├── .github ├── CODEOWNERS ├── dependabot.yml ├── labeler.yaml └── workflows │ └── sync-labels.yaml ├── misc ├── atlantis │ ├── v0.18 │ │ ├── files │ │ │ ├── repos.yaml │ │ │ └── atlantis.yaml │ │ ├── rbac.yaml │ │ ├── config.env │ │ ├── service.yaml │ │ └── kustomization.yaml │ ├── v0.19 │ │ ├── files │ │ │ ├── repos.yaml │ │ │ └── atlantis.yaml │ │ ├── rbac.yaml │ │ ├── config.env │ │ ├── service.yaml │ │ └── kustomization.yaml │ ├── v0.21 │ │ ├── files │ │ │ ├── repos.yaml │ │ │ └── atlantis.yaml │ │ ├── rbac.yaml │ │ ├── config.env │ │ ├── service.yaml │ │ └── kustomization.yaml │ ├── v0.23 │ │ ├── files │ │ │ ├── repos.yaml │ │ │ └── atlantis.yaml │ │ ├── rbac.yaml │ │ ├── config.env │ │ ├── service.yaml │ │ └── kustomization.yaml │ ├── v0.17 │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml │ └── download.sh ├── op-scim-bridge │ ├── README.md │ └── v2.0 │ │ ├── config.env │ │ ├── service.yaml │ │ ├── redis-service.yaml │ │ ├── kustomization.yaml │ │ └── redis-deployment.yaml ├── doraemon │ ├── rbac.yaml │ └── kustomization.yaml ├── dashy │ └── v3 │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml ├── miniflux │ └── v2 │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml └── kafdrop │ └── v3.7 │ ├── config.env │ ├── service.yaml │ └── kustomization.yaml ├── README.md ├── observability ├── alertmanager │ ├── configurations │ │ ├── images.yaml │ │ └── kustomization.yaml │ ├── resources │ │ ├── prometheus-rule │ │ │ └── kustomization.yaml │ │ └── service-monitor │ │ │ ├── kustomization.yaml │ │ │ └── service-monitor.yaml │ ├── v0.24 │ │ ├── secret.yaml │ │ ├── rbac.yaml │ │ ├── pdb.yaml │ │ ├── kustomization.yaml │ │ └── service.yaml │ └── download.sh ├── kibana │ ├── v7.13 │ │ ├── files │ │ │ └── kibana.yml │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml │ └── v7.15 │ │ ├── files │ │ └── kibana.yml │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml ├── logstash │ ├── v7.13 │ │ ├── files │ │ │ ├── pipelines.yml │ │ │ └── pipelines │ │ │ │ └── main.conf │ │ ├── rbac.yaml │ │ ├── poddisruptionbudget.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml │ └── v7.15 │ │ ├── files │ │ ├── pipelines.yml │ │ └── pipelines │ │ │ └── main.conf │ │ ├── rbac.yaml │ │ ├── poddisruptionbudget.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml ├── prometheus │ ├── configurations │ │ ├── images.yaml │ │ ├── namespace.yaml │ │ └── kustomization.yaml │ ├── resources │ │ ├── prometheus-rule │ │ │ └── kustomization.yaml │ │ └── service-monitor │ │ │ ├── kustomization.yaml │ │ │ └── service-monitor.yaml │ ├── v2.37 │ │ ├── pdb.yaml │ │ ├── kustomization.yaml │ │ └── service.yaml │ └── download.sh ├── grafana │ ├── v7.5 │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml │ ├── v8.2 │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml │ ├── v8.4 │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml │ ├── v8.5 │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml │ ├── v9.0 │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml │ ├── v9.3 │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml │ ├── v9.5 │ │ ├── rbac.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml │ └── resources │ │ └── service-monitor │ │ ├── kustomization.yaml │ │ └── service-monitor.yaml ├── prometheus-operator │ ├── resources │ │ ├── prometheus-rule │ │ │ └── kustomization.yaml │ │ └── service-monitor │ │ │ ├── kustomization.yaml │ │ │ └── service-monitor.yaml │ ├── components │ │ ├── service-monitor-coredns │ │ │ ├── kustomization.yaml │ │ │ └── service-monitor.yaml │ │ ├── service-monitor-kubelet │ │ │ └── kustomization.yaml │ │ └── service-monitor-api-server │ │ │ └── kustomization.yaml │ ├── v0.44.1 │ │ ├── kustomization.yaml │ │ └── service.yaml │ ├── v0.57 │ │ ├── crds │ │ │ └── kustomization.yaml │ │ ├── service.yaml │ │ └── network-policy.yaml │ └── download.sh ├── apm-server │ ├── v7.13 │ │ ├── files │ │ │ └── apm-server.yml │ │ ├── service.yaml │ │ └── kustomization.yaml │ └── v7.15 │ │ ├── files │ │ └── apm-server.yml │ │ ├── service.yaml │ │ └── kustomization.yaml ├── gatus │ └── v5 │ │ ├── rbac.yaml │ │ ├── files │ │ └── config.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml ├── prometheus-exporters │ ├── node-exporter │ │ ├── resources │ │ │ ├── prometheus-rule │ │ │ │ └── kustomization.yaml │ │ │ └── service-monitor │ │ │ │ ├── kustomization.yaml │ │ │ │ └── service-monitor.yaml │ │ ├── v1.1 │ │ │ ├── kustomization.yaml │ │ │ └── service.yaml │ │ ├── v1.3 │ │ │ ├── service.yaml │ │ │ └── kustomization.yaml │ │ └── download.sh │ ├── kafka-exporter │ │ ├── resources │ │ │ └── service-monitor.yaml │ │ └── v1.4.2 │ │ │ ├── kustomization.yaml │ │ │ └── service.yaml │ ├── redis-exporter │ │ ├── resources │ │ │ └── service-monitor.yaml │ │ └── v1.27.1 │ │ │ ├── kustomization.yaml │ │ │ └── service.yaml │ └── elasticsearch-exporter │ │ ├── resources │ │ └── service-monitor.yaml │ │ └── v1.2.1 │ │ ├── kustomization.yaml │ │ └── service.yaml ├── heartbeat │ ├── v7.13 │ │ ├── files │ │ │ └── heartbeat.yml │ │ └── kustomization.yaml │ └── v7.15 │ │ ├── files │ │ └── heartbeat.yml │ │ └── kustomization.yaml ├── filebeat │ ├── v7.13 │ │ ├── files │ │ │ └── filebeat.yml │ │ └── kustomization.yaml │ ├── v7.15 │ │ ├── files │ │ │ └── filebeat.yml │ │ └── kustomization.yaml │ └── download.sh └── botkube │ ├── download.sh │ └── v0.12 │ ├── kustomization.yaml │ └── rbac.yaml ├── addons ├── coredns │ ├── components │ │ ├── cluster-ip │ │ │ ├── service.yaml │ │ │ └── kustomization.yaml │ │ └── fargate │ │ │ ├── deployment.yaml │ │ │ └── kustomization.yaml │ ├── v1.8 │ │ └── kustomization.yaml │ ├── download.sh │ └── 2020-10-29 │ │ └── kustomization.yaml ├── argo-rollouts │ ├── v1.3 │ │ ├── base │ │ │ ├── secret.yaml │ │ │ ├── kustomization.yaml │ │ │ └── service.yaml │ │ ├── crds │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ └── dashboard │ │ │ ├── kustomization.yaml │ │ │ ├── service.yaml │ │ │ └── deployment.yaml │ ├── v1.4 │ │ ├── base │ │ │ ├── secret.yaml │ │ │ ├── kustomization.yaml │ │ │ └── service.yaml │ │ ├── crds │ │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ └── dashboard │ │ │ ├── kustomization.yaml │ │ │ ├── service.yaml │ │ │ └── deployment.yaml │ ├── resources │ │ └── notifications │ │ │ ├── configmap.yaml │ │ │ └── kustomization.yaml │ ├── components │ │ └── init-rollout │ │ │ └── kustomization.yaml │ └── download.sh ├── argo-workflows │ ├── v3.4 │ │ ├── workflow-controller │ │ │ ├── configmap.yaml │ │ │ └── kustomization.yaml │ │ ├── argo-server │ │ │ ├── kustomization.yaml │ │ │ └── service.yaml │ │ ├── crds │ │ │ └── kustomization.yaml │ │ └── kustomization.yaml │ ├── resources │ │ ├── workflow-controller-metrics │ │ │ ├── kustomization.yaml │ │ │ └── service.yaml │ │ ├── service-account-argo-workflow-executor │ │ │ ├── kustomization.yaml │ │ │ └── secret.yaml │ │ └── service-monitor │ │ │ ├── service-monitor.workflow-controller-metrics.yaml │ │ │ └── kustomization.yaml │ ├── download.sh │ └── v3.1 │ │ └── kustomization.yaml ├── argo-cd │ ├── components │ │ ├── custom-tools │ │ │ └── kustomization.yaml │ │ └── notifications-catalog │ │ │ └── kustomization.yaml │ ├── v1.8 │ │ └── kustomization.yaml │ ├── v2.0 │ │ └── kustomization.yaml │ ├── resources │ │ └── service-monitors │ │ │ ├── service-monitor.argocd-metrics.yaml │ │ │ ├── service-monitor.argocd-server-metrics.yaml │ │ │ ├── service-monitor.argocd-repo-server-metrics.yaml │ │ │ ├── service-monitor.argocd-applicationset-controller-metrics.yaml │ │ │ └── kustomization.yaml │ ├── v2.1 │ │ └── kustomization.yaml │ ├── v2.2 │ │ └── kustomization.yaml │ ├── v2.4 │ │ └── kustomization.yaml │ ├── v2.5 │ │ └── kustomization.yaml │ ├── v2.3 │ │ └── kustomization.yaml │ └── download.sh ├── argo-cd-extensions │ ├── resources │ │ └── rollouts │ │ │ ├── kustomization.yaml │ │ │ └── argo-cd-extension.yaml │ ├── v0.2 │ │ ├── kustomization.yaml │ │ ├── crds │ │ │ └── kustomization.yaml │ │ ├── rbac │ │ │ ├── kustomization.yaml │ │ │ ├── argocd-server-extensions-rolebinding.yaml │ │ │ └── argocd-server-extensions-role.yaml │ │ └── deployment.argocd-server.yaml │ └── download.sh ├── aws-ebs-csi-driver │ ├── v1.14 │ │ ├── csi-node │ │ │ └── kustomization.yaml │ │ └── csi-controller │ │ │ ├── kustomization.yaml │ │ │ ├── csi-driver.yaml │ │ │ └── pdb.yaml │ └── download.sh ├── csi-snapshotter │ ├── v6.3 │ │ ├── snapshot-controller │ │ │ └── kustomization.yaml │ │ ├── crd │ │ │ └── kustomization.yaml │ │ └── kustomization.yaml │ ├── v6.2 │ │ ├── snapshot-controller │ │ │ └── kustomization.yaml │ │ ├── crd │ │ │ └── kustomization.yaml │ │ └── kustomization.yaml │ └── download.sh ├── kube-state-metrics │ ├── resources │ │ └── service-monitor │ │ │ └── kustomization.yaml │ ├── v2.1 │ │ ├── service.yaml │ │ └── kustomization.yaml │ ├── v2.4 │ │ ├── service.yaml │ │ └── kustomization.yaml │ ├── v2.6 │ │ ├── service.yaml │ │ └── kustomization.yaml │ ├── v2.7 │ │ ├── service.yaml │ │ └── kustomization.yaml │ └── download.sh ├── kubernetes-dashboard │ ├── README.md │ ├── v2.2 │ │ ├── kustomization.yaml │ │ └── 00_dashboard-namespace.yaml │ └── download.sh ├── aws-node-termination-handler │ ├── resources │ │ └── service-monitor │ │ │ ├── kustomization.yaml │ │ │ ├── service-monitor.yaml │ │ │ └── service.yaml │ ├── v1.18 │ │ ├── imds │ │ │ ├── patch.daemonset.yaml │ │ │ ├── kustomization.yaml │ │ │ └── psp.yaml │ │ └── queue-processor │ │ │ ├── patch.deployment.yaml │ │ │ ├── kustomization.yaml │ │ │ └── psp.yaml │ └── download.sh ├── kubernetes-external-secrets │ ├── resources │ │ └── service-monitor │ │ │ ├── kustomization.yaml │ │ │ └── service-monitor.yaml │ ├── v8.2 │ │ ├── service.yaml │ │ └── kustomization.yaml │ ├── v8.5 │ │ ├── service.yaml │ │ └── kustomization.yaml │ └── download.sh ├── traefik-ingress-controller │ ├── resources │ │ └── service-monitors │ │ │ ├── kustomization.yaml │ │ │ └── service-monitor.yaml │ ├── v2.9 │ │ └── kustomization.yaml │ └── download.sh ├── metrics-server │ ├── components │ │ └── ha │ │ │ ├── kustomization.yaml │ │ │ ├── pdb.yaml │ │ │ └── deployment.yaml │ ├── v0.4 │ │ ├── kustomization.yaml │ │ ├── service.yaml │ │ └── apiservice.yaml │ ├── v0.5 │ │ ├── kustomization.yaml │ │ ├── service.yaml │ │ └── apiservice.yaml │ ├── v0.6 │ │ ├── service.yaml │ │ ├── apiservice.yaml │ │ └── kustomization.yaml │ └── download.sh ├── external-secrets │ ├── v0.5 │ │ ├── webhook │ │ │ ├── rbac.yaml │ │ │ ├── secret.yaml │ │ │ └── service.yaml │ │ └── kustomization.yaml │ ├── v0.6 │ │ ├── webhook │ │ │ ├── rbac.yaml │ │ │ ├── secret.yaml │ │ │ └── service.yaml │ │ └── kustomization.yaml │ ├── v0.4 │ │ └── kustomization.yaml │ └── download.sh ├── cert-manager │ ├── v1.10 │ │ ├── configurations.yaml │ │ └── configmaps.yaml │ ├── v1.7 │ │ ├── configmap.yaml │ │ ├── kustomization.yaml │ │ ├── service.cert-manager-webhook.yaml │ │ └── service.yaml │ ├── v1.0 │ │ └── kustomization.yaml │ ├── v1.2 │ │ └── kustomization.yaml │ └── download.sh ├── reflector │ ├── v6.0 │ │ └── kustomization.yaml │ ├── download.sh │ └── v6.1 │ │ └── kustomization.yaml ├── sealed-secrets │ ├── v0.16 │ │ ├── service.yaml │ │ ├── kustomization.yaml │ │ └── crd.yaml │ ├── v0.17 │ │ ├── service.yaml │ │ ├── kustomization.yaml │ │ └── crd.yaml │ ├── v0.18 │ │ ├── service.yaml │ │ ├── kustomization.yaml │ │ └── crd.yaml │ ├── v0.19 │ │ ├── service.yaml │ │ └── kustomization.yaml │ ├── v0.15 │ │ ├── service.yaml │ │ ├── kustomization.yaml │ │ └── crd.yaml │ └── download.sh ├── aws-load-balancer-controller │ ├── v2.1 │ │ ├── kustomization.yaml │ │ └── service.yaml │ ├── download.sh │ ├── v2.2 │ │ ├── kustomization.yaml │ │ └── service.yaml │ └── v2.4 │ │ ├── service.yaml │ │ ├── ingress-class.yaml │ │ ├── kustomization.yaml │ │ └── cert.yaml ├── aws-vpc-cni │ ├── v1.8 │ │ ├── crd.yaml │ │ └── kustomization.yaml │ ├── v1.9 │ │ ├── crd.yaml │ │ └── kustomization.yaml │ ├── download.sh │ ├── v1.11 │ │ ├── kustomization.yaml │ │ └── crd.yaml │ ├── v1.12 │ │ ├── kustomization.yaml │ │ └── crd.yaml │ └── v1.10 │ │ ├── crd.yaml │ │ └── kustomization.yaml └── rbac-manager │ ├── v1.1 │ └── kustomization.yaml │ ├── v1.4 │ └── kustomization.yaml │ └── download.sh ├── sample-services ├── http-https-echo │ ├── rbac.yaml │ ├── kustomization.yaml │ ├── service.yaml │ └── deployment.yaml ├── whoami │ ├── kustomization.yaml │ ├── service.yaml │ └── deployment.yaml └── rollouts-demo │ ├── kustomization.yaml │ └── service.yaml ├── resources └── cluster-roles │ ├── kustomization.yaml │ ├── units │ ├── pods.log.yaml │ ├── pods.shell.yaml │ ├── secrets.list.yaml │ ├── secrets.view.yaml │ ├── pods.portforward.yaml │ ├── addons │ │ ├── sealedsecrets.view.yaml │ │ ├── externalsecrets.view.yaml │ │ ├── argo-applications.view.yaml │ │ ├── argo-appprojects.view.yaml │ │ ├── argo-workflows.view.yaml │ │ ├── argo-appprojects.admin.yaml │ │ ├── argo-applications.admin.yaml │ │ ├── argo-workflows.admin.yaml │ │ ├── kustomization.yaml │ │ ├── argo-workflowtemplates.view.yaml │ │ ├── sealedsecrets.admin.yaml │ │ └── externalsecrets.admin.yaml │ ├── services.view.yaml │ ├── batch.view.yaml │ ├── configmaps.view.yaml │ ├── daemonsets.view.yaml │ ├── ingresses.view.yaml │ ├── statefulsets.view.yaml │ ├── serviceaccounts.view.yaml │ ├── deployments.view.yaml │ ├── secrets.admin.yaml │ ├── configmaps.admin.yaml │ ├── pods.view.yaml │ ├── customresourcedefinitions.view.yaml │ ├── nodes.view.yaml │ ├── namespaces.view.yaml │ ├── serviceaccounts.admin.yaml │ ├── daemonsets.admin.yaml │ ├── batch.admin.yaml │ ├── rbac.view.yaml │ ├── ingresses.admin.yaml │ ├── statefulsets.admin.yaml │ ├── deployments.admin.yaml │ ├── services.admin.yaml │ └── customresourcedefinitions.admin.yaml │ └── sets │ ├── kustomization.yaml │ ├── admin.yaml │ ├── cluster-admin.yaml │ ├── edit.yaml │ ├── view.yaml │ ├── batch.template-admin.yaml │ ├── batch.view.yaml │ └── batch.admin.yaml ├── development ├── redoc │ ├── config.env │ ├── service.yaml │ └── kustomization.yaml └── api-docs-server │ ├── kustomization.yaml │ └── service.yaml └── .editorconfig /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @tedilabs/infra 2 | -------------------------------------------------------------------------------- /misc/atlantis/v0.18/files/repos.yaml: -------------------------------------------------------------------------------- 1 | repos: [] 2 | -------------------------------------------------------------------------------- /misc/atlantis/v0.19/files/repos.yaml: -------------------------------------------------------------------------------- 1 | repos: [] 2 | -------------------------------------------------------------------------------- /misc/atlantis/v0.21/files/repos.yaml: -------------------------------------------------------------------------------- 1 | repos: [] 2 | -------------------------------------------------------------------------------- /misc/atlantis/v0.23/files/repos.yaml: -------------------------------------------------------------------------------- 1 | repos: [] 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # k8s-repository 2 | ♻️ Repository for Reusable Kubernetes App Manifests with Kustomize 3 | -------------------------------------------------------------------------------- /observability/alertmanager/configurations/images.yaml: -------------------------------------------------------------------------------- 1 | images: 2 | - path: spec/image 3 | kind: Alertmanager 4 | -------------------------------------------------------------------------------- /observability/kibana/v7.13/files/kibana.yml: -------------------------------------------------------------------------------- 1 | server.name: kibana 2 | server.host: "0" 3 | server.port: 5601 4 | -------------------------------------------------------------------------------- /observability/kibana/v7.15/files/kibana.yml: -------------------------------------------------------------------------------- 1 | server.name: kibana 2 | server.host: "0" 3 | server.port: 5601 4 | -------------------------------------------------------------------------------- /observability/logstash/v7.13/files/pipelines.yml: -------------------------------------------------------------------------------- 1 | - pipeline.id: main 2 | path.config: "pipelines/main.conf" 3 | -------------------------------------------------------------------------------- /observability/logstash/v7.15/files/pipelines.yml: -------------------------------------------------------------------------------- 1 | - pipeline.id: main 2 | path.config: "pipelines/main.conf" 3 | -------------------------------------------------------------------------------- /observability/prometheus/configurations/images.yaml: -------------------------------------------------------------------------------- 1 | images: 2 | - path: spec/image 3 | kind: Prometheus 4 | -------------------------------------------------------------------------------- /addons/coredns/components/cluster-ip/service.yaml: -------------------------------------------------------------------------------- 1 | - op: replace 2 | path: /spec/clusterIP 3 | value: "172.20.0.10" 4 | -------------------------------------------------------------------------------- /sample-services/http-https-echo/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: http-https-echo 5 | -------------------------------------------------------------------------------- /addons/argo-rollouts/v1.3/base/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: argo-rollouts-notification-secret 5 | -------------------------------------------------------------------------------- /addons/argo-rollouts/v1.4/base/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: argo-rollouts-notification-secret 5 | -------------------------------------------------------------------------------- /addons/coredns/components/fargate/deployment.yaml: -------------------------------------------------------------------------------- 1 | - op: remove 2 | path: /spec/template/metadata/annotations/eks.amazonaws.com~1compute-type 3 | -------------------------------------------------------------------------------- /addons/coredns/v1.8/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - ../2020-10-29 6 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "github-actions" 4 | directory: "/" 5 | schedule: 6 | interval: "daily" 7 | -------------------------------------------------------------------------------- /addons/argo-rollouts/resources/notifications/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: argo-rollouts-notification-configmap -------------------------------------------------------------------------------- /addons/argo-workflows/v3.4/workflow-controller/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: workflow-controller-configmap 5 | -------------------------------------------------------------------------------- /misc/op-scim-bridge/README.md: -------------------------------------------------------------------------------- 1 | # op-scim-secret 2 | 3 | 4 | ## References 5 | 6 | - https://github.com/1Password/scim-examples/tree/master/kubernetes 7 | -------------------------------------------------------------------------------- /resources/cluster-roles/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - units 6 | - sets 7 | -------------------------------------------------------------------------------- /misc/doraemon/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: doraemon 5 | labels: 6 | app.kubernetes.io/name: "doraemon" 7 | -------------------------------------------------------------------------------- /observability/prometheus/configurations/namespace.yaml: -------------------------------------------------------------------------------- 1 | namespace: 2 | - path: spec/alerting/alertmanagers/namespace 3 | kind: Prometheus 4 | create: true 5 | -------------------------------------------------------------------------------- /addons/argo-cd/components/custom-tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 2 | kind: Component 3 | 4 | patches: 5 | - path: patch.yaml 6 | -------------------------------------------------------------------------------- /development/redoc/config.env: -------------------------------------------------------------------------------- 1 | PAGE_TITLE=ReDoc 2 | PAGE_FAVICON=favicon.png 3 | SPEC_URL=http://petstore.swagger.io/v2/swagger.json 4 | PORT=80 5 | # REDOC_OPTIONS= 6 | -------------------------------------------------------------------------------- /misc/atlantis/v0.17/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: atlantis 5 | labels: 6 | app.kubernetes.io/name: "atlantis" 7 | -------------------------------------------------------------------------------- /misc/atlantis/v0.18/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: atlantis 5 | labels: 6 | app.kubernetes.io/name: "atlantis" 7 | -------------------------------------------------------------------------------- /misc/atlantis/v0.19/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: atlantis 5 | labels: 6 | app.kubernetes.io/name: "atlantis" 7 | -------------------------------------------------------------------------------- /misc/atlantis/v0.21/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: atlantis 5 | labels: 6 | app.kubernetes.io/name: "atlantis" 7 | -------------------------------------------------------------------------------- /misc/atlantis/v0.23/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: atlantis 5 | labels: 6 | app.kubernetes.io/name: "atlantis" 7 | -------------------------------------------------------------------------------- /observability/kibana/v7.13/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: kibana 5 | labels: 6 | app.kubernetes.io/name: "kibana" 7 | -------------------------------------------------------------------------------- /observability/kibana/v7.15/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: kibana 5 | labels: 6 | app.kubernetes.io/name: "kibana" 7 | -------------------------------------------------------------------------------- /observability/alertmanager/configurations/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 2 | kind: Component 3 | 4 | configurations: 5 | - images.yaml 6 | -------------------------------------------------------------------------------- /observability/grafana/v7.5/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: grafana 5 | labels: 6 | app.kubernetes.io/name: "grafana" 7 | -------------------------------------------------------------------------------- /observability/grafana/v8.2/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: grafana 5 | labels: 6 | app.kubernetes.io/name: "grafana" 7 | -------------------------------------------------------------------------------- /observability/grafana/v8.4/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: grafana 5 | labels: 6 | app.kubernetes.io/name: "grafana" 7 | -------------------------------------------------------------------------------- /observability/grafana/v8.5/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: grafana 5 | labels: 6 | app.kubernetes.io/name: "grafana" 7 | -------------------------------------------------------------------------------- /observability/grafana/v9.0/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: grafana 5 | labels: 6 | app.kubernetes.io/name: "grafana" 7 | -------------------------------------------------------------------------------- /observability/grafana/v9.3/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: grafana 5 | labels: 6 | app.kubernetes.io/name: "grafana" 7 | -------------------------------------------------------------------------------- /observability/grafana/v9.5/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: grafana 5 | labels: 6 | app.kubernetes.io/name: "grafana" 7 | -------------------------------------------------------------------------------- /observability/logstash/v7.13/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: logstash 5 | labels: 6 | app.kubernetes.io/name: "logstash" 7 | -------------------------------------------------------------------------------- /observability/logstash/v7.15/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: logstash 5 | labels: 6 | app.kubernetes.io/name: "logstash" 7 | -------------------------------------------------------------------------------- /addons/argo-cd-extensions/resources/rollouts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - argo-cd-extension.yaml 6 | -------------------------------------------------------------------------------- /addons/aws-ebs-csi-driver/v1.14/csi-node/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - daemonset.yaml 6 | - rbac.yaml 7 | -------------------------------------------------------------------------------- /observability/prometheus/resources/prometheus-rule/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - prometheus-rule.yaml 6 | -------------------------------------------------------------------------------- /observability/prometheus/resources/service-monitor/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - service-monitor.yaml 6 | -------------------------------------------------------------------------------- /addons/argo-workflows/resources/workflow-controller-metrics/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - service.yaml 6 | -------------------------------------------------------------------------------- /addons/csi-snapshotter/v6.3/snapshot-controller/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - rbac.yaml 5 | - deployment.yaml 6 | -------------------------------------------------------------------------------- /addons/kube-state-metrics/resources/service-monitor/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - service-monitor.yaml 6 | -------------------------------------------------------------------------------- /misc/dashy/v3/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: dashy 5 | labels: 6 | app.kubernetes.io/name: "dashy" 7 | automountServiceAccountToken: true 8 | -------------------------------------------------------------------------------- /observability/alertmanager/resources/prometheus-rule/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - prometheus-rule.yaml 6 | -------------------------------------------------------------------------------- /observability/alertmanager/resources/service-monitor/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - service-monitor.yaml 6 | -------------------------------------------------------------------------------- /observability/prometheus/configurations/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 2 | kind: Component 3 | 4 | configurations: 5 | - images.yaml 6 | - namespace.yaml 7 | -------------------------------------------------------------------------------- /addons/csi-snapshotter/v6.2/snapshot-controller/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - rbac.yaml 6 | - deployment.yaml 7 | -------------------------------------------------------------------------------- /observability/prometheus-operator/resources/prometheus-rule/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - prometheus-rule.yaml 6 | -------------------------------------------------------------------------------- /observability/prometheus-operator/resources/service-monitor/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - service-monitor.yaml 6 | -------------------------------------------------------------------------------- /misc/miniflux/v2/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: miniflux 5 | labels: 6 | app.kubernetes.io/name: "miniflux" 7 | automountServiceAccountToken: true 8 | -------------------------------------------------------------------------------- /observability/apm-server/v7.13/files/apm-server.yml: -------------------------------------------------------------------------------- 1 | apm-server: 2 | # Defines the host and port the server is listening on. 3 | host: "0.0.0.0:8200" 4 | 5 | output.console: 6 | enabled: true 7 | -------------------------------------------------------------------------------- /observability/apm-server/v7.15/files/apm-server.yml: -------------------------------------------------------------------------------- 1 | apm-server: 2 | # Defines the host and port the server is listening on. 3 | host: "0.0.0.0:8200" 4 | 5 | output.console: 6 | enabled: true 7 | -------------------------------------------------------------------------------- /observability/gatus/v5/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: gatus 5 | labels: 6 | app.kubernetes.io/name: "gatus" 7 | automountServiceAccountToken: true 8 | -------------------------------------------------------------------------------- /observability/prometheus-operator/components/service-monitor-coredns/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 2 | kind: Component 3 | 4 | resources: 5 | - service-monitor.yaml 6 | -------------------------------------------------------------------------------- /observability/prometheus-operator/components/service-monitor-kubelet/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 2 | kind: Component 3 | 4 | resources: 5 | - service-monitor.yaml 6 | -------------------------------------------------------------------------------- /addons/argo-workflows/v3.4/argo-server/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - rbac.yaml 7 | - service.yaml 8 | -------------------------------------------------------------------------------- /addons/kubernetes-dashboard/README.md: -------------------------------------------------------------------------------- 1 | # kubernetes-dashboard 2 | 3 | 4 | ## Getting Started 5 | 6 | ```sh 7 | $ kubectl -k ./ 8 | ``` 9 | 10 | 11 | ## TODO 12 | 13 | - Service Account 추가 14 | -------------------------------------------------------------------------------- /observability/prometheus-operator/components/service-monitor-api-server/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 2 | kind: Component 3 | 4 | resources: 5 | - service-monitor.yaml 6 | -------------------------------------------------------------------------------- /addons/argo-cd/components/notifications-catalog/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 2 | kind: Component 3 | 4 | patchesStrategicMerge: 5 | - config-map.argocd-notifications-cm.yaml 6 | -------------------------------------------------------------------------------- /observability/grafana/resources/service-monitor/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - service-monitor.yaml 6 | 7 | namespace: default 8 | -------------------------------------------------------------------------------- /observability/prometheus-exporters/node-exporter/resources/prometheus-rule/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - prometheus-rule.yaml 6 | -------------------------------------------------------------------------------- /observability/prometheus-exporters/node-exporter/resources/service-monitor/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - service-monitor.yaml 6 | -------------------------------------------------------------------------------- /addons/argo-workflows/v3.4/workflow-controller/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - configmap.yaml 6 | - deployment.yaml 7 | - rbac.yaml 8 | -------------------------------------------------------------------------------- /addons/aws-node-termination-handler/resources/service-monitor/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - service.yaml 6 | - service-monitor.yaml 7 | -------------------------------------------------------------------------------- /addons/coredns/components/cluster-ip/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 2 | kind: Component 3 | 4 | patches: 5 | - path: service.yaml 6 | target: 7 | version: v1 8 | kind: Service 9 | -------------------------------------------------------------------------------- /addons/kubernetes-external-secrets/resources/service-monitor/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - service-monitor.yaml 6 | 7 | namespace: default 8 | -------------------------------------------------------------------------------- /addons/traefik-ingress-controller/resources/service-monitors/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - service-monitor.yaml 6 | 7 | namespace: default 8 | -------------------------------------------------------------------------------- /observability/gatus/v5/files/config.yaml: -------------------------------------------------------------------------------- 1 | endpoints: 2 | - name: example 3 | url: https://example.org 4 | interval: 60s 5 | conditions: 6 | - "[STATUS] == 200" 7 | - "[BODY] == pat(*

Example Domain

*)" 8 | -------------------------------------------------------------------------------- /observability/logstash/v7.13/files/pipelines/main.conf: -------------------------------------------------------------------------------- 1 | input { 2 | exec { 3 | command => "uptime" 4 | interval => 30 5 | } 6 | } 7 | 8 | output { 9 | stdout { 10 | codec => json 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /observability/logstash/v7.15/files/pipelines/main.conf: -------------------------------------------------------------------------------- 1 | input { 2 | exec { 3 | command => "uptime" 4 | interval => 30 5 | } 6 | } 7 | 8 | output { 9 | stdout { 10 | codec => json 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /addons/aws-ebs-csi-driver/v1.14/csi-controller/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - csi-driver.yaml 6 | - deployment.yaml 7 | - pdb.yaml 8 | - rbac.yaml 9 | -------------------------------------------------------------------------------- /addons/csi-snapshotter/v6.2/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - volumesnapshotclasses.yaml 6 | - volumesnapshotcontents.yaml 7 | - volumesnapshots.yaml 8 | -------------------------------------------------------------------------------- /addons/metrics-server/components/ha/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 2 | kind: Component 3 | 4 | resources: 5 | - pdb.yaml 6 | patches: 7 | - path: deployment.yaml 8 | target: 9 | kind: Deployment 10 | -------------------------------------------------------------------------------- /addons/argo-rollouts/components/init-rollout/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 2 | kind: Component 3 | 4 | configurations: 5 | - ./rollout-transform.yaml 6 | 7 | openapi: 8 | path: ./argo-all-k8s-kustomize-schema.json 9 | -------------------------------------------------------------------------------- /addons/coredns/components/fargate/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 2 | kind: Component 3 | 4 | patches: 5 | - path: deployment.yaml 6 | target: 7 | group: apps 8 | version: v1 9 | kind: Deployment 10 | -------------------------------------------------------------------------------- /addons/argo-workflows/v3.4/argo-server/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: argo-server 5 | spec: 6 | selector: 7 | app: argo-server 8 | ports: 9 | - name: web 10 | port: 2746 11 | targetPort: 2746 12 | -------------------------------------------------------------------------------- /addons/external-secrets/v0.5/webhook/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: external-secrets-webhook 5 | labels: 6 | app.kubernetes.io/name: external-secrets-webhook 7 | app.kubernetes.io/instance: external-secrets 8 | -------------------------------------------------------------------------------- /addons/external-secrets/v0.6/webhook/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: external-secrets-webhook 5 | labels: 6 | app.kubernetes.io/name: external-secrets-webhook 7 | app.kubernetes.io/instance: external-secrets 8 | -------------------------------------------------------------------------------- /misc/atlantis/v0.18/config.env: -------------------------------------------------------------------------------- 1 | ATLANTIS_DATA_DIR=/atlantis 2 | ATLANTIS_CONFIG=/atlantis/config/atlantis.yaml 3 | ATLANTIS_REPO_CONFIG=/atlantis/config/repos.yaml 4 | ATLANTIS_PORT=4141 5 | ATLANTIS_ATLANTIS_URL=http://$(hostname):$port 6 | ATLANTIS_LOG_LEVEL=info 7 | -------------------------------------------------------------------------------- /misc/atlantis/v0.19/config.env: -------------------------------------------------------------------------------- 1 | ATLANTIS_DATA_DIR=/atlantis 2 | ATLANTIS_CONFIG=/atlantis/config/atlantis.yaml 3 | ATLANTIS_REPO_CONFIG=/atlantis/config/repos.yaml 4 | ATLANTIS_PORT=4141 5 | ATLANTIS_ATLANTIS_URL=http://$(hostname):$port 6 | ATLANTIS_LOG_LEVEL=info 7 | -------------------------------------------------------------------------------- /misc/atlantis/v0.21/config.env: -------------------------------------------------------------------------------- 1 | ATLANTIS_DATA_DIR=/atlantis 2 | ATLANTIS_CONFIG=/atlantis/config/atlantis.yaml 3 | ATLANTIS_REPO_CONFIG=/atlantis/config/repos.yaml 4 | ATLANTIS_PORT=4141 5 | ATLANTIS_ATLANTIS_URL=http://$(hostname):$port 6 | ATLANTIS_LOG_LEVEL=info 7 | -------------------------------------------------------------------------------- /misc/atlantis/v0.23/config.env: -------------------------------------------------------------------------------- 1 | ATLANTIS_DATA_DIR=/atlantis 2 | ATLANTIS_CONFIG=/atlantis/config/atlantis.yaml 3 | ATLANTIS_REPO_CONFIG=/atlantis/config/repos.yaml 4 | ATLANTIS_PORT=4141 5 | ATLANTIS_ATLANTIS_URL=http://$(hostname):$port 6 | ATLANTIS_LOG_LEVEL=info 7 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # Top-most EditorConfig file 2 | root = true 3 | 4 | [*] 5 | charset = utf-8 6 | end_of_line = LF 7 | trim_trailing_whitespace = true 8 | insert_final_newline = true 9 | 10 | [*.{yml,yaml,json}] 11 | indent_style = space 12 | indent_size = 2 13 | -------------------------------------------------------------------------------- /addons/cert-manager/v1.10/configurations.yaml: -------------------------------------------------------------------------------- 1 | namespace: 2 | - path: webhooks/clientConfig/service/namespace 3 | kind: MutatingWebhookConfiguration 4 | create: true 5 | - path: webhooks/clientConfig/service/namespace 6 | kind: ValidatingWebhookConfiguration 7 | create: true 8 | -------------------------------------------------------------------------------- /addons/metrics-server/components/ha/pdb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | name: metrics-server 5 | namespace: kube-system 6 | spec: 7 | minAvailable: 1 8 | selector: 9 | matchLabels: 10 | k8s-app: metrics-server 11 | -------------------------------------------------------------------------------- /addons/argo-rollouts/v1.3/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - rollout-crd.yaml 6 | - experiment-crd.yaml 7 | - analysis-run-crd.yaml 8 | - analysis-template-crd.yaml 9 | - cluster-analysis-template-crd.yaml 10 | -------------------------------------------------------------------------------- /addons/argo-rollouts/v1.4/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - rollout-crd.yaml 6 | - experiment-crd.yaml 7 | - analysis-run-crd.yaml 8 | - analysis-template-crd.yaml 9 | - cluster-analysis-template-crd.yaml 10 | -------------------------------------------------------------------------------- /observability/alertmanager/v0.24/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: alert-router 6 | app.kubernetes.io/instance: main 7 | app.kubernetes.io/name: alertmanager 8 | name: alertmanager-main 9 | type: Opaque 10 | -------------------------------------------------------------------------------- /observability/heartbeat/v7.13/files/heartbeat.yml: -------------------------------------------------------------------------------- 1 | heartbeat.monitors: 2 | - type: icmp 3 | schedule: '@every 10s' 4 | hosts: 5 | - localhost 6 | 7 | http: 8 | enabled: true 9 | host: 0.0.0.0 10 | port: 5066 11 | 12 | output.console: 13 | enabled: true 14 | pretty: false 15 | -------------------------------------------------------------------------------- /observability/heartbeat/v7.15/files/heartbeat.yml: -------------------------------------------------------------------------------- 1 | heartbeat.monitors: 2 | - type: icmp 3 | schedule: '@every 10s' 4 | hosts: 5 | - localhost 6 | 7 | http: 8 | enabled: true 9 | host: 0.0.0.0 10 | port: 5066 11 | 12 | output.console: 13 | enabled: true 14 | pretty: false 15 | -------------------------------------------------------------------------------- /addons/external-secrets/v0.5/webhook/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: external-secrets-webhook 5 | labels: 6 | app.kubernetes.io/name: external-secrets-webhook 7 | app.kubernetes.io/instance: external-secrets 8 | external-secrets.io/component: webhook 9 | -------------------------------------------------------------------------------- /addons/external-secrets/v0.6/webhook/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: external-secrets-webhook 5 | labels: 6 | app.kubernetes.io/name: external-secrets-webhook 7 | app.kubernetes.io/instance: external-secrets 8 | external-secrets.io/component: webhook 9 | -------------------------------------------------------------------------------- /addons/argo-cd/v1.8/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - install.yaml 6 | components: 7 | - ../components/custom-tools 8 | 9 | namespace: default 10 | 11 | images: 12 | - name: "argoproj/argocd" 13 | newTag: "v1.8.6" 14 | -------------------------------------------------------------------------------- /addons/argo-cd/v2.0/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - install.yaml 6 | components: 7 | - ../components/custom-tools 8 | 9 | namespace: default 10 | 11 | images: 12 | - name: "quay.io/argoproj/argocd" 13 | newTag: "v2.0.3" 14 | -------------------------------------------------------------------------------- /sample-services/whoami/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | 8 | namespace: default 9 | labels: 10 | - pairs: 11 | app.kubernetes.io/part-of: "whoami" 12 | includeSelectors: false 13 | -------------------------------------------------------------------------------- /addons/argo-workflows/resources/service-account-argo-workflow-executor/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - rbac.yaml 6 | - secret.yaml 7 | 8 | namespace: default 9 | commonLabels: 10 | app.kubernetes.io/part-of: "argo-workflow" 11 | -------------------------------------------------------------------------------- /addons/argo-workflows/resources/service-account-argo-workflow-executor/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | type: kubernetes.io/service-account-token 4 | metadata: 5 | name: argo-workflow-executor.service-account-token 6 | annotations: 7 | kubernetes.io/service-account.name: argo-workflow-executor 8 | -------------------------------------------------------------------------------- /addons/cert-manager/v1.10/configmaps.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: cert-manager-webhook 5 | labels: 6 | app: webhook 7 | app.kubernetes.io/name: webhook 8 | app.kubernetes.io/instance: cert-manager 9 | app.kubernetes.io/component: "webhook" 10 | data: {} 11 | -------------------------------------------------------------------------------- /misc/kafdrop/v3.7/config.env: -------------------------------------------------------------------------------- 1 | KAFKA_BROKERCONNECT= 2 | # KAFKA_PROPERTIES_FILE=/opt/kafdrop/kafka.properties 3 | # KAFKA_TRUSTSTORE_FILE=/opt/kafdrop/kafka.truststore.jks 4 | # KAFKA_KEYSTORE_FILE=/opt/kafdrop/kafka.keystore.jks 5 | # JVM_OPTS=-Xms32M -Xmx64M 6 | SERVER_PORT=9000 7 | CMD_ARGS="--message.format=DEFAULT" 8 | -------------------------------------------------------------------------------- /addons/aws-ebs-csi-driver/v1.14/csi-controller/csi-driver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: CSIDriver 3 | metadata: 4 | name: ebs.csi.aws.com 5 | labels: 6 | app.kubernetes.io/name: aws-ebs-csi-driver 7 | spec: 8 | attachRequired: true 9 | podInfoOnMount: false 10 | fsGroupPolicy: File 11 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/pods.log.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:pods:log 5 | labels: 6 | rbac.authorization.k8s.io/unit: "pods-log" 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - pods/log 12 | verbs: 13 | - get 14 | -------------------------------------------------------------------------------- /sample-services/rollouts-demo/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - rollout.yaml 6 | - service.yaml 7 | 8 | namespace: default 9 | labels: 10 | - pairs: 11 | app.kubernetes.io/part-of: "rollouts-demo" 12 | includeSelectors: false 13 | -------------------------------------------------------------------------------- /.github/labeler.yaml: -------------------------------------------------------------------------------- 1 | # Domains 2 | "addons": 3 | - changed-files: 4 | - any-glob-to-any-file: 5 | - addons/**/* 6 | 7 | "misc": 8 | - changed-files: 9 | - any-glob-to-any-file: 10 | - misc/**/* 11 | 12 | "observability": 13 | - changed-files: 14 | - any-glob-to-any-file: 15 | - observability/**/* 16 | -------------------------------------------------------------------------------- /addons/argo-cd-extensions/v0.2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 2 | kind: Component 3 | 4 | resources: 5 | - crds 6 | - rbac 7 | 8 | patchesStrategicMerge: 9 | - deployment.argocd-server.yaml 10 | 11 | images: 12 | - name: ghcr.io/argoproj-labs/argocd-extensions 13 | newTag: v0.2.1 14 | -------------------------------------------------------------------------------- /addons/argo-cd/resources/service-monitors/service-monitor.argocd-metrics.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: argocd-metrics 5 | spec: 6 | endpoints: 7 | - port: metrics 8 | selector: 9 | matchLabels: 10 | app.kubernetes.io/name: "argocd-metrics" 11 | -------------------------------------------------------------------------------- /misc/op-scim-bridge/v2.0/config.env: -------------------------------------------------------------------------------- 1 | # Set this to the FQDN you've selected for your SCIM Bridge deployment 2 | # OP_LETSENCRYPT_DOMAIN= 3 | OP_PORT=3002 4 | # (advanced) only change the options below if you need to 5 | OP_REDIS_URL=redis://op-scim-redis:6379 6 | OP_SESSION=/secret/scimsession 7 | OP_PRETTY_LOGS=0 8 | OP_DEBUG=0 9 | -------------------------------------------------------------------------------- /observability/alertmanager/v0.24/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | automountServiceAccountToken: false 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: alert-router 7 | app.kubernetes.io/instance: main 8 | app.kubernetes.io/name: alertmanager 9 | name: alertmanager-main 10 | -------------------------------------------------------------------------------- /observability/grafana/resources/service-monitor/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: grafana 5 | spec: 6 | endpoints: 7 | - interval: 15s 8 | port: http 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: "grafana" 12 | -------------------------------------------------------------------------------- /resources/cluster-roles/sets/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | ## Base 6 | - view.yaml 7 | - edit.yaml 8 | - admin.yaml 9 | - cluster-admin.yaml 10 | ## Domain 11 | - batch.view.yaml 12 | - batch.template-admin.yaml 13 | - batch.admin.yaml 14 | -------------------------------------------------------------------------------- /observability/logstash/v7.13/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1beta1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | name: logstash 5 | labels: 6 | app.kubernetes.io/name: "logstash" 7 | spec: 8 | selector: 9 | matchLabels: 10 | app.kubernetes.io/name: "logstash" 11 | maxUnavailable: 1 12 | -------------------------------------------------------------------------------- /observability/logstash/v7.15/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1beta1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | name: logstash 5 | labels: 6 | app.kubernetes.io/name: "logstash" 7 | spec: 8 | selector: 9 | matchLabels: 10 | app.kubernetes.io/name: "logstash" 11 | maxUnavailable: 1 12 | -------------------------------------------------------------------------------- /observability/prometheus-operator/v0.44.1/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - deployment.yaml 7 | - service.yaml 8 | - rbac.yaml 9 | 10 | namespace: default 11 | commonLabels: 12 | app.kubernetes.io/part-of: "prometheus-operator" 13 | -------------------------------------------------------------------------------- /addons/argo-rollouts/v1.3/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crds 6 | - base 7 | - dashboard 8 | 9 | labels: 10 | - pairs: 11 | app.kubernetes.io/part-of: "argo-rollouts" 12 | app.kubernetes.io/version: "v1.3.1" 13 | includeSelectors: false 14 | -------------------------------------------------------------------------------- /addons/argo-rollouts/v1.4/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crds 6 | - base 7 | - dashboard 8 | 9 | labels: 10 | - pairs: 11 | app.kubernetes.io/part-of: "argo-rollouts" 12 | app.kubernetes.io/version: "v1.4.0" 13 | includeSelectors: false 14 | -------------------------------------------------------------------------------- /addons/argo-cd-extensions/v0.2/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - argocdextensions.yaml 6 | 7 | labels: 8 | - pairs: 9 | app.kubernetes.io/part-of: "argocd-extensions" 10 | app.kubernetes.io/version: "v0.2.1" 11 | includeTemplates: true 12 | -------------------------------------------------------------------------------- /addons/argo-cd/resources/service-monitors/service-monitor.argocd-server-metrics.