mirror of
https://github.com/onedr0p/cluster-template.git
synced 2026-03-18 02:09:12 +00:00
Compare commits
41 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
9043eddd45 | ||
|
|
ec59b671bd | ||
|
|
432d281287 | ||
|
|
38089c9255 | ||
|
|
1080234b8a | ||
|
|
c76a5c55f1 | ||
|
|
baa0610011 | ||
|
|
26d5d8e97b | ||
|
|
9a25a4f35f | ||
|
|
8042876b60 | ||
|
|
dcd12bfa44 | ||
|
|
7aa0625949 | ||
|
|
02e92f49ef | ||
|
|
35c43b764d | ||
|
|
14c56a27a7 | ||
|
|
f37d0fd807 | ||
|
|
965c53f1e3 | ||
|
|
d9fd3d10eb | ||
|
|
ad3b3f838f | ||
|
|
8acc1cc416 | ||
|
|
6afc052136 | ||
|
|
ed65c76100 | ||
|
|
61ce8ff2ff | ||
|
|
d025b91352 | ||
|
|
278e55b10a | ||
|
|
79968169bc | ||
|
|
70c1799d76 | ||
|
|
d4e712c555 | ||
|
|
5bf751533f | ||
|
|
886db559f9 | ||
|
|
8769776fc6 | ||
|
|
ba93035426 | ||
|
|
7c2ebedc98 | ||
|
|
3ea15ad84d | ||
|
|
4357af7446 | ||
|
|
1f278e02b5 | ||
|
|
861699f57c | ||
|
|
f524f27467 | ||
|
|
fd739eee9f | ||
|
|
c48ddfc1f5 | ||
|
|
07decda9b4 |
8
.github/renovate/autoMerge.json5
vendored
8
.github/renovate/autoMerge.json5
vendored
@@ -8,6 +8,14 @@
|
||||
"automergeType": "branch",
|
||||
"ignoreTests": true,
|
||||
"matchUpdateTypes": ["minor", "patch", "digest"]
|
||||
},
|
||||
{
|
||||
"description": "Auto merge container digests",
|
||||
"matchDatasources": ["docker"],
|
||||
"automerge": true,
|
||||
"automergeType": "branch",
|
||||
"ignoreTests": true,
|
||||
"matchUpdateTypes": ["digest"]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
4
.github/workflows/link-check.yaml
vendored
4
.github/workflows/link-check.yaml
vendored
@@ -12,10 +12,10 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
|
||||
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
|
||||
|
||||
- name: Link Checker
|
||||
uses: lycheeverse/lychee-action@9ace499fe66cee282a29eaa628fdac2c72fa087f # v1.6.1
|
||||
uses: lycheeverse/lychee-action@97189f2c0a3c8b0cb0e704fd4e878af6e5e2b2c5 # v1.7.0
|
||||
id: lychee
|
||||
env:
|
||||
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
|
||||
|
||||
2
.github/workflows/meta-sync-labels.yaml
vendored
2
.github/workflows/meta-sync-labels.yaml
vendored
@@ -13,7 +13,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
|
||||
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
|
||||
|
||||
- name: Sync Labels
|
||||
uses: EndBug/label-sync@da00f2c11fdb78e4fae44adac2fdd713778ea3e8 # renovate: tag=v2.3.2
|
||||
|
||||
@@ -2,13 +2,13 @@
|
||||
fail_fast: false
|
||||
repos:
|
||||
- repo: https://github.com/adrienverge/yamllint
|
||||
rev: v1.30.0
|
||||
rev: v1.31.0
|
||||
hooks:
|
||||
- args:
|
||||
- --config-file
|
||||
- .yamllint.yaml
|
||||
id: yamllint
|
||||
- repo: https://github.com/gruntwork-io/pre-commit
|
||||
rev: v0.1.19
|
||||
rev: v0.1.21
|
||||
hooks:
|
||||
- id: terraform-fmt
|
||||
|
||||
@@ -48,7 +48,7 @@ First and foremost some experience in debugging/troubleshooting problems **and a
|
||||
|
||||
### 💻 Systems
|
||||
|
||||
- One or more nodes with a fresh install of [Fedora Server 36](https://getfedora.org/en/server/download/) or [Ubuntu 22.04 Server](https://ubuntu.com/download/server).
