Compare commits
78 Commits
6330564cb8
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
aa6a14979d
|
|||
|
8b644bb4fc
|
|||
| d53ae8082c | |||
| d2e4b3dc6e | |||
|
e0743f2a68
|
|||
|
82d8eb59dc
|
|||
|
e6ebdfde7b
|
|||
|
16042a068d
|
|||
|
e150c253cc
|
|||
|
709a880973
|
|||
|
e93a85e4c6
|
|||
|
ce67724c52
|
|||
|
a246e3c4e9
|
|||
|
7b8f81b9f0
|
|||
|
6a7a733518
|
|||
|
39278c0d2d
|
|||
|
033d78746c
|
|||
|
40738f47c7
|
|||
|
f903ad4b70
|
|||
|
6cee062b6a
|
|||
|
77188e577d
|
|||
|
0037c7b06a
|
|||
|
452b589d26
|
|||
|
e980ab1860
|
|||
|
456eecace2
|
|||
|
e12c431362
|
|||
|
416f09fccf
|
|||
|
41912f685b
|
|||
|
03e8312568
|
|||
|
109ff161b6
|
|||
|
9f54cfcdfd
|
|||
|
7b715677c7
|
|||
|
213e9c0a25
|
|||
|
70bb994037
|
|||
|
7b61f80d34
|
|||
|
e45c1c547d
|
|||
|
c674d236c5
|
|||
|
e6614f80c9
|
|||
|
52346483e4
|
|||
|
b34fbd0b6f
|
|||
|
83bd27e4ae
|
|||
|
02f89363a8
|
|||
|
f89b4217d1
|
|||
|
723337f8ec
|
|||
|
6f47d93949
|
|||
|
ee096b3d72
|
|||
|
df33b81c44
|
|||
|
50daefd307
|
|||
|
7c275de45a
|
|||
|
4edc3041d8
|
|||
|
6cdfd62401
|
|||
|
4d9117cf26
|
|||
|
4590d0fda5
|
|||
|
14a4b668d5
|
|||
|
31e718b01e
|
|||
|
e9cacb2ae2
|
|||
|
1d0565551e
|
|||
|
1087586e9c
|
|||
|
1ac690fd02
|
|||
|
a2ca2c3fe8
|
|||
|
50078194a1
|
|||
|
0adf29aea3
|
|||
|
5978a46a6c
|
|||
|
9b97276263
|
|||
|
547980a1d3
|
|||
|
df4dbb06ec
|
|||
|
9c4afac9f2
|
|||
|
01ea9b8fde
|
|||
|
1ce673153d
|
|||
| c7e2c28d6d | |||
| 0870040f30 | |||
|
42b94eeb37
|
|||
|
445ea6f19e
|
|||
|
e5c705057f
|
|||
|
44550bc413
|
|||
|
c1505d9986
|
|||
|
82679a2516
|
|||
|
dc7c29be11
|
2
allowed_signers
Normal file
2
allowed_signers
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
ryan@cavi.cc namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGznaofIstAxYsX1MH8xQiZU4aOO4SUw9OlRbyFMfQTx ryan@workstation
|
||||||
|
ryan@cavi.cc namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICndorpp/6aKlLq2K1YP81r8zA80VGp1qAUeCZtdVhAw lappy486
|
||||||
19
apps/kubernaut/ingress.yaml
Normal file
19
apps/kubernaut/ingress.yaml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: traefik
|
||||||
|
name: kubernaut-ingress
|
||||||
|
namespace: kubernaut
|
||||||
|
spec:
|
||||||
|
rules:
|
||||||
|
- http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: kubernaut
|
||||||
|
port:
|
||||||
|
name: web
|
||||||
8
apps/kubernaut/kustomization.yaml
Normal file
8
apps/kubernaut/kustomization.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: kubernaut
|
||||||
|
resources:
|
||||||
|
- secrets.yaml
|
||||||
|
- https://git.kill0.net/ryanc/kubernaut/kustomize?ref=v0.2.2
|
||||||
|
- ingress.yaml
|
||||||
16
apps/kubernaut/secrets.yaml
Normal file
16
apps/kubernaut/secrets.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: kubernaut
|
||||||
|
namespace: kubernaut
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
jwt_secret: AgBcARUqnBw3V5At/AbhfVoC1E+jgVXOkWHiWXFw+6ZoIljVOP3s2IJ1ORq5Lcynr1trwlre8cQrMCwTr8q05e2jH1MjVkZ33elzB1wpAjrZlrOwSgKURC8OfWOeIUQenq5pg8RLuOWFmvG/VLutus+lYBZ01kJICP0N0iZkIwZHRuJ527fXK9vhSA598Mn9Fki9W6dw0cA0PCUIDmyrIlBtKBnYrO/T899wbQakNoL3SXIgJ5gPug2gJG6O5YhJu5f2SBP0+paKcbRiGDIRVS17S8O49W/cNvYGGhovKWxozexYO/okDDeRToGCpeHcT0thZfpe6PvOVWM+tcW/ZPd8dhJF57wDliBPa3iC+kAzj3t2wLqNC5sEy2P3ZPEnRz3cHsyD51dbfpXZzXczNLai2shrsd872vCISkBGPF3b1r0aVbYcL1wyJRt1OI0CQq1cPomXrjyWZFK+oNyXXIdfdXz9zbLmmOCS7vL7cZu5sRbl33ClUWFPoTdjKe0whZ6oeUMXgI/AmVpLdqVUVs55MYt7qhTa6Eraws5gFBu2JKSn0W/fHOdhvzeU/SrWwpQR/iQmt/lRJS34Z8a22GrG3BqETwt6FWeLdNNpoHuoXtIQnO89y81cxVKUYKIhayLU0NNwegkENZ4WMm2aULqmtNo3F0tQkEfWB23cSOYQIVFVXf0F0WN5E6yPO4qiD926tJJbeMrzj9toEjGEl+FFLAwyfiuvC4TMregz8y2YUSmhkZ9WS0i8BTkCNq5jnZECg3DVBi5uP7exTXPYoc/q8TwvCw7owAK9c6g97fot5JST3mj+BPZyzCkALnyC8Ap4PHNpvWGG+MlGUzLzsieXb/FcamKepC8pR9AX5A+Pfrg=
|
||||||
|
session_secret: AgB3+WGGt7x9Rn3ZcyP9z7xr1572aR1dLROI3815kj/98kJpvhIAjisWSfVQaaJRnLWaLBeWQgwIVQSFN7zcm7n4pYxVO4BqCwb/k3ZYJsUI5maR/meNnOvXrpp1+yKxmJXSHlh7/2WzzKUK9OwDT4qmoT2oJnjrKJNRoXvIbR42NTiO8CDtzHiJ6MNEY6oH+dra4GamJ/KjNXC7NUdSZSeq1HpOBudrsrYoCZ6MZxZfMsDG7ROHvIakcSN1ibfQwOjjucDJdZWm/L41cxgW3glvTql6cJtqa9yZpije2Wja1HUHGalnwaWyXFp/5jVpPgFGYZ4SHtyQOy5Hy275Gmee8qSQjvW8iLSor4/pXiEBArWRX0iPDqVudO9onMaYtQz+hz/MEXkhMvopfokrAyrSvUogrTq/1XfRABe1nAMXVrYo74w/27RiiBDEcoRzEra1f5UxrXHJ1B1LZ+iqTSRLrBw1iqPpOG7HDSSv80+m5OKai+ppptY3OcERF9HUA/BWeRHo7h2SbMfPRqVXXihtbgArCZoU570FryGfcHjwEffQIvKYKq/KjTcpRP0dTO/99mfY/Uw7VmdmYiQC4kG/kcxQ8yPgypQNl1YSfLnSBNZH1SRgXQAsY3hETZ74jbCyaPTvpoL/IVzTDo1YrBgTVjUcZoqYW+gwwj5bt9kQZFRL4FMsCNQ7V+wAtT9GmRNkf2cxbNawHknKYx4arGpWP0y6jorebaGzSpWPl8hY1jCipU2MZw2g7f9QVw+10Tik9FlzfkK457fR1pjBNRXlAe5e0MNfNNiuJtKfHZfbj32CNEEK7JZUumqkkUl1J+Lsa8vL3HvANxYgvhohNfJSY9D2G+DD8xbD2jk7P52150Y=
