG6KyEYEKLyEStqX2w7oqSPktDWa1gAk+Er6LJlLnw1tNbj4HFhKPV2KeMsMGJ7WYhXdq1skagYNcNfLIBc9M0DXqzfAa45sq+TcUl8BZkuhLugMe17cB5pw/iRusr+I7YaeSEyCcv4/oF5fhbgV/qR+9/bt0APMijIGjnYZoGQqBSDPJ9FJGQV1XOztH2kb2UwzfSXN5YDW5Wq1cypIt5QftBSOH90EutpiWgTdnl4YljyI3jAmAQe5lqKMFRs2u5RifkeDtr4rcC9DQISaxMtK5Qy946idQjZnO7GunBECUsf+j7uGGTgGXpXyCCq/c8niPgOKOvmxlXo5w/ZZpsw,iv:KVUzCPzWNpbtTGtn75yfqgx6TjtUS/HMKudtZnlmPDE=,tag:1yVFLdgEKvarhm9VmHmJ/g==,type:str] + key: ENC[AES256_GCM,data:K1C5f9gJupGbKQU+RqlD/ENoJaMROR4zt+fwkgBI4PC5IVPxD1Akw0Mb35r0/bE2t0dLl6c980N0Pc5xioCh8BUH6SzAndI66OgFziOMHlh2VfPi4LldSxOChtSEKxuHndyDC96RcfKEcmkwURPhDUuTh4+/OxvZtc1ABqMeZWP33Cm1KQJTlx9HRPZVg72CirxSbEyK1ZvPMVlftwfVSminISus+xOIcii1BKsDjemuqdd0FAo/5WgP3SWGOs3W6pc164F5RZtMZOckI/Bx/aEUCtRRbmHd5BWn/7oQPQYFSZDUZ8fSRIUWR0GgcMWr3JJdUKRONcdKI/TeVwLZT2HEeWcEyIgYxSdQLWKiTm/ixFL9RwPVaYpXmMhql2+QTiIliBO//oq4/sYOobOA/Q==,iv:PK5kt/2kR7bwiIwSEOt0Ab4eOHN0mwzNFz8V8UloLDo=,tag:myy8IBNN93wQtIhjSHxabA==,type:str] + k8sserviceaccount: + key: ENC[AES256_GCM,data:Wt7/K5qeUP67Rlon/aSiJmZjqUhlQE6sGn+nzHkdOY/Efema5LS7ZIRODHidXN1PZAVcWRJ1x4UOOiuIPSOWAHonb/2jnWzeVQsuaTH1p7yAFcaf23rB/gKqhaw7DiTbzIFq+PUmygPxM7t0/Smr/lP1mSZu0SKwN/6XCAWXRPXwUKXE8ngwJSGK1N93bk55h+bjUuez/YzNb8/Df0fJw7JwWLM888Up1qIA0DnVuBXVLxc65iaCeAuoPfGodIbh8F1hZfp3xT5MPFUXOy/p1vaMtHLztikdr7JaQFaNleMwL8HulACuncGa9hC3CEbMYYMWXznvKn7j5jOMsNuyz7OnHkqtntr9ly1ZhZ57SuIZwJx4cDHncMCSz8lNhLfPYjhkrjJczSQYNPZm0I7ZbQ==,iv:f9QhL0zoEW5BakI1friltxddvo2j73LiQpcxuAd8+/I=,tag:A7clDRbG8cFfUPJ+rtyXpQ==,type:str] + os: + crt: ENC[AES256_GCM,data:k3kkvW5+oTntIVOfmAJxoIhnhvr5CGlvFRrAocfmWwNRzQU1dJQMTgxovcX1wlB52rn0JUeNPT0YDw1KJUliAd+BDM0LRqMauEIgBK64ThI6LU2smXek9F+Eax8TY9VrC0xU5WpcE7QGNiZKbSYniXuuirtqIb4qpEslUquwXfEYlHJbfDGtmXmaxRzbEX6NMAs7Ydxgh9v6DOFUocdPSKJN3/MkKyiQGOFTiuSfirGcjfENW+YwtI0JB+j62FrUYKVuAfuXqCyf21zmitdifTjsORoTtsW5ePWa2YcluNNS8F7seH9/FZ4enIETxE/5/N8yg+a0cxv2USfr2cqhte4zuh1Av07Y5cpsgTzWOcaPpkjxj59hWFaymB3UlS0LTHKh64S3dAODohXs+PDrhsB5qtwBPYN351KxJ3gP+ZrRqnX+4QsEnmRYCaneW0XA3sXrSENYJRLlhbHKmDfvgBa7PEaqZznd9IZ+T0cnM+LbrWm9K8vaz0HTKBRu9yVzuolR2J5q/Sd3iFojzp3HP04mutXiOXAg6fSk1TOyjdsWJe90L+hSXCBtaZyJIEFUGiRJlwE+KDQ1RD8kIGLPiLghKrSciCHIpjq3BofX56TDRDautS9CDrSxiMpwMgDm1h/HNwznbcjUBW6+goFMwrOubhnB6q7XfazOqiThEP7NOKbEXY0syXTwciQfFj3VNjKMmOKLzUV8sJmlsz/JW32YqIcoZXeE+VYVQmzcC1HtpSoIFzQoZQaxIjWeb4K0+ojzRSMzrbvFF3UM+mD6yrmygiB6s4tlUw1lAXG+wALMH1fjrAWLHkJCaqG1W1DJmmd7MM3ppKGFsePPLIbvsff3Fmp3QXfdbhsvUP11qHw83P6L,iv:80H0I73Cc45q7hCdoZGRB7gOQqt3MurolRpiKG+7bkU=,tag:+8EfvsonFqiwZu4A+ra86A==,type:str] + key: ENC[AES256_GCM,data:1x6MnJy/zK0UsrmjRTgQm4/cW0T705fZpd/E0jwYdqR3Bj5xcufrb4z9KL/QSCNECFnlXsuLbvjURqKB9Q+ulFJZ460L8AWtR7ajj/PxPq9MwdvuDPbWxfgYVl9uEmvQw+VWuxdTD7eOvDTjtPBm721SXQlMpi/7MEy/97kT3bNLoxpwOF0YGINqFbcEIJYeuwP8LVt+KRLL0cv0yw8Bks9T5QAFb/EZ/K72MAW/n3nhdqMf,iv:vOxsVa6NTwLnq7pWfCrO47y2Di+Skb5S8JzW9LKJSnQ=,tag:3OShY2ukuo6eyrB+yjkWMg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0NTNTeTZiN0VFbDkzTG16 + TEpab09RdlcreC9IY3J1dWduVi9Ca2JLY0NZCkdoVFFFRkJmRXBCZ2kyZ3ArMHdQ + Mzk0YnZHSVZkWVhwQ2daUVB6RGU5RmMKLS0tIGlZV3ovK2hFSysrMWh0OXd3RzJM + Y0dOWFo0dFVvMDhrT0h4bkZwakFhTXMKYZJh6hHHeCkUbxezOU4PntdMSzQraeFU + IFFGhAky3FRhKIPOUG+RylluBHBVYikp4ypbIG11AV/dx4DVdzf8TQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-11-19T00:07:02Z" + mac: ENC[AES256_GCM,data:2xqs5+poVcYcO21/8gYHdzkufRcci41NStg3QNHU1wfXDizGbt5DSzqXZwdjqtTvVOEP10STct6d7qzfFIi1Zati1j4EJrPy8x0xym+Huc/gFX5m3Hk5GF5FXgnvnak4nUdI4ub6FkzRCuJfPas8lojGtlCO+/4iXiwfXJwWkYg=,iv:HOsRrOzNH3i11nNfcIlgSoIeXYRaX1EFPNpYTD+Sj9o=,tag:A2WA6IoW0t23spUpgbFzTA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/cluster/configuration/cluster-secrets.sops.yaml b/kubernetes/base/config/cluster-secrets.sops.yaml similarity index 94% rename from cluster/configuration/cluster-secrets.sops.yaml rename to kubernetes/base/config/cluster-secrets.sops.yaml index 8796a410b..ddd4b5a3b 100644 --- a/cluster/configuration/cluster-secrets.sops.yaml +++ b/kubernetes/base/config/cluster-secrets.sops.yaml @@ -34,6 +34,7 @@ stringData: SECRET_SHARRY_DB_PASSWORD: ENC[AES256_GCM,data:Y0gk4bRcEws2b0SF4AY=,iv:3cQbD/uvWNGjEmz3z8uEbXWwJffIrTj3nSDsGBS0MEU=,tag:RsIBq9zI8+2temGj5r/Lqg==,type:str] SECRET_SHARRY_MINIO_S3_ACCESS_KEY: ENC[AES256_GCM,data:2qLE/cs=,iv:Ctrw213BgCC2jyEvFp38aOejzY/ZYiwAj9fsPzXgaY0=,tag:LBlIUm1LTAjUIKu4JeLw9A==,type:str] SECRET_SHARRY_MINIO_S3_SECRET_KEY: ENC[AES256_GCM,data:ewm/Pfjb0t3KY46o2+DsnOGUzrk=,iv:rf6K/qx24iMeHG/a/mCQgD132LsFt+wme4Udx50v6NA=,tag:OskpvWusk2B1P/OACWN2eA==,type:str] +type: Opaque sops: kms: [] gcp_kms: [] @@ -49,8 +50,8 @@ sops: WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-11-16T22:14:08Z" - mac: ENC[AES256_GCM,data:z/yPY1WKt2t3LIJiVQ36DdlQOW4BP0SGiyZIoG1u4B4kQ6EKQZ6IotPVOn3sUQBLJ6HGqaM8Ns9JRdi5id1pP089Rzm97FMh0ynofggtaVCHCpb5qqGf7n+LJ+naM198nWmgAnyw45+Xwg8z8DAWrSH32hZA4MXeY9XRS/cdclk=,iv:eYJylNzq8f4ZW6e1zHspmuga+toVN+2fhYAenRW0v44=,tag:XqT4o3qYEdcLtATsa4vh/g==,type:str] + lastmodified: "2022-11-19T03:54:00Z" + mac: ENC[AES256_GCM,data:OTGwsnmD9ZMe3WJ+g2OOtd9wV2U8VC/HAew9uQ3WGv/I8lChcYl+2Q8JOH3GNQXghnME5OVuXCXK2Ax75p1DO1eXcR3NfTT2/uEeu3Ttdc0PRKynxEkmVQSZE8LrBzBHl+uiNhjOqHeMnw7JTAyRBwBoXJqpbWVAvkpsZ1PQbDY=,iv:nOoyPOesi+/NEywQF25smTgisS+b9vFnfPL71P785hU=,tag:zbhrHCwFs3F77oXcyYXA9A==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3 diff --git a/cluster/configuration/cluster-settings.yaml b/kubernetes/base/config/cluster-settings.yaml similarity index 64% rename from cluster/configuration/cluster-settings.yaml rename to kubernetes/base/config/cluster-settings.yaml index 08a0aa29d..5026bb6f8 100644 --- a/cluster/configuration/cluster-settings.yaml +++ b/kubernetes/base/config/cluster-settings.yaml @@ -5,6 +5,8 @@ metadata: namespace: flux-system name: cluster-settings data: + CILIUM_BGP_SVC_RANGE: 192.168.169.0/24 + CILIUM_POD_CIDR: 10.69.0.0/16 CLUSTER_LB_K8SGATEWAY: 192.168.169.100 CLUSTER_LB_NGINX: 192.168.169.101 CLUSTER_LB_SMTP_RELAY: 192.168.169.102 @@ -13,7 +15,7 @@ data: CLUSTER_LB_QBITTORRENT: 192.168.169.105 CLUSTER_LB_RESILIOSYNC_CLAUDE: 192.168.169.106 CLUSTER_LB_HASS: 192.168.169.107 - CLUSTER_LB_SYSLOG: 192.168.169.108 + CLUSTER_LB_VECTOR: 192.168.169.108 CLUSTER_LB_EMQX: 192.168.169.109 CLUSTER_LB_JELLYFIN: 192.168.169.110 CLUSTER_LB_RESILIOSYNC_HELENE: 192.168.169.111 @@ -21,14 +23,4 @@ data: LOCAL_LAN_OPNSENSE: 192.168.8.1 LOCAL_LAN_TRUENAS: 192.168.9.10 LOCAL_LAN_TRUENAS_REMOTE: 10.10.0.2 - LOCAL_LAN_COREELEC: 192.168.9.60 - LOCAL_LAN_K3SSERVER: 192.168.9.100 - LOCAL_LAN_K3SWORKER1: 192.168.9.105 - LOCAL_LAN_K3SWORKER2: 192.168.9.106 - LOCAL_LAN_K3SWORKER3: 192.168.9.107 - LOCAL_LAN_OPENMEDIAVAULT: 192.168.9.13 - NET_NODE_CIDR: 10.69.0.0/16 - NET_POD_CIDR: 10.95.0.0/16 - NET_SVC_CIDR: 10.96.0.0/16 - NET_EIP_CIDR: 192.168.169.0/24 TIMEZONE: "Europe/Paris" diff --git a/cluster/configuration/kustomization.yaml b/kubernetes/base/config/kustomization.yaml similarity index 100% rename from cluster/configuration/kustomization.yaml rename to kubernetes/base/config/kustomization.yaml diff --git a/cluster/crds/kustomization.yaml b/kubernetes/base/kustomization.yaml similarity index 72% rename from cluster/crds/kustomization.yaml rename to kubernetes/base/kustomization.yaml index 36715e005..59bcbc6ac 100644 --- a/cluster/crds/kustomization.yaml +++ b/kubernetes/base/kustomization.yaml @@ -1,4 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - kube-prometheus-stack + - config + - repositories diff --git a/cluster/charts/bitnami-charts.yaml b/kubernetes/base/repositories/helm/bitnami.yaml similarity index 66% rename from cluster/charts/bitnami-charts.yaml rename to kubernetes/base/repositories/helm/bitnami.yaml index f1995a679..58edbe918 100644 --- a/cluster/charts/bitnami-charts.yaml +++ b/kubernetes/base/repositories/helm/bitnami.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: bitnami-charts + name: bitnami namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/bjw-s-charts.yaml b/kubernetes/base/repositories/helm/bjw-s.yaml similarity index 89% rename from cluster/charts/bjw-s-charts.yaml rename to kubernetes/base/repositories/helm/bjw-s.yaml index 64b916b4d..c9e6c2d48 100644 --- a/cluster/charts/bjw-s-charts.yaml +++ b/kubernetes/base/repositories/helm/bjw-s.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: bjw-s-charts + name: bjw-s namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/cert-manager-webhook-ovh.yaml b/kubernetes/base/repositories/helm/cert-manager-webhook-ovh.yaml similarity index 86% rename from cluster/charts/cert-manager-webhook-ovh.yaml rename to kubernetes/base/repositories/helm/cert-manager-webhook-ovh.yaml index 44741a6b1..1e8cd32ad 100644 --- a/cluster/charts/cert-manager-webhook-ovh.yaml +++ b/kubernetes/base/repositories/helm/cert-manager-webhook-ovh.yaml @@ -1,5 +1,5 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: GitRepository metadata: name: cert-manager-webhook-ovh diff --git a/kubernetes/base/repositories/helm/cilium.yaml b/kubernetes/base/repositories/helm/cilium.yaml new file mode 100644 index 000000000..51c65d691 --- /dev/null +++ b/kubernetes/base/repositories/helm/cilium.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: cilium + namespace: flux-system +spec: + interval: 1h + url: https://helm.cilium.io diff --git a/cluster/charts/cloudnative-pg-charts.yaml b/kubernetes/base/repositories/helm/cloudnative-pg.yaml similarity index 85% rename from cluster/charts/cloudnative-pg-charts.yaml rename to kubernetes/base/repositories/helm/cloudnative-pg.yaml index eb00d862b..6cd8394ff 100644 --- a/cluster/charts/cloudnative-pg-charts.yaml +++ b/kubernetes/base/repositories/helm/cloudnative-pg.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: cloudnative-pg-charts + name: cloudnative-pg namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/descheduler-charts.yaml b/kubernetes/base/repositories/helm/descheduler.yaml similarity index 86% rename from cluster/charts/descheduler-charts.yaml rename to kubernetes/base/repositories/helm/descheduler.yaml index 06788a095..64d63f6e2 100644 --- a/cluster/charts/descheduler-charts.yaml +++ b/kubernetes/base/repositories/helm/descheduler.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: descheduler-charts + name: descheduler namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/drone-charts.yaml b/kubernetes/base/repositories/helm/drone.yaml similarity index 100% rename from cluster/charts/drone-charts.yaml rename to kubernetes/base/repositories/helm/drone.yaml diff --git a/cluster/charts/dysnix-charts.yaml b/kubernetes/base/repositories/helm/dysnix.yaml similarity index 88% rename from cluster/charts/dysnix-charts.yaml rename to kubernetes/base/repositories/helm/dysnix.yaml index e2530a010..ce01a64bb 100644 --- a/cluster/charts/dysnix-charts.yaml +++ b/kubernetes/base/repositories/helm/dysnix.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: dysnix-charts + name: dysnix namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/emxq-charts.yaml b/kubernetes/base/repositories/helm/emxq.yaml similarity index 66% rename from cluster/charts/emxq-charts.yaml rename to kubernetes/base/repositories/helm/emxq.yaml index 83671f817..ce6d887a4 100644 --- a/cluster/charts/emxq-charts.yaml +++ b/kubernetes/base/repositories/helm/emxq.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: emqx-charts + name: emqx namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/external-dns-charts.yaml b/kubernetes/base/repositories/helm/external-dns.yaml similarity index 86% rename from cluster/charts/external-dns-charts.yaml rename to kubernetes/base/repositories/helm/external-dns.yaml index 2109d9e1e..b76b9662c 100644 --- a/cluster/charts/external-dns-charts.yaml +++ b/kubernetes/base/repositories/helm/external-dns.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: external-dns-charts + name: external-dns namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/gitea-charts.yaml b/kubernetes/base/repositories/helm/gitea.yaml similarity index 66% rename from cluster/charts/gitea-charts.yaml rename to kubernetes/base/repositories/helm/gitea.yaml index 31bd2106a..6e5342cc7 100644 --- a/cluster/charts/gitea-charts.yaml +++ b/kubernetes/base/repositories/helm/gitea.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: gitea-charts + name: gitea namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/grafana-charts.yaml b/kubernetes/base/repositories/helm/grafana.yaml similarity index 67% rename from cluster/charts/grafana-charts.yaml rename to kubernetes/base/repositories/helm/grafana.yaml index 28b2f3126..cee734c7a 100644 --- a/cluster/charts/grafana-charts.yaml +++ b/kubernetes/base/repositories/helm/grafana.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: grafana-charts + name: grafana namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/ingress-nginx-charts.yaml b/kubernetes/base/repositories/helm/ingress-nginx.yaml similarity index 66% rename from cluster/charts/ingress-nginx-charts.yaml rename to kubernetes/base/repositories/helm/ingress-nginx.yaml index eb15f7492..020bbbaa6 100644 --- a/cluster/charts/ingress-nginx-charts.yaml +++ b/kubernetes/base/repositories/helm/ingress-nginx.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: ingress-nginx-charts + name: ingress-nginx namespace: flux-system spec: interval: 1h diff --git a/kubernetes/base/repositories/helm/jetstack.yaml b/kubernetes/base/repositories/helm/jetstack.yaml new file mode 100644 index 000000000..d4a9ab37b --- /dev/null +++ b/kubernetes/base/repositories/helm/jetstack.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: jetstack + namespace: flux-system +spec: + interval: 1h + url: https://charts.jetstack.io/ + timeout: 3m diff --git a/cluster/charts/k8s-gateway-charts.yaml b/kubernetes/base/repositories/helm/k8s-gateway.yaml similarity index 66% rename from cluster/charts/k8s-gateway-charts.yaml rename to kubernetes/base/repositories/helm/k8s-gateway.yaml index e922d60d6..6a96f3f05 100644 --- a/cluster/charts/k8s-gateway-charts.yaml +++ b/kubernetes/base/repositories/helm/k8s-gateway.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: k8s-gateway-charts + name: k8s-gateway namespace: flux-system spec: interval: 1h diff --git a/kubernetes/base/repositories/helm/kustomization.yaml b/kubernetes/base/repositories/helm/kustomization.yaml new file mode 100644 index 000000000..ecb68863f --- /dev/null +++ b/kubernetes/base/repositories/helm/kustomization.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - bitnami.yaml + - bjw-s.yaml + - cert-manager-webhook-ovh.yaml + - cilium.yaml + - cloudnative-pg.yaml + - descheduler.yaml + - drone.yaml + - dysnix.yaml + - emxq.yaml + - external-dns.yaml + - gitea.yaml + - grafana.yaml + - ingress-nginx.yaml + - jetstack.yaml + - k8s-gateway.yaml + - kyverno.yaml + - metrics-server.yaml + - node-feature-discovery.yaml + - prometheus-community.yaml + - rook-ceph.yaml + - stakater.yaml + - vector.yaml + - weave-gitops.yaml diff --git a/cluster/charts/kyverno-charts.yaml b/kubernetes/base/repositories/helm/kyverno.yaml similarity index 87% rename from cluster/charts/kyverno-charts.yaml rename to kubernetes/base/repositories/helm/kyverno.yaml index 7257a920f..bc329137b 100644 --- a/cluster/charts/kyverno-charts.yaml +++ b/kubernetes/base/repositories/helm/kyverno.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: kyverno-charts + name: kyverno namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/metrics-server-charts.yaml b/kubernetes/base/repositories/helm/metrics-server.yaml similarity index 85% rename from cluster/charts/metrics-server-charts.yaml rename to kubernetes/base/repositories/helm/metrics-server.yaml index 50c80c1b5..57e7aa0c5 100644 --- a/cluster/charts/metrics-server-charts.yaml +++ b/kubernetes/base/repositories/helm/metrics-server.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: metrics-server-charts + name: metrics-server namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/node-feature-discovery.yaml b/kubernetes/base/repositories/helm/node-feature-discovery.yaml similarity index 66% rename from cluster/charts/node-feature-discovery.yaml rename to kubernetes/base/repositories/helm/node-feature-discovery.yaml index 28613b20c..9f8f522b2 100644 --- a/cluster/charts/node-feature-discovery.yaml +++ b/kubernetes/base/repositories/helm/node-feature-discovery.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: node-feature-discovery-charts + name: node-feature-discovery namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/prometheus-community-charts.yaml b/kubernetes/base/repositories/helm/prometheus-community.yaml similarity index 65% rename from cluster/charts/prometheus-community-charts.yaml rename to kubernetes/base/repositories/helm/prometheus-community.yaml index 30c264781..a43a5f2b8 100644 --- a/cluster/charts/prometheus-community-charts.yaml +++ b/kubernetes/base/repositories/helm/prometheus-community.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: prometheus-community-charts + name: prometheus-community namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/rook-ceph-charts.yaml b/kubernetes/base/repositories/helm/rook-ceph.yaml similarity index 65% rename from cluster/charts/rook-ceph-charts.yaml rename to kubernetes/base/repositories/helm/rook-ceph.yaml index 7457789c4..23c25530c 100644 --- a/cluster/charts/rook-ceph-charts.yaml +++ b/kubernetes/base/repositories/helm/rook-ceph.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: rook-ceph-charts + name: rook-ceph namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/stakater-charts.yaml b/kubernetes/base/repositories/helm/stakater.yaml similarity index 67% rename from cluster/charts/stakater-charts.yaml rename to kubernetes/base/repositories/helm/stakater.yaml index acbe36c80..a0d47cad0 100644 --- a/cluster/charts/stakater-charts.yaml +++ b/kubernetes/base/repositories/helm/stakater.yaml @@ -1,8 +1,8 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: stakater-charts + name: stakater namespace: flux-system spec: interval: 1h diff --git a/cluster/charts/vector-charts.yaml b/kubernetes/base/repositories/helm/vector.yaml similarity index 87% rename from cluster/charts/vector-charts.yaml rename to kubernetes/base/repositories/helm/vector.yaml index 07d511e48..e5090d6b2 100644 --- a/cluster/charts/vector-charts.yaml +++ b/kubernetes/base/repositories/helm/vector.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: vector-charts + name: vector namespace: flux-system spec: interval: 1h diff --git a/kubernetes/base/repositories/helm/weave-gitops.yaml b/kubernetes/base/repositories/helm/weave-gitops.yaml new file mode 100644 index 000000000..97dc2e3cd --- /dev/null +++ b/kubernetes/base/repositories/helm/weave-gitops.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: weave-gitops + namespace: flux-system +spec: + interval: 30m + url: https://helm.gitops.weave.works + timeout: 3m diff --git a/cluster/crds/kube-prometheus-stack/kustomization.yaml b/kubernetes/base/repositories/kustomization.yaml similarity index 84% rename from cluster/crds/kube-prometheus-stack/kustomization.yaml rename to kubernetes/base/repositories/kustomization.yaml index 2ed3b3515..0a03f298e 100644 --- a/cluster/crds/kube-prometheus-stack/kustomization.yaml +++ b/kubernetes/base/repositories/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - crds.yaml + - helm diff --git a/cluster/apps/authentication/authelia/config/configuration.yml b/kubernetes/cluster-0/apps/authentication/authelia/config/configuration.yml similarity index 100% rename from cluster/apps/authentication/authelia/config/configuration.yml rename to kubernetes/cluster-0/apps/authentication/authelia/config/configuration.yml diff --git a/cluster/apps/authentication/authelia/helm-release.yaml b/kubernetes/cluster-0/apps/authentication/authelia/helm-release.yaml similarity index 98% rename from cluster/apps/authentication/authelia/helm-release.yaml rename to kubernetes/cluster-0/apps/authentication/authelia/helm-release.yaml index 91170ac3f..86f5a38d8 100644 --- a/cluster/apps/authentication/authelia/helm-release.yaml +++ b/kubernetes/cluster-0/apps/authentication/authelia/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/authentication/authelia/kustomization.yaml b/kubernetes/cluster-0/apps/authentication/authelia/kustomization.yaml similarity index 100% rename from cluster/apps/authentication/authelia/kustomization.yaml rename to kubernetes/cluster-0/apps/authentication/authelia/kustomization.yaml diff --git a/cluster/apps/authentication/authelia/patches/env.yaml b/kubernetes/cluster-0/apps/authentication/authelia/patches/env.yaml similarity index 100% rename from cluster/apps/authentication/authelia/patches/env.yaml rename to kubernetes/cluster-0/apps/authentication/authelia/patches/env.yaml diff --git a/cluster/apps/authentication/authelia/patches/postgres.yaml b/kubernetes/cluster-0/apps/authentication/authelia/patches/postgres.yaml similarity index 100% rename from cluster/apps/authentication/authelia/patches/postgres.yaml rename to kubernetes/cluster-0/apps/authentication/authelia/patches/postgres.yaml diff --git a/cluster/apps/authentication/authelia/secret.sops.yaml b/kubernetes/cluster-0/apps/authentication/authelia/secret.sops.yaml similarity index 100% rename from cluster/apps/authentication/authelia/secret.sops.yaml rename to kubernetes/cluster-0/apps/authentication/authelia/secret.sops.yaml diff --git a/cluster/apps/authentication/glauth/config/groups.sops.toml b/kubernetes/cluster-0/apps/authentication/glauth/config/groups.sops.toml similarity index 100% rename from cluster/apps/authentication/glauth/config/groups.sops.toml rename to kubernetes/cluster-0/apps/authentication/glauth/config/groups.sops.toml diff --git a/cluster/apps/authentication/glauth/config/server.sops.toml b/kubernetes/cluster-0/apps/authentication/glauth/config/server.sops.toml similarity index 100% rename from cluster/apps/authentication/glauth/config/server.sops.toml rename to kubernetes/cluster-0/apps/authentication/glauth/config/server.sops.toml diff --git a/cluster/apps/authentication/glauth/config/users.sops.toml b/kubernetes/cluster-0/apps/authentication/glauth/config/users.sops.toml similarity index 100% rename from cluster/apps/authentication/glauth/config/users.sops.toml rename to kubernetes/cluster-0/apps/authentication/glauth/config/users.sops.toml diff --git a/cluster/apps/authentication/glauth/helm-release.yaml b/kubernetes/cluster-0/apps/authentication/glauth/helm-release.yaml similarity index 97% rename from cluster/apps/authentication/glauth/helm-release.yaml rename to kubernetes/cluster-0/apps/authentication/glauth/helm-release.yaml index 956d3d9de..9f882b374 100644 --- a/cluster/apps/authentication/glauth/helm-release.yaml +++ b/kubernetes/cluster-0/apps/authentication/glauth/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/authentication/glauth/kustomization.yaml b/kubernetes/cluster-0/apps/authentication/glauth/kustomization.yaml similarity index 100% rename from cluster/apps/authentication/glauth/kustomization.yaml rename to kubernetes/cluster-0/apps/authentication/glauth/kustomization.yaml diff --git a/cluster/apps/authentication/kustomization.yaml b/kubernetes/cluster-0/apps/authentication/kustomization.yaml similarity index 100% rename from cluster/apps/authentication/kustomization.yaml rename to kubernetes/cluster-0/apps/authentication/kustomization.yaml diff --git a/cluster/apps/authentication/readme.md b/kubernetes/cluster-0/apps/authentication/readme.md similarity index 100% rename from cluster/apps/authentication/readme.md rename to kubernetes/cluster-0/apps/authentication/readme.md diff --git a/cluster/apps/crypto/celestia-app/helm-release.yaml b/kubernetes/cluster-0/apps/crypto/celestia-app/helm-release.yaml similarity index 98% rename from cluster/apps/crypto/celestia-app/helm-release.yaml rename to kubernetes/cluster-0/apps/crypto/celestia-app/helm-release.yaml index 4b22a2960..37f46d7da 100644 --- a/cluster/apps/crypto/celestia-app/helm-release.yaml +++ b/kubernetes/cluster-0/apps/crypto/celestia-app/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/crypto/celestia-app/kustomization.yaml b/kubernetes/cluster-0/apps/crypto/celestia-app/kustomization.yaml similarity index 100% rename from cluster/apps/crypto/celestia-app/kustomization.yaml rename to kubernetes/cluster-0/apps/crypto/celestia-app/kustomization.yaml diff --git a/cluster/apps/crypto/celestia-app/secret.sops.yaml b/kubernetes/cluster-0/apps/crypto/celestia-app/secret.sops.yaml similarity index 100% rename from cluster/apps/crypto/celestia-app/secret.sops.yaml rename to kubernetes/cluster-0/apps/crypto/celestia-app/secret.sops.yaml diff --git a/cluster/apps/crypto/celestia-app/volume.yaml b/kubernetes/cluster-0/apps/crypto/celestia-app/volume.yaml similarity index 100% rename from cluster/apps/crypto/celestia-app/volume.yaml rename to kubernetes/cluster-0/apps/crypto/celestia-app/volume.yaml diff --git a/cluster/apps/crypto/kustomization.yaml b/kubernetes/cluster-0/apps/crypto/kustomization.yaml similarity index 100% rename from cluster/apps/crypto/kustomization.yaml rename to kubernetes/cluster-0/apps/crypto/kustomization.yaml diff --git a/cluster/apps/databases/kustomization.yaml b/kubernetes/cluster-0/apps/databases/kustomization.yaml similarity index 100% rename from cluster/apps/databases/kustomization.yaml rename to kubernetes/cluster-0/apps/databases/kustomization.yaml diff --git a/cluster/apps/databases/pgadmin/helm-release.yaml b/kubernetes/cluster-0/apps/databases/pgadmin/helm-release.yaml similarity index 79% rename from cluster/apps/databases/pgadmin/helm-release.yaml rename to kubernetes/cluster-0/apps/databases/pgadmin/helm-release.yaml index 6d51ab449..83c210bdd 100644 --- a/cluster/apps/databases/pgadmin/helm-release.yaml +++ b/kubernetes/cluster-0/apps/databases/pgadmin/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -30,6 +30,15 @@ spec: envFrom: - secretRef: name: *app + initContainers: + volume-permissions: + image: dpage/pgadmin4:6.15 + command: ["/bin/chown", "-R", "5050:5050", "/var/lib/pgadmin"] + volumeMounts: + - name: config + mountPath: /var/lib/pgadmin + securityContext: + runAsUser: 0 service: main: ports: diff --git a/cluster/apps/databases/pgadmin/kustomization.yaml b/kubernetes/cluster-0/apps/databases/pgadmin/kustomization.yaml similarity index 100% rename from cluster/apps/databases/pgadmin/kustomization.yaml rename to kubernetes/cluster-0/apps/databases/pgadmin/kustomization.yaml diff --git a/cluster/apps/databases/pgadmin/secret.sops.yaml b/kubernetes/cluster-0/apps/databases/pgadmin/secret.sops.yaml similarity index 100% rename from cluster/apps/databases/pgadmin/secret.sops.yaml rename to kubernetes/cluster-0/apps/databases/pgadmin/secret.sops.yaml diff --git a/cluster/apps/databases/pgadmin/volume.yaml b/kubernetes/cluster-0/apps/databases/pgadmin/volume.yaml similarity index 100% rename from cluster/apps/databases/pgadmin/volume.yaml rename to kubernetes/cluster-0/apps/databases/pgadmin/volume.yaml diff --git a/cluster/apps/databases/postgres/cluster/helm-release.yaml b/kubernetes/cluster-0/apps/databases/postgres/cluster/helm-release.yaml similarity index 69% rename from cluster/apps/databases/postgres/cluster/helm-release.yaml rename to kubernetes/cluster-0/apps/databases/postgres/cluster/helm-release.yaml index fd9eed4fd..a8b04f1d0 100644 --- a/cluster/apps/databases/postgres/cluster/helm-release.yaml +++ b/kubernetes/cluster-0/apps/databases/postgres/cluster/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true @@ -53,7 +53,7 @@ spec: maxParallel: 8 destinationPath: s3://postgresql/ endpointURL: https://truenas.