|
||||
- One or more nodes with a fresh install of [Fedora Server 37](https://getfedora.org/en/server/download/) or [Ubuntu 22.04 Server](https://ubuntu.com/download/server) (not minimal).
|
||||
- These nodes can be ARM64/AMD64 bare metal or VMs.
|
||||
- An odd number of control plane nodes, greater than or equal to 3 is required if deploying more than one control plane node.
|
||||
- A [Cloudflare](https://www.cloudflare.com/) account with a domain, this will be managed by Terraform and external-dns. You can [register new domains](https://www.cloudflare.com/products/registrar/) directly thru Cloudflare.
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
|
||||
# (string) Use a specific version of k3s
|
||||
# renovate: datasource=github-releases depName=k3s-io/k3s
|
||||
k3s_release_version: "v1.26.2+k3s1"
|
||||
k3s_release_version: "v1.27.1+k3s1"
|
||||
|
||||
# (bool) Install using hard links rather than symbolic links.
|
||||
k3s_install_hard_links: true
|
||||
@@ -55,6 +55,5 @@ k3s_server_manifests_urls:
|
||||
# (list) A flat list of templates to deploy on the primary control plane
|
||||
# /var/lib/rancher/k3s/server/manifests
|
||||
k3s_server_manifests_templates:
|
||||
- calico-ebpf.yaml.j2
|
||||
- calico-installation.yaml.j2
|
||||
- kube-vip-daemonset.yaml.j2
|
||||
|
||||
@@ -10,25 +10,38 @@ k3s_server:
|
||||
node-ip: "{{ ansible_host }}"
|
||||
tls-san:
|
||||
- "{{ kubevip_address }}"
|
||||
https-listen-port: 6443
|
||||
docker: false # Disable Docker - this will use the default containerd CRI
|
||||
flannel-backend: "none" # This needs to be in quotes
|
||||
# Disable Docker - this will use the default containerd CRI
|
||||
docker: false
|
||||
flannel-backend: "none" # This needs to be in quotes
|
||||
disable:
|
||||
- flannel # Disable flannel - replaced with Calico
|
||||
- local-storage # Disable local-path-provisioner - installed with Flux
|
||||
- metrics-server # Disable metrics-server - installed with Flux
|
||||
- servicelb # Disable servicelb - replaced with metallb and installed with Flux
|
||||
- traefik # Disable traefik - replaced with ingress-nginx and installed with Flux
|
||||
# Disable flannel - replaced with Calico
|
||||
- flannel
|
||||
# Disable local-path-provisioner - installed with Flux
|
||||
- local-storage
|
||||
# Disable metrics-server - installed with Flux
|
||||
- metrics-server
|
||||
# Disable servicelb - replaced with metallb and installed with Flux
|
||||
- servicelb
|
||||
# Disable traefik - replaced with ingress-nginx and installed with Flux
|
||||
- traefik
|
||||
disable-network-policy: true
|
||||
disable-cloud-controller: true
|
||||
disable-kube-proxy: true # Disable kube-proxy - replaced with Calico eBPF
|
||||
write-kubeconfig-mode: "644"
|
||||
cluster-cidr: "10.42.0.0/16" # Network CIDR to use for pod IPs
|
||||
service-cidr: "10.43.0.0/16" # Network CIDR to use for service IPs
|
||||
# Network CIDR to use for pod IPs
|
||||
cluster-cidr: "10.42.0.0/16"
|
||||
# Network CIDR to use for service IPs
|
||||
service-cidr: "10.43.0.0/16"
|
||||
kube-controller-manager-arg:
|
||||
- "bind-address=0.0.0.0" # Required to monitor kube-controller-manager with kube-prometheus-stack
|
||||
# Required to monitor kube-controller-manager with kube-prometheus-stack
|
||||
- "bind-address=0.0.0.0"
|
||||
kube-proxy-arg:
|
||||
# Required to monitor kube-proxy with kube-prometheus-stack
|
||||
- "metrics-bind-address=0.0.0.0"
|
||||
kube-scheduler-arg:
|
||||
- "bind-address=0.0.0.0" # Required to monitor kube-scheduler with kube-prometheus-stack
|
||||
etcd-expose-metrics: true # Required to monitor etcd with kube-prometheus-stack
|
||||
# Required to monitor kube-scheduler with kube-prometheus-stack
|