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: kubernaut
|
||||||
|
namespace: kubernaut
|
||||||
17
clusters/k3s-cluster/apps.yaml
Normal file
17
clusters/k3s-cluster/apps.yaml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: apps
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
dependsOn:
|
||||||
|
- name: infra-configs
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
path: ./apps
|
||||||
|
prune: true
|
||||||
|
wait: true
|
||||||
|
timeout: 5m0s
|
||||||
@ -4,7 +4,7 @@ kind: Kustomization
|
|||||||
namespace: argocd
|
namespace: argocd
|
||||||
resources:
|
resources:
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- https://raw.githubusercontent.com/argoproj/argo-cd/v2.12.1/manifests/install.yaml
|
- https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.3/manifests/install.yaml
|
||||||
patches:
|
patches:
|
||||||
- patch: |
|
- patch: |
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
File diff suppressed because it is too large
Load Diff
@ -20,7 +20,7 @@ metadata:
|
|||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
spec:
|
spec:
|
||||||
interval: 10m0s
|
interval: 10m0s
|
||||||
path: ./clusters/my-cluster
|
path: ./clusters/k3s-cluster
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
@ -17,7 +17,7 @@ patches:
|
|||||||
- name: manager
|
- name: manager
|
||||||
env:
|
env:
|
||||||
- name: "HTTPS_PROXY"
|
- name: "HTTPS_PROXY"
|
||||||
value: "http://proxy-lb.lab.kill0.net:3128"
|
value: "http://proxy-lb.lab.kill0.net.:3128"
|
||||||
- name: "NO_PROXY"
|
- name: "NO_PROXY"
|
||||||
value: ".cluster.local.,.cluster.local,.svc,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
|
value: ".cluster.local.,.cluster.local,.svc,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
|
||||||
target:
|
target:
|
||||||
60
clusters/k3s-cluster/infrastructure.yaml
Normal file
60
clusters/k3s-cluster/infrastructure.yaml
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: infra-loadbalancer
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 1h
|
||||||
|
retryInterval: 1m
|
||||||
|
timeout: 5m
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
path: ./infrastructure/loadbalancer
|
||||||
|
prune: true
|
||||||
|
wait: true
|
||||||
|
patches:
|
||||||
|
- patch: |
|
||||||
|
- op: replace
|
||||||
|
path: /spec/addresses
|
||||||
|
value:
|
||||||
|
- 10.100.101.16/28
|
||||||
|
target:
|
||||||
|
kind: IPAddressPool
|
||||||
|
name: first-pool
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: infra-controllers
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
dependsOn:
|
||||||
|
- name: infra-loadbalancer
|
||||||
|
interval: 1h
|
||||||
|
retryInterval: 1m
|
||||||
|
timeout: 5m
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
path: ./infrastructure/controllers
|
||||||
|
prune: true
|
||||||
|
wait: true
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: infra-configs
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
dependsOn:
|
||||||
|
- name: infra-controllers
|
||||||
|
interval: 1h
|
||||||
|
retryInterval: 1m
|
||||||
|
timeout: 5m
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
path: ./infrastructure/configs
|
||||||
|
prune: true
|
||||||
17
clusters/k8s-cluster/apps.yaml
Normal file
17
clusters/k8s-cluster/apps.yaml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: apps
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
dependsOn:
|
||||||
|
- name: infra-configs
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
path: ./apps
|
||||||
|
prune: true
|
||||||
|
wait: true
|
||||||
|
timeout: 5m0s
|
||||||
12507
clusters/k8s-cluster/flux-system/gotk-components.yaml
Normal file
12507
clusters/k8s-cluster/flux-system/gotk-components.yaml
Normal file
File diff suppressed because it is too large
Load Diff
27
clusters/k8s-cluster/flux-system/gotk-sync.yaml
Normal file
27
clusters/k8s-cluster/flux-system/gotk-sync.yaml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
# This manifest was generated by flux. DO NOT EDIT.
|
||||||
|
---
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
|