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: argocd-server-metrics 5 | spec: 6 | endpoints: 7 | - port: metrics 8 | selector: 9 | matchLabels: 10 | app.kubernetes.io/name: "argocd-server-metrics" 11 | -------------------------------------------------------------------------------- /addons/argo-workflows/resources/service-monitor/service-monitor.workflow-controller-metrics.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: workflow-controller-metrics 5 | spec: 6 | endpoints: 7 | - port: metrics 8 | selector: 9 | matchLabels: 10 | app: "workflow-controller" 11 | -------------------------------------------------------------------------------- /addons/cert-manager/v1.7/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: cert-manager-webhook 5 | namespace: cert-manager 6 | labels: 7 | app: webhook 8 | app.kubernetes.io/name: webhook 9 | app.kubernetes.io/instance: cert-manager 10 | app.kubernetes.io/component: "webhook" 11 | data: {} 12 | -------------------------------------------------------------------------------- /addons/csi-snapshotter/v6.3/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - volumesnapshotclasses.yaml 5 | - volumesnapshotcontents.yaml 6 | - volumesnapshots.yaml 7 | - volumegroupsnapshots.yaml 8 | - volumegroupsnapshotclasses.yaml 9 | - volumegroupsnapshotcontents.yaml 10 | -------------------------------------------------------------------------------- /development/redoc/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: redoc 5 | labels: 6 | app.kubernetes.io/name: "redoc" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "redoc" 16 | -------------------------------------------------------------------------------- /misc/dashy/v3/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: dashy 5 | labels: 6 | app.kubernetes.io/name: "dashy" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "dashy" 16 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/pods.shell.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:pods:shell 5 | labels: 6 | rbac.authorization.k8s.io/unit: "pods-shell" 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - pods/exec 12 | verbs: 13 | - create 14 | - get 15 | -------------------------------------------------------------------------------- /sample-services/http-https-echo/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | namespace: default 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "http-https-echo" 13 | includeSelectors: false 14 | -------------------------------------------------------------------------------- /addons/traefik-ingress-controller/resources/service-monitors/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: traefik-metrics 5 | spec: 6 | endpoints: 7 | - port: metrics 8 | path: /metrics 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: "traefik" 12 | -------------------------------------------------------------------------------- /observability/gatus/v5/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: gatus 5 | labels: 6 | app.kubernetes.io/name: "gatus" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "gatus" 16 | -------------------------------------------------------------------------------- /observability/prometheus-exporters/kafka-exporter/resources/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: kafka-exporter 5 | spec: 6 | endpoints: 7 | - interval: 15s 8 | port: http 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: "kafka-exporter" 12 | -------------------------------------------------------------------------------- /observability/prometheus-exporters/redis-exporter/resources/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: redis-exporter 5 | spec: 6 | endpoints: 7 | - interval: 15s 8 | port: http 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: "redis-exporter" 12 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/secrets.list.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:secrets:list 5 | labels: 6 | rbac.authorization.k8s.io/unit: "secrets-list" 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - secrets 12 | verbs: 13 | - list 14 | - watch 15 | -------------------------------------------------------------------------------- /addons/argo-cd/resources/service-monitors/service-monitor.argocd-repo-server-metrics.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: argocd-repo-server-metrics 5 | spec: 6 | endpoints: 7 | - port: metrics 8 | selector: 9 | matchLabels: 10 | app.kubernetes.io/name: "argocd-repo-server" 11 | -------------------------------------------------------------------------------- /addons/argo-workflows/resources/service-monitor/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - service-monitor.workflow-controller-metrics.yaml 6 | 7 | namespace: default 8 | labels: 9 | - pairs: 10 | app.kubernetes.io/part-of: "argo-workflow" 11 | includeSelectors: false 12 | -------------------------------------------------------------------------------- /addons/metrics-server/v0.4/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - apiservice.yaml 6 | - deployment.yaml 7 | - rbac.yaml 8 | - service.yaml 9 | 10 | namespace: default 11 | 12 | images: 13 | - name: "registry.k8s.io/metrics-server/metrics-server" 14 | newTag: "v0.4.2" 15 | -------------------------------------------------------------------------------- /addons/metrics-server/v0.5/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - apiservice.yaml 6 | - deployment.yaml 7 | - rbac.yaml 8 | - service.yaml 9 | 10 | namespace: kube-system 11 | 12 | images: 13 | - name: "registry.k8s.io/metrics-server/metrics-server" 14 | newTag: "v0.5.1" 15 | -------------------------------------------------------------------------------- /development/api-docs-server/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | 8 | namespace: default 9 | commonLabels: 10 | app.kubernetes.io/part-of: "api-docs-server" 11 | 12 | images: 13 | - name: "api-docs-server" 14 | newTag: "latest" 15 | -------------------------------------------------------------------------------- /misc/kafdrop/v3.7/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kafdrop 5 | labels: 6 | app.kubernetes.io/name: "kafdrop" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "kafdrop" 16 | -------------------------------------------------------------------------------- /observability/prometheus-operator/v0.57/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - alertmanager.yaml 6 | - alertmanager-config.yaml 7 | - pod-monitor.yaml 8 | - probe.yaml 9 | - prometheus.yaml 10 | - prometheus-rule.yaml 11 | - service-monitor.yaml 12 | - thanos-ruler.yaml 13 | -------------------------------------------------------------------------------- /resources/cluster-roles/sets/admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: set:admin 5 | labels: 6 | rbac.authorization.k8s.io/set: "admin" 7 | aggregationRule: 8 | clusterRoleSelectors: 9 | - matchLabels: 10 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 11 | rules: [] 12 | -------------------------------------------------------------------------------- /sample-services/whoami/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: whoami 5 | labels: 6 | app.kubernetes.io/name: "whoami" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "whoami" 16 | -------------------------------------------------------------------------------- /addons/reflector/v6.0/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - rbac.yaml 7 | 8 | namespace: kube-system 9 | commonLabels: 10 | app.kubernetes.io/part-of: "reflector" 11 | 12 | images: 13 | - name: "emberstack/kubernetes-reflector" 14 | newTag: "6.0.21" 15 | -------------------------------------------------------------------------------- /misc/atlantis/v0.17/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: atlantis 5 | labels: 6 | app.kubernetes.io/name: "atlantis" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "atlantis" 16 | -------------------------------------------------------------------------------- /misc/atlantis/v0.18/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: atlantis 5 | labels: 6 | app.kubernetes.io/name: "atlantis" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "atlantis" 16 | -------------------------------------------------------------------------------- /misc/atlantis/v0.19/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: atlantis 5 | labels: 6 | app.kubernetes.io/name: "atlantis" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "atlantis" 16 | -------------------------------------------------------------------------------- /misc/atlantis/v0.21/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: atlantis 5 | labels: 6 | app.kubernetes.io/name: "atlantis" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "atlantis" 16 | -------------------------------------------------------------------------------- /misc/atlantis/v0.23/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: atlantis 5 | labels: 6 | app.kubernetes.io/name: "atlantis" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "atlantis" 16 | -------------------------------------------------------------------------------- /misc/op-scim-bridge/v2.0/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: op-scim-bridge 5 | labels: 6 | app.kubernetes.io/name: "op-scim-bridge" 7 | spec: 8 | ports: 9 | - name: http 10 | protocol: TCP 11 | port: 80 12 | targetPort: 3002 13 | selector: 14 | app.kubernetes.io/name: "op-scim-bridge" 15 | -------------------------------------------------------------------------------- /observability/grafana/v7.5/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: grafana 5 | labels: 6 | app.kubernetes.io/name: "grafana" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "grafana" 16 | -------------------------------------------------------------------------------- /observability/grafana/v8.2/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: grafana 5 | labels: 6 | app.kubernetes.io/name: "grafana" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "grafana" 16 | -------------------------------------------------------------------------------- /observability/grafana/v8.4/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: grafana 5 | labels: 6 | app.kubernetes.io/name: "grafana" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "grafana" 16 | -------------------------------------------------------------------------------- /observability/grafana/v8.5/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: grafana 5 | labels: 6 | app.kubernetes.io/name: "grafana" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "grafana" 16 | -------------------------------------------------------------------------------- /observability/grafana/v9.0/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: grafana 5 | labels: 6 | app.kubernetes.io/name: "grafana" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "grafana" 16 | -------------------------------------------------------------------------------- /observability/grafana/v9.3/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: grafana 5 | labels: 6 | app.kubernetes.io/name: "grafana" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "grafana" 16 | -------------------------------------------------------------------------------- /observability/grafana/v9.5/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: grafana 5 | labels: 6 | app.kubernetes.io/name: "grafana" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "grafana" 16 | -------------------------------------------------------------------------------- /observability/kibana/v7.13/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kibana 5 | labels: 6 | app.kubernetes.io/name: "kibana" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "kibana" 16 | -------------------------------------------------------------------------------- /observability/kibana/v7.15/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kibana 5 | labels: 6 | app.kubernetes.io/name: "kibana" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "kibana" 16 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/secrets.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:secrets:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "secrets-view" 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - secrets 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | -------------------------------------------------------------------------------- /misc/op-scim-bridge/v2.0/redis-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: op-scim-redis 5 | labels: 6 | app.kubernetes.io/name: "op-scim-redis" 7 | spec: 8 | ports: 9 | - name: redis 10 | protocol: TCP 11 | port: 6379 12 | targetPort: 6379 13 | selector: 14 | app.kubernetes.io/name: "op-scim-redis" 15 | -------------------------------------------------------------------------------- /observability/logstash/v7.13/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: logstash 5 | labels: 6 | app.kubernetes.io/name: "logstash" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: 9600 14 | selector: 15 | app.kubernetes.io/name: "logstash" 16 | -------------------------------------------------------------------------------- /observability/logstash/v7.15/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: logstash 5 | labels: 6 | app.kubernetes.io/name: "logstash" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: 9600 14 | selector: 15 | app.kubernetes.io/name: "logstash" 16 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/pods.portforward.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:pods:portforward 5 | labels: 6 | rbac.authorization.k8s.io/unit: "pods-portforward" 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - pods/portforward 12 | verbs: 13 | - create 14 | - get 15 | -------------------------------------------------------------------------------- /addons/argo-cd/v2.1/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - install.yaml 6 | components: 7 | - ../components/custom-tools 8 | 9 | namespace: default 10 | commonLabels: 11 | app.kubernetes.io/part-of: "argo-cd" 12 | 13 | images: 14 | - name: "quay.io/argoproj/argocd" 15 | newTag: "v2.1.3" 16 | -------------------------------------------------------------------------------- /addons/argo-cd/v2.2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - install.yaml 6 | components: 7 | - ../components/custom-tools 8 | 9 | namespace: default 10 | commonLabels: 11 | app.kubernetes.io/part-of: "argo-cd" 12 | 13 | images: 14 | - name: "quay.io/argoproj/argocd" 15 | newTag: "v2.2.5" 16 | -------------------------------------------------------------------------------- /addons/sealed-secrets/v0.16/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sealed-secrets-controller 5 | labels: 6 | app.kubernetes.io/name: "sealed-secrets-controller" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - port: 8080 11 | targetPort: 8080 12 | selector: 13 | app.kubernetes.io/name: "sealed-secrets-controller" 14 | -------------------------------------------------------------------------------- /addons/sealed-secrets/v0.17/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sealed-secrets-controller 5 | labels: 6 | app.kubernetes.io/name: "sealed-secrets-controller" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - port: 8080 11 | targetPort: 8080 12 | selector: 13 | app.kubernetes.io/name: "sealed-secrets-controller" 14 | -------------------------------------------------------------------------------- /addons/sealed-secrets/v0.18/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sealed-secrets-controller 5 | labels: 6 | app.kubernetes.io/name: "sealed-secrets-controller" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - port: 8080 11 | targetPort: 8080 12 | selector: 13 | app.kubernetes.io/name: "sealed-secrets-controller" 14 | -------------------------------------------------------------------------------- /addons/sealed-secrets/v0.19/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sealed-secrets-controller 5 | labels: 6 | app.kubernetes.io/name: "sealed-secrets-controller" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - port: 8080 11 | targetPort: 8080 12 | selector: 13 | app.kubernetes.io/name: "sealed-secrets-controller" 14 | -------------------------------------------------------------------------------- /observability/apm-server/v7.13/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: apm-server 5 | labels: 6 | app.kubernetes.io/name: "apm-server" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 8200 13 | targetPort: 8200 14 | selector: 15 | app.kubernetes.io/name: "apm-server" 16 | -------------------------------------------------------------------------------- /observability/apm-server/v7.15/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: apm-server 5 | labels: 6 | app.kubernetes.io/name: "apm-server" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 8200 13 | targetPort: 8200 14 | selector: 15 | app.kubernetes.io/name: "apm-server" 16 | -------------------------------------------------------------------------------- /observability/prometheus-exporters/elasticsearch-exporter/resources/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: elasticsearch-exporter 5 | spec: 6 | endpoints: 7 | - interval: 15s 8 | port: http 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: "elasticsearch-exporter" 12 | -------------------------------------------------------------------------------- /addons/argo-workflows/resources/workflow-controller-metrics/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: workflow-controller-metrics 5 | labels: 6 | app: workflow-controller 7 | spec: 8 | ports: 9 | - name: metrics 10 | port: 9090 11 | protocol: TCP 12 | targetPort: 9090 13 | selector: 14 | app: workflow-controller 15 | -------------------------------------------------------------------------------- /addons/metrics-server/v0.4/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: metrics-server 5 | namespace: kube-system 6 | labels: 7 | k8s-app: metrics-server 8 | spec: 9 | type: ClusterIP 10 | ports: 11 | - name: https 12 | protocol: TCP 13 | port: 443 14 | targetPort: https 15 | selector: 16 | k8s-app: metrics-server 17 | -------------------------------------------------------------------------------- /addons/metrics-server/v0.5/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: metrics-server 5 | namespace: kube-system 6 | labels: 7 | k8s-app: metrics-server 8 | spec: 9 | type: ClusterIP 10 | ports: 11 | - name: https 12 | protocol: TCP 13 | port: 443 14 | targetPort: https 15 | selector: 16 | k8s-app: metrics-server 17 | -------------------------------------------------------------------------------- /addons/metrics-server/v0.6/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: metrics-server 5 | namespace: kube-system 6 | labels: 7 | k8s-app: metrics-server 8 | spec: 9 | type: ClusterIP 10 | ports: 11 | - name: https 12 | protocol: TCP 13 | port: 443 14 | targetPort: https 15 | selector: 16 | k8s-app: metrics-server 17 | -------------------------------------------------------------------------------- /addons/argo-cd-extensions/resources/rollouts/argo-cd-extension.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: ArgoCDExtension 3 | metadata: 4 | name: argo-rollouts 5 | finalizers: 6 | - extensions-finalizer.argocd.argoproj.io 7 | spec: 8 | sources: 9 | - web: 10 | url: https://github.com/argoproj-labs/rollout-extension/releases/download/v0.3.0/extension.tar 11 | -------------------------------------------------------------------------------- /addons/aws-ebs-csi-driver/v1.14/csi-controller/pdb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | name: ebs-csi-controller 5 | labels: 6 | app.kubernetes.io/name: aws-ebs-csi-driver 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: ebs-csi-controller 11 | app.kubernetes.io/name: aws-ebs-csi-driver 12 | maxUnavailable: 1 13 | -------------------------------------------------------------------------------- /addons/coredns/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | 6 | DOWNLOAD_VERSION="2020-10-29" 7 | DOWNLOAD_URL="https://s3.us-west-2.amazonaws.com/amazon-eks/cloudformation/$DOWNLOAD_VERSION/dns.yaml" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | mkdir -p $DOWNLOAD_DIRECTORY 11 | curl -Ls "$DOWNLOAD_URL" -o $DOWNLOAD_DIRECTORY/coredns.yaml 12 | -------------------------------------------------------------------------------- /addons/metrics-server/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | DOWNLOAD_URL="https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.6.1/components.yaml" 6 | DOWNLOAD_VERSION="v0.6.2" 7 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 8 | 9 | mkdir -p $DOWNLOAD_DIRECTORY 10 | curl -Ls "$DOWNLOAD_URL" -o $DOWNLOAD_DIRECTORY/components.yaml 11 | -------------------------------------------------------------------------------- /development/api-docs-server/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: api-docs-server 5 | labels: 6 | app.kubernetes.io/name: "api-docs-server" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "api-docs-server" 16 | -------------------------------------------------------------------------------- /sample-services/rollouts-demo/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: rollouts-demo 5 | labels: 6 | app.kubernetes.io/name: "rollouts-demo" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "rollouts-demo" 16 | -------------------------------------------------------------------------------- /addons/external-secrets/v0.4/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - deployment.yaml 7 | - rbac.yaml 8 | 9 | namespace: kube-system 10 | commonLabels: 11 | app.kubernetes.io/version: "v0.4.4" 12 | 13 | images: 14 | - name: "ghcr.io/external-secrets/external-secrets" 15 | newTag: "v0.4.4" 16 | -------------------------------------------------------------------------------- /addons/sealed-secrets/v0.15/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: {} 5 | labels: 6 | name: sealed-secrets-controller 7 | name: sealed-secrets-controller 8 | namespace: kube-system 9 | spec: 10 | ports: 11 | - port: 8080 12 | targetPort: 8080 13 | selector: 14 | name: sealed-secrets-controller 15 | type: ClusterIP 16 | -------------------------------------------------------------------------------- /observability/prometheus-exporters/kafka-exporter/v1.4.2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | 8 | namespace: default 9 | commonLabels: 10 | app.kubernetes.io/part-of: "kafka-exporter" 11 | 12 | images: 13 | - name: "danielqsj/kafka-exporter" 14 | newTag: "v1.4.2" 15 | -------------------------------------------------------------------------------- /addons/argo-cd/resources/service-monitors/service-monitor.argocd-applicationset-controller-metrics.