├── .archive └── kubernetes │ ├── cert-manager-csi-driver │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── coredns │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── csi-driver-nfs │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── emqx │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ ├── cluster │ │ ├── cluster.yaml │ │ ├── kustomization.yaml │ │ ├── podmonitor.yaml │ │ ├── secret.enc.yaml │ │ └── virtualservice.yaml │ └── ks.yaml │ ├── istio-csr │ ├── app │ │ ├── helmrelease.yaml │ │ ├── issuer.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── k8s-gateway │ ├── app │ │ ├── Corefile │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── kustomizeconfig.yaml │ └── ks.yaml │ ├── kubefed │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── kured │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── litmus │ ├── kustomization.yaml │ ├── litmus-core │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── litmus │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── virtualservice.yaml │ │ └── ks.yaml │ └── namespace.yaml │ ├── loki-stack │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── metallb │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ ├── config │ │ ├── ipaddresspool.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── openebs-system │ ├── kustomization.yaml │ ├── namespace.yaml │ └── openebs │ │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── openfaas-fn │ ├── kustomization.yaml │ ├── namespace.yaml │ └── networkpolicy.yaml │ ├── openfaas │ ├── README.md │ ├── kustomization.yaml │ ├── namespace.yaml │ ├── networkpolicy.yaml │ └── openfaas │ │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── origin-ca-issuer │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── plex │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── virtualservice.yaml │ └── ks.yaml │ ├── reloader │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── rook-ceph │ ├── kustomization.yaml │ ├── namespace.yaml │ ├── rook-ceph-cluster │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── uninstall │ │ │ ├── clean-disk.yaml │ │ │ └── clean-metadata.yaml │ └── rook-ceph-operator │ │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── sealed-secrets │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── virtualservice.yaml │ └── ks.yaml │ ├── secret-store-csi-driver │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── snmp-exporter │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── speedtest │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── tf-controller │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ ├── ks.yaml │ └── terraform │ │ └── gcp │ │ ├── secret.enc.yaml │ │ └── terraform.yaml │ ├── traefik-ingress │ ├── kustomization.yaml │ ├── namespace.yaml │ └── traefik │ │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── velero │ ├── kustomization.yaml │ ├── namespace.yaml │ ├── networkpolicy.yaml │ └── velero │ │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── secret.enc.yaml │ │ └── ks.yaml │ └── volsync │ ├── app │ ├── helmrelease.yaml │ └── kustomization.yaml │ └── ks.yaml ├── .cursor └── rules │ └── instructions.md ├── .gitattributes ├── .github ├── CODEOWNERS ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── mkdocs │ ├── mkdocs.yml │ └── requirements.txt ├── renovate.json5 └── workflows │ ├── flux-diff.yaml │ ├── helm-values-manager.yaml │ ├── oidc.yaml │ ├── publish-cluster-oci.yaml │ ├── publish-docs.yaml │ ├── renovate.yaml │ ├── terraform.yaml │ └── test-e2e.yaml ├── .gitignore ├── .gitmodules ├── .pre-commit-config.yaml ├── .renovate ├── autoMerge.json5 ├── customManagers.json5 ├── grafanaDashboards.json5 ├── groups.json5 ├── labels.json5 └── semanticCommits.json5 ├── .sops.yaml ├── .sourceignore ├── .taskfiles ├── bootstrap │ └── Taskfile.yaml ├── core │ └── Taskfile.yaml ├── flux │ └── Taskfile.yaml ├── mkdocs │ └── Taskfile.yaml └── talos │ └── Taskfile.yaml ├── .yamllint.yaml ├── LICENSE ├── README.md ├── Taskfile.yml ├── docs ├── _static │ └── custom.css ├── assets │ ├── banner.png │ ├── raspbernetes.excalidraw.png │ └── raspbernetes.png ├── configuration │ ├── api-access.md │ ├── ip-allocation.md │ ├── repo-structure.md │ └── sealed-secrets.md ├── contributing │ └── index.md ├── faq │ └── index.md ├── index.md ├── installation │ └── index.md └── sponsor │ └── index.md ├── hack ├── analyze-helm-values.sh ├── cf-terraforming.sh ├── delete-all.sh ├── finalizer-pods.sh ├── finalizer.sh ├── openebs.sh ├── restart.sh └── update.sh ├── kubernetes ├── apps │ ├── base │ │ ├── actions-runner-system │ │ │ ├── gha-runner-scale-set-controller │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── gha-runner-scale-set │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── rbac.yaml │ │ │ │ │ └── secret.enc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ ├── crossplane-system │ │ │ ├── crossplane │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── ks.yaml │ │ │ │ ├── packages │ │ │ │ │ └── gitops │ │ │ │ │ │ ├── composition.yaml │ │ │ │ │ │ ├── crossplane.yaml │ │ │ │ │ │ └── definition.yaml │ │ │ │ └── providers │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── provider.yaml │ │ │ ├── examples │ │ │ │ ├── example.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── providerconfig.yaml │ │ │ │ └── secret.enc.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── networkpolicy.yaml │ │ ├── democratic-csi │ │ │ ├── democratic-csi │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── secret.enc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ ├── development │ │ │ ├── backstage │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── vcluster │ │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ ├── flux-system │ │ │ └── addons │ │ │ │ ├── ks.yaml │ │ │ │ ├── notifications │ │ │ │ ├── github │ │ │ │ │ ├── alerts.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── provider.yaml │ │ │ │ │ └── secret.enc.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── slack │ │ │ │ │ ├── alerts.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── provider.yaml │ │ │ │ │ └── secret.enc.yaml │ │ │ │ ├── repositories │ │ │ │ ├── git │ │ │ │ │ ├── dex-k8s-authenticator-chart.