kind: GitRepository
|
||||||
|
metadata:
|
||||||
|
name: flux-system
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 1m0s
|
||||||
|
ref:
|
||||||
|
branch: main
|
||||||
|
secretRef:
|
||||||
|
name: flux-system
|
||||||
|
url: https://git.kill0.net/ryanc/fleet-infra.git
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: flux-system
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 10m0s
|
||||||
|
path: ./clusters/k8s-cluster
|
||||||
|
prune: true
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
25
clusters/k8s-cluster/flux-system/kustomization.yaml
Normal file
25
clusters/k8s-cluster/flux-system/kustomization.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- gotk-components.yaml
|
||||||
|
- gotk-sync.yaml
|
||||||
|
patches:
|
||||||
|
- patch: |
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: all
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: manager
|
||||||
|
env:
|
||||||
|
- name: "https_proxy"
|
||||||
|
value: "http://proxy-lb.lab.kill0.net.:3128"
|
||||||
|
- name: "no_proxy"
|
||||||
|
value: ".cluster.local., .cluster.local, .svc, 10.0.0.0/8, 127.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, k8s-ctrl-lb.lab.kill0.net, localhost, registry.lab.kill0.net"
|
||||||
|
target:
|
||||||
|
kind: Deployment
|
||||||
|
labelSelector: app.kubernetes.io/part-of=flux
|
||||||
33
clusters/k8s-cluster/infrastructure.yaml
Normal file
33
clusters/k8s-cluster/infrastructure.yaml
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: infra-controllers
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 1h
|
||||||
|
retryInterval: 1m
|
||||||
|
timeout: 5m
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
path: ./infrastructure/controllers
|
||||||
|
prune: true
|
||||||
|
wait: true
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: infra-configs
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
dependsOn:
|
||||||
|
- name: infra-controllers
|
||||||
|
interval: 1h
|
||||||
|
retryInterval: 1m
|
||||||
|
timeout: 5m
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: flux-system
|
||||||
|
path: ./infrastructure/configs
|
||||||
|
prune: true
|
||||||
@ -0,0 +1,7 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: kubevip
|
||||||
|
namespace: kube-system
|
||||||
|
data:
|
||||||
|
cidr-global: 10.99.99.10-10.99.99.254
|
||||||
@ -0,0 +1,88 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: kube-vip-cloud-controller
|
||||||
|
namespace: kube-system
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
rbac.authorization.kubernetes.io/autoupdate: "true"
|
||||||
|
name: system:kube-vip-cloud-controller-role
|
||||||
|
rules:
|
||||||
|
- apiGroups: ["coordination.k8s.io"]
|
||||||
|
resources: ["leases"]
|
||||||
|
verbs: ["get", "create", "update", "list", "put"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["configmaps", "endpoints","events","services/status", "leases"]
|
||||||
|
verbs: ["*"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes", "services"]
|
||||||
|
verbs: ["list","get","watch","update"]
|
||||||
|
---
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: system:kube-vip-cloud-controller-binding
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: system:kube-vip-cloud-controller-role
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: kube-vip-cloud-controller
|
||||||
|
namespace: kube-system
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: kube-vip-cloud-provider
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
revisionHistoryLimit: 10
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: kube-vip
|
||||||
|
component: kube-vip-cloud-provider
|
||||||
|
strategy:
|
||||||
|
rollingUpdate:
|
||||||
|
maxSurge: 25%
|
||||||
|
maxUnavailable: 25%
|
||||||
|
type: RollingUpdate
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: kube-vip
|
||||||
|
component: kube-vip-cloud-provider
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- command:
|
||||||
|
- /kube-vip-cloud-provider
|
||||||
|
- --leader-elect-resource-name=kube-vip-cloud-controller
|
||||||
|
image: ghcr.io/kube-vip/kube-vip-cloud-provider:v0.0.11
|
||||||
|
name: kube-vip-cloud-provider
|
||||||
|
imagePullPolicy: Always
|
||||||
|
dnsPolicy: ClusterFirst
|
||||||
|
restartPolicy: Always
|
||||||
|
terminationGracePeriodSeconds: 30
|
||||||
|
serviceAccountName: kube-vip-cloud-controller