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: argocd-applicationset-controller-metrics 5 | spec: 6 | endpoints: 7 | - port: metrics 8 | selector: 9 | matchLabels: 10 | app.kubernetes.io/name: argocd-applicationset-controller 11 | -------------------------------------------------------------------------------- /resources/cluster-roles/sets/cluster-admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: set:cluster-admin 5 | labels: 6 | rbac.authorization.k8s.io/set: "cluster-admin" 7 | rules: 8 | - apiGroups: 9 | - '*' 10 | resources: 11 | - '*' 12 | verbs: 13 | - '*' 14 | - nonResourceURLs: 15 | - '*' 16 | verbs: 17 | - '*' 18 | -------------------------------------------------------------------------------- /addons/argo-cd-extensions/v0.2/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - argocd-server-extensions-role.yaml 6 | - argocd-server-extensions-rolebinding.yaml 7 | 8 | labels: 9 | - pairs: 10 | app.kubernetes.io/part-of: "argocd-extensions" 11 | app.kubernetes.io/version: "v0.2.1" 12 | includeTemplates: true 13 | -------------------------------------------------------------------------------- /addons/argo-cd/resources/service-monitors/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - service-monitor.argocd-metrics.yaml 6 | - service-monitor.argocd-server-metrics.yaml 7 | - service-monitor.argocd-repo-server-metrics.yaml 8 | - service-monitor.argocd-applicationset-controller-metrics.yaml 9 | 10 | namespace: default 11 | -------------------------------------------------------------------------------- /addons/reflector/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | 6 | DOWNLOAD_URL="https://github.com/emberstack/kubernetes-reflector/releases/download" 7 | DOWNLOAD_VERSION="v6.1.23" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | mkdir -p $DOWNLOAD_DIRECTORY 11 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION/reflector.yaml" -o $DOWNLOAD_DIRECTORY/reflector.yaml 12 | -------------------------------------------------------------------------------- /observability/prometheus-exporters/redis-exporter/v1.27.1/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | 8 | namespace: default 9 | commonLabels: 10 | app.kubernetes.io/part-of: "redis-exporter" 11 | 12 | images: 13 | - name: "oliver006/redis_exporter" 14 | newTag: "v1.27.1-alpine" 15 | -------------------------------------------------------------------------------- /addons/sealed-secrets/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | 6 | DOWNLOAD_VERSION="v0.19.2" 7 | DOWNLOAD_URL="https://github.com/bitnami-labs/sealed-secrets/releases/download/${DOWNLOAD_VERSION}/controller.yaml" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | mkdir -p $DOWNLOAD_DIRECTORY 11 | curl -Ls "$DOWNLOAD_URL" -o $DOWNLOAD_DIRECTORY/controller.yaml 12 | -------------------------------------------------------------------------------- /addons/aws-load-balancer-controller/v2.1/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - cert.yaml 7 | - rbac.yaml 8 | - deployment.yaml 9 | - service.yaml 10 | - mutating-webhook-configuration.yaml 11 | 12 | namespace: default 13 | 14 | images: 15 | - name: "amazon/aws-alb-ingress-controller" 16 | newTag: "v2.1.3" 17 | -------------------------------------------------------------------------------- /observability/prometheus-exporters/node-exporter/v1.1/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - daemonset.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | namespace: default 10 | commonLabels: 11 | app.kubernetes.io/part-of: "node-exporter" 12 | 13 | images: 14 | - name: "quay.io/prometheus/node-exporter" 15 | newTag: "v1.1.2" 16 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/addons/sealedsecrets.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:addons:sealedsecrets:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "addons-secrets-view" 7 | rules: 8 | - apiGroups: 9 | - bitnami.com 10 | resources: 11 | - sealedsecrets 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | -------------------------------------------------------------------------------- /observability/prometheus-exporters/kafka-exporter/v1.4.2/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kafka-exporter 5 | labels: 6 | app.kubernetes.io/name: "kafka-exporter" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "kafka-exporter" 16 | -------------------------------------------------------------------------------- /observability/prometheus-exporters/redis-exporter/v1.27.1/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: redis-exporter 5 | labels: 6 | app.kubernetes.io/name: "redis-exporter" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "redis-exporter" 16 | -------------------------------------------------------------------------------- /resources/cluster-roles/sets/edit.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: set:edit 5 | labels: 6 | rbac.authorization.k8s.io/set: "edit" 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | aggregationRule: 9 | clusterRoleSelectors: 10 | - matchLabels: 11 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 12 | rules: [] 13 | -------------------------------------------------------------------------------- /resources/cluster-roles/sets/view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: set:view 5 | labels: 6 | rbac.authorization.k8s.io/set: "view" 7 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 8 | aggregationRule: 9 | clusterRoleSelectors: 10 | - matchLabels: 11 | rbac.authorization.k8s.io/aggregate-to-view: "true" 12 | rules: [] 13 | -------------------------------------------------------------------------------- /addons/traefik-ingress-controller/v2.9/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - deployment.yaml 7 | - service.yaml 8 | - rbac.yaml 9 | 10 | namespace: traefic 11 | labels: 12 | - pairs: 13 | app.kubernetes.io/version: "v2.9.1" 14 | includeSelectors: false 15 | 16 | images: 17 | - name: "traefik" 18 | newTag: "2.9.1" 19 | -------------------------------------------------------------------------------- /misc/doraemon/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - rbac.yaml 7 | 8 | namespace: default 9 | labels: 10 | - pairs: 11 | app.kubernetes.io/part-of: "doraemon" 12 | app.kubernetes.io/version: "latest" 13 | includeTemplates: true 14 | 15 | images: 16 | - name: "tedilabs/doraemon" 17 | newTag: "latest" 18 | -------------------------------------------------------------------------------- /resources/cluster-roles/sets/batch.template-admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: set:batch:template-admin 5 | labels: 6 | rbac.authorization.k8s.io/set: "batch-template-admin" 7 | aggregationRule: 8 | clusterRoleSelectors: 9 | - matchLabels: 10 | rbac.authorization.k8s.io/unit: "addons-argo-workflowtemplates-admin" 11 | rules: [] 12 | -------------------------------------------------------------------------------- /addons/kubernetes-external-secrets/v8.2/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kubernetes-external-secrets 5 | labels: 6 | app.kubernetes.io/name: "kubernetes-external-secrets" 7 | spec: 8 | selector: 9 | app.kubernetes.io/name: "kubernetes-external-secrets" 10 | ports: 11 | - name: prometheus 12 | protocol: TCP 13 | port: 3001 14 | targetPort: prometheus 15 | -------------------------------------------------------------------------------- /addons/kubernetes-external-secrets/v8.5/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kubernetes-external-secrets 5 | labels: 6 | app.kubernetes.io/name: "kubernetes-external-secrets" 7 | spec: 8 | selector: 9 | app.kubernetes.io/name: "kubernetes-external-secrets" 10 | ports: 11 | - name: prometheus 12 | protocol: TCP 13 | port: 3001 14 | targetPort: prometheus 15 | -------------------------------------------------------------------------------- /development/redoc/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | 8 | configMapGenerator: 9 | - name: redoc-config 10 | envs: 11 | - config.env 12 | 13 | namespace: default 14 | commonLabels: 15 | app.kubernetes.io/part-of: "redoc" 16 | 17 | images: 18 | - name: "redocly/redoc" 19 | newTag: "latest" 20 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/services.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:services:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "services-view" 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - services 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | -------------------------------------------------------------------------------- /addons/aws-node-termination-handler/resources/service-monitor/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: aws-node-termination-handler 5 | spec: 6 | endpoints: 7 | - port: metrics 8 | path: /metrics 9 | interval: 30s 10 | sampleLimit: 5000 11 | selector: 12 | matchLabels: 13 | app.kubernetes.io/name: aws-node-termination-handler 14 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/addons/externalsecrets.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:addons:externalsecrets:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "addons-externalsecrets-view" 7 | rules: 8 | - apiGroups: 9 | - kubernetes-client.io 10 | resources: 11 | - externalsecrets 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | -------------------------------------------------------------------------------- /observability/prometheus-exporters/elasticsearch-exporter/v1.2.1/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | 8 | namespace: default 9 | commonLabels: 10 | app.kubernetes.io/part-of: "elasticsearch-exporter" 11 | 12 | images: 13 | - name: "quay.io/prometheuscommunity/elasticsearch-exporter" 14 | newTag: "v1.2.1" 15 | -------------------------------------------------------------------------------- /observability/prometheus-exporters/node-exporter/v1.1/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: node-exporter 5 | labels: 6 | app.kubernetes.io/name: "node-exporter" 7 | spec: 8 | type: ClusterIP 9 | clusterIP: None 10 | ports: 11 | - name: https 12 | protocol: TCP 13 | port: 9100 14 | targetPort: https 15 | selector: 16 | app.kubernetes.io/name: "node-exporter" 17 | -------------------------------------------------------------------------------- /observability/prometheus-exporters/node-exporter/v1.3/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: node-exporter 5 | labels: 6 | app.kubernetes.io/name: "node-exporter" 7 | spec: 8 | type: ClusterIP 9 | clusterIP: None 10 | ports: 11 | - name: https 12 | protocol: TCP 13 | port: 9100 14 | targetPort: https 15 | selector: 16 | app.kubernetes.io/name: "node-exporter" 17 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/batch.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:batch:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "batch-view" 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rules: 9 | - apiGroups: 10 | - batch 11 | resources: 12 | - cronjobs 13 | - jobs 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/configmaps.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:configmaps:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "configmaps-view" 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - configmaps 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/daemonsets.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:daemonsets:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "daemonsets-view" 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rules: 9 | - apiGroups: 10 | - apps 11 | resources: 12 | - daemonsets 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | -------------------------------------------------------------------------------- /addons/metrics-server/v0.4/apiservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiregistration.k8s.io/v1 2 | kind: APIService 3 | metadata: 4 | labels: 5 | k8s-app: metrics-server 6 | name: v1beta1.metrics.k8s.io 7 | spec: 8 | group: metrics.k8s.io 9 | groupPriorityMinimum: 100 10 | insecureSkipTLSVerify: true 11 | service: 12 | name: metrics-server 13 | namespace: kube-system 14 | version: v1beta1 15 | versionPriority: 100 16 | -------------------------------------------------------------------------------- /addons/metrics-server/v0.5/apiservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiregistration.k8s.io/v1 2 | kind: APIService 3 | metadata: 4 | name: v1beta1.metrics.k8s.io 5 | labels: 6 | k8s-app: metrics-server 7 | spec: 8 | group: metrics.k8s.io 9 | groupPriorityMinimum: 100 10 | insecureSkipTLSVerify: true 11 | service: 12 | name: metrics-server 13 | namespace: kube-system 14 | version: v1beta1 15 | versionPriority: 100 16 | -------------------------------------------------------------------------------- /addons/metrics-server/v0.6/apiservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiregistration.k8s.io/v1 2 | kind: APIService 3 | metadata: 4 | name: v1beta1.metrics.k8s.io 5 | labels: 6 | k8s-app: metrics-server 7 | spec: 8 | group: metrics.k8s.io 9 | groupPriorityMinimum: 100 10 | insecureSkipTLSVerify: true 11 | service: 12 | name: metrics-server 13 | namespace: kube-system 14 | version: v1beta1 15 | versionPriority: 100 16 | -------------------------------------------------------------------------------- /misc/kafdrop/v3.7/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | 8 | configMapGenerator: 9 | - name: kafdrop-config 10 | envs: 11 | - config.env 12 | 13 | namespace: default 14 | commonLabels: 15 | app.kubernetes.io/part-of: "kafdrop" 16 | 17 | images: 18 | - name: "obsidiandynamics/kafdrop" 19 | newTag: "3.27.0" 20 | -------------------------------------------------------------------------------- /misc/miniflux/v2/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: miniflux 5 | labels: 6 | app.kubernetes.io/name: "miniflux" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | - name: web 15 | protocol: TCP 16 | port: 8080 17 | targetPort: web 18 | selector: 19 | app.kubernetes.io/name: "miniflux" 20 | -------------------------------------------------------------------------------- /observability/filebeat/v7.13/files/filebeat.yml: -------------------------------------------------------------------------------- 1 | filebeat.inputs: 2 | - type: container 3 | paths: 4 | - /var/log/containers/*.log 5 | processors: 6 | - add_kubernetes_metadata: 7 | host: ${NODE_NAME} 8 | matchers: 9 | - logs_path: 10 | logs_path: "/var/log/containers/" 11 | 12 | http: 13 | enabled: true 14 | host: 0.0.0.0 15 | port: 5066 16 | 17 | output.console: 18 | enabled: true 19 | -------------------------------------------------------------------------------- /observability/filebeat/v7.15/files/filebeat.yml: -------------------------------------------------------------------------------- 1 | filebeat.inputs: 2 | - type: container 3 | paths: 4 | - /var/log/containers/*.log 5 | processors: 6 | - add_kubernetes_metadata: 7 | host: ${NODE_NAME} 8 | matchers: 9 | - logs_path: 10 | logs_path: "/var/log/containers/" 11 | 12 | http: 13 | enabled: true 14 | host: 0.0.0.0 15 | port: 5066 16 | 17 | output.console: 18 | enabled: true 19 | -------------------------------------------------------------------------------- /addons/cert-manager/v1.0/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - cert-manager.yaml 6 | 7 | namespace: default 8 | 9 | images: 10 | - name: "quay.io/jetstack/cert-manager-cainjector" 11 | newTag: "v1.0.2" 12 | - name: "quay.io/jetstack/cert-manager-controller" 13 | newTag: "v1.0.2" 14 | - name: "quay.io/jetstack/cert-manager-webhook" 15 | newTag: "v1.0.2" 16 | -------------------------------------------------------------------------------- /addons/cert-manager/v1.2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - cert-manager.yaml 6 | 7 | # namespace: default 8 | 9 | images: 10 | - name: "quay.io/jetstack/cert-manager-cainjector" 11 | newTag: "v1.2.0" 12 | - name: "quay.io/jetstack/cert-manager-controller" 13 | newTag: "v1.2.0" 14 | - name: "quay.io/jetstack/cert-manager-webhook" 15 | newTag: "v1.2.0" 16 | -------------------------------------------------------------------------------- /addons/reflector/v6.1/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - rbac.yaml 7 | 8 | namespace: kube-system 9 | labels: 10 | - pairs: 11 | app.kubernetes.io/part-of: "reflector" 12 | app.kubernetes.io/version: "6.1.23" 13 | includeSelectors: false 14 | 15 | images: 16 | - name: "emberstack/kubernetes-reflector" 17 | newTag: "6.1.23" 18 | -------------------------------------------------------------------------------- /observability/grafana/v7.5/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | namespace: default 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "grafana" 13 | app.kubernetes.io/version: "7.5.7" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "grafana/grafana" 18 | newTag: "7.5.7" 19 | -------------------------------------------------------------------------------- /observability/grafana/v8.2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | namespace: default 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "grafana" 13 | app.kubernetes.io/version: "8.2.2" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "grafana/grafana" 18 | newTag: "8.2.2" 19 | -------------------------------------------------------------------------------- /observability/grafana/v8.4/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | namespace: default 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "grafana" 13 | app.kubernetes.io/version: "8.4.6" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "grafana/grafana" 18 | newTag: "8.4.6" 19 | -------------------------------------------------------------------------------- /observability/grafana/v8.5/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | namespace: default 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "grafana" 13 | app.kubernetes.io/version: "8.5.3" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "grafana/grafana" 18 | newTag: "8.5.3" 19 | -------------------------------------------------------------------------------- /observability/grafana/v9.0/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | namespace: default 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "grafana" 13 | app.kubernetes.io/version: "9.0.2" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "grafana/grafana" 18 | newTag: "9.0.2" 19 | -------------------------------------------------------------------------------- /observability/grafana/v9.3/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | namespace: default 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "grafana" 13 | app.kubernetes.io/version: "9.3.1" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "grafana/grafana" 18 | newTag: "9.3.1" 19 | -------------------------------------------------------------------------------- /observability/grafana/v9.5/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | namespace: default 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "grafana" 13 | app.kubernetes.io/version: "9.5.1" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "grafana/grafana" 18 | newTag: "9.5.1" 19 | -------------------------------------------------------------------------------- /observability/prometheus-exporters/elasticsearch-exporter/v1.2.1/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: elasticsearch-exporter 5 | labels: 6 | app.kubernetes.io/name: "elasticsearch-exporter" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | selector: 15 | app.kubernetes.io/name: "elasticsearch-exporter" 16 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/ingresses.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:ingresses:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "ingresses-view" 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rules: 9 | - apiGroups: 10 | - networking.k8s.io 11 | resources: 12 | - ingresses 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/statefulsets.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:statefulsets:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "statefulsets-view" 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rules: 9 | - apiGroups: 10 | - apps 11 | resources: 12 | - statefulsets 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | -------------------------------------------------------------------------------- /addons/aws-load-balancer-controller/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | 6 | DOWNLOAD_URL="https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases/download" 7 | DOWNLOAD_VERSION="v2.4.5" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | mkdir -p $DOWNLOAD_DIRECTORY 11 | curl -Ls "$DOWNLOAD_URL/${DOWNLOAD_VERSION}/${DOWNLOAD_VERSION//./_}_full.yaml" -o $DOWNLOAD_DIRECTORY/install.yaml 12 | -------------------------------------------------------------------------------- /addons/kubernetes-external-secrets/v8.2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - deployment.yaml 7 | - rbac.yaml 8 | - service.yaml 9 | 10 | namespace: kube-system 11 | commonLabels: 12 | app.kubernetes.io/part-of: "kubernetes-external-secrets" 13 | 14 | images: 15 | - name: "ghcr.io/external-secrets/kubernetes-external-secrets" 16 | newTag: "8.2.3" 17 | -------------------------------------------------------------------------------- /addons/kubernetes-external-secrets/v8.5/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - deployment.yaml 7 | - rbac.yaml 8 | - service.yaml 9 | 10 | namespace: kube-system 11 | commonLabels: 12 | app.kubernetes.io/part-of: "kubernetes-external-secrets" 13 | 14 | images: 15 | - name: "ghcr.io/external-secrets/kubernetes-external-secrets" 16 | newTag: "8.5.0" 17 | -------------------------------------------------------------------------------- /addons/aws-load-balancer-controller/v2.2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - deployment.yaml 7 | - service.yaml 8 | - rbac.yaml 9 | - cert.yaml 10 | 11 | namespace: kube-system 12 | commonLabels: 13 | app.kubernetes.io/part-of: "aws-load-balancer-controller" 14 | 15 | images: 16 | - name: "amazon/aws-alb-ingress-controller" 17 | newTag: "v2.2.3" 18 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/serviceaccounts.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:serviceaccounts:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "serviceaccounts-view" 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - serviceaccounts 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | -------------------------------------------------------------------------------- /addons/argo-cd/v2.4/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - install.yaml 6 | components: 7 | - ../components/custom-tools 8 | 9 | namespace: default 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "argocd" 13 | app.kubernetes.io/version: "v2.4.2" 14 | includeSelectors: false 15 | 16 | images: 17 | - name: "quay.io/argoproj/argocd" 18 | newTag: "v2.4.2" 19 | -------------------------------------------------------------------------------- /addons/argo-cd/v2.5/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - install.yaml 6 | components: 7 | - ../components/custom-tools 8 | 9 | namespace: default 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "argocd" 13 | app.kubernetes.io/version: "v2.5.4" 14 | includeSelectors: false 15 | 16 | images: 17 | - name: "quay.io/argoproj/argocd" 18 | newTag: "v2.5.4" 19 | -------------------------------------------------------------------------------- /addons/argo-rollouts/v1.3/dashboard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - rbac.yaml 7 | - service.yaml 8 | 9 | labels: 10 | - pairs: 11 | app.kubernetes.io/part-of: "argo-rollouts" 12 | app.kubernetes.io/version: "v1.3.1" 13 | includeSelectors: false 14 | 15 | images: 16 | - name: quay.io/argoproj/kubectl-argo-rollouts 17 | newTag: v1.3.1 18 | -------------------------------------------------------------------------------- /addons/argo-rollouts/v1.4/dashboard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - rbac.yaml 7 | - service.yaml 8 | 9 | labels: 10 | - pairs: 11 | app.kubernetes.io/part-of: "argo-rollouts" 12 | app.kubernetes.io/version: "v1.4.0" 13 | includeSelectors: false 14 | 15 | images: 16 | - name: quay.io/argoproj/kubectl-argo-rollouts 17 | newTag: v1.4.0 18 | -------------------------------------------------------------------------------- /addons/aws-load-balancer-controller/v2.1/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: aws-load-balancer-controller 6 | name: aws-load-balancer-webhook-service 7 | namespace: kube-system 8 | spec: 9 | ports: 10 | - port: 443 11 | targetPort: 9443 12 | selector: 13 | app.kubernetes.io/component: controller 14 | app.kubernetes.io/name: aws-load-balancer-controller 15 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/deployments.