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── origin-ca-issuer-chart.yaml │ │ │ │ ├── helm │ │ │ │ │ ├── actions-runner-controller.yaml │ │ │ │ │ ├── backstage-charts.yaml │ │ │ │ │ ├── backube-charts.yaml │ │ │ │ │ ├── bitnami-charts.yaml │ │ │ │ │ ├── cilium-chart.yaml │ │ │ │ │ ├── coredns-charts.yaml │ │ │ │ │ ├── crossplane-charts.yaml │ │ │ │ │ ├── crowdsec-charts.yaml │ │ │ │ │ ├── csi-driver-nfs-chart.yaml │ │ │ │ │ ├── democratic-csi-charts.yaml │ │ │ │ │ ├── descheduler-chart.yaml │ │ │ │ │ ├── dex-chart.yaml │ │ │ │ │ ├── emberstack-charts.yaml │ │ │ │ │ ├── emqx-charts.yaml │ │ │ │ │ ├── external-dns-chart.yaml │ │ │ │ │ ├── fairwinds-charts.yaml │ │ │ │ │ ├── falco-security-charts.yaml │ │ │ │ │ ├── flagger-charts.yaml │ │ │ │ │ ├── fluxcd-kustomize-mutating-webhook-chart.yaml │ │ │ │ │ ├── gatekeeper-charts.yaml │ │ │ │ │ ├── grafana-charts.yaml │ │ │ │ │ ├── ingress-nginx-chart.yaml │ │ │ │ │ ├── istio-charts.yaml │ │ │ │ │ ├── jaegertracing-charts.yaml │ │ │ │ │ ├── jetstack-charts.yaml │ │ │ │ │ ├── kiali-charts.yaml │ │ │ │ │ ├── kubefed-charts.yaml │ │ │ │ │ ├── kubereboot-charts.yaml │ │ │ │ │ ├── kubernetes-stable-charts.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kyverno-charts.yaml │ │ │ │ │ ├── litmuschaos-charts.yaml │ │ │ │ │ ├── loft-charts.yaml │ │ │ │ │ ├── mayastor-chart.yaml │ │ │ │ │ ├── metallb-charts.yaml │ │ │ │ │ ├── metrics-server-chart.yaml │ │ │ │ │ ├── minecraft-server-charts.yaml │ │ │ │ │ ├── node-feature-discovery-chart.yaml │ │ │ │ │ ├── oauth2-proxy-chart.yaml │ │ │ │ │ ├── openebs-charts.yaml │ │ │ │ │ ├── openfaas-charts.yaml │ │ │ │ │ ├── otel-charts.yaml │ │ │ │ │ ├── postfinance-charts.yaml │ │ │ │ │ ├── rook-ceph.yaml │ │ │ │ │ ├── sealed-secrets-charts.yaml │ │ │ │ │ ├── secrets-store-csi-driver-chart.yaml │ │ │ │ │ ├── stakater-charts.yaml │ │ │ │ │ ├── traefik-charts.yaml │ │ │ │ │ ├── vernemq-charts.yaml │ │ │ │ │ ├── vmware-charts.yaml │ │ │ │ │ └── xunholy-charts.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── oci │ │ │ │ │ ├── bjw-charts.yaml │ │ │ │ │ ├── controlplaneio-charts.yaml │ │ │ │ │ ├── gha-runner-scale-set-charts.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── prometheus-community-charts.yaml │ │ │ │ │ └── xentra-charts.yaml │ │ │ │ └── webhooks │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── receiver.yaml │ │ │ │ ├── secret.enc.yaml │ │ │ │ └── virtualservice.yaml │ │ ├── game-servers │ │ │ ├── enemy-territory │ │ │ │ ├── app │ │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── ingress.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── secret.enc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── minecraft-bedrock │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── values.enc.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── ks.yaml │ │ │ ├── minecraft-ketting │ │ │ │ ├── app │ │ │ │ │ ├── config │ │ │ │ │ │ └── geysermc.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── values.enc.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── ks.yaml │ │ │ ├── minecraft-proxy │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── ks.yaml │ │ │ ├── minecraft-rcon-web │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ ├── values.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── minecraft-router │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── ks.yaml │ │ │ ├── minecraft │ │ │ │ ├── app │ │ │ │ │ ├── config │ │ │ │ │ │ └── geysermc.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── values.enc.yaml │ │ │ │ │ ├── values.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── namespace.yaml │ │ │ └── networkpolicy.yaml │ │ ├── home-system │ │ │ ├── autobrr │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── secret.enc.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── bazarr │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── resources │ │ │ │ │ │ └── subcleaner.sh │ │ │ │ │ ├── secret.enc.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── cross-seed │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── secret.enc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── home-assistant │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── jellyseerr │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── secret.enc.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── mosquitto │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── pvc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── namespace.yaml │ │ │ ├── networkpolicy.yaml │ │ │ ├── prowlarr │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── secret.enc.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── qbittorrent │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── resources │ │ │ │ │ │ └── xseed.sh │ │ │ │ │ ├── secret.enc.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── tools │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── qbtools-config.enc.yaml │ │ │ │ │ └── secret.enc.yaml │ │ │ ├── radarr │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── secret.enc.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── recyclarr │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── resources │ │ │ │ │ │ └── recyclarr.yml │ │ │ │ │ └── secret.enc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── sabnzbd │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── resources │ │ │ │ │ │ └── xseed.sh │ │ │ │ │ ├── secret.enc.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── sonarr │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── secret.enc.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── tautulli │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ └── zigbee2mqtt │ │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── networkpolicy.yaml │ │ │ │ ├── pvc.yaml │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ ├── istio-ingress │ │ │ ├── README.md │ │ │ ├── github │ │ │ │ ├── destinationrule.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── serviceentry.yaml │ │ │ │ └── virtualservice.yaml │ │ │ ├── istio-gateway │ │ │ │ ├── app │ │ │ │ │ ├── authorization-policy.yaml │ │ │ │ │ ├── certificates.yaml │ │ │ │ │ ├── gateway.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── originissuer.yaml │ │ │ │ │ └── secret.enc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ ├── networkpolicy.yaml │ │ │ └── plex │ │ │ │ └── plex.yaml │ │ ├── istio-system │ │ │ ├── README.md │ │ │ ├── flagger │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── istio-base │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── istio-cni │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── istiod │ │ │ │ ├── addons │ │ │ │ │ └── monitoring │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── podmonitor.yaml │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── networkpolicy.yaml │ │ ├── kube-guardian │ │ │ ├── kube-guardian │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── networkpolicy.yaml │ │ ├── kube-system │ │ │ ├── cilium │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── config │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── loadbalancer.