|
||||||
|
tolerations:
|
||||||
|
- key: node-role.kubernetes.io/master
|
||||||
|
effect: NoSchedule
|
||||||
|
- key: node-role.kubernetes.io/control-plane
|
||||||
|
effect: NoSchedule
|
||||||
|
affinity:
|
||||||
|
nodeAffinity:
|
||||||
|
preferredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
- weight: 10
|
||||||
|
preference:
|
||||||
|
matchExpressions:
|
||||||
|
- key: node-role.kubernetes.io/control-plane
|
||||||
|
operator: Exists
|
||||||
|
- weight: 10
|
||||||
|
preference:
|
||||||
|
matchExpressions:
|
||||||
|
- key: node-role.kubernetes.io/master
|
||||||
|
operator: Exists
|
||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- github.com/kubernetes-sigs/descheduler/kubernetes/deployment?ref=v0.30.1
|
- kube-vip-cloud-controller.yaml
|
||||||
|
- configmap.yaml
|
||||||
71
clusters/k8s-cluster/kube-vip/daemonset.yaml
Normal file
71
clusters/k8s-cluster/kube-vip/daemonset.yaml
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: DaemonSet
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: kube-vip-ds
|
||||||
|
app.kubernetes.io/version: v0.8.9
|
||||||
|
name: kube-vip-ds
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: kube-vip-ds
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: kube-vip-ds
|
||||||
|
app.kubernetes.io/version: v0.8.9
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- args:
|
||||||
|
- manager
|
||||||
|
env:
|
||||||
|
- name: vip_arp
|
||||||
|
value: "false"
|
||||||
|
- name: port
|
||||||
|
value: "6443"
|
||||||
|
- name: vip_nodename
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: spec.nodeName
|
||||||
|
- name: vip_interface
|
||||||
|
value: lo
|
||||||
|
- name: bgp_routerinterface
|
||||||
|
value: "eth0"
|
||||||
|
- name: dns_mode
|
||||||
|
value: first
|
||||||
|
- name: svc_enable
|
||||||
|
value: "true"
|
||||||
|
- name: svc_leasename
|
||||||
|
value: plndr-svcs-lock
|
||||||
|
- name: bgp_enable
|
||||||
|
value: "true"
|
||||||
|
- name: bgp_routerid
|
||||||
|
- name: bgp_as
|
||||||
|
value: "4206942069"
|
||||||
|
- name: bgp_peeraddress
|
||||||
|
- name: bgp_peerpass
|
||||||
|
- name: bgp_peeras
|
||||||
|
value: "65000"
|
||||||
|
- name: bgp_peers
|
||||||
|
value: 10.100.100.1:4206942069::false
|
||||||
|
- name: vip_address
|
||||||
|
- name: vip_cidr
|
||||||
|
value: "32"
|
||||||
|
- name: prometheus_server
|
||||||
|
value: :2112
|
||||||
|
image: ghcr.io/kube-vip/kube-vip:v0.8.9
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
name: kube-vip
|
||||||
|
resources: {}
|
||||||
|
securityContext:
|
||||||
|
capabilities:
|
||||||
|
add:
|
||||||
|
- NET_ADMIN
|
||||||
|
- NET_RAW
|
||||||
|
hostNetwork: true
|
||||||
|
serviceAccountName: kube-vip
|
||||||
|
updateStrategy: {}
|
||||||
|
|
||||||
6
clusters/k8s-cluster/kube-vip/kustomization.yaml
Normal file
6
clusters/k8s-cluster/kube-vip/kustomization.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- rbac.yaml
|
||||||
|
- daemonset.yaml
|
||||||
45
clusters/k8s-cluster/kube-vip/rbac.yaml
Normal file
45
clusters/k8s-cluster/kube-vip/rbac.yaml
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: kube-vip
|
||||||
|
namespace: kube-system
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
rbac.authorization.kubernetes.io/autoupdate: "true"
|
||||||
|
name: system:kube-vip-role
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["services/status"]
|
||||||
|
verbs: ["update"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["services", "endpoints"]
|
||||||
|
verbs: ["list","get","watch", "update"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes"]
|
||||||
|
verbs: ["list","get","watch", "update", "patch"]
|
||||||
|
- apiGroups: ["coordination.k8s.io"]
|
||||||
|
resources: ["leases"]
|
||||||
|
verbs: ["list", "get", "watch", "update", "create"]
|
||||||
|
- apiGroups: ["discovery.k8s.io"]
|
||||||
|
resources: ["endpointslices"]
|
||||||
|
verbs: ["list","get","watch", "update"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["pods"]
|
||||||
|
verbs: ["list"]
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: system:kube-vip-binding
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: system:kube-vip-role
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: kube-vip
|
||||||
|
namespace: kube-system
|
||||||
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
