shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

new talos cluster

Browse Source
This commit is contained in:
auricom
2022-11-19 04:47:32 +01:00
parent 42346bd99b
commit 4ac38f95e9
548 changed files with 1642 additions and 2331 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
kubernetes/cluster-0/core/cilium/configmap.yaml Normal file
View File

@@ -0,0 +1,18 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: bgp-config
namespace: kube-system
data:
config.yaml: |
peers:
- peer-address: ${LOCAL_LAN_OPNSENSE}
peer-asn: 64512
my-asn: 64512
address-pools:
- name: default
protocol: bgp
addresses:
- ${CILIUM_BGP_SVC_RANGE}
avoid-buggy-ips: true

6
kubernetes/cluster-0/core/cilium/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kube-system
resources:
- configmap.yaml

8
kubernetes/cluster-0/core/flux-system/kustomization.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- notifications
- weave-gitops
- webhook
- pod-monitor.yaml
- prometheus-rule.yaml

4
kubernetes/cluster-0/core/flux-system/notifications/alert-manager/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- notification.yaml

33
kubernetes/cluster-0/core/flux-system/notifications/alert-manager/notification.yaml Normal file
View File

@@ -0,0 +1,33 @@
---
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Provider
metadata:
name: alert-manager
namespace: flux-system
spec:
type: alertmanager
address: http://kube-prometheus-stack-alertmanager.monitoring:9093/api/v2/alerts/
---
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Alert
metadata:
name: alert-manager
namespace: flux-system
spec:
providerRef:
name: alert-manager
eventSeverity: error
eventSources:
- kind: GitRepository
name: "*"
- kind: HelmRelease
name: "*"
- kind: HelmRepository
name: "*"
- kind: Kustomization
name: "*"
exclusionList:
- "error.*lookup github\\.com"
- "waiting.*socket"
- "dial.*tcp.*timeout"
suspend: false

6
kubernetes/cluster-0/core/flux-system/notifications/github/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- notification.yaml
- secret.sops.yaml

26
kubernetes/cluster-0/core/flux-system/notifications/github/notification.yaml Normal file
View File

@@ -0,0 +1,26 @@
---
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Provider
metadata:
name: github
namespace: flux-system
spec:
type: github
address: https://github.com/auricom/home-ops
secretRef:
name: github-token
---
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Alert
metadata:
name: github
namespace: flux-system
spec:
providerRef:
name: github
eventSeverity: info
eventSources:
- kind: Kustomization
name: "*"
- kind: HelmRelease
name: "*"

28
kubernetes/cluster-0/core/flux-system/notifications/github/secret.sops.yaml Normal file
View File

@@ -0,0 +1,28 @@
# yamllint disable
apiVersion: v1
kind: Secret
metadata:
name: github-token
namespace: flux-system
stringData:
token: ENC[AES256_GCM,data:MijeX3Zk62v/9zLNbXCRKv/qCcW60y6doQeMwVbGEEgd1x2GK0M5Sg==,iv:5dRwHdb40jD/hyNow9iZco4WglmzcbSEOTN0iI3kHyc=,tag:+mBUypMeV1rvh9HsxyTkMw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpQ0wxZy9rTERQZzRhVkJQ
azZDZ3dxMzZMTGovQWhSNHFiblB0OGRFRnhrCjZFRTVXaWNoSHF3VnRJNE1vRVhi
Sm92RWtVOFZWQldiaER2TnBXcldTclkKLS0tIDk5bkNwem5SOE14T3VKWTdISzMr
c0xvS1hoZ2ZUbyswUDJmWTQ5cUJIL00KOzoh9t/QtMJ3DXzagZNz5MbuqK8mtx2N
apAGT2tSzS9e2Pl8OruH57SGs972wHJQ9pnIHdbzhHkviIChUVApmg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-12T22:06:51Z"
mac: ENC[AES256_GCM,data:HNY3DtP5mX1ivOOnuv8hBnKhQIXiH7NLLiRh7rloHNMhq5NY1a1BnaS7FMhUq3vxcE9XMgvG7A/gLKI3diezS779vaiSrpnHS3cbb45J0hGB1bqOrkhAV+BQgOiPL6hrv2ouA2VK1VOin9z7kBzXCIOh9UnZmNi0H/Qy6e/45X4=,iv:5fbAnwGoKAYFcFhf5Di6epWvNZgwyX71QJQSN/Krt/k=,tag:Mu+KOOea1XkYJtO1HawxPA==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