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── scripts │ │ │ │ │ └── k8s-unmanaged.sh │ │ │ ├── descheduler │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kubelet-csr-approver │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── metrics-server │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── namespace.yaml │ │ │ ├── networkpolicy.yaml │ │ │ ├── priorityclass.yaml │ │ │ ├── reflector │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ └── tetragon │ │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ └── values.yaml │ │ │ │ └── ks.yaml │ │ ├── network-system │ │ │ ├── README.md │ │ │ ├── blocky │ │ │ │ ├── app │ │ │ │ │ ├── configs │ │ │ │ │ │ └── config.yml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── kustomizeconfig.yaml │ │ │ │ └── ks.yaml │ │ │ ├── cert-manager │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ ├── secret.enc.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── issuers │ │ │ │ │ ├── clusterissuer-prod.yaml │ │ │ │ │ ├── clusterissuer-stg.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── cloudflare-ddns │ │ │ │ ├── app │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── secret.enc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── cloudflared │ │ │ │ ├── app │ │ │ │ │ ├── configs │ │ │ │ │ │ └── config.yaml │ │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ └── secret.enc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── dex-k8s-authenticator │ │ │ │ ├── app │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── dex │ │ │ │ ├── app │ │ │ │ │ ├── README.md │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── secret.enc.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── echo-server │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── external-dns │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── secret.enc.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── multus │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── rbac.yaml │ │ │ │ ├── ks.yaml │ │ │ │ └── networks │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── network.yaml │ │ │ ├── namespace.yaml │ │ │ ├── networkpolicy.yaml │ │ │ ├── node-feature-discovery │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── networkpolicy.yaml │ │ │ │ └── ks.yaml │ │ │ └── oauth2-proxy │ │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── secret.enc.yaml │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ ├── nginx-ingress │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ ├── networkpolicy.yaml │ │ │ └── nginx-ingress │ │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ ├── observability │ │ │ ├── README.md │ │ │ ├── goldilocks │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── grafana │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── secret.enc.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── jaeger │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kiali │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kromgo │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ ├── resources │ │ │ │ │ │ └── config.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kube-prometheus-stack │ │ │ │ ├── addons │ │ │ │ │ ├── alerts │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── oomkilled.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── app │ │ │ │ │ ├── etcd-client-cert.enc.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── secret.enc.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── loki │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── namespace.yaml │ │ │ ├── networkpolicy.yaml │ │ │ ├── otel │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── thanos │ │ │ │ ├── app │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── secret.enc.yaml │ │ │ │ │ └── virtualservice.yaml │ │ │ │ └── ks.yaml │ │ │ └── vpa │ │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ └── security-system │ │ │ ├── crowdsec │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── virtualservice.yaml │ │ │ └── ks.yaml │ │ │ ├── falco-exporter │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ │ ├── falco │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ │ ├── gatekeeper │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── podmonitor.yaml │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── kyverno │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ │ ├── namespace.yaml │ │ │ └── networkpolicy.yaml │ └── overlays │ │ └── cluster-0 │ │ └── kustomization.yaml ├── bootstrap │ └── helmfile.yaml ├── clusters │ └── cluster-0 │ │ ├── README.md │ │ ├── flux-system │ │ ├── flux-instance │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ └── values.yaml │ │ │ └── ks.yaml │ │ ├── flux-operator │ │ │ ├── app │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ └── values.yaml │ │ │ └── ks.yaml │ │ └── kustomize-mutating-webhook │ │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── kustomizeconfig.yaml │ │ │ └── values.yaml │ │ │ └── ks.yaml │ │ ├── ks.yaml │ │ └── secrets │ │ ├── .sops.pub.asc │ │ ├── cluster-config.yaml │ │ ├── cluster-secrets.enc.yaml │ │ ├── github-auth.enc.yaml │ │ └── sops-gpg.encrypted.yaml ├── components │ └── common │ │ ├── alerts │ │ ├── github │ │ │ ├── alerts.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── provider.yaml │ │ │ └── secret.enc.yaml │ │ └── kustomization.yaml │ │ └── kustomization.yaml └── tenants │ ├── base │ └── kube-guardian │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── networkpolicy.yaml │ │ ├── rolebinding.yaml │ │ ├── sync.yaml │ │ └── tenant.yaml │ └── overlays │ └── cluster-0 │ └── kustomization.yaml ├── talos ├── README.md ├── generated │ ├── controlplane.enc.yaml │ ├── node.enc.yaml │ └── talosconfig.enc.yaml ├── integrations │ ├── cert-approver │ │ ├── .gitignore │ │ ├── README.md │ │ ├── cert-approver.yaml │ │ ├── kustomization.yaml │ │ └── transformers.yaml │ └── cilium │ │ ├── .gitignore │ │ ├── README.md │ │ ├── cilium.yaml │ │ ├── kustomization.yaml │ │ └── transformers.yaml └── patches │ ├── iscsi.yaml │ ├── metric-server.yaml │ └── metrics.yaml └── terraform ├── cloudflare ├── _backend.tf ├── _providers.tf ├── data.tf ├── main.tf ├── outputs.tf ├── secret.enc.yaml ├── variables.tf └── version.tf └── gcp ├── README.md ├── _backend.tf ├── _provider.tf ├── install.sh ├── sops.tf ├── thanos.tf ├── variables.tf └── velero.tf /.archive/kubernetes/cert-manager-csi-driver/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | -------------------------------------------------------------------------------- /.archive/kubernetes/cert-manager-csi-driver/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: cert-manager-csi-driver 7 | namespace: network-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/network-system/cert-manager-csi-driver/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | -------------------------------------------------------------------------------- /.archive/kubernetes/coredns/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/coredns/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: coredns 7 | namespace: network-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/network-system/coredns/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | -------------------------------------------------------------------------------- /.archive/kubernetes/csi-driver-nfs/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | -------------------------------------------------------------------------------- /.archive/kubernetes/csi-driver-nfs/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: csi-driver-nfs 7 | namespace: flux-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/kube-system/csi-driver-nfs/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | -------------------------------------------------------------------------------- /.archive/kubernetes/emqx/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/emqx/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - cluster.yaml 8 | - podmonitor.yaml 9 | - secret.enc.yaml 10 | - virtualservice.yaml 11 | -------------------------------------------------------------------------------- /.archive/kubernetes/istio-csr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - issuer.yaml 9 | -------------------------------------------------------------------------------- /.archive/kubernetes/istio-csr/ks.yaml: -------------------------------------------------------------------------------- 1 | # TODO: Investigate the best way to enable this through using the helm charts. 2 | --- 3 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 4 | apiVersion: kustomize.toolkit.fluxcd.io/v1 5 | kind: Kustomization 6 | metadata: 7 | name: istio-csr 8 | namespace: network-system 9 | spec: 10 | interval: 5m 11 | path: "./kubernetes/apps/base/network-system/istio-csr/app" 12 | prune: true 13 | wait: true 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | namespace: flux-system 18 | dependsOn: 19 | - name: cert-manager 20 | namespace: network-system 21 | -------------------------------------------------------------------------------- /.archive/kubernetes/k8s-gateway/app/Corefile: -------------------------------------------------------------------------------- 1 | .:1053 { 2 | errors 3 | log 4 | health { 5 | lameduck 5s 6 | } 7 | ready 8 | k8s_gateway raspbernetes.com { 9 | apex k8s-gateway.network 10 | resources Ingress Service 11 | ttl 300 12 | } 13 | prometheus 0.0.0.0:9153 14 | loop 15 | reload 16 | loadbalance 17 | } 18 | -------------------------------------------------------------------------------- /.archive/kubernetes/k8s-gateway/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | 9 | configMapGenerator: 10 | - name: k8s-gateway-configmap 11 | files: 12 | - ./Corefile 13 | 14 | configurations: 15 | - kustomizeconfig.yaml 16 | -------------------------------------------------------------------------------- /.archive/kubernetes/k8s-gateway/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | nameReference: 2 | - kind: ConfigMap 3 | version: v1 4 | fieldSpecs: 5 | - path: spec/values/persistence/config/name 6 | kind: HelmRelease 7 | -------------------------------------------------------------------------------- /.archive/kubernetes/k8s-gateway/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: k8s-gateway 7 | namespace: flux-system 8 | spec: 9 | interval: 5m 10 | path: "./kubernetes/apps/base/network-system/k8s-gateway/app" 11 | prune: true 12 | wait: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | -------------------------------------------------------------------------------- /.archive/kubernetes/kubefed/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/kubefed/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: kubefed 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/kube-system/kubefed/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | -------------------------------------------------------------------------------- /.archive/kubernetes/kured/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/kured/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: kured 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/kube-system/kured/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | -------------------------------------------------------------------------------- /.archive/kubernetes/litmus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - namespace.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/litmus/litmus-core/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/litmus/litmus-core/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: litmus-core 7 | namespace: flux-system 8 | spec: 9 | interval: 5m 10 | path: "./kubernetes/apps/base/litmus/litmus-core/app" 11 | prune: true 12 | wait: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | namespace: flux-system 17 | -------------------------------------------------------------------------------- /.archive/kubernetes/litmus/litmus/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - virtualservice.yaml 9 | -------------------------------------------------------------------------------- /.archive/kubernetes/litmus/litmus/app/virtualservice.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/networking.istio.io/virtualservice_v1beta1.json 3 | apiVersion: networking.istio.io/v1beta1 4 | kind: VirtualService 5 | metadata: 6 | name: chaos-center 7 | namespace: litmus 8 | spec: 9 | hosts: 10 | - 'chaos-center.${CLUSTER_DOMAIN}' 11 | gateways: 12 | - istio-ingress/istio-ingressgateway 13 | http: 14 | - route: 15 | - destination: 16 | port: 17 | number: 9091 18 | host: litmus-frontend-service.litmus.svc.cluster.local 19 | weight: 100 20 | -------------------------------------------------------------------------------- /.archive/kubernetes/litmus/litmus/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: litmus 7 | namespace: flux-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 5m 12 | path: "./kubernetes/apps/base/litmus/litmus/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | dependsOn: 20 | - name: istiod 21 | namespace: istio-system 22 | -------------------------------------------------------------------------------- /.archive/kubernetes/litmus/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: litmus 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/loki-stack/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /.archive/kubernetes/loki-stack/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: loki-stack 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/observability/loki-stack/app" 13 | prune: true 14 | wait: false 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | -------------------------------------------------------------------------------- /.archive/kubernetes/metallb/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/metallb/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - ipaddresspool.