namespace: goldpinger
|
namespace: spegel
|
||||||
resources:
|
resources:
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- repository.yaml
|
- repository.yaml
|
||||||
@ -2,4 +2,4 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Namespace
|
kind: Namespace
|
||||||
metadata:
|
metadata:
|
||||||
name: argo
|
name: spegel
|
||||||
16
clusters/k8s-cluster/spegel/release.yaml
Normal file
16
clusters/k8s-cluster/spegel/release.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: spegel
|
||||||
|
namespace: spegel
|
||||||
|
spec:
|
||||||
|
interval: 1m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: spegel
|
||||||
|
version: v0.0.30
|
||||||
|
interval: 5m
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: spegel
|
||||||
10
clusters/k8s-cluster/spegel/repository.yaml
Normal file
10
clusters/k8s-cluster/spegel/repository.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: spegel
|
||||||
|
namespace: spegel
|
||||||
|
spec:
|
||||||
|
type: "oci"
|
||||||
|
interval: 5m0s
|
||||||
|
url: oci://ghcr.io/spegel-org/helm-charts
|
||||||
@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
namespace: argo
|
|
||||||
resources:
|
|
||||||
- namespace.yaml
|
|
||||||
- https://github.com/argoproj/argo-workflows/releases/download/v3.5.10/install.yaml
|
|
||||||
@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- https://raw.githubusercontent.com/eraser-dev/eraser/v1.4.0/deploy/eraser.yaml
|
|
||||||
@ -1,21 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: goldpinger
|
|
||||||
namespace: goldpinger
|
|
||||||
spec:
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: goldpinger
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: goldpinger
|
|
||||||
interval: 50m
|
|
||||||
install:
|
|
||||||
remediation:
|
|
||||||
retries: 3
|
|
||||||
values:
|
|
||||||
goldpinger:
|
|
||||||
isArgoRollouts: true
|
|
||||||
reloadStrategy: annotations
|
|
||||||
@ -1,9 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1
|
|
||||||
kind: HelmRepository
|
|
||||||
metadata:
|
|
||||||
name: goldpinger
|
|
||||||
namespace: goldpinger
|
|
||||||
spec:
|
|
||||||
interval: 5m
|
|
||||||
url: https://bloomberg.github.io/goldpinger
|
|
||||||
@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- https://github.com/kubereboot/kured/releases/download/1.16.0/kured-1.16.0-dockerhub.yaml
|
|
||||||
@ -1,29 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: longhorn-ingress
|
|
||||||
namespace: longhorn-system
|
|
||||||
annotations:
|
|
||||||
# type of authentication
|
|
||||||
nginx.ingress.kubernetes.io/auth-type: basic
|
|
||||||
# prevent the controller from redirecting (308) to HTTPS
|
|
||||||
nginx.ingress.kubernetes.io/ssl-redirect: 'false'
|
|
||||||
# name of the secret that contains the user/password definitions
|
|
||||||
nginx.ingress.kubernetes.io/auth-secret: basic-auth
|
|
||||||
# message to display with an appropriate context why the authentication is required
|
|
||||||
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required '
|
|
||||||
# custom max body size for file uploading like backing image uploading
|
|
||||||
nginx.ingress.kubernetes.io/proxy-body-size: 10000m
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
- http:
|
|
||||||
paths:
|
|
||||||
- pathType: Prefix
|
|
||||||
path: "/"
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: longhorn-frontend
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
ingressClassName: nginx
|
|
||||||
@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- https://raw.githubusercontent.com/longhorn/longhorn/v1.6.2/deploy/longhorn.yaml
|
|
||||||
- ingress.yaml
|
|
||||||
0
infrastructure/configs/.keep
Normal file
0
infrastructure/configs/.keep
Normal file
@ -2,4 +2,4 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Namespace
|
kind: Namespace
|
||||||
metadata:
|
metadata:
|
||||||
name: goldpinger
|
name: envoy-gateway-system
|
||||||
12
infrastructure/controllers/envoy-gateway/release.yaml
Normal file
12
infrastructure/controllers/envoy-gateway/release.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: eg
|
||||||
|
namespace: envoy-gateway-system
|
||||||
|
spec:
|
||||||
|
interval: 10m
|
||||||
|
releaseName: eg
|
||||||
|
chartRef:
|
||||||
|
kind: OCIRepository
|
||||||
|
name: envoy-gateway
|
||||||
11
infrastructure/controllers/envoy-gateway/repository.yaml