5
kubernetes/cluster-0/core/flux-system/notifications/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- alert-manager
- github

19
kubernetes/cluster-0/core/flux-system/pod-monitor.yaml Normal file
View File

@@ -0,0 +1,19 @@
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: flux-system
namespace: flux-system
labels:
app.kubernetes.io/part-of: flux
spec:
namespaceSelector:
matchNames:
- flux-system
selector:
matchExpressions:
- key: app
operator: Exists
podMetricsEndpoints:
- port: http-prom
honorLabels: true

18
kubernetes/cluster-0/core/flux-system/prometheus-rule.yaml Normal file
View File

@@ -0,0 +1,18 @@
---
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: flux
namespace: flux-system
spec:
groups:
- name: flux.rules
rules:
- alert: FluxComponentAbsent
annotations:
summary: Flux component has disappeared from Prometheus target discovery.
expr: |
absent(up{job=~".*flux-system.*"} == 1)
for: 15m
labels:
severity: critical

39
kubernetes/cluster-0/core/flux-system/weave-gitops/helm-release.yaml Normal file
View File

@@ -0,0 +1,39 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: weave-gitops
namespace: flux-system
spec:
interval: 30m
chart:
spec:
chart: weave-gitops
version: 4.0.7
interval: 30m
sourceRef:
kind: HelmRepository
name: weave-gitops
values:
adminUser:
create: true
username: admin
# passwordHash: from valuesFrom
ingress:
enabled: true
className: nginx
hosts:
- host: &host "gitops.${SECRET_CLUSTER_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
valuesFrom:
- kind: Secret
name: weave-gitops
valuesKey: adminPassword
targetPath: adminUser.passwordHash

7
kubernetes/cluster-0/core/flux-system/weave-gitops/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: flux-system
resources:
- helm-release.yaml
- secret.sops.yaml

29
kubernetes/cluster-0/core/flux-system/weave-gitops/secret.sops.yaml Normal file
View File

@@ -0,0 +1,29 @@
# yamllint disable
apiVersion: v1
kind: Secret
metadata:
name: weave-gitops
namespace: flux-system
stringData:
adminPassword: ENC[AES256_GCM,data:StBu3tl/3/54rmGudER6nID4XEYLjumoMDptFBggSrrO/NJFrDAeUJilYY8AEuUBO6JHASPXS18hAlSx,iv:p8J+v7E7tktWquc1v/TotXxBZ9Fvx6UUV7+UunFZgSw=,tag:SXiYy43RvwmM2r6C+rztgQ==,type:str]
type: Opaque
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTTE0aWVrY0cva0lzNEl0
T2d3aEs5clE2TWZZTXE4Ly8wcmpZVms5aDN3CjZoK0ptTjJXSmZiQ1RGMmk3ckJZ
RlA1YURROG9PRXNFd0UyUzlST1RydzAKLS0tIGJiVyt2elc0Q0FWaEVGN1A0bS9Z
WUlSN1lLaHh0cTVOaHBGblU3Tmh6ZUEK0jJjreF4xiwHMqhLaQKZFgeeikjeRRqg
KzsMDy93tQKSByzwSD3UFcKHW48iiQAy/J1Q12bEaXSFBkOd5mILZw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-11-19T10:51:30Z"
mac: ENC[AES256_GCM,data:1b3WHgY9H5yAxwxbHvjPKGFZWmJ1iu945G5illQs6mEfmSrR1ZPvlBKn8eMNuSv1VN18ZhGWicFPpiwwe3MVFRr1G5Vn4F2VtS9F2Ap5IvWDW+F0vJfOAp6OdpT/TOOinp1Es9Pspd4JTpkr+Pk8tGDvVtnZ0aLer+qLv4SYZKA=,iv:zr2ZuwaqNaihfcX3KUKz0yXuGqX6o9o0zXfrhIY5vv4=,tag:kNIuKQ7Z7CbwhSBqgv5F+Q==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

24
kubernetes/cluster-0/core/flux-system/webhook/github/ingress.yaml Normal file
View File

@@ -0,0 +1,24 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: webhook-receiver
namespace: flux-system
annotations:
external-dns.home.arpa/enabled: "true"
spec:
ingressClassName: "nginx"
rules:
- host: "flux-webhook.${SECRET_CLUSTER_DOMAIN}"
http:
paths:
- path: /hook/
pathType: Prefix
backend:
service:
name: webhook-receiver
port:
number: 80
tls:
- hosts:
- "flux-webhook.${SECRET_CLUSTER_DOMAIN}"