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:deployments:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "deployments-view" 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rules: 9 | - apiGroups: 10 | - apps 11 | resources: 12 | - deployments 13 | - replicasets 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | -------------------------------------------------------------------------------- /addons/argo-rollouts/v1.3/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - rbac.yaml 7 | - secret.yaml 8 | - service.yaml 9 | 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "argo-rollouts" 13 | app.kubernetes.io/version: "v1.3.1" 14 | includeSelectors: false 15 | 16 | images: 17 | - name: quay.io/argoproj/argo-rollouts 18 | newTag: v1.3.1 19 | -------------------------------------------------------------------------------- /addons/argo-rollouts/v1.4/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - rbac.yaml 7 | - secret.yaml 8 | - service.yaml 9 | 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "argo-rollouts" 13 | app.kubernetes.io/version: "v1.4.0" 14 | includeSelectors: false 15 | 16 | images: 17 | - name: quay.io/argoproj/argo-rollouts 18 | newTag: v1.4.0 19 | -------------------------------------------------------------------------------- /addons/aws-vpc-cni/v1.8/crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1beta1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: eniconfigs.crd.k8s.amazonaws.com 5 | labels: 6 | k8s-app: "aws-node" 7 | spec: 8 | group: crd.k8s.amazonaws.com 9 | names: 10 | kind: ENIConfig 11 | plural: eniconfigs 12 | singular: eniconfig 13 | scope: Cluster 14 | versions: 15 | - name: v1alpha1 16 | served: true 17 | storage: true 18 | -------------------------------------------------------------------------------- /addons/aws-vpc-cni/v1.9/crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1beta1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: eniconfigs.crd.k8s.amazonaws.com 5 | labels: 6 | k8s-app: "aws-node" 7 | spec: 8 | group: crd.k8s.amazonaws.com 9 | names: 10 | kind: ENIConfig 11 | plural: eniconfigs 12 | singular: eniconfig 13 | scope: Cluster 14 | versions: 15 | - name: v1alpha1 16 | served: true 17 | storage: true 18 | -------------------------------------------------------------------------------- /addons/coredns/2020-10-29/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - coredns.yaml 6 | components: 7 | - ../components/cluster-ip 8 | - ../components/fargate 9 | 10 | namespace: default 11 | 12 | images: 13 | - name: "602401143452.dkr.ecr.REGION.amazonaws.com/eks/coredns" 14 | newName: "602401143452.dkr.ecr.ap-northeast-2.amazonaws.com/eks/coredns" 15 | newTag: "v1.8.0-eksbuild.1" 16 | -------------------------------------------------------------------------------- /addons/rbac-manager/v1.1/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - deployment.yaml 7 | - rbac.yaml 8 | 9 | namespace: default 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "rbac-manager" 13 | app.kubernetes.io/version: "v1.1.1" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "quay.io/reactiveops/rbac-manager" 18 | newTag: "v1.1.1" 19 | -------------------------------------------------------------------------------- /addons/rbac-manager/v1.4/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - deployment.yaml 7 | - rbac.yaml 8 | 9 | namespace: default 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "rbac-manager" 13 | app.kubernetes.io/version: "v1.4.2" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "quay.io/reactiveops/rbac-manager" 18 | newTag: "v1.4.2" 19 | -------------------------------------------------------------------------------- /misc/atlantis/v0.17/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - statefulset.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | configMapGenerator: 10 | - name: atlantis-config 11 | envs: 12 | - config.env 13 | 14 | namespace: default 15 | commonLabels: 16 | app.kubernetes.io/part-of: "atlantis" 17 | 18 | images: 19 | - name: "ghcr.io/runatlantis/atlantis" 20 | newTag: "v0.17.6" 21 | -------------------------------------------------------------------------------- /addons/argo-rollouts/v1.3/base/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: argo-rollouts-metrics 5 | labels: 6 | app.kubernetes.io/component: server 7 | app.kubernetes.io/name: argo-rollouts-metrics 8 | app.kubernetes.io/part-of: argo-rollouts 9 | spec: 10 | ports: 11 | - name: metrics 12 | protocol: TCP 13 | port: 8090 14 | targetPort: 8090 15 | selector: 16 | app.kubernetes.io/name: argo-rollouts 17 | -------------------------------------------------------------------------------- /addons/argo-rollouts/v1.4/base/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: argo-rollouts-metrics 5 | labels: 6 | app.kubernetes.io/component: server 7 | app.kubernetes.io/name: argo-rollouts-metrics 8 | app.kubernetes.io/part-of: argo-rollouts 9 | spec: 10 | ports: 11 | - name: metrics 12 | protocol: TCP 13 | port: 8090 14 | targetPort: 8090 15 | selector: 16 | app.kubernetes.io/name: argo-rollouts 17 | -------------------------------------------------------------------------------- /addons/csi-snapshotter/v6.2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd/ 6 | - snapshot-controller/ 7 | 8 | namespace: kube-system 9 | labels: 10 | - pairs: 11 | app.kubernetes.io/part-of: "csi-snapshotter" 12 | app.kubernetes.io/version: "v6.2.0" 13 | includeTemplates: true 14 | 15 | images: 16 | - name: "registry.k8s.io/sig-storage/snapshot-controller" 17 | newTag: "v6.2.0" 18 | -------------------------------------------------------------------------------- /addons/csi-snapshotter/v6.3/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd/ 6 | - snapshot-controller/ 7 | 8 | namespace: kube-system 9 | labels: 10 | - pairs: 11 | app.kubernetes.io/part-of: "csi-snapshotter" 12 | app.kubernetes.io/version: "v6.3.1" 13 | includeTemplates: true 14 | 15 | images: 16 | - name: "registry.k8s.io/sig-storage/snapshot-controller" 17 | newTag: "v6.3.1" 18 | -------------------------------------------------------------------------------- /observability/filebeat/v7.13/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - daemonset.yaml 6 | - rbac.yaml 7 | 8 | configMapGenerator: 9 | - name: filebeat-config 10 | files: 11 | - filebeat.yml=files/filebeat.yml 12 | 13 | namespace: default 14 | commonLabels: 15 | app.kubernetes.io/part-of: "filebeat" 16 | 17 | images: 18 | - name: "docker.elastic.co/beats/filebeat" 19 | newTag: "7.13.2" 20 | -------------------------------------------------------------------------------- /observability/filebeat/v7.15/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - daemonset.yaml 6 | - rbac.yaml 7 | 8 | configMapGenerator: 9 | - name: filebeat-config 10 | files: 11 | - filebeat.yml=files/filebeat.yml 12 | 13 | namespace: default 14 | commonLabels: 15 | app.kubernetes.io/part-of: "filebeat" 16 | 17 | images: 18 | - name: "docker.elastic.co/beats/filebeat" 19 | newTag: "7.15.1" 20 | -------------------------------------------------------------------------------- /sample-services/http-https-echo/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: http-https-echo 5 | labels: 6 | app.kubernetes.io/name: "http-https-echo" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: http 14 | - name: https 15 | protocol: TCP 16 | port: 443 17 | targetPort: https 18 | selector: 19 | app.kubernetes.io/name: "http-https-echo" 20 | -------------------------------------------------------------------------------- /addons/argo-workflows/v3.4/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - argoproj.io_clusterworkflowtemplates.yaml 6 | - argoproj.io_cronworkflows.yaml 7 | - argoproj.io_workflows.yaml 8 | - argoproj.io_workflowtemplates.yaml 9 | - argoproj.io_workfloweventbindings.yaml 10 | - argoproj.io_workflowtasksets.yaml 11 | - argoproj.io_workflowtaskresults.yaml 12 | - argoproj.io_workflowartifactgctasks.yaml 13 | -------------------------------------------------------------------------------- /addons/kubernetes-external-secrets/resources/service-monitor/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: kubernetes-external-secrets 5 | labels: 6 | app.kubernetes.io/name: "kubernetes-external-secrets" 7 | spec: 8 | endpoints: 9 | - interval: 30s 10 | port: prometheus 11 | path: /metrics 12 | selector: 13 | matchLabels: 14 | app.kubernetes.io/name: "kubernetes-external-secrets" 15 | -------------------------------------------------------------------------------- /observability/kibana/v7.13/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | configMapGenerator: 10 | - name: kibana-config 11 | files: 12 | - kibana.yml=files/kibana.yml 13 | 14 | namespace: default 15 | commonLabels: 16 | app.kubernetes.io/part-of: "kibana" 17 | 18 | images: 19 | - name: "docker.elastic.co/kibana/kibana" 20 | newTag: "7.13.2" 21 | -------------------------------------------------------------------------------- /observability/kibana/v7.15/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | configMapGenerator: 10 | - name: kibana-config 11 | files: 12 | - kibana.yml=files/kibana.yml 13 | 14 | namespace: default 15 | commonLabels: 16 | app.kubernetes.io/part-of: "kibana" 17 | 18 | images: 19 | - name: "docker.elastic.co/kibana/kibana" 20 | newTag: "7.15.1" 21 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/addons/argo-applications.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:addons:argo-applications:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "addons-argo-applications-view" 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rules: 9 | - apiGroups: 10 | - argoproj.io 11 | resources: 12 | - applications 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/addons/argo-appprojects.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:addons:argo-appprojects:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "addons-argo-appprojects-view" 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rules: 9 | - apiGroups: 10 | - argoproj.io 11 | resources: 12 | - appprojects 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | -------------------------------------------------------------------------------- /addons/kube-state-metrics/v2.1/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kube-state-metrics 5 | labels: 6 | app.kubernetes.io/name: "kube-state-metrics" 7 | spec: 8 | type: ClusterIP 9 | clusterIP: None 10 | ports: 11 | - name: https 12 | port: 8443 13 | targetPort: https 14 | - name: https-telemetry 15 | port: 9443 16 | targetPort: https-telemetry 17 | selector: 18 | app.kubernetes.io/name: "kube-state-metrics" 19 | -------------------------------------------------------------------------------- /addons/kube-state-metrics/v2.4/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kube-state-metrics 5 | labels: 6 | app.kubernetes.io/name: "kube-state-metrics" 7 | spec: 8 | type: ClusterIP 9 | clusterIP: None 10 | ports: 11 | - name: https 12 | port: 8443 13 | targetPort: https 14 | - name: https-telemetry 15 | port: 9443 16 | targetPort: https-telemetry 17 | selector: 18 | app.kubernetes.io/name: "kube-state-metrics" 19 | -------------------------------------------------------------------------------- /addons/kube-state-metrics/v2.6/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kube-state-metrics 5 | labels: 6 | app.kubernetes.io/name: "kube-state-metrics" 7 | spec: 8 | type: ClusterIP 9 | clusterIP: None 10 | ports: 11 | - name: https 12 | port: 8443 13 | targetPort: https 14 | - name: https-telemetry 15 | port: 9443 16 | targetPort: https-telemetry 17 | selector: 18 | app.kubernetes.io/name: "kube-state-metrics" 19 | -------------------------------------------------------------------------------- /addons/kube-state-metrics/v2.7/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kube-state-metrics 5 | labels: 6 | app.kubernetes.io/name: "kube-state-metrics" 7 | spec: 8 | type: ClusterIP 9 | clusterIP: None 10 | ports: 11 | - name: https 12 | port: 8443 13 | targetPort: https 14 | - name: https-telemetry 15 | port: 9443 16 | targetPort: https-telemetry 17 | selector: 18 | app.kubernetes.io/name: "kube-state-metrics" 19 | -------------------------------------------------------------------------------- /misc/op-scim-bridge/v2.0/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | - redis-deployment.yaml 8 | - redis-service.yaml 9 | 10 | configMapGenerator: 11 | - name: op-scim-config 12 | envs: 13 | - config.env 14 | 15 | namespace: default 16 | commonLabels: 17 | app.kubernetes.io/part-of: "op-scim-bridge" 18 | 19 | images: 20 | - name: "1password/scim" 21 | newTag: "v2.0.0" 22 | -------------------------------------------------------------------------------- /observability/prometheus-exporters/node-exporter/v1.3/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - daemonset.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | namespace: default 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "node-exporter" 13 | app.kubernetes.io/version: "1.3.1" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "quay.io/prometheus/node-exporter" 18 | newTag: "v1.3.1" 19 | -------------------------------------------------------------------------------- /observability/prometheus/v2.37/pdb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | name: prometheus-k8s 5 | labels: 6 | app.kubernetes.io/component: prometheus 7 | app.kubernetes.io/instance: k8s 8 | app.kubernetes.io/name: prometheus 9 | spec: 10 | minAvailable: 1 11 | selector: 12 | matchLabels: 13 | app.kubernetes.io/component: prometheus 14 | app.kubernetes.io/instance: k8s 15 | app.kubernetes.io/name: prometheus 16 | -------------------------------------------------------------------------------- /addons/aws-load-balancer-controller/v2.2/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: aws-load-balancer-webhook-service 5 | labels: 6 | app.kubernetes.io/name: "aws-load-balancer-controller" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: webhook 11 | protocol: TCP 12 | port: 443 13 | targetPort: 9443 14 | selector: 15 | app.kubernetes.io/component: "controller" 16 | app.kubernetes.io/name: "aws-load-balancer-controller" 17 | -------------------------------------------------------------------------------- /addons/aws-load-balancer-controller/v2.4/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: aws-load-balancer-webhook-service 5 | labels: 6 | app.kubernetes.io/name: "aws-load-balancer-controller" 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - name: webhook 11 | protocol: TCP 12 | port: 443 13 | targetPort: 9443 14 | selector: 15 | app.kubernetes.io/component: "controller" 16 | app.kubernetes.io/name: "aws-load-balancer-controller" 17 | -------------------------------------------------------------------------------- /addons/aws-node-termination-handler/v1.18/imds/patch.daemonset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: aws-node-termination-handler 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: aws-node-termination-handler 10 | envFrom: 11 | - configMapRef: 12 | name: aws-node-termination-handler-config 13 | ports: 14 | - name: metrics 15 | protocol: TCP 16 | containerPort: 9092 17 | -------------------------------------------------------------------------------- /addons/cert-manager/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | 6 | DOWNLOAD_URL="https://github.com/jetstack/cert-manager/releases/download" 7 | DOWNLOAD_VERSION="v1.10.1" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | mkdir -p $DOWNLOAD_DIRECTORY 11 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION/cert-manager.yaml" -o $DOWNLOAD_DIRECTORY/cert-manager.yaml 12 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION/cert-manager.crds.yaml" -o $DOWNLOAD_DIRECTORY/crd.yaml 13 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/addons/argo-workflows.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:addons:argo-workflows:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "addons-argo-workflows-view" 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rules: 9 | - apiGroups: 10 | - argoproj.io 11 | resources: 12 | - workflows 13 | - cronworkflows 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | -------------------------------------------------------------------------------- /addons/kube-state-metrics/v2.1/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - rbac.yaml 7 | - service.yaml 8 | 9 | namespace: kube-system 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "kube-state-metrics" 13 | app.kubernetes.io/version: "2.1.0" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "registry.k8s.io/kube-state-metrics/kube-state-metrics" 18 | newTag: "v2.1.0" 19 | -------------------------------------------------------------------------------- /addons/kube-state-metrics/v2.4/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - rbac.yaml 7 | - service.yaml 8 | 9 | namespace: kube-system 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "kube-state-metrics" 13 | app.kubernetes.io/version: "2.4.2" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "registry.k8s.io/kube-state-metrics/kube-state-metrics" 18 | newTag: "v2.4.2" 19 | -------------------------------------------------------------------------------- /addons/kube-state-metrics/v2.6/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - rbac.yaml 7 | - service.yaml 8 | 9 | namespace: kube-system 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "kube-state-metrics" 13 | app.kubernetes.io/version: "2.6.0" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "registry.k8s.io/kube-state-metrics/kube-state-metrics" 18 | newTag: "v2.6.0" 19 | -------------------------------------------------------------------------------- /addons/kube-state-metrics/v2.7/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - rbac.yaml 7 | - service.yaml 8 | 9 | namespace: kube-system 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "kube-state-metrics" 13 | app.kubernetes.io/version: "2.7.0" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "registry.k8s.io/kube-state-metrics/kube-state-metrics" 18 | newTag: "v2.7.0" 19 | -------------------------------------------------------------------------------- /addons/sealed-secrets/v0.15/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - deployment.yaml 7 | - rbac.yaml 8 | - service.yaml 9 | 10 | namespace: kube-system 11 | labels: 12 | - pairs: 13 | app.kubernetes.io/part-of: "sealed-secrets" 14 | app.kubernetes.io/version: "v0.15.0" 15 | includeTemplates: true 16 | 17 | images: 18 | - name: "docker.io/bitnami/sealed-secrets-controller" 19 | newTag: "v0.15.0" 20 | -------------------------------------------------------------------------------- /addons/sealed-secrets/v0.16/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - deployment.yaml 7 | - rbac.yaml 8 | - service.yaml 9 | 10 | namespace: kube-system 11 | labels: 12 | - pairs: 13 | app.kubernetes.io/part-of: "sealed-secrets" 14 | app.kubernetes.io/version: "v0.16.0" 15 | includeTemplates: true 16 | 17 | images: 18 | - name: "docker.io/bitnami/sealed-secrets-controller" 19 | newTag: "v0.16.0" 20 | -------------------------------------------------------------------------------- /addons/sealed-secrets/v0.17/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - deployment.yaml 7 | - rbac.yaml 8 | - service.yaml 9 | 10 | namespace: kube-system 11 | labels: 12 | - pairs: 13 | app.kubernetes.io/part-of: "sealed-secrets" 14 | app.kubernetes.io/version: "v0.17.5" 15 | includeTemplates: true 16 | 17 | images: 18 | - name: "docker.io/bitnami/sealed-secrets-controller" 19 | newTag: "v0.17.5" 20 | -------------------------------------------------------------------------------- /addons/sealed-secrets/v0.18/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - deployment.yaml 7 | - rbac.yaml 8 | - service.yaml 9 | 10 | namespace: kube-system 11 | labels: 12 | - pairs: 13 | app.kubernetes.io/part-of: "sealed-secrets" 14 | app.kubernetes.io/version: "v0.18.0" 15 | includeTemplates: true 16 | 17 | images: 18 | - name: "docker.io/bitnami/sealed-secrets-controller" 19 | newTag: "v0.18.0" 20 | -------------------------------------------------------------------------------- /addons/sealed-secrets/v0.19/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - deployment.yaml 7 | - rbac.yaml 8 | - service.yaml 9 | 10 | namespace: kube-system 11 | labels: 12 | - pairs: 13 | app.kubernetes.io/part-of: "sealed-secrets" 14 | app.kubernetes.io/version: "v0.19.2" 15 | includeTemplates: true 16 | 17 | images: 18 | - name: "docker.io/bitnami/sealed-secrets-controller" 19 | newTag: "v0.19.2" 20 | -------------------------------------------------------------------------------- /addons/argo-rollouts/v1.3/dashboard/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: argo-rollouts-dashboard 6 | app.kubernetes.io/name: argo-rollouts-dashboard 7 | app.kubernetes.io/part-of: argo-rollouts 8 | name: argo-rollouts-dashboard 9 | spec: 10 | selector: 11 | app.kubernetes.io/name: argo-rollouts-dashboard 12 | ports: 13 | - name: dashboard 14 | port: 3100 15 | protocol: TCP 16 | targetPort: 3100 17 | -------------------------------------------------------------------------------- /addons/argo-rollouts/v1.4/dashboard/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: argo-rollouts-dashboard 6 | app.kubernetes.io/name: argo-rollouts-dashboard 7 | app.kubernetes.io/part-of: argo-rollouts 8 | name: argo-rollouts-dashboard 9 | spec: 10 | selector: 11 | app.kubernetes.io/name: argo-rollouts-dashboard 12 | ports: 13 | - name: dashboard 14 | port: 3100 15 | protocol: TCP 16 | targetPort: 3100 17 | -------------------------------------------------------------------------------- /addons/aws-vpc-cni/v1.8/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - daemonset.yaml 7 | - rbac.yaml 8 | 9 | namespace: kube-system 10 | commonLabels: 11 | app.kubernetes.io/part-of: "aws-node" 12 | 13 | images: 14 | - name: "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init" 15 | newTag: "v1.8.0" 16 | - name: "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni" 17 | newTag: "v1.8.0" 18 | -------------------------------------------------------------------------------- /addons/metrics-server/v0.6/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - apiservice.yaml 6 | - deployment.yaml 7 | - rbac.yaml 8 | - service.yaml 9 | 10 | namespace: kube-system 11 | labels: 12 | - pairs: 13 | app.kubernetes.io/part-of: "metrics-server" 14 | app.kubernetes.io/version: "v0.6.2" 15 | includeTemplates: true 16 | 17 | images: 18 | - name: "registry.k8s.io/metrics-server/metrics-server" 19 | newTag: "v0.6.2" 20 | -------------------------------------------------------------------------------- /misc/atlantis/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | 6 | DOWNLOAD_URL="https://api.github.com/repos/runatlantis/atlantis/tarball" 7 | DOWNLOAD_VERSION="v0.23.1" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION" -o $DOWNLOAD_VERSION.tar.gz 11 | mkdir -p $DOWNLOAD_DIRECTORY 12 | tar -xzf $DOWNLOAD_VERSION.tar.gz --include "**/kustomize" --directory $DOWNLOAD_DIRECTORY --strip-components 2 13 | rm -f $DOWNLOAD_VERSION.tar.gz 14 | -------------------------------------------------------------------------------- /observability/apm-server/v7.13/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | configMapGenerator: 10 | - name: apm-server-config 11 | files: 12 | - apm-server.yml=files/apm-server.yml 13 | 14 | namespace: default 15 | commonLabels: 16 | app.kubernetes.io/part-of: "apm-server" 17 | 18 | images: 19 | - name: "docker.elastic.co/apm/apm-server" 20 | newTag: "7.13.2" 21 | -------------------------------------------------------------------------------- /observability/apm-server/v7.15/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | configMapGenerator: 10 | - name: apm-server-config 11 | files: 12 | - apm-server.yml=files/apm-server.yml 13 | 14 | namespace: default 15 | commonLabels: 16 | app.kubernetes.io/part-of: "apm-server" 17 | 18 | images: 19 | - name: "docker.elastic.co/apm/apm-server" 20 | newTag: "7.15.1" 21 | -------------------------------------------------------------------------------- /addons/argo-rollouts/resources/notifications/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - configmap.yaml 6 | 7 | patchesStrategicMerge: 8 | - on-rollout-completed.yaml 