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/openebs-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - namespace.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/openebs-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: openebs-system 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | pod-security.kubernetes.io/audit: privileged 9 | pod-security.kubernetes.io/enforce: privileged 10 | pod-security.kubernetes.io/warn: privileged 11 | -------------------------------------------------------------------------------- /.archive/kubernetes/openebs-system/openebs/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/openebs-system/openebs/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: openebs 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 10m 12 | path: "./kubernetes/apps/base/openebs-system/openebs/app" 13 | prune: false 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | -------------------------------------------------------------------------------- /.archive/kubernetes/openfaas-fn/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - namespace.yaml 8 | # - networkpolicy.yaml 9 | -------------------------------------------------------------------------------- /.archive/kubernetes/openfaas-fn/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: openfaas-fn 6 | labels: 7 | role: openfaas-fn 8 | namespace: openfaas-fn 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | -------------------------------------------------------------------------------- /.archive/kubernetes/openfaas/README.md: -------------------------------------------------------------------------------- 1 | # OpenFaaS 2 | -------------------------------------------------------------------------------- /.archive/kubernetes/openfaas/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - namespace.yaml 8 | # - networkpolicy.yaml 9 | -------------------------------------------------------------------------------- /.archive/kubernetes/openfaas/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: openfaas 6 | labels: 7 | role: openfaas-system 8 | access: openfaas-system 9 | namespace: openfaas 10 | kustomize.toolkit.fluxcd.io/prune: disabled 11 | -------------------------------------------------------------------------------- /.archive/kubernetes/openfaas/openfaas/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/openfaas/openfaas/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: openfaas 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/openfaas/openfaas/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | -------------------------------------------------------------------------------- /.archive/kubernetes/origin-ca-issuer/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - https://raw.githubusercontent.com/cloudflare/origin-ca-issuer/v0.6.0/deploy/crds/cert-manager.k8s.cloudflare.com_originissuers.yaml 9 | -------------------------------------------------------------------------------- /.archive/kubernetes/origin-ca-issuer/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: origin-ca-issuer 7 | namespace: flux-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/network-system/origin-ca-issuer/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | -------------------------------------------------------------------------------- /.archive/kubernetes/plex/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - virtualservice.yaml 9 | -------------------------------------------------------------------------------- /.archive/kubernetes/plex/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: plex 7 | namespace: flux-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/home-system/plex/app" 15 | prune: true 16 | wait: false 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | -------------------------------------------------------------------------------- /.archive/kubernetes/reloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/reloader/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: reloader 7 | namespace: kube-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/kube-system/reloader/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /.archive/kubernetes/rook-ceph/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - namespace.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/rook-ceph/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: rook-ceph 6 | labels: 7 | pod-security.kubernetes.io/warn: privileged 8 | pod-security.kubernetes.io/enforce: privileged 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | -------------------------------------------------------------------------------- /.archive/kubernetes/rook-ceph/rook-ceph-cluster/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/rook-ceph/rook-ceph-cluster/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: rook-ceph-cluster 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/rook-ceph/rook-ceph-cluster/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | -------------------------------------------------------------------------------- /.archive/kubernetes/rook-ceph/rook-ceph-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/rook-ceph/rook-ceph-operator/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: rook-ceph-operator 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/rook-ceph/rook-ceph-operator/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | -------------------------------------------------------------------------------- /.archive/kubernetes/sealed-secrets/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - virtualservice.yaml 9 | -------------------------------------------------------------------------------- /.archive/kubernetes/sealed-secrets/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: sealed-secrets 7 | namespace: flux-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/kube-system/sealed-secrets/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | dependsOn: 22 | - name: istiod 23 | namespace: istio-system 24 | -------------------------------------------------------------------------------- /.archive/kubernetes/secret-store-csi-driver/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/secret-store-csi-driver/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: secret-store-csi-driver 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/kube-system/secret-store-csi-driver/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | -------------------------------------------------------------------------------- /.archive/kubernetes/snmp-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: observability 6 | 7 | resources: 8 | - helmrelease.yaml 9 | -------------------------------------------------------------------------------- /.archive/kubernetes/snmp-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: snmp-exporter 7 | namespace: observability 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/observability/snmp-exporter/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | -------------------------------------------------------------------------------- /.archive/kubernetes/speedtest/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/speedtest/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: speedtest 7 | namespace: observability 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/observability/speedtest/app" 13 | prune: true 14 | wait: false 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /.archive/kubernetes/tf-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/tf-controller/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Note: Arm64 support is currently not supported https://github.com/weaveworks/tf-controller/issues/453 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: tf-controller 7 | namespace: flux-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/flux-system/tf-controller/app" 15 | prune: true 16 | wait: false 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | -------------------------------------------------------------------------------- /.archive/kubernetes/traefik-ingress/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - namespace.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/traefik-ingress/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: traefik-ingress 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /.archive/kubernetes/traefik-ingress/traefik/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /.archive/kubernetes/traefik-ingress/traefik/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: traefik 7 | namespace: flux-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 5m 12 | path: "./kubernetes/apps/base/traefik-ingress/traefik/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | -------------------------------------------------------------------------------- /.archive/kubernetes/velero/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - namespace.yaml 8 | - networkpolicy.yaml 9 | -------------------------------------------------------------------------------- /.archive/kubernetes/velero/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: velero 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /.archive/kubernetes/velero/velero/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - secret.enc.yaml 9 | -------------------------------------------------------------------------------- /.archive/kubernetes/volsync/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: backup-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | -------------------------------------------------------------------------------- /.archive/kubernetes/volsync/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: volsync 7 | namespace: flux-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/backup-system/volsync/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | .secrets/git-crypt/** filter=git-crypt diff=git-crypt 2 | *.enc.yaml diff=sopsdiffer 3 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners 2 | * @xUnholy 3 | -------------------------------------------------------------------------------- /.github/CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Code of Conduct 2 | 3 | We follow the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md). 4 | 5 | Please contact info@raspbernetes.com to report an issue. 6 | -------------------------------------------------------------------------------- /.github/mkdocs/requirements.txt: -------------------------------------------------------------------------------- 1 | mkdocs-git-revision-date-localized-plugin 2 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "security-policies"] 2 | path = security-policies 3 | url = https://github.com/raspbernetes/k8s-security-policies 4 | branch = master 5 | -------------------------------------------------------------------------------- /.renovate/autoMerge.json5: -------------------------------------------------------------------------------- 1 | { 2 | $schema: "https://docs.renovatebot.com/renovate-schema.json", 3 | packageRules: [ 4 | { 5 | description: "Auto-merge GitHub Actions", 6 | matchManagers: ["github-actions"], 7 | automerge: true, 8 | automergeType: "branch", 9 | matchUpdateTypes: ["minor", "patch", "digest"], 10 | ignoreTests: true 11 | }, 12 | { 13 | description: "Auto-merge Helm Release", 14 | matchDatasources: ["helm", "docker"], 15 | automerge: true, 16 | automergeType: "pr", 17 | matchUpdateTypes: ["patch"], 18 | ignoreTests: true 19 | } 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /.sourceignore: -------------------------------------------------------------------------------- 1 | ## Used by Fluxv2 Source Controller https://toolkit.fluxcd.io/components/source/gitrepositories/#excluding-files 2 | 3 | # Exclude all by default 4 | /* 5 | 6 | # Include the following explicit folder(s) 7 | !/kubernetes 8 | 9 | # Exclude sub-foler(s) and file(s) 10 | /kubernetes/clusters/**/infrastructure/ 11 | /kubernetes/clusters/**/secrets/ 12 | 13 | # Include sub-foler(s) and file(s) 14 | !/kubernetes/clusters/**/secrets/cluster-config.yaml 15 | !/kubernetes/clusters/**/secrets/cluster-secrets.enc.yaml 16 | !/kubernetes/clusters/**/secrets/sealed-secret-private-key.enc.yaml 17 | -------------------------------------------------------------------------------- /.taskfiles/core/Taskfile.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | version: '3.41.0' 3 | 4 | tasks: 5 | gpg: 6 | desc: "Import the public and private gpg keys locally" 7 | cmds: 8 | - gpg --import kubernetes/clusters/cluster-0/secrets/.sops.pub.asc 9 | - gpg --import <(sops --decrypt "kubernetes/clusters/cluster-0/secrets/sops-gpg.encrypted.yaml" | yq e '.data[]' - | base64 -d) 10 | status: 11 | - gpg --list-secret-keys --keyid-format=long | grep production.raspbernetes.com 12 | 13 | lint: 14 | desc: "Example: task core:lint -- --no-warnings" 15 | cmds: 16 | - yamllint -c .github/linters/.yamllint.yaml . {{.CLI_ARGS}} 17 | -------------------------------------------------------------------------------- /.taskfiles/mkdocs/Taskfile.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | version: '3.41.0' 3 | tasks: 4 | serve: 5 | desc: "Serve Mkdocs content on localhost" 6 | dir: .github/mkdocs 7 | cmds: 8 | - mkdocs serve -f mkdocs.yml 9 | 10 | publish: 11 | desc: "Serve Mkdocs content on localhost" 12 | dir: .github/mkdocs 13 | cmds: 14 | - mkdocs gh-deploy -f mkdocs.yml --force 15 | 16 | setup: 17 | cmds: 18 | - pip install mkdocs-material 19 | - pip install mkdocs-git-revision-date-localized-plugin 20 | -------------------------------------------------------------------------------- /.taskfiles/talos/Taskfile.