||||
- "bind-address=0.0.0.0"
|
||||
# Required to monitor etcd with kube-prometheus-stack
|
||||
etcd-expose-metrics: true
|
||||
kube-apiserver-arg:
|
||||
- "anonymous-auth=true" # Required for HAProxy health-checks
|
||||
# Required for HAProxy health-checks
|
||||
- "anonymous-auth=true"
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: tigera-operator
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: kubernetes-services-endpoint
|
||||
namespace: tigera-operator
|
||||
data:
|
||||
KUBERNETES_SERVICE_HOST: "{{ k3s_registration_address }}"
|
||||
KUBERNETES_SERVICE_PORT: "{{ k3s_server['https-listen-port'] }}"
|
||||
@@ -7,8 +7,8 @@ spec:
|
||||
registry: quay.io
|
||||
imagePath: calico
|
||||
calicoNetwork:
|
||||
hostPorts: Disabled
|
||||
linuxDataplane: BPF
|
||||
# https://docs.k3s.io/installation/network-options#custom-cni
|
||||
containerIPForwarding: "Enabled"
|
||||
# https://projectcalico.docs.tigera.io/networking/ip-autodetection
|
||||
nodeAddressAutodetectionV4:
|
||||
cidrs:
|
||||
|
||||
@@ -20,7 +20,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: kube-vip
|
||||
image: ghcr.io/kube-vip/kube-vip:v0.5.11
|
||||
image: ghcr.io/kube-vip/kube-vip:v0.5.12
|
||||
imagePullPolicy: IfNotPresent
|
||||
args: ["manager"]
|
||||
env:
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
---
|
||||
collections:
|
||||
- name: community.general
|
||||
version: 6.4.0
|
||||
version: 6.6.0
|
||||
- name: community.sops
|
||||
version: 1.6.1
|
||||
- name: ansible.posix
|
||||
version: 1.5.1
|
||||
version: 1.5.2
|
||||
- name: ansible.utils
|
||||
version: 2.9.0
|
||||
- name: kubernetes.core
|
||||
|
||||
@@ -9,7 +9,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: cert-manager
|
||||
version: v1.11.0
|
||||
version: v1.11.1
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: jetstack
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-cert-manager
|
||||
@@ -19,7 +19,7 @@ spec:
|
||||
retryInterval: 1m
|
||||
timeout: 3m
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-cert-manager-issuers
|
||||
|
||||
@@ -9,7 +9,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 1.3.2
|
||||
version: 1.4.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: bjw-s
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-echo-server
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-hajimari
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-flux-webhooks
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: notification.toolkit.fluxcd.io/v1beta1
|
||||
apiVersion: notification.toolkit.fluxcd.io/v1
|
||||
kind: Receiver
|
||||
metadata:
|
||||
name: github-receiver
|
||||
@@ -12,15 +12,15 @@ spec:
|
||||
secretRef:
|
||||
name: github-webhook-token-secret
|
||||
resources:
|
||||
- apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||
- apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: GitRepository
|
||||
name: home-kubernetes
|
||||
namespace: flux-system
|
||||
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
- apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
name: cluster
|
||||
namespace: flux-system
|
||||
- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
- apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
name: cluster-apps
|
||||
namespace: flux-system
|
||||
|
||||
@@ -9,7 +9,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: weave-gitops
|
||||
version: 4.0.16
|
||||
version: 4.0.20
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: weave-gitops
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-weave-gitops
|
||||
|
||||
@@ -20,7 +20,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: kube-vip
|
||||
image: ghcr.io/kube-vip/kube-vip:v0.5.11