${SECRET_DOMAIN}:9000 - serverName: postgres-v2 + serverName: postgres-v3 s3Credentials: accessKeyId: name: postgres-minio @@ -61,20 +61,20 @@ spec: secretAccessKey: name: postgres-minio key: MINIO_SECRET_KEY - bootstrap: - recovery: - source: postgres - externalClusters: - - name: postgres - barmanObjectStore: - destinationPath: s3://postgresql/ - endpointURL: https://truenas.${SECRET_DOMAIN}:9000 - s3Credentials: - accessKeyId: - name: postgres-minio - key: MINIO_ACCESS_KEY - secretAccessKey: - name: postgres-minio - key: MINIO_SECRET_KEY - wal: - maxParallel: 8 + # bootstrap: + # recovery: + # source: postgres + # externalClusters: + # - name: postgres + # barmanObjectStore: + # destinationPath: s3://postgresql/ + # endpointURL: https://truenas.${SECRET_DOMAIN}:9000 + # s3Credentials: + # accessKeyId: + # name: postgres-minio + # key: MINIO_ACCESS_KEY + # secretAccessKey: + # name: postgres-minio + # key: MINIO_SECRET_KEY + # wal: + # maxParallel: 8 diff --git a/cluster/apps/databases/postgres/cluster/kustomization.yaml b/kubernetes/cluster-0/apps/databases/postgres/cluster/kustomization.yaml similarity index 100% rename from cluster/apps/databases/postgres/cluster/kustomization.yaml rename to kubernetes/cluster-0/apps/databases/postgres/cluster/kustomization.yaml diff --git a/cluster/apps/databases/postgres/cluster/secret.sops.yaml b/kubernetes/cluster-0/apps/databases/postgres/cluster/secret.sops.yaml similarity index 100% rename from cluster/apps/databases/postgres/cluster/secret.sops.yaml rename to kubernetes/cluster-0/apps/databases/postgres/cluster/secret.sops.yaml diff --git a/cluster/apps/databases/postgres/external-backup/helm-release.yaml b/kubernetes/cluster-0/apps/databases/postgres/external-backup/helm-release.yaml similarity index 93% rename from cluster/apps/databases/postgres/external-backup/helm-release.yaml rename to kubernetes/cluster-0/apps/databases/postgres/external-backup/helm-release.yaml index b22c7998e..8f2379ba3 100644 --- a/cluster/apps/databases/postgres/external-backup/helm-release.yaml +++ b/kubernetes/cluster-0/apps/databases/postgres/external-backup/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true @@ -47,7 +47,7 @@ spec: - name: POSTGRES_HOST value: postgres-rw.default.svc.cluster.local. - name: POSTGRES_DB - value: "authelia,freshrss,gitea,home_assistant,healthchecks,invidious,joplin,lychee,recipes,sharry,outline,vaultwarden,vikunja,wallabag" + value: "drone,freshrss,gitea,healthchecks,invidious,joplin,lychee,recipes,sharry,outline,vaultwarden,vikunja,wallabag" - name: POSTGRES_USER valueFrom: secretKeyRef: diff --git a/cluster/apps/databases/postgres/external-backup/kustomization.yaml b/kubernetes/cluster-0/apps/databases/postgres/external-backup/kustomization.yaml similarity index 100% rename from cluster/apps/databases/postgres/external-backup/kustomization.yaml rename to kubernetes/cluster-0/apps/databases/postgres/external-backup/kustomization.yaml diff --git a/cluster/apps/databases/postgres/helm-release.yaml b/kubernetes/cluster-0/apps/databases/postgres/helm-release.yaml similarity index 93% rename from cluster/apps/databases/postgres/helm-release.yaml rename to kubernetes/cluster-0/apps/databases/postgres/helm-release.yaml index 49c84c1b9..a052555ed 100644 --- a/cluster/apps/databases/postgres/helm-release.yaml +++ b/kubernetes/cluster-0/apps/databases/postgres/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 0.16.0 sourceRef: kind: HelmRepository - name: cloudnative-pg-charts + name: cloudnative-pg namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/databases/postgres/kustomization.yaml b/kubernetes/cluster-0/apps/databases/postgres/kustomization.yaml similarity index 100% rename from cluster/apps/databases/postgres/kustomization.yaml rename to kubernetes/cluster-0/apps/databases/postgres/kustomization.yaml diff --git a/cluster/apps/databases/postgres/scheduled-backup/helm-release.yaml b/kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/helm-release.yaml similarity index 96% rename from cluster/apps/databases/postgres/scheduled-backup/helm-release.yaml rename to kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/helm-release.yaml index 0ce50d2fd..15547807b 100644 --- a/cluster/apps/databases/postgres/scheduled-backup/helm-release.yaml +++ b/kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/databases/postgres/scheduled-backup/kustomization.yaml b/kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/kustomization.yaml similarity index 100% rename from cluster/apps/databases/postgres/scheduled-backup/kustomization.yaml rename to kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/kustomization.yaml diff --git a/cluster/apps/databases/postgres/scheduled-backup/secret.sops.yaml b/kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/secret.sops.yaml similarity index 100% rename from cluster/apps/databases/postgres/scheduled-backup/secret.sops.yaml rename to kubernetes/cluster-0/apps/databases/postgres/scheduled-backup/secret.sops.yaml diff --git a/cluster/apps/databases/readme.md b/kubernetes/cluster-0/apps/databases/readme.md similarity index 100% rename from cluster/apps/databases/readme.md rename to kubernetes/cluster-0/apps/databases/readme.md diff --git a/cluster/apps/databases/redis/helm-release.yaml b/kubernetes/cluster-0/apps/databases/redis/helm-release.yaml similarity index 96% rename from cluster/apps/databases/redis/helm-release.yaml rename to kubernetes/cluster-0/apps/databases/redis/helm-release.yaml index aa6b76151..c27a7cbc5 100644 --- a/cluster/apps/databases/redis/helm-release.yaml +++ b/kubernetes/cluster-0/apps/databases/redis/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 17.3.11 sourceRef: kind: HelmRepository - name: bitnami-charts + name: bitnami namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/databases/redis/kustomization.yaml b/kubernetes/cluster-0/apps/databases/redis/kustomization.yaml similarity index 100% rename from cluster/apps/databases/redis/kustomization.yaml rename to kubernetes/cluster-0/apps/databases/redis/kustomization.yaml diff --git a/cluster/apps/databases/redis/secret.sops.yaml b/kubernetes/cluster-0/apps/databases/redis/secret.sops.yaml similarity index 100% rename from cluster/apps/databases/redis/secret.sops.yaml rename to kubernetes/cluster-0/apps/databases/redis/secret.sops.yaml diff --git a/cluster/apps/development/drone/drone-kubernetes-secrets/helm-release.yaml b/kubernetes/cluster-0/apps/development/drone/drone-kubernetes-secrets/helm-release.yaml similarity index 100% rename from cluster/apps/development/drone/drone-kubernetes-secrets/helm-release.yaml rename to kubernetes/cluster-0/apps/development/drone/drone-kubernetes-secrets/helm-release.yaml diff --git a/cluster/apps/development/drone/drone-kubernetes-secrets/kustomization.yaml b/kubernetes/cluster-0/apps/development/drone/drone-kubernetes-secrets/kustomization.yaml similarity index 100% rename from cluster/apps/development/drone/drone-kubernetes-secrets/kustomization.yaml rename to kubernetes/cluster-0/apps/development/drone/drone-kubernetes-secrets/kustomization.yaml diff --git a/cluster/apps/development/drone/drone-runner-kube/helm-release.yaml b/kubernetes/cluster-0/apps/development/drone/drone-runner-kube/helm-release.yaml similarity index 100% rename from cluster/apps/development/drone/drone-runner-kube/helm-release.yaml rename to kubernetes/cluster-0/apps/development/drone/drone-runner-kube/helm-release.yaml diff --git a/cluster/apps/development/drone/drone-runner-kube/kustomization.yaml b/kubernetes/cluster-0/apps/development/drone/drone-runner-kube/kustomization.yaml similarity index 100% rename from cluster/apps/development/drone/drone-runner-kube/kustomization.yaml rename to kubernetes/cluster-0/apps/development/drone/drone-runner-kube/kustomization.yaml diff --git a/cluster/apps/development/drone/helm-release.yaml b/kubernetes/cluster-0/apps/development/drone/helm-release.yaml similarity index 100% rename from cluster/apps/development/drone/helm-release.yaml rename to kubernetes/cluster-0/apps/development/drone/helm-release.yaml diff --git a/cluster/apps/development/drone/kustomization.yaml b/kubernetes/cluster-0/apps/development/drone/kustomization.yaml similarity index 100% rename from cluster/apps/development/drone/kustomization.yaml rename to kubernetes/cluster-0/apps/development/drone/kustomization.yaml diff --git a/cluster/apps/development/drone/secret.sops.yaml b/kubernetes/cluster-0/apps/development/drone/secret.sops.yaml similarity index 100% rename from cluster/apps/development/drone/secret.sops.yaml rename to kubernetes/cluster-0/apps/development/drone/secret.sops.yaml diff --git a/cluster/apps/development/gitea/external-backup/helm-release.yaml b/kubernetes/cluster-0/apps/development/gitea/external-backup/helm-release.yaml similarity index 96% rename from cluster/apps/development/gitea/external-backup/helm-release.yaml rename to kubernetes/cluster-0/apps/development/gitea/external-backup/helm-release.yaml index c6d8bb99b..53b228cfd 100644 --- a/cluster/apps/development/gitea/external-backup/helm-release.yaml +++ b/kubernetes/cluster-0/apps/development/gitea/external-backup/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true @@ -41,7 +41,7 @@ spec: spec: containers: - name: *app - image: ghcr.io/auricom/kubectl:v1.25.0@sha256:9386292eedb8bf26c34b44d1c8195813456ab3572f166814b8bda77ab917c7a8 + image: ghcr.io/auricom/kubectl:1.25.4@sha256:eef66c93cd48cacb338a8994632e0b75aafeac2fbdcc5c64314a9bf422d0380c imagePullPolicy: IfNotPresent command: - "/bin/bash" diff --git a/cluster/apps/development/gitea/external-backup/kustomization.yaml b/kubernetes/cluster-0/apps/development/gitea/external-backup/kustomization.yaml similarity index 100% rename from cluster/apps/development/gitea/external-backup/kustomization.yaml rename to kubernetes/cluster-0/apps/development/gitea/external-backup/kustomization.yaml diff --git a/cluster/apps/development/gitea/helm-release.yaml b/kubernetes/cluster-0/apps/development/gitea/helm-release.yaml similarity index 97% rename from cluster/apps/development/gitea/helm-release.yaml rename to kubernetes/cluster-0/apps/development/gitea/helm-release.yaml index fdacb9291..bc822317e 100644 --- a/cluster/apps/development/gitea/helm-release.yaml +++ b/kubernetes/cluster-0/apps/development/gitea/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 6.0.3 sourceRef: kind: HelmRepository - name: gitea-charts + name: gitea namespace: flux-system install: createNamespace: true @@ -109,9 +109,7 @@ spec: ssh: type: LoadBalancer port: 22 - externalTrafficPolicy: Local - externalIPs: - - ${CLUSTER_LB_GITEA} + loadBalancerIP: ${CLUSTER_LB_GITEA} ingress: enabled: true className: nginx diff --git a/cluster/apps/development/gitea/kustomization.yaml b/kubernetes/cluster-0/apps/development/gitea/kustomization.yaml similarity index 100% rename from cluster/apps/development/gitea/kustomization.yaml rename to kubernetes/cluster-0/apps/development/gitea/kustomization.yaml diff --git a/cluster/apps/development/gitea/secret.sops.yaml b/kubernetes/cluster-0/apps/development/gitea/secret.sops.yaml similarity index 100% rename from cluster/apps/development/gitea/secret.sops.yaml rename to kubernetes/cluster-0/apps/development/gitea/secret.sops.yaml diff --git a/cluster/apps/development/gitea/volume.yaml b/kubernetes/cluster-0/apps/development/gitea/volume.yaml similarity index 100% rename from cluster/apps/development/gitea/volume.yaml rename to kubernetes/cluster-0/apps/development/gitea/volume.yaml diff --git a/cluster/apps/development/kustomization.yaml b/kubernetes/cluster-0/apps/development/kustomization.yaml similarity index 100% rename from cluster/apps/development/kustomization.yaml rename to kubernetes/cluster-0/apps/development/kustomization.yaml diff --git a/cluster/apps/development/readme.md b/kubernetes/cluster-0/apps/development/readme.md similarity index 100% rename from cluster/apps/development/readme.md rename to kubernetes/cluster-0/apps/development/readme.md diff --git a/cluster/apps/documentation/kustomization.yaml b/kubernetes/cluster-0/apps/documentation/kustomization.yaml similarity index 100% rename from cluster/apps/documentation/kustomization.yaml rename to kubernetes/cluster-0/apps/documentation/kustomization.yaml diff --git a/cluster/apps/documentation/outline/helm-release.yaml b/kubernetes/cluster-0/apps/documentation/outline/helm-release.yaml similarity index 98% rename from cluster/apps/documentation/outline/helm-release.yaml rename to kubernetes/cluster-0/apps/documentation/outline/helm-release.yaml index be593ad5a..af1c38ae2 100644 --- a/cluster/apps/documentation/outline/helm-release.yaml +++ b/kubernetes/cluster-0/apps/documentation/outline/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/documentation/outline/kustomization.yaml b/kubernetes/cluster-0/apps/documentation/outline/kustomization.yaml similarity index 100% rename from cluster/apps/documentation/outline/kustomization.yaml rename to kubernetes/cluster-0/apps/documentation/outline/kustomization.yaml diff --git a/cluster/apps/documentation/outline/patches/env.yaml b/kubernetes/cluster-0/apps/documentation/outline/patches/env.yaml similarity index 100% rename from cluster/apps/documentation/outline/patches/env.yaml rename to kubernetes/cluster-0/apps/documentation/outline/patches/env.yaml diff --git a/cluster/apps/documentation/outline/patches/postgres.yaml b/kubernetes/cluster-0/apps/documentation/outline/patches/postgres.yaml similarity index 100% rename from cluster/apps/documentation/outline/patches/postgres.yaml rename to kubernetes/cluster-0/apps/documentation/outline/patches/postgres.yaml diff --git a/cluster/apps/documentation/outline/secret.sops.yaml b/kubernetes/cluster-0/apps/documentation/outline/secret.sops.yaml similarity index 70% rename from cluster/apps/documentation/outline/secret.sops.yaml rename to kubernetes/cluster-0/apps/documentation/outline/secret.sops.yaml index 7deba431a..2c31993a8 100644 --- a/cluster/apps/documentation/outline/secret.sops.yaml +++ b/kubernetes/cluster-0/apps/documentation/outline/secret.sops.yaml @@ -10,9 +10,9 @@ stringData: AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:2GGPneKPmFEtq3A9X7fskiv/FnKv5deoyzNx0/euYrTOJKrRiTgj8g==,iv:u1LLrjxP1GwWcM1FJLjB9OpUFTPI0D9IZEX86IHGpmU=,tag:7vq4QeQagU2B9+WShheDKg==,type:str] SECRET_KEY: ENC[AES256_GCM,data:RUjf4wghv9PnDdSNWeytoDRzH+A7wa8RNYDP+MYIf8KHjOGyVNzZwEuS8ah8wy8tvBWAE9kykOC1KhP+wFofIA==,iv:3z7NZ87ILlyrkx4YMWQ9uFL2W31bTmwZFkJxOHgSVvo=,tag:umplfrhjvCZX9Ucneo7Q+Q==,type:str] UTILS_SECRET: ENC[AES256_GCM,data:r5DADkQbM5fEBsWs7ddUx2PXnt+ePiQcJZgKMmHYpkddmPFeS5xpJGgbhun7v409aKJLQRm/tUIysBlxHlnSbA==,iv:cP2KQeUmgjoXuY7UnQ57M4tBUeO0hELGe+HrSB5RJ3Q=,tag:HD4lccnbZXjllmOLyEHY3Q==,type:str] - DATABASE_URL: ENC[AES256_GCM,data:PmbXB90u/mb/hpEgxxyyegCjaaQNadKcIIZ/QX/WZho0/jq/qsUu9lnX9j1D2TWiY2zsL8pfb0Fgdznki8/2U7bmezScEXlN660yB1F5fdnj5oktK+z8wmg8,iv:mDs74Ynp0xLJlgAh250PYSfGb50PuayHKGP9RyXlK88=,tag:hZYRJxrOToPOg1XNZtX6CQ==,type:str] + DATABASE_URL: ENC[AES256_GCM,data:NAAK6EBbngEf1uW7o8Qi2gZJ9z6VYP0btsbKrkf3O/ZmbcRCCUYXfKYg7zUZiyXmyUSqZboCIi7TDPBotrjhimTBelbx/WD0S/41kZBQWYHDIZ2+nYyCGRxP,iv:q1zxJ2oRN6okkOeqrzK0cKaD2dkEGzgC7cqv+kNjCy0=,tag:xltRDd+u16SCJJPh5UU3oQ==,type:str] POSTGRES_USER: ENC[AES256_GCM,data:4FlwiUkmmQ==,iv:f/mOMCV34bvseHAJ37AaUIZUYcBobtdIAYN/5ONhGbg=,tag:HFvPkQh2i/BtnynAjP0uhg==,type:str] - POSTGRES_PASS: ENC[AES256_GCM,data:HTbSg+yj1iKqlGmPPwql+GD+psM=,iv:fMHU+AYZ/NfgtCstuQIfnBmKRD2n3hMmFKSqC5akB/c=,tag:v16K+iZZVQZ9gpBIBWgyfQ==,type:str] + POSTGRES_PASS: ENC[AES256_GCM,data:/54bUXgZFUnxvB5kqqvU0gbedzc=,iv:sRVKl5qH9zY6pOrzYaIOmF5BG7qahOSb5WFWt8I+BNw=,tag:EkofX2OPX4VdvJNyX2t39Q==,type:str] sops: kms: [] gcp_kms: [] @@ -28,8 +28,8 @@ sops: eGsyL3NhNS8xdUp0VlNQbWRYbHFLYW8KeMc82BlegMJMtAF/WGMbXhpf2MVvUP5q ehHCSwpe3a8WwXEBNu1u5IPcnMO4Fo5HhjLbMx6H1Ynd6KdyDXUKEg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-09-16T12:43:00Z" - mac: ENC[AES256_GCM,data:6RfDQu9CTAOg1AwfKn05qvBv/K1II3nUpMsei3qQKbcUPztn+hpxjiByz1WoGN2u5WBvRJK+Jeo3Z0L1MkC78YjLydhXvnKpdcQFBFob+q9E3FdkqHgqh/SroyaZHSykDWSEGDwqb9/iYONTXPUxchQYKFH/5YTRU2Qms8hoeqI=,iv:ZnilmIpjCA10gV53FOV23iw0pOwrYoMCTX20nb5sDCc=,tag:VDfFckR0iC/tdv1ra2Qd2A==,type:str] + lastmodified: "2022-11-19T22:40:33Z" + mac: ENC[AES256_GCM,data:nrFpZ3+UBaW9n0uTIArIyPuMuQyh0IHqu5KmcUZHk2weKEQshkx3jfNmpsMieKRbdZjPbopqggeq5wN+6dD01M8+nTMBMNnBCIZMi0SIAVFybwzIR7op5CAAWsCmQuOy3GYCrLrMhujPsN2TBM9VEmlPA5xZRYslNlQShZWrGiQ=,iv:I/tKIbAGkBgh+ruQBCNQ7TxSp4fkknb/rDjAE3BdjIM=,tag:hNF1kscQEMgAElWlpSqzYg==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3 diff --git a/cluster/apps/documentation/readme.md b/kubernetes/cluster-0/apps/documentation/readme.md similarity index 100% rename from cluster/apps/documentation/readme.md rename to kubernetes/cluster-0/apps/documentation/readme.md diff --git a/cluster/apps/downloaders/flood/helm-release.yaml b/kubernetes/cluster-0/apps/downloaders/flood/helm-release.yaml similarity index 98% rename from cluster/apps/downloaders/flood/helm-release.yaml rename to kubernetes/cluster-0/apps/downloaders/flood/helm-release.yaml index 13f9840a6..0e02065e8 100644 --- a/cluster/apps/downloaders/flood/helm-release.yaml +++ b/kubernetes/cluster-0/apps/downloaders/flood/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/downloaders/flood/kustomization.yaml b/kubernetes/cluster-0/apps/downloaders/flood/kustomization.yaml similarity index 100% rename from cluster/apps/downloaders/flood/kustomization.yaml rename to kubernetes/cluster-0/apps/downloaders/flood/kustomization.yaml diff --git a/cluster/apps/downloaders/flood/secret.sops.yaml b/kubernetes/cluster-0/apps/downloaders/flood/secret.sops.yaml similarity index 100% rename from cluster/apps/downloaders/flood/secret.sops.yaml rename to kubernetes/cluster-0/apps/downloaders/flood/secret.sops.yaml diff --git a/cluster/apps/downloaders/flood/volume.yaml b/kubernetes/cluster-0/apps/downloaders/flood/volume.yaml similarity index 100% rename from cluster/apps/downloaders/flood/volume.yaml rename to kubernetes/cluster-0/apps/downloaders/flood/volume.yaml diff --git a/cluster/apps/downloaders/kustomization.yaml b/kubernetes/cluster-0/apps/downloaders/kustomization.yaml similarity index 100% rename from cluster/apps/downloaders/kustomization.yaml rename to kubernetes/cluster-0/apps/downloaders/kustomization.yaml diff --git a/cluster/apps/downloaders/pyload/helm-release.yaml b/kubernetes/cluster-0/apps/downloaders/pyload/helm-release.yaml similarity index 93% rename from cluster/apps/downloaders/pyload/helm-release.yaml rename to kubernetes/cluster-0/apps/downloaders/pyload/helm-release.yaml index 2f9e67b7b..62e20923e 100644 --- a/cluster/apps/downloaders/pyload/helm-release.yaml +++ b/kubernetes/cluster-0/apps/downloaders/pyload/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -24,7 +24,7 @@ spec: values: image: repository: ghcr.io/auricom/pyload-ng - tag: v0.5.0-b3.dev26@sha256:1d00ce0e0b66db1a0d5954be3b8ed9049be1c799483be032d055bec81b91a0da + tag: 0.5.0-b3.dev29@sha256:329021cd2c0534807d3e8be9af78dc43bbdbc8d50a66da2d58c2da70269c9534 env: TZ: "${TIMEZONE}" service: diff --git a/cluster/apps/downloaders/pyload/kustomization.yaml b/kubernetes/cluster-0/apps/downloaders/pyload/kustomization.yaml similarity index 100% rename from cluster/apps/downloaders/pyload/kustomization.yaml rename to kubernetes/cluster-0/apps/downloaders/pyload/kustomization.yaml diff --git a/cluster/apps/downloaders/pyload/volume.yaml b/kubernetes/cluster-0/apps/downloaders/pyload/volume.yaml similarity index 100% rename from cluster/apps/downloaders/pyload/volume.yaml rename to kubernetes/cluster-0/apps/downloaders/pyload/volume.yaml diff --git a/cluster/apps/downloaders/qbittorrent/helm-release.yaml b/kubernetes/cluster-0/apps/downloaders/qbittorrent/helm-release.yaml similarity index 96% rename from cluster/apps/downloaders/qbittorrent/helm-release.yaml rename to kubernetes/cluster-0/apps/downloaders/qbittorrent/helm-release.yaml index 60a53ef1c..62beec88f 100644 --- a/cluster/apps/downloaders/qbittorrent/helm-release.yaml +++ b/kubernetes/cluster-0/apps/downloaders/qbittorrent/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -34,10 +34,10 @@ spec: ports: http: port: *port - bittorrent: + bittorent: enabled: true type: LoadBalancer - externalIPs: ["${CLUSTER_LB_QBITTORRENT}"] + loadBalancerIP: "${CLUSTER_LB_QBITTORRENT}" ports: bittorrent: enabled: true diff --git a/cluster/apps/downloaders/qbittorrent/kustomization.yaml b/kubernetes/cluster-0/apps/downloaders/qbittorrent/kustomization.yaml similarity index 100% rename from cluster/apps/downloaders/qbittorrent/kustomization.yaml rename to kubernetes/cluster-0/apps/downloaders/qbittorrent/kustomization.yaml diff --git a/cluster/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helm-release.yaml b/kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helm-release.yaml similarity index 93% rename from cluster/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helm-release.yaml rename to kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helm-release.yaml index b857bb63a..b7ab75e44 100644 --- a/cluster/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helm-release.yaml +++ b/kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true @@ -42,7 +42,7 @@ spec: serviceAccountName: jobs containers: - name: *app - image: ghcr.io/auricom/kubectl:v1.25.0@sha256:9386292eedb8bf26c34b44d1c8195813456ab3572f166814b8bda77ab917c7a8 + image: ghcr.io/auricom/kubectl:1.25.4@sha256:eef66c93cd48cacb338a8994632e0b75aafeac2fbdcc5c64314a9bf422d0380c imagePullPolicy: IfNotPresent command: - "/bin/bash" diff --git a/cluster/apps/downloaders/qbittorrent/upgrade-p2pblocklist/kustomization.yaml b/kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/kustomization.yaml similarity index 100% rename from cluster/apps/downloaders/qbittorrent/upgrade-p2pblocklist/kustomization.yaml rename to kubernetes/cluster-0/apps/downloaders/qbittorrent/upgrade-p2pblocklist/kustomization.yaml diff --git a/cluster/apps/downloaders/qbittorrent/volume.yaml b/kubernetes/cluster-0/apps/downloaders/qbittorrent/volume.yaml similarity index 100% rename from cluster/apps/downloaders/qbittorrent/volume.yaml rename to kubernetes/cluster-0/apps/downloaders/qbittorrent/volume.yaml diff --git a/cluster/apps/downloaders/sabnzbd/helm-release.yaml b/kubernetes/cluster-0/apps/downloaders/sabnzbd/helm-release.yaml similarity index 98% rename from cluster/apps/downloaders/sabnzbd/helm-release.yaml rename to