9 | - on-scaling-replica-set.yaml 10 | - on-rollout-step-completed.yaml 11 | - on-rollout-updated.yaml 12 | - on-rollout-aborted.yaml 13 | - on-rollout-paused.yaml 14 | - on-analysis-run-running.yaml 15 | - on-analysis-run-error.yaml 16 | - on-analysis-run-failed.yaml 17 | -------------------------------------------------------------------------------- /addons/aws-ebs-csi-driver/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | DOWNLOAD_VERSION="v1.14.0" 6 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 7 | 8 | curl -Ls "https://github.com/kubernetes-sigs/aws-ebs-csi-driver/archive/refs/tags/$DOWNLOAD_VERSION.tar.gz" -o $DOWNLOAD_DIRECTORY.tar.gz 9 | mkdir -p $DOWNLOAD_DIRECTORY 10 | tar -xzf $DOWNLOAD_VERSION.tar.gz --include "**/deploy/kubernetes" --directory $DOWNLOAD_DIRECTORY --strip-components 3 11 | rm -f $DOWNLOAD_VERSION.tar.gz 12 | -------------------------------------------------------------------------------- /addons/aws-node-termination-handler/v1.18/queue-processor/patch.deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: aws-node-termination-handler 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: aws-node-termination-handler 10 | envFrom: 11 | - configMapRef: 12 | name: aws-node-termination-handler-config 13 | ports: 14 | - name: metrics 15 | protocol: TCP 16 | containerPort: 9092 17 | -------------------------------------------------------------------------------- /addons/rbac-manager/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | DOWNLOAD_URL="https://api.github.com/repos/FairwindsOps/rbac-manager/tarball" 6 | DOWNLOAD_VERSION="v1.4.2" 7 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 8 | 9 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION" -o $DOWNLOAD_VERSION.tar.gz 10 | mkdir -p $DOWNLOAD_DIRECTORY 11 | tar -xzf $DOWNLOAD_VERSION.tar.gz --include "**/deploy" --directory $DOWNLOAD_DIRECTORY --strip-components 2 12 | rm -f $DOWNLOAD_VERSION.tar.gz 13 | -------------------------------------------------------------------------------- /observability/alertmanager/v0.24/pdb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: alert-router 6 | app.kubernetes.io/instance: main 7 | app.kubernetes.io/name: alertmanager 8 | name: alertmanager-main 9 | spec: 10 | maxUnavailable: 1 11 | selector: 12 | matchLabels: 13 | app.kubernetes.io/component: alert-router 14 | app.kubernetes.io/instance: main 15 | app.kubernetes.io/name: alertmanager 16 | -------------------------------------------------------------------------------- /observability/botkube/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | 6 | DOWNLOAD_URL="https://api.github.com/repos/infracloudio/botkube/tarball" 7 | DOWNLOAD_VERSION="v0.12.2" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION" -o $DOWNLOAD_VERSION.tar.gz 11 | mkdir -p $DOWNLOAD_DIRECTORY 12 | tar -xzf $DOWNLOAD_VERSION.tar.gz --include "*.yaml" --directory $DOWNLOAD_DIRECTORY --strip-components 1 13 | rm -f $DOWNLOAD_VERSION.tar.gz 14 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/secrets.admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:secrets:admin 5 | labels: 6 | rbac.authorization.k8s.io/unit: "secrets-admin" 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - secrets 13 | verbs: 14 | - create 15 | - delete 16 | - deletecollection 17 | - get 18 | - list 19 | - patch 20 | - update 21 | - watch 22 | -------------------------------------------------------------------------------- /addons/argo-cd-extensions/v0.2/rbac/argocd-server-extensions-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: argocd-server 6 | app.kubernetes.io/part-of: argocd 7 | app.kubernetes.io/component: server 8 | name: argocd-server-extensions 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: Role 12 | name: argocd-server-extensions 13 | subjects: 14 | - kind: ServiceAccount 15 | name: argocd-server 16 | -------------------------------------------------------------------------------- /addons/aws-vpc-cni/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | 6 | DOWNLOAD_URL="https://api.github.com/repos/aws/amazon-vpc-cni-k8s/tarball" 7 | DOWNLOAD_VERSION="v1.12.1" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION" -o $DOWNLOAD_VERSION.tar.gz 11 | mkdir -p $DOWNLOAD_DIRECTORY 12 | tar -xzf $DOWNLOAD_VERSION.tar.gz --include "**/config/master" --directory $DOWNLOAD_DIRECTORY --strip-components 3 13 | rm -f $DOWNLOAD_VERSION.tar.gz 14 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/configmaps.admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:configmaps:admin 5 | labels: 6 | rbac.authorization.k8s.io/unit: "configmaps-admin" 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - configmaps 13 | verbs: 14 | - create 15 | - delete 16 | - deletecollection 17 | - get 18 | - list 19 | - patch 20 | - update 21 | - watch 22 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/pods.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:pods:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "pods-view" 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - pods 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - apiGroups: 18 | - metrics.k8s.io 19 | resources: 20 | - pods 21 | verbs: 22 | - get 23 | - list 24 | -------------------------------------------------------------------------------- /addons/aws-node-termination-handler/resources/service-monitor/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: aws-node-termination-handler 5 | labels: 6 | app.kubernetes.io/name: aws-node-termination-handler 7 | app.kubernetes.io/instance: aws-node-termination-handler 8 | spec: 9 | type: ClusterIP 10 | ports: 11 | - name: metrics 12 | protocol: TCP 13 | port: 9092 14 | targetPort: metrics 15 | selector: 16 | app.kubernetes.io/name: aws-node-termination-handler 17 | -------------------------------------------------------------------------------- /addons/kube-state-metrics/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | 6 | DOWNLOAD_URL="https://api.github.com/repos/kubernetes/kube-state-metrics/tarball" 7 | DOWNLOAD_VERSION="v2.7.0" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION" -o $DOWNLOAD_VERSION.tar.gz 11 | mkdir -p $DOWNLOAD_DIRECTORY 12 | tar -xzf $DOWNLOAD_VERSION.tar.gz --include "**/examples" --directory $DOWNLOAD_DIRECTORY --strip-components 2 13 | rm -f $DOWNLOAD_VERSION.tar.gz 14 | -------------------------------------------------------------------------------- /observability/prometheus-operator/v0.57/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: controller 6 | app.kubernetes.io/name: prometheus-operator 7 | app.kubernetes.io/version: 0.57.0 8 | name: prometheus-operator 9 | spec: 10 | clusterIP: None 11 | ports: 12 | - name: https 13 | port: 8443 14 | targetPort: https 15 | selector: 16 | app.kubernetes.io/component: controller 17 | app.kubernetes.io/name: prometheus-operator 18 | -------------------------------------------------------------------------------- /addons/argo-workflows/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | 6 | DOWNLOAD_URL="https://api.github.com/repos/argoproj/argo-workflows/tarball" 7 | DOWNLOAD_VERSION="v3.4.4" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION" -o argo-$DOWNLOAD_VERSION.tar.gz 11 | mkdir -p $DOWNLOAD_DIRECTORY 12 | tar -xzf argo-$DOWNLOAD_VERSION.tar.gz --include "**/manifests" --directory $DOWNLOAD_DIRECTORY --strip-components 2 13 | rm -f argo-$DOWNLOAD_VERSION.tar.gz 14 | -------------------------------------------------------------------------------- /observability/botkube/v0.12/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - rbac.yaml 7 | 8 | configMapGenerator: 9 | - name: botkube-config 10 | files: 11 | - resource_config.yaml=files/resource_config.yaml 12 | - comm_config.yaml=files/comm_config.yaml 13 | 14 | namespace: default 15 | commonLabels: 16 | app.kubernetes.io/part-of: "botkube" 17 | 18 | images: 19 | - name: "ghcr.io/infracloudio/botkube" 20 | newTag: "v0.12.2" 21 | -------------------------------------------------------------------------------- /observability/heartbeat/v7.13/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - rbac.yaml 7 | 8 | configMapGenerator: 9 | - name: heartbeat-config 10 | files: 11 | - heartbeat.yml=files/heartbeat.yml 12 | - name: heartbeat-monitors 13 | files: [] 14 | 15 | namespace: default 16 | commonLabels: 17 | app.kubernetes.io/part-of: "heartbeat" 18 | 19 | images: 20 | - name: "docker.elastic.co/beats/heartbeat" 21 | newTag: "7.13.2" 22 | -------------------------------------------------------------------------------- /observability/heartbeat/v7.15/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - rbac.yaml 7 | 8 | configMapGenerator: 9 | - name: heartbeat-config 10 | files: 11 | - heartbeat.yml=files/heartbeat.yml 12 | - name: heartbeat-monitors 13 | files: [] 14 | 15 | namespace: default 16 | commonLabels: 17 | app.kubernetes.io/part-of: "heartbeat" 18 | 19 | images: 20 | - name: "docker.elastic.co/beats/heartbeat" 21 | newTag: "7.15.1" 22 | -------------------------------------------------------------------------------- /observability/prometheus/v2.37/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - pdb.yaml 6 | - prometheus.yaml 7 | - rbac.yaml 8 | - service.yaml 9 | 10 | components: 11 | - ../configurations 12 | 13 | namespace: default 14 | labels: 15 | - pairs: 16 | app.kubernetes.io/part-of: "kube-prometheus" 17 | app.kubernetes.io/version: "v2.37.5" 18 | includeTemplates: true 19 | 20 | images: 21 | - name: quay.io/prometheus/prometheus 22 | newTag: v2.37.5 23 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/customresourcedefinitions.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:customresourcedefinitions:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "customresourcedefinitions-view" 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rules: 9 | ## Cluster Scoped 10 | - apiGroups: 11 | - apiextensions.k8s.io 12 | resources: 13 | - customresourcedefinitions 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | -------------------------------------------------------------------------------- /addons/argo-cd/v2.3/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - install.yaml 6 | components: 7 | - ../components/custom-tools 8 | 9 | namespace: default 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "argocd" 13 | app.kubernetes.io/version: "v2.3.4" 14 | includeSelectors: false 15 | 16 | images: 17 | - name: "quay.io/argoproj/argocd" 18 | newTag: "v2.3.4" 19 | - name: "quay.io/argoproj/argocd-applicationset" 20 | newTag: "v0.4.1" 21 | -------------------------------------------------------------------------------- /addons/argo-workflows/v3.4/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crds/ 6 | - argo-server/ 7 | - workflow-controller/ 8 | 9 | namespace: default 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "argo-workflow" 13 | app.kubernetes.io/version: "v3.4.4" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "quay.io/argoproj/argocli" 18 | newTag: "v3.4.4" 19 | - name: "quay.io/argoproj/workflow-controller" 20 | newTag: "v3.4.4" 21 | -------------------------------------------------------------------------------- /misc/dashy/v3/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | configMapGenerator: 10 | - name: dashy-config 11 | files: 12 | - conf.yaml=files/conf.yaml 13 | 14 | namespace: default 15 | labels: 16 | - pairs: 17 | app.kubernetes.io/part-of: "dashy" 18 | app.kubernetes.io/version: "3.1.1" 19 | includeTemplates: true 20 | 21 | 22 | images: 23 | - name: "lissy93/dashy" 24 | newTag: "3.1.1" 25 | -------------------------------------------------------------------------------- /addons/argo-cd-extensions/v0.2/rbac/argocd-server-extensions-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: argocd-server 6 | app.kubernetes.io/part-of: argocd 7 | app.kubernetes.io/component: server 8 | name: argocd-server-extensions 9 | rules: 10 | - apiGroups: 11 | - argoproj.io 12 | resources: 13 | - argocdextensions 14 | verbs: 15 | - create 16 | - get 17 | - list 18 | - watch 19 | - update 20 | - delete 21 | - patch 22 | -------------------------------------------------------------------------------- /observability/prometheus/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | DOWNLOAD_URL="https://api.github.com/repos/prometheus-operator/kube-prometheus/tarball" 6 | DOWNLOAD_VERSION="v0.11.0" 7 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 8 | 9 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION" -o $DOWNLOAD_VERSION.tar.gz 10 | mkdir -p $DOWNLOAD_DIRECTORY 11 | tar -xzf $DOWNLOAD_VERSION.tar.gz --include "**/manifests/prometheus-*" --directory $DOWNLOAD_DIRECTORY --strip-components 2 12 | rm -f $DOWNLOAD_VERSION.tar.gz 13 | -------------------------------------------------------------------------------- /observability/alertmanager/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | DOWNLOAD_URL="https://api.github.com/repos/prometheus-operator/kube-prometheus/tarball" 6 | DOWNLOAD_VERSION="v0.11.0" 7 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 8 | 9 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION" -o $DOWNLOAD_VERSION.tar.gz 10 | mkdir -p $DOWNLOAD_DIRECTORY 11 | tar -xzf $DOWNLOAD_VERSION.tar.gz --include "**/manifests/alertmanager-*" --directory $DOWNLOAD_DIRECTORY --strip-components 2 12 | rm -f $DOWNLOAD_VERSION.tar.gz 13 | -------------------------------------------------------------------------------- /addons/external-secrets/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | DOWNLOAD_VERSION="v0.6.1" 6 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 7 | 8 | helm repo add external-secrets https://charts.external-secrets.io 9 | helm repo update external-secrets 10 | 11 | mkdir -p $DOWNLOAD_DIRECTORY 12 | 13 | helm template external-secrets \ 14 | external-secrets/external-secrets \ 15 | -n external-secrets \ 16 | --set installCRDs=true \ 17 | --version $DOWNLOAD_VERSION \ 18 | --output-dir $DOWNLOAD_DIRECTORY 19 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/nodes.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:nodes:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "nodes-view" 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rules: 9 | ## Cluster Scoped 10 | - apiGroups: 11 | - "" 12 | resources: 13 | - nodes 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | - apiGroups: 19 | - metrics.k8s.io 20 | resources: 21 | - nodes 22 | verbs: 23 | - get 24 | - list 25 | -------------------------------------------------------------------------------- /observability/alertmanager/v0.24/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - alertmanager.yaml 6 | - pdb.yaml 7 | - rbac.yaml 8 | - secret.yaml 9 | - service.yaml 10 | 11 | components: 12 | - ../configurations 13 | 14 | namespace: default 15 | labels: 16 | - pairs: 17 | app.kubernetes.io/part-of: "kube-prometheus" 18 | app.kubernetes.io/version: "v0.24.0" 19 | includeTemplates: true 20 | 21 | images: 22 | - name: quay.io/prometheus/alertmanager 23 | newTag: v0.24.0 24 | -------------------------------------------------------------------------------- /resources/cluster-roles/sets/batch.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: set:batch:view 5 | labels: 6 | rbac.authorization.k8s.io/set: "batch-view" 7 | aggregationRule: 8 | clusterRoleSelectors: 9 | - matchLabels: 10 | rbac.authorization.k8s.io/unit: "batch-view" 11 | - matchLabels: 12 | rbac.authorization.k8s.io/unit: "addons-argo-workflows-view" 13 | - matchLabels: 14 | rbac.authorization.k8s.io/unit: "addons-argo-workflowtemplates-view" 15 | rules: [] 16 | -------------------------------------------------------------------------------- /addons/csi-snapshotter/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | DOWNLOAD_VERSION="v6.3.2" 6 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 7 | 8 | curl -Ls "https://github.com/kubernetes-csi/external-snapshotter/archive/refs/tags/$DOWNLOAD_VERSION.tar.gz" -o $DOWNLOAD_DIRECTORY.tar.gz 9 | mkdir -p $DOWNLOAD_DIRECTORY 10 | tar -xzf $DOWNLOAD_VERSION.tar.gz --include "**/deploy/kubernetes/snapshot-controller" --include "**/client/config/crd" --directory $DOWNLOAD_DIRECTORY --strip-components 3 11 | rm -f $DOWNLOAD_VERSION.tar.gz 12 | -------------------------------------------------------------------------------- /observability/gatus/v5/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | configMapGenerator: 10 | - name: gatus-config 11 | files: 12 | - config.yaml=files/config.yaml 13 | 14 | namespace: default 15 | labels: 16 | - pairs: 17 | app.kubernetes.io/part-of: "gatus" 18 | app.kubernetes.io/version: "v5.20.0" 19 | includeTemplates: true 20 | 21 | 22 | images: 23 | - name: "twinproduction/gatus" 24 | newTag: "v5.20.0" 25 | -------------------------------------------------------------------------------- /observability/prometheus-operator/v0.44.1/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: prometheus-operator 5 | labels: 6 | app.kubernetes.io/component: "controller" 7 | app.kubernetes.io/name: "prometheus-operator" 8 | app.kubernetes.io/version: "v0.44.1" 9 | spec: 10 | type: ClusterIP 11 | clusterIP: None 12 | ports: 13 | - name: https 14 | port: 8443 15 | targetPort: https 16 | selector: 17 | app.kubernetes.io/component: "controller" 18 | app.kubernetes.io/name: "prometheus-operator" 19 | -------------------------------------------------------------------------------- /resources/cluster-roles/sets/batch.admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: set:batch:admin 5 | labels: 6 | rbac.authorization.k8s.io/set: "batch-admin" 7 | aggregationRule: 8 | clusterRoleSelectors: 9 | - matchLabels: 10 | rbac.authorization.k8s.io/unit: "batch-admin" 11 | - matchLabels: 12 | rbac.authorization.k8s.io/unit: "addons-argo-workflows-admin" 13 | - matchLabels: 14 | rbac.authorization.k8s.io/unit: "addons-argo-workflowtemplates-admin" 15 | rules: [] 16 | -------------------------------------------------------------------------------- /sample-services/whoami/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: whoami 5 | labels: 6 | app.kubernetes.io/name: "whoami" 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: "whoami" 12 | template: 13 | metadata: 14 | labels: 15 | app.kubernetes.io/name: "whoami" 16 | spec: 17 | containers: 18 | - name: whoami 19 | image: traefik/whoami 20 | ports: 21 | - name: http 22 | containerPort: 80 23 | -------------------------------------------------------------------------------- /addons/argo-cd-extensions/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | 6 | DOWNLOAD_URL="https://api.github.com/repos/argoproj-labs/argocd-extensions/tarball" 7 | DOWNLOAD_VERSION="v0.2.1" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION" -o $DOWNLOAD_VERSION.tar.gz 11 | mkdir -p $DOWNLOAD_DIRECTORY 12 | tar -xzf $DOWNLOAD_VERSION.tar.gz --include "**/manifests" --exclude "**/manifests/namespace-install" --directory $DOWNLOAD_DIRECTORY --strip-components 2 13 | rm -f $DOWNLOAD_VERSION.tar.gz 14 | -------------------------------------------------------------------------------- /addons/aws-load-balancer-controller/v2.4/ingress-class.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: IngressClass 3 | metadata: 4 | name: alb 5 | labels: 6 | app.kubernetes.io/name: "aws-load-balancer-controller" 7 | spec: 8 | controller: ingress.k8s.aws/alb 9 | parameters: 10 | apiGroup: elbv2.k8s.aws 11 | kind: IngressClassParams 12 | name: alb 13 | 14 | --- 15 | apiVersion: elbv2.k8s.aws/v1beta1 16 | kind: IngressClassParams 17 | metadata: 18 | name: alb 19 | labels: 20 | app.kubernetes.io/name: "aws-load-balancer-controller" 21 | -------------------------------------------------------------------------------- /observability/prometheus-exporters/node-exporter/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | 6 | DOWNLOAD_URL="https://api.github.com/repos/prometheus-operator/kube-prometheus/tarball" 7 | DOWNLOAD_VERSION="v0.10.0" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION" -o $DOWNLOAD_VERSION.tar.gz 11 | mkdir -p $DOWNLOAD_DIRECTORY 12 | tar -xzf $DOWNLOAD_VERSION.tar.gz --include "**/manifests/nodeExporter*" --directory $DOWNLOAD_DIRECTORY --strip-components 2 13 | rm -f $DOWNLOAD_VERSION.tar.gz 14 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/addons/argo-appprojects.admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:addons:argo-appprojects:admin 5 | labels: 6 | rbac.authorization.k8s.io/unit: "addons-argo-appprojects-admin" 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rules: 9 | - apiGroups: 10 | - argoproj.io 11 | resources: 12 | - appprojects 13 | verbs: 14 | - create 15 | - delete 16 | - deletecollection 17 | - get 18 | - list 19 | - patch 20 | - update 21 | - watch 22 | -------------------------------------------------------------------------------- /addons/argo-rollouts/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | 6 | DOWNLOAD_URL="https://api.github.com/repos/argoproj/argo-rollouts/tarball" 7 | DOWNLOAD_VERSION="v1.4.0" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION" -o argo-$DOWNLOAD_VERSION.tar.gz 11 | mkdir -p $DOWNLOAD_DIRECTORY 12 | tar -xzf argo-$DOWNLOAD_VERSION.tar.gz --include "**/manifests" --exclude "**/manifests/namespace-install" --directory $DOWNLOAD_DIRECTORY --strip-components 2 13 | rm -f argo-$DOWNLOAD_VERSION.tar.gz 14 | -------------------------------------------------------------------------------- /addons/external-secrets/v0.5/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: external-secrets-webhook 5 | labels: 6 | app.kubernetes.io/name: external-secrets-webhook 7 | app.kubernetes.io/instance: external-secrets 8 | external-secrets.io/component: webhook 9 | spec: 10 | type: ClusterIP 11 | ports: 12 | - port: 443 13 | targetPort: 10250 14 | protocol: TCP 15 | name: webhook 16 | selector: 17 | app.kubernetes.io/name: external-secrets-webhook 18 | app.kubernetes.io/instance: external-secrets 19 | -------------------------------------------------------------------------------- /addons/external-secrets/v0.6/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: external-secrets-webhook 5 | labels: 6 | app.kubernetes.io/name: external-secrets-webhook 7 | app.kubernetes.io/instance: external-secrets 8 | external-secrets.io/component: webhook 9 | spec: 10 | type: ClusterIP 11 | ports: 12 | - port: 443 13 | targetPort: 10250 14 | protocol: TCP 15 | name: webhook 16 | selector: 17 | app.kubernetes.io/name: external-secrets-webhook 18 | app.kubernetes.io/instance: external-secrets 19 | -------------------------------------------------------------------------------- /addons/kubernetes-external-secrets/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | 6 | DOWNLOAD_URL="https://api.github.com/repos/external-secrets/kubernetes-external-secrets/tarball" 7 | DOWNLOAD_VERSION="8.5.0" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION" -o $DOWNLOAD_VERSION.tar.gz 11 | mkdir -p $DOWNLOAD_DIRECTORY 12 | tar -xzf $DOWNLOAD_VERSION.tar.gz --include "**/charts/kubernetes-external-secrets" --directory $DOWNLOAD_DIRECTORY --strip-components 3 13 | rm -f $DOWNLOAD_VERSION.tar.gz 14 | -------------------------------------------------------------------------------- /misc/op-scim-bridge/v2.0/redis-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: op-scim-redis 5 | labels: 6 | app.kubernetes.io/name: "op-scim-redis" 7 | spec: 8 | selector: 9 | matchLabels: 10 | app.kubernetes.io/name: "op-scim-redis" 11 | replicas: 1 12 | template: 13 | metadata: 14 | labels: 15 | app.kubernetes.io/name: "op-scim-redis" 16 | spec: 17 | containers: 18 | - name: op-scim-redis 19 | image: redis:latest 20 | ports: 21 | - containerPort: 6379 22 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/addons/argo-applications.admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:addons:argo-applications:admin 5 | labels: 6 | rbac.authorization.k8s.io/unit: "addons-argo-applications-admin" 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rules: 9 | - apiGroups: 10 | - argoproj.io 11 | resources: 12 | - applications 13 | verbs: 14 | - create 15 | - delete 16 | - deletecollection 17 | - get 18 | - list 19 | - patch 20 | - update 21 | - watch 22 | -------------------------------------------------------------------------------- /addons/aws-load-balancer-controller/v2.4/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - deployment.yaml 7 | - service.yaml 8 | - rbac.yaml 9 | - cert.yaml 10 | - admission.yaml 11 | - ingress-class.yaml 12 | 13 | namespace: kube-system 14 | labels: 15 | - pairs: 16 | app.kubernetes.io/part-of: "aws-load-balancer-controller" 17 | app.kubernetes.io/version: "v2.4.5" 18 | includeSelectors: false 19 | 20 | images: 21 | - name: "amazon/aws-alb-ingress-controller" 22 | newTag: "v2.4.5" 23 | -------------------------------------------------------------------------------- /misc/atlantis/v0.18/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - statefulset.