7
kubernetes/cluster-0/core/flux-system/webhook/github/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- secret.sops.yaml
- ingress.yaml
- receiver.yaml

42
kubernetes/cluster-0/core/flux-system/webhook/github/receiver.yaml Normal file
View File

@@ -0,0 +1,42 @@
---
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Receiver
metadata:
name: home-ops
namespace: flux-system
spec:
type: github
events:
- ping
- push
secretRef:
name: github-webhook-token
resources:
- apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: GitRepository
name: flux-cluster
namespace: flux-system
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
name: apps
namespace: flux-system
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
name: charts
namespace: flux-system
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
name: configuration
namespace: flux-system
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
name: core
namespace: flux-system
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
name: flux-cluster
namespace: flux-system
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
name: crds
namespace: flux-system

28
kubernetes/cluster-0/core/flux-system/webhook/github/secret.sops.yaml Normal file
View File

@@ -0,0 +1,28 @@
# yamllint disable
apiVersion: v1
kind: Secret
metadata:
name: github-webhook-token
namespace: flux-system
stringData:
token: ENC[AES256_GCM,data:PZfBsK+zNZE/DENaBkQPZEfkyN1d5mtxfAh5RtPfZ6JVeg9OWs5rgg==,iv:hCIawcGPC9SS5fC1cXHnJJ6sY4u5QtgeHWLwmlRf4p0=,tag:F9dBKyqi6LtBKC6cms8rBw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2cXVUWXpjdXUveGE5M3Bl
SzVhQ0phSlVMN0tMMDZRUnM1UXFpbktxd3pzCkZwQ2dmSys4L0UrREtMekJwUkNC
amovOWJBdEs5aTZSZVkxeHliTTk2VEEKLS0tIG8xb0dKRGZyc0VSU0RMZ01HdkFk
dVJzZGNrWFhoVmd0MnVUbHpKdU1XcDQKLD4TlyCxE57RFvUFqLDuhsEyoBC+12Yu
IZzMQYI6bDVnsfv3BzlYAm4qHHPUnhtUX3Wdx/u5ZwOlpxcyBUqNFg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-13T20:01:22Z"
mac: ENC[AES256_GCM,data:4/WPXRmc2OpOlVDro7r196SyOthcxJ7W+S9517j7vdH5xFkn2sEbIycqXdtB9+BYzR4ytKDjCDrV0qRyQEWGzGEmFrgIbA6PbYosVXzuxxWOKdCi/PTZdRuKOFkF8imJ78rB53FovYT+KLk20j2T3BmrTG2pYc+GC+KEJZ4WQwM=,iv:G1Cu4AwP7xAE4YFKAKzJ/jgDmRH5PvVy563k1mqJSxA=,tag:UshpfATU6emszsi2YNgnOQ==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

5
kubernetes/cluster-0/core/flux-system/webhook/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- github

6
kubernetes/cluster-0/core/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cilium
- flux-system
- rook-ceph

203
kubernetes/cluster-0/core/rook-ceph/cluster/helm-release.yaml Normal file
View File