kubernetes/cluster-0/apps/downloaders/sabnzbd/helm-release.yaml index c4d7c6b15..02d20f1f9 100644 --- a/cluster/apps/downloaders/sabnzbd/helm-release.yaml +++ b/kubernetes/cluster-0/apps/downloaders/sabnzbd/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/downloaders/sabnzbd/kustomization.yaml b/kubernetes/cluster-0/apps/downloaders/sabnzbd/kustomization.yaml similarity index 100% rename from cluster/apps/downloaders/sabnzbd/kustomization.yaml rename to kubernetes/cluster-0/apps/downloaders/sabnzbd/kustomization.yaml diff --git a/cluster/apps/downloaders/sabnzbd/secret.sops.yaml b/kubernetes/cluster-0/apps/downloaders/sabnzbd/secret.sops.yaml similarity index 100% rename from cluster/apps/downloaders/sabnzbd/secret.sops.yaml rename to kubernetes/cluster-0/apps/downloaders/sabnzbd/secret.sops.yaml diff --git a/cluster/apps/downloaders/sabnzbd/volume.yaml b/kubernetes/cluster-0/apps/downloaders/sabnzbd/volume.yaml similarity index 100% rename from cluster/apps/downloaders/sabnzbd/volume.yaml rename to kubernetes/cluster-0/apps/downloaders/sabnzbd/volume.yaml diff --git a/cluster/apps/home-automation/emqx/helm-release.yaml b/kubernetes/cluster-0/apps/home-automation/emqx/helm-release.yaml similarity index 96% rename from cluster/apps/home-automation/emqx/helm-release.yaml rename to kubernetes/cluster-0/apps/home-automation/emqx/helm-release.yaml index a88ba3a87..3c36f75a2 100644 --- a/cluster/apps/home-automation/emqx/helm-release.yaml +++ b/kubernetes/cluster-0/apps/home-automation/emqx/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 5.0.3 sourceRef: kind: HelmRepository - name: emqx-charts + name: emqx namespace: flux-system install: createNamespace: true @@ -33,8 +33,7 @@ spec: EMQX_AUTH__USER__1__PASSWORD: ${SECRET_MQTT_PASSWORD} service: type: LoadBalancer - externalIPs: - - ${CLUSTER_LB_EMQX} + loadBalancerIP: ${CLUSTER_LB_EMQX} externalTrafficPolicy: Local ingress: dashboard: diff --git a/cluster/apps/home-automation/emqx/kustomization.yaml b/kubernetes/cluster-0/apps/home-automation/emqx/kustomization.yaml similarity index 100% rename from cluster/apps/home-automation/emqx/kustomization.yaml rename to kubernetes/cluster-0/apps/home-automation/emqx/kustomization.yaml diff --git a/cluster/apps/home-automation/emqx/secret.sops.yaml b/kubernetes/cluster-0/apps/home-automation/emqx/secret.sops.yaml similarity index 100% rename from cluster/apps/home-automation/emqx/secret.sops.yaml rename to kubernetes/cluster-0/apps/home-automation/emqx/secret.sops.yaml diff --git a/cluster/apps/home-automation/frigate/config.yaml b/kubernetes/cluster-0/apps/home-automation/frigate/config.yaml similarity index 100% rename from cluster/apps/home-automation/frigate/config.yaml rename to kubernetes/cluster-0/apps/home-automation/frigate/config.yaml diff --git a/cluster/apps/home-automation/frigate/helm-release.yaml b/kubernetes/cluster-0/apps/home-automation/frigate/helm-release.yaml similarity index 99% rename from cluster/apps/home-automation/frigate/helm-release.yaml rename to kubernetes/cluster-0/apps/home-automation/frigate/helm-release.yaml index 2b0d47ba4..4abb550b8 100644 --- a/cluster/apps/home-automation/frigate/helm-release.yaml +++ b/kubernetes/cluster-0/apps/home-automation/frigate/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/home-automation/frigate/kustomization.yaml b/kubernetes/cluster-0/apps/home-automation/frigate/kustomization.yaml similarity index 100% rename from cluster/apps/home-automation/frigate/kustomization.yaml rename to kubernetes/cluster-0/apps/home-automation/frigate/kustomization.yaml diff --git a/cluster/apps/home-automation/frigate/volume.yaml b/kubernetes/cluster-0/apps/home-automation/frigate/volume.yaml similarity index 100% rename from cluster/apps/home-automation/frigate/volume.yaml rename to kubernetes/cluster-0/apps/home-automation/frigate/volume.yaml diff --git a/cluster/apps/home-automation/home-assistant-code/helm-release.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant-code/helm-release.yaml similarity index 98% rename from cluster/apps/home-automation/home-assistant-code/helm-release.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant-code/helm-release.yaml index bd19c8284..28aa2a8f9 100644 --- a/cluster/apps/home-automation/home-assistant-code/helm-release.yaml +++ b/kubernetes/cluster-0/apps/home-automation/home-assistant-code/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/home-automation/home-assistant-code/kustomization.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant-code/kustomization.yaml similarity index 100% rename from cluster/apps/home-automation/home-assistant-code/kustomization.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant-code/kustomization.yaml diff --git a/cluster/apps/home-automation/home-assistant/helm-release.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant/helm-release.yaml similarity index 97% rename from cluster/apps/home-automation/home-assistant/helm-release.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant/helm-release.yaml index 11f06f0a5..8b166523f 100644 --- a/cluster/apps/home-automation/home-assistant/helm-release.yaml +++ b/kubernetes/cluster-0/apps/home-automation/home-assistant/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -40,8 +40,7 @@ spec: service: main: type: LoadBalancer - externalIPs: - - ${CLUSTER_LB_HASS} + loadBalancerIP: ${CLUSTER_LB_HASS} externalTrafficPolicy: Local ports: http: diff --git a/cluster/apps/home-automation/home-assistant/kustomization.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant/kustomization.yaml similarity index 100% rename from cluster/apps/home-automation/home-assistant/kustomization.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant/kustomization.yaml diff --git a/cluster/apps/home-automation/home-assistant/patches/postgres.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant/patches/postgres.yaml similarity index 100% rename from cluster/apps/home-automation/home-assistant/patches/postgres.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant/patches/postgres.yaml diff --git a/cluster/apps/home-automation/home-assistant/podmonitor.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant/podmonitor.yaml similarity index 100% rename from cluster/apps/home-automation/home-assistant/podmonitor.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant/podmonitor.yaml diff --git a/cluster/apps/home-automation/home-assistant/secret.sops.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant/secret.sops.yaml similarity index 100% rename from cluster/apps/home-automation/home-assistant/secret.sops.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant/secret.sops.yaml diff --git a/cluster/apps/home-automation/home-assistant/token.sops.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant/token.sops.yaml similarity index 100% rename from cluster/apps/home-automation/home-assistant/token.sops.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant/token.sops.yaml diff --git a/cluster/apps/home-automation/home-assistant/volume.yaml b/kubernetes/cluster-0/apps/home-automation/home-assistant/volume.yaml similarity index 100% rename from cluster/apps/home-automation/home-assistant/volume.yaml rename to kubernetes/cluster-0/apps/home-automation/home-assistant/volume.yaml diff --git a/cluster/apps/home-automation/kustomization.yaml b/kubernetes/cluster-0/apps/home-automation/kustomization.yaml similarity index 100% rename from cluster/apps/home-automation/kustomization.yaml rename to kubernetes/cluster-0/apps/home-automation/kustomization.yaml diff --git a/cluster/apps/home-automation/zigbee2mqtt/helm-release.yaml b/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/helm-release.yaml similarity index 98% rename from cluster/apps/home-automation/zigbee2mqtt/helm-release.yaml rename to kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/helm-release.yaml index eceb035d6..c08c9cec2 100644 --- a/cluster/apps/home-automation/zigbee2mqtt/helm-release.yaml +++ b/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/home-automation/zigbee2mqtt/kustomization.yaml b/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/kustomization.yaml similarity index 100% rename from cluster/apps/home-automation/zigbee2mqtt/kustomization.yaml rename to kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/kustomization.yaml diff --git a/cluster/apps/home-automation/zigbee2mqtt/patches/env.yaml b/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/patches/env.yaml similarity index 80% rename from cluster/apps/home-automation/zigbee2mqtt/patches/env.yaml rename to kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/patches/env.yaml index a18d6aabe..f1d7cffe4 100644 --- a/cluster/apps/home-automation/zigbee2mqtt/patches/env.yaml +++ b/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/patches/env.yaml @@ -16,18 +16,21 @@ spec: ZIGBEE2MQTT_CONFIG_ADVANCED_LAST_SEEN: ISO_8601 ZIGBEE2MQTT_CONFIG_ADVANCED_LEGACY_API: "false" ZIGBEE2MQTT_CONFIG_ADVANCED_LEGACY_AVAILABILITY_PAYLOAD: "false" - # ZIGBEE2MQTT_CONFIG_ADVANCED_LOG_LEVEL: info + ZIGBEE2MQTT_CONFIG_ADVANCED_LOG_LEVEL: warn + ZIGBEE2MQTT_CONFIG_ADVANCED_LOG_OUTPUT: '["console"]' + ZIGBEE2MQTT_CONFIG_ADVANCED_NETWORK_KEY: "[204, 61, 75, 23, 44, 230, 24, 203, 53, 5, 248, 32, 50, 84, 44, 159]" ZIGBEE2MQTT_CONFIG_AVAILABILITY_ACTIVE_TIMEOUT: 60 ZIGBEE2MQTT_CONFIG_AVAILABILITY_PASSIVE_TIMEOUT: 2000 ZIGBEE2MQTT_CONFIG_DEVICE_OPTIONS_LEGACY: "false" ZIGBEE2MQTT_CONFIG_DEVICE_OPTIONS_RETAIN: "true" ZIGBEE2MQTT_CONFIG_EXPERIMENTAL_NEW_API: "true" + ZIGBEE2MQTT_CONFIG_FRONTEND_PORT: 8080 ZIGBEE2MQTT_CONFIG_FRONTEND_URL: "https://zigbee.${SECRET_CLUSTER_DOMAIN}" ZIGBEE2MQTT_CONFIG_HOMEASSISTANT: "true" ZIGBEE2MQTT_CONFIG_MQTT_INCLUDE_DEVICE_INFORMATION: "true" ZIGBEE2MQTT_CONFIG_MQTT_KEEPALIVE: 60 ZIGBEE2MQTT_CONFIG_MQTT_REJECT_UNAUTHORIZED: "true" - ZIGBEE2MQTT_CONFIG_MQTT_SERVER: mqtt://emqx.default.svc.cluster.local. + ZIGBEE2MQTT_CONFIG_MQTT_SERVER: "mqtt://emqx.default.svc.cluster.local." ZIGBEE2MQTT_CONFIG_MQTT_VERSION: 5 ZIGBEE2MQTT_CONFIG_MQTT_USER: valueFrom: @@ -39,7 +42,8 @@ spec: secretKeyRef: name: emqx-config key: user_1_password + ZIGBEE2MQTT_CONFIG_PERMIT_JOIN: "false" ZIGBEE2MQTT_CONFIG_SERIAL_PORT: /dev/serial/by-id/usb-1a86_USB_Serial-if00-port0 - ZIGBEE2MQTT_CONFIG_ADVANCED_LOG_OUTPUT: '["console"]' - ZIGBEE2MQTT_CONFIG_DEVICES: devices.yaml - ZIGBEE2MQTT_CONFIG_GROUPS: groups.yaml + + # ZIGBEE2MQTT_CONFIG_DEVICES: devices.yaml + # ZIGBEE2MQTT_CONFIG_GROUPS: groups.yaml diff --git a/cluster/apps/home-automation/zigbee2mqtt/patches/exporter.yaml b/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/patches/exporter.yaml similarity index 100% rename from cluster/apps/home-automation/zigbee2mqtt/patches/exporter.yaml rename to kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/patches/exporter.yaml diff --git a/cluster/apps/home-automation/zigbee2mqtt/prometheus-rule.yaml b/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/prometheus-rule.yaml similarity index 100% rename from cluster/apps/home-automation/zigbee2mqtt/prometheus-rule.yaml rename to kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/prometheus-rule.yaml diff --git a/cluster/apps/home-automation/zigbee2mqtt/volume.yaml b/kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/volume.yaml similarity index 100% rename from cluster/apps/home-automation/zigbee2mqtt/volume.yaml rename to kubernetes/cluster-0/apps/home-automation/zigbee2mqtt/volume.yaml diff --git a/cluster/apps/home-automation/zwavejs2mqtt/helm-release.yaml b/kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/helm-release.yaml similarity index 98% rename from cluster/apps/home-automation/zwavejs2mqtt/helm-release.yaml rename to kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/helm-release.yaml index d24d4b928..379ece1ec 100644 --- a/cluster/apps/home-automation/zwavejs2mqtt/helm-release.yaml +++ b/kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/home-automation/zwavejs2mqtt/kustomization.yaml b/kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/kustomization.yaml similarity index 100% rename from cluster/apps/home-automation/zwavejs2mqtt/kustomization.yaml rename to kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/kustomization.yaml diff --git a/cluster/apps/home-automation/zwavejs2mqtt/volume.yaml b/kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/volume.yaml similarity index 100% rename from cluster/apps/home-automation/zwavejs2mqtt/volume.yaml rename to kubernetes/cluster-0/apps/home-automation/zwavejs2mqtt/volume.yaml diff --git a/cluster/apps/kube-tools/coredns-nodecache/configmap.yaml b/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/configmap.yaml similarity index 100% rename from cluster/apps/kube-tools/coredns-nodecache/configmap.yaml rename to kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/configmap.yaml diff --git a/cluster/apps/kube-tools/coredns-nodecache/daemonset.yaml b/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/daemonset.yaml similarity index 100% rename from cluster/apps/kube-tools/coredns-nodecache/daemonset.yaml rename to kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/daemonset.yaml diff --git a/cluster/apps/kube-tools/coredns-nodecache/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/coredns-nodecache/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/kustomization.yaml diff --git a/cluster/apps/kube-tools/coredns-nodecache/service-account.yaml b/kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/service-account.yaml similarity index 100% rename from cluster/apps/kube-tools/coredns-nodecache/service-account.yaml rename to kubernetes/cluster-0/apps/kube-tools/coredns-nodecache/service-account.yaml diff --git a/cluster/apps/kube-tools/descheduler/helm-release.yaml b/kubernetes/cluster-0/apps/kube-tools/descheduler/helm-release.yaml similarity index 98% rename from cluster/apps/kube-tools/descheduler/helm-release.yaml rename to kubernetes/cluster-0/apps/kube-tools/descheduler/helm-release.yaml index 60b705ca3..c3517f489 100644 --- a/cluster/apps/kube-tools/descheduler/helm-release.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/descheduler/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 0.25.2 sourceRef: kind: HelmRepository - name: descheduler-charts + name: descheduler namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/kube-tools/descheduler/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/descheduler/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/descheduler/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/descheduler/kustomization.yaml diff --git a/cluster/apps/kube-tools/intel-gpu-exporter/helm-release.yaml b/kubernetes/cluster-0/apps/kube-tools/intel-gpu-exporter/helm-release.yaml similarity index 98% rename from cluster/apps/kube-tools/intel-gpu-exporter/helm-release.yaml rename to kubernetes/cluster-0/apps/kube-tools/intel-gpu-exporter/helm-release.yaml index 1a7cbb441..761af36ca 100644 --- a/cluster/apps/kube-tools/intel-gpu-exporter/helm-release.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/intel-gpu-exporter/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/kube-tools/intel-gpu-exporter/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/intel-gpu-exporter/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/intel-gpu-exporter/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/intel-gpu-exporter/kustomization.yaml diff --git a/cluster/apps/kube-tools/intel-gpu-plugin/helm-release.yaml b/kubernetes/cluster-0/apps/kube-tools/intel-gpu-plugin/helm-release.yaml similarity index 98% rename from cluster/apps/kube-tools/intel-gpu-plugin/helm-release.yaml rename to kubernetes/cluster-0/apps/kube-tools/intel-gpu-plugin/helm-release.yaml index 88928a41c..47097b685 100644 --- a/cluster/apps/kube-tools/intel-gpu-plugin/helm-release.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/intel-gpu-plugin/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/kube-tools/intel-gpu-plugin/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/intel-gpu-plugin/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/intel-gpu-plugin/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/intel-gpu-plugin/kustomization.yaml diff --git a/cluster/apps/kube-tools/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/kustomization.yaml similarity index 92% rename from cluster/apps/kube-tools/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/kustomization.yaml index 76b0a87bb..f83ee248f 100644 --- a/cluster/apps/kube-tools/kustomization.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/kustomization.yaml @@ -11,4 +11,3 @@ resources: - node-feature-discovery - rbac - reloader - - system-upgrade diff --git a/cluster/apps/kube-tools/kyverno/helm-release.yaml b/kubernetes/cluster-0/apps/kube-tools/kyverno/helm-release.yaml similarity index 81% rename from cluster/apps/kube-tools/kyverno/helm-release.yaml rename to kubernetes/cluster-0/apps/kube-tools/kyverno/helm-release.yaml index 59410d926..5eddb9584 100644 --- a/cluster/apps/kube-tools/kyverno/helm-release.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/kyverno/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 2.6.1 sourceRef: kind: HelmRepository - name: kyverno-charts + name: kyverno namespace: flux-system install: createNamespace: true @@ -22,10 +22,16 @@ spec: remediation: retries: 5 values: - installCRDs: true + installCRDs: false replicaCount: 3 serviceMonitor: enabled: true + resources: + requests: + cpu: 247m + memory: 443M + limits: + memory: 1336M topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname diff --git a/cluster/apps/kube-tools/kyverno/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/kyverno/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/kyverno/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/kyverno/kustomization.yaml diff --git a/cluster/apps/kube-tools/kyverno/policies/helm-release.yaml b/kubernetes/cluster-0/apps/kube-tools/kyverno/policies/helm-release.yaml similarity index 99% rename from cluster/apps/kube-tools/kyverno/policies/helm-release.yaml rename to kubernetes/cluster-0/apps/kube-tools/kyverno/policies/helm-release.yaml index 65c3ee065..3f13d9b96 100644 --- a/cluster/apps/kube-tools/kyverno/policies/helm-release.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/kyverno/policies/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true @@ -256,7 +256,7 @@ spec: name: "{{ request.object.metadata.name }}" uid: "{{ request.object.metadata.uid }}" spec: - schedule: "0 22 * * *" + schedule: "0 7 * * *" suspend: false concurrencyPolicy: Forbid successfulJobsHistoryLimit: 1 diff --git a/cluster/apps/kube-tools/kyverno/policies/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/kyverno/policies/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/kyverno/policies/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/kyverno/policies/kustomization.yaml diff --git a/cluster/apps/kube-tools/metrics-server/helm-release.yaml b/kubernetes/cluster-0/apps/kube-tools/metrics-server/helm-release.yaml similarity index 94% rename from cluster/apps/kube-tools/metrics-server/helm-release.yaml rename to kubernetes/cluster-0/apps/kube-tools/metrics-server/helm-release.yaml index 41ba81cd1..381e080de 100644 --- a/cluster/apps/kube-tools/metrics-server/helm-release.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/metrics-server/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 3.8.2 sourceRef: kind: HelmRepository - name: metrics-server-charts + name: metrics-server namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/kube-tools/metrics-server/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/metrics-server/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/metrics-server/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/metrics-server/kustomization.yaml diff --git a/cluster/apps/kube-tools/node-feature-discovery/helm-release.yaml b/kubernetes/cluster-0/apps/kube-tools/node-feature-discovery/helm-release.yaml similarity index 97% rename from cluster/apps/kube-tools/node-feature-discovery/helm-release.yaml rename to kubernetes/cluster-0/apps/kube-tools/node-feature-discovery/helm-release.yaml index 49f2a5420..635c38e7e 100644 --- a/cluster/apps/kube-tools/node-feature-discovery/helm-release.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/node-feature-discovery/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 0.11.3 sourceRef: kind: HelmRepository - name: node-feature-discovery-charts + name: node-feature-discovery namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/kube-tools/node-feature-discovery/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/node-feature-discovery/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/node-feature-discovery/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/node-feature-discovery/kustomization.yaml diff --git a/cluster/apps/kube-tools/rbac/jobs.yaml b/kubernetes/cluster-0/apps/kube-tools/rbac/jobs.yaml similarity index 100% rename from cluster/apps/kube-tools/rbac/jobs.yaml rename to kubernetes/cluster-0/apps/kube-tools/rbac/jobs.yaml diff --git a/cluster/apps/kube-tools/rbac/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/rbac/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/rbac/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/rbac/kustomization.yaml diff --git a/cluster/apps/kube-tools/reloader/helm-release.yaml b/kubernetes/cluster-0/apps/kube-tools/reloader/helm-release.yaml similarity index 94% rename from cluster/apps/kube-tools/reloader/helm-release.yaml rename to kubernetes/cluster-0/apps/kube-tools/reloader/helm-release.yaml index 497f9d0cb..bb6b1998d 100644 --- a/cluster/apps/kube-tools/reloader/helm-release.yaml +++ b/kubernetes/cluster-0/apps/kube-tools/reloader/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.0.124 sourceRef: kind: HelmRepository - name: stakater-charts + name: stakater namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/kube-tools/reloader/kustomization.yaml b/kubernetes/cluster-0/apps/kube-tools/reloader/kustomization.yaml similarity index 100% rename from cluster/apps/kube-tools/reloader/kustomization.yaml rename to kubernetes/cluster-0/apps/kube-tools/reloader/kustomization.yaml diff --git a/cluster/apps/kustomization.yaml b/kubernetes/cluster-0/apps/kustomization.yaml similarity index 93% rename from cluster/apps/kustomization.yaml rename to kubernetes/cluster-0/apps/kustomization.yaml index c5b7ccc0b..8dac35104 100644 --- a/cluster/apps/kustomization.yaml +++ b/kubernetes/cluster-0/apps/kustomization.yaml @@ -3,14 +3,14 @@ kind: Kustomization resources: - namespaces.yaml - authentication - #- crypto + # - crypto - databases - development - documentation - downloaders - home-automation - kube-tools - #- logs + - logs - media-automation - media-servers - monitoring diff --git a/cluster/apps/logs/kustomization.yaml b/kubernetes/cluster-0/apps/logs/kustomization.yaml similarity index 100% rename from cluster/apps/logs/kustomization.yaml rename to kubernetes/cluster-0/apps/logs/kustomization.yaml diff --git a/cluster/apps/logs/loki/config-map.yaml b/kubernetes/cluster-0/apps/logs/loki/config-map.yaml similarity index 100% rename from cluster/apps/logs/loki/config-map.yaml rename to kubernetes/cluster-0/apps/logs/loki/config-map.yaml diff --git a/cluster/apps/logs/loki/helm-release.yaml b/kubernetes/cluster-0/apps/logs/loki/helm-release.yaml similarity index 68% rename from cluster/apps/logs/loki/helm-release.yaml rename to kubernetes/cluster-0/apps/logs/loki/helm-release.yaml index ab547a95c..1d2dbd09b 100644 --- a/cluster/apps/logs/loki/helm-release.yaml +++ b/kubernetes/cluster-0/apps/logs/loki/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 3.3.4 sourceRef: kind: HelmRepository - name: grafana-charts + name: grafana namespace: flux-system install: createNamespace: true @@ -93,7 +93,16 @@ spec: reporting_enabled: false gateway: enabled: true - replicas: 2 + replicas: 3 + affinity: | + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchLabels: + {{- include "loki.gatewaySelectorLabels" . | nindent 12 }} + topologyKey: kubernetes.io/hostname ingress: enabled: true ingressClassName: "nginx" @@ -106,12 +115,30 @@ spec: - hosts: - *host write: - replicas: 2 + replicas: 3 + affinity: | + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchLabels: + {{- include "loki.writeSelectorLabels" . | nindent 12 }} + topologyKey: kubernetes.io/hostname persistence: size: 10Gi storageClass: rook-ceph-block read: - replicas: 2 + replicas: 3 + affinity: | + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchLabels: + {{- include "loki.readSelectorLabels" . | nindent 12 }} + topologyKey: kubernetes.io/hostname extraVolumeMounts: - name: loki-rules mountPath: /rules/fake @@ -121,8 +148,7 @@ spec: mountPath: /tmp/loki-tmp extraVolumes: - name: loki-rules - configMap: - name: loki-alerting-rules + emptyDir: {} - name: loki-rules-tmp emptyDir: {} - name: loki-tmp @@ -131,24 +157,32 @@ spec: size: 10Gi storageClass: rook-ceph-block monitoring: + serviceMonitor: + enabled: false + metricsInstance: + enabled: false selfMonitoring: enabled: false grafanaAgent: installOperator: false + lokiCanary: + enabled: false + test: + enabled: false valuesFrom: - - targetPath: loki.structuredConfig.common.storage.s3.bucketnames - kind: ConfigMap + - kind: ConfigMap name: loki-chunks-bucket valuesKey: BUCKET_NAME - - targetPath: loki.structuredConfig.common.storage.s3.endpoint - kind: ConfigMap + targetPath: loki.structuredConfig.common.storage.s3.bucketnames + - kind: ConfigMap name: loki-chunks-bucket valuesKey: BUCKET_HOST - - targetPath: loki.structuredConfig.common.storage.s3.access_key_id - kind: Secret + targetPath: loki.structuredConfig.common.storage.s3.endpoint + - kind: Secret name: loki-chunks-bucket valuesKey: AWS_ACCESS_KEY_ID - - targetPath: loki.structuredConfig.common.storage.s3.secret_access_key - kind: Secret + targetPath: loki.structuredConfig.common.storage.s3.access_key_id + - kind: Secret name: loki-chunks-bucket valuesKey: AWS_SECRET_ACCESS_KEY + targetPath: loki.structuredConfig.common.storage.s3.secret_access_key diff --git a/cluster/apps/logs/loki/kustomization.yaml b/kubernetes/cluster-0/apps/logs/loki/kustomization.yaml similarity index 100% rename from cluster/apps/logs/loki/kustomization.yaml rename to kubernetes/cluster-0/apps/logs/loki/kustomization.yaml diff --git a/cluster/apps/logs/loki/object-bucket-claim.yaml b/kubernetes/cluster-0/apps/logs/loki/object-bucket-claim.yaml similarity index 100% rename from cluster/apps/logs/loki/object-bucket-claim.yaml rename to kubernetes/cluster-0/apps/logs/loki/object-bucket-claim.yaml diff --git a/kubernetes/cluster-0/apps/logs/vector/agent/helm-release.yaml b/kubernetes/cluster-0/apps/logs/vector/agent/helm-release.yaml new file mode 100644 index 000000000..6a5d29c6b --- /dev/null +++ b/kubernetes/cluster-0/apps/logs/vector/agent/helm-release.yaml @@ -0,0 +1,84 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: vector-agent + namespace: monitoring +spec: + interval: 30m + chart: + spec: + chart: vector + version: 0.17.0 + sourceRef: + kind: HelmRepository + name: vector + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 5 + upgrade: + remediation: + retries: 5 + dependsOn: + - name: loki + namespace: monitoring + - name: vector-aggregator + namespace: monitoring + values: + image: + repository: timberio/vector + tag: 0.25.1-debian + role: "Agent" + podAnnotations: + configmap.reloader.stakater.com/reload: vector-agent + customConfig: + data_dir: /vector-data-dir + api: + enabled: false + # Sources + sources: + kubernetes_logs: + type: kubernetes_logs + talos_kernel_logs: + type: socket + mode: udp + address: 127.0.0.1:12000 + talos_service_logs: + type: socket + mode: udp + address: 127.0.0.1:12001 + # Sinks + sinks: + kubernetes_sink: + type: vector + inputs: + - kubernetes_logs + address: "vector-aggregator.monitoring:6000" + version: "2" + talos_kernel_sink: + type: vector + inputs: + - talos_kernel_logs + address: "vector-aggregator.monitoring:6050" + version: "2" + talos_service_sink: + type: vector + inputs: + - talos_service_logs + address: "vector-aggregator.monitoring:6051" + version: "2" + podMonitor: + enabled: true + resources: + requests: + cpu: 23m + memory: 249M + limits: + memory: 918M + service: + enabled: false + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule diff --git a/cluster/apps/logs/vector/agent/kustomization.yaml b/kubernetes/cluster-0/apps/logs/vector/agent/kustomization.yaml similarity index 100% rename from cluster/apps/logs/vector/agent/kustomization.yaml rename to kubernetes/cluster-0/apps/logs/vector/agent/kustomization.yaml diff --git a/cluster/apps/logs/vector/aggregator/filterlog-regex.txt b/kubernetes/cluster-0/apps/logs/vector/aggregator/filterlog-regex.txt similarity index 100% rename from cluster/apps/logs/vector/aggregator/filterlog-regex.txt rename to kubernetes/cluster-0/apps/logs/vector/aggregator/filterlog-regex.txt diff --git a/kubernetes/cluster-0/apps/logs/vector/aggregator/helm-release.yaml b/kubernetes/cluster-0/apps/logs/vector/aggregator/helm-release.yaml new file mode 100644 index 000000000..fba29cb1b --- /dev/null +++ b/kubernetes/cluster-0/apps/logs/vector/aggregator/helm-release.yaml @@ -0,0 +1,218 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: vector-aggregator + namespace: monitoring +spec: + interval: 15m + chart: + spec: + chart: vector + version: 0.17.0 + sourceRef: + kind: HelmRepository + name: vector + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 5 + upgrade: + remediation: + retries: 5 + dependsOn: + - name: loki + namespace: monitoring + values: + image: + repository: timberio/vector + tag: 0.25.1-debian + role: "Stateless-Aggregator" + podAnnotations: + configmap.reloader.stakater.com/reload: vector-aggregator + customConfig: + data_dir: /vector-data-dir + api: + enabled: false + # Sources + sources: + kubernetes_logs: + address: 0.0.0.0:6000 + type: vector + version: "2" + opnsense_logs: + address: 0.0.0.0:6001 + type: vector + version: "2" + journal_logs: + type: vector + address: 0.0.0.0:6002 + version: "2" + vector_metrics: + type: internal_metrics + talos_kernel_logs: + address: 0.0.0.0:6050 + type: socket + mode: udp + max_length: 102400 + decoding: + codec: json + host_key: __host + talos_service_logs: + address: 0.0.0.0:6051 + type: socket + mode: udp + max_length: 102400 + decoding: + codec: json + host_key: __host + # Transformations + transforms: + talos_kernel_logs_xform: + type: remap + inputs: + - talos_kernel_logs + source: |- + .__host = replace!(.__host, "192.168.9.101", "talos-node-1") + .__host = replace(.__host, "192.168.9.102", "talos-node-2") + .__host = replace(.__host, "192.168.9.103", "talos-node-3") + .__host = replace(.__host, "192.168.9.104", "talos-node-4") + talos_service_logs_xform: + type: remap + inputs: + - talos_service_logs + source: |- + .__host = replace!(.__host, "192.168.9.101", "talos-node-1") + .__host = replace(.__host, "192.168.9.102", "talos-node-2") + .__host = replace(.__host, "192.168.9.103", "talos-node-3") + .__host = replace(.__host, "192.168.9.104", "talos-node-4") + # Sinks + sinks: + loki_kubernetes: + type: loki + inputs: + - kubernetes_logs + endpoint: http://loki-gateway.monitoring:80 + encoding: + codec: json + batch: + max_bytes: 2049000 + out_of_order_action: rewrite_timestamp + remove_label_fields: true + remove_timestamp: true + labels: + k8s_app: >- + {{`{{ "kubernetes.pod_labels.app\.kubernetes\.io/name" }}`}} + k8s_container: >- + {{`{{ "kubernetes.container_name" }}`}} + k8s_filename: >- + {{`{{ "kubernetes.file" }}`}} + k8s_instance: >- + {{`{{ "kubernetes.pod_labels.app\.kubernetes\.io/instance" }}`}} + k8s_namespace: >- + {{`{{ "kubernetes.pod_namespace" }}`}} + k8s_node: >- + {{`{{ "kubernetes.pod_node_name" }}`}} + k8s_pod: >- + {{`{{ "kubernetes.pod_name" }}`}} + loki_opnsense: + type: loki + inputs: + - opnsense_logs + endpoint: http://loki-gateway.monitoring:80 + encoding: + codec: json + batch: + max_bytes: 400000 + out_of_order_action: rewrite_timestamp + labels: + hostname: >- + {{`{{ host }}`}} + syslog_identifier: >- + {{`{{ SYSLOG_IDENTIFIER }}`}} + loki_journal: + type: loki + inputs: + - journal_logs + endpoint: http://loki-gateway.monitoring:80 + encoding: + codec: json + batch: + max_bytes: 2049000 + out_of_order_action: accept + remove_label_fields: true + remove_timestamp: true + labels: + hostname: >- + {{`{{ host }}`}} + talos_kernel: + type: loki + inputs: + - talos_kernel_logs_xform + endpoint: http://loki-gateway.monitoring:80 + encoding: + codec: json + except_fields: + - __host + batch: + max_bytes: 1048576 + out_of_order_action: rewrite_timestamp + labels: + hostname: >- + {{`{{ __host }}`}} + service: >- + {{`{{ facility }}`}} + talos_service: + type: loki + inputs: + - talos_service_logs_xform + endpoint: http://loki-gateway.monitoring:80 + encoding: + codec: json + except_fields: + - __host + batch: + max_bytes: 524288 + out_of_order_action: rewrite_timestamp + labels: + hostname: >- + {{`{{ __host }}`}} + service: >- + {{`{{ "talos-service" }}`}} + namespace: "talos:service" + extraVolumeMounts: + - name: geoip + mountPath: /geoip + extraVolumes: + - name: geoip + persistentVolumeClaim: + claimName: vector-geoipupdate-config + podMonitor: + enabled: true + jobLabel: vector-aggregator + port: prometheus-sink + resources: + requests: + cpu: 35m + memory: 381M + limits: + memory: 726M + service: + enabled: true + type: LoadBalancer + annotations: + coredns.io/hostname: "vector.${SECRET_CLUSTER_DOMAIN}" + postRenderers: + - kustomize: + patchesJson6902: + - target: + kind: Service + name: vector-aggregator + patch: + - op: add + path: /spec/loadBalancerIP + value: ${CLUSTER_LB_VECTOR} + - op: replace + path: /spec/externalTrafficPolicy + value: Local diff --git a/cluster/apps/logs/vector/aggregator/kustomization.yaml b/kubernetes/cluster-0/apps/logs/vector/aggregator/kustomization.yaml similarity index 100% rename from cluster/apps/logs/vector/aggregator/kustomization.yaml rename to kubernetes/cluster-0/apps/logs/vector/aggregator/kustomization.yaml diff --git a/cluster/apps/logs/vector/geoipupdate/cron-job.yaml b/kubernetes/cluster-0/apps/logs/vector/geoipupdate/cron-job.yaml similarity index 100% rename from cluster/apps/logs/vector/geoipupdate/cron-job.yaml rename to kubernetes/cluster-0/apps/logs/vector/geoipupdate/cron-job.yaml diff --git a/cluster/apps/logs/vector/geoipupdate/kustomization.yaml b/kubernetes/cluster-0/apps/logs/vector/geoipupdate/kustomization.yaml similarity index 100% rename from cluster/apps/logs/vector/geoipupdate/kustomization.yaml rename to kubernetes/cluster-0/apps/logs/vector/geoipupdate/kustomization.yaml diff --git a/cluster/apps/logs/vector/geoipupdate/secret.sops.yaml b/kubernetes/cluster-0/apps/logs/vector/geoipupdate/secret.sops.yaml similarity index 100% rename from cluster/apps/logs/vector/geoipupdate/secret.sops.yaml rename to kubernetes/cluster-0/apps/logs/vector/geoipupdate/secret.sops.yaml diff --git a/cluster/apps/logs/vector/geoipupdate/volume.yaml b/kubernetes/cluster-0/apps/logs/vector/geoipupdate/volume.yaml similarity index 100% rename from cluster/apps/logs/vector/geoipupdate/volume.yaml rename to kubernetes/cluster-0/apps/logs/vector/geoipupdate/volume.yaml diff --git a/cluster/apps/logs/vector/kustomization.yaml b/kubernetes/cluster-0/apps/logs/vector/kustomization.yaml similarity index 100% rename from cluster/apps/logs/vector/kustomization.yaml rename to kubernetes/cluster-0/apps/logs/vector/kustomization.yaml diff --git a/cluster/apps/media-automation/bazarr/helm-release.yaml b/kubernetes/cluster-0/apps/media-automation/bazarr/helm-release.yaml similarity index 98% rename from cluster/apps/media-automation/bazarr/helm-release.yaml rename to kubernetes/cluster-0/apps/media-automation/bazarr/helm-release.yaml index 049972804..ae915a0b0 100644 --- a/cluster/apps/media-automation/bazarr/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-automation/bazarr/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-automation/bazarr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/bazarr/kustomization.yaml similarity index 100% rename from cluster/apps/media-automation/bazarr/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/bazarr/kustomization.yaml diff --git a/cluster/apps/media-automation/bazarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/bazarr/secret.sops.yaml similarity index 100% rename from cluster/apps/media-automation/bazarr/secret.sops.yaml rename to kubernetes/cluster-0/apps/media-automation/bazarr/secret.sops.yaml diff --git a/cluster/apps/media-automation/bazarr/volume.yaml b/kubernetes/cluster-0/apps/media-automation/bazarr/volume.yaml similarity index 100% rename from cluster/apps/media-automation/bazarr/volume.yaml rename to kubernetes/cluster-0/apps/media-automation/bazarr/volume.yaml diff --git a/cluster/apps/media-automation/jellyseerr/helm-release.yaml b/kubernetes/cluster-0/apps/media-automation/jellyseerr/helm-release.yaml similarity index 98% rename from cluster/apps/media-automation/jellyseerr/helm-release.yaml rename to kubernetes/cluster-0/apps/media-automation/jellyseerr/helm-release.yaml index a37c51942..6df99d03e 100644 --- a/cluster/apps/media-automation/jellyseerr/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-automation/jellyseerr/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-automation/jellyseerr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/jellyseerr/kustomization.yaml similarity index 100% rename from cluster/apps/media-automation/jellyseerr/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/jellyseerr/kustomization.yaml diff --git a/cluster/apps/media-automation/jellyseerr/volume.yaml b/kubernetes/cluster-0/apps/media-automation/jellyseerr/volume.yaml similarity index 100% rename from cluster/apps/media-automation/jellyseerr/volume.yaml rename to kubernetes/cluster-0/apps/media-automation/jellyseerr/volume.yaml diff --git a/cluster/apps/media-automation/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/kustomization.yaml similarity index 90% rename from cluster/apps/media-automation/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/kustomization.yaml index d910c3706..3666081c3 100644 --- a/cluster/apps/media-automation/kustomization.yaml +++ b/kubernetes/cluster-0/apps/media-automation/kustomization.yaml @@ -6,6 +6,7 @@ resources: - bazarr - jellyseerr - lidarr + - music-transcode - prowlarr - radarr - readarr diff --git a/cluster/apps/media-automation/lidarr/helm-release.yaml b/kubernetes/cluster-0/apps/media-automation/lidarr/helm-release.yaml similarity index 98% rename from cluster/apps/media-automation/lidarr/helm-release.yaml rename to kubernetes/cluster-0/apps/media-automation/lidarr/helm-release.yaml index 12442b4bc..297784f13 100644 --- a/cluster/apps/media-automation/lidarr/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-automation/lidarr/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-automation/lidarr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/lidarr/kustomization.yaml similarity index 100% rename from cluster/apps/media-automation/lidarr/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/lidarr/kustomization.yaml diff --git a/cluster/apps/media-automation/lidarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/lidarr/secret.sops.yaml similarity index 100% rename from cluster/apps/media-automation/lidarr/secret.sops.yaml rename to kubernetes/cluster-0/apps/media-automation/lidarr/secret.sops.yaml diff --git a/cluster/apps/media-automation/lidarr/volume.yaml b/kubernetes/cluster-0/apps/media-automation/lidarr/volume.yaml similarity index 100% rename from cluster/apps/media-automation/lidarr/volume.yaml rename to kubernetes/cluster-0/apps/media-automation/lidarr/volume.yaml diff --git a/cluster/apps/web-tools/music-transcode/cronjob.yaml b/kubernetes/cluster-0/apps/media-automation/music-transcode/cronjob.yaml similarity index 90% rename from cluster/apps/web-tools/music-transcode/cronjob.yaml rename to kubernetes/cluster-0/apps/media-automation/music-transcode/cronjob.yaml index 1255b60fe..4a2efaae1 100644 --- a/cluster/apps/web-tools/music-transcode/cronjob.yaml +++ b/kubernetes/cluster-0/apps/media-automation/music-transcode/cronjob.yaml @@ -21,7 +21,7 @@ spec: initContainers: containers: - name: transcode-incremental - image: ghcr.io/auricom/freac:v1.1.6@sha256:68274a3ed658479e862832bdff7176c9688f954916aed30f95aa52666e5a6481 + image: ghcr.io/auricom/freac:1.1.6@sha256:596e72016ca4fea9767a68377722694c5005a4eec6e1400a5d1119160481656b imagePullPolicy: IfNotPresent env: - name: TRANSCODE_INPUT_DIR @@ -56,8 +56,8 @@ spec: volumes: - name: music-transcoded nfs: - server: "${LOCAL_LAN_OPENMEDIAVAULT}" - path: /export/music_transcoded + server: "${LOCAL_LAN_TRUENAS}" + path: /mnt/music_transcoded - name: music nfs: server: "${LOCAL_LAN_TRUENAS}" diff --git a/cluster/apps/web-tools/music-transcode/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/music-transcode/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/music-transcode/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/music-transcode/kustomization.yaml diff --git a/cluster/apps/media-automation/prowlarr/helm-release.yaml b/kubernetes/cluster-0/apps/media-automation/prowlarr/helm-release.yaml similarity index 98% rename from cluster/apps/media-automation/prowlarr/helm-release.yaml rename to kubernetes/cluster-0/apps/media-automation/prowlarr/helm-release.yaml index 721222ea7..83e197832 100644 --- a/cluster/apps/media-automation/prowlarr/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-automation/prowlarr/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-automation/prowlarr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/prowlarr/kustomization.yaml similarity index 100% rename from cluster/apps/media-automation/prowlarr/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/prowlarr/kustomization.yaml diff --git a/cluster/apps/media-automation/prowlarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/prowlarr/secret.sops.yaml similarity index 100% rename from cluster/apps/media-automation/prowlarr/secret.sops.yaml rename to kubernetes/cluster-0/apps/media-automation/prowlarr/secret.sops.yaml diff --git a/cluster/apps/media-automation/prowlarr/volume.yaml b/kubernetes/cluster-0/apps/media-automation/prowlarr/volume.yaml similarity index 100% rename from cluster/apps/media-automation/prowlarr/volume.yaml rename to kubernetes/cluster-0/apps/media-automation/prowlarr/volume.yaml diff --git a/cluster/apps/media-automation/radarr/helm-release.yaml b/kubernetes/cluster-0/apps/media-automation/radarr/helm-release.yaml similarity index 99% rename from cluster/apps/media-automation/radarr/helm-release.yaml rename to kubernetes/cluster-0/apps/media-automation/radarr/helm-release.yaml index 46439623d..2a6341300 100644 --- a/cluster/apps/media-automation/radarr/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-automation/radarr/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-automation/radarr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/radarr/kustomization.yaml similarity index 100% rename from cluster/apps/media-automation/radarr/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/radarr/kustomization.yaml diff --git a/cluster/apps/media-automation/radarr/scripts/pushover-notify.sh b/kubernetes/cluster-0/apps/media-automation/radarr/scripts/pushover-notify.sh similarity index 100% rename from cluster/apps/media-automation/radarr/scripts/pushover-notify.sh rename to kubernetes/cluster-0/apps/media-automation/radarr/scripts/pushover-notify.sh diff --git a/cluster/apps/media-automation/radarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/radarr/secret.sops.yaml similarity index 100% rename from cluster/apps/media-automation/radarr/secret.sops.yaml rename to kubernetes/cluster-0/apps/media-automation/radarr/secret.sops.yaml diff --git a/cluster/apps/media-automation/radarr/volume.yaml b/kubernetes/cluster-0/apps/media-automation/radarr/volume.yaml similarity index 100% rename from cluster/apps/media-automation/radarr/volume.yaml rename to kubernetes/cluster-0/apps/media-automation/radarr/volume.yaml diff --git a/cluster/apps/media-automation/readarr/helm-release.yaml b/kubernetes/cluster-0/apps/media-automation/readarr/helm-release.yaml similarity index 98% rename from cluster/apps/media-automation/readarr/helm-release.yaml rename to kubernetes/cluster-0/apps/media-automation/readarr/helm-release.yaml index 150621a13..2b3eb33f7 100644 --- a/cluster/apps/media-automation/readarr/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-automation/readarr/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-automation/readarr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/readarr/kustomization.yaml similarity index 100% rename from cluster/apps/media-automation/readarr/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/readarr/kustomization.yaml diff --git a/cluster/apps/media-automation/readarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/readarr/secret.sops.yaml similarity index 100% rename from cluster/apps/media-automation/readarr/secret.sops.yaml rename to kubernetes/cluster-0/apps/media-automation/readarr/secret.sops.yaml diff --git a/cluster/apps/media-automation/readarr/volume.yaml b/kubernetes/cluster-0/apps/media-automation/readarr/volume.yaml similarity index 100% rename from cluster/apps/media-automation/readarr/volume.yaml rename to kubernetes/cluster-0/apps/media-automation/readarr/volume.yaml diff --git a/cluster/apps/media-automation/recyclarr/config/recyclarr.yaml b/kubernetes/cluster-0/apps/media-automation/recyclarr/config/recyclarr.yaml similarity index 97% rename from cluster/apps/media-automation/recyclarr/config/recyclarr.yaml rename to kubernetes/cluster-0/apps/media-automation/recyclarr/config/recyclarr.yaml index bd3453322..6ab5ada98 100644 --- a/cluster/apps/media-automation/recyclarr/config/recyclarr.yaml +++ b/kubernetes/cluster-0/apps/media-automation/recyclarr/config/recyclarr.yaml @@ -59,9 +59,6 @@ sonarr: - e1a997ddb54e3ecbfe06341ad323c458 # Obfuscated - 06d66ab109d4d2eddb2794d21526d140 # Retags - 47435ece6b99a0b477caf360e79ba0bb # x265 (HD) - # Anime - - d428eda85af1df8904b4bbe4fc2f537c # First release profile - - 6cd9e10bb5bb4c63d2d7cd3279924c7b # Second release profile quality_profiles: - name: Any reset_unmatched_scores: true @@ -85,7 +82,7 @@ radarr: score: 1 - name: HD score: 1 - - name: SD + - name: Remux score: 1 - trash_ids: - 496f355514737f7d83bf7aa4d24f8169 # TrueHD Atmos diff --git a/cluster/apps/media-automation/recyclarr/helm-release.yaml b/kubernetes/cluster-0/apps/media-automation/recyclarr/helm-release.yaml similarity index 98% rename from cluster/apps/media-automation/recyclarr/helm-release.yaml rename to kubernetes/cluster-0/apps/media-automation/recyclarr/helm-release.yaml index 28e9b6f58..1d2bbc4db 100644 --- a/cluster/apps/media-automation/recyclarr/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-automation/recyclarr/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true @@ -76,7 +76,7 @@ spec: mountPath: /config/recyclarr.yaml subPath: recyclarr.yaml readOnly: true - - name: radarrs + - name: radarr image: ghcr.io/onedr0p/recyclarr:2.6.1@sha256:365025bc338e6941c40f8e7cb545a6847181ff3864cadda50583b46ce9994c87 env: - name: TZ diff --git a/cluster/apps/media-automation/recyclarr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/recyclarr/kustomization.yaml similarity index 100% rename from cluster/apps/media-automation/recyclarr/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/recyclarr/kustomization.yaml diff --git a/cluster/apps/media-automation/recyclarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/recyclarr/secret.sops.yaml similarity index 100% rename from cluster/apps/media-automation/recyclarr/secret.sops.yaml rename to kubernetes/cluster-0/apps/media-automation/recyclarr/secret.sops.yaml diff --git a/cluster/apps/media-automation/sonarr/helm-release.yaml b/kubernetes/cluster-0/apps/media-automation/sonarr/helm-release.yaml similarity index 99% rename from cluster/apps/media-automation/sonarr/helm-release.yaml rename to kubernetes/cluster-0/apps/media-automation/sonarr/helm-release.yaml index d334f3e82..f7575fab7 100644 --- a/cluster/apps/media-automation/sonarr/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-automation/sonarr/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-automation/sonarr/kustomization.yaml b/kubernetes/cluster-0/apps/media-automation/sonarr/kustomization.yaml similarity index 100% rename from cluster/apps/media-automation/sonarr/kustomization.yaml rename to kubernetes/cluster-0/apps/media-automation/sonarr/kustomization.yaml diff --git a/cluster/apps/media-automation/sonarr/scripts/pushover-notify.sh b/kubernetes/cluster-0/apps/media-automation/sonarr/scripts/pushover-notify.sh similarity index 100% rename from cluster/apps/media-automation/sonarr/scripts/pushover-notify.sh rename to kubernetes/cluster-0/apps/media-automation/sonarr/scripts/pushover-notify.sh diff --git a/cluster/apps/media-automation/sonarr/secret.sops.yaml b/kubernetes/cluster-0/apps/media-automation/sonarr/secret.sops.yaml similarity index 100% rename from cluster/apps/media-automation/sonarr/secret.sops.yaml rename to kubernetes/cluster-0/apps/media-automation/sonarr/secret.sops.yaml diff --git a/cluster/apps/media-automation/sonarr/volume.yaml b/kubernetes/cluster-0/apps/media-automation/sonarr/volume.yaml similarity index 100% rename from cluster/apps/media-automation/sonarr/volume.yaml rename to kubernetes/cluster-0/apps/media-automation/sonarr/volume.yaml diff --git a/cluster/apps/media-servers/calibre-web/helm-release.yaml b/kubernetes/cluster-0/apps/media-servers/calibre-web/helm-release.yaml similarity index 92% rename from cluster/apps/media-servers/calibre-web/helm-release.yaml rename to kubernetes/cluster-0/apps/media-servers/calibre-web/helm-release.yaml index 3a1ce1cf2..42553b1fc 100644 --- a/cluster/apps/media-servers/calibre-web/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-servers/calibre-web/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -24,7 +24,7 @@ spec: values: image: repository: ghcr.io/auricom/calibre-web - tag: v0.6.19@sha256:264245420306ec8dc0b842d7b83fda16ff3b0baefcaef1eec65dc6675a6570f9 + tag: 0.6.19@sha256:5485fa7bd07823253d94c603e4759ce0d2b5d109aa8f4b5c7a4b5d3f01e30c8f env: TZ: "${TIMEZONE}" service: diff --git a/cluster/apps/media-servers/calibre-web/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/calibre-web/kustomization.yaml similarity index 100% rename from cluster/apps/media-servers/calibre-web/kustomization.yaml rename to kubernetes/cluster-0/apps/media-servers/calibre-web/kustomization.yaml diff --git a/cluster/apps/media-servers/calibre-web/volume.yaml b/kubernetes/cluster-0/apps/media-servers/calibre-web/volume.yaml similarity index 100% rename from cluster/apps/media-servers/calibre-web/volume.yaml rename to kubernetes/cluster-0/apps/media-servers/calibre-web/volume.yaml diff --git a/cluster/apps/media-servers/calibre/helm-release.yaml b/kubernetes/cluster-0/apps/media-servers/calibre/helm-release.yaml similarity index 98% rename from cluster/apps/media-servers/calibre/helm-release.yaml rename to kubernetes/cluster-0/apps/media-servers/calibre/helm-release.yaml index bec9d985b..d43eed594 100644 --- a/cluster/apps/media-servers/calibre/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-servers/calibre/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-servers/calibre/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/calibre/kustomization.yaml similarity index 100% rename from cluster/apps/media-servers/calibre/kustomization.yaml rename to kubernetes/cluster-0/apps/media-servers/calibre/kustomization.yaml diff --git a/cluster/apps/media-servers/calibre/volume.yaml b/kubernetes/cluster-0/apps/media-servers/calibre/volume.yaml similarity index 100% rename from cluster/apps/media-servers/calibre/volume.yaml rename to kubernetes/cluster-0/apps/media-servers/calibre/volume.yaml diff --git a/cluster/apps/media-servers/jellyfin/helm-release.yaml b/kubernetes/cluster-0/apps/media-servers/jellyfin/helm-release.yaml similarity index 97% rename from cluster/apps/media-servers/jellyfin/helm-release.yaml rename to kubernetes/cluster-0/apps/media-servers/jellyfin/helm-release.yaml index 203a669d5..d6a3fa574 100644 --- a/cluster/apps/media-servers/jellyfin/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-servers/jellyfin/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -35,7 +35,7 @@ spec: service: main: type: LoadBalancer - externalIPs: ["${CLUSTER_LB_JELLYFIN}"] + loadBalancerIP: "${CLUSTER_LB_JELLYFIN}" externalTrafficPolicy: Local ports: http: diff --git a/cluster/apps/media-servers/jellyfin/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/jellyfin/kustomization.yaml similarity index 100% rename from cluster/apps/media-servers/jellyfin/kustomization.yaml rename to kubernetes/cluster-0/apps/media-servers/jellyfin/kustomization.yaml diff --git a/cluster/apps/media-servers/jellyfin/volume.yaml b/kubernetes/cluster-0/apps/media-servers/jellyfin/volume.yaml similarity index 100% rename from cluster/apps/media-servers/jellyfin/volume.yaml rename to kubernetes/cluster-0/apps/media-servers/jellyfin/volume.yaml diff --git a/cluster/apps/media-servers/komga/helm-release.yaml b/kubernetes/cluster-0/apps/media-servers/komga/helm-release.yaml similarity index 98% rename from cluster/apps/media-servers/komga/helm-release.yaml rename to kubernetes/cluster-0/apps/media-servers/komga/helm-release.yaml index 95364659b..de4279304 100644 --- a/cluster/apps/media-servers/komga/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-servers/komga/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-servers/komga/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/komga/kustomization.yaml similarity index 100% rename from cluster/apps/media-servers/komga/kustomization.yaml rename to kubernetes/cluster-0/apps/media-servers/komga/kustomization.yaml diff --git a/cluster/apps/media-servers/komga/volume.yaml b/kubernetes/cluster-0/apps/media-servers/komga/volume.yaml similarity index 100% rename from cluster/apps/media-servers/komga/volume.yaml rename to kubernetes/cluster-0/apps/media-servers/komga/volume.yaml diff --git a/cluster/apps/media-servers/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/kustomization.yaml similarity index 100% rename from cluster/apps/media-servers/kustomization.yaml rename to kubernetes/cluster-0/apps/media-servers/kustomization.yaml diff --git a/cluster/apps/media-servers/lychee/helm-release.yaml b/kubernetes/cluster-0/apps/media-servers/lychee/helm-release.yaml similarity index 98% rename from cluster/apps/media-servers/lychee/helm-release.yaml rename to kubernetes/cluster-0/apps/media-servers/lychee/helm-release.yaml index 0e8865094..9dbdf2a4a 100644 --- a/cluster/apps/media-servers/lychee/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-servers/lychee/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-servers/lychee/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/lychee/kustomization.yaml similarity index 100% rename from cluster/apps/media-servers/lychee/kustomization.yaml rename to kubernetes/cluster-0/apps/media-servers/lychee/kustomization.yaml diff --git a/cluster/apps/media-servers/lychee/patches/postgres.yaml b/kubernetes/cluster-0/apps/media-servers/lychee/patches/postgres.yaml similarity index 100% rename from cluster/apps/media-servers/lychee/patches/postgres.yaml rename to kubernetes/cluster-0/apps/media-servers/lychee/patches/postgres.yaml diff --git a/cluster/apps/media-servers/lychee/secret.sops.yaml b/kubernetes/cluster-0/apps/media-servers/lychee/secret.sops.yaml similarity index 100% rename from cluster/apps/media-servers/lychee/secret.sops.yaml rename to kubernetes/cluster-0/apps/media-servers/lychee/secret.sops.yaml diff --git a/cluster/apps/media-servers/lychee/volume.yaml b/kubernetes/cluster-0/apps/media-servers/lychee/volume.yaml similarity index 100% rename from cluster/apps/media-servers/lychee/volume.yaml rename to kubernetes/cluster-0/apps/media-servers/lychee/volume.yaml diff --git a/cluster/apps/media-servers/media-browser/helm-release.yaml b/kubernetes/cluster-0/apps/media-servers/media-browser/helm-release.yaml similarity index 98% rename from cluster/apps/media-servers/media-browser/helm-release.yaml rename to kubernetes/cluster-0/apps/media-servers/media-browser/helm-release.yaml index 05726d0cf..572a4418c 100644 --- a/cluster/apps/media-servers/media-browser/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-servers/media-browser/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/media-servers/media-browser/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/media-browser/kustomization.yaml similarity index 100% rename from cluster/apps/media-servers/media-browser/kustomization.yaml rename to kubernetes/cluster-0/apps/media-servers/media-browser/kustomization.yaml diff --git a/cluster/apps/media-servers/media-browser/volume.yaml b/kubernetes/cluster-0/apps/media-servers/media-browser/volume.yaml similarity index 100% rename from cluster/apps/media-servers/media-browser/volume.yaml rename to kubernetes/cluster-0/apps/media-servers/media-browser/volume.yaml diff --git a/cluster/apps/media-servers/navidrome/helm-release.yaml b/kubernetes/cluster-0/apps/media-servers/navidrome/helm-release.yaml similarity index 96% rename from cluster/apps/media-servers/navidrome/helm-release.yaml rename to kubernetes/cluster-0/apps/media-servers/navidrome/helm-release.yaml index f6423e677..f847e5bff 100644 --- a/cluster/apps/media-servers/navidrome/helm-release.yaml +++ b/kubernetes/cluster-0/apps/media-servers/navidrome/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -34,7 +34,7 @@ spec: ND_PORT: &port 80 ND_PROMETHEUS_ENABLED: "true" ND_REVERSEPROXYUSERHEADER: "Remote-User" - ND_REVERSEPROXYWHITELIST: "${NET_POD_CIDR}" + ND_REVERSEPROXYWHITELIST: "${CILIUM_BGP_SVC_RANGE}" ND_SCANSCHEDULE: "@every 1h" ND_SESSIONTIMEOUT: 24h service: diff --git a/cluster/apps/media-servers/navidrome/kustomization.yaml b/kubernetes/cluster-0/apps/media-servers/navidrome/kustomization.yaml similarity index 100% rename from cluster/apps/media-servers/navidrome/kustomization.yaml rename to kubernetes/cluster-0/apps/media-servers/navidrome/kustomization.yaml diff --git a/cluster/apps/media-servers/navidrome/volume.yaml b/kubernetes/cluster-0/apps/media-servers/navidrome/volume.yaml similarity index 100% rename from cluster/apps/media-servers/navidrome/volume.yaml rename to kubernetes/cluster-0/apps/media-servers/navidrome/volume.yaml diff --git a/cluster/apps/monitoring/grafana/dashboards/home-assistant.json b/kubernetes/cluster-0/apps/monitoring/grafana/dashboards/home-assistant.json similarity index 100% rename from cluster/apps/monitoring/grafana/dashboards/home-assistant.json rename to kubernetes/cluster-0/apps/monitoring/grafana/dashboards/home-assistant.json diff --git a/cluster/apps/monitoring/grafana/dashboards/homelab-temperatures.json b/kubernetes/cluster-0/apps/monitoring/grafana/dashboards/homelab-temperatures.json similarity index 100% rename from cluster/apps/monitoring/grafana/dashboards/homelab-temperatures.json rename to kubernetes/cluster-0/apps/monitoring/grafana/dashboards/homelab-temperatures.json diff --git a/cluster/apps/monitoring/grafana/dashboards/truenas.json b/kubernetes/cluster-0/apps/monitoring/grafana/dashboards/truenas.json similarity index 100% rename from cluster/apps/monitoring/grafana/dashboards/truenas.json rename to kubernetes/cluster-0/apps/monitoring/grafana/dashboards/truenas.json diff --git a/cluster/apps/monitoring/grafana/helm-release.yaml b/kubernetes/cluster-0/apps/monitoring/grafana/helm-release.yaml similarity index 99% rename from cluster/apps/monitoring/grafana/helm-release.yaml rename to kubernetes/cluster-0/apps/monitoring/grafana/helm-release.yaml index abd8fe68a..31843376e 100644 --- a/cluster/apps/monitoring/grafana/helm-release.yaml +++ b/kubernetes/cluster-0/apps/monitoring/grafana/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 6.44.2 sourceRef: kind: HelmRepository - name: grafana-charts + name: grafana namespace: flux-system interval: 15m install: diff --git a/cluster/apps/monitoring/grafana/kustomization.yaml b/kubernetes/cluster-0/apps/monitoring/grafana/kustomization.yaml similarity index 100% rename from cluster/apps/monitoring/grafana/kustomization.yaml rename to kubernetes/cluster-0/apps/monitoring/grafana/kustomization.yaml diff --git a/cluster/apps/monitoring/grafana/secrets.sops.yaml b/kubernetes/cluster-0/apps/monitoring/grafana/secrets.sops.yaml similarity index 100% rename from cluster/apps/monitoring/grafana/secrets.sops.yaml rename to kubernetes/cluster-0/apps/monitoring/grafana/secrets.sops.yaml diff --git a/cluster/apps/monitoring/healthchecks/helm-release.yaml b/kubernetes/cluster-0/apps/monitoring/healthchecks/helm-release.yaml similarity index 98% rename from cluster/apps/monitoring/healthchecks/helm-release.yaml rename to kubernetes/cluster-0/apps/monitoring/healthchecks/helm-release.yaml index 24b900fd0..ab10f48e0 100644 --- a/cluster/apps/monitoring/healthchecks/helm-release.yaml +++ b/kubernetes/cluster-0/apps/monitoring/healthchecks/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/monitoring/healthchecks/kustomization.yaml b/kubernetes/cluster-0/apps/monitoring/healthchecks/kustomization.yaml similarity index 100% rename from cluster/apps/monitoring/healthchecks/kustomization.yaml rename to kubernetes/cluster-0/apps/monitoring/healthchecks/kustomization.yaml diff --git a/cluster/apps/monitoring/healthchecks/patches/env.yaml b/kubernetes/cluster-0/apps/monitoring/healthchecks/patches/env.yaml similarity index 100% rename from cluster/apps/monitoring/healthchecks/patches/env.yaml rename to kubernetes/cluster-0/apps/monitoring/healthchecks/patches/env.yaml diff --git a/cluster/apps/monitoring/healthchecks/patches/postgres.yaml b/kubernetes/cluster-0/apps/monitoring/healthchecks/patches/postgres.yaml similarity index 100% rename from cluster/apps/monitoring/healthchecks/patches/postgres.yaml rename to kubernetes/cluster-0/apps/monitoring/healthchecks/patches/postgres.yaml diff --git a/cluster/apps/monitoring/healthchecks/secret.sops.yaml b/kubernetes/cluster-0/apps/monitoring/healthchecks/secret.sops.yaml similarity index 100% rename from cluster/apps/monitoring/healthchecks/secret.sops.yaml rename to kubernetes/cluster-0/apps/monitoring/healthchecks/secret.sops.yaml diff --git a/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml b/kubernetes/cluster-0/apps/monitoring/kube-prometheus-stack/helm-release.yaml similarity index 99% rename from cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml rename to kubernetes/cluster-0/apps/monitoring/kube-prometheus-stack/helm-release.yaml index 1f485c29c..296192078 100644 --- a/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml +++ b/kubernetes/cluster-0/apps/monitoring/kube-prometheus-stack/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 41.9.0 sourceRef: kind: HelmRepository - name: prometheus-community-charts + name: prometheus-community namespace: flux-system interval: 5m install: diff --git a/cluster/apps/monitoring/kube-prometheus-stack/kustomization.yaml b/kubernetes/cluster-0/apps/monitoring/kube-prometheus-stack/kustomization.yaml similarity index 100% rename from cluster/apps/monitoring/kube-prometheus-stack/kustomization.yaml rename to kubernetes/cluster-0/apps/monitoring/kube-prometheus-stack/kustomization.yaml diff --git a/cluster/apps/monitoring/kustomization.yaml b/kubernetes/cluster-0/apps/monitoring/kustomization.yaml similarity index 100% rename from cluster/apps/monitoring/kustomization.yaml rename to kubernetes/cluster-0/apps/monitoring/kustomization.yaml diff --git a/cluster/apps/monitoring/thanos/helm-release.yaml b/kubernetes/cluster-0/apps/monitoring/thanos/helm-release.yaml similarity index 99% rename from cluster/apps/monitoring/thanos/helm-release.yaml rename to kubernetes/cluster-0/apps/monitoring/thanos/helm-release.yaml index 89e4d329e..9d981add9 100644 --- a/cluster/apps/monitoring/thanos/helm-release.yaml +++ b/kubernetes/cluster-0/apps/monitoring/thanos/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 11.6.1 sourceRef: kind: HelmRepository - name: bitnami-charts + name: bitnami namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/monitoring/thanos/kustomization.yaml b/kubernetes/cluster-0/apps/monitoring/thanos/kustomization.yaml similarity index 100% rename from cluster/apps/monitoring/thanos/kustomization.yaml rename to kubernetes/cluster-0/apps/monitoring/thanos/kustomization.yaml diff --git a/cluster/apps/monitoring/thanos/readme.md b/kubernetes/cluster-0/apps/monitoring/thanos/readme.md similarity index 100% rename from cluster/apps/monitoring/thanos/readme.md rename to kubernetes/cluster-0/apps/monitoring/thanos/readme.md diff --git a/cluster/apps/monitoring/thanos/secret.sops.yaml b/kubernetes/cluster-0/apps/monitoring/thanos/secret.sops.yaml similarity index 100% rename from cluster/apps/monitoring/thanos/secret.sops.yaml rename to kubernetes/cluster-0/apps/monitoring/thanos/secret.sops.yaml diff --git a/cluster/apps/monitoring/uptime-kuma/helm-release.yaml b/kubernetes/cluster-0/apps/monitoring/uptime-kuma/helm-release.yaml similarity index 97% rename from cluster/apps/monitoring/uptime-kuma/helm-release.yaml rename to kubernetes/cluster-0/apps/monitoring/uptime-kuma/helm-release.yaml index ad9732190..53c41a51e 100644 --- a/cluster/apps/monitoring/uptime-kuma/helm-release.yaml +++ b/kubernetes/cluster-0/apps/monitoring/uptime-kuma/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/monitoring/uptime-kuma/kustomization.yaml b/kubernetes/cluster-0/apps/monitoring/uptime-kuma/kustomization.yaml similarity index 100% rename from cluster/apps/monitoring/uptime-kuma/kustomization.yaml rename to kubernetes/cluster-0/apps/monitoring/uptime-kuma/kustomization.yaml diff --git a/cluster/apps/monitoring/uptime-kuma/volume.yaml b/kubernetes/cluster-0/apps/monitoring/uptime-kuma/volume.yaml similarity index 100% rename from cluster/apps/monitoring/uptime-kuma/volume.yaml rename to kubernetes/cluster-0/apps/monitoring/uptime-kuma/volume.yaml diff --git a/cluster/apps/namespaces.yaml b/kubernetes/cluster-0/apps/namespaces.yaml similarity index 61% rename from cluster/apps/namespaces.yaml rename to kubernetes/cluster-0/apps/namespaces.yaml index dfdefca4f..bb5aea75b 100644 --- a/cluster/apps/namespaces.yaml +++ b/kubernetes/cluster-0/apps/namespaces.yaml @@ -1,13 +1,6 @@ --- apiVersion: v1 kind: Namespace -metadata: - name: calico-system - labels: - kustomize.toolkit.fluxcd.io/prune: disabled ---- -apiVersion: v1 -kind: Namespace metadata: name: default labels: @@ -40,17 +33,3 @@ metadata: name: monitoring labels: kustomize.toolkit.fluxcd.io/prune: disabled ---- -apiVersion: v1 -kind: Namespace -metadata: - name: system-upgrade - labels: - kustomize.toolkit.fluxcd.io/prune: disabled ---- -apiVersion: v1 -kind: Namespace -metadata: - name: tigera-operator - labels: - kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/cluster/apps/networking/cert-manager/certificates/helm-release.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/certificates/helm-release.yaml similarity index 97% rename from cluster/apps/networking/cert-manager/certificates/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/certificates/helm-release.yaml index 1554bdee2..74f3cec49 100644 --- a/cluster/apps/networking/cert-manager/certificates/helm-release.yaml +++ b/kubernetes/cluster-0/apps/networking/cert-manager/certificates/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/networking/cert-manager/certificates/kustomization.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/certificates/kustomization.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/certificates/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/certificates/kustomization.yaml diff --git a/cluster/apps/networking/cert-manager/helm-release.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/helm-release.yaml similarity index 96% rename from cluster/apps/networking/cert-manager/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/helm-release.yaml index 7e5cb2c56..61d403df4 100644 --- a/cluster/apps/networking/cert-manager/helm-release.yaml +++ b/kubernetes/cluster-0/apps/networking/cert-manager/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v1.10.0 sourceRef: kind: HelmRepository - name: jetstack-charts + name: jetstack namespace: flux-system interval: 15m install: diff --git a/cluster/apps/networking/cert-manager/issuers/helm-release.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/issuers/helm-release.yaml similarity index 98% rename from cluster/apps/networking/cert-manager/issuers/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/issuers/helm-release.yaml index 76e89a7e6..5a4760139 100644 --- a/cluster/apps/networking/cert-manager/issuers/helm-release.yaml +++ b/kubernetes/cluster-0/apps/networking/cert-manager/issuers/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: v0.3.1 sourceRef: kind: HelmRepository - name: dysnix-charts + name: dysnix namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/networking/cert-manager/issuers/kustomization.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/issuers/kustomization.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/issuers/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/issuers/kustomization.yaml diff --git a/cluster/apps/networking/cert-manager/kustomization.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/kustomization.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/kustomization.yaml diff --git a/cluster/apps/networking/cert-manager/prometheus-rule.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/prometheus-rule.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/prometheus-rule.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/prometheus-rule.yaml diff --git a/cluster/apps/networking/cert-manager/rbac.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/rbac.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/rbac.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/rbac.yaml diff --git a/cluster/apps/networking/cert-manager/secret.sops.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/secret.sops.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/secret.sops.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/secret.sops.yaml diff --git a/cluster/apps/networking/cert-manager/webhook-ovh/helm-release.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/helm-release.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/webhook-ovh/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/helm-release.yaml diff --git a/cluster/apps/networking/cert-manager/webhook-ovh/kustomization.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/kustomization.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/webhook-ovh/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/kustomization.yaml diff --git a/cluster/apps/networking/cert-manager/webhook-ovh/rbac.yaml b/kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/rbac.yaml similarity index 100% rename from cluster/apps/networking/cert-manager/webhook-ovh/rbac.yaml rename to kubernetes/cluster-0/apps/networking/cert-manager/webhook-ovh/rbac.yaml diff --git a/cluster/apps/networking/external-dns/helm-release.yaml b/kubernetes/cluster-0/apps/networking/external-dns/helm-release.yaml similarity index 97% rename from cluster/apps/networking/external-dns/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/external-dns/helm-release.yaml index c29b69fcf..27f24ce21 100644 --- a/cluster/apps/networking/external-dns/helm-release.yaml +++ b/kubernetes/cluster-0/apps/networking/external-dns/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.11.0 sourceRef: kind: HelmRepository - name: external-dns-charts + name: external-dns namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/networking/external-dns/kustomization.yaml b/kubernetes/cluster-0/apps/networking/external-dns/kustomization.yaml similarity index 100% rename from cluster/apps/networking/external-dns/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/external-dns/kustomization.yaml diff --git a/cluster/apps/networking/external-dns/secret.sops.yaml b/kubernetes/cluster-0/apps/networking/external-dns/secret.sops.yaml similarity index 100% rename from cluster/apps/networking/external-dns/secret.sops.yaml rename to kubernetes/cluster-0/apps/networking/external-dns/secret.sops.yaml diff --git a/cluster/apps/networking/ingress-nginx/helm-release.yaml b/kubernetes/cluster-0/apps/networking/ingress-nginx/helm-release.yaml similarity index 96% rename from cluster/apps/networking/ingress-nginx/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/ingress-nginx/helm-release.yaml index 3434a4b08..dec3318e1 100644 --- a/cluster/apps/networking/ingress-nginx/helm-release.yaml +++ b/kubernetes/cluster-0/apps/networking/ingress-nginx/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 4.4.0 sourceRef: kind: HelmRepository - name: ingress-nginx-charts + name: ingress-nginx namespace: flux-system install: createNamespace: true @@ -29,8 +29,7 @@ spec: replicaCount: 1 service: type: LoadBalancer - externalIPs: - - ${CLUSTER_LB_NGINX} + loadBalancerIP: "${CLUSTER_LB_NGINX}" externalTrafficPolicy: Local publishService: enabled: true diff --git a/cluster/apps/networking/ingress-nginx/kustomization.yaml b/kubernetes/cluster-0/apps/networking/ingress-nginx/kustomization.yaml similarity index 100% rename from cluster/apps/networking/ingress-nginx/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/ingress-nginx/kustomization.yaml diff --git a/cluster/apps/networking/k8s-gateway/helm-release.yaml b/kubernetes/cluster-0/apps/networking/k8s-gateway/helm-release.yaml similarity index 66% rename from cluster/apps/networking/k8s-gateway/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/k8s-gateway/helm-release.yaml index 250f2e176..c8b816540 100644 --- a/cluster/apps/networking/k8s-gateway/helm-release.yaml +++ b/kubernetes/cluster-0/apps/networking/k8s-gateway/helm-release.yaml @@ -13,7 +13,7 @@ spec: version: 2.0.0 sourceRef: kind: HelmRepository - name: k8s-gateway-charts + name: k8s-gateway namespace: flux-system install: createNamespace: true @@ -29,14 +29,4 @@ spec: service: type: LoadBalancer externalTrafficPolicy: Local - postRenderers: - - kustomize: - patchesJson6902: - - target: - kind: Service - name: k8s-gateway - patch: - - op: add - path: /spec/externalIPs - value: - - "${CLUSTER_LB_K8SGATEWAY}" + loadBalancerIP: ${CLUSTER_LB_K8SGATEWAY} diff --git a/cluster/apps/networking/k8s-gateway/kustomization.yaml b/kubernetes/cluster-0/apps/networking/k8s-gateway/kustomization.yaml similarity index 100% rename from cluster/apps/networking/k8s-gateway/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/k8s-gateway/kustomization.yaml diff --git