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | configMapGenerator: 10 | - name: atlantis-env 11 | envs: 12 | - config.env 13 | - name: atlantis-config 14 | files: 15 | - repos.yaml=files/repos.yaml 16 | - atlantis.yaml=files/atlantis.yaml 17 | 18 | namespace: default 19 | commonLabels: 20 | app.kubernetes.io/part-of: "atlantis" 21 | 22 | images: 23 | - name: "ghcr.io/runatlantis/atlantis" 24 | newTag: "v0.18.1" 25 | -------------------------------------------------------------------------------- /misc/atlantis/v0.19/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - statefulset.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | configMapGenerator: 10 | - name: atlantis-env 11 | envs: 12 | - config.env 13 | - name: atlantis-config 14 | files: 15 | - repos.yaml=files/repos.yaml 16 | - atlantis.yaml=files/atlantis.yaml 17 | 18 | namespace: default 19 | commonLabels: 20 | app.kubernetes.io/part-of: "atlantis" 21 | 22 | images: 23 | - name: "ghcr.io/runatlantis/atlantis" 24 | newTag: "v0.19.7" 25 | -------------------------------------------------------------------------------- /addons/kubernetes-dashboard/v2.2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - 01_dashboard-serviceaccount.yaml 6 | - 02_dashboard-service.yaml 7 | - 03_dashboard-secret.yaml 8 | - 04_dashboard-configmap.yaml 9 | - 05_dashboard-rbac.yaml 10 | - 06_dashboard-deployment.yaml 11 | - 07_scraper-service.yaml 12 | - 08_scraper-deployment.yaml 13 | 14 | namespace: default 15 | 16 | images: 17 | - name: "kubernetesui/dashboard" 18 | newTag: "v2.2.0" 19 | - name: "kubernetesui/metrics-scraper" 20 | newTag: "v1.0.6" 21 | -------------------------------------------------------------------------------- /observability/prometheus-operator/components/service-monitor-coredns/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: coredns 5 | labels: 6 | app.kubernetes.io/name: "coredns" 7 | k8s-app: coredns 8 | spec: 9 | endpoints: 10 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 11 | interval: 15s 12 | port: metrics 13 | jobLabel: k8s-app 14 | namespaceSelector: 15 | matchNames: 16 | - kube-system 17 | selector: 18 | matchLabels: 19 | k8s-app: kube-dns 20 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/addons/argo-workflows.admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:addons:argo-workflows:admin 5 | labels: 6 | rbac.authorization.k8s.io/unit: "addons-argo-workflows-admin" 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rules: 9 | - apiGroups: 10 | - argoproj.io 11 | resources: 12 | - workflows 13 | - cronworkflows 14 | verbs: 15 | - create 16 | - delete 17 | - deletecollection 18 | - get 19 | - list 20 | - patch 21 | - update 22 | - watch 23 | -------------------------------------------------------------------------------- /addons/aws-vpc-cni/v1.9/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - daemonset.yaml 7 | - rbac.yaml 8 | 9 | namespace: kube-system 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "aws-node" 13 | app.kubernetes.io/version: "v1.9.3" 14 | includeSelectors: false 15 | 16 | images: 17 | - name: "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init" 18 | newTag: "v1.9.3" 19 | - name: "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni" 20 | newTag: "v1.9.3" 21 | -------------------------------------------------------------------------------- /observability/alertmanager/v0.24/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: alert-router 6 | app.kubernetes.io/instance: main 7 | app.kubernetes.io/name: alertmanager 8 | name: alertmanager-main 9 | spec: 10 | ports: 11 | - name: web 12 | port: 9093 13 | targetPort: web 14 | - name: reloader-web 15 | port: 8080 16 | targetPort: reloader-web 17 | selector: 18 | app.kubernetes.io/component: alert-router 19 | app.kubernetes.io/instance: main 20 | sessionAffinity: ClientIP 21 | -------------------------------------------------------------------------------- /addons/aws-vpc-cni/v1.11/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - daemonset.yaml 7 | - rbac.yaml 8 | 9 | # namespace: kube-system 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "aws-vpc-cni" 13 | app.kubernetes.io/version: "v1.11.4" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init" 18 | newTag: "v1.11.4" 19 | - name: "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni" 20 | newTag: "v1.11.4" 21 | -------------------------------------------------------------------------------- /addons/aws-vpc-cni/v1.12/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - daemonset.yaml 7 | - rbac.yaml 8 | 9 | # namespace: kube-system 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "aws-vpc-cni" 13 | app.kubernetes.io/version: "v1.12.1" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init" 18 | newTag: "v1.12.1" 19 | - name: "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni" 20 | newTag: "v1.12.1" 21 | -------------------------------------------------------------------------------- /addons/kubernetes-dashboard/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | 6 | DOWNLOAD_URL="https://api.github.com/repos/kubernetes/dashboard/tarball" 7 | DOWNLOAD_VERSION="v2.2.0" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION" -o kubernetes-dashboard-$DOWNLOAD_VERSION.tar.gz 11 | mkdir -p $DOWNLOAD_DIRECTORY 12 | tar -xzf kubernetes-dashboard-$DOWNLOAD_VERSION.tar.gz --include "**/aio/deploy/alternative" --directory $DOWNLOAD_DIRECTORY --strip-components 4 13 | rm -f kubernetes-dashboard-$DOWNLOAD_VERSION.tar.gz 14 | -------------------------------------------------------------------------------- /observability/prometheus-operator/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | 6 | DOWNLOAD_URL="https://api.github.com/repos/prometheus-operator/kube-prometheus/tarball" 7 | DOWNLOAD_VERSION="v0.11.0" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION" -o $DOWNLOAD_VERSION.tar.gz 11 | mkdir -p $DOWNLOAD_DIRECTORY 12 | tar -xzf $DOWNLOAD_VERSION.tar.gz --include "**/manifests/prometheusOperator*" --include "**/manifests/setup" --directory $DOWNLOAD_DIRECTORY --strip-components 2 13 | rm -f $DOWNLOAD_VERSION.tar.gz 14 | -------------------------------------------------------------------------------- /addons/metrics-server/components/ha/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: metrics-server 5 | spec: 6 | replicas: 2 7 | strategy: 8 | rollingUpdate: 9 | maxUnavailable: 1 10 | template: 11 | spec: 12 | affinity: 13 | podAntiAffinity: 14 | requiredDuringSchedulingIgnoredDuringExecution: 15 | - labelSelector: 16 | matchLabels: 17 | k8s-app: metrics-server 18 | namespaces: 19 | - kube-system 20 | topologyKey: kubernetes.io/hostname 21 | -------------------------------------------------------------------------------- /addons/argo-cd-extensions/v0.2/deployment.argocd-server.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: argocd-server 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: argocd-server 10 | volumeMounts: 11 | - name: extensions 12 | mountPath: /tmp/extensions/ 13 | - name: argocd-extensions 14 | image: ghcr.io/argoproj-labs/argocd-extensions:latest 15 | volumeMounts: 16 | - name: extensions 17 | mountPath: /tmp/extensions/ 18 | volumes: 19 | - name: extensions 20 | emptyDir: {} 21 | -------------------------------------------------------------------------------- /addons/aws-vpc-cni/v1.10/crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: eniconfigs.crd.k8s.amazonaws.com 5 | labels: 6 | k8s-app: "aws-node" 7 | spec: 8 | group: crd.k8s.amazonaws.com 9 | scope: Cluster 10 | preserveUnknownFields: false 11 | names: 12 | kind: ENIConfig 13 | plural: eniconfigs 14 | singular: eniconfig 15 | versions: 16 | - name: v1alpha1 17 | served: true 18 | storage: true 19 | schema: 20 | openAPIV3Schema: 21 | type: object 22 | x-kubernetes-preserve-unknown-fields: true 23 | -------------------------------------------------------------------------------- /observability/prometheus/resources/service-monitor/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: prometheus-k8s 5 | labels: 6 | app.kubernetes.io/component: prometheus 7 | app.kubernetes.io/instance: k8s 8 | app.kubernetes.io/name: prometheus 9 | spec: 10 | endpoints: 11 | - interval: 30s 12 | port: web 13 | - interval: 30s 14 | port: reloader-web 15 | selector: 16 | matchLabels: 17 | app.kubernetes.io/component: prometheus 18 | app.kubernetes.io/instance: k8s 19 | app.kubernetes.io/name: prometheus 20 | -------------------------------------------------------------------------------- /observability/prometheus/v2.37/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: prometheus-k8s 5 | labels: 6 | app.kubernetes.io/component: prometheus 7 | app.kubernetes.io/instance: k8s 8 | app.kubernetes.io/name: prometheus 9 | spec: 10 | ports: 11 | - name: web 12 | port: 9090 13 | targetPort: web 14 | - name: reloader-web 15 | port: 8080 16 | targetPort: reloader-web 17 | selector: 18 | app.kubernetes.io/component: prometheus 19 | app.kubernetes.io/instance: k8s 20 | app.kubernetes.io/name: prometheus 21 | sessionAffinity: ClientIP 22 | -------------------------------------------------------------------------------- /observability/filebeat/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -eu -o pipefail 4 | 5 | 6 | DOWNLOAD_URL="https://api.github.com/repos/elastic/beats/tarball" 7 | DOWNLOAD_VERSION="v7.13.2" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION" -o beats-$DOWNLOAD_VERSION.tar.gz 11 | mkdir -p $DOWNLOAD_DIRECTORY 12 | tar -xzf beats-$DOWNLOAD_VERSION.tar.gz --include "elastic-beats-*/deploy/kubernetes/filebeat/*" --directory $DOWNLOAD_DIRECTORY --strip-components 4 13 | rm -f beats-$DOWNLOAD_VERSION.tar.gz 14 | sed -e '/namespace: kube-system/d' -i '' $DOWNLOAD_DIRECTORY/* 15 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/namespaces.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:namespaces:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "namespaces-view" 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rules: 9 | ## Cluster Scoped 10 | - apiGroups: 11 | - "" 12 | resources: 13 | - namespaces 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | ## Namspace Scoped 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - limitranges 23 | - resourcequotas 24 | verbs: 25 | - get 26 | - list 27 | - watch 28 | -------------------------------------------------------------------------------- /.github/workflows/sync-labels.yaml: -------------------------------------------------------------------------------- 1 | name: Sync labels 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - .github/labels.yaml 9 | workflow_dispatch: {} 10 | 11 | jobs: 12 | sync-labels: 13 | runs-on: ubuntu-latest 14 | 15 | steps: 16 | - name: Checkout 17 | uses: actions/checkout@v4 18 | 19 | - name: Sync labels 20 | uses: crazy-max/ghaction-github-labeler@v5 21 | with: 22 | github-token: ${{ secrets.GITHUB_TOKEN }} 23 | yaml-file: .github/labels.yaml 24 | skip-delete: false 25 | dry-run: false 26 | # exclude: | 27 | -------------------------------------------------------------------------------- /addons/argo-workflows/v3.1/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - install.yaml 6 | # components: 7 | # - ../../../../components/init-workloads 8 | 9 | namespace: default 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/part-of: "argo-workflow" 13 | app.kubernetes.io/version: "v3.1.1" 14 | includeTemplates: true 15 | 16 | images: 17 | - name: "docker.io/argoproj/argocli" 18 | newTag: "v3.1.1" 19 | - name: "docker.io/argoproj/workflow-controller" 20 | newTag: "v3.1.1" 21 | - name: "docker.io/argoproj/argoexec" 22 | newTag: "v3.1.1" 23 | -------------------------------------------------------------------------------- /addons/aws-vpc-cni/v1.10/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - daemonset.yaml 7 | - rbac.yaml 8 | 9 | namespace: kube-system 10 | labels: 11 | - pairs: 12 | app.kubernetes.io/name: "aws-node" 13 | app.kubernetes.io/part-of: "aws-node" 14 | app.kubernetes.io/version: "v1.10.3" 15 | includeSelectors: false 16 | 17 | images: 18 | - name: "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init" 19 | newTag: "v1.10.3" 20 | - name: "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni" 21 | newTag: "v1.10.3" 22 | -------------------------------------------------------------------------------- /observability/alertmanager/resources/service-monitor/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: alert-router 6 | app.kubernetes.io/instance: main 7 | app.kubernetes.io/name: alertmanager 8 | name: alertmanager-main 9 | spec: 10 | endpoints: 11 | - interval: 30s 12 | port: web 13 | - interval: 30s 14 | port: reloader-web 15 | selector: 16 | matchLabels: 17 | app.kubernetes.io/component: alert-router 18 | app.kubernetes.io/instance: main 19 | app.kubernetes.io/name: alertmanager 20 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/addons/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | # Argo CD 6 | - argo-applications.admin.yaml 7 | - argo-applications.view.yaml 8 | - argo-appprojects.admin.yaml 9 | - argo-appprojects.view.yaml 10 | # Argo Workflows 11 | - argo-workflows.admin.yaml 12 | - argo-workflows.view.yaml 13 | - argo-workflowtemplates.admin.yaml 14 | - argo-workflowtemplates.view.yaml 15 | # External Secrets 16 | - externalsecrets.admin.yaml 17 | - externalsecrets.view.yaml 18 | # Sealed Secrets 19 | - sealedsecrets.admin.yaml 20 | - sealedsecrets.view.yaml 21 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/serviceaccounts.admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:serviceaccounts:admin 5 | labels: 6 | rbac.authorization.k8s.io/unit: "serviceaccounts-admin" 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - serviceaccounts 13 | verbs: 14 | - create 15 | - delete 16 | - deletecollection 17 | - get 18 | - list 19 | - patch 20 | - update 21 | - watch 22 | - apiGroups: 23 | - "" 24 | resources: 25 | - serviceaccounts/token 26 | verbs: 27 | - create 28 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/daemonsets.admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:daemonsets:admin 5 | labels: 6 | rbac.authorization.k8s.io/unit: "daemonsets-admin" 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rules: 9 | - apiGroups: 10 | - apps 11 | resources: 12 | - daemonsets 13 | verbs: 14 | - create 15 | - delete 16 | - deletecollection 17 | - get 18 | - list 19 | - patch 20 | - update 21 | - watch 22 | - apiGroups: 23 | - apps 24 | resources: 25 | - daemonsets/status 26 | verbs: 27 | - get 28 | - patch 29 | - update 30 | -------------------------------------------------------------------------------- /misc/atlantis/v0.21/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - statefulset.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | configMapGenerator: 10 | - name: atlantis-env 11 | envs: 12 | - config.env 13 | - name: atlantis-config 14 | files: 15 | - repos.yaml=files/repos.yaml 16 | - atlantis.yaml=files/atlantis.yaml 17 | 18 | namespace: default 19 | labels: 20 | - pairs: 21 | app.kubernetes.io/part-of: "atlantis" 22 | app.kubernetes.io/version: "0.21.0" 23 | includeTemplates: true 24 | 25 | 26 | images: 27 | - name: "ghcr.io/runatlantis/atlantis" 28 | newTag: "v0.21.0" 29 | -------------------------------------------------------------------------------- /misc/atlantis/v0.23/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - statefulset.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | configMapGenerator: 10 | - name: atlantis-env 11 | envs: 12 | - config.env 13 | - name: atlantis-config 14 | files: 15 | - repos.yaml=files/repos.yaml 16 | - atlantis.yaml=files/atlantis.yaml 17 | 18 | namespace: default 19 | labels: 20 | - pairs: 21 | app.kubernetes.io/part-of: "atlantis" 22 | app.kubernetes.io/version: "0.23.1" 23 | includeTemplates: true 24 | 25 | 26 | images: 27 | - name: "ghcr.io/runatlantis/atlantis" 28 | newTag: "v0.23.1" 29 | -------------------------------------------------------------------------------- /addons/cert-manager/v1.7/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crd.yaml 6 | - configmap.yaml 7 | - deployment.yaml 8 | - deployment.cert-manager-webhook.yaml 9 | - deployment.cert-manager-cainjector.yaml 10 | - service.yaml 11 | - service.cert-manager-webhook.yaml 12 | - rbac.yaml 13 | - admission.yaml 14 | 15 | # namespace: cert-manager 16 | 17 | images: 18 | - name: "quay.io/jetstack/cert-manager-cainjector" 19 | newTag: "v1.7.1" 20 | - name: "quay.io/jetstack/cert-manager-controller" 21 | newTag: "v1.7.1" 22 | - name: "quay.io/jetstack/cert-manager-webhook" 23 | newTag: "v1.7.1" 24 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/batch.admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:batch:admin 5 | labels: 6 | rbac.authorization.k8s.io/unit: "batch-admin" 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rules: 9 | - apiGroups: 10 | - batch 11 | resources: 12 | - cronjobs 13 | - jobs 14 | verbs: 15 | - create 16 | - delete 17 | - deletecollection 18 | - get 19 | - list 20 | - patch 21 | - update 22 | - watch 23 | - apiGroups: 24 | - batch 25 | resources: 26 | - cronjobs/status 27 | - jobs/status 28 | verbs: 29 | - get 30 | - patch 31 | - update 32 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/rbac.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:rbac:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "rbac-view" 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rules: 9 | ## Cluster Scoped 10 | - apiGroups: 11 | - rbac.authorization.k8s.io 12 | resources: 13 | - clusterroles 14 | - clusterrolebindings 15 | verbs: 16 | - get 17 | - list 18 | - watch 19 | ## Namspace Scoped 20 | - apiGroups: 21 | - rbac.authorization.k8s.io 22 | resources: 23 | - roles 24 | - rolebindings 25 | verbs: 26 | - get 27 | - list 28 | - watch 29 | -------------------------------------------------------------------------------- /addons/aws-node-termination-handler/v1.18/imds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - daemonset.yaml 6 | - rbac.yaml 7 | - psp.yaml 8 | patchesStrategicMerge: 9 | - patch.daemonset.yaml 10 | 11 | configMapGenerator: 12 | - name: aws-node-termination-handler-config 13 | envs: 14 | - env 15 | 16 | namespace: kube-system 17 | labels: 18 | - pairs: 19 | app.kubernetes.io/part-of: "aws-node-termination-handler" 20 | app.kubernetes.io/version: "v1.8.2" 21 | includeTemplates: true 22 | 23 | images: 24 | - name: "public.ecr.aws/aws-ec2/aws-node-termination-handler" 25 | newTag: "v1.18.2" 26 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/ingresses.admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:ingresses:admin 5 | labels: 6 | rbac.authorization.k8s.io/unit: "ingresses-admin" 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rules: 9 | - apiGroups: 10 | - networking.k8s.io 11 | resources: 12 | - ingresses 13 | verbs: 14 | - create 15 | - delete 16 | - deletecollection 17 | - get 18 | - list 19 | - patch 20 | - update 21 | - watch 22 | - apiGroups: 23 | - networking.k8s.io 24 | resources: 25 | - ingresses/status 26 | verbs: 27 | - get 28 | - patch 29 | - update 30 | -------------------------------------------------------------------------------- /addons/cert-manager/v1.7/service.cert-manager-webhook.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: cert-manager-webhook 5 | namespace: cert-manager 6 | labels: 7 | app: webhook 8 | app.kubernetes.io/name: webhook 9 | app.kubernetes.io/instance: cert-manager 10 | app.kubernetes.io/component: "webhook" 11 | app.kubernetes.io/version: "v1.7.1" 12 | spec: 13 | type: ClusterIP 14 | ports: 15 | - name: https 16 | port: 443 17 | protocol: TCP 18 | targetPort: "https" 19 | selector: 20 | app.kubernetes.io/name: webhook 21 | app.kubernetes.io/instance: cert-manager 22 | app.kubernetes.io/component: "webhook" 23 | -------------------------------------------------------------------------------- /observability/prometheus-operator/resources/service-monitor/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: prometheus-operator 5 | labels: 6 | app.kubernetes.io/component: "controller" 7 | app.kubernetes.io/name: "prometheus-operator" 8 | spec: 9 | endpoints: 10 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 11 | honorLabels: true 12 | port: https 13 | scheme: https 14 | tlsConfig: 15 | insecureSkipVerify: true 16 | selector: 17 | matchLabels: 18 | app.kubernetes.io/component: "controller" 19 | app.kubernetes.io/name: "prometheus-operator" 20 | -------------------------------------------------------------------------------- /addons/argo-cd/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | 6 | DOWNLOAD_URL="https://api.github.com/repos/argoproj/argo-cd/tarball" 7 | DOWNLOAD_VERSION="v2.5.4" 8 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 9 | 10 | curl -Ls "$DOWNLOAD_URL/$DOWNLOAD_VERSION" -o argo-cd-$DOWNLOAD_VERSION.tar.gz 11 | mkdir -p $DOWNLOAD_DIRECTORY 12 | tar -xzf argo-cd-$DOWNLOAD_VERSION.tar.gz --include "**/manifests" --directory $DOWNLOAD_DIRECTORY --strip-components 2 13 | rm -f argo-cd-$DOWNLOAD_VERSION.tar.gz 14 | 15 | curl -Ls https://raw.githubusercontent.com/argoproj/argo-cd/${DOWNLOAD_VERSION}/notifications_catalog/install.yaml -o config-map.argocd-notifications-cm.yaml 16 | -------------------------------------------------------------------------------- /addons/aws-node-termination-handler/v1.18/queue-processor/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - rbac.yaml 7 | - psp.yaml 8 | patchesStrategicMerge: 9 | - patch.deployment.yaml 10 | 11 | configMapGenerator: 12 | - name: aws-node-termination-handler-config 13 | envs: 14 | - env 15 | 16 | namespace: kube-system 17 | labels: 18 | - pairs: 19 | app.kubernetes.io/part-of: "aws-node-termination-handler" 20 | app.kubernetes.io/version: "v1.8.2" 21 | includeTemplates: true 22 | 23 | images: 24 | - name: "public.ecr.aws/aws-ec2/aws-node-termination-handler" 25 | newTag: "v1.18.2" 26 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/addons/argo-workflowtemplates.view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:addons:argo-workflowtemplates:view 5 | labels: 6 | rbac.authorization.k8s.io/unit: "addons-argo-workflowtemplates-view" 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rules: 9 | ## Cluster Scoped 10 | - apiGroups: 11 | - argoproj.io 12 | resources: 13 | - clusterworkflowtemplates 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | ## Namspace Scoped 19 | - apiGroups: 20 | - argoproj.io 21 | resources: 22 | - workflowtemplates 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/statefulsets.admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:statefulsets:admin 5 | labels: 6 | rbac.authorization.k8s.io/unit: "statefulsets-admin" 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rules: 9 | - apiGroups: 10 | - apps 11 | resources: 12 | - statefulsets 13 | verbs: 14 | - create 15 | - delete 16 | - deletecollection 17 | - get 18 | - list 19 | - patch 20 | - update 21 | - watch 22 | - apiGroups: 23 | - apps 24 | resources: 25 | - statefulsets/scale 26 | - statefulsets/status 27 | verbs: 28 | - get 29 | - patch 30 | - update 31 | -------------------------------------------------------------------------------- /addons/cert-manager/v1.7/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: cert-manager 5 | namespace: cert-manager 6 | labels: 7 | app: cert-manager 8 | app.kubernetes.io/name: cert-manager 9 | app.kubernetes.io/instance: cert-manager 10 | app.kubernetes.io/component: "controller" 11 | app.kubernetes.io/version: "v1.7.1" 12 | spec: 13 | type: ClusterIP 14 | ports: 15 | - protocol: TCP 16 | port: 9402 17 | name: tcp-prometheus-servicemonitor 18 | targetPort: 9402 19 | selector: 