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | version: '3.41.0' 3 | 4 | env: 5 | TALOS_DIR: "talos/generated" 6 | 7 | tasks: 8 | config: 9 | desc: "Decrypt and Loads TALOSCONFIG into $HOME directory" 10 | cmds: 11 | - sops -d {{.TALOS_DIR}}/talosconfig.enc.yaml > "$HOME/.talos/config" 12 | -------------------------------------------------------------------------------- /Taskfile.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://taskfile.dev/schema.json 3 | version: '3.41.0' 4 | 5 | vars: 6 | CLUSTER: cluster-0 7 | GITHUB_USER: xunholy 8 | GITHUB_REPO: k8s-gitops 9 | GITHUB_BRANCH: main 10 | 11 | includes: 12 | fluxcd: .taskfiles/bootstrap 13 | core: .taskfiles/core 14 | flux: .taskfiles/flux 15 | docs: .taskfiles/mkdocs 16 | talos: .taskfiles/talos 17 | 18 | tasks: 19 | flux: 20 | desc: "Install Fluxv2 into a cluster" 21 | cmds: 22 | - task: flux:secrets 23 | - task: flux:bootstrap 24 | -------------------------------------------------------------------------------- /docs/assets/banner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xunholy/k8s-gitops/116c137183a79a8cf2a9ac1e510c190bc5a9e1e5/docs/assets/banner.png -------------------------------------------------------------------------------- /docs/assets/raspbernetes.excalidraw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xunholy/k8s-gitops/116c137183a79a8cf2a9ac1e510c190bc5a9e1e5/docs/assets/raspbernetes.excalidraw.png -------------------------------------------------------------------------------- /docs/assets/raspbernetes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xunholy/k8s-gitops/116c137183a79a8cf2a9ac1e510c190bc5a9e1e5/docs/assets/raspbernetes.png -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- 1 | # Raspbernetes 2 | 3 | This *repo* is a declarative implementation of a Kubernetes cluster which follows GitOps princples. It's using the [FluxCD](https://toolkit.fluxcd.io/get-started/). 4 | 5 | ## Mission 6 | 7 | The goal is to demonstrates how to implement enterprise-grade security, observability, and overall cluster config management using GitOps in a Kubernetes cluster. 8 | 9 | ## Story 10 | 11 | This project ... 12 | -------------------------------------------------------------------------------- /hack/finalizer-pods.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Get all namespaces in the cluster 4 | NAMESPACES=$(kubectl get namespaces -o name) 5 | 6 | # Loop over each namespace and force update the finalizer for all Pods 7 | for NAMESPACE_WITH_PREFIX in $NAMESPACES; do 8 | # Remove the prefix "namespace/" from the namespace name 9 | NAMESPACE=${NAMESPACE_WITH_PREFIX#namespace/} 10 | echo "Updating Pods in namespace $NAMESPACE" 11 | # Get all Pods in the namespace 12 | POD_NAMES=$(kubectl get pods -n $NAMESPACE -o name) 13 | # Update the finalizer for each Pod in parallel using xargs 14 | echo "$POD_NAMES" | xargs -n1 -P4 -I{} kubectl patch {} -n $NAMESPACE -p '{"metadata":{"finalizers":null}}' --type=merge 15 | done 16 | -------------------------------------------------------------------------------- /hack/openebs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | kubectl get bdc -A --no-headers | awk '{print $2}' | xargs -I {} kubectl patch -n openebs bdc {} -p '{"metadata":{"finalizers":null}}' --type=merge 4 | -------------------------------------------------------------------------------- /hack/restart.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # List of IPs to iterate through 4 | IP_LIST="192.168.50.111 192.168.50.112 192.168.50.113" 5 | 6 | # Iterate through the list of IPs and run the command 7 | for IP in $IP_LIST; do 8 | echo "Running command on $IP" 9 | talosctl reboot -n $IP -e 192.168.50.111 10 | done 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/actions-runner-system/gha-runner-scale-set-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: actions-runner-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/actions-runner-system/gha-runner-scale-set-controller/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: gha-runner-scale-set-controller 7 | namespace: actions-runner-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/actions-runner-system/gha-runner-scale-set-controller/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | -------------------------------------------------------------------------------- /kubernetes/apps/base/actions-runner-system/gha-runner-scale-set/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: actions-runner-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | - rbac.yaml 10 | - secret.enc.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/actions-runner-system/gha-runner-scale-set/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: k8s-gitops-runner 6 | --- 7 | apiVersion: rbac.authorization.k8s.io/v1 8 | kind: ClusterRoleBinding 9 | metadata: 10 | name: k8s-gitops-runner 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: cluster-admin 15 | subjects: 16 | - kind: ServiceAccount 17 | name: k8s-gitops-runner 18 | namespace: actions-runner-system 19 | --- 20 | apiVersion: talos.dev/v1alpha1 21 | kind: ServiceAccount 22 | metadata: 23 | name: k8s-gitops-runner 24 | spec: 25 | roles: ["os:admin"] 26 | -------------------------------------------------------------------------------- /kubernetes/apps/base/actions-runner-system/gha-runner-scale-set/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: actions-runner-scale-set 7 | namespace: actions-runner-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/actions-runner-system/gha-runner-scale-set/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | -------------------------------------------------------------------------------- /kubernetes/apps/base/actions-runner-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: actions-runner-system 6 | 7 | components: 8 | - ../../../components/common 9 | 10 | resources: 11 | - namespace.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/actions-runner-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: actions-runner-system 6 | labels: 7 | pod-security.kubernetes.io/warn: privileged 8 | pod-security.kubernetes.io/enforce: privileged 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | -------------------------------------------------------------------------------- /kubernetes/apps/base/crossplane-system/crossplane/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: crossplane-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/crossplane-system/crossplane/packages/gitops/crossplane.