|
||||
image: ghcr.io/kube-vip/kube-vip:v0.5.12
|
||||
imagePullPolicy: IfNotPresent
|
||||
args: ["manager"]
|
||||
env:
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-kube-vip
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-local-path-provisioner
|
||||
|
||||
@@ -9,7 +9,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: metrics-server
|
||||
version: 3.8.4
|
||||
version: 3.10.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: metrics-server
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-metrics-server
|
||||
|
||||
@@ -9,7 +9,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: reloader
|
||||
version: v1.0.15
|
||||
version: v1.0.24
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: stakater
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-reloader
|
||||
|
||||
@@ -9,7 +9,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: kubernetes-dashboard
|
||||
version: 6.0.6
|
||||
version: 6.0.7
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: kubernetes-dashboard
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-kubernetes-dashboard
|
||||
|
||||
@@ -9,7 +9,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 1.3.2
|
||||
version: 1.4.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: bjw-s
|
||||
@@ -34,7 +34,7 @@ spec:
|
||||
restartPolicy: OnFailure
|
||||
image:
|
||||
repository: ghcr.io/onedr0p/kubernetes-kubectl
|
||||
tag: 1.26.3@sha256:4dd76f75fc0b465e2cc976570380152c428b5047fd87b5538e16502fb5c8978a
|
||||
tag: 1.27.1@sha256:2067b52145cdcb99b1db4e92fa114babc0a8a91e08711cbe1aae05ba5a277dd9
|
||||
command: ["/bin/bash", "/app/cloudflare-ddns.sh"]
|
||||
envFrom:
|
||||
- secretRef:
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-cloudflare-ddns
|
||||
|
||||
@@ -9,7 +9,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: external-dns
|
||||
version: 1.12.1
|
||||
version: 1.12.2
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: external-dns
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-external-dns
|
||||
|
||||
@@ -76,7 +76,7 @@ spec:
|
||||
enabled: true
|
||||
image:
|
||||
repository: ghcr.io/tarampampam/error-pages
|
||||
tag: 2.21.0
|
||||
tag: 2.24.0
|
||||
extraEnvs:
|
||||
- name: TEMPLATE_NAME
|
||||
value: lost-in-space
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-ingress-nginx-certificates
|
||||
@@ -17,7 +17,7 @@ spec:
|
||||
retryInterval: 1m
|
||||
timeout: 3m
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-ingress-nginx
|
||||
|
||||
@@ -9,7 +9,7 @@ spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: k8s-gateway
|
||||
version: 2.0.2
|
||||
version: 2.0.3
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: k8s-gateway
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-k8s-gateway
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-metallb
|
||||
@@ -19,7 +19,7 @@ spec:
|
||||
retryInterval: 1m
|
||||
timeout: 3m
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-metallb-config
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-system-upgrade-controller
|
||||
@@ -15,7 +15,7 @@ spec:
|
||||
retryInterval: 1m
|
||||
timeout: 3m
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps-system-upgrade-controller-plans
|
||||
|
||||
@@ -6,7 +6,7 @@ metadata:
|
||||
namespace: system-upgrade
|
||||
spec:
|
||||
# renovate: datasource=github-releases depName=k3s-io/k3s
|
||||
version: "v1.26.2+k3s1"
|
||||
version: "v1.27.1+k3s1"
|
||||
serviceAccountName: system-upgrade
|
||||
concurrency: 1
|
||||
nodeSelector:
|
||||
|
||||
@@ -6,7 +6,7 @@ metadata:
|
||||
namespace: system-upgrade
|
||||
spec:
|
||||
# renovate: datasource=github-releases depName=k3s-io/k3s
|
||||
version: "v1.26.2+k3s1"
|
||||
version: "v1.27.1+k3s1"
