Compare commits
40 Commits
52346483e4
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
bcf65b09f7
|
|||
|
17f16a067d
|
|||
|
aa6a14979d
|
|||
|
8b644bb4fc
|
|||
|
d53ae8082c | ||
|
|
d2e4b3dc6e | ||
|
e0743f2a68
|
|||
|
82d8eb59dc
|
|||
|
e6ebdfde7b
|
|||
|
16042a068d
|
|||
|
e150c253cc
|
|||
|
709a880973
|
|||
|
e93a85e4c6
|
|||
|
ce67724c52
|
|||
|
a246e3c4e9
|
|||
|
7b8f81b9f0
|
|||
|
6a7a733518
|
|||
|
39278c0d2d
|
|||
|
033d78746c
|
|||
|
40738f47c7
|
|||
|
f903ad4b70
|
|||
|
6cee062b6a
|
|||
|
77188e577d
|
|||
|
0037c7b06a
|
|||
|
452b589d26
|
|||
|
e980ab1860
|
|||
|
456eecace2
|
|||
|
e12c431362
|
|||
|
416f09fccf
|
|||
|
41912f685b
|
|||
|
03e8312568
|
|||
|
109ff161b6
|
|||
|
9f54cfcdfd
|
|||
|
7b715677c7
|
|||
|
213e9c0a25
|
|||
|
70bb994037
|
|||
|
7b61f80d34
|
|||
|
e45c1c547d
|
|||
|
c674d236c5
|
|||
|
e6614f80c9
|
@@ -1,5 +0,0 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- https://git.kill0.net/ryanc/kipunji/raw/branch/main/kustomize/kustomization.yaml
|
||||
@@ -13,6 +13,65 @@ metadata:
|
||||
pod-security.kubernetes.io/warn-version: latest
|
||||
name: flux-system
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: flux-system
|
||||
app.kubernetes.io/part-of: flux
|
||||
app.kubernetes.io/version: v2.4.0
|
||||
name: allow-egress
|
||||
namespace: flux-system
|
||||
spec:
|
||||
egress:
|
||||
- {}
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector: {}
|
||||
podSelector: {}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
- Egress
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: flux-system
|
||||
app.kubernetes.io/part-of: flux
|
||||
app.kubernetes.io/version: v2.4.0
|
||||
name: allow-scraping
|
||||
namespace: flux-system
|
||||
spec:
|
||||
ingress:
|
||||
- from:
|
||||
- namespaceSelector: {}
|
||||
ports:
|
||||
- port: 8080
|
||||
protocol: TCP
|
||||
podSelector: {}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: flux-system
|
||||
app.kubernetes.io/part-of: flux
|
||||
app.kubernetes.io/version: v2.4.0
|
||||
name: allow-webhooks
|
||||
namespace: flux-system
|
||||
spec:
|
||||
ingress:
|
||||
- from:
|
||||
- namespaceSelector: {}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: notification-controller
|
||||
policyTypes:
|
||||
- Ingress
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ResourceQuota
|
||||
metadata:
|
||||
@@ -20,7 +20,7 @@ metadata:
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 10m0s
|
||||
path: ./clusters/my-cluster
|
||||
path: ./clusters/k3s-cluster
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
@@ -17,7 +17,7 @@ patches:
|
||||
- name: manager
|
||||
env:
|
||||
- name: "HTTPS_PROXY"
|
||||
value: "http://proxy-lb.lab.kill0.net:3128"
|
||||
value: "http://proxy-lb.lab.kill0.net.:3128"
|
||||
- name: "NO_PROXY"
|
||||
value: ".cluster.local.,.cluster.local,.svc,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
|
||||
target:
|
||||
@@ -17,9 +17,9 @@ patches:
|
||||
- name: manager
|
||||
env:
|
||||
- name: "https_proxy"
|
||||
value: "http://proxy-lb.lab.kill0.net:3128"
|
||||
value: "http://proxy-lb.lab.kill0.net.:3128"
|
||||
- name: "no_proxy"
|
||||
value: ".svc, 10.0.0.0/8, 127.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, k8s-ctrl-lb.lab.kill0.net, localhost, registry.lab.kill0.net"
|
||||