Normal file
11
infrastructure/controllers/envoy-gateway/repository.yaml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||||
|
kind: OCIRepository
|
||||||
|
metadata:
|
||||||
|
name: envoy-gateway
|
||||||
|
namespace: envoy-gateway-system
|
||||||
|
spec:
|
||||||
|
interval: 10m
|
||||||
|
url: oci://docker.io/envoyproxy/gateway-helm
|
||||||
|
ref:
|
||||||
|
semver: ">=1.3.2"
|
||||||
@ -1,7 +1,6 @@
|
|||||||
---
|
---
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
namespace: flagger-system
|
|
||||||
resources:
|
resources:
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- repository.yaml
|
- repository.yaml
|
||||||
@ -1,4 +1,3 @@
|
|||||||
---
|
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
metadata:
|
metadata:
|
||||||
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml
|
||||||
@ -12,4 +12,4 @@ spec:
|
|||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: ingress-nginx
|
name: ingress-nginx
|
||||||
version: 4.11.1
|
version: 4.12.0
|
||||||
201
infrastructure/controllers/metrics-server/components.yaml
Normal file
201
infrastructure/controllers/metrics-server/components.yaml
Normal file
@ -0,0 +1,201 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: metrics-server
|
||||||
|
name: metrics-server
|
||||||
|
namespace: kube-system
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: metrics-server
|
||||||
|
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||||
|
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||||
|
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
||||||
|
name: system:aggregated-metrics-reader
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- metrics.k8s.io
|
||||||
|
resources:
|
||||||
|
- pods
|
||||||
|
- nodes
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: metrics-server
|
||||||
|
name: system:metrics-server
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- nodes/metrics
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- pods
|
||||||
|
- nodes
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: metrics-server
|
||||||
|
name: metrics-server-auth-reader
|
||||||
|
namespace: kube-system
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: extension-apiserver-authentication-reader
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: metrics-server
|
||||||
|
namespace: kube-system
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: metrics-server
|
||||||
|
name: metrics-server:system:auth-delegator
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: system:auth-delegator
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: metrics-server
|
||||||
|
namespace: kube-system
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: metrics-server
|
||||||
|
name: system:metrics-server
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: system:metrics-server
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: metrics-server
|
||||||
|
namespace: kube-system
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: metrics-server
|
||||||
|
name: metrics-server
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: https
|
||||||
|
port: 443
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: https
|
||||||
|
selector:
|
||||||
|
k8s-app: metrics-server
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: metrics-server
|
||||||
|
name: metrics-server
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
k8s-app: metrics-server
|
||||||
|
strategy:
|
||||||
|
rollingUpdate:
|
||||||
|
maxUnavailable: 0
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: metrics-server
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- args:
|
||||||
|
- --cert-dir=/tmp
|
||||||
|
- --secure-port=10250
|
||||||
|
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
|
||||||
|
- --kubelet-use-node-status-port
|
||||||
|
- --metric-resolution=15s
|
||||||
|
image: registry.k8s.io/metrics-server/metrics-server:v0.7.2
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
livenessProbe:
|
||||||
|
failureThreshold: 3
|
||||||
|
httpGet:
|
||||||
|
path: /livez
|
||||||
|
port: https
|
||||||
|
scheme: HTTPS
|
||||||
|
periodSeconds: 10
|
||||||
|
name: metrics-server
|
||||||
|
ports:
|
||||||
|
- containerPort: 10250
|
||||||
|
name: https
|
||||||
|
protocol: TCP
|
||||||
|
readinessProbe:
|
||||||
|
failureThreshold: 3
|
||||||
|
httpGet:
|
||||||
|
path: /readyz