20 | app.kubernetes.io/name: cert-manager 21 | app.kubernetes.io/instance: cert-manager 22 | app.kubernetes.io/component: "controller" 23 | -------------------------------------------------------------------------------- /addons/sealed-secrets/v0.15/crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: sealedsecrets.bitnami.com 5 | spec: 6 | group: bitnami.com 7 | names: 8 | kind: SealedSecret 9 | listKind: SealedSecretList 10 | plural: sealedsecrets 11 | singular: sealedsecret 12 | scope: Namespaced 13 | versions: 14 | - name: v1alpha1 15 | schema: 16 | openAPIV3Schema: 17 | properties: 18 | spec: 19 | type: object 20 | x-kubernetes-preserve-unknown-fields: true 21 | type: object 22 | served: true 23 | storage: true 24 | subresources: 25 | status: {} 26 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/addons/sealedsecrets.admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:addons:sealedsecrets:admin 5 | labels: 6 | rbac.authorization.k8s.io/unit: "addons-secrets-admin" 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rules: 9 | - apiGroups: 10 | - bitnami.com 11 | resources: 12 | - sealedsecrets 13 | verbs: 14 | - create 15 | - delete 16 | - deletecollection 17 | - get 18 | - list 19 | - patch 20 | - update 21 | - watch 22 | - apiGroups: 23 | - bitnami.com 24 | resources: 25 | - sealedsecrets/status 26 | verbs: 27 | - get 28 | - patch 29 | - watch 30 | -------------------------------------------------------------------------------- /misc/miniflux/v2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - service.yaml 7 | - rbac.yaml 8 | 9 | configMapGenerator: 10 | - name: miniflux-config 11 | files: 12 | - miniflux.conf=files/miniflux.conf 13 | options: 14 | disableNameSuffixHash: true 15 | 16 | namespace: default 17 | labels: 18 | - pairs: 19 | app.kubernetes.io/part-of: "miniflux" 20 | app.kubernetes.io/version: "2.2.9" 21 | includeTemplates: true 22 | 23 | 24 | images: 25 | - name: miniflux 26 | newName: miniflux/miniflux 27 | newTag: "2.2.9" 28 | - name: reactflux 29 | newName: electh/reactflux 30 | newTag: "latest" 31 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/addons/externalsecrets.admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:addons:externalsecrets:admin 5 | labels: 6 | rbac.authorization.k8s.io/unit: "addons-externalsecrets-admin" 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rules: 9 | - apiGroups: 10 | - kubernetes-client.io 11 | resources: 12 | - externalsecrets 13 | verbs: 14 | - create 15 | - delete 16 | - deletecollection 17 | - get 18 | - list 19 | - patch 20 | - update 21 | - watch 22 | - apiGroups: 23 | - kubernetes-client.io 24 | resources: 25 | - externalsecrets/status 26 | verbs: 27 | - get 28 | - patch 29 | - watch 30 | -------------------------------------------------------------------------------- /sample-services/http-https-echo/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: http-https-echo 5 | labels: 6 | app.kubernetes.io/name: "http-https-echo" 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: "http-https-echo" 12 | template: 13 | metadata: 14 | labels: 15 | app.kubernetes.io/name: "http-https-echo" 16 | spec: 17 | serviceAccountName: http-https-echo 18 | containers: 19 | - name: http-https-echo 20 | image: mendhak/http-https-echo 21 | ports: 22 | - name: http 23 | containerPort: 8080 24 | - name: https 25 | containerPort: 8443 26 | -------------------------------------------------------------------------------- /addons/aws-vpc-cni/v1.11/crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: eniconfigs.crd.k8s.amazonaws.com 5 | labels: 6 | app.kubernetes.io/name: aws-node 7 | app.kubernetes.io/instance: aws-vpc-cni 8 | k8s-app: aws-node 9 | app.kubernetes.io/version: "v1.11.4" 10 | spec: 11 | scope: Cluster 12 | group: crd.k8s.amazonaws.com 13 | preserveUnknownFields: false 14 | versions: 15 | - name: v1alpha1 16 | served: true 17 | storage: true 18 | schema: 19 | openAPIV3Schema: 20 | type: object 21 | x-kubernetes-preserve-unknown-fields: true 22 | names: 23 | plural: eniconfigs 24 | singular: eniconfig 25 | kind: ENIConfig 26 | -------------------------------------------------------------------------------- /addons/aws-vpc-cni/v1.12/crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: eniconfigs.crd.k8s.amazonaws.com 5 | labels: 6 | app.kubernetes.io/name: aws-node 7 | app.kubernetes.io/instance: aws-vpc-cni 8 | k8s-app: aws-node 9 | app.kubernetes.io/version: "v1.12.1" 10 | spec: 11 | scope: Cluster 12 | group: crd.k8s.amazonaws.com 13 | preserveUnknownFields: false 14 | versions: 15 | - name: v1alpha1 16 | served: true 17 | storage: true 18 | schema: 19 | openAPIV3Schema: 20 | type: object 21 | x-kubernetes-preserve-unknown-fields: true 22 | names: 23 | plural: eniconfigs 24 | singular: eniconfig 25 | kind: ENIConfig 26 | -------------------------------------------------------------------------------- /observability/logstash/v7.13/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - statefulset.yaml 6 | - poddisruptionbudget.yaml 7 | - rbac.yaml 8 | - service.yaml 9 | 10 | configMapGenerator: 11 | - name: logstash-config 12 | files: 13 | - logstash.yml=files/logstash.yml 14 | - pipelines.yml=files/pipelines.yml 15 | - name: logstash-pipelines 16 | files: 17 | - main.conf=files/pipelines/main.conf 18 | - name: logstash-patterns 19 | files: [] 20 | - name: logstash-files 21 | files: [] 22 | 23 | namespace: default 24 | commonLabels: 25 | app.kubernetes.io/part-of: "logstash" 26 | 27 | images: 28 | - name: "docker.elastic.co/logstash/logstash" 29 | newTag: "7.13.2" 30 | -------------------------------------------------------------------------------- /observability/logstash/v7.15/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - statefulset.yaml 6 | - poddisruptionbudget.yaml 7 | - rbac.yaml 8 | - service.yaml 9 | 10 | configMapGenerator: 11 | - name: logstash-config 12 | files: 13 | - logstash.yml=files/logstash.yml 14 | - pipelines.yml=files/pipelines.yml 15 | - name: logstash-pipelines 16 | files: 17 | - main.conf=files/pipelines/main.conf 18 | - name: logstash-patterns 19 | files: [] 20 | - name: logstash-files 21 | files: [] 22 | 23 | namespace: default 24 | commonLabels: 25 | app.kubernetes.io/part-of: "logstash" 26 | 27 | images: 28 | - name: "docker.elastic.co/logstash/logstash" 29 | newTag: "7.15.1" 30 | -------------------------------------------------------------------------------- /observability/prometheus-operator/v0.57/network-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: controller 6 | app.kubernetes.io/name: prometheus-operator 7 | app.kubernetes.io/version: 0.57.0 8 | name: prometheus-operator 9 | spec: 10 | egress: 11 | - {} 12 | ingress: 13 | - from: 14 | - podSelector: 15 | matchLabels: 16 | app.kubernetes.io/name: prometheus 17 | ports: 18 | - port: 8443 19 | protocol: TCP 20 | podSelector: 21 | matchLabels: 22 | app.kubernetes.io/component: controller 23 | app.kubernetes.io/name: prometheus-operator 24 | policyTypes: 25 | - Egress 26 | - Ingress 27 | -------------------------------------------------------------------------------- /addons/external-secrets/v0.5/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crds/clusterexternalsecret.yaml 6 | - crds/clustersecretstore.yaml 7 | - crds/externalsecret.yaml 8 | - crds/secretstore.yaml 9 | - cert-controller/deployment.yaml 10 | - cert-controller/rbac.yaml 11 | - webhook/deployment.yaml 12 | - webhook/rbac.yaml 13 | - webhook/secret.yaml 14 | - webhook/service.yaml 15 | - admission.yaml 16 | - deployment.yaml 17 | - rbac.yaml 18 | 19 | namespace: external-secrets 20 | labels: 21 | - pairs: 22 | app.kubernetes.io/version: "v0.5.9" 23 | includeSelectors: false 24 | 25 | 26 | images: 27 | - name: "ghcr.io/external-secrets/external-secrets" 28 | newTag: "v0.5.9" 29 | -------------------------------------------------------------------------------- /addons/external-secrets/v0.6/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - crds/clusterexternalsecret.yaml 6 | - crds/clustersecretstore.yaml 7 | - crds/externalsecret.yaml 8 | - crds/secretstore.yaml 9 | - cert-controller/deployment.yaml 10 | - cert-controller/rbac.yaml 11 | - webhook/deployment.yaml 12 | - webhook/rbac.yaml 13 | - webhook/secret.yaml 14 | - webhook/service.yaml 15 | - admission.yaml 16 | - deployment.yaml 17 | - rbac.yaml 18 | 19 | namespace: external-secrets 20 | labels: 21 | - pairs: 22 | app.kubernetes.io/version: "v0.6.1" 23 | includeSelectors: false 24 | 25 | 26 | images: 27 | - name: "ghcr.io/external-secrets/external-secrets" 28 | newTag: "v0.6.1" 29 | -------------------------------------------------------------------------------- /addons/traefik-ingress-controller/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | CHART_VERSION="15.3.0" 6 | DOWNLOAD_VERSION="v2.9.1" 7 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 8 | 9 | helm repo add traefik https://helm.traefik.io/traefik 10 | helm repo update traefik 11 | 12 | mkdir -p $DOWNLOAD_DIRECTORY 13 | 14 | helm template traefik \ 15 | traefik/traefik \ 16 | -n traefik \ 17 | --set installCRDs=true \ 18 | --version $CHART_VERSION \ 19 | --output-dir $DOWNLOAD_DIRECTORY 20 | 21 | 22 | CRD_URL="https://raw.githubusercontent.com/traefik/traefik/${DOWNLOAD_VERSION}/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml" 23 | curl -Ls "$CRD_URL" -o $DOWNLOAD_DIRECTORY/crd.yaml 24 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/deployments.admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:deployments:admin 5 | labels: 6 | rbac.authorization.k8s.io/unit: "deployments-admin" 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rules: 9 | - apiGroups: 10 | - apps 11 | resources: 12 | - deployments 13 | - replicasets 14 | verbs: 15 | - create 16 | - delete 17 | - deletecollection 18 | - get 19 | - list 20 | - patch 21 | - update 22 | - watch 23 | - apiGroups: 24 | - apps 25 | resources: 26 | - deployments/scale 27 | - deployments/status 28 | - replicasets/scale 29 | - replicasets/status 30 | verbs: 31 | - get 32 | - patch 33 | - update 34 | -------------------------------------------------------------------------------- /addons/aws-load-balancer-controller/v2.4/cert.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: aws-load-balancer-serving-cert 5 | labels: 6 | app.kubernetes.io/name: "aws-load-balancer-controller" 7 | spec: 8 | dnsNames: 9 | - aws-load-balancer-webhook-service.kube-system.svc 10 | - aws-load-balancer-webhook-service.kube-system.svc.cluster.local 11 | issuerRef: 12 | kind: Issuer 13 | name: aws-load-balancer-selfsigned-issuer 14 | secretName: aws-load-balancer-webhook-tls 15 | 16 | --- 17 | apiVersion: cert-manager.io/v1 18 | kind: Issuer 19 | metadata: 20 | name: aws-load-balancer-selfsigned-issuer 21 | labels: 22 | app.kubernetes.io/name: "aws-load-balancer-controller" 23 | spec: 24 | selfSigned: {} 25 | -------------------------------------------------------------------------------- /addons/aws-node-termination-handler/download.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euf -o pipefail 4 | 5 | DOWNLOAD_VERSION="v1.18.2" 6 | DOWNLOAD_URL="https://github.com/aws/aws-node-termination-handler/releases/download/$DOWNLOAD_VERSION/" 7 | DOWNLOAD_DIRECTORY="$DOWNLOAD_VERSION" 8 | 9 | curl -Ls $DOWNLOAD_URL/individual-resources.tar -o imds.tar 10 | curl -Ls $DOWNLOAD_URL/individual-resources-queue-processor.tar -o queue-processor.tar 11 | mkdir -p $DOWNLOAD_DIRECTORY/imds 12 | mkdir -p $DOWNLOAD_DIRECTORY/queue-processor 13 | tar -xzf imds.tar --directory $DOWNLOAD_DIRECTORY/imds --strip-components 1 14 | tar -xzf queue-processor.tar --directory $DOWNLOAD_DIRECTORY/queue-processor --strip-components 1 15 | 16 | rm -f imds.tar 17 | rm -f queue-processor.tar 18 | -------------------------------------------------------------------------------- /addons/sealed-secrets/v0.16/crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: sealedsecrets.bitnami.com 5 | spec: 6 | group: bitnami.com 7 | names: 8 | kind: SealedSecret 9 | listKind: SealedSecretList 10 | plural: sealedsecrets 11 | singular: sealedsecret 12 | scope: Namespaced 13 | versions: 14 | - name: v1alpha1 15 | schema: 16 | openAPIV3Schema: 17 | properties: 18 | spec: 19 | type: object 20 | x-kubernetes-preserve-unknown-fields: true 21 | status: 22 | x-kubernetes-preserve-unknown-fields: true 23 | type: object 24 | served: true 25 | storage: true 26 | subresources: 27 | status: {} 28 | -------------------------------------------------------------------------------- /addons/sealed-secrets/v0.17/crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: sealedsecrets.bitnami.com 5 | spec: 6 | group: bitnami.com 7 | names: 8 | kind: SealedSecret 9 | listKind: SealedSecretList 10 | plural: sealedsecrets 11 | singular: sealedsecret 12 | scope: Namespaced 13 | versions: 14 | - name: v1alpha1 15 | schema: 16 | openAPIV3Schema: 17 | properties: 18 | spec: 19 | type: object 20 | x-kubernetes-preserve-unknown-fields: true 21 | status: 22 | x-kubernetes-preserve-unknown-fields: true 23 | type: object 24 | served: true 25 | storage: true 26 | subresources: 27 | status: {} 28 | -------------------------------------------------------------------------------- /addons/sealed-secrets/v0.18/crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: sealedsecrets.bitnami.com 5 | spec: 6 | group: bitnami.com 7 | names: 8 | kind: SealedSecret 9 | listKind: SealedSecretList 10 | plural: sealedsecrets 11 | singular: sealedsecret 12 | scope: Namespaced 13 | versions: 14 | - name: v1alpha1 15 | schema: 16 | openAPIV3Schema: 17 | properties: 18 | spec: 19 | type: object 20 | x-kubernetes-preserve-unknown-fields: true 21 | status: 22 | x-kubernetes-preserve-unknown-fields: true 23 | type: object 24 | served: true 25 | storage: true 26 | subresources: 27 | status: {} 28 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/services.admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:services:admin 5 | labels: 6 | rbac.authorization.k8s.io/unit: "services-admin" 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - services 13 | verbs: 14 | - create 15 | - delete 16 | - get 17 | - list 18 | - patch 19 | - update 20 | - watch 21 | - apiGroups: 22 | - "" 23 | resources: 24 | - services/status 25 | verbs: 26 | - get 27 | - patch 28 | - update 29 | - apiGroups: 30 | - "" 31 | resources: 32 | - services/proxy 33 | verbs: 34 | - create 35 | - delete 36 | - get 37 | - patch 38 | - update 39 | -------------------------------------------------------------------------------- /resources/cluster-roles/units/customresourcedefinitions.admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: unit:customresourcedefinitions:admin 5 | labels: 6 | rbac.authorization.k8s.io/unit: "customresourcedefinitions-admin" 7 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 8 | rules: 9 | ## Cluster Scoped 10 | - apiGroups: 11 | - apiextensions.k8s.io 12 | resources: 13 | - customresourcedefinitions 14 | verbs: 15 | - create 16 | - delete 17 | - deletecollection 18 | - get 19 | - list 20 | - patch 21 | - update 22 | - watch 23 | - apiGroups: 24 | - apiextensions.k8s.io 25 | resources: 26 | - customresourcedefinitions/status 27 | verbs: 28 | - get 29 | - patch 30 | - update 31 | -------------------------------------------------------------------------------- /addons/kubernetes-dashboard/v2.2/00_dashboard-namespace.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2017 The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: v1 16 | kind: Namespace 17 | metadata: 18 | name: kubernetes-dashboard 19 | -------------------------------------------------------------------------------- /misc/atlantis/v0.18/files/atlantis.yaml: -------------------------------------------------------------------------------- 1 | # default-tf-version: v1.1.3 2 | parallel-pool-size: 15 3 | autoplan-file-list: "**/*.tf,**/*.tfvars,**/*.tfvars.json,**/terragrunt.hcl" 4 | 5 | 6 | ### VCS 7 | vcs-name: atlantis 8 | allow-draft-prs: false 9 | allow-fork-prs: false 10 | auto-merge: false 11 | checkout-strategy: branch 12 | # enable-diff-markdown-format: true 13 | # This is only supported by GitHub 14 | # hide-prev-plan-comments: true 15 | repo-allowlist: github.com/* 16 | 17 | 18 | ### GitHUb 19 | # gh-hostname: my.github.enterprise.com 20 | # gh-org: my-org 21 | # gh-team-allowlist: dev:plan, infra:apply 22 | # gh-token: 23 | # gh-user: atlantis 24 | # gh-webhook-secret: 25 | 26 | 27 | ### Terraform Cloud or Enterprise 28 | tfe-hostname: app.terraform.io 29 | # tfe-token: 30 | -------------------------------------------------------------------------------- /misc/atlantis/v0.19/files/atlantis.yaml: -------------------------------------------------------------------------------- 1 | # default-tf-version: v1.1.3 2 | parallel-pool-size: 15 3 | autoplan-file-list: "**/*.tf,**/*.tfvars,**/*.tfvars.json,**/terragrunt.hcl" 4 | 5 | 6 | ### VCS 7 | vcs-name: atlantis 8 | allow-draft-prs: false 9 | allow-fork-prs: false 10 | auto-merge: false 11 | checkout-strategy: branch 12 | # enable-diff-markdown-format: true 13 | # This is only supported by GitHub 14 | # hide-prev-plan-comments: true 15 | repo-allowlist: github.com/* 16 | 17 | 18 | ### GitHUb 19 | # gh-hostname: my.github.enterprise.com 20 | # gh-org: my-org 21 | # gh-team-allowlist: dev:plan, infra:apply 22 | # gh-token: 23 | # gh-user: atlantis 24 | # gh-webhook-secret: 25 | 26 | 27 | ### Terraform Cloud or Enterprise 28 | tfe-hostname: app.terraform.io 29 | # tfe-token: 30 | -------------------------------------------------------------------------------- /misc/atlantis/v0.21/files/atlantis.yaml: -------------------------------------------------------------------------------- 1 | # default-tf-version: v1.3.3 2 | parallel-pool-size: 15 3 | autoplan-file-list: "**/*.tf,**/*.tfvars,**/*.tfvars.json,**/terragrunt.hcl" 4 | 5 | 6 | ### VCS 7 | vcs-name: atlantis 8 | allow-draft-prs: false 9 | allow-fork-prs: false 10 | auto-merge: false 11 | checkout-strategy: branch 12 | # enable-diff-markdown-format: true 13 | # This is only supported by GitHub 14 | # hide-prev-plan-comments: true 15 | repo-allowlist: github.com/* 16 | 17 | 18 | ### GitHUb 19 | # gh-hostname: my.github.enterprise.com 20 | # gh-org: my-org 21 | # gh-team-allowlist: dev:plan, infra:apply 22 | # gh-token: 23 | # gh-user: atlantis 24 | # gh-webhook-secret: 25 | 26 | 27 | ### Terraform Cloud or Enterprise 28 | tfe-hostname: app.terraform.io 29 | # tfe-token: 30 | -------------------------------------------------------------------------------- /misc/atlantis/v0.23/files/atlantis.yaml: -------------------------------------------------------------------------------- 1 | # default-tf-version: v1.3.3 2 | parallel-pool-size: 15 3 | autoplan-file-list: "**/*.tf,**/*.tfvars,**/*.tfvars.json,**/terragrunt.hcl" 4 | 5 | 6 | ### VCS 7 | vcs-name: atlantis 8 | allow-draft-prs: false 9 | allow-fork-prs: false 10 | auto-merge: false 11 | checkout-strategy: branch 12 | # enable-diff-markdown-format: true 13 | # This is only supported by GitHub 14 | # hide-prev-plan-comments: true 15 | repo-allowlist: github.com/* 16 | 17 | 18 | ### GitHUb 19 | # gh-hostname: my.github.enterprise.com 20 | # gh-org: my-org 21 | # gh-team-allowlist: dev:plan, infra:apply 22 | # gh-token: 23 | # gh-user: atlantis 24 | # gh-webhook-secret: 25 | 26 | 27 | ### Terraform Cloud or Enterprise 28 | tfe-hostname: app.terraform.io 29 | # tfe-token: 30 | -------------------------------------------------------------------------------- /observability/botkube/v0.12/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: botkube 5 | labels: 6 | app.kubernetes.io/name: botkube 7 | 8 | --- 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | kind: ClusterRole 11 | metadata: 12 | name: botkube 13 | labels: 14 | app.kubernetes.io/name: botkube 15 | rules: 16 | - apiGroups: ["*"] 17 | resources: ["*"] 18 | verbs: 19 | - get 20 | - watch 21 | - list 22 | 23 | --- 24 | apiVersion: rbac.authorization.k8s.io/v1 25 | kind: ClusterRoleBinding 26 | metadata: 27 | name: botkube 28 | labels: 29 | app.kubernetes.io/name: botkube 30 | roleRef: 31 | apiGroup: rbac.authorization.k8s.io 32 | kind: ClusterRole 33 | name: botkube 34 | subjects: 35 | - kind: ServiceAccount 36 | name: botkube 37 | -------------------------------------------------------------------------------- /addons/argo-rollouts/v1.3/dashboard/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: argo-rollouts-dashboard 6 | app.kubernetes.io/name: argo-rollouts-dashboard 7 | app.kubernetes.io/part-of: argo-rollouts 8 | name: argo-rollouts-dashboard 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app.kubernetes.io/name: argo-rollouts-dashboard 14 | template: 15 | metadata: 16 | labels: 17 | app.kubernetes.io/name: argo-rollouts-dashboard 18 | spec: 19 | serviceAccountName: argo-rollouts-dashboard 20 | containers: 21 | - name: argo-rollouts-dashboard 22 | image: quay.io/argoproj/kubectl-argo-rollouts 23 | ports: 24 | - containerPort: 3100 25 | -------------------------------------------------------------------------------- /addons/argo-rollouts/v1.4/dashboard/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: argo-rollouts-dashboard 6 | app.kubernetes.io/name: argo-rollouts-dashboard 7 | app.kubernetes.io/part-of: argo-rollouts 8 | name: argo-rollouts-dashboard 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app.kubernetes.io/name: argo-rollouts-dashboard 14 | template: 15 | metadata: 16 | labels: 17 | app.kubernetes.io/name: argo-rollouts-dashboard 18 | spec: 19 | serviceAccountName: argo-rollouts-dashboard 20 | containers: 21 | - name: argo-rollouts-dashboard 22 | image: quay.io/argoproj/kubectl-argo-rollouts 23 | ports: 24 | - containerPort: 3100 25 | -------------------------------------------------------------------------------- /addons/aws-node-termination-handler/v1.18/imds/psp.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1beta1 2 | kind: PodSecurityPolicy 3 | metadata: 4 | name: aws-node-termination-handler 5 | labels: 6 | app.kubernetes.io/name: aws-node-termination-handler 7 | app.kubernetes.io/instance: aws-node-termination-handler 8 | annotations: 9 | seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' 10 | spec: 11 | privileged: false 12 | hostIPC: false 13 | hostNetwork: true 14 | hostPID: false 15 | readOnlyRootFilesystem: false 16 | allowPrivilegeEscalation: false 17 | allowedCapabilities: 18 | - '*' 19 | fsGroup: 20 | rule: RunAsAny 21 | runAsUser: 22 | rule: RunAsAny 23 | seLinux: 24 | rule: RunAsAny 25 | supplementalGroups: 26 | rule: RunAsAny 27 | volumes: 28 | - '*' 29 | -------------------------------------------------------------------------------- /observability/prometheus-exporters/node-exporter/resources/service-monitor/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: node-exporter 5 | labels: 6 | app.kubernetes.io/name: "node-exporter" 7 | spec: 8 | endpoints: 9 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 10 | interval: 15s 11 | port: https 12 | relabelings: 13 | - action: replace 14 | regex: (.*) 15 | replacement: $1 16 | sourceLabels: 17 | - __meta_kubernetes_pod_node_name 18 | targetLabel: instance 19 | scheme: https 20 | tlsConfig: 21 | insecureSkipVerify: true 22 | jobLabel: app.kubernetes.io/name 23 | selector: 24 | matchLabels: 25 | app.kubernetes.io/name: "node-exporter" 26 | -------------------------------------------------------------------------------- /addons/aws-node-termination-handler/v1.18/queue-processor/psp.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1beta1 2 | kind: PodSecurityPolicy 3 | metadata: 4 | name: aws-node-termination-handler 5 | labels: 6 | app.kubernetes.io/name: aws-node-termination-handler 7 | app.kubernetes.io/instance: aws-node-termination-handler 8 | annotations: 9 | seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' 10 | spec: 11 | privileged: false 12 | hostIPC: false 13 | hostNetwork: true 14 | hostPID: false 15 | readOnlyRootFilesystem: false 16 | allowPrivilegeEscalation: false 17 | allowedCapabilities: 18 | - '*' 19 | fsGroup: 20 | rule: RunAsAny 21 | runAsUser: 22 | rule: RunAsAny 23 | seLinux: 24 | rule: RunAsAny 25 | supplementalGroups: 26 | rule: RunAsAny 27 | volumes: 28 | - '*' 29 | --------------------------------------------------------------------------------