value: ".cluster.local., .cluster.local, .svc, 10.0.0.0/8, 127.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, k8s-ctrl-lb.lab.kill0.net, localhost, registry.lab.kill0.net"
|
||||
target:
|
||||
kind: Deployment
|
||||
labelSelector: app.kubernetes.io/part-of=flux
|
||||
|
||||
@@ -4,4 +4,4 @@ metadata:
|
||||
name: kubevip
|
||||
namespace: kube-system
|
||||
data:
|
||||
cidr-global: 10.100.101.10-10.100.101.254
|
||||
cidr-global: 10.99.99.10-10.99.99.254
|
||||
|
||||
@@ -23,7 +23,7 @@ spec:
|
||||
- manager
|
||||
env:
|
||||
- name: vip_arp
|
||||
value: "true"
|
||||
value: "false"
|
||||
- name: port
|
||||
value: "6443"
|
||||
- name: vip_nodename
|
||||
@@ -31,24 +31,29 @@ spec:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: vip_interface
|
||||
value: eth0
|
||||
value: lo
|
||||
- name: bgp_routerinterface
|
||||
value: "eth0"
|
||||
- name: dns_mode
|
||||
value: first
|
||||
- name: svc_enable
|
||||
value: "true"
|
||||
- name: svc_leasename
|
||||
value: plndr-svcs-lock
|
||||
- name: vip_leaderelection
|
||||
- name: bgp_enable
|
||||
value: "true"
|
||||
- name: vip_leasename
|
||||
value: plndr-cp-lock
|
||||
- name: vip_leaseduration
|
||||
value: "5"
|
||||
- name: vip_renewdeadline
|
||||
value: "3"
|
||||
- name: vip_retryperiod
|
||||
value: "1"
|
||||
- name: bgp_routerid
|
||||
- name: bgp_as
|
||||
value: "4206942069"
|
||||
- name: bgp_peeraddress
|
||||
- name: bgp_peerpass
|
||||
- name: bgp_peeras
|
||||
value: "65000"
|
||||
- name: bgp_peers
|
||||
value: 10.100.100.1:4206942069::false
|
||||
- name: vip_address
|
||||
- name: vip_cidr
|
||||
value: "32"
|
||||
- name: prometheus_server
|
||||
value: :2112
|
||||
image: ghcr.io/kube-vip/kube-vip:v0.8.9
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: goldpinger
|
||||
namespace: spegel
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- repository.yaml
|
||||
@@ -2,4 +2,4 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: argocd
|
||||
name: spegel
|
||||
16
clusters/k8s-cluster/spegel/release.yaml
Normal file
16
clusters/k8s-cluster/spegel/release.yaml
Normal file
@@ -0,0 +1,16 @@
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: spegel
|
||||
namespace: spegel
|
||||
spec:
|
||||
interval: 1m
|
||||
chart:
|
||||
spec:
|
||||
chart: spegel
|
||||
version: v0.0.30
|
||||
interval: 5m
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: spegel
|
||||
10
clusters/k8s-cluster/spegel/repository.yaml
Normal file
10
clusters/k8s-cluster/spegel/repository.yaml
Normal file
@@ -0,0 +1,10 @@
|
||||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: spegel
|
||||
namespace: spegel
|
||||
spec:
|
||||
type: "oci"
|
||||
interval: 5m0s
|
||||
url: oci://ghcr.io/spegel-org/helm-charts
|
||||
@@ -1,7 +0,0 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: argo-rollouts
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- https://github.com/argoproj/argo-rollouts/releases/download/v1.7.2/install.yaml
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: argo-rollouts
|
||||
@@ -1,18 +0,0 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: argocd
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.3/manifests/install.yaml
|
||||
patches:
|
||||
- patch: |
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: argocd-server
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
target:
|
||||
kind: Service
|
||||
labelSelector: app.kubernetes.io/name=argocd-server
|
||||
@@ -1,21 +0,0 @@