a/cluster/apps/networking/kustomization.yaml b/kubernetes/cluster-0/apps/networking/kustomization.yaml similarity index 89% rename from cluster/apps/networking/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/kustomization.yaml index bdc186bce..c72356672 100644 --- a/cluster/apps/networking/kustomization.yaml +++ b/kubernetes/cluster-0/apps/networking/kustomization.yaml @@ -7,5 +7,4 @@ resources: - ingress-nginx - k8s-gateway - smtp-relay - - tigera-operator - unifi diff --git a/cluster/apps/networking/smtp-relay/helm-release.yaml b/kubernetes/cluster-0/apps/networking/smtp-relay/helm-release.yaml similarity index 96% rename from cluster/apps/networking/smtp-relay/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/smtp-relay/helm-release.yaml index 0735cb151..1ddb305f6 100644 --- a/cluster/apps/networking/smtp-relay/helm-release.yaml +++ b/kubernetes/cluster-0/apps/networking/smtp-relay/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -40,7 +40,7 @@ spec: service: main: type: LoadBalancer - externalIPs: ["${CLUSTER_LB_SMTP_RELAY}"] + loadBalancerIP: "${CLUSTER_LB_SMTP_RELAY}" externalTrafficPolicy: Local ports: http: diff --git a/cluster/apps/networking/smtp-relay/kustomization.yaml b/kubernetes/cluster-0/apps/networking/smtp-relay/kustomization.yaml similarity index 100% rename from cluster/apps/networking/smtp-relay/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/smtp-relay/kustomization.yaml diff --git a/cluster/apps/networking/smtp-relay/maddy.conf b/kubernetes/cluster-0/apps/networking/smtp-relay/maddy.conf similarity index 100% rename from cluster/apps/networking/smtp-relay/maddy.conf rename to kubernetes/cluster-0/apps/networking/smtp-relay/maddy.conf diff --git a/cluster/apps/networking/smtp-relay/secret.sops.yaml b/kubernetes/cluster-0/apps/networking/smtp-relay/secret.sops.yaml similarity index 100% rename from cluster/apps/networking/smtp-relay/secret.sops.yaml rename to kubernetes/cluster-0/apps/networking/smtp-relay/secret.sops.yaml diff --git a/cluster/apps/networking/unifi/helm-release.yaml b/kubernetes/cluster-0/apps/networking/unifi/helm-release.yaml similarity index 96% rename from cluster/apps/networking/unifi/helm-release.yaml rename to kubernetes/cluster-0/apps/networking/unifi/helm-release.yaml index 317a3dd56..7bf6c6ed6 100644 --- a/cluster/apps/networking/unifi/helm-release.yaml +++ b/kubernetes/cluster-0/apps/networking/unifi/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -37,8 +37,7 @@ spec: main: type: LoadBalancer externalTrafficPolicy: Local - externalIPs: - - ${CLUSTER_LB_UNIFI} + loadBalancerIP: ${CLUSTER_LB_UNIFI} ports: http: port: 8443 diff --git a/cluster/apps/networking/unifi/kustomization.yaml b/kubernetes/cluster-0/apps/networking/unifi/kustomization.yaml similarity index 100% rename from cluster/apps/networking/unifi/kustomization.yaml rename to kubernetes/cluster-0/apps/networking/unifi/kustomization.yaml diff --git a/cluster/apps/networking/unifi/volume.yaml b/kubernetes/cluster-0/apps/networking/unifi/volume.yaml similarity index 100% rename from cluster/apps/networking/unifi/volume.yaml rename to kubernetes/cluster-0/apps/networking/unifi/volume.yaml diff --git a/cluster/apps/storage/kopia-web/config/repository.config b/kubernetes/cluster-0/apps/storage/kopia-kube/config/repository.config similarity index 99% rename from cluster/apps/storage/kopia-web/config/repository.config rename to kubernetes/cluster-0/apps/storage/kopia-kube/config/repository.config index 1a0674b4a..8eaef1041 100644 --- a/cluster/apps/storage/kopia-web/config/repository.config +++ b/kubernetes/cluster-0/apps/storage/kopia-kube/config/repository.config @@ -17,4 +17,4 @@ "description": "Cluster", "enableActions": false, "formatBlobCacheDuration": 900000000000 -} \ No newline at end of file +} diff --git a/cluster/apps/storage/kopia-web/helm-release.yaml b/kubernetes/cluster-0/apps/storage/kopia-kube/helm-release.yaml similarity index 98% rename from cluster/apps/storage/kopia-web/helm-release.yaml rename to kubernetes/cluster-0/apps/storage/kopia-kube/helm-release.yaml index e5c5c899b..e74a0188b 100644 --- a/cluster/apps/storage/kopia-web/helm-release.yaml +++ b/kubernetes/cluster-0/apps/storage/kopia-kube/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/storage/kopia-web/kustomization.yaml b/kubernetes/cluster-0/apps/storage/kopia-kube/kustomization.yaml similarity index 88% rename from cluster/apps/storage/kopia-web/kustomization.yaml rename to kubernetes/cluster-0/apps/storage/kopia-kube/kustomization.yaml index 8f49b2f77..3799f3af3 100644 --- a/cluster/apps/storage/kopia-web/kustomization.yaml +++ b/kubernetes/cluster-0/apps/storage/kopia-kube/kustomization.yaml @@ -9,4 +9,4 @@ configMapGenerator: files: - ./config/repository.config generatorOptions: - disableNameSuffixHash: true \ No newline at end of file + disableNameSuffixHash: true diff --git a/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/config/repository.config b/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/config/repository.config new file mode 100644 index 000000000..8eaef1041 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/config/repository.config @@ -0,0 +1,20 @@ +{ + "storage": { + "type": "filesystem", + "config": { + "path": "/snapshots", + "dirShards": null + } + }, + "caching": { + "cacheDirectory": "cache", + "maxCacheSize": 5242880000, + "maxMetadataCacheSize": 5242880000, + "maxListCacheDuration": 30 + }, + "hostname": "cluster", + "username": "root", + "description": "Cluster", + "enableActions": false, + "formatBlobCacheDuration": 900000000000 +} diff --git a/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/helm-release.yaml b/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/helm-release.yaml new file mode 100644 index 000000000..984e0fc30 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/helm-release.yaml @@ -0,0 +1,109 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: &app kopia-kube + namespace: default +spec: + interval: 15m + chart: + spec: + chart: app-template + version: 1.0.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 5 + upgrade: + remediation: + retries: 5 + values: + initContainers: + wait-for-repo: + image: ghcr.io/onedr0p/kopia:0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063 + command: + - /bin/bash + - -c + - |- + until [ -f /snapshots/kopia.repository.f ]; do + printf "\e[1;32m%-6s\e[m\n" "Waiting for the Kopia repo to become ready ..." + sleep 1 + done + volumeMounts: + - name: snapshots + mountPath: /snapshots + image: + repository: ghcr.io/onedr0p/kopia + tag: 0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063 + env: + TZ: "${TIMEZONE}" + KOPIA_PASSWORD: "none" + command: kopia + args: + - server + - --insecure + - --address + - 0.0.0.0:80 + - --metrics-listen-addr + - 0.0.0.0:8080 + - --without-password + - --log-level + - debug + service: + main: + ports: + http: + port: 80 + metrics: + enabled: true + port: 8080 + serviceMonitor: + main: + enabled: true + endpoints: + - port: metrics + scheme: http + path: /metrics + interval: 1m + scrapeTimeout: 10s + ingress: + main: + enabled: true + ingressClassName: "nginx" + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + podSecurityContext: + supplementalGroups: + - 100 + persistence: + config: + enabled: true + type: configMap + name: *app + subPath: repository.config + mountPath: /config/repository.config + readOnly: true + snapshots: + enabled: true + type: nfs + server: "${LOCAL_LAN_TRUENAS}" + path: /mnt/storage/backups/kubernetes + mountPath: /snapshots + podAnnotations: + configmap.reloader.stakater.com/reload: *app + resources: + requests: + cpu: 10m + memory: 100Mi + limits: + memory: 500Mi diff --git a/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/kustomization.yaml b/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/kustomization.yaml new file mode 100644 index 000000000..a3be0b2e2 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-kube/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-release.yaml +namespace: default +configMapGenerator: + - name: kopia-kube + files: + - ./config/repository.config +generatorOptions: + disableNameSuffixHash: true diff --git a/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/config/repository.config b/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/config/repository.config new file mode 100644 index 000000000..8eaef1041 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/config/repository.config @@ -0,0 +1,20 @@ +{ + "storage": { + "type": "filesystem", + "config": { + "path": "/snapshots", + "dirShards": null + } + }, + "caching": { + "cacheDirectory": "cache", + "maxCacheSize": 5242880000, + "maxMetadataCacheSize": 5242880000, + "maxListCacheDuration": 30 + }, + "hostname": "cluster", + "username": "root", + "description": "Cluster", + "enableActions": false, + "formatBlobCacheDuration": 900000000000 +} diff --git a/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/helm-release.yaml b/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/helm-release.yaml new file mode 100644 index 000000000..f0a88f918 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/helm-release.yaml @@ -0,0 +1,109 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: &app kopia-workstations + namespace: default +spec: + interval: 15m + chart: + spec: + chart: app-template + version: 1.0.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 5 + upgrade: + remediation: + retries: 5 + values: + initContainers: + wait-for-repo: + image: ghcr.io/onedr0p/kopia:0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063 + command: + - /bin/bash + - -c + - |- + until [ -f /snapshots/kopia.repository.f ]; do + printf "\e[1;32m%-6s\e[m\n" "Waiting for the Kopia repo to become ready ..." + sleep 1 + done + volumeMounts: + - name: snapshots + mountPath: /snapshots + image: + repository: ghcr.io/onedr0p/kopia + tag: 0.12.1@sha256:88106e6bb642ee4cb58b61a335ff55992ee2c03493f1aec804422774cf7cf063 + env: + TZ: "${TIMEZONE}" + KOPIA_PASSWORD: "none" + command: kopia + args: + - server + - --insecure + - --address + - 0.0.0.0:80 + - --metrics-listen-addr + - 0.0.0.0:8080 + - --without-password + - --log-level + - debug + service: + main: + ports: + http: + port: 80 + metrics: + enabled: true + port: 8080 + serviceMonitor: + main: + enabled: true + endpoints: + - port: metrics + scheme: http + path: /metrics + interval: 1m + scrapeTimeout: 10s + ingress: + main: + enabled: true + ingressClassName: "nginx" + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + podSecurityContext: + supplementalGroups: + - 100 + persistence: + config: + enabled: true + type: configMap + name: *app + subPath: repository.config + mountPath: /config/repository.config + readOnly: true + snapshots: + enabled: true + type: nfs + server: "${LOCAL_LAN_TRUENAS}" + path: /mnt/storage/backups/kopia-workstations + mountPath: /snapshots + podAnnotations: + configmap.reloader.stakater.com/reload: *app + resources: + requests: + cpu: 10m + memory: 100Mi + limits: + memory: 500Mi diff --git a/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/kustomization.yaml b/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/kustomization.yaml new file mode 100644 index 000000000..982329bb7 --- /dev/null +++ b/kubernetes/cluster-0/apps/storage/kopia/kopia-workstations/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-release.yaml +namespace: default +configMapGenerator: + - name: kopia-workstations + files: + - ./config/repository.config +generatorOptions: + disableNameSuffixHash: true diff --git a/cluster/core/rook-ceph/snapshot-controller/kustomization.yaml b/kubernetes/cluster-0/apps/storage/kopia/kustomization.yaml similarity index 67% rename from cluster/core/rook-ceph/snapshot-controller/kustomization.yaml rename to kubernetes/cluster-0/apps/storage/kopia/kustomization.yaml index 356a45c2b..1d07e04ef 100644 --- a/cluster/core/rook-ceph/snapshot-controller/kustomization.yaml +++ b/kubernetes/cluster-0/apps/storage/kopia/kustomization.yaml @@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - rbac.yaml - - deployment.yaml + - kopia-kube + - kopia-workstations diff --git a/cluster/apps/storage/kustomization.yaml b/kubernetes/cluster-0/apps/storage/kustomization.yaml similarity index 65% rename from cluster/apps/storage/kustomization.yaml rename to kubernetes/cluster-0/apps/storage/kustomization.yaml index 6e0eade90..7b31bd9c5 100644 --- a/cluster/apps/storage/kustomization.yaml +++ b/kubernetes/cluster-0/apps/storage/kustomization.yaml @@ -2,8 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - kopia-web - - resilio-sync-claude - - resilio-sync-helene + - kopia + - resilio-sync - smartctl-exporter - truecommand diff --git a/cluster/apps/storage/resilio-sync-claude/config/sync.conf b/kubernetes/cluster-0/apps/storage/resilio-sync/claude/config/sync.conf similarity index 100% rename from cluster/apps/storage/resilio-sync-claude/config/sync.conf rename to kubernetes/cluster-0/apps/storage/resilio-sync/claude/config/sync.conf diff --git a/cluster/apps/storage/resilio-sync-claude/helm-release.yaml b/kubernetes/cluster-0/apps/storage/resilio-sync/claude/helm-release.yaml similarity index 86% rename from cluster/apps/storage/resilio-sync-claude/helm-release.yaml rename to kubernetes/cluster-0/apps/storage/resilio-sync/claude/helm-release.yaml index 7fcfff1c8..bf7264446 100644 --- a/cluster/apps/storage/resilio-sync-claude/helm-release.yaml +++ b/kubernetes/cluster-0/apps/storage/resilio-sync/claude/helm-release.yaml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: &app resilio-sync-claude + name: &app resilio-claude namespace: default spec: interval: 15m @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -24,7 +24,7 @@ spec: values: image: repository: ghcr.io/auricom/resilio-sync - tag: v2.7.3.1381-1@sha256:0d166c1824637add7ce7c1a66bf3f267f69b85e12d0d49037f6d299d72c4032d + tag: 2.7.3.1381-1@sha256:ec9c45bc0d04f9622d00009b4c8f431ddbf83e53d1942e00282f7059f7dc5ae7 env: - name: TZ value: "${TIMEZONE}" @@ -50,12 +50,12 @@ spec: persistence: config: enabled: true - existingClaim: resilio-sync-claude-config + existingClaim: resilio-claude-config sync-conf: enabled: true type: configMap configMap: - name: resilio-sync-claude-sync-conf + name: resilio-claude-sync-conf mountPath: /config/sync.conf subPath: sync.conf backups: @@ -73,8 +73,8 @@ spec: music-transcoded: enabled: true type: nfs - server: "${LOCAL_LAN_OPENMEDIAVAULT}" - path: /export/music_transcoded + server: "${LOCAL_LAN_TRUENAS}" + path: /mnt/storage/music_transcoded mountPath: /sync/music_transcoded photo: enabled: true diff --git a/cluster/apps/storage/resilio-sync-claude/kustomization.yaml b/kubernetes/cluster-0/apps/storage/resilio-sync/claude/kustomization.yaml similarity index 85% rename from cluster/apps/storage/resilio-sync-claude/kustomization.yaml rename to kubernetes/cluster-0/apps/storage/resilio-sync/claude/kustomization.yaml index e09d0c7e1..36da871a1 100644 --- a/cluster/apps/storage/resilio-sync-claude/kustomization.yaml +++ b/kubernetes/cluster-0/apps/storage/resilio-sync/claude/kustomization.yaml @@ -5,7 +5,7 @@ resources: - helm-release.yaml - volume.yaml configMapGenerator: - - name: resilio-sync-claude-sync-conf + - name: resilio-claude-sync-conf namespace: default files: - config/sync.conf diff --git a/cluster/apps/storage/resilio-sync-claude/volume.yaml b/kubernetes/cluster-0/apps/storage/resilio-sync/claude/volume.yaml similarity index 76% rename from cluster/apps/storage/resilio-sync-claude/volume.yaml rename to kubernetes/cluster-0/apps/storage/resilio-sync/claude/volume.yaml index 72c7b3962..2c0ebe1fb 100644 --- a/cluster/apps/storage/resilio-sync-claude/volume.yaml +++ b/kubernetes/cluster-0/apps/storage/resilio-sync/claude/volume.yaml @@ -2,10 +2,10 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: resilio-sync-claude-config + name: resilio-claude-config namespace: default labels: - app.kubernetes.io/name: &name resilio-sync-claude + app.kubernetes.io/name: &name resilio-claude app.kubernetes.io/instance: *name snapshot.home.arpa/enabled: "true" spec: diff --git a/cluster/apps/storage/resilio-sync-helene/config/sync.conf b/kubernetes/cluster-0/apps/storage/resilio-sync/helene/config/sync.conf similarity index 100% rename from cluster/apps/storage/resilio-sync-helene/config/sync.conf rename to kubernetes/cluster-0/apps/storage/resilio-sync/helene/config/sync.conf diff --git a/cluster/apps/storage/resilio-sync-helene/helm-release.yaml b/kubernetes/cluster-0/apps/storage/resilio-sync/helene/helm-release.yaml similarity index 86% rename from cluster/apps/storage/resilio-sync-helene/helm-release.yaml rename to kubernetes/cluster-0/apps/storage/resilio-sync/helene/helm-release.yaml index 9fff238de..deb8013ce 100644 --- a/cluster/apps/storage/resilio-sync-helene/helm-release.yaml +++ b/kubernetes/cluster-0/apps/storage/resilio-sync/helene/helm-release.yaml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: &app resilio-sync-helene + name: &app resilio-helene namespace: default spec: interval: 15m @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -25,7 +25,7 @@ spec: values: image: repository: ghcr.io/auricom/resilio-sync - tag: v2.7.3.1381-1@sha256:0d166c1824637add7ce7c1a66bf3f267f69b85e12d0d49037f6d299d72c4032d + tag: 2.7.3.1381-1@sha256:ec9c45bc0d04f9622d00009b4c8f431ddbf83e53d1942e00282f7059f7dc5ae7 env: - name: TZ value: "${TIMEZONE}" @@ -51,12 +51,12 @@ spec: persistence: config: enabled: true - existingClaim: resilio-sync-helene-config + existingClaim: resilio-helene-config sync-conf: enabled: true type: configMap configMap: - name: resilio-sync-helene-sync-conf + name: resilio-helene-sync-conf mountPath: /config/sync.conf subPath: sync.conf backups: diff --git a/cluster/apps/storage/resilio-sync-helene/kustomization.yaml b/kubernetes/cluster-0/apps/storage/resilio-sync/helene/kustomization.yaml similarity index 85% rename from cluster/apps/storage/resilio-sync-helene/kustomization.yaml rename to kubernetes/cluster-0/apps/storage/resilio-sync/helene/kustomization.yaml index e5de57668..237372e50 100644 --- a/cluster/apps/storage/resilio-sync-helene/kustomization.yaml +++ b/kubernetes/cluster-0/apps/storage/resilio-sync/helene/kustomization.yaml @@ -5,7 +5,7 @@ resources: - helm-release.yaml - volume.yaml configMapGenerator: - - name: resilio-sync-helene-sync-conf + - name: resilio-helene-sync-conf namespace: default files: - config/sync.conf diff --git a/cluster/apps/storage/resilio-sync-helene/volume.yaml b/kubernetes/cluster-0/apps/storage/resilio-sync/helene/volume.yaml similarity index 76% rename from cluster/apps/storage/resilio-sync-helene/volume.yaml rename to kubernetes/cluster-0/apps/storage/resilio-sync/helene/volume.yaml index 162c2e324..bd04a3b15 100644 --- a/cluster/apps/storage/resilio-sync-helene/volume.yaml +++ b/kubernetes/cluster-0/apps/storage/resilio-sync/helene/volume.yaml @@ -2,10 +2,10 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: resilio-sync-helene-config + name: resilio-helene-config namespace: default labels: - app.kubernetes.io/name: &name resilio-sync-helene + app.kubernetes.io/name: &name resilio-helene app.kubernetes.io/instance: *name snapshot.home.arpa/enabled: "true" spec: diff --git a/cluster/apps/web-tools/whoogle/kustomization.yaml b/kubernetes/cluster-0/apps/storage/resilio-sync/kustomization.yaml similarity index 78% rename from cluster/apps/web-tools/whoogle/kustomization.yaml rename to kubernetes/cluster-0/apps/storage/resilio-sync/kustomization.yaml index 2fa2de20c..a4210bcc9 100644 --- a/cluster/apps/web-tools/whoogle/kustomization.yaml +++ b/kubernetes/cluster-0/apps/storage/resilio-sync/kustomization.yaml @@ -2,4 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - helm-release.yaml + - claude + - helene diff --git a/cluster/apps/storage/smartctl-exporter/helm-release.yaml b/kubernetes/cluster-0/apps/storage/smartctl-exporter/helm-release.yaml similarity index 93% rename from cluster/apps/storage/smartctl-exporter/helm-release.yaml rename to kubernetes/cluster-0/apps/storage/smartctl-exporter/helm-release.yaml index b98927e4b..116d6f996 100644 --- a/cluster/apps/storage/smartctl-exporter/helm-release.yaml +++ b/kubernetes/cluster-0/apps/storage/smartctl-exporter/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 0.3.1 sourceRef: kind: HelmRepository - name: prometheus-community-charts + name: prometheus-community namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/networking/tigera-operator/kustomization.yaml b/kubernetes/cluster-0/apps/storage/smartctl-exporter/kustomization.yaml similarity index 100% rename from cluster/apps/networking/tigera-operator/kustomization.yaml rename to kubernetes/cluster-0/apps/storage/smartctl-exporter/kustomization.yaml diff --git a/cluster/apps/storage/truecommand/helm-release.yaml b/kubernetes/cluster-0/apps/storage/truecommand/helm-release.yaml similarity index 97% rename from cluster/apps/storage/truecommand/helm-release.yaml rename to kubernetes/cluster-0/apps/storage/truecommand/helm-release.yaml index aa04ec443..5ad6f5e80 100644 --- a/cluster/apps/storage/truecommand/helm-release.yaml +++ b/kubernetes/cluster-0/apps/storage/truecommand/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/storage/truecommand/kustomization.yaml b/kubernetes/cluster-0/apps/storage/truecommand/kustomization.yaml similarity index 100% rename from cluster/apps/storage/truecommand/kustomization.yaml rename to kubernetes/cluster-0/apps/storage/truecommand/kustomization.yaml diff --git a/cluster/apps/storage/truecommand/volume.yaml b/kubernetes/cluster-0/apps/storage/truecommand/volume.yaml similarity index 100% rename from cluster/apps/storage/truecommand/volume.yaml rename to kubernetes/cluster-0/apps/storage/truecommand/volume.yaml diff --git a/cluster/apps/web-tools/freshrss/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/freshrss/helm-release.yaml similarity index 97% rename from cluster/apps/web-tools/freshrss/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/freshrss/helm-release.yaml index b84f63aea..4f62f23e2 100644 --- a/cluster/apps/web-tools/freshrss/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/freshrss/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/freshrss/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/freshrss/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/freshrss/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/freshrss/kustomization.yaml diff --git a/cluster/apps/web-tools/freshrss/patches/postgres.yaml b/kubernetes/cluster-0/apps/web-tools/freshrss/patches/postgres.yaml similarity index 100% rename from cluster/apps/web-tools/freshrss/patches/postgres.yaml rename to kubernetes/cluster-0/apps/web-tools/freshrss/patches/postgres.yaml diff --git a/cluster/apps/web-tools/freshrss/secret.sops.yaml b/kubernetes/cluster-0/apps/web-tools/freshrss/secret.sops.yaml similarity index 100% rename from cluster/apps/web-tools/freshrss/secret.sops.yaml rename to kubernetes/cluster-0/apps/web-tools/freshrss/secret.sops.yaml diff --git a/cluster/apps/web-tools/freshrss/volume.yaml b/kubernetes/cluster-0/apps/web-tools/freshrss/volume.yaml similarity index 100% rename from cluster/apps/web-tools/freshrss/volume.yaml rename to kubernetes/cluster-0/apps/web-tools/freshrss/volume.yaml diff --git a/cluster/apps/web-tools/homer-code/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/homer-code/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/homer-code/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/homer-code/helm-release.yaml index 489ae4d13..217c3614c 100644 --- a/cluster/apps/web-tools/homer-code/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/homer-code/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/storage/smartctl-exporter/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/homer-code/kustomization.yaml similarity index 100% rename from cluster/apps/storage/smartctl-exporter/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/homer-code/kustomization.yaml diff --git a/cluster/apps/web-tools/homer/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/homer/helm-release.yaml similarity index 97% rename from cluster/apps/web-tools/homer/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/homer/helm-release.yaml index 1dc1df223..2af3707fc 100644 --- a/cluster/apps/web-tools/homer/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/homer/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/homer/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/homer/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/homer/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/homer/kustomization.yaml diff --git a/cluster/apps/web-tools/homer/volume.yaml b/kubernetes/cluster-0/apps/web-tools/homer/volume.yaml similarity index 100% rename from cluster/apps/web-tools/homer/volume.yaml rename to kubernetes/cluster-0/apps/web-tools/homer/volume.yaml diff --git a/cluster/apps/web-tools/invidious/config/config.yml b/kubernetes/cluster-0/apps/web-tools/invidious/config/config.yml similarity index 100% rename from cluster/apps/web-tools/invidious/config/config.yml rename to kubernetes/cluster-0/apps/web-tools/invidious/config/config.yml diff --git a/cluster/apps/web-tools/invidious/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/invidious/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/invidious/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/invidious/helm-release.yaml index 828555c6f..375e27b9f 100644 --- a/cluster/apps/web-tools/invidious/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/invidious/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/invidious/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/invidious/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/invidious/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/invidious/kustomization.yaml diff --git a/cluster/apps/web-tools/invidious/patches/postgres.yaml b/kubernetes/cluster-0/apps/web-tools/invidious/patches/postgres.yaml similarity index 100% rename from cluster/apps/web-tools/invidious/patches/postgres.yaml rename to kubernetes/cluster-0/apps/web-tools/invidious/patches/postgres.yaml diff --git a/cluster/apps/web-tools/joplin/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/joplin/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/joplin/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/joplin/helm-release.yaml index 4990961d6..8017b29db 100644 --- a/cluster/apps/web-tools/joplin/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/joplin/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/joplin/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/joplin/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/joplin/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/joplin/kustomization.yaml diff --git a/cluster/apps/web-tools/joplin/patches/postgres.yaml b/kubernetes/cluster-0/apps/web-tools/joplin/patches/postgres.yaml similarity index 100% rename from cluster/apps/web-tools/joplin/patches/postgres.yaml rename to kubernetes/cluster-0/apps/web-tools/joplin/patches/postgres.yaml diff --git a/cluster/apps/web-tools/joplin/secret.sops.yaml b/kubernetes/cluster-0/apps/web-tools/joplin/secret.sops.yaml similarity index 100% rename from cluster/apps/web-tools/joplin/secret.sops.yaml rename to kubernetes/cluster-0/apps/web-tools/joplin/secret.sops.yaml diff --git a/cluster/apps/web-tools/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/kustomization.yaml similarity index 93% rename from cluster/apps/web-tools/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/kustomization.yaml index 597a72b77..0f85843fa 100644 --- a/cluster/apps/web-tools/kustomization.yaml +++ b/kubernetes/cluster-0/apps/web-tools/kustomization.yaml @@ -9,7 +9,6 @@ resources: - invidious - joplin - libreddit - - music-transcode - nitter - sharry - tandoor diff --git a/cluster/apps/web-tools/libreddit/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/libreddit/helm-release.yaml similarity index 92% rename from cluster/apps/web-tools/libreddit/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/libreddit/helm-release.yaml index c2bdb8ca1..bcf35e70b 100644 --- a/cluster/apps/web-tools/libreddit/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/libreddit/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -27,7 +27,7 @@ spec: values: image: repository: ghcr.io/auricom/libreddit - tag: v0.24.0@sha256:b816f7a87573aa67762b097b2206fb5e75493950deb6eda2415ee68501424093 + tag: 0.24.0@sha256:1455b0ed61a45c4670b11c6f4825168c622dfd90638a069bf02b5a21d1515236 service: main: ports: diff --git a/cluster/apps/web-tools/libreddit/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/libreddit/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/libreddit/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/libreddit/kustomization.yaml diff --git a/cluster/apps/web-tools/nitter/config/config.yml b/kubernetes/cluster-0/apps/web-tools/nitter/config/config.yml similarity index 100% rename from cluster/apps/web-tools/nitter/config/config.yml rename to kubernetes/cluster-0/apps/web-tools/nitter/config/config.yml diff --git a/cluster/apps/web-tools/nitter/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/nitter/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/nitter/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/nitter/helm-release.yaml index 142dbeff0..282ed4c6e 100644 --- a/cluster/apps/web-tools/nitter/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/nitter/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/nitter/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/nitter/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/nitter/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/nitter/kustomization.yaml diff --git a/cluster/apps/web-tools/readme.md b/kubernetes/cluster-0/apps/web-tools/readme.md similarity index 100% rename from cluster/apps/web-tools/readme.md rename to kubernetes/cluster-0/apps/web-tools/readme.md diff --git a/cluster/apps/web-tools/sharry/config/sharry.conf b/kubernetes/cluster-0/apps/web-tools/sharry/config/sharry.conf similarity index 100% rename from cluster/apps/web-tools/sharry/config/sharry.conf rename to kubernetes/cluster-0/apps/web-tools/sharry/config/sharry.conf diff --git a/cluster/apps/web-tools/sharry/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/sharry/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/sharry/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/sharry/helm-release.yaml index f832408f5..b1c55fe66 100644 --- a/cluster/apps/web-tools/sharry/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/sharry/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/sharry/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/sharry/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/sharry/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/sharry/kustomization.yaml diff --git a/cluster/apps/web-tools/sharry/patches/postgres.yaml b/kubernetes/cluster-0/apps/web-tools/sharry/patches/postgres.yaml similarity index 100% rename from cluster/apps/web-tools/sharry/patches/postgres.yaml rename to kubernetes/cluster-0/apps/web-tools/sharry/patches/postgres.yaml diff --git a/cluster/apps/web-tools/tandoor/config/nginx-config b/kubernetes/cluster-0/apps/web-tools/tandoor/config/nginx-config similarity index 100% rename from cluster/apps/web-tools/tandoor/config/nginx-config rename to kubernetes/cluster-0/apps/web-tools/tandoor/config/nginx-config diff --git a/cluster/apps/web-tools/tandoor/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/tandoor/helm-release.yaml similarity index 97% rename from cluster/apps/web-tools/tandoor/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/tandoor/helm-release.yaml index e823bdc43..106020056 100644 --- a/cluster/apps/web-tools/tandoor/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/tandoor/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true @@ -56,7 +56,7 @@ spec: persistence: files: enabled: true - existingClaim: recipes-files + existingClaim: tandoor-files mountPath: /opt/recipes/mediafiles nginx-config: enabled: "true" diff --git a/cluster/apps/web-tools/tandoor/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/tandoor/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/tandoor/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/tandoor/kustomization.yaml diff --git a/cluster/apps/web-tools/tandoor/patches/env.yaml b/kubernetes/cluster-0/apps/web-tools/tandoor/patches/env.yaml similarity index 100% rename from cluster/apps/web-tools/tandoor/patches/env.yaml rename to kubernetes/cluster-0/apps/web-tools/tandoor/patches/env.yaml diff --git a/cluster/apps/web-tools/tandoor/patches/postgres.yaml b/kubernetes/cluster-0/apps/web-tools/tandoor/patches/postgres.yaml similarity index 100% rename from cluster/apps/web-tools/tandoor/patches/postgres.yaml rename to kubernetes/cluster-0/apps/web-tools/tandoor/patches/postgres.yaml diff --git a/cluster/apps/web-tools/tandoor/secret.sops.yaml b/kubernetes/cluster-0/apps/web-tools/tandoor/secret.sops.yaml similarity index 100% rename from cluster/apps/web-tools/tandoor/secret.sops.yaml rename to kubernetes/cluster-0/apps/web-tools/tandoor/secret.sops.yaml diff --git a/cluster/apps/web-tools/tandoor/volume.yaml b/kubernetes/cluster-0/apps/web-tools/tandoor/volume.yaml similarity index 100% rename from cluster/apps/web-tools/tandoor/volume.yaml rename to kubernetes/cluster-0/apps/web-tools/tandoor/volume.yaml diff --git a/cluster/apps/web-tools/theme-park/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/theme-park/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/theme-park/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/theme-park/helm-release.yaml index efb489ca6..b563e3efa 100644 --- a/cluster/apps/web-tools/theme-park/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/theme-park/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/homer-code/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/theme-park/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/homer-code/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/theme-park/kustomization.yaml diff --git a/cluster/apps/web-tools/vaultwarden/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/vaultwarden/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/vaultwarden/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/vaultwarden/helm-release.yaml index 66fac5e45..6dc5369c0 100644 --- a/cluster/apps/web-tools/vaultwarden/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/vaultwarden/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/vaultwarden/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/vaultwarden/kustomization.yaml similarity index 91% rename from cluster/apps/web-tools/vaultwarden/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/vaultwarden/kustomization.yaml index 6e18e9f74..9d9eb5c3e 100644 --- a/cluster/apps/web-tools/vaultwarden/kustomization.yaml +++ b/kubernetes/cluster-0/apps/web-tools/vaultwarden/kustomization.yaml @@ -3,5 +3,6 @@ kind: Kustomization resources: - helm-release.yaml - secret.sops.yaml + - volume.yaml patchesStrategicMerge: - patches/postgres.yaml diff --git a/cluster/apps/web-tools/vaultwarden/patches/postgres.yaml b/kubernetes/cluster-0/apps/web-tools/vaultwarden/patches/postgres.yaml similarity index 100% rename from cluster/apps/web-tools/vaultwarden/patches/postgres.yaml rename to kubernetes/cluster-0/apps/web-tools/vaultwarden/patches/postgres.yaml diff --git a/cluster/apps/web-tools/vaultwarden/secret.sops.yaml b/kubernetes/cluster-0/apps/web-tools/vaultwarden/secret.sops.yaml similarity index 100% rename from cluster/apps/web-tools/vaultwarden/secret.sops.yaml rename to kubernetes/cluster-0/apps/web-tools/vaultwarden/secret.sops.yaml diff --git a/cluster/apps/web-tools/vaultwarden/volume.yaml b/kubernetes/cluster-0/apps/web-tools/vaultwarden/volume.yaml similarity index 100% rename from cluster/apps/web-tools/vaultwarden/volume.yaml rename to kubernetes/cluster-0/apps/web-tools/vaultwarden/volume.yaml diff --git a/cluster/apps/web-tools/vikunja/config/Caddyfile b/kubernetes/cluster-0/apps/web-tools/vikunja/config/Caddyfile similarity index 100% rename from cluster/apps/web-tools/vikunja/config/Caddyfile rename to kubernetes/cluster-0/apps/web-tools/vikunja/config/Caddyfile diff --git a/cluster/apps/web-tools/vikunja/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/vikunja/helm-release.yaml similarity index 99% rename from cluster/apps/web-tools/vikunja/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/vikunja/helm-release.yaml index 75e2beec9..b38f5d32b 100644 --- a/cluster/apps/web-tools/vikunja/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/vikunja/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/vikunja/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/vikunja/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/vikunja/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/vikunja/kustomization.yaml diff --git a/cluster/apps/web-tools/vikunja/patches/postgres.yaml b/kubernetes/cluster-0/apps/web-tools/vikunja/patches/postgres.yaml similarity index 100% rename from cluster/apps/web-tools/vikunja/patches/postgres.yaml rename to kubernetes/cluster-0/apps/web-tools/vikunja/patches/postgres.yaml diff --git a/cluster/apps/web-tools/vikunja/secret.sops.yaml b/kubernetes/cluster-0/apps/web-tools/vikunja/secret.sops.yaml similarity index 100% rename from cluster/apps/web-tools/vikunja/secret.sops.yaml rename to kubernetes/cluster-0/apps/web-tools/vikunja/secret.sops.yaml diff --git a/cluster/apps/web-tools/vikunja/volume.yaml b/kubernetes/cluster-0/apps/web-tools/vikunja/volume.yaml similarity index 100% rename from cluster/apps/web-tools/vikunja/volume.yaml rename to kubernetes/cluster-0/apps/web-tools/vikunja/volume.yaml diff --git a/cluster/apps/web-tools/wallabag/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/wallabag/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/wallabag/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/wallabag/helm-release.yaml index 47ec9ba70..93566e794 100644 --- a/cluster/apps/web-tools/wallabag/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/wallabag/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/wallabag/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/wallabag/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/wallabag/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/wallabag/kustomization.yaml diff --git a/cluster/apps/web-tools/wallabag/patches/env.yaml b/kubernetes/cluster-0/apps/web-tools/wallabag/patches/env.yaml similarity index 100% rename from cluster/apps/web-tools/wallabag/patches/env.yaml rename to kubernetes/cluster-0/apps/web-tools/wallabag/patches/env.yaml diff --git a/cluster/apps/web-tools/wallabag/patches/postgres.yaml b/kubernetes/cluster-0/apps/web-tools/wallabag/patches/postgres.yaml similarity index 100% rename from cluster/apps/web-tools/wallabag/patches/postgres.yaml rename to kubernetes/cluster-0/apps/web-tools/wallabag/patches/postgres.yaml diff --git a/cluster/apps/web-tools/wallabag/secret.sops.yaml b/kubernetes/cluster-0/apps/web-tools/wallabag/secret.sops.yaml similarity index 100% rename from cluster/apps/web-tools/wallabag/secret.sops.yaml rename to kubernetes/cluster-0/apps/web-tools/wallabag/secret.sops.yaml diff --git a/cluster/apps/web-tools/wallabag/volume.yaml b/kubernetes/cluster-0/apps/web-tools/wallabag/volume.yaml similarity index 100% rename from cluster/apps/web-tools/wallabag/volume.yaml rename to kubernetes/cluster-0/apps/web-tools/wallabag/volume.yaml diff --git a/cluster/apps/web-tools/whoogle/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/whoogle/helm-release.yaml similarity index 98% rename from cluster/apps/web-tools/whoogle/helm-release.yaml rename to kubernetes/cluster-0/apps/web-tools/whoogle/helm-release.yaml index de0b56178..04585734a 100644 --- a/cluster/apps/web-tools/whoogle/helm-release.yaml +++ b/kubernetes/cluster-0/apps/web-tools/whoogle/helm-release.yaml @@ -12,7 +12,7 @@ spec: version: 1.0.1 sourceRef: kind: HelmRepository - name: bjw-s-charts + name: bjw-s namespace: flux-system install: createNamespace: true diff --git a/cluster/apps/web-tools/theme-park/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/whoogle/kustomization.yaml similarity index 100% rename from cluster/apps/web-tools/theme-park/kustomization.yaml rename to kubernetes/cluster-0/apps/web-tools/whoogle/kustomization.yaml diff --git a/kubernetes/cluster-0/core/cilium/configmap.yaml b/kubernetes/cluster-0/core/cilium/configmap.yaml new file mode 100644 index 000000000..046d2e372 --- /dev/null +++ b/kubernetes/cluster-0/core/cilium/configmap.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: bgp-config + namespace: kube-system +data: + config.yaml: | + peers: + - peer-address: ${LOCAL_LAN_OPNSENSE} + peer-asn: 64512 + my-asn: 64512 + address-pools: + - name: default + protocol: bgp + addresses: + - ${CILIUM_BGP_SVC_RANGE} + avoid-buggy-ips: true diff --git a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/kustomization.yaml b/kubernetes/cluster-0/core/cilium/kustomization.yaml similarity index 65% rename from cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/kustomization.yaml rename to kubernetes/cluster-0/core/cilium/kustomization.yaml index d2f0a0394..dd00d2b73 100644 --- a/cluster/apps/kube-tools/system-upgrade/system-upgrade-controller/plans/kustomization.yaml +++ b/kubernetes/cluster-0/core/cilium/kustomization.yaml @@ -1,6 +1,6 @@ --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: kube-system resources: - - server.yaml - - agent.yaml + - configmap.yaml diff --git a/cluster/core/flux-system/kustomization.yaml b/kubernetes/cluster-0/core/flux-system/kustomization.yaml similarity index 89% rename from cluster/core/flux-system/kustomization.yaml rename to kubernetes/cluster-0/core/flux-system/kustomization.yaml index f69a08e4a..a108e43ba 100644 --- a/cluster/core/flux-system/kustomization.yaml +++ b/kubernetes/cluster-0/core/flux-system/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - notifications + - weave-gitops - webhook - pod-monitor.yaml - prometheus-rule.yaml diff --git a/cluster/core/flux-system/notifications/alert-manager/kustomization.yaml b/kubernetes/cluster-0/core/flux-system/notifications/alert-manager/kustomization.yaml similarity index 100% rename from cluster/core/flux-system/notifications/alert-manager/kustomization.yaml rename to kubernetes/cluster-0/core/flux-system/notifications/alert-manager/kustomization.yaml diff --git a/cluster/core/flux-system/notifications/alert-manager/notification.yaml b/kubernetes/cluster-0/core/flux-system/notifications/alert-manager/notification.yaml similarity index 100% rename from cluster/core/flux-system/notifications/alert-manager/notification.yaml rename to kubernetes/cluster-0/core/flux-system/notifications/alert-manager/notification.yaml diff --git a/cluster/core/flux-system/notifications/github/kustomization.yaml b/kubernetes/cluster-0/core/flux-system/notifications/github/kustomization.yaml similarity index 100% rename from cluster/core/flux-system/notifications/github/kustomization.yaml rename to kubernetes/cluster-0/core/flux-system/notifications/github/kustomization.yaml diff --git a/cluster/core/flux-system/notifications/github/notification.yaml b/kubernetes/cluster-0/core/flux-system/notifications/github/notification.yaml similarity index 100% rename from cluster/core/flux-system/notifications/github/notification.yaml rename to kubernetes/cluster-0/core/flux-system/notifications/github/notification.yaml diff --git a/cluster/core/flux-system/notifications/github/secret.sops.yaml b/kubernetes/cluster-0/core/flux-system/notifications/github/secret.sops.yaml similarity index 100% rename from cluster/core/flux-system/notifications/github/secret.sops.yaml rename to kubernetes/cluster-0/core/flux-system/notifications/github/secret.sops.yaml diff --git a/cluster/core/flux-system/notifications/kustomization.yaml b/kubernetes/cluster-0/core/flux-system/notifications/kustomization.yaml similarity index 100% rename from cluster/core/flux-system/notifications/kustomization.yaml rename to kubernetes/cluster-0/core/flux-system/notifications/kustomization.yaml diff --git a/cluster/core/flux-system/pod-monitor.yaml b/kubernetes/cluster-0/core/flux-system/pod-monitor.yaml similarity index 100% rename from cluster/core/flux-system/pod-monitor.yaml rename to kubernetes/cluster-0/core/flux-system/pod-monitor.yaml diff --git a/cluster/core/flux-system/prometheus-rule.yaml b/kubernetes/cluster-0/core/flux-system/prometheus-rule.yaml similarity index 100% rename from cluster/core/flux-system/prometheus-rule.yaml rename to kubernetes/cluster-0/core/flux-system/prometheus-rule.yaml diff --git a/kubernetes/cluster-0/core/flux-system/weave-gitops/helm-release.yaml b/kubernetes/cluster-0/core/flux-system/weave-gitops/helm-release.yaml new file mode 100644 index 000000000..92bda3ce3 --- /dev/null +++ b/kubernetes/cluster-0/core/flux-system/weave-gitops/helm-release.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: weave-gitops + namespace: flux-system +spec: + interval: 30m + chart: + spec: + chart: weave-gitops + version: 4.0.7 + interval: 30m + sourceRef: + kind: HelmRepository + name: weave-gitops + values: + adminUser: + create: true + username: admin + # passwordHash: from valuesFrom + + ingress: + enabled: true + className: nginx + hosts: + - host: &host "gitops.${SECRET_CLUSTER_DOMAIN}" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + + valuesFrom: + - kind: Secret + name: weave-gitops + valuesKey: adminPassword + targetPath: adminUser.passwordHash diff --git a/kubernetes/cluster-0/core/flux-system/weave-gitops/kustomization.yaml b/kubernetes/cluster-0/core/flux-system/weave-gitops/kustomization.yaml new file mode 100644 index 000000000..8f91b5e91 --- /dev/null +++ b/kubernetes/cluster-0/core/flux-system/weave-gitops/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: flux-system +resources: + - helm-release.yaml + - secret.sops.yaml diff --git a/kubernetes/cluster-0/core/flux-system/weave-gitops/secret.sops.yaml b/kubernetes/cluster-0/core/flux-system/weave-gitops/secret.sops.yaml new file mode 100644 index 000000000..f7c88fe7f --- /dev/null +++ b/kubernetes/cluster-0/core/flux-system/weave-gitops/secret.sops.yaml @@ -0,0 +1,29 @@ +# yamllint disable +apiVersion: v1 +kind: Secret +metadata: + name: weave-gitops + namespace: flux-system +stringData: + adminPassword: ENC[AES256_GCM,data:StBu3tl/3/54rmGudER6nID4XEYLjumoMDptFBggSrrO/NJFrDAeUJilYY8AEuUBO6JHASPXS18hAlSx,iv:p8J+v7E7tktWquc1v/TotXxBZ9Fvx6UUV7+UunFZgSw=,tag:SXiYy43RvwmM2r6C+rztgQ==,type:str] +type: Opaque +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTTE0aWVrY0cva0lzNEl0 + T2d3aEs5clE2TWZZTXE4Ly8wcmpZVms5aDN3CjZoK0ptTjJXSmZiQ1RGMmk3ckJZ + RlA1YURROG9PRXNFd0UyUzlST1RydzAKLS0tIGJiVyt2elc0Q0FWaEVGN1A0bS9Z + WUlSN1lLaHh0cTVOaHBGblU3Tmh6ZUEK0jJjreF4xiwHMqhLaQKZFgeeikjeRRqg + KzsMDy93tQKSByzwSD3UFcKHW48iiQAy/J1Q12bEaXSFBkOd5mILZw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-11-19T10:51:30Z" + mac: ENC[AES256_GCM,data:1b3WHgY9H5yAxwxbHvjPKGFZWmJ1iu945G5illQs6mEfmSrR1ZPvlBKn8eMNuSv1VN18ZhGWicFPpiwwe3MVFRr1G5Vn4F2VtS9F2Ap5IvWDW+F0vJfOAp6OdpT/TOOinp1Es9Pspd4JTpkr+Pk8tGDvVtnZ0aLer+qLv4SYZKA=,iv:zr2ZuwaqNaihfcX3KUKz0yXuGqX6o9o0zXfrhIY5vv4=,tag:kNIuKQ7Z7CbwhSBqgv5F+Q==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/cluster/core/flux-system/webhook/github/ingress.yaml b/kubernetes/cluster-0/core/flux-system/webhook/github/ingress.yaml similarity index 100% rename from cluster/core/flux-system/webhook/github/ingress.yaml rename to kubernetes/cluster-0/core/flux-system/webhook/github/ingress.yaml diff --git a/cluster/core/flux-system/webhook/github/kustomization.yaml b/kubernetes/cluster-0/core/flux-system/webhook/github/kustomization.yaml similarity index 100% rename from cluster/core/flux-system/webhook/github/kustomization.yaml rename to kubernetes/cluster-0/core/flux-system/webhook/github/kustomization.yaml diff --git a/cluster/core/flux-system/webhook/github/receiver.yaml b/kubernetes/cluster-0/core/flux-system/webhook/github/receiver.yaml similarity index 100% rename from cluster/core/flux-system/webhook/github/receiver.yaml rename to kubernetes/cluster-0/core/flux-system/webhook/github/receiver.yaml diff --git a/cluster/core/flux-system/webhook/github/secret.sops.yaml b/kubernetes/cluster-0/core/flux-system/webhook/github/secret.sops.yaml similarity index 100% rename from cluster/core/flux-system/webhook/github/secret.sops.yaml rename to kubernetes/cluster-0/core/flux-system/webhook/github/secret.sops.yaml diff --git a/cluster/core/flux-system/webhook/kustomization.yaml b/kubernetes/cluster-0/core/flux-system/webhook/kustomization.yaml similarity index 100% rename from cluster/core/flux-system/webhook/kustomization.yaml rename to kubernetes/cluster-0/core/flux-system/webhook/kustomization.yaml diff --git a/cluster/core/kustomization.yaml b/kubernetes/cluster-0/core/kustomization.yaml similarity index 90% rename from cluster/core/kustomization.yaml rename to kubernetes/cluster-0/core/kustomization.yaml index db4a8dd0e..9a8596597 100644 --- a/cluster/core/kustomization.yaml +++ b/kubernetes/cluster-0/core/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - cilium - flux-system - rook-ceph diff --git a/cluster/core/rook-ceph/cluster/helm-release.yaml b/kubernetes/cluster-0/core/rook-ceph/cluster/helm-release.yaml similarity index 59% rename from cluster/core/rook-ceph/cluster/helm-release.yaml rename to kubernetes/cluster-0/core/rook-ceph/cluster/helm-release.yaml index a2d375411..ee9cb639b 100644 --- a/cluster/core/rook-ceph/cluster/helm-release.yaml +++ b/kubernetes/cluster-0/core/rook-ceph/cluster/helm-release.yaml @@ -9,10 +9,10 @@ spec: chart: spec: chart: rook-ceph-cluster - version: v1.10.5 + version: v1.10.6 sourceRef: kind: HelmRepository - name: rook-ceph-charts + name: rook-ceph namespace: flux-system install: createNamespace: true @@ -54,13 +54,13 @@ spec: config: osdsPerDevice: "1" nodes: - - name: "k3s-worker1" + - name: "talos-node-2" devices: - name: "nvme0n1" - - name: "k3s-worker2" + - name: "talos-node-3" devices: - name: "nvme0n1" - - name: "k3s-worker3" + - name: "talos-node-4" devices: - name: "nvme0n1" resources: @@ -105,7 +105,7 @@ spec: cpu: "250m" memory: "50Mi" limits: - memory: "200Mi" + memory: "2Gi" cleanup: requests: cpu: "250m" @@ -137,70 +137,67 @@ spec: csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph csi.storage.k8s.io/fstype: ext4 cephFileSystems: - [] - # - name: rook-ceph-filesystem - # spec: - # metadataPool: - # replicated: - # size: 3 - # dataPools: - # - failureDomain: host - # replicated: - # size: 3 - # name: data0 - # metadataServer: - # activeCount: 1 - # activeStandby: true - # resources: - # requests: - # cpu: 1000m - # memory: 4Gi - # limits: - # memory: 4Gi - # storageClass: - # enabled: true - # isDefault: false - # name: ceph-filesystem - # pool: data0 - # reclaimPolicy: Delete - # allowVolumeExpansion: true - # parameters: - # csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner - # csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph - # csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner - # csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph - # csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node - # csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph - # csi.storage.k8s.io/fstype: ext4 + - name: rook-ceph-filesystem + spec: + metadataPool: + replicated: + size: 3 + dataPools: + - failureDomain: host + replicated: + size: 3 + metadataServer: + activeCount: 1 + activeStandby: true + resources: + requests: + cpu: "35m" + memory: "64M" + limits: + memory: "600M" + storageClass: + enabled: true + isDefault: false + name: rook-ceph-filesystem + reclaimPolicy: Delete + allowVolumeExpansion: true + mountOptions: [] + parameters: + csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner + csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph + csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner + csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph + csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node + csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph + csi.storage.k8s.io/fstype: ext4 cephObjectStores: - [] - # - name: rook-ceph-objectstore - # spec: - # metadataPool: - # failureDomain: host - # replicated: - # size: 3 - # dataPool: - # failureDomain: host - # erasureCoded: - # dataChunks: 2 - # codingChunks: 1 - # preservePoolsOnDelete: true - # gateway: - # port: 80 - # resources: - # requests: - # cpu: 1000m - # memory: 1Gi - # limits: - # memory: 2Gi - # instances: 1 - # healthCheck: - # bucket: - # interval: 60s - # storageClass: - # enabled: true - # name: rook-ceph-bucket - # reclaimPolicy: Delete - # parameters: - # region: us-east-1 + - name: rook-ceph-objectstore + spec: + metadataPool: + failureDomain: host + replicated: + size: 3 + dataPool: + failureDomain: host + erasureCoded: + dataChunks: 2 + codingChunks: 1 + preservePoolsOnDelete: true + gateway: + port: 80 + resources: + requests: + cpu: 100m + memory: 128M + limits: + memory: 2Gi + instances: 1 + healthCheck: + bucket: + interval: 60s + storageClass: + enabled: true + name: rook-ceph-bucket + reclaimPolicy: Delete + parameters: + region: us-east-1 diff --git a/cluster/core/rook-ceph/cluster/kustomization.yaml b/kubernetes/cluster-0/core/rook-ceph/cluster/kustomization.yaml similarity index 100% rename from cluster/core/rook-ceph/cluster/kustomization.yaml rename to kubernetes/cluster-0/core/rook-ceph/cluster/kustomization.yaml diff --git a/cluster/core/rook-ceph/kustomization.yaml b/kubernetes/cluster-0/core/rook-ceph/kustomization.yaml similarity index 72% rename from cluster/core/rook-ceph/kustomization.yaml rename to kubernetes/cluster-0/core/rook-ceph/kustomization.yaml index 5250fc112..91c48feed 100644 --- a/cluster/core/rook-ceph/kustomization.yaml +++ b/kubernetes/cluster-0/core/rook-ceph/kustomization.yaml @@ -4,5 +4,4 @@ resources: - namespace.yaml - operator - cluster - - rook-direct-mount - - snapshot-controller + - rook-toolbox diff --git a/cluster/core/rook-ceph/namespace.yaml b/kubernetes/cluster-0/core/rook-ceph/namespace.yaml similarity index 100% rename from cluster/core/rook-ceph/namespace.yaml rename to kubernetes/cluster-0/core/rook-ceph/namespace.yaml diff --git a/cluster/core/rook-ceph/operator/helm-release.yaml b/kubernetes/cluster-0/core/rook-ceph/operator/helm-release.yaml similarity index 90% rename from cluster/core/rook-ceph/operator/helm-release.yaml rename to kubernetes/cluster-0/core/rook-ceph/operator/helm-release.yaml index 39988a17d..c1031e787 100644 --- a/cluster/core/rook-ceph/operator/helm-release.yaml +++ b/kubernetes/cluster-0/core/rook-ceph/operator/helm-release.yaml @@ -9,10 +9,10 @@ spec: chart: spec: chart: rook-ceph - version: v1.10.5 + version: v1.10.6 sourceRef: kind: HelmRepository - name: rook-ceph-charts + name: rook-ceph namespace: flux-system values: crds: diff --git a/cluster/core/rook-ceph/operator/kustomization.yaml b/kubernetes/cluster-0/core/rook-ceph/operator/kustomization.yaml similarity index 100% rename from cluster/core/rook-ceph/operator/kustomization.yaml rename to kubernetes/cluster-0/core/rook-ceph/operator/kustomization.yaml diff --git a/kubernetes/cluster-0/core/rook-ceph/rook-toolbox/deployment.yaml b/kubernetes/cluster-0/core/rook-ceph/rook-toolbox/deployment.yaml new file mode 100644 index 000000000..863ac094e --- /dev/null +++ b/kubernetes/cluster-0/core/rook-ceph/rook-toolbox/deployment.yaml @@ -0,0 +1,73 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: &app rook-toolbox + namespace: rook-ceph +spec: + interval: 15m + chart: + spec: + chart: app-template + version: 1.0.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 5 + upgrade: + remediation: + retries: 5 + values: + global: + nameOverride: *app + image: + repository: rook/ceph + tag: v1.10.6 + command: ["/usr/local/bin/toolbox.sh"] + env: + ROOK_CEPH_USERNAME: + valueFrom: + secretKeyRef: + name: rook-ceph-mon + key: ceph-username + ROOK_CEPH_SECRET: + valueFrom: + secretKeyRef: + name: rook-ceph-mon + key: ceph-secret + hostNetwork: true + podSecurityContext: + runAsUser: 0 + runAsGroup: 0 + securityContext: + privileged: true + persistence: + dev: + enabled: true + type: hostPath + hostPath: /dev + mountPath: /dev + libmodules: + enabled: true + type: hostPath + hostPath: /lib/modules + mountPath: /lib/modules + mon-endpoint-volume: + enabled: true + type: configMap + name: rook-ceph-mon-endpoints + subPath: data + mountPath: /etc/rook/mon-endpoints + readOnly: true + sysbus: + enabled: true + type: hostPath + hostPath: /sys/bus + mountPath: /sys/bus + service: + main: + enabled: false diff --git a/cluster/core/rook-ceph/rook-direct-mount/kustomization.yaml b/kubernetes/cluster-0/core/rook-ceph/rook-toolbox/kustomization.yaml similarity index 100% rename from cluster/core/rook-ceph/rook-direct-mount/kustomization.yaml rename to kubernetes/cluster-0/core/rook-ceph/rook-toolbox/kustomization.yaml diff --git a/kubernetes/flux/flux-cluster.yaml b/kubernetes/flux/flux-cluster.yaml new file mode 100644 index 000000000..a0e3e9faf --- /dev/null +++ b/kubernetes/flux/flux-cluster.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: GitRepository +metadata: + name: home-ops + namespace: flux-system +spec: + interval: 30m + # https://github.com/k8s-at-home/template-cluster-k3s/issues/324 + url: ssh://git@github.com/auricom/home-ops + ref: + branch: main + secretRef: + name: github-deploy-key +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: flux-cluster + namespace: flux-system +spec: + interval: 30m + path: ./kubernetes/flux + prune: true + wait: false + sourceRef: + kind: GitRepository + name: home-ops +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: base + namespace: flux-system +spec: + interval: 10m0s + path: ./kubernetes/base + prune: true + sourceRef: + kind: GitRepository + name: home-ops + decryption: + provider: sops + secretRef: + name: sops-age +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: core + namespace: flux-system +spec: + interval: 10m0s + dependsOn: + - name: base + path: ./kubernetes/cluster-0/core + prune: false + sourceRef: + kind: GitRepository + name: home-ops + decryption: + provider: sops + secretRef: + name: sops-age + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: apps + namespace: flux-system +spec: + interval: 10m0s + dependsOn: + - name: core + path: ./kubernetes/cluster-0/apps + prune: true + sourceRef: + kind: GitRepository + name: home-ops + decryption: + provider: sops + secretRef: + name: sops-age + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets diff --git a/cluster/flux/flux-system/flux-installation.yaml b/kubernetes/flux/flux-installation.yaml similarity index 100% rename from cluster/flux/flux-system/flux-installation.yaml rename to kubernetes/flux/flux-installation.yaml diff --git a/cluster/flux/flux-system/flux-prereqs.yaml b/kubernetes/flux/flux-prereqs.yaml similarity index 100% rename from cluster/flux/flux-system/flux-prereqs.yaml rename to kubernetes/flux/flux-prereqs.yaml diff --git a/cluster/flux/flux-system/kustomization.yaml b/kubernetes/flux/kustomization.yaml similarity index 84% rename from cluster/flux/flux-system/kustomization.yaml rename to kubernetes/flux/kustomization.yaml index 599a45f22..ccf465431 100644 --- a/cluster/flux/flux-system/kustomization.yaml +++ b/kubernetes/flux/kustomization.yaml @@ -3,3 +3,4 @@ kind: Kustomization resources: - flux-installation.yaml - flux-cluster.yaml + - flux-prereqs.yaml diff --git a/hack/kopia-restore.yaml b/kubernetes/tools/kopia-restore.yaml similarity index 100% rename from hack/kopia-restore.yaml rename to kubernetes/tools/kopia-restore.yaml diff --git a/kubernetes/tools/wipe-rook.yaml b/kubernetes/tools/wipe-rook.yaml new file mode 100644 index 000000000..4b4ae619d --- /dev/null +++ b/kubernetes/tools/wipe-rook.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: disk-wipe-talos-node-2 +spec: + restartPolicy: Never + nodeName: talos-node-2 + containers: + - name: disk-wipe + image: rook/ceph:v1.10.6 + securityContext: + privileged: true + command: + [ + "/bin/sh", + "-c", + "sgdisk --zap-all /dev/nvme0n1", + "dd if=/dev/zero bs=1M count=10000 oflag=direct of=/dev/nvme0n1", + "blkdiscard /dev/nvme0n1", + "partprobe /dev/nvme0n1", + ] + volumeMounts: + - mountPath: /dev + name: dev + securityContext: + runAsUser: 0 + runAsGroup: 0 + volumes: + - name: dev + hostPath: + path: /dev +--- +apiVersion: v1 +kind: Pod +metadata: + name: disk-wipe-talos-node-3 +spec: + restartPolicy: Never + nodeName: talos-node-3 + containers: + - name: disk-wipe + image: rook/ceph:v1.10.6 + securityContext: + privileged: true + command: + [ + "/bin/sh", + "-c", + "sgdisk --zap-all /dev/nvme0n1", + "dd if=/dev/zero bs=1M count=10000 oflag=direct of=/dev/nvme0n1", + "blkdiscard /dev/nvme0n1", + "partprobe /dev/nvme0n1", + ] + volumeMounts: + - mountPath: /dev + name: dev + securityContext: + runAsUser: 0 + runAsGroup: 0 + volumes: + - name: dev + hostPath: + path: /dev +--- +apiVersion: v1 +kind: Pod +metadata: + name: disk-wipe-talos-node-4 +spec: + restartPolicy: Never + nodeName: talos-node-4 + containers: + - name: disk-wipe + image: rook/ceph:v1.10.6 + securityContext: + privileged: true + command: + [ + "/bin/sh", + "-c", + "sgdisk --zap-all /dev/nvme0n1", + "dd if=/dev/zero bs=1M count=10000 oflag=direct of=/dev/nvme0n1", + "blkdiscard /dev/nvme0n1", + "partprobe /dev/nvme0n1", + ] + volumeMounts: + - mountPath: /dev + name: dev + securityContext: + runAsUser: 0 + runAsGroup: 0 + volumes: + - name: dev + hostPath: + path: /dev diff --git a/server/README.md b/server/README.md deleted file mode 100644 index 66ec9a734..000000000 --- a/server/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Server infrastructure - -These Ansible Playbooks and Roles are for preparing an Ubuntu 20.10.x OS to play nicely with Kubernetes and standing up k3s ontop of the nodes. diff --git a/server/pxe/grub/grub.cfg b/server/pxe/grub/grub.cfg deleted file mode 100644 index fe2242d28..000000000 --- a/server/pxe/grub/grub.cfg +++ /dev/null @@ -1,13 +0,0 @@ -default=autoinstall -timeout=5 -timeout_style=menu - -menuentry "Focal Live Installer - automated" --id=autoinstall { - configfile /nodes/$net_default_mac.conf -} -menuentry "Focal Live Installer" --id=install { - echo "Loading Kernel..." - linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso - echo "Loading Ram Disk..." - initrd /pxelinux/initrd -} \ No newline at end of file diff --git a/server/pxe/nodes/1c:69:7a:01:28:ae.conf b/server/pxe/nodes/1c:69:7a:01:28:ae.conf deleted file mode 100644 index 27b4470c5..000000000 --- a/server/pxe/nodes/1c:69:7a:01:28:ae.conf +++ /dev/null @@ -1,10 +0,0 @@ -default=autoinstall -timeout=5 -timeout_style=menu -menuentry "k3s-worker3 Autoinstall" --id=autoinstall { - echo "Loading Kernel..." - # make sure to escape the ';' - linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso autoinstall ds=nocloud-net\;s=http://192.168.8.1:30080/nodes/k3s-worker3/ - echo "Loading Ram Disk..." - initrd /pxelinux/initrd -} \ No newline at end of file diff --git a/server/pxe/nodes/1c:69:7a:0d:0e:e9.conf b/server/pxe/nodes/1c:69:7a:0d:0e:e9.conf deleted file mode 100644 index 6a6163530..000000000 --- a/server/pxe/nodes/1c:69:7a:0d:0e:e9.conf +++ /dev/null @@ -1,10 +0,0 @@ -default=autoinstall -timeout=5 -timeout_style=menu -menuentry "k3s-worker1 Autoinstall" --id=autoinstall { - echo "Loading Kernel..." - # make sure to escape the ';' - linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso autoinstall ds=nocloud-net\;s=http://192.168.8.1:30080/nodes/k3s-worker1/ - echo "Loading Ram Disk..." - initrd /pxelinux/initrd -} \ No newline at end of file diff --git a/server/pxe/nodes/1c:69:7a:0f:9f:ab.conf b/server/pxe/nodes/1c:69:7a:0f:9f:ab.conf deleted file mode 100644 index 0749ac1d0..000000000 --- a/server/pxe/nodes/1c:69:7a:0f:9f:ab.conf +++ /dev/null @@ -1,10 +0,0 @@ -default=autoinstall -timeout=5 -timeout_style=menu -menuentry "k3s-worker2 Autoinstall" --id=autoinstall { - echo "Loading Kernel..." - # make sure to escape the ';' - linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso autoinstall ds=nocloud-net\;s=http://192.168.8.1:30080/nodes/k3s-worker2/ - echo "Loading Ram Disk..." - initrd /pxelinux/initrd -} \ No newline at end of file diff --git a/server/pxe/nodes/f4:4d:30:69:76:2d.conf b/server/pxe/nodes/f4:4d:30:69:76:2d.conf deleted file mode 100644 index 5944ba9e3..000000000 --- a/server/pxe/nodes/f4:4d:30:69:76:2d.conf +++ /dev/null @@ -1,10 +0,0 @@ -default=autoinstall -timeout=5 -timeout_style=menu -menuentry "k3s-server Autoinstall" --id=autoinstall { - echo "Loading Kernel..." - # make sure to escape the ';' - linux /pxelinux/vmlinuz ip=dhcp url=http://192.168.8.1:30080/ubuntu-20.04.2-live-server-amd64.iso autoinstall ds=nocloud-net\;s=http://192.168.8.1:30080/nodes/k3s-server/ - echo "Loading Ram Disk..." - initrd /pxelinux/initrd -} \ No newline at end of file diff --git a/server/pxe/nodes/k3s-server/meta-data b/server/pxe/nodes/k3s-server/meta-data deleted file mode 100644 index 49d3dd102..000000000 --- a/server/pxe/nodes/k3s-server/meta-data +++ /dev/null @@ -1 +0,0 @@ -instance-id: focal-autoinstall \ No newline at end of file diff --git a/server/pxe/nodes/k3s-server/user-data b/server/pxe/nodes/k3s-server/user-data deleted file mode 100644 index 85fa3078a..000000000 --- a/server/pxe/nodes/k3s-server/user-data +++ /dev/null @@ -1,89 +0,0 @@ -#cloud-config -autoinstall: - version: 1 - refresh-installer: - update: true - apt: - geoip: true - preserve_sources_list: false - primary: - - arches: [amd64, i386] - uri: http://archive.ubuntu.com/ubuntu - - arches: [default] - uri: http://ports.ubuntu.com/ubuntu-ports - identity: - hostname: k3s-server - # mkpasswd --method=SHA-512 ubuntu - # python3 -c 'import crypt; print(crypt.crypt("ubuntu", crypt.mksalt(crypt.METHOD_SHA512)))' - password: $6$UKxMOUUjgoIasmuo$dgSyUpYzokiWNV7wZASBVfRXVrTQT5xmtxItqdQxfi86MI8Th/63iAcFLR97JAQXdBi0nV.pmZR.8uryF1SfG1 - realname: Ubuntu - username: ubuntu - keyboard: - layout: fr - toggle: null - variant: "" - locale: en_US.UTF-8 - network: - version: 2 - ethernets: - eno1: - dhcp4: true - critical: true - dhcp-identifier: mac - ssh: - allow-pw: false - install-server: true - authorized-keys: - # claude-fixe-fedora - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora" - # claude-thinkpad-fedora - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora" - storage: - grub: - reorder_uefi: false - swap: - size: 0 - config: - - id: root-disk-0 - type: disk - path: /dev/sda - wipe: superblock-recursive - preserve: false - grub_device: false - name: "" - ptable: gpt - - id: root-partition-0 - type: partition - device: root-disk-0 - size: 512M - wipe: superblock - flag: boot - number: 1 - preserve: false - grub_device: true - - id: root-format-0 - type: format - fstype: fat32 - volume: root-partition-0 - preserve: false - - id: root-partition-1 - type: partition - device: root-disk-0 - size: -1 - wipe: superblock - flag: "" - number: 2 - preserve: false - - id: root-format-1 - type: format - fstype: ext4 - volume: root-partition-1 - preserve: false - - id: root-mount-0 - type: mount - device: root-format-0 - path: /boot/efi - - id: root-mount-1 - type: mount - device: root-format-1 - path: / diff --git a/server/pxe/nodes/k3s-worker1/meta-data b/server/pxe/nodes/k3s-worker1/meta-data deleted file mode 100644 index 49d3dd102..000000000 --- a/server/pxe/nodes/k3s-worker1/meta-data +++ /dev/null @@ -1 +0,0 @@ -instance-id: focal-autoinstall \ No newline at end of file diff --git a/server/pxe/nodes/k3s-worker1/user-data b/server/pxe/nodes/k3s-worker1/user-data deleted file mode 100644 index 579b5950b..000000000 --- a/server/pxe/nodes/k3s-worker1/user-data +++ /dev/null @@ -1,89 +0,0 @@ -#cloud-config -autoinstall: - version: 1 - refresh-installer: - update: true - apt: - geoip: true - preserve_sources_list: false - primary: - - arches: [amd64, i386] - uri: http://archive.ubuntu.com/ubuntu - - arches: [default] - uri: http://ports.ubuntu.com/ubuntu-ports - identity: - hostname: k3s-worker1 - # mkpasswd --method=SHA-512 ubuntu - # python3 -c 'import crypt; print(crypt.crypt("ubuntu", crypt.mksalt(crypt.METHOD_SHA512)))' - password: $6$UKxMOUUjgoIasmuo$dgSyUpYzokiWNV7wZASBVfRXVrTQT5xmtxItqdQxfi86MI8Th/63iAcFLR97JAQXdBi0nV.pmZR.8uryF1SfG1 - realname: Ubuntu - username: ubuntu - keyboard: - layout: fr - toggle: null - variant: "" - locale: en_US.UTF-8 - network: - version: 2 - ethernets: - eno1: - dhcp4: true - critical: true - dhcp-identifier: mac - ssh: - allow-pw: false - install-server: true - authorized-keys: - # claude-fixe-fedora - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora" - # claude-thinkpad-fedora - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora" - storage: - grub: - reorder_uefi: false - swap: - size: 0 - config: - - id: root-disk-0 - type: disk - path: /dev/sda - wipe: superblock-recursive - preserve: false - grub_device: false - name: "" - ptable: gpt - - id: root-partition-0 - type: partition - device: root-disk-0 - size: 512M - wipe: superblock - flag: boot - number: 1 - preserve: false - grub_device: true - - id: root-format-0 - type: format - fstype: fat32 - volume: root-partition-0 - preserve: false - - id: root-partition-1 - type: partition - device: root-disk-0 - size: -1 - wipe: superblock - flag: "" - number: 2 - preserve: false - - id: root-format-1 - type: format - fstype: ext4 - volume: root-partition-1 - preserve: false - - id: root-mount-0 - type: mount - device: root-format-0 - path: /boot/efi - - id: root-mount-1 - type: mount - device: root-format-1 - path: / diff --git a/server/pxe/nodes/k3s-worker2/meta-data b/server/pxe/nodes/k3s-worker2/meta-data deleted file mode 100644 index 49d3dd102..000000000 --- a/server/pxe/nodes/k3s-worker2/meta-data +++ /dev/null @@ -1 +0,0 @@ -instance-id: focal-autoinstall \ No newline at end of file diff --git a/server/pxe/nodes/k3s-worker2/user-data b/server/pxe/nodes/k3s-worker2/user-data deleted file mode 100644 index db326dea8..000000000 --- a/server/pxe/nodes/k3s-worker2/user-data +++ /dev/null @@ -1,89 +0,0 @@ -#cloud-config -autoinstall: - version: 1 - refresh-installer: - update: true - apt: - geoip: true - preserve_sources_list: false - primary: - - arches: [amd64, i386] - uri: http://archive.ubuntu.com/ubuntu - - arches: [default] - uri: http://ports.ubuntu.com/ubuntu-ports - identity: - hostname: k3s-worker2 - # mkpasswd --method=SHA-512 ubuntu - # python3 -c 'import crypt; print(crypt.crypt("ubuntu", crypt.mksalt(crypt.METHOD_SHA512)))' - password: $6$UKxMOUUjgoIasmuo$dgSyUpYzokiWNV7wZASBVfRXVrTQT5xmtxItqdQxfi86MI8Th/63iAcFLR97JAQXdBi0nV.pmZR.8uryF1SfG1 - realname: Ubuntu - username: ubuntu - keyboard: - layout: fr - toggle: null - variant: "" - locale: en_US.UTF-8 - network: - version: 2 - ethernets: - eno1: - dhcp4: true - critical: true - dhcp-identifier: mac - ssh: - allow-pw: false - install-server: true - authorized-keys: - # claude-fixe-fedora - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora" - # claude-thinkpad-fedora - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora" - storage: - grub: - reorder_uefi: false - swap: - size: 0 - config: - - id: root-disk-0 - type: disk - path: /dev/sda - wipe: superblock-recursive - preserve: false - grub_device: false - name: "" - ptable: gpt - - id: root-partition-0 - type: partition - device: root-disk-0 - size: 512M - wipe: superblock - flag: boot - number: 1 - preserve: false - grub_device: true - - id: root-format-0 - type: format - fstype: fat32 - volume: root-partition-0 - preserve: false - - id: root-partition-1 - type: partition - device: root-disk-0 - size: -1 - wipe: superblock - flag: "" - number: 2 - preserve: false - - id: root-format-1 - type: format - fstype: ext4 - volume: root-partition-1 - preserve: false - - id: root-mount-0 - type: mount - device: root-format-0 - path: /boot/efi - - id: root-mount-1 - type: mount - device: root-format-1 - path: / diff --git a/server/pxe/nodes/k3s-worker3/meta-data b/server/pxe/nodes/k3s-worker3/meta-data deleted file mode 100644 index 49d3dd102..000000000 --- a/server/pxe/nodes/k3s-worker3/meta-data +++ /dev/null @@ -1 +0,0 @@ -instance-id: focal-autoinstall \ No newline at end of file diff --git a/server/pxe/nodes/k3s-worker3/user-data b/server/pxe/nodes/k3s-worker3/user-data deleted file mode 100644 index d43caa009..000000000 --- a/server/pxe/nodes/k3s-worker3/user-data +++ /dev/null @@ -1,89 +0,0 @@ -#cloud-config -autoinstall: - version: 1 - refresh-installer: - update: true - apt: - geoip: true - preserve_sources_list: false - primary: - - arches: [amd64, i386] - uri: http://archive.ubuntu.com/ubuntu - - arches: [default] - uri: http://ports.ubuntu.com/ubuntu-ports - identity: - hostname: k3s-worker3 - # mkpasswd --method=SHA-512 ubuntu - # python3 -c 'import crypt; print(crypt.crypt("ubuntu", crypt.mksalt(crypt.METHOD_SHA512)))' - password: $6$UKxMOUUjgoIasmuo$dgSyUpYzokiWNV7wZASBVfRXVrTQT5xmtxItqdQxfi86MI8Th/63iAcFLR97JAQXdBi0nV.pmZR.8uryF1SfG1 - realname: Ubuntu - username: ubuntu - keyboard: - layout: fr - toggle: null - variant: "" - locale: en_US.UTF-8 - network: - version: 2 - ethernets: - eno1: - dhcp4: true - critical: true - dhcp-identifier: mac - ssh: - allow-pw: false - install-server: true - authorized-keys: - # claude-fixe-fedora - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora" - # claude-thinkpad-fedora - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora" - storage: - grub: - reorder_uefi: false - swap: - size: 0 - config: - - id: root-disk-0 - type: disk - path: /dev/sda - wipe: superblock-recursive - preserve: false - grub_device: false - name: "" - ptable: gpt - - id: root-partition-0 - type: partition - device: root-disk-0 - size: 512M - wipe: superblock - flag: boot - number: 1 - preserve: false - grub_device: true - - id: root-format-0 - type: format - fstype: fat32 - volume: root-partition-0 - preserve: false - - id: root-partition-1 - type: partition - device: root-disk-0 - size: -1 - wipe: superblock - flag: "" - number: 2 - preserve: false - - id: root-format-1 - type: format - fstype: ext4 - volume: root-partition-1 - preserve: false - - id: root-mount-0 - type: mount - device: root-format-0 - path: /boot/efi - - id: root-mount-1 - type: mount - device: root-format-1 - path: / diff --git a/server/pxe/pxe.conf b/server/pxe/pxe.conf deleted file mode 100644 index 59b432a58..000000000 --- a/server/pxe/pxe.conf +++ /dev/null @@ -1,12 +0,0 @@ -# enable tftp -enable-tftp -# set tftp root path -tftp-root=/var/lib/tftpboot -# disable dnsmasq dns -port=0 -# set dns server -dhcp-option=6,192.168.8.1 -# set router -dhcp-option=3,192.168.8.1 -# set pxelinux boot image -dhcp-boot=pxelinux/pxelinux.0 \ No newline at end of file diff --git a/talos/talconfig.yaml b/talos/talconfig.yaml deleted file mode 100644 index e69de29bb..000000000