@@ -0,0 +1,203 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: rook-ceph-cluster
namespace: rook-ceph
spec:
interval: 15m
chart:
spec:
chart: rook-ceph-cluster
version: v1.10.6
sourceRef:
kind: HelmRepository
name: rook-ceph
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
dependsOn:
- name: rook-ceph-operator
namespace: rook-ceph
values:
monitoring:
enabled: true
createPrometheusRules: true
ingress:
dashboard:
ingressClassName: "nginx"
host:
name: "rook.${SECRET_CLUSTER_DOMAIN}"
path: "/"
tls:
- hosts:
- "rook.${SECRET_CLUSTER_DOMAIN}"
configOverride: |
[global]
bdev_enable_discard = true
bdev_async_discard = true
cephClusterSpec:
mgr:
count: 1
dashboard:
enabled: true
urlPrefix: /
ssl: false
storage:
useAllNodes: false
useAllDevices: false
config:
osdsPerDevice: "1"
nodes:
- name: "talos-node-2"
devices:
- name: "nvme0n1"
- name: "talos-node-3"
devices:
- name: "nvme0n1"
- name: "talos-node-4"
devices:
- name: "nvme0n1"
resources:
mgr:
requests:
cpu: "125m"
memory: "512Mi"
limits:
memory: "1Gi"
mon:
requests:
cpu: "50m"
memory: "512Mi"
limits:
memory: "1Gi"
osd:
requests:
cpu: "300m"
memory: "512Mi"
limits:
memory: "6Gi"
mgr-sidecar:
requests:
cpu: "50m"
memory: "100Mi"
limits:
memory: "200Mi"
crashcollector:
requests:
cpu: "15m"
memory: "64Mi"
limits:
memory: "128Mi"
logcollector:
requests:
cpu: "100m"
memory: "100Mi"
limits:
memory: "1Gi"
prepareosd:
requests:
cpu: "250m"
memory: "50Mi"
limits:
memory: "2Gi"
cleanup:
requests:
cpu: "250m"
memory: "100Mi"
limits:
memory: "1Gi"
cephBlockPoolsVolumeSnapshotClass:
enabled: false
cephBlockPools:
- name: replicapool
spec:
failureDomain: host
replicated:
size: 3
storageClass:
enabled: true
name: rook-ceph-block
isDefault: true
reclaimPolicy: Delete
allowVolumeExpansion: true
parameters:
imageFormat: "2"
imageFeatures: layering
csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node
csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
csi.storage.k8s.io/fstype: ext4
cephFileSystems:
- name: rook-ceph-filesystem
spec:
metadataPool:
replicated:
size: 3
dataPools:
- failureDomain: host
replicated:
size: 3
metadataServer:
activeCount: 1
activeStandby: true
resources:
requests:
cpu: "35m"
memory: "64M"
limits:
memory: "600M"
storageClass:
enabled: true
isDefault: false
name: rook-ceph-filesystem
reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions: []
parameters:
csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
csi.storage.k8s.io/fstype: ext4
cephObjectStores:
- name: rook-ceph-objectstore
spec:
metadataPool:
failureDomain: host
replicated:
size: 3
dataPool:
failureDomain: host
erasureCoded:
dataChunks: 2
codingChunks: 1
preservePoolsOnDelete: true
gateway:
port: 80
resources:
requests:
cpu: 100m
memory: 128M
limits:
memory: 2Gi
instances: 1
healthCheck:
bucket:
interval: 60s
storageClass:
enabled: true
name: rook-ceph-bucket
reclaimPolicy: Delete
parameters:
region: us-east-1

4
kubernetes/cluster-0/core/rook-ceph/cluster/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml

7
kubernetes/cluster-0/core/rook-ceph/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- operator
- cluster
- rook-toolbox

5
kubernetes/cluster-0/core/rook-ceph/namespace.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: rook-ceph

29
kubernetes/cluster-0/core/rook-ceph/operator/helm-release.yaml Normal file
View File

@@ -0,0 +1,29 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: rook-ceph-operator
namespace: rook-ceph
spec:
interval: 15m
chart:
spec:
chart: rook-ceph
version: v1.10.6
sourceRef:
kind: HelmRepository
name: rook-ceph
namespace: flux-system
values:
crds:
enabled: true
pspEnable: false
monitoring:
enabled: true
resources:
requests:
cpu: 10m
memory: 128Mi
limits:
cpu: 300m
memory: 256Mi

4
kubernetes/cluster-0/core/rook-ceph/operator/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml

73
kubernetes/cluster-0/core/rook-ceph/rook-toolbox/deployment.yaml Normal file
View File

@@ -0,0 +1,73 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app rook-toolbox
namespace: rook-ceph
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 1.0.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
values:
global:
nameOverride: *app
image:
repository: rook/ceph
tag: v1.10.6
command: ["/usr/local/bin/toolbox.sh"]
env:
ROOK_CEPH_USERNAME:
valueFrom:
secretKeyRef:
name: rook-ceph-mon
key: ceph-username
ROOK_CEPH_SECRET:
valueFrom:
secretKeyRef:
name: rook-ceph-mon
key: ceph-secret
hostNetwork: true
podSecurityContext:
runAsUser: 0
runAsGroup: 0
securityContext:
privileged: true
persistence:
dev:
enabled: true
type: hostPath
hostPath: /dev
mountPath: /dev
libmodules:
enabled: true
type: hostPath
hostPath: /lib/modules
mountPath: /lib/modules
mon-endpoint-volume:
enabled: true
type: configMap
name: rook-ceph-mon-endpoints
subPath: data
mountPath: /etc/rook/mon-endpoints
readOnly: true
sysbus:
enabled: true
type: hostPath
hostPath: /sys/bus
mountPath: /sys/bus
service:
main:
enabled: false

4
kubernetes/cluster-0/core/rook-ceph/rook-toolbox/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml