├── .devcontainer ├── ci │ ├── Dockerfile │ ├── devcontainer.json │ └── features │ │ ├── devcontainer-feature.json │ │ └── install.sh ├── devcontainer.json └── postCreateCommand.sh ├── .editorconfig ├── .gitattributes ├── .github ├── CODEOWNERS ├── CODE_OF_CONDUCT.md ├── instructions │ └── flux.instructions.md ├── labeler.yaml ├── labels.yaml ├── release.yaml └── workflows │ ├── flux-diff.yaml │ ├── label-sync.yaml │ └── labeler.yaml ├── .gitignore ├── .renovate ├── autoMerge.json5 ├── customManagers.json5 ├── grafanaDashboards.json5 ├── labels.json5 ├── packageRules.json5 └── semanticCommits.json5 ├── .renovaterc.json5 ├── .sops.yaml ├── .taskfiles ├── bootstrap │ └── Taskfile.yaml ├── kubernetes │ └── Taskfile.yaml ├── rook │ ├── Taskfile.yaml │ ├── scripts │ │ └── wait-for-job.sh │ └── templates │ │ ├── WipeDataJob.tmpl.yaml │ │ └── WipeDiskJob.tmpl.yaml ├── sops │ └── Taskfile.yaml ├── talos │ └── Taskfile.yaml ├── volsync │ ├── Taskfile.yaml │ └── resources │ │ ├── list.tmpl.yaml │ │ ├── replicationdestination.tmpl.yaml │ │ ├── unlock.tmpl.yaml │ │ ├── wait-for-job.sh │ │ ├── which-controller.sh │ │ └── wipe.tmpl.yaml └── workstation │ ├── Archfile │ ├── Brewfile │ └── Taskfile.yaml ├── .vscode └── settings.json ├── LICENSE ├── README.md ├── Taskfile.yaml ├── bootstrap ├── coredns.sops.yaml ├── helmfile.yaml └── kustomization.yaml ├── kubernetes ├── apps │ ├── 1password │ │ ├── 1password-cko │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── transformers │ │ │ └── kustomization.yaml │ ├── cert-manager │ │ ├── cert-manager │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── issuers │ │ │ │ ├── acme.yaml │ │ │ │ ├── ca.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── transformers │ │ │ └── kustomization.yaml │ │ └── trust-manager │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ ├── cluster-ca-bundle │ │ │ ├── bundle.yaml │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ ├── cnpg-system │ │ ├── barman-cloud │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── cloudnative-pg │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── prometheusrule.yaml │ │ │ │ └── resources │ │ │ │ │ └── cnp.json │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── transformers │ │ │ └── kustomization.yaml │ ├── database │ │ ├── cnpg │ │ │ ├── ks.yaml │ │ │ └── pg17vc │ │ │ │ ├── certificate.yaml │ │ │ │ ├── cluster.yaml │ │ │ │ ├── cronjob.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── gatus.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── objectbucketclaim.yaml │ │ │ │ ├── objectstore.yaml │ │ │ │ ├── prometheusrule.yaml │ │ │ │ ├── recovery-job.yaml │ │ │ │ └── scheduledbackup.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── transformers │ │ │ └── kustomization.yaml │ ├── default │ │ ├── autobrr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── buildkit │ │ │ ├── app │ │ │ │ ├── ciliumnetworkpolicy.yaml │ │ │ │ ├── configs │ │ │ │ │ └── buildkitd.toml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── changedetection │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── dashbrr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── rbac.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.toml │ │ │ └── ks.yaml │ │ ├── docker-registry-ui │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── esphome-device-builder │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── glance │ │ │ ├── app │ │ │ │ ├── configs │ │ │ │ │ └── glance.yml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── gluetun │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── gomft │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── homebox │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── homepage │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── rbac.yaml │ │ │ │ └── resources │ │ │ │ │ ├── bookmarks.yaml │ │ │ │ │ ├── custom.css │ │ │ │ │ ├── custom.js │ │ │ │ │ ├── docker.yaml │ │ │ │ │ ├── kubernetes.yaml │ │ │ │ │ ├── services.yaml │ │ │ │ │ ├── settings.yaml │ │ │ │ │ └── widgets.yaml │ │ │ └── ks.yaml │ │ ├── immich │ │ │ ├── app │ │ │ │ ├── certificate.yaml │ │ │ │ ├── dragonfly.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── immich.sql │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── jellyfin │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── networkpolicy.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── maybe │ │ │ ├── app │ │ │ │ ├── certificate.yaml │ │ │ │ ├── dragonfly.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── podmonitor.yaml │ │ │ └── ks.yaml │ │ ├── media-smb │ │ │ ├── kantai1 │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pv.yaml │ │ │ │ └── pvc.yaml │ │ │ ├── ks.yaml │ │ │ └── media1 │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── pv.yaml │ │ │ │ └── pvc.yaml │ │ ├── minio │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── namespace.yaml │ │ ├── octoeverywhere-bambu-connect │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── pgadmin │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── plex │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── networkpolicy.yaml │ │ │ │ └── pvc.yaml │ │ │ └── ks.yaml │ │ ├── pocket-id │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── prowlarr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── qbittorrent │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── networkpolicy.yaml │ │ │ └── ks.yaml │ │ ├── radarr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── pushover-notify.sh │ │ │ └── ks.yaml │ │ ├── recyclarr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── recyclarr.yml │ │ │ └── ks.yaml │ │ ├── registry │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.yml │ │ │ └── ks.yaml │ │ ├── sabnzbd │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── networkpolicy.yaml │ │ │ └── ks.yaml │ │ ├── sonarr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ ├── pushover-notify.sh │ │ │ │ │ └── refresh-series.sh │ │ │ └── ks.yaml │ │ ├── spoolman │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── stash │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── transformers │ │ │ └── kustomization.yaml │ ├── dragonfly-operator-system │ │ ├── dragonfly-operator │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── transformers │ │ │ └── kustomization.yaml │ ├── external-secrets │ │ ├── external-secrets │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ └── stores │ │ │ │ ├── kustomization.yaml │ │ │ │ └── onepassword │ │ │ │ ├── clustersecretstore.yaml │ │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── transformers │ │ │ └── kustomization.yaml │ ├── flux-system │ │ ├── instance │ │ │ ├── ks.yaml │ │ │ └── ks │ │ │ │ ├── alert.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── httproute.yaml │ │ │ │ ├── instance.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── ocirepository.yaml │ │ │ │ ├── podmonitor.yaml │ │ │ │ ├── prometheusrule.yaml │ │ │ │ └── receiver.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── operator │ │ │ ├── ks.yaml │ │ │ └── ks │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── ocirepository.yaml │ │ └── transformers │ │ │ └── kustomization.yaml │ ├── gpu-operator │ │ ├── gpu-operator │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ ├── better-dcgm-dashboard.json │ │ │ │ │ └── time-slicing-config-all.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── transformers │ │ │ └── kustomization.yaml │ ├── ingress-certificates │ │ ├── ingress-certificates │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ └── production.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── transformers │ │ │ └── kustomization.yaml │ ├── kube-guardian │ │ ├── kube-guardian │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── transformers │ │ │ └── kustomization.yaml │ ├── kube-system │ │ ├── cilium │ │ │ ├── app │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── kustomizeconfig.yaml │ │ │ ├── config │ │ │ │ ├── bgpadvertisement.yaml │ │ │ │ ├── bgpclusterconfig.yaml │ │ │ │ ├── bgppeerconfig.yaml │ │ │ │ ├── clusterwidenetworkpolicy.yaml │ │ │ │ ├── gateway.yaml │ │ │ │ ├── httproute.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── loadbalancerippool.yaml │ │ │ │ └── service.yaml │ │ │ └── ks.yaml │ │ ├── coredns │ │ │ ├── app │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── kustomizeconfig.yaml │ │ │ └── ks.yaml │ │ ├── csi-driver-smb │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── descheduler │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── gateway-crd │ │ │ ├── experimental │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ └── standard │ │ │ │ └── kustomization.yaml │ │ ├── generic-device-plugin │ │ │ ├── app │ │ │ │ ├── configs │ │ │ │ │ └── config.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── k8s-digester │ │ │ ├── app │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kubelet-csr-approver │ │ │ ├── app │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── kustomizeconfig.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── metrics-server │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── multus │ │ │ ├── app │ │ │ │ ├── crds.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── rbac.yaml │ │ │ ├── ks.yaml │ │ │ └── networks │ │ │ │ ├── default.yaml │ │ │ │ └── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── node-feature-discovery │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── reloader │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── snapshot-controller │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── spegel │ │ │ ├── app │ │ │ │ ├── helm-values.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── kustomizeconfig.yaml │ │ │ └── ks.yaml │ │ └── transformers │ │ │ └── kustomization.yaml │ ├── network │ │ ├── cloudflared │ │ │ ├── app │ │ │ │ ├── configs │ │ │ │ │ └── config.yaml │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── externalsecret.yaml │ │ │ ├── ks.yaml │ │ │ └── kustomization.yaml │ │ ├── echo │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── external-dns │ │ │ ├── cloudflare │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── common │ │ │ │ ├── ocirepository.yaml │ │ │ │ └── prometheusrule.yaml │ │ │ ├── ks.yaml │ │ │ └── unifi │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ ├── k8s-gateway │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── oauth2-proxy │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── openspeedtest │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── transformers │ │ │ └── kustomization.yaml │ ├── observability-agents │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── node-exporter │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── smartctl-exporter │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── prometheusrule.yaml │ │ │ └── ks.yaml │ │ ├── telegraf-zfs │ │ │ ├── app │ │ │ │ ├── configs │ │ │ │ │ └── telegraf.conf │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── transformers │ │ │ └── kustomization.yaml │ ├── observability │ │ ├── alloy │ │ │ ├── alloy │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.alloy │ │ │ ├── events │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.alloy │ │ │ └── ks.yaml │ │ ├── blackbox-exporter │ │ │ ├── app │ │ │ │ ├── dashboards │ │ │ │ │ └── icmp.json │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── probe.yaml │ │ │ └── ks.yaml │ │ ├── dozzle │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── rbac.yaml │ │ │ └── ks.yaml │ │ ├── exportarr │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── prowlarr.yaml │ │ │ │ ├── radarr.yaml │ │ │ │ ├── resources │ │ │ │ │ └── exportarr-dashboard2.json │ │ │ │ ├── sabnzbd.yaml │ │ │ │ └── sonarr.yaml │ │ │ └── ks.yaml │ │ ├── gatus │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── prometheusrule.yaml │ │ │ │ ├── rbac.yaml │ │ │ │ └── resources │ │ │ │ │ └── config.yaml │ │ │ └── ks.yaml │ │ ├── grafana │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── resources │ │ │ │ │ ├── cluster-global-perf.json │ │ │ │ │ ├── flux-control-plane.json │ │ │ │ │ ├── flux-instance-stats.json │ │ │ │ │ ├── flux-logs.json │ │ │ │ │ ├── zfs-details.json │ │ │ │ │ └── zfs.json │ │ │ └── ks.yaml │ │ ├── headlamp │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── httproute.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── idrac-exporter │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── resources │ │ │ │ │ ├── idrac.json │ │ │ │ │ ├── idrac.yml │ │ │ │ │ └── idrac_overview.json │ │ │ │ └── servicemonitor.yaml │ │ │ └── ks.yaml │ │ ├── kube-prometheus-stack │ │ │ ├── app │ │ │ │ ├── alertmanagerconfig.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── prometheusrule.yaml │ │ │ │ └── scrapeconfig.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── nut-exporter │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── prometheusrule.yaml │ │ │ │ ├── resources │ │ │ │ │ └── ups-aggregate.json │ │ │ │ └── servicemonitor.yaml │ │ │ └── ks.yaml │ │ ├── prometheus-operator-crds │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── robusta │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── silence-operator │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── ks.yaml │ │ │ └── silences │ │ │ │ ├── blackbox-ipv6.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── overcommit.yaml │ │ │ │ └── smart.yaml │ │ ├── speedtest-exporter │ │ │ ├── app │ │ │ │ ├── dashboards │ │ │ │ │ └── speedtest.json │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── transformers │ │ │ └── kustomization.yaml │ │ ├── unpoller │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── prometheusrule.yaml │ │ │ └── ks.yaml │ │ ├── victorialogs │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── httproute.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── victoriametrics │ │ │ ├── ks.yaml │ │ │ ├── operator │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ │ └── stack │ │ │ ├── httproute.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── vmalert.yaml │ │ │ ├── vmrule.yaml │ │ │ ├── vmservicescrape.yaml │ │ │ └── vmsingle.yaml │ ├── openebs-system │ │ ├── etcd │ │ │ ├── app │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── service.yaml │ │ │ │ └── statefulset.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── openebs │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── transformers │ │ │ └── kustomization.yaml │ │ └── zfs-volumes │ │ │ ├── ks.yaml │ │ │ └── resources │ │ │ ├── homeassistant-backup.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── media1.yaml │ │ │ ├── media2.yaml │ │ │ └── photos.yaml │ ├── rook-ceph │ │ ├── cluster │ │ │ ├── app │ │ │ │ ├── certificate.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── httproute.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── operator │ │ │ ├── app │ │ │ │ ├── configmap.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── transformers │ │ │ └── kustomization.yaml │ ├── storage │ │ ├── kantai3-samba │ │ │ ├── app │ │ │ │ ├── configs │ │ │ │ │ ├── avahi │ │ │ │ │ │ └── avahi-daemon.conf │ │ │ │ │ ├── dbus │ │ │ │ │ │ ├── dbus.conf │ │ │ │ │ │ └── system.d │ │ │ │ │ │ │ └── avahi.conf │ │ │ │ │ └── samba │ │ │ │ │ │ └── config.yaml │ │ │ │ ├── endpoints.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── networkpolicy.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── service.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── maintenance │ │ │ ├── kantai1 │ │ │ │ ├── cronjob.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── kantai3 │ │ │ │ ├── cronjob.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── media-kantai1 │ │ │ ├── ks.yaml │ │ │ ├── smb │ │ │ │ ├── configs │ │ │ │ │ └── config.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── networkpolicy.yaml │ │ │ └── volume │ │ │ │ ├── kustomization.yaml │ │ │ │ └── pvc.yaml │ │ ├── namespace.yaml │ │ └── transformers │ │ │ └── kustomization.yaml │ ├── tailscale │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── tailscale-operator │ │ │ ├── app │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── connector │ │ │ │ ├── ciliumnetworkpolicy.yaml │ │ │ │ ├── connector.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── proxyclass.yaml │ │ │ └── ks.yaml │ │ └── transformers │ │ │ └── kustomization.yaml │ ├── talos-admin │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── system-upgrade-controller │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── rbac.yaml │ │ │ ├── ks.yaml │ │ │ └── plans │ │ │ │ ├── kubernetes.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── talos.yaml │ │ ├── talos-backup │ │ │ ├── app │ │ │ │ ├── cronjob.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── secret.yaml │ │ │ │ └── serviceaccount.yaml │ │ │ └── ks.yaml │ │ └── transformers │ │ │ └── kustomization.yaml │ └── volsync-system │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── transformers │ │ └── kustomization.yaml │ │ └── volsync │ │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── prometheusrule.yaml │ │ └── ks.yaml ├── cluster │ └── ks.yaml ├── components │ ├── common │ │ ├── alerts │ │ │ ├── alertmanager │ │ │ │ ├── alert.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── provider.yaml │ │ │ ├── github-status │ │ │ │ ├── alert.yaml │ │ │ │ ├── externalsecret.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── provider.yaml │ │ │ └── kustomization.yaml │ │ └── kustomization.yaml │ ├── gatus │ │ ├── external │ │ │ ├── config.yaml │ │ │ └── kustomization.yaml │ │ └── guarded │ │ │ ├── config.yaml │ │ │ └── kustomization.yaml │ └── volsync │ │ ├── cloudflare-r2 │ │ ├── externalsecret.yaml │ │ ├── kustomization.yaml │ │ ├── replicationdestination.yaml │ │ └── replicationsource.yaml │ │ ├── kustomization.yaml │ │ └── pvc.yaml ├── transformers │ ├── kustomization.yaml │ └── transformer.yaml └── vap │ ├── kustomization.yaml │ ├── pss-baseline-default.yaml │ ├── pss-baseline-gluetun-caps.yaml │ └── pss-restricted-additional.yaml ├── makejinja.toml ├── requirements.txt ├── scripts └── kubeconform.sh └── talos ├── clusterconfig └── .gitignore ├── talconfig.yaml ├── talenv.sops.yaml └── talsecret.sops.yaml /.devcontainer/ci/Dockerfile: -------------------------------------------------------------------------------- 1 | # Ref: https://github.com/devcontainers/ci/issues/191 2 | FROM mcr.microsoft.com/devcontainers/base:alpine 3 | -------------------------------------------------------------------------------- /.devcontainer/ci/devcontainer.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://raw.githubusercontent.com/devcontainers/spec/main/schemas/devContainer.schema.json", 3 | "name": "Flux Cluster Template (CI)", 4 | "build": { 5 | "dockerfile": "./Dockerfile", 6 | "context": "." 7 | }, 8 | "features": { 9 | "./features": {} 10 | }, 11 | "customizations": { 12 | "vscode": { 13 | "settings": { 14 | "terminal.integrated.profiles.linux": { 15 | "bash": { 16 | "path": "/usr/bin/fish" 17 | } 18 | }, 19 | "terminal.integrated.defaultProfile.linux": "fish" 20 | }, 21 | "extensions": [ 22 | "redhat.vscode-yaml" 23 | ] 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /.devcontainer/ci/features/devcontainer-feature.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Cluster Template", 3 | "id": "cluster-template", 4 | "version": "1.0.0", 5 | "description": "Work environment for the Cluster Template project" 6 | } 7 | -------------------------------------------------------------------------------- /.devcontainer/devcontainer.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://raw.githubusercontent.com/devcontainers/spec/main/schemas/devContainer.schema.json", 3 | "name": "Flux Cluster Template", 4 | "image": "ghcr.io/onedr0p/cluster-template/devcontainer:latest", 5 | "initializeCommand": "docker pull ghcr.io/onedr0p/cluster-template/devcontainer:latest", 6 | "postCreateCommand": { 7 | "setup": "bash ${containerWorkspaceFolder}/.devcontainer/postCreateCommand.sh" 8 | }, 9 | "postStartCommand": { 10 | "git": "git config --global --add safe.directory ${containerWorkspaceFolder}" 11 | }, 12 | "runArgs": [ 13 | "--userns=keep-id:uid=1000,gid=1000" 14 | ], 15 | "containerUser": "vscode", 16 | "updateRemoteUserUID": true 17 | } 18 | -------------------------------------------------------------------------------- /.devcontainer/postCreateCommand.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | set -o noglob 4 | 5 | # Setup fisher plugin manager for fish and install plugins 6 | /usr/bin/fish -c " 7 | curl -sL https://git.io/fisher | source && fisher install jorgebucaran/fisher 8 | fisher install decors/fish-colored-man 9 | fisher install edc/bass 10 | fisher install jorgebucaran/autopair.fish 11 | fisher install nickeb96/puffer-fish 12 | fisher install PatrickF1/fzf.fish 13 | " 14 | 15 | # Create/update virtual environment 16 | if ! grep -q "venv /workspaces/" .venv/pyvenv.cfg; then 17 | rm -rf .venv 18 | fi 19 | 20 | go-task workstation:venv 21 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | ; https://editorconfig.org/ 2 | 3 | root = true 4 | 5 | [*] 6 | indent_style = space 7 | indent_size = 2 8 | end_of_line = lf 9 | charset = utf-8 10 | trim_trailing_whitespace = true 11 | insert_final_newline = true 12 | 13 | [*.md] 14 | indent_size = 4 15 | trim_trailing_whitespace = false 16 | 17 | [*.sh] 18 | indent_size = 4 19 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf 2 | *.env linguist-detectable linguist-language=SHELL 3 | *.json linguist-detectable linguist-language=JSON 4 | *.json5 linguist-detectable linguist-language=JSON5 5 | *.md linguist-detectable linguist-language=MARKDOWN 6 | *.sh linguist-detectable linguist-language=SHELL 7 | *.sops.* diff=sopsdiffer 8 | *.toml linguist-detectable linguist-language=TOML 9 | *.yaml linguist-detectable linguist-language=YAML 10 | *.yaml.j2 linguist-detectable linguist-language=YAML 11 | *.yml linguist-detectable linguist-language=YAML 12 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Ref: https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners 2 | * @jfroy 3 | -------------------------------------------------------------------------------- /.github/release.yaml: -------------------------------------------------------------------------------- 1 | changelog: 2 | exclude: 3 | authors: 4 | - renovate 5 | -------------------------------------------------------------------------------- /.github/workflows/label-sync.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json 3 | name: "Label Sync" 4 | 5 | on: 6 | workflow_dispatch: 7 | push: 8 | branches: ["main"] 9 | paths: [".github/labels.yaml"] 10 | schedule: 11 | - cron: "0 0 * * *" # Every day at midnight 12 | 13 | permissions: 14 | issues: write 15 | 16 | jobs: 17 | label-sync: 18 | name: Label Sync 19 | runs-on: ubuntu-latest 20 | steps: 21 | - name: Checkout 22 | uses: actions/checkout@v4 23 | with: 24 | sparse-checkout: .github/labels.yaml 25 | 26 | - name: Sync Labels 27 | uses: EndBug/label-sync@v2 28 | with: 29 | config-file: .github/labels.yaml 30 | delete-other-labels: true 31 | -------------------------------------------------------------------------------- /.github/workflows/labeler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json 3 | name: "Labeler" 4 | 5 | on: 6 | workflow_dispatch: 7 | pull_request_target: 8 | branches: ["main"] 9 | 10 | jobs: 11 | labeler: 12 | if: ${{ github.event.pull_request.head.repo.full_name == github.repository }} 13 | name: Labeler 14 | permissions: 15 | contents: read 16 | pull-requests: write 17 | runs-on: ubuntu-latest 18 | steps: 19 | - name: Labeler 20 | uses: actions/labeler@v5 21 | with: 22 | configuration-path: .github/labeler.yaml 23 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.private/ 2 | /.task/ 3 | *.crt 4 | *.key* 5 | .decrypted~* 6 | .DS_Store 7 | Brewfile.lock.json 8 | Thumbs.db 9 | kubeconfig 10 | talosconfig 11 | -------------------------------------------------------------------------------- /.renovate/autoMerge.json5: -------------------------------------------------------------------------------- 1 | { 2 | $schema: "https://docs.renovatebot.com/renovate-schema.json", 3 | packageRules: [ 4 | { 5 | matchDatasources: ["docker"], 6 | matchPackageNames: ["ghcr.io/jfroy/siderolabs/imager", "ghcr.io/siderolabs/kubelet"], 7 | automerge: false, 8 | }, 9 | { 10 | matchDatasources: ["docker"], 11 | matchUpdateTypes: ["digest"], 12 | matchPackageNames: ["ghcr.io/home-operations**/*", "ghcr.io/jfroy/vuetorrent"], 13 | automerge: true, 14 | }, 15 | { 16 | matchDatasources: ["docker"], 17 | matchUpdateTypes: ["major"], 18 | matchPackageNames: ["ghcr.io/mendhak/http-https-echo"], 19 | automerge: true, 20 | }, 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /.renovate/packageRules.json5: -------------------------------------------------------------------------------- 1 | { 2 | $schema: "https://docs.renovatebot.com/renovate-schema.json", 3 | packageRules: [ 4 | { 5 | matchDatasources: ["docker"], 6 | matchPackageNames: ["ghcr.io/home-operations/plex"], 7 | versioning: "loose" 8 | }, 9 | { 10 | matchDatasources: ["docker"], 11 | matchPackageNames: ["registry.kantai.xyz**/*"], 12 | enabled: false 13 | }, 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /.taskfiles/rook/scripts/wait-for-job.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | JOB=$1 4 | NAMESPACE="${2:-default}" 5 | CLUSTER="${3:-main}" 6 | 7 | [[ -z "${JOB}" ]] && echo "Job name not specified" && exit 1 8 | while true; do 9 | STATUS="$(kubectl --context "${CLUSTER}" -n "${NAMESPACE}" get pod -l job-name="${JOB}" -o jsonpath='{.items[*].status.phase}')" 10 | if [ "${STATUS}" == "Pending" ]; then 11 | break 12 | fi 13 | sleep 1 14 | done 15 | -------------------------------------------------------------------------------- /.taskfiles/sops/Taskfile.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://taskfile.dev/schema.json 3 | version: '3' 4 | 5 | tasks: 6 | 7 | encrypt: 8 | desc: Encrypt all Kubernetes SOPS secrets 9 | cmd: | 10 | find "{{.KUBERNETES_DIR}}" -type f -name "*.sops.*" | while read -r file; do 11 | if sops filestatus "${file}" | jq --exit-status ".encrypted == false" &>/dev/null; then 12 | sops --encrypt --in-place "${file}" 13 | fi 14 | done 15 | preconditions: 16 | - msg: Missing Sops config file 17 | sh: test -f {{.SOPS_CONFIG_FILE}} 18 | - msg: Missing Sops Age key file 19 | sh: test -f {{.SOPS_AGE_KEY_FILE}} 20 | -------------------------------------------------------------------------------- /.taskfiles/volsync/resources/wait-for-job.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | JOB=$1 4 | NAMESPACE="${2:-default}" 5 | CLUSTER="${3:-main}" 6 | 7 | [[ -z "${JOB}" ]] && echo "Job name not specified" && exit 1 8 | while true; do 9 | STATUS="$(kubectl --context "${CLUSTER}" -n "${NAMESPACE}" get pod -l job-name="${JOB}" -o jsonpath='{.items[*].status.phase}')" 10 | if [ "${STATUS}" == "Pending" ]; then 11 | break 12 | fi 13 | sleep 1 14 | done 15 | -------------------------------------------------------------------------------- /.taskfiles/volsync/resources/which-controller.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | APP=$1 4 | NAMESPACE="${2:-default}" 5 | CLUSTER="${3:-main}" 6 | 7 | is_deployment() { 8 | kubectl --context "${CLUSTER}" -n "${NAMESPACE}" get deployment "${APP}" >/dev/null 2>&1 9 | } 10 | 11 | is_statefulset() { 12 | kubectl --context "${CLUSTER}" -n "${NAMESPACE}" get statefulset "${APP}" >/dev/null 2>&1 13 | } 14 | 15 | if is_deployment; then 16 | echo "deployment.apps/${APP}" 17 | elif is_statefulset; then 18 | echo "statefulset.apps/${APP}" 19 | else 20 | echo "No deployment or statefulset found for ${APP}" 21 | exit 1 22 | fi 23 | -------------------------------------------------------------------------------- /.taskfiles/volsync/resources/wipe.tmpl.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: ${job} 6 | namespace: ${ns} 7 | spec: 8 | ttlSecondsAfterFinished: 3600 9 | template: 10 | spec: 11 | automountServiceAccountToken: false 12 | restartPolicy: OnFailure 13 | containers: 14 | - name: main 15 | image: docker.io/library/alpine:latest 16 | command: ["/bin/sh", "-c", "cd /config; find . -delete"] 17 | volumeMounts: 18 | - name: config 19 | mountPath: /config 20 | securityContext: 21 | privileged: true 22 | resources: {} 23 | volumes: 24 | - name: config 25 | persistentVolumeClaim: 26 | claimName: ${claim} 27 | -------------------------------------------------------------------------------- /.taskfiles/workstation/Archfile: -------------------------------------------------------------------------------- 1 | age 2 | cloudflared-bin 3 | direnv 4 | flux-bin 5 | go-task 6 | go-yq 7 | helm 8 | helmfile 9 | jq 10 | kubeconform 11 | kubectl-bin 12 | kustomize 13 | minijinja-cli-bin 14 | moreutils 15 | sops 16 | stern-bin 17 | talhelper-bin 18 | talosctl 19 | -------------------------------------------------------------------------------- /.taskfiles/workstation/Brewfile: -------------------------------------------------------------------------------- 1 | tap "fluxcd/tap" 2 | tap "go-task/tap" 3 | tap "siderolabs/tap" 4 | brew "age" 5 | brew "cloudflared" 6 | brew "direnv" 7 | brew "fluxcd/tap/flux" 8 | brew "go-task/tap/go-task" 9 | brew "helm" 10 | brew "helmfile" 11 | brew "jq" 12 | brew "kubeconform" 13 | brew "kubernetes-cli" 14 | brew "kustomize" 15 | brew "minijinja-cli" 16 | brew "moreutils" 17 | brew "siderolabs/tap/talosctl" 18 | brew "sops" 19 | brew "stern" 20 | brew "talhelper" 21 | brew "yq" 22 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "yaml.schemas": { 3 | "Kubernetes": "./kubernetes/*.yaml" 4 | }, 5 | "vs-kubernetes": { 6 | "vs-kubernetes.kubeconfig": "./kubeconfig", 7 | "vs-kubernetes.knownKubeconfigs": ["./kubeconfig"] 8 | }, 9 | "githubPullRequests.remotes": ["origin"], 10 | "git.rebaseWhenSync": true, 11 | "mcp": { 12 | "servers": { 13 | "flux-operator-mcp": { 14 | "command": "/home/linuxbrew/.linuxbrew/bin/flux-operator-mcp", 15 | "args": ["serve"], 16 | "env": { 17 | "KUBECONFIG": "/home/jfroy/Developer/jfroy/flatops/kubeconfig" 18 | } 19 | } 20 | } 21 | }, 22 | "chat.mcp.enabled": true 23 | } 24 | -------------------------------------------------------------------------------- /bootstrap/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # NOTE: This file is not tracked by flux. It is only used for cluster bootstrap. 2 | --- 3 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 4 | apiVersion: kustomize.config.k8s.io/v1beta1 5 | kind: Kustomization 6 | resources: 7 | - ../apps/kyverno/kyverno-policies/app 8 | -------------------------------------------------------------------------------- /kubernetes/apps/1password/1password-cko/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/1password/1password-cko/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app 1password-cko 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/1password/1password-cko/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/1password/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./1password-cko/ks.yaml 8 | components: 9 | - ../../components/common 10 | transformers: 11 | - ./transformers 12 | -------------------------------------------------------------------------------- /kubernetes/apps/1password/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | labels: 7 | pod-security.kubernetes.io/enforce: restricted 8 | -------------------------------------------------------------------------------- /kubernetes/apps/1password/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: 1password 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/issuers/acme.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: ClusterIssuer 4 | metadata: 5 | name: letsencrypt-production 6 | spec: 7 | acme: 8 | server: https://acme-v02.api.letsencrypt.org/directory 9 | privateKeySecretRef: 10 | name: letsencrypt-production 11 | solvers: 12 | - dns01: 13 | cloudflare: 14 | apiTokenSecretRef: 15 | name: cloudflare-api-token 16 | key: api-token 17 | selector: 18 | dnsZones: 19 | - "kantai.xyz" 20 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/issuers/ca.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Issuer 4 | metadata: 5 | name: self-signed 6 | spec: 7 | selfSigned: {} 8 | --- 9 | apiVersion: cert-manager.io/v1 10 | kind: Certificate 11 | metadata: 12 | name: cluster-ca 13 | spec: 14 | isCA: true 15 | commonName: cluster.local 16 | duration: 8760h # 1y 17 | secretName: cluster-ca 18 | privateKey: 19 | algorithm: ECDSA 20 | size: 256 21 | issuerRef: 22 | name: self-signed 23 | kind: Issuer 24 | group: cert-manager.io 25 | --- 26 | apiVersion: cert-manager.io/v1 27 | kind: ClusterIssuer 28 | metadata: 29 | name: cluster-ca 30 | spec: 31 | ca: 32 | secretName: cluster-ca 33 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/issuers/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: cloudflare-api-token 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: cloudflare-api-token 13 | data: 14 | - secretKey: api-token 15 | remoteRef: 16 | key: cloudflare-dns 17 | property: credential 18 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./acme.yaml 7 | - ./ca.yaml 8 | - ./externalsecret.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./cert-manager/ks.yaml 8 | - ./trust-manager/ks.yaml 9 | components: 10 | - ../../components/common 11 | transformers: 12 | - ./transformers 13 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | labels: 7 | pod-security.kubernetes.io/enforce: restricted 8 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: cert-manager 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/trust-manager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/trust-manager/cluster-ca-bundle/bundle.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: trust.cert-manager.io/v1alpha1 3 | kind: Bundle 4 | metadata: 5 | name: cluster-ca.crt 6 | spec: 7 | sources: 8 | - secret: 9 | name: cluster-ca 10 | key: ca.crt 11 | target: 12 | configMap: 13 | key: ca.crt 14 | --- 15 | apiVersion: trust.cert-manager.io/v1alpha1 16 | kind: Bundle 17 | metadata: 18 | name: ca-certificates.crt 19 | spec: 20 | sources: 21 | - secret: 22 | name: cluster-ca 23 | key: ca.crt 24 | target: 25 | configMap: 26 | key: ca-certificates.crt 27 | -------------------------------------------------------------------------------- /kubernetes/apps/cert-manager/trust-manager/cluster-ca-bundle/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./bundle.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/cnpg-system/barman-cloud/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # renovate: datasource=github-releases depName=cloudnative-pg/plugin-barman-cloud 7 | - https://github.com/cloudnative-pg/plugin-barman-cloud/releases/download/v0.4.1/manifest.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/cnpg-system/barman-cloud/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app cnpg-barman-cloud 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/cnpg-system/barman-cloud/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/cnpg-system/cloudnative-pg/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./prometheusrule.yaml 8 | configMapGenerator: 9 | - name: cnpg-grafana-dashboard 10 | files: 11 | - ./resources/cnp.json 12 | options: 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/substitute: disabled 15 | labels: 16 | grafana_dashboard: "1" 17 | generatorOptions: 18 | disableNameSuffixHash: true 19 | -------------------------------------------------------------------------------- /kubernetes/apps/cnpg-system/cloudnative-pg/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app cloudnative-pg 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/cnpg-system/cloudnative-pg/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/cnpg-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./barman-cloud/ks.yaml 8 | - ./cloudnative-pg/ks.yaml 9 | components: 10 | - ../../components/common 11 | transformers: 12 | - ./transformers 13 | -------------------------------------------------------------------------------- /kubernetes/apps/cnpg-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | labels: 7 | pod-security.kubernetes.io/enforce: restricted 8 | -------------------------------------------------------------------------------- /kubernetes/apps/cnpg-system/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: cnpg-system 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cnpg/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app pg17vc 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: cnpg 11 | app.kubernetes.io/instance: pg17vc 12 | dependsOn: 13 | - name: cloudnative-pg 14 | namespace: cnpg-system 15 | path: ./kubernetes/apps/database/cnpg/pg17vc 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | interval: 1h 22 | retryInterval: 2m 23 | timeout: 5m 24 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cnpg/pg17vc/certificate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: pg17vc 6 | spec: 7 | secretName: pg17vc-tls 8 | duration: 2160h # 90d 9 | issuerRef: 10 | name: cluster-ca 11 | kind: ClusterIssuer 12 | group: cert-manager.io 13 | commonName: pg17vc-r.database.svc.cluster.local 14 | dnsNames: 15 | - pg17vc-r.database.svc.cluster.local 16 | - pg17vc-ro.database.svc.cluster.local 17 | - pg17vc-rw.database.svc.cluster.local 18 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cnpg/pg17vc/gatus.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: pg17vc-gatus-ep 6 | labels: 7 | gatus.io/enabled: "true" 8 | data: 9 | config.yaml: | 10 | endpoints: 11 | - name: pg17vc 12 | group: infrastructure 13 | url: tcp://pg17vc-rw.database.svc.cluster.local:5432 14 | interval: 1m 15 | ui: 16 | hide-url: true 17 | hide-hostname: true 18 | conditions: 19 | - "[CONNECTED] == true" 20 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cnpg/pg17vc/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./certificate.yaml 7 | - ./cluster.yaml 8 | - ./cronjob.yaml 9 | - ./externalsecret.yaml 10 | - ./gatus.yaml 11 | - ./objectbucketclaim.yaml 12 | - ./objectstore.yaml 13 | - ./prometheusrule.yaml 14 | - ./scheduledbackup.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cnpg/pg17vc/objectbucketclaim.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: objectbucket.io/v1alpha1 3 | kind: ObjectBucketClaim 4 | metadata: 5 | name: pg17vc-obc 6 | annotations: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | spec: 9 | bucketName: pg17vc 10 | storageClassName: ceph-bucket 11 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cnpg/pg17vc/objectstore.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: barmancloud.cnpg.io/v1 3 | kind: ObjectStore 4 | metadata: 5 | name: pg17vc-local-ceph 6 | spec: 7 | configuration: 8 | data: 9 | compression: bzip2 10 | destinationPath: s3://pg17vc/ 11 | endpointURL: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc.cluster.local:80 12 | s3Credentials: 13 | accessKeyId: 14 | name: pg17vc-obc 15 | key: AWS_ACCESS_KEY_ID 16 | secretAccessKey: 17 | name: pg17vc-obc 18 | key: AWS_SECRET_ACCESS_KEY 19 | wal: 20 | compression: bzip2 21 | maxParallel: 2 22 | retentionPolicy: 30d 23 | -------------------------------------------------------------------------------- /kubernetes/apps/database/cnpg/pg17vc/scheduledbackup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json 3 | apiVersion: postgresql.cnpg.io/v1 4 | kind: ScheduledBackup 5 | metadata: 6 | name: pg17vc 7 | spec: 8 | backupOwnerReference: self 9 | cluster: 10 | name: pg17vc 11 | method: plugin 12 | pluginConfiguration: 13 | name: barman-cloud.cloudnative-pg.io 14 | schedule: "@daily" 15 | -------------------------------------------------------------------------------- /kubernetes/apps/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cnpg/ks.yaml 7 | - ./namespace.yaml 8 | components: 9 | - ../../components/common 10 | transformers: 11 | - ./transformers 12 | -------------------------------------------------------------------------------- /kubernetes/apps/database/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | labels: 7 | pod-security.kubernetes.io/enforce: restricted 8 | -------------------------------------------------------------------------------- /kubernetes/apps/database/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: database 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/default/autobrr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/default/autobrr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app autobrr 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | path: ./kubernetes/apps/default/autobrr/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | interval: 1h 20 | retryInterval: 2m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /kubernetes/apps/default/buildkit/app/ciliumnetworkpolicy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cilium.io/ciliumnetworkpolicy_v2.json 3 | apiVersion: "cilium.io/v2" 4 | kind: CiliumNetworkPolicy 5 | metadata: 6 | name: "buildkit-allow-ingress" 7 | spec: 8 | endpointSelector: 9 | matchExpressions: 10 | - key: app.kubernetes.io/instance 11 | operator: In 12 | values: ["buildkit-amd64", "buildkit-arm64"] 13 | ingress: 14 | - fromEntities: 15 | - "world" 16 | -------------------------------------------------------------------------------- /kubernetes/apps/default/buildkit/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./ciliumnetworkpolicy.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: buildkit-config 10 | files: 11 | - ./configs/buildkitd.toml 12 | options: 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/substitute: disabled 15 | generatorOptions: 16 | disableNameSuffixHash: true 17 | -------------------------------------------------------------------------------- /kubernetes/apps/default/buildkit/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app buildkit 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/default/buildkit/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/default/changedetection/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/default/dashbrr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./rbac.yaml 9 | configMapGenerator: 10 | - name: dashbrr-config 11 | files: 12 | - ./resources/config.toml 13 | options: 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled 16 | generatorOptions: 17 | disableNameSuffixHash: true 18 | -------------------------------------------------------------------------------- /kubernetes/apps/default/dashbrr/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: dashbrr 6 | rules: 7 | - apiGroups: [""] 8 | resources: ["services"] 9 | verbs: ["get", "watch", "list"] 10 | --- 11 | apiVersion: rbac.authorization.k8s.io/v1 12 | kind: ClusterRoleBinding 13 | metadata: 14 | name: dashbrr 15 | roleRef: 16 | kind: ClusterRole 17 | name: dashbrr 18 | apiGroup: rbac.authorization.k8s.io 19 | subjects: 20 | - kind: ServiceAccount 21 | name: dashbrr 22 | namespace: default 23 | -------------------------------------------------------------------------------- /kubernetes/apps/default/dashbrr/app/resources/config.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jfroy/flatops/eb40fd4aac642a995f2dab3ea92cd4470bced141/kubernetes/apps/default/dashbrr/app/resources/config.toml -------------------------------------------------------------------------------- /kubernetes/apps/default/dashbrr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app dashbrr 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | path: ./kubernetes/apps/default/dashbrr/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | interval: 1h 20 | retryInterval: 2m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /kubernetes/apps/default/docker-registry-ui/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/default/docker-registry-ui/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app docker-registry-ui 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | path: ./kubernetes/apps/default/docker-registry-ui/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | interval: 1h 20 | retryInterval: 2m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | APP_SUBDOMAIN: drui 26 | -------------------------------------------------------------------------------- /kubernetes/apps/default/esphome-device-builder/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: esphome-device-builder-secrets 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: esphome-device-builder-secrets 13 | template: 14 | data: 15 | secrets.yaml: |- 16 | wifi_ssid: "{{ .wifi_ssid }}" 17 | wifi_password: "{{ .wifi_password }}" 18 | dataFrom: 19 | - extract: 20 | key: esphome-device-builder 21 | -------------------------------------------------------------------------------- /kubernetes/apps/default/esphome-device-builder/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/default/esphome-device-builder/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app esphome-device-builder 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/volsync 13 | path: ./kubernetes/apps/default/esphome-device-builder/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | interval: 1h 20 | retryInterval: 2m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | VOLSYNC_CAPACITY: 1Gi 26 | -------------------------------------------------------------------------------- /kubernetes/apps/default/glance/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: glance-config 9 | files: 10 | - ./configs/glance.yml 11 | options: 12 | annotations: 13 | kustomize.toolkit.fluxcd.io/substitute: disabled 14 | generatorOptions: 15 | disableNameSuffixHash: true 16 | -------------------------------------------------------------------------------- /kubernetes/apps/default/glance/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app glance 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | path: ./kubernetes/apps/default/glance/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | interval: 1h 20 | retryInterval: 2m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /kubernetes/apps/default/gluetun/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/default/gluetun/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app gluetun-update 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/default/gluetun/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/default/gomft/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/default/gomft/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app gomft 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | - ../../../../components/volsync 14 | path: ./kubernetes/apps/default/gomft/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | namespace: flux-system 20 | interval: 1h 21 | retryInterval: 2m 22 | timeout: 5m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 1Gi 27 | -------------------------------------------------------------------------------- /kubernetes/apps/default/homebox/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/default/homebox/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app homebox 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | - ../../../../components/volsync 14 | path: ./kubernetes/apps/default/homebox/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | namespace: flux-system 20 | interval: 1h 21 | retryInterval: 2m 22 | timeout: 5m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 1Gi 27 | -------------------------------------------------------------------------------- /kubernetes/apps/default/homepage/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | - ./rbac.yaml 9 | configMapGenerator: 10 | - name: homepage-config 11 | files: 12 | - ./resources/bookmarks.yaml 13 | - ./resources/custom.css 14 | - ./resources/custom.js 15 | - ./resources/docker.yaml 16 | - ./resources/kubernetes.yaml 17 | - ./resources/services.yaml 18 | - ./resources/settings.yaml 19 | - ./resources/widgets.yaml 20 | generatorOptions: 21 | disableNameSuffixHash: true 22 | -------------------------------------------------------------------------------- /kubernetes/apps/default/homepage/app/resources/bookmarks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # For configuration options and examples, please see: 3 | # https://gethomepage.dev/latest/configs/bookmarks 4 | 5 | - Developer: 6 | - Github: 7 | - abbr: GH 8 | href: https://github.com/ 9 | 10 | - Social: 11 | - Reddit: 12 | - abbr: RE 13 | href: https://reddit.com/ 14 | 15 | - Entertainment: 16 | - YouTube: 17 | - abbr: YT 18 | href: https://youtube.com/ 19 | -------------------------------------------------------------------------------- /kubernetes/apps/default/homepage/app/resources/custom.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jfroy/flatops/eb40fd4aac642a995f2dab3ea92cd4470bced141/kubernetes/apps/default/homepage/app/resources/custom.css -------------------------------------------------------------------------------- /kubernetes/apps/default/homepage/app/resources/custom.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jfroy/flatops/eb40fd4aac642a995f2dab3ea92cd4470bced141/kubernetes/apps/default/homepage/app/resources/custom.js -------------------------------------------------------------------------------- /kubernetes/apps/default/homepage/app/resources/docker.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # For configuration options and examples, please see: 3 | # https://gethomepage.dev/latest/configs/docker/ 4 | 5 | # my-docker: 6 | # host: 127.0.0.1 7 | # port: 2375 8 | 9 | # my-docker: 10 | # socket: /var/run/docker.sock 11 | -------------------------------------------------------------------------------- /kubernetes/apps/default/homepage/app/resources/kubernetes.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | mode: cluster 3 | ingress: false 4 | gateway: true 5 | -------------------------------------------------------------------------------- /kubernetes/apps/default/homepage/app/resources/settings.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # For configuration options and examples, please see: 3 | # https://gethomepage.dev/latest/configs/settings 4 | 5 | title: 🏠 6 | headerStyle: clean 7 | providers: 8 | finnhub: {{HOMEPAGE_VAR_FINNHUB_API_KEY}} 9 | layout: 10 | Media: 11 | style: row 12 | columns: 2 13 | Arr: 14 | style: row 15 | columns: 3 16 | Infra: 17 | style: row 18 | columns: 3 19 | useEqualHeights: true 20 | -------------------------------------------------------------------------------- /kubernetes/apps/default/homepage/app/resources/widgets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # For configuration options and examples, please see: 3 | # https://gethomepage.dev/latest/configs/service-widgets 4 | 5 | - kubernetes: 6 | cluster: 7 | show: true 8 | cpu: true 9 | memory: true 10 | showLabel: true 11 | label: "kantai" 12 | nodes: 13 | # Shows node-specific statistics 14 | show: false 15 | 16 | - stocks: 17 | provider: finnhub 18 | color: true 19 | cache: 1 20 | watchlist: 21 | - AAPL 22 | - AMD 23 | - GOOG 24 | - MSFT 25 | - NVDA 26 | - TSM 27 | - UI 28 | 29 | - search: 30 | provider: google 31 | target: _blank 32 | -------------------------------------------------------------------------------- /kubernetes/apps/default/homepage/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app homepage 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | path: ./kubernetes/apps/default/homepage/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | interval: 1h 20 | retryInterval: 2m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /kubernetes/apps/default/immich/app/certificate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: immich-df 6 | spec: 7 | secretName: immich-df-tls 8 | duration: 2160h # 90d 9 | renewBefore: 360h # 15d 10 | subject: 11 | organizations: 12 | - immich-df 13 | issuerRef: 14 | name: cluster-ca 15 | kind: ClusterIssuer 16 | group: cert-manager.io 17 | commonName: immich-df.default.svc.cluster.local 18 | dnsNames: 19 | - immich-df.default.svc.cluster.local 20 | -------------------------------------------------------------------------------- /kubernetes/apps/default/immich/app/immich.sql: -------------------------------------------------------------------------------- 1 | BEGIN; 2 | ALTER DATABASE immich OWNER TO immich; 3 | CREATE EXTENSION vchord CASCADE; 4 | CREATE EXTENSION earthdistance CASCADE; 5 | COMMIT; 6 | -------------------------------------------------------------------------------- /kubernetes/apps/default/immich/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./certificate.yaml 7 | - ./dragonfly.yaml 8 | - ./externalsecret.yaml 9 | - ./helmrelease.yaml 10 | - ./pvc.yaml 11 | configMapGenerator: 12 | - name: immich-initdb 13 | files: 14 | - ./immich.sql 15 | generatorOptions: 16 | disableNameSuffixHash: true 17 | -------------------------------------------------------------------------------- /kubernetes/apps/default/immich/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: photos 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 160Ti 12 | storageClassName: "" 13 | volumeMode: Filesystem 14 | volumeName: photos 15 | -------------------------------------------------------------------------------- /kubernetes/apps/default/immich/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app immich 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | path: ./kubernetes/apps/default/immich/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | interval: 1h 20 | retryInterval: 2m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | APP_SUBDOMAIN: photos 26 | -------------------------------------------------------------------------------- /kubernetes/apps/default/jellyfin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/default/jellyfin/app/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/cilium.io/ciliumnetworkpolicy_v2.json 3 | apiVersion: "cilium.io/v2" 4 | kind: CiliumNetworkPolicy 5 | metadata: 6 | name: "jellyfin" 7 | spec: 8 | endpointSelector: 9 | matchLabels: 10 | app.kubernetes.io/name: jellyfin 11 | ingress: 12 | - fromEntities: 13 | - cluster 14 | toPorts: 15 | - ports: 16 | - port: "8096" 17 | protocol: TCP 18 | - fromEntities: 19 | - world 20 | toPorts: 21 | - ports: 22 | - port: "8096" 23 | protocol: TCP 24 | rules: 25 | http: 26 | - path: "^/(?!metrics).*" 27 | -------------------------------------------------------------------------------- /kubernetes/apps/default/jellyfin/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app jellyfin 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | - ../../../../components/volsync 14 | path: ./kubernetes/apps/default/jellyfin/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | namespace: flux-system 20 | interval: 1h 21 | retryInterval: 2m 22 | timeout: 5m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 200Gi 27 | -------------------------------------------------------------------------------- /kubernetes/apps/default/maybe/app/certificate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: maybe-df 6 | spec: 7 | secretName: maybe-df-tls 8 | duration: 2160h # 90d 9 | renewBefore: 360h # 15d 10 | subject: 11 | organizations: 12 | - maybe-df 13 | issuerRef: 14 | name: cluster-ca 15 | kind: ClusterIssuer 16 | group: cert-manager.io 17 | commonName: maybe-df.default.svc.cluster.local 18 | dnsNames: 19 | - maybe-df.default.svc.cluster.local 20 | -------------------------------------------------------------------------------- /kubernetes/apps/default/maybe/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./certificate.yaml 7 | - ./dragonfly.yaml 8 | - ./externalsecret.yaml 9 | - ./helmrelease.yaml 10 | - ./podmonitor.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/default/maybe/app/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: maybe-df 6 | spec: 7 | selector: 8 | matchLabels: 9 | app.kubernetes.io/instance: maybe-df 10 | app.kubernetes.io/name: dragonfly 11 | podMetricsEndpoints: 12 | - port: admin 13 | -------------------------------------------------------------------------------- /kubernetes/apps/default/maybe/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app maybe 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | - ../../../../components/volsync 14 | path: ./kubernetes/apps/default/maybe/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | namespace: flux-system 20 | interval: 1h 21 | retryInterval: 2m 22 | timeout: 5m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 1Gi 27 | -------------------------------------------------------------------------------- /kubernetes/apps/default/media-smb/kantai1/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: media-smb-kantai1 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: media-smb-kantai1 13 | template: 14 | type: kubernetes.io/basic-auth 15 | dataFrom: 16 | - extract: 17 | key: smb:media-owner 18 | -------------------------------------------------------------------------------- /kubernetes/apps/default/media-smb/kantai1/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./pv.yaml 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/default/media-smb/kantai1/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: default-media-smb-kantai1 6 | spec: 7 | accessModes: 8 | - ReadWriteMany 9 | resources: 10 | requests: 11 | storage: 160Ti 12 | volumeName: default-media-smb-kantai1 13 | storageClassName: "" 14 | -------------------------------------------------------------------------------- /kubernetes/apps/default/media-smb/media1/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: media-smb-media1 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: media-smb-media1 13 | template: 14 | type: kubernetes.io/basic-auth 15 | dataFrom: 16 | - extract: 17 | key: smb:media-owner 18 | -------------------------------------------------------------------------------- /kubernetes/apps/default/media-smb/media1/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./pv.yaml 8 | - ./pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/default/media-smb/media1/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: media-smb-media1 6 | spec: 7 | accessModes: 8 | - ReadWriteMany 9 | resources: 10 | requests: 11 | storage: 50Ti 12 | volumeName: default-media-smb-media1 13 | storageClassName: "" 14 | -------------------------------------------------------------------------------- /kubernetes/apps/default/minio/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: minio-root 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: minio-root 13 | dataFrom: 14 | - extract: 15 | key: minio-root 16 | -------------------------------------------------------------------------------- /kubernetes/apps/default/minio/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/default/minio/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app minio 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/default/minio/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/default/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | -------------------------------------------------------------------------------- /kubernetes/apps/default/octoeverywhere-bambu-connect/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: octoeverywhere-bambu-connect 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: octoeverywhere-bambu-connect 13 | dataFrom: 14 | - extract: 15 | key: octoeverywhere-bambu-connect 16 | -------------------------------------------------------------------------------- /kubernetes/apps/default/octoeverywhere-bambu-connect/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/default/pgadmin/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: pgadmin 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: pgadmin-secret 13 | data: 14 | - secretKey: PGADMIN_DEFAULT_EMAIL 15 | remoteRef: 16 | key: pgadmin 17 | property: username 18 | - secretKey: PGADMIN_DEFAULT_PASSWORD 19 | remoteRef: 20 | key: pgadmin 21 | property: password 22 | -------------------------------------------------------------------------------- /kubernetes/apps/default/pgadmin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/default/pgadmin/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app pgadmin 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | - ../../../../components/volsync 14 | path: ./kubernetes/apps/default/pgadmin/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | namespace: flux-system 20 | interval: 1h 21 | retryInterval: 2m 22 | timeout: 5m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 100Mi 27 | -------------------------------------------------------------------------------- /kubernetes/apps/default/plex/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: plex-claim 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: plex-claim 13 | data: 14 | - secretKey: PLEX_CLAIM_TOKEN 15 | remoteRef: 16 | key: plex-claim 17 | property: credential 18 | -------------------------------------------------------------------------------- /kubernetes/apps/default/plex/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./networkpolicy.yaml 9 | - ./pvc.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/default/plex/app/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/cilium.io/ciliumnetworkpolicy_v2.json 3 | apiVersion: "cilium.io/v2" 4 | kind: CiliumNetworkPolicy 5 | metadata: 6 | name: "plex-allow-ingress" 7 | spec: 8 | endpointSelector: 9 | matchLabels: 10 | app.kubernetes.io/name: plex 11 | ingress: 12 | - fromEntities: 13 | - "world" 14 | -------------------------------------------------------------------------------- /kubernetes/apps/default/plex/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: plex-local 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 200Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/apps/default/plex/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app plex 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | - ../../../../components/volsync 14 | path: ./kubernetes/apps/default/plex/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | namespace: flux-system 20 | interval: 1h 21 | retryInterval: 2m 22 | timeout: 5m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 50Gi 27 | -------------------------------------------------------------------------------- /kubernetes/apps/default/pocket-id/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/default/prowlarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/default/prowlarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app prowlarr 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | path: ./kubernetes/apps/default/prowlarr/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | interval: 1h 20 | retryInterval: 2m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /kubernetes/apps/default/qbittorrent/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./networkpolicy.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/default/qbittorrent/app/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cilium.io/v2 2 | kind: CiliumNetworkPolicy 3 | metadata: 4 | name: qbittorrent-allow-gluetun 5 | annotations: 6 | future-me-why: allow ingress and egress to gluetun endpoints; also puts pod in deny-by-default mode for egress 7 | spec: 8 | endpointSelector: 9 | matchLabels: 10 | app.kubernetes.io/instance: qbittorrent 11 | egress: 12 | - toPorts: 13 | - ports: 14 | - port: "1637" 15 | protocol: UDP 16 | ingress: 17 | - toPorts: 18 | - ports: 19 | - port: "1637" 20 | protocol: UDP 21 | -------------------------------------------------------------------------------- /kubernetes/apps/default/radarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/default/radarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app radarr 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | - ../../../../components/volsync 14 | path: ./kubernetes/apps/default/radarr/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | namespace: flux-system 20 | interval: 1h 21 | retryInterval: 2m 22 | timeout: 5m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 10Gi 27 | -------------------------------------------------------------------------------- /kubernetes/apps/default/recyclarr/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: recyclarr 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: recyclarr-secret 13 | data: 14 | - secretKey: RADARR_API_KEY 15 | remoteRef: 16 | key: radarr 17 | property: API_KEY 18 | - secretKey: SONARR_API_KEY 19 | remoteRef: 20 | key: sonarr 21 | property: API_KEY 22 | -------------------------------------------------------------------------------- /kubernetes/apps/default/recyclarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: recyclarr-configmap 10 | files: 11 | - recyclarr.yml=./resources/recyclarr.yml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/apps/default/recyclarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app recyclarr 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | - ../../../../components/volsync 14 | path: ./kubernetes/apps/default/recyclarr/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | namespace: flux-system 20 | interval: 1h 21 | retryInterval: 2m 22 | timeout: 5m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 1Gi 27 | -------------------------------------------------------------------------------- /kubernetes/apps/default/registry/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: registry-config 9 | files: 10 | - ./resources/config.yml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /kubernetes/apps/default/sabnzbd/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./networkpolicy.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/default/sabnzbd/app/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cilium.io/v2 2 | kind: CiliumNetworkPolicy 3 | metadata: 4 | name: sabnzbd-allow-gluetun 5 | annotations: 6 | future-me-why: allow ingress and egress to gluetun endpoints; also puts pod in deny-by-default mode for egress 7 | spec: 8 | endpointSelector: 9 | matchLabels: 10 | app.kubernetes.io/instance: sabnzbd 11 | egress: 12 | - toPorts: 13 | - ports: 14 | - port: "1637" 15 | protocol: UDP 16 | ingress: 17 | - toPorts: 18 | - ports: 19 | - port: "1637" 20 | protocol: UDP 21 | -------------------------------------------------------------------------------- /kubernetes/apps/default/sonarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: sonarr-configmap 10 | files: 11 | - pushover-notify.sh=./resources/pushover-notify.sh 12 | - refresh-series.sh=./resources/refresh-series.sh 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | annotations: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled 17 | -------------------------------------------------------------------------------- /kubernetes/apps/default/sonarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app sonarr 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | - ../../../../components/volsync 14 | path: ./kubernetes/apps/default/sonarr/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | namespace: flux-system 20 | interval: 1h 21 | retryInterval: 2m 22 | timeout: 5m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 1Gi 27 | -------------------------------------------------------------------------------- /kubernetes/apps/default/spoolman/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/default/spoolman/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app spoolman 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | - ../../../../components/volsync 14 | path: ./kubernetes/apps/default/spoolman/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | namespace: flux-system 20 | interval: 1h 21 | retryInterval: 2m 22 | timeout: 5m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 1Gi 27 | -------------------------------------------------------------------------------- /kubernetes/apps/default/stash/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: nams-license 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: nams-license 13 | dataFrom: 14 | - extract: 15 | key: nams-license 16 | -------------------------------------------------------------------------------- /kubernetes/apps/default/stash/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./externalsecret.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/default/stash/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app stash 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | - ../../../../components/volsync 14 | path: ./kubernetes/apps/default/stash/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | namespace: flux-system 20 | interval: 1h 21 | retryInterval: 2m 22 | timeout: 5m 23 | postBuild: 24 | substitute: 25 | APP: *app 26 | VOLSYNC_CAPACITY: 2Gi 27 | -------------------------------------------------------------------------------- /kubernetes/apps/default/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: default 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/dragonfly-operator-system/dragonfly-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/dragonfly-operator-system/dragonfly-operator/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app dragonfly-operator 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/dragonfly-operator-system/dragonfly-operator/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/dragonfly-operator-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./dragonfly-operator/ks.yaml 7 | - ./namespace.yaml 8 | components: 9 | - ../../components/common 10 | transformers: 11 | - ./transformers 12 | -------------------------------------------------------------------------------- /kubernetes/apps/dragonfly-operator-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | labels: 7 | pod-security.kubernetes.io/enforce: restricted 8 | -------------------------------------------------------------------------------- /kubernetes/apps/dragonfly-operator-system/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: dragonfly-operator-system 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/external-secrets/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/external-secrets/stores/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./onepassword 7 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/external-secrets/stores/onepassword/clustersecretstore.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/clustersecretstore_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ClusterSecretStore 5 | metadata: 6 | name: onepassword 7 | spec: 8 | provider: 9 | onepassword: 10 | connectHost: http://onepassword-connect.1password.svc:8080 11 | vaults: 12 | kantai: 1 13 | auth: 14 | secretRef: 15 | connectTokenSecretRef: 16 | name: onepassword-connect-secret 17 | key: token 18 | namespace: external-secrets 19 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/external-secrets/stores/onepassword/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./clustersecretstore.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./external-secrets/ks.yaml 8 | components: 9 | - ../../components/common 10 | transformers: 11 | - ./transformers 12 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | labels: 7 | pod-security.kubernetes.io/enforce: restricted 8 | pod-security.kubernetes.io/enforce-version: latest 9 | -------------------------------------------------------------------------------- /kubernetes/apps/external-secrets/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: external-secrets 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/instance/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app flux-instance 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/flux-system/instance/ks 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/instance/ks/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: github-webhook-token 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: github-webhook-token-secret 13 | template: 14 | engineVersion: v2 15 | data: 16 | token: "{{ .FLUX_GITHUB_WEBHOOK_TOKEN }}" 17 | dataFrom: 18 | - extract: 19 | key: flux 20 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/instance/ks/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: HTTPRoute 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: github-webhook 7 | app.kubernetes.io/part-of: flux 8 | name: github-webhook 9 | spec: 10 | hostnames: 11 | - flux-webhook.kantai.xyz 12 | parentRefs: 13 | - group: gateway.networking.k8s.io 14 | kind: Gateway 15 | name: external 16 | namespace: kube-system 17 | sectionName: https 18 | rules: 19 | - backendRefs: 20 | - name: webhook-receiver 21 | port: 80 22 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/instance/ks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./alert.yaml 7 | - ./externalsecret.yaml 8 | - ./httproute.yaml 9 | - ./instance.yaml 10 | - ./ocirepository.yaml 11 | - ./podmonitor.yaml 12 | - ./prometheusrule.yaml 13 | - ./receiver.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/instance/ks/ocirepository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: app-template 7 | spec: 8 | interval: 5m 9 | layerSelector: 10 | mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip 11 | operation: copy 12 | ref: 13 | tag: 4.0.1 14 | url: oci://ghcr.io/bjw-s-labs/helm/app-template 15 | verify: 16 | provider: cosign 17 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/instance/ks/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/podmonitor_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PodMonitor 5 | metadata: 6 | name: flux 7 | labels: 8 | app.kubernetes.io/instance: flux 9 | app.kubernetes.io/name: flux 10 | spec: 11 | podMetricsEndpoints: 12 | - honorLabels: true 13 | interval: 60s 14 | path: /metrics 15 | port: http-prom 16 | scheme: http 17 | scrapeTimeout: 30s 18 | jobLabel: app.kubernetes.io/instance 19 | namespaceSelector: 20 | matchNames: 21 | - flux-system 22 | selector: 23 | matchLabels: 24 | app.kubernetes.io/instance: flux 25 | app.kubernetes.io/name: flux 26 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/instance/ks/receiver.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/refs/heads/main/receiver-notification-v1.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1 4 | kind: Receiver 5 | metadata: 6 | name: github-webhook 7 | spec: 8 | type: github 9 | events: ["ping", "push"] 10 | secretRef: 11 | name: github-webhook-token-secret 12 | resources: 13 | - apiVersion: source.toolkit.fluxcd.io/v1 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | - apiVersion: kustomize.toolkit.fluxcd.io/v1 18 | kind: Kustomization 19 | name: flux-system 20 | namespace: flux-system 21 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./instance/ks.yaml 7 | - ./namespace.yaml 8 | - ./operator/ks.yaml 9 | components: 10 | - ../../components/common 11 | transformers: 12 | - ./transformers 13 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/operator/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app flux-operator 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/flux-system/operator/ks 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | wait: false 18 | interval: 1h 19 | retryInterval: 2m 20 | timeout: 5m 21 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/operator/ks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./ocirepository.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/operator/ks/ocirepository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: flux-operator 7 | spec: 8 | interval: 2h 9 | url: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator 10 | ref: 11 | tag: 0.21.0 12 | -------------------------------------------------------------------------------- /kubernetes/apps/flux-system/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/gpu-operator/gpu-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: better-dcgm-dashboard 9 | files: 10 | - ./resources/better-dcgm-dashboard.json 11 | options: 12 | annotations: 13 | kustomize.toolkit.fluxcd.io/substitute: disabled 14 | labels: 15 | grafana_dashboard: "1" 16 | - name: time-slicing-config-all 17 | files: 18 | - any=./resources/time-slicing-config-all.yaml 19 | generatorOptions: 20 | disableNameSuffixHash: true 21 | -------------------------------------------------------------------------------- /kubernetes/apps/gpu-operator/gpu-operator/app/resources/time-slicing-config-all.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | version: v1 3 | flags: 4 | migStrategy: none 5 | sharing: 6 | timeSlicing: 7 | renameByDefault: false 8 | failRequestsGreaterThanOne: false 9 | resources: 10 | - name: nvidia.com/gpu 11 | replicas: 8 12 | -------------------------------------------------------------------------------- /kubernetes/apps/gpu-operator/gpu-operator/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app gpu-operator 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/gpu-operator/gpu-operator/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/gpu-operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./gpu-operator/ks.yaml 8 | components: 9 | - ../../components/common 10 | transformers: 11 | - ./transformers 12 | -------------------------------------------------------------------------------- /kubernetes/apps/gpu-operator/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | -------------------------------------------------------------------------------- /kubernetes/apps/gpu-operator/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: gpu-operator 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/ingress-certificates/ingress-certificates/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./production.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/ingress-certificates/ingress-certificates/app/production.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: "xyz-kantai-production" 6 | spec: 7 | secretName: "xyz-kantai-production-tls" 8 | issuerRef: 9 | name: letsencrypt-production 10 | kind: ClusterIssuer 11 | group: cert-manager.io 12 | commonName: "kantai.xyz" 13 | dnsNames: 14 | - "kantai.xyz" 15 | - "*.kantai.xyz" 16 | --- 17 | apiVersion: gateway.networking.k8s.io/v1beta1 18 | kind: ReferenceGrant 19 | metadata: 20 | name: "xyz-kantai-production" 21 | spec: 22 | from: 23 | - group: gateway.networking.k8s.io 24 | kind: Gateway 25 | namespace: kube-system 26 | to: 27 | - group: "" 28 | kind: Secret 29 | name: "xyz-kantai-production-tls" 30 | -------------------------------------------------------------------------------- /kubernetes/apps/ingress-certificates/ingress-certificates/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app ingress-certificates 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/ingress-certificates/ingress-certificates/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/ingress-certificates/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./ingress-certificates/ks.yaml 8 | components: 9 | - ../../components/common 10 | transformers: 11 | - ./transformers 12 | -------------------------------------------------------------------------------- /kubernetes/apps/ingress-certificates/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | labels: 7 | pod-security.kubernetes.io/enforce: restricted 8 | -------------------------------------------------------------------------------- /kubernetes/apps/ingress-certificates/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: ingress-certificates 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-guardian/kube-guardian/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-guardian/kube-guardian/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app kube-guardian 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/kube-guardian/kube-guardian/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-guardian/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | # TODO(jfroy): https://github.com/xentra-ai/kube-guardian/issues/284 8 | # - ./kube-guardian/ks.yaml 9 | components: 10 | - ../../components/common 11 | transformers: 12 | - ./transformers 13 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-guardian/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-guardian/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-guardian 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: cilium-helm-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/bgpadvertisement.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cilium.io/v2alpha1 3 | kind: CiliumBGPAdvertisement 4 | metadata: 5 | name: lb-services 6 | labels: 7 | advertise: bgp 8 | spec: 9 | advertisements: 10 | - advertisementType: "Service" 11 | service: 12 | addresses: 13 | - LoadBalancerIP 14 | selector: 15 | matchExpressions: 16 | - { key: somekey, operator: NotIn, values: ["never-used-value"] } 17 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/bgpclusterconfig.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cilium.io/v2alpha1 2 | kind: CiliumBGPClusterConfig 3 | metadata: 4 | name: cilium-bgp 5 | spec: 6 | nodeSelector: 7 | matchLabels: 8 | kubernetes.io/os: linux 9 | kubernetes.io/arch: amd64 10 | bgpInstances: 11 | - name: instance-64600 12 | localASN: 64600 13 | peers: 14 | - name: peer-64700-udmp-v4 15 | peerASN: 64700 16 | peerAddress: 10.1.0.1 17 | peerConfigRef: 18 | name: cilium-peer-v4 19 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/bgppeerconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cilium.io/v2alpha1 3 | kind: CiliumBGPPeerConfig 4 | metadata: 5 | name: cilium-peer-v4 6 | spec: 7 | timers: 8 | connectRetryTimeSeconds: 12 9 | holdTimeSeconds: 9 10 | keepAliveTimeSeconds: 3 11 | gracefulRestart: 12 | enabled: true 13 | restartTimeSeconds: 15 14 | families: 15 | - afi: ipv4 16 | safi: unicast 17 | advertisements: 18 | matchExpressions: 19 | - { key: advertise, operator: In, values: ["bgp", "bgpv4"] } 20 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: HTTPRoute 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: hubble-ui 7 | app.kubernetes.io/part-of: cilium 8 | name: hubble-ui 9 | spec: 10 | hostnames: 11 | - hubble.kantai.xyz 12 | parentRefs: 13 | - group: gateway.networking.k8s.io 14 | kind: Gateway 15 | name: internal 16 | sectionName: https 17 | rules: 18 | - backendRefs: 19 | - name: hubble-ui 20 | port: 80 21 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./bgpadvertisement.yaml 7 | - ./bgpclusterconfig.yaml 8 | - ./bgppeerconfig.yaml 9 | - ./clusterwidenetworkpolicy.yaml 10 | - ./gateway.yaml 11 | - ./httproute.yaml 12 | - ./loadbalancerippool.yaml 13 | - ./service.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/loadbalancerippool.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cilium.io/v2alpha1 3 | kind: CiliumLoadBalancerIPPool 4 | metadata: 5 | name: default 6 | spec: 7 | blocks: 8 | - start: 10.10.0.2 9 | stop: 10.10.255.254 10 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/cilium/config/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | annotations: 6 | lbipam.cilium.io/ips: 10.10.10.10 7 | name: external-kube-apiserver 8 | spec: 9 | externalTrafficPolicy: Local 10 | type: LoadBalancer 11 | loadBalancerClass: io.cilium/bgp-control-plane 12 | selector: 13 | k8s-app: kube-apiserver 14 | tier: control-plane 15 | ports: 16 | - name: https 17 | port: 6443 18 | protocol: TCP 19 | targetPort: 6443 20 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: coredns-helm-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/coredns/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app coredns 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/kube-system/coredns/app 12 | prune: false # don't GC coredns to avoid unwanted DR 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/csi-driver-smb/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/csi-driver-smb/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app csi-driver-smb 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/kube-system/csi-driver-smb/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/descheduler/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/descheduler/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app descheduler 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/kube-system/descheduler/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/gateway-crd/experimental/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/experimental-install.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/gateway-crd/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app gateway-crd 7 | spec: 8 | path: ./kubernetes/apps/kube-system/gateway-crd/experimental 9 | prune: false # don't GC CRDs 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | namespace: flux-system 14 | interval: 1h 15 | retryInterval: 2m 16 | timeout: 5m 17 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/gateway-crd/standard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/standard-install.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/generic-device-plugin/app/configs/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | log-level: info 3 | domain: kernel.org 4 | devices: 5 | - name: tun 6 | groups: 7 | - count: 1000 8 | paths: 9 | - path: /dev/net/tun 10 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/generic-device-plugin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: generic-device-plugin-configmap 9 | files: 10 | - ./configs/config.yaml 11 | generatorOptions: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/generic-device-plugin/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app generic-device-plugin 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/kube-system/generic-device-plugin/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/k8s-digester/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - https://github.com/google/k8s-digester/releases/download/v0.1.15/digester_manifest.yaml 7 | patches: 8 | - patch: |- 9 | - op: replace 10 | path: /spec/replicas 11 | value: 1 12 | target: 13 | group: apps 14 | version: v1 15 | kind: Deployment 16 | name: digester-controller-manager 17 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/k8s-digester/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app k8s-digester 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/kube-system/k8s-digester/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | providerRegex: ^(kantai\d+)$ 3 | bypassDnsResolution: true 4 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: kubelet-csr-approver-helm-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app kubelet-csr-approver 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/kube-system/kubelet-csr-approver/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | # -- 8 | - ./cilium/ks.yaml 9 | - ./coredns/ks.yaml 10 | - ./csi-driver-smb/ks.yaml 11 | - ./descheduler/ks.yaml 12 | - ./gateway-crd/ks.yaml 13 | - ./generic-device-plugin/ks.yaml 14 | # - ./k8s-digester/ks.yaml 15 | - ./kubelet-csr-approver/ks.yaml 16 | - ./metrics-server/ks.yaml 17 | - ./multus/ks.yaml 18 | - ./node-feature-discovery/ks.yaml 19 | - ./reloader/ks.yaml 20 | - ./snapshot-controller/ks.yaml 21 | - ./spegel/ks.yaml 22 | components: 23 | - ../../components/common 24 | transformers: 25 | - ./transformers 26 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/metrics-server/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app metrics-server 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/kube-system/metrics-server/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/multus/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./crds.yaml 7 | - ./helmrelease.yaml 8 | - ./rbac.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/multus/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: multus 6 | rules: 7 | - apiGroups: ["k8s.cni.cncf.io"] 8 | resources: ["*"] 9 | verbs: ["*"] 10 | - apiGroups: [""] 11 | resources: ["pods", "pods/status"] 12 | verbs: ["get", "update"] 13 | - apiGroups: ["", "events.k8s.io"] 14 | resources: ["events"] 15 | verbs: ["create", "patch", "update"] 16 | --- 17 | apiVersion: rbac.authorization.k8s.io/v1 18 | kind: ClusterRoleBinding 19 | metadata: 20 | name: multus 21 | roleRef: 22 | kind: ClusterRole 23 | name: multus 24 | apiGroup: rbac.authorization.k8s.io 25 | subjects: 26 | - kind: ServiceAccount 27 | name: multus 28 | namespace: kube-system 29 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/multus/networks/default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: k8s.cni.cncf.io/v1 3 | kind: NetworkAttachmentDefinition 4 | metadata: 5 | name: multus-default 6 | spec: 7 | config: |- 8 | { 9 | "cniVersion": "0.3.1", 10 | "name": "multus-default", 11 | "plugins": [ 12 | { 13 | "type": "macvlan", 14 | "capabilities": { "ips": true }, 15 | "mode": "bridge", 16 | "ipam": { 17 | "type": "static", 18 | "routes": [ 19 | {"dst": "0.0.0.0/0", "gw": "10.1.0.1"} 20 | ] 21 | } 22 | }, 23 | { 24 | "type": "sbr" 25 | } 26 | ] 27 | } 28 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/multus/networks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./default.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/node-feature-discovery/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app node-feature-discovery 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/kube-system/node-feature-discovery/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/reloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/reloader/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app reloader 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/kube-system/reloader/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/snapshot-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/snapshot-controller/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app snapshot-controller 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | dependsOn: 12 | - name: cert-manager 13 | namespace: cert-manager 14 | path: ./kubernetes/apps/kube-system/snapshot-controller/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | namespace: flux-system 20 | interval: 1h 21 | retryInterval: 2m 22 | timeout: 5m 23 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/app/helm-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | spegel: 3 | containerdRegistryConfigPath: /etc/cri/conf.d/hosts 4 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: spegel-helm-values 9 | files: 10 | - values.yaml=./helm-values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/spegel/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app spegel 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/kube-system/spegel/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/kube-system/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/app/configs/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | originRequest: 3 | originServerName: "external.kantai.xyz" 4 | 5 | ingress: 6 | - hostname: "kantai.xyz" 7 | service: https://cilium-gateway-external.kube-system.svc.cluster.local:443 8 | - hostname: "*.kantai.xyz" 9 | service: https://cilium-gateway-external.kube-system.svc.cluster.local:443 10 | - service: http_status:404 11 | -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/app/dnsendpoint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: externaldns.k8s.io/v1alpha1 3 | kind: DNSEndpoint 4 | metadata: 5 | name: cloudflared 6 | spec: 7 | endpoints: 8 | - dnsName: "external.kantai.xyz" 9 | recordType: CNAME 10 | targets: ["${TUNNEL_ID}.cfargotunnel.com"] 11 | -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./dnsendpoint.yaml 7 | - ./helmrelease.yaml 8 | configMapGenerator: 9 | - name: cloudflared-configmap 10 | files: 11 | - ./configs/config.yaml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: cloudflared 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: cloudflared-secret 13 | dataFrom: 14 | - extract: 15 | key: cloudflared 16 | -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app cloudflared 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/network/cloudflared/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | postBuild: 21 | substituteFrom: 22 | - kind: Secret 23 | name: cloudflared-secret 24 | -------------------------------------------------------------------------------- /kubernetes/apps/network/cloudflared/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./ks.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/network/echo/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/network/echo/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app echo 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/external 13 | path: ./kubernetes/apps/network/echo/app 14 | postBuild: 15 | substitute: 16 | APP: *app 17 | prune: true 18 | sourceRef: 19 | kind: GitRepository 20 | name: flux-system 21 | namespace: flux-system 22 | interval: 1h 23 | retryInterval: 2m 24 | timeout: 5m 25 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns/cloudflare/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: external-dns-cloudflare-secret 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: external-dns-cloudflare-secret 13 | data: 14 | - secretKey: api-token 15 | remoteRef: 16 | key: cloudflare-dns 17 | property: credential 18 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns/cloudflare/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns/common/ocirepository.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: external-dns 7 | spec: 8 | interval: 5m 9 | layerSelector: 10 | mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip 11 | operation: copy 12 | ref: 13 | tag: 1.16.1 14 | url: oci://ghcr.io/home-operations/charts-mirror/external-dns 15 | verify: 16 | provider: cosign 17 | matchOIDCIdentity: 18 | - issuer: "^https://token.actions.githubusercontent.com$" 19 | subject: "^https://github.com/home-operations/charts-mirror.*$" 20 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns/unifi/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: external-dns-unifi 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: external-dns-unifi 13 | data: 14 | - secretKey: UNIFI_API_KEY 15 | remoteRef: 16 | key: unifi 17 | property: credential 18 | -------------------------------------------------------------------------------- /kubernetes/apps/network/external-dns/unifi/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/network/k8s-gateway/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/network/k8s-gateway/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app k8s-gateway 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/network/k8s-gateway/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/network/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./cloudflared 8 | - ./echo/ks.yaml 9 | - ./external-dns/ks.yaml 10 | # - ./k8s-gateway/ks.yaml 11 | # - ./oauth2-proxy/ks.yaml 12 | - ./openspeedtest/ks.yaml 13 | components: 14 | - ../../components/common 15 | transformers: 16 | - ./transformers 17 | -------------------------------------------------------------------------------- /kubernetes/apps/network/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | -------------------------------------------------------------------------------- /kubernetes/apps/network/oauth2-proxy/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: oauth2-proxy-oidc 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: oauth2-proxy-oidc 13 | dataFrom: 14 | - extract: 15 | key: oauth2-proxy-oidc 16 | -------------------------------------------------------------------------------- /kubernetes/apps/network/oauth2-proxy/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/network/oauth2-proxy/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app oauth2-proxy 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | components: 12 | - ../../../../components/gatus/guarded 13 | path: ./kubernetes/apps/network/oauth2-proxy/app 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | interval: 1h 20 | retryInterval: 2m 21 | timeout: 5m 22 | postBuild: 23 | substitute: 24 | APP: *app 25 | -------------------------------------------------------------------------------- /kubernetes/apps/network/openspeedtest/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/network/openspeedtest/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app openspeedtest 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/network/openspeedtest/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | postBuild: 21 | substitute: 22 | APP: *app 23 | -------------------------------------------------------------------------------- /kubernetes/apps/network/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/observability-agents/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | # -- 8 | - ./node-exporter/ks.yaml 9 | - ./smartctl-exporter/ks.yaml 10 | - ./telegraf-zfs/ks.yaml 11 | components: 12 | - ../../components/common 13 | transformers: 14 | - ./transformers 15 | -------------------------------------------------------------------------------- /kubernetes/apps/observability-agents/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | -------------------------------------------------------------------------------- /kubernetes/apps/observability-agents/node-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/observability-agents/node-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app node-exporter 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/observability-agents/node-exporter/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/observability-agents/smartctl-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./prometheusrule.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/observability-agents/smartctl-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app smartctl-exporter 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/observability-agents/smartctl-exporter/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/observability-agents/telegraf-zfs/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: telegraf 9 | files: 10 | - ./configs/telegraf.conf 11 | options: 12 | annotations: 13 | kustomize.toolkit.fluxcd.io/substitute: disabled 14 | generatorOptions: 15 | disableNameSuffixHash: true 16 | -------------------------------------------------------------------------------- /kubernetes/apps/observability-agents/telegraf-zfs/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app telegraf-zfs 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/observability-agents/telegraf-zfs/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/observability-agents/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: observability-agents 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/alloy/alloy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | configMapGenerator: 8 | - name: alloy-config 9 | files: 10 | - ./resources/config.alloy 11 | options: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/alloy/events/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | configMapGenerator: 8 | - name: alloy-events-config 9 | files: 10 | - ./resources/config.alloy 11 | options: 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/blackbox-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - probe.yaml 8 | configMapGenerator: 9 | - name: bbe-dashboards 10 | files: 11 | - ./dashboards/icmp.json 12 | options: 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/substitute: disabled 15 | labels: 16 | grafana_dashboard: "1" 17 | generatorOptions: 18 | disableNameSuffixHash: true 19 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/blackbox-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app blackbox-exporter 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/observability/blackbox-exporter/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/dozzle/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - rbac.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/dozzle/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: dozzle 6 | rules: 7 | - apiGroups: [""] 8 | resources: ["pods", "pods/log", "nodes"] 9 | verbs: ["get", "list", "watch"] 10 | - apiGroups: ["metrics.k8s.io"] 11 | resources: ["pods"] 12 | verbs: ["get", "list"] 13 | --- 14 | apiVersion: rbac.authorization.k8s.io/v1 15 | kind: ClusterRoleBinding 16 | metadata: 17 | name: dozzle 18 | roleRef: 19 | kind: ClusterRole 20 | name: dozzle 21 | apiGroup: rbac.authorization.k8s.io 22 | subjects: 23 | - kind: ServiceAccount 24 | name: dozzle 25 | namespace: observability 26 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/dozzle/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app dozzle 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/observability/dozzle/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/exportarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./prowlarr.yaml 8 | - ./radarr.yaml 9 | - ./sabnzbd.yaml 10 | - ./sonarr.yaml 11 | configMapGenerator: 12 | - name: exportarr-dashboard 13 | files: 14 | - ./resources/exportarr-dashboard2.json 15 | options: 16 | annotations: 17 | kustomize.toolkit.fluxcd.io/substitute: disabled 18 | labels: 19 | grafana_dashboard: "1" 20 | generatorOptions: 21 | disableNameSuffixHash: true 22 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/exportarr/ks.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app exportarr 6 | spec: 7 | commonMetadata: 8 | labels: 9 | app.kubernetes.io/name: *app 10 | path: ./kubernetes/apps/observability/exportarr/app 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | namespace: flux-system 16 | interval: 1h 17 | retryInterval: 2m 18 | timeout: 5m 19 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/gatus/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./prometheusrule.yaml 9 | - ./rbac.yaml 10 | configMapGenerator: 11 | - name: gatus-config 12 | files: 13 | - config.yaml=./resources/config.yaml 14 | generatorOptions: 15 | disableNameSuffixHash: true 16 | annotations: 17 | kustomize.toolkit.fluxcd.io/substitute: disabled 18 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/gatus/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: gatus 6 | rules: 7 | - apiGroups: [""] 8 | resources: ["configmaps"] 9 | verbs: ["get", "watch", "list"] 10 | --- 11 | apiVersion: rbac.authorization.k8s.io/v1 12 | kind: ClusterRoleBinding 13 | metadata: 14 | name: gatus 15 | roleRef: 16 | apiGroup: rbac.authorization.k8s.io 17 | kind: ClusterRole 18 | name: gatus 19 | subjects: 20 | - kind: ServiceAccount 21 | name: gatus 22 | namespace: observability 23 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/gatus/ks.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app gatus 6 | spec: 7 | commonMetadata: 8 | labels: 9 | app.kubernetes.io/name: *app 10 | path: ./kubernetes/apps/observability/gatus/app 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | namespace: flux-system 16 | interval: 1h 17 | retryInterval: 2m 18 | timeout: 5m 19 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/grafana/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: grafana-secrets 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: grafana-secrets 13 | dataFrom: 14 | - extract: 15 | key: grafana-oidc 16 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/grafana/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app grafana 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/observability/grafana/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/headlamp/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: headlamp-oidc 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: headlamp-oidc 13 | dataFrom: 14 | - extract: 15 | key: headlamp-oidc 16 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/headlamp/app/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: HTTPRoute 4 | metadata: 5 | labels: 6 | app.kubernetes.io/instance: headlamp 7 | app.kubernetes.io/name: headlamp 8 | app.kubernetes.io/part-of: headlamp 9 | name: headlamp 10 | spec: 11 | hostnames: 12 | - headlamp.kantai.xyz 13 | parentRefs: 14 | - group: gateway.networking.k8s.io 15 | kind: Gateway 16 | name: internal 17 | namespace: kube-system 18 | sectionName: https 19 | rules: 20 | - backendRefs: 21 | - name: headlamp 22 | port: 80 23 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/headlamp/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./httproute.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/headlamp/ks.yaml: -------------------------------------------------------------------------------- 1 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: &app headlamp 6 | spec: 7 | commonMetadata: 8 | labels: 9 | app.kubernetes.io/name: *app 10 | path: ./kubernetes/apps/observability/headlamp/app 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | namespace: flux-system 16 | interval: 1h 17 | retryInterval: 2m 18 | timeout: 5m 19 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/idrac-exporter/app/resources/idrac.yml: -------------------------------------------------------------------------------- 1 | address: 0.0.0.0 2 | port: 9348 3 | timeout: 30 4 | hosts: 5 | kantai1-ipmi: 6 | username: {{ .kantai1_username }} 7 | password: {{ .kantai1_password }} 8 | metrics: 9 | system: true 10 | sensors: true 11 | power: true 12 | events: false 13 | storage: false 14 | memory: false 15 | network: false 16 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/idrac-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app idrac-exporter 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/observability/idrac-exporter/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kube-prometheus-stack/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./alertmanagerconfig.yaml 7 | - ./externalsecret.yaml 8 | - ./helmrelease.yaml 9 | - ./prometheusrule.yaml 10 | - ./scrapeconfig.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kube-prometheus-stack/app/scrapeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/scrapeconfig_v1alpha1.json 3 | apiVersion: monitoring.coreos.com/v1alpha1 4 | kind: ScrapeConfig 5 | metadata: 6 | name: &name node-exporter 7 | spec: 8 | staticConfigs: 9 | - targets: 10 | - pikvm:9100 11 | metricsPath: /metrics 12 | relabelings: 13 | - action: replace 14 | targetLabel: job 15 | replacement: *name 16 | scrapeTimeout: 15s 17 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/kube-prometheus-stack/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app kps 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | dependsOn: 12 | - name: cert-manager 13 | namespace: cert-manager 14 | path: ./kubernetes/apps/observability/kube-prometheus-stack/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | namespace: flux-system 20 | interval: 1h 21 | retryInterval: 2m 22 | timeout: 5m 23 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/nut-exporter/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: nut-exporter 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: nut-exporter-secret 13 | template: 14 | data: 15 | NUT_EXPORTER_USERNAME: "{{ .username }}" 16 | NUT_EXPORTER_PASSWORD: "{{ .password }}" 17 | dataFrom: 18 | - extract: 19 | key: nut-exporter 20 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/nut-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | - ./prometheusrule.yaml 9 | - ./servicemonitor.yaml 10 | configMapGenerator: 11 | - name: nut-grafana-dashboard 12 | files: 13 | - ./resources/ups-aggregate.json 14 | options: 15 | annotations: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled 17 | labels: 18 | grafana_dashboard: "1" 19 | generatorOptions: 20 | disableNameSuffixHash: true 21 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/nut-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app nut-exporter 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/observability/nut-exporter/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/prometheus-operator-crds/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/prometheus-operator-crds/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: prometheus-operator-crds 7 | namespace: flux-system 8 | spec: 9 | path: ./kubernetes/apps/observability/prometheus-operator-crds/app 10 | prune: false # don't GC CRDs 11 | sourceRef: 12 | kind: GitRepository 13 | name: flux-system 14 | namespace: flux-system 15 | interval: 1h 16 | retryInterval: 2m 17 | timeout: 5m 18 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/robusta/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: robusta-helm-values 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: robusta-helm-values 13 | dataFrom: 14 | - extract: 15 | key: robusta 16 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/robusta/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/robusta/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app robusta 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: kubernetes/apps/observability/robusta/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/silence-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/silence-operator/silences/blackbox-ipv6.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.giantswarm.io/v1alpha1 3 | kind: Silence 4 | metadata: 5 | name: blackbox-ipv6 6 | spec: 7 | matchers: 8 | - name: alertname 9 | value: BlackboxProbeFailed 10 | isRegex: false 11 | - name: job 12 | value: http-ipv6|icmp6 13 | isRegex: true 14 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/silence-operator/silences/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./smart.yaml 7 | - ./overcommit.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/silence-operator/silences/overcommit.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.giantswarm.io/v1alpha1 3 | kind: Silence 4 | metadata: 5 | name: i-am-overcommitted-cpu 6 | spec: 7 | matchers: 8 | - name: alertname 9 | value: KubeCPUOvercommit 10 | isRegex: false 11 | --- 12 | apiVersion: monitoring.giantswarm.io/v1alpha1 13 | kind: Silence 14 | metadata: 15 | name: i-am-overcommitted-memory 16 | spec: 17 | matchers: 18 | - name: alertname 19 | value: KubeMemoryOvercommit 20 | isRegex: false 21 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/silence-operator/silences/smart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.giantswarm.io/v1alpha1 3 | kind: Silence 4 | metadata: 5 | name: kantai1-failed-nvmes 6 | spec: 7 | matchers: 8 | - name: alertname 9 | value: SmartDeviceMediaErrors 10 | isRegex: false 11 | - name: job 12 | value: smartctl-exporter 13 | isRegex: false 14 | - name: device 15 | value: nvme0 16 | isRegex: true 17 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/speedtest-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | configMapGenerator: 8 | - name: speedtest-dashboards 9 | files: 10 | - dashboards/speedtest.json 11 | options: 12 | annotations: 13 | kustomize.toolkit.fluxcd.io/substitute: disabled 14 | labels: 15 | grafana_dashboard: "1" 16 | generatorOptions: 17 | disableNameSuffixHash: true 18 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/speedtest-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app speedtest-exporter 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: kubernetes/apps/observability/speedtest-exporter/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: observability 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/unpoller/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: unpoller 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: unpoller 13 | data: 14 | - secretKey: UP_UNIFI_DEFAULT_API_KEY 15 | remoteRef: 16 | key: unifi 17 | property: credential 18 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/unpoller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - externalsecret.yaml 7 | - helmrelease.yaml 8 | - prometheusrule.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/unpoller/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app unpoller 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/observability/unpoller/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/victorialogs/app/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: HTTPRoute 4 | metadata: 5 | labels: 6 | app.kubernetes.io/instance: victoria-logs 7 | app.kubernetes.io/name: victoria-logs 8 | app.kubernetes.io/part-of: victoria-logs 9 | name: victoria-logs-server 10 | spec: 11 | hostnames: 12 | - val.kantai.xyz 13 | parentRefs: 14 | - group: gateway.networking.k8s.io 15 | kind: Gateway 16 | name: internal 17 | namespace: kube-system 18 | sectionName: https 19 | rules: 20 | - backendRefs: 21 | - name: victoria-logs-server 22 | port: 9428 23 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/victorialogs/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - httproute.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/victorialogs/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app victoria-logs 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/observability/victorialogs/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/victoriametrics/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/victoriametrics/stack/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: HTTPRoute 4 | metadata: 5 | labels: 6 | app.kubernetes.io/instance: stack 7 | app.kubernetes.io/name: vmsingle 8 | name: vmsingle-stack 9 | spec: 10 | hostnames: 11 | - vam.kantai.xyz 12 | parentRefs: 13 | - group: gateway.networking.k8s.io 14 | kind: Gateway 15 | name: internal 16 | namespace: kube-system 17 | sectionName: https 18 | rules: 19 | - backendRefs: 20 | - name: vmsingle-stack 21 | port: 8429 22 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/victoriametrics/stack/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - httproute.yaml 7 | - vmalert.yaml 8 | - vmrule.yaml 9 | - vmservicescrape.yaml 10 | - vmsingle.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/victoriametrics/stack/vmalert.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operator.victoriametrics.com/v1beta1 3 | kind: VMAlert 4 | metadata: 5 | name: stack 6 | spec: 7 | datasource: 8 | url: http://vmsingle-stack.observability.svc:8429 9 | evaluationInterval: 1m 10 | externalLabels: 11 | cluster: kantai 12 | extraArgs: 13 | external.url: https://vam.kantai.xyz 14 | notifiers: 15 | - url: http://alertmanager-operated.observability.svc:9093 16 | remoteRead: 17 | url: http://vmsingle-stack.observability.svc:8429 18 | remoteWrite: 19 | url: http://vmsingle-stack.observability.svc:8429 20 | replicaCount: 1 21 | selectAllByDefault: true 22 | useDefaultResources: false 23 | useStrictSecurity: true 24 | -------------------------------------------------------------------------------- /kubernetes/apps/observability/victoriametrics/stack/vmservicescrape.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operator.victoriametrics.com/v1beta1 3 | kind: VMServiceScrape 4 | metadata: 5 | name: vm-operator 6 | spec: 7 | selector: 8 | matchLabels: 9 | app.kubernetes.io/name: victoria-metrics-operator 10 | app.kubernetes.io/instance: vm-operator 11 | endpoints: 12 | - port: http 13 | namespaceSelector: 14 | matchNames: 15 | - observability 16 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/etcd/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./service.yaml 7 | - ./statefulset.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/etcd/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app etcd 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | app.kubernetes.io/part-of: openebs 12 | path: ./kubernetes/apps/openebs-system/etcd/app 13 | prune: true 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | namespace: flux-system 18 | interval: 1h 19 | retryInterval: 2m 20 | timeout: 5m 21 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./openebs/ks.yaml 8 | - ./zfs-volumes/ks.yaml 9 | components: 10 | - ../../components/common 11 | transformers: 12 | - ./transformers 13 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/openebs/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/openebs/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app openebs 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/openebs-system/openebs/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: openebs-system 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/zfs-volumes/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: openebs-zfs-volumes 7 | spec: 8 | path: ./kubernetes/apps/openebs-system/zfs-volumes/resources 9 | prune: false # don't GC zfs volumes to avoid unwanted DR 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | namespace: flux-system 14 | interval: 1h 15 | retryInterval: 2m 16 | timeout: 5m 17 | -------------------------------------------------------------------------------- /kubernetes/apps/openebs-system/zfs-volumes/resources/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./homeassistant-backup.yaml 7 | - ./media1.yaml 8 | - ./media2.yaml 9 | - ./photos.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/cluster/app/certificate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: ceph-objectstore 6 | spec: 7 | secretName: ceph-objectstore-tls 8 | duration: 2160h # 90d 9 | issuerRef: 10 | name: cluster-ca 11 | kind: ClusterIssuer 12 | group: cert-manager.io 13 | commonName: rook-ceph-rgw-ceph-objectstore.rook-ceph.svc.cluster.local 14 | dnsNames: 15 | - rook-ceph-rgw-ceph-objectstore.rook-ceph.svc 16 | - rook-ceph-rgw-ceph-objectstore.rook-ceph.svc.cluster.local 17 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/cluster/app/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: HTTPRoute 4 | metadata: 5 | labels: 6 | app.kubernetes.io/instance: rook-ceph-cluster 7 | app.kubernetes.io/name: rook-ceph-cluster 8 | app.kubernetes.io/part-of: rook-ceph-cluster 9 | name: rook-ceph-mgr-dashboard 10 | spec: 11 | hostnames: 12 | - ceph.kantai.xyz 13 | parentRefs: 14 | - group: gateway.networking.k8s.io 15 | kind: Gateway 16 | name: internal 17 | namespace: kube-system 18 | sectionName: https 19 | rules: 20 | - backendRefs: 21 | - name: rook-ceph-mgr-dashboard 22 | port: 8080 23 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/cluster/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./certificate.yaml 7 | - ./helmrelease.yaml 8 | - ./httproute.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/cluster/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app rook-ceph-cluster 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | dependsOn: 12 | - name: rook-ceph-operator 13 | - name: snapshot-controller 14 | namespace: kube-system 15 | path: ./kubernetes/apps/rook-ceph/cluster/app 16 | prune: false # don't GC ceph cluster to avoid unwanted DR 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | interval: 1h 22 | retryInterval: 2m 23 | timeout: 5m 24 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cluster/ks.yaml 7 | - ./namespace.yaml 8 | - ./operator/ks.yaml 9 | components: 10 | - ../../components/common 11 | transformers: 12 | - ./transformers 13 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/operator/app/configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: csi-ceph-conf-override 6 | namespace: rook-ceph 7 | data: 8 | ceph.conf: | 9 | [client] 10 | # disable the in‑memory RBD cache 11 | rbd_cache = false 12 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./configmap.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/operator/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app rook-ceph-operator 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/rook-ceph/operator/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/rook-ceph/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: rook-ceph 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/storage/kantai3-samba/app/configs/avahi/avahi-daemon.conf: -------------------------------------------------------------------------------- 1 | [server] 2 | allow-interfaces=net1 3 | disallow-other-stacks=yes 4 | enable-dbus=warn 5 | host-name=kantai3 6 | use-ipv4=yes 7 | use-ipv6=no 8 | -------------------------------------------------------------------------------- /kubernetes/apps/storage/kantai3-samba/app/endpoints.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Endpoints 4 | metadata: 5 | name: media1-smb-internal 6 | subsets: 7 | - addresses: 8 | - ip: 10.1.2.2 9 | ports: 10 | - port: 445 11 | -------------------------------------------------------------------------------- /kubernetes/apps/storage/kantai3-samba/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: zfs-media1 6 | spec: 7 | accessModes: 8 | - ReadWriteMany 9 | resources: 10 | requests: 11 | storage: 50Ti 12 | storageClassName: "" 13 | volumeMode: Filesystem 14 | volumeName: storage-zfs-media1 15 | --- 16 | apiVersion: v1 17 | kind: PersistentVolumeClaim 18 | metadata: 19 | name: homeassistant-backup 20 | spec: 21 | accessModes: 22 | - ReadWriteMany 23 | resources: 24 | requests: 25 | storage: 108Gi 26 | storageClassName: "" 27 | volumeMode: Filesystem 28 | volumeName: homeassistant-backup 29 | -------------------------------------------------------------------------------- /kubernetes/apps/storage/kantai3-samba/app/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | annotations: 6 | external-dns.alpha.kubernetes.io/hostname: media1.smb.internal 7 | name: media1-smb-internal 8 | spec: 9 | clusterIP: None 10 | ports: 11 | - name: smbd 12 | port: 445 13 | targetPort: 445 14 | -------------------------------------------------------------------------------- /kubernetes/apps/storage/kantai3-samba/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app kantai3-samba 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | path: ./kubernetes/apps/storage/kantai3-samba/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | interval: 1h 18 | retryInterval: 2m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/apps/storage/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./kantai3-samba/ks.yaml 8 | - ./maintenance/ks.yaml 9 | - ./media-kantai1/ks.yaml 10 | components: 11 | - ../../components/common 12 | transformers: 13 | - ./transformers 14 | -------------------------------------------------------------------------------- /kubernetes/apps/storage/maintenance/kantai1/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cronjob.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/storage/maintenance/kantai3/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cronjob.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/storage/media-kantai1/smb/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./networkpolicy.yaml 8 | - ./helmrelease.yaml 9 | configMapGenerator: 10 | - name: samba-config 11 | files: 12 | - ./configs/config.yaml 13 | generatorOptions: 14 | disableNameSuffixHash: true 15 | -------------------------------------------------------------------------------- /kubernetes/apps/storage/media-kantai1/volume/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./pvc.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/storage/media-kantai1/volume/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: storage-media-kantai1-zfs 6 | spec: 7 | accessModes: 8 | - ReadWriteMany 9 | resources: 10 | requests: 11 | storage: 160Ti 12 | storageClassName: "" 13 | volumeMode: Filesystem 14 | volumeName: storage-media-kantai1-zfs 15 | -------------------------------------------------------------------------------- /kubernetes/apps/storage/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | -------------------------------------------------------------------------------- /kubernetes/apps/storage/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: storage 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/tailscale/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./tailscale-operator/ks.yaml 8 | components: 9 | - ../../components/common 10 | transformers: 11 | - ./transformers 12 | -------------------------------------------------------------------------------- /kubernetes/apps/tailscale/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | -------------------------------------------------------------------------------- /kubernetes/apps/tailscale/tailscale-operator/app/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: k8s-operator-oauth 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: k8s-operator-oauth-secret 13 | dataFrom: 14 | - extract: 15 | key: k8s-operator-oauth 16 | -------------------------------------------------------------------------------- /kubernetes/apps/tailscale/tailscale-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/tailscale/tailscale-operator/connector/ciliumnetworkpolicy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: "cilium.io/v2" 3 | kind: CiliumNetworkPolicy 4 | metadata: 5 | name: "tailscale-connector-allow-ingress" 6 | spec: 7 | endpointSelector: 8 | matchLabels: 9 | tailscale.com/parent-resource: connector 10 | tailscale.com/parent-resource-type: connector 11 | ingress: 12 | - fromEntities: 13 | - "world" 14 | -------------------------------------------------------------------------------- /kubernetes/apps/tailscale/tailscale-operator/connector/connector.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tailscale.com/v1alpha1 3 | kind: Connector 4 | metadata: 5 | name: connector 6 | spec: 7 | hostname: kantai-connector 8 | exitNode: true 9 | proxyClass: kernel-org-tun 10 | subnetRouter: 11 | advertiseRoutes: 12 | - "10.10.0.0/16" # load-balancers 13 | - "10.12.0.0/16" # services 14 | -------------------------------------------------------------------------------- /kubernetes/apps/tailscale/tailscale-operator/connector/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./ciliumnetworkpolicy.yaml 7 | - ./connector.yaml 8 | - ./proxyclass.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/tailscale/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: tailscale 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/talos-admin/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./system-upgrade-controller/ks.yaml 8 | - ./talos-backup/ks.yaml 9 | components: 10 | - ../../components/common 11 | transformers: 12 | - ./transformers 13 | -------------------------------------------------------------------------------- /kubernetes/apps/talos-admin/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | labels: 7 | pod-security.kubernetes.io/enforce: privileged 8 | -------------------------------------------------------------------------------- /kubernetes/apps/talos-admin/system-upgrade-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - rbac.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/talos-admin/system-upgrade-controller/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: system-upgrade 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: cluster-admin 10 | subjects: 11 | - kind: ServiceAccount 12 | name: system-upgrade 13 | namespace: talos-admin 14 | --- 15 | apiVersion: talos.dev/v1alpha1 16 | kind: ServiceAccount 17 | metadata: 18 | name: system-upgrade 19 | spec: 20 | roles: 21 | - os:admin 22 | -------------------------------------------------------------------------------- /kubernetes/apps/talos-admin/system-upgrade-controller/plans/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./kubernetes.yaml 7 | - ./talos.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/talos-admin/talos-backup/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cronjob.yaml 7 | - ./secret.yaml 8 | - ./serviceaccount.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/talos-admin/talos-backup/app/secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: talos-backup-serviceaccount 6 | annotations: 7 | kubernetes.io/service-account.name: talos-backup-serviceaccount 8 | -------------------------------------------------------------------------------- /kubernetes/apps/talos-admin/talos-backup/app/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: talos.dev/v1alpha1 3 | kind: ServiceAccount 4 | metadata: 5 | name: talos-backup-serviceaccount 6 | spec: 7 | roles: 8 | - os:etcd:backup 9 | -------------------------------------------------------------------------------- /kubernetes/apps/talos-admin/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: talos-admin 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./volsync/ks.yaml 8 | components: 9 | - ../../components/common 10 | transformers: 11 | - ./transformers 12 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: .invalid 6 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: volsync-system 6 | resources: 7 | - ../../../transformers 8 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/volsync/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./prometheusrule.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/volsync-system/volsync/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app volsync 7 | spec: 8 | commonMetadata: 9 | labels: 10 | app.kubernetes.io/name: *app 11 | dependsOn: 12 | - name: snapshot-controller 13 | namespace: kube-system 14 | path: ./kubernetes/apps/volsync-system/volsync/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | namespace: flux-system 20 | interval: 1h 21 | retryInterval: 2m 22 | timeout: 5m 23 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/alertmanager/alert.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/alert_v1beta3.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Alert 5 | metadata: 6 | name: alertmanager 7 | spec: 8 | providerRef: 9 | name: alertmanager 10 | eventSeverity: error 11 | eventSources: 12 | - kind: HelmRelease 13 | name: "*" 14 | - kind: Kustomization 15 | name: "*" 16 | exclusionList: 17 | - "error.*lookup github\\.com" 18 | - "error.*lookup raw\\.githubusercontent\\.com" 19 | - "dial.*tcp.*timeout" 20 | - "waiting.*socket" 21 | suspend: false 22 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/alertmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./alert.yaml 7 | - ./provider.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/alertmanager/provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/provider_v1beta3.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Provider 5 | metadata: 6 | name: alertmanager 7 | spec: 8 | type: alertmanager 9 | address: http://alertmanager-operated.observability.svc.cluster.local:9093/api/v2/alerts/ 10 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/github-status/alert.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/refs/heads/main/alert-notification-v1beta3.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Alert 5 | metadata: 6 | name: github-status 7 | spec: 8 | providerRef: 9 | name: github-status 10 | eventSeverity: info 11 | eventSources: 12 | - kind: Kustomization 13 | name: "*" 14 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/github-status/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: github-status-token 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: github-status-token 13 | template: 14 | engineVersion: v2 15 | data: 16 | token: "{{ .FLUX_GITHUB_TOKEN }}" 17 | dataFrom: 18 | - extract: 19 | key: flux 20 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/github-status/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./alert.yaml 7 | - ./externalsecret.yaml 8 | - ./provider.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/github-status/provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/refs/heads/main/provider-notification-v1beta3.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Provider 5 | metadata: 6 | name: github-status 7 | spec: 8 | type: github 9 | address: https://github.com/jfroy/flatops 10 | secretRef: 11 | name: github-status-token 12 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./alertmanager 7 | - ./github-status 8 | -------------------------------------------------------------------------------- /kubernetes/components/common/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | resources: 6 | - ./alerts 7 | transformers: 8 | - |- 9 | apiVersion: builtin 10 | kind: AnnotationsTransformer 11 | metadata: 12 | name: annotate-ns 13 | annotations: 14 | kustomize.toolkit.fluxcd.io/prune: disabled 15 | volsync.backube/privileged-movers: "true" 16 | fieldSpecs: 17 | - path: metadata/annotations 18 | kind: Namespace 19 | create: true 20 | -------------------------------------------------------------------------------- /kubernetes/components/gatus/external/config.yaml: -------------------------------------------------------------------------------- 1 | endpoints: 2 | - name: "${APP}" 3 | group: external 4 | url: "https://${APP_SUBDOMAIN:=${APP}}.kantai.xyz${GATUS_PATH:=/}" 5 | interval: 1m 6 | client: 7 | dns-resolver: tcp://1.1.1.1:53 8 | conditions: 9 | - "[STATUS] == ${GATUS_STATUS:=200}" 10 | -------------------------------------------------------------------------------- /kubernetes/components/gatus/external/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | configMapGenerator: 6 | - name: ${APP}-gatus-ep 7 | files: 8 | - config.yaml=./config.yaml 9 | options: 10 | labels: 11 | gatus.io/enabled: "true" 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/components/gatus/guarded/config.yaml: -------------------------------------------------------------------------------- 1 | endpoints: 2 | - name: "${APP}" 3 | group: guarded 4 | url: 1.1.1.1 5 | interval: 1m 6 | ui: 7 | hide-hostname: true 8 | hide-url: true 9 | dns: 10 | query-name: "${APP_SUBDOMAIN:=${APP}}.kantai.xyz" 11 | query-type: A 12 | conditions: 13 | - "len([BODY]) == 0" 14 | -------------------------------------------------------------------------------- /kubernetes/components/gatus/guarded/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | configMapGenerator: 6 | - name: ${APP}-gatus-ep 7 | files: 8 | - config.yaml=./config.yaml 9 | options: 10 | labels: 11 | gatus.io/enabled: "true" 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/components/volsync/cloudflare-r2/externalsecret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json 3 | apiVersion: external-secrets.io/v1 4 | kind: ExternalSecret 5 | metadata: 6 | name: "${APP}-volsync-r2" 7 | spec: 8 | secretStoreRef: 9 | kind: ClusterSecretStore 10 | name: onepassword 11 | target: 12 | name: "${APP}-volsync-r2-secret" 13 | template: 14 | data: 15 | RESTIC_REPOSITORY: "{{ .RESTIC_BUCKET }}/${APP}" 16 | RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}" 17 | AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}" 18 | AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}" 19 | dataFrom: 20 | - extract: 21 | key: volsync-r2 22 | -------------------------------------------------------------------------------- /kubernetes/components/volsync/cloudflare-r2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./externalsecret.yaml 7 | - ./replicationdestination.yaml 8 | - ./replicationsource.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/components/volsync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | resources: 6 | - ./cloudflare-r2 7 | - ./pvc.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/components/volsync/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: "${APP}" 6 | spec: 7 | accessModes: ["${VOLSYNC_ACCESSMODES:=ReadWriteOnce}"] 8 | dataSourceRef: 9 | kind: ReplicationDestination 10 | apiGroup: volsync.backube 11 | name: "${APP}-dst" 12 | resources: 13 | requests: 14 | storage: "${VOLSYNC_CAPACITY:=1Gi}" 15 | storageClassName: "${VOLSYNC_STORAGECLASS:=ceph-block}" 16 | -------------------------------------------------------------------------------- /kubernetes/transformers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./transformer.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/transformers/transformer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: builtin 2 | kind: NamespaceTransformer 3 | metadata: 4 | name: apply-ns 5 | namespace: .invalid 6 | unsetOnly: false 7 | fieldSpecs: 8 | - path: metadata/name 9 | kind: Namespace 10 | create: true 11 | - path: spec/service/namespace 12 | group: apiregistration.k8s.io 13 | kind: APIService 14 | create: true 15 | - path: spec/conversion/webhook/clientConfig/service/namespace 16 | group: apiextensions.k8s.io 17 | kind: CustomResourceDefinition 18 | - path: spec/targetNamespace 19 | group: kustomize.toolkit.fluxcd.io 20 | kind: Kustomization 21 | create: true 22 | -------------------------------------------------------------------------------- /kubernetes/vap/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./pss-baseline-default.yaml 7 | - ./pss-baseline-gluetun-caps.yaml 8 | - ./pss-restricted-additional.yaml 9 | -------------------------------------------------------------------------------- /makejinja.toml: -------------------------------------------------------------------------------- 1 | [makejinja] 2 | inputs = ["./bootstrap/overrides","./bootstrap/templates"] 3 | output = "./" 4 | exclude_patterns = [".mjfilter.py", "*.partial.yaml.j2"] 5 | data = ["./config.yaml"] 6 | import_paths = ["./bootstrap/scripts"] 7 | loaders = ["plugin:Plugin"] 8 | jinja_suffix = ".j2" 9 | force = true 10 | undefined = "chainable" 11 | 12 | [makejinja.delimiter] 13 | block_start = "#%" 14 | block_end = "%#" 15 | comment_start = "#|" 16 | comment_end = "#|" 17 | variable_start = "#{" 18 | variable_end = "}#" 19 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | cloudflare==4.2.0 2 | dnspython==2.7.0 3 | email-validator==2.2.0 4 | makejinja==2.7.2 5 | netaddr==1.3.0 6 | ntplib==0.4.0 7 | -------------------------------------------------------------------------------- /talos/clusterconfig/.gitignore: -------------------------------------------------------------------------------- 1 | talosconfig 2 | kantai-kantai1.yaml 3 | kantai-kantai2.yaml 4 | kantai-kantai3.yaml 5 | --------------------------------------------------------------------------------