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: goldpinger
|
||||
namespace: goldpinger
|
||||
spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: goldpinger
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: goldpinger
|
||||
interval: 50m
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
||||
values:
|
||||
goldpinger:
|
||||
isArgoRollouts: true
|
||||
reloadStrategy: annotations
|
||||
@@ -1,9 +0,0 @@
|
||||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: goldpinger
|
||||
namespace: goldpinger
|
||||
spec:
|
||||
interval: 5m
|
||||
url: https://bloomberg.github.io/goldpinger
|
||||
@@ -2,4 +2,4 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: goldpinger
|
||||
name: envoy-gateway-system
|
||||
12
infrastructure/controllers/envoy-gateway/release.yaml
Normal file
12
infrastructure/controllers/envoy-gateway/release.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: eg
|
||||
namespace: envoy-gateway-system
|
||||
spec:
|
||||
interval: 10m
|
||||
releaseName: eg
|
||||
chartRef:
|
||||
kind: OCIRepository
|
||||
name: envoy-gateway
|
||||
11
infrastructure/controllers/envoy-gateway/repository.yaml
Normal file
11
infrastructure/controllers/envoy-gateway/repository.yaml
Normal file
@@ -0,0 +1,11 @@
|
||||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||
kind: OCIRepository
|
||||
metadata:
|
||||
name: envoy-gateway
|
||||
namespace: envoy-gateway-system
|
||||
spec:
|
||||
interval: 10m
|
||||
url: oci://docker.io/envoyproxy/gateway-helm
|
||||
ref:
|
||||
semver: ">=1.3.2"
|
||||
@@ -5,6 +5,5 @@ metadata:
|
||||
namespace: flagger-system
|
||||
spec:
|
||||
interval: 1h
|
||||
url: oci://registry.lab.kill0.net:5004/fluxcd/charts
|
||||
url: oci://ghcr.io/fluxcd/charts
|
||||
type: oci
|
||||
insecure: true
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml
|
||||
@@ -1,7 +0,0 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: kube-system
|
||||
resources:
|
||||
- repository.yaml
|
||||
- release.yaml
|
||||
@@ -1,20 +0,0 @@
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: kubelet-csr-approver
|
||||
namespace: kube-system
|
||||
spec:
|
||||
releaseName: kubelet-csr-approver
|
||||
chart:
|
||||
spec:
|
||||
chart: kubelet-csr-approver
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: kubelet-csr-approver
|
||||
values:
|
||||
providerRegex: ^(?:(?:kube|k[038]s))\d+$
|
||||
providerIpPrefixes: 10.100.100.0/24
|
||||
maxExpirationSeconds: 86400
|
||||
bypassDnsResolution: false
|
||||
interval: 1m
|
||||
@@ -1,9 +0,0 @@
|
||||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: kubelet-csr-approver
|
||||
namespace: kube-system
|
||||
spec:
|
||||
interval: 5m
|
||||
url: https://postfinance.github.io/kubelet-csr-approver
|
||||
@@ -2,4 +2,4 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.28.0/controller.yaml
|
||||
- https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.29.0/controller.yaml
|
||||
|
||||
@@ -17,9 +17,6 @@ spec:
|
||||
remediation:
|
||||
retries: 3
|
||||
values:
|
||||
providers.kubernetesIngress.publishedService.enabled: true
|
||||
additionalArguments:
|
||||
- --providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik
|
||||
service:
|
||||
spec:
|
||||
externalTrafficPolicy: Local
|
||||
ingressClass:
|
||||
enabled: true
|
||||
isDefaultClass: false
|
||||
|
||||
Reference in New Issue
Block a user