|
||||
serviceAccountName: system-upgrade
|
||||
concurrency: 1
|
||||
cordon: true
|
||||
|
||||
@@ -1,9 +1,12 @@
|
||||
# IMPORTANT: This file is not tracked by flux and should never be. Its
|
||||
# purpose is to only install the Flux components and CRDs into your cluster.
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- github.com/fluxcd/flux2/manifests/install?ref=v0.41.2
|
||||
- github.com/fluxcd/flux2/manifests/install?ref=v2.0.0-rc.1
|
||||
patches:
|
||||
# Remove the network policies that does not work with k3s
|
||||
- patch: |-
|
||||
$patch: delete
|
||||
apiVersion: networking.k8s.io/v1
|
||||
@@ -12,5 +15,4 @@ patches:
|
||||
name: not-used
|
||||
target:
|
||||
group: networking.k8s.io
|
||||
version: v1
|
||||
kind: NetworkPolicy
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster-apps
|
||||
@@ -23,7 +23,7 @@ spec:
|
||||
name: cluster-secrets
|
||||
patches:
|
||||
- patch: |-
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: not-used
|
||||
@@ -40,6 +40,5 @@ spec:
|
||||
name: cluster-secrets
|
||||
target:
|
||||
group: kustomize.toolkit.fluxcd.io
|
||||
version: v1beta2
|
||||
kind: Kustomization
|
||||
labelSelector: substitution.flux.home.arpa/disabled notin (true)
|
||||
|
||||
@@ -8,9 +8,9 @@ spec:
|
||||
interval: 10m
|
||||
url: oci://ghcr.io/fluxcd/flux-manifests
|
||||
ref:
|
||||
tag: v0.41.2
|
||||
tag: v2.0.0-rc.1
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: flux
|
||||
@@ -24,6 +24,7 @@ spec:
|
||||
kind: OCIRepository
|
||||
name: flux-manifests
|
||||
patches:
|
||||
# Remove the network policies that does not work with k3s
|
||||
- patch: |
|
||||
$patch: delete
|
||||
apiVersion: networking.k8s.io/v1
|
||||
@@ -32,8 +33,9 @@ spec:
|
||||
name: not-used
|
||||
target:
|
||||
group: networking.k8s.io
|
||||
version: v1
|
||||
kind: NetworkPolicy
|
||||
# Increase the number of reconciliations that can be performed in parallel and bump the resources limits
|
||||
# https://fluxcd.io/flux/cheatsheets/bootstrap/#increase-the-number-of-workers
|
||||
- patch: |
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
@@ -49,4 +51,48 @@ spec:
|
||||
value: --requeue-dependency=5s
|
||||
target:
|
||||
kind: Deployment
|
||||
name: "(kustomize-controller|helm-controller|source-controller)"
|
||||
name: (kustomize-controller|helm-controller|source-controller)
|
||||
- patch: |
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: not-used
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: manager
|
||||
resources:
|
||||
limits:
|
||||
cpu: 2000m
|
||||
memory: 2Gi
|
||||
target:
|
||||
kind: Deployment
|
||||
name: (kustomize-controller|helm-controller|source-controller)
|
||||
# Enable drift detection for HelmReleases and set the log level to debug
|
||||
# https://fluxcd.io/flux/components/helm/helmreleases/#drift-detection
|
||||
- patch: |
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
value: --feature-gates=DetectDrift=true,CorrectDrift=false
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
value: --log-level=debug
|
||||
target:
|
||||
kind: Deployment
|
||||
name: helm-controller
|
||||
# Enable Helm near OOM detection
|
||||
# https://fluxcd.io/flux/cheatsheets/bootstrap/#enable-helm-near-oom-detection
|
||||
- patch: |
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
value: --feature-gates=OOMWatch=true
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
value: --oom-watch-memory-threshold=95
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/args/-
|
||||
value: --oom-watch-interval=500ms
|
||||
target:
|
||||
kind: Deployment
|
||||
name: helm-controller
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: local-path-provisioner
|
||||
|
||||
@@ -3,11 +3,11 @@ terraform {
|
||||
required_providers {
|
||||
cloudflare = {
|
||||
source = "cloudflare/cloudflare"
|
||||
version = "4.2.0"
|
||||
version = "4.4.0"
|
||||
}
|
||||
http = {
|
||||
source = "hashicorp/http"
|
||||
version = "3.2.1"
|
||||
version = "3.3.0"
|
||||
}
|
||||
sops = {
|
||||
source = "carlpett/sops"
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: home-kubernetes
|
||||
@@ -15,7 +15,7 @@ spec:
|
||||
# include kubernetes directory
|
||||
!/kubernetes
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: cluster
|
||||
|
||||
Reference in New Issue
Block a user