|
||||||
|
port: https
|
||||||
|
scheme: HTTPS
|
||||||
|
initialDelaySeconds: 20
|
||||||
|
periodSeconds: 10
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 200Mi
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /tmp
|
||||||
|
name: tmp-dir
|
||||||
|
nodeSelector:
|
||||||
|
kubernetes.io/os: linux
|
||||||
|
priorityClassName: system-cluster-critical
|
||||||
|
serviceAccountName: metrics-server
|
||||||
|
volumes:
|
||||||
|
- emptyDir: {}
|
||||||
|
name: tmp-dir
|
||||||
|
---
|
||||||
|
apiVersion: apiregistration.k8s.io/v1
|
||||||
|
kind: APIService
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: metrics-server
|
||||||
|
name: v1beta1.metrics.k8s.io
|
||||||
|
spec:
|
||||||
|
group: metrics.k8s.io
|
||||||
|
groupPriorityMinimum: 100
|
||||||
|
insecureSkipTLSVerify: true
|
||||||
|
service:
|
||||||
|
name: metrics-server
|
||||||
|
namespace: kube-system
|
||||||
|
version: v1beta1
|
||||||
|
versionPriority: 100
|
||||||
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- components.yaml
|
||||||
@ -2,4 +2,4 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.27.1/controller.yaml
|
- https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.29.0/controller.yaml
|
||||||
@ -17,9 +17,6 @@ spec:
|
|||||||
remediation:
|
remediation:
|
||||||
retries: 3
|
retries: 3
|
||||||
values:
|
values:
|
||||||
providers.kubernetesIngress.publishedService.enabled: true
|
ingressClass:
|
||||||
additionalArguments:
|
enabled: true
|
||||||
- --providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik
|
isDefaultClass: false
|
||||||
service:
|
|
||||||
spec:
|
|
||||||
externalTrafficPolicy: Local
|
|
||||||
@ -11,7 +11,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.14.0
|
controller-gen.kubebuilder.io/version: v0.16.3
|
||||||
name: bfdprofiles.metallb.io
|
name: bfdprofiles.metallb.io
|
||||||
spec:
|
spec:
|
||||||
group: metallb.io
|
group: metallb.io
|
||||||
@ -132,7 +132,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.14.0
|
controller-gen.kubebuilder.io/version: v0.16.3
|
||||||
name: bgpadvertisements.metallb.io
|
name: bgpadvertisements.metallb.io
|
||||||
spec:
|
spec:
|
||||||
group: metallb.io
|
group: metallb.io
|
||||||
@ -349,7 +349,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.14.0
|
controller-gen.kubebuilder.io/version: v0.16.3
|
||||||
name: bgppeers.metallb.io
|
name: bgppeers.metallb.io
|
||||||
spec:
|
spec:
|
||||||
conversion:
|
conversion:
|
||||||
@ -385,6 +385,8 @@ spec:
|
|||||||
- jsonPath: .spec.ebgpMultiHop
|
- jsonPath: .spec.ebgpMultiHop
|
||||||
name: Multi Hops
|
name: Multi Hops
|
||||||
type: string
|
type: string
|
||||||
|
deprecated: true
|
||||||
|
deprecationWarning: v1beta1 is deprecated, please use v1beta2
|
||||||
name: v1beta1
|
name: v1beta1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
@ -552,16 +554,27 @@ spec:
|
|||||||
description: To set if we want to disable MP BGP that will separate
|
description: To set if we want to disable MP BGP that will separate
|
||||||
IPv4 and IPv6 route exchanges into distinct BGP sessions.
|
IPv4 and IPv6 route exchanges into distinct BGP sessions.
|
||||||
type: boolean
|
type: boolean
|
||||||
|
dynamicASN:
|
||||||
|
description: |-
|
||||||
|
DynamicASN detects the AS number to use for the remote end of the session
|
||||||
|
without explicitly setting it via the ASN field. Limited to:
|
||||||
|
internal - if the neighbor's ASN is different than MyASN connection is denied.
|
||||||
|
external - if the neighbor's ASN is the same as MyASN the connection is denied.
|
||||||
|
ASN and DynamicASN are mutually exclusive and one of them must be specified.
|
||||||
|
enum:
|
||||||
|
- internal
|
||||||
|
- external
|
||||||
|
type: string
|
||||||
ebgpMultiHop:
|
ebgpMultiHop:
|
||||||
description: To set if the BGPPeer is multi-hops away. Needed for
|
description: To set if the BGPPeer is multi-hops away. Needed for
|
||||||
FRR mode only.
|
FRR mode only.
|
||||||
type: boolean
|
type: boolean
|
||||||
enableGracefulRestart:
|
enableGracefulRestart:
|
||||||
description: |-
|
description: |-
|
||||||
EnableGracefulRestart allows BGP peer to continue to forward data packets along
|
EnableGracefulRestart allows BGP peer to continue to forward data packets
|
||||||
known routes while the routing protocol information is being restored.
|
along known routes while the routing protocol information is being
|
||||||
This field is immutable because it requires restart of the BGP session
|
restored. This field is immutable because it requires restart of the BGP
|
||||||
Supported for FRR mode only.
|
session. Supported for FRR mode only.
|
||||||
type: boolean
|
type: boolean
|
||||||
x-kubernetes-validations:
|
x-kubernetes-validations:
|
||||||
- message: EnableGracefulRestart cannot be changed after creation
|
- message: EnableGracefulRestart cannot be changed after creation
|
||||||
@ -654,7 +667,9 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
peerASN:
|
peerASN:
|
||||||
description: AS number to expect from the remote end of the session.
|
description: |-
|
||||||
|
AS number to expect from the remote end of the session.
|
||||||
|
ASN and DynamicASN are mutually exclusive and one of them must be specified.
|
||||||
format: int32
|
format: int32
|
||||||
maximum: 4294967295
|
maximum: 4294967295
|
||||||
minimum: 0
|
minimum: 0
|
||||||
@ -681,7 +696,6 @@ spec:
|
|||||||
type: string
|
type: string
|
||||||
required:
|
required:
|
||||||
- myASN
|
- myASN
|
||||||
- peerASN
|
|
||||||
- peerAddress
|
- peerAddress
|
||||||
type: object
|
type: object
|
||||||
status:
|
status:
|
||||||
@ -697,7 +711,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.14.0
|
controller-gen.kubebuilder.io/version: v0.16.3
|
||||||
name: communities.metallb.io
|
name: communities.metallb.io
|
||||||
spec:
|
spec:
|
||||||
group: metallb.io
|
group: metallb.io
|
||||||
@ -762,7 +776,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.14.0
|
controller-gen.kubebuilder.io/version: v0.16.3
|
||||||
name: ipaddresspools.metallb.io
|
name: ipaddresspools.metallb.io
|
||||||
spec:
|
spec:
|
||||||
group: metallb.io
|
group: metallb.io
|
||||||
@ -978,7 +992,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.14.0
|
controller-gen.kubebuilder.io/version: v0.16.3
|
||||||
name: l2advertisements.metallb.io
|
name: l2advertisements.metallb.io
|
||||||
spec:
|
spec:
|
||||||
group: metallb.io
|
group: metallb.io
|
||||||
@ -1165,7 +1179,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
controller-gen.kubebuilder.io/version: v0.14.0
|
controller-gen.kubebuilder.io/version: v0.16.3
|
||||||
name: servicel2statuses.metallb.io
|
name: servicel2statuses.metallb.io
|
||||||
spec:
|
spec:
|
||||||
group: metallb.io
|
group: metallb.io
|
||||||
@ -1480,7 +1494,6 @@ rules:
|
|||||||
- metallb-webhook-configuration
|
- metallb-webhook-configuration
|
||||||
resources:
|
resources:
|
||||||
- validatingwebhookconfigurations
|
- validatingwebhookconfigurations
|
||||||
- mutatingwebhookconfigurations
|
|
||||||
verbs:
|
verbs:
|
||||||
- create
|
- create
|
||||||
- delete
|
- delete
|
||||||
@ -1493,7 +1506,6 @@ rules:
|
|||||||
- admissionregistration.k8s.io
|
- admissionregistration.k8s.io
|
||||||
resources:
|
resources:
|
||||||
- validatingwebhookconfigurations
|
- validatingwebhookconfigurations
|
||||||
- mutatingwebhookconfigurations
|
|
||||||
verbs:
|
verbs:
|
||||||
- list
|
- list
|
||||||
- watch
|
- watch
|
||||||
@ -1695,7 +1707,7 @@ spec:
|
|||||||
value: memberlist
|
value: memberlist
|
||||||
- name: METALLB_DEPLOYMENT
|
- name: METALLB_DEPLOYMENT
|
||||||
value: controller
|
value: controller
|
||||||
image: quay.io/metallb/controller:v0.14.8
|
image: quay.io/metallb/controller:v0.14.9
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
failureThreshold: 3
|
failureThreshold: 3
|
||||||
httpGet:
|
httpGet:
|
||||||
@ -1792,7 +1804,7 @@ spec:
|
|||||||
value: app=metallb,component=speaker
|
value: app=metallb,component=speaker
|
||||||
- name: METALLB_ML_SECRET_KEY_PATH
|
- name: METALLB_ML_SECRET_KEY_PATH
|
||||||
value: /etc/ml_secret_key
|
value: /etc/ml_secret_key
|
||||||
image: quay.io/metallb/speaker:v0.14.8
|
image: quay.io/metallb/speaker:v0.14.9
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
failureThreshold: 3
|
failureThreshold: 3
|
||||||
httpGet:
|
httpGet:
|
||||||
Reference in New Issue
Block a user