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/meta.pkg.crossplane.io/configuration_v1.json 3 | apiVersion: meta.pkg.crossplane.io/v1 4 | kind: Configuration 5 | metadata: 6 | name: gitops 7 | annotations: 8 | meta.crossplane.io/maintainer: Michael Fornaro (@xUnholy) 9 | meta.crossplane.io/source: github.com/xunholy/k8s-gitops/tree/main/packages/gitops 10 | meta.crossplane.io/license: MIT 11 | meta.crossplane.io/description: My example of using crossplane 12 | spec: 13 | dependsOn: 14 | - provider: xpkg.upbound.io/upbound/provider-gcp:v0.30.0 15 | version: ">=v0.30.0" 16 | -------------------------------------------------------------------------------- /kubernetes/apps/base/crossplane-system/crossplane/providers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - provider.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/crossplane-system/examples/example.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/xunholy.io/gitopscluster_v1alpha1.json 3 | apiVersion: xunholy.io/v1alpha1 4 | kind: GitOpsCluster 5 | metadata: 6 | name: gitops-cluster 7 | namespace: crossplane-system 8 | spec: 9 | id: raspbernetes 10 | parameters: 11 | repository: https://github.com/xunholy/k8s-gitops 12 | branch: main 13 | path: "kubernetes/clusters/cluster-0" 14 | compositionSelector: 15 | matchLabels: 16 | provider: gcp 17 | gitops: flux 18 | writeConnectionSecretToRef: 19 | name: gitops-cluster-connection 20 | -------------------------------------------------------------------------------- /kubernetes/apps/base/crossplane-system/examples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # - project.yaml Creates an example GCP project 7 | - providerconfig.yaml # providerConfig has a dependency on the GCP keys stored in crossplane-system; And the provider CRDs being installed. 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/crossplane-system/examples/providerconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/gcp.upbound.io/providerconfig_v1beta1.json 3 | apiVersion: gcp.upbound.io/v1beta1 4 | kind: ProviderConfig 5 | metadata: 6 | name: default 7 | spec: 8 | projectID: raspbernetes 9 | credentials: 10 | source: Secret 11 | secretRef: 12 | namespace: crossplane-system 13 | name: gcp-credentials 14 | key: credentials.json 15 | -------------------------------------------------------------------------------- /kubernetes/apps/base/crossplane-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: crossplane-system 6 | 7 | components: 8 | - ../../../components/common 9 | 10 | resources: 11 | - namespace.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/crossplane-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: crossplane-system 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/democratic-csi/democratic-csi/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - secret.enc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/democratic-csi/democratic-csi/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: democratic-csi 7 | namespace: democratic-csi 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 5m 12 | path: "./kubernetes/apps/base/democratic-csi/democratic-csi/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/democratic-csi/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: democratic-csi 6 | 7 | components: 8 | - ../../../components/common 9 | 10 | resources: 11 | - namespace.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/democratic-csi/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: democratic-csi 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | pod-security.kubernetes.io/audit: privileged 9 | pod-security.kubernetes.io/enforce: privileged 10 | pod-security.kubernetes.io/warn: privileged 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/development/backstage/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - virtualservice.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/development/backstage/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: backstage 7 | namespace: flux-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 5m 12 | path: "./kubernetes/apps/base/development/backstage/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | -------------------------------------------------------------------------------- /kubernetes/apps/base/development/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: development 6 | 7 | components: 8 | - ../../../components/common 9 | 10 | resources: 11 | - namespace.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/development/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: development 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/development/vcluster/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/development/vcluster/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: vcluster 7 | namespace: flux-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 5m 12 | path: "./kubernetes/apps/base/development/vcluster/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/notifications/github/alerts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/notification.toolkit.fluxcd.io/alert_v1beta2.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Alert 5 | metadata: 6 | name: github-kustomization-alerts 7 | namespace: flux-system 8 | spec: 9 | providerRef: 10 | name: github 11 | eventSeverity: info 12 | eventSources: 13 | - kind: Kustomization 14 | name: '*' 15 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/notifications/github/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - alerts.yaml 8 | - provider.yaml 9 | - secret.enc.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/notifications/github/provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/notification.toolkit.fluxcd.io/provider_v1beta2.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Provider 5 | metadata: 6 | name: github 7 | namespace: flux-system 8 | spec: 9 | type: github 10 | address: https://github.com/xunholy/k8s-gitops 11 | secretRef: 12 | name: git-api-token 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/notifications/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - github 7 | - slack 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/notifications/slack/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - alerts.yaml 7 | - provider.yaml 8 | - secret.enc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/git/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - dex-k8s-authenticator-chart.yaml 7 | - origin-ca-issuer-chart.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/git/origin-ca-issuer-chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # TODO: Once the chart is published use HelmRepository 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: GitRepository 5 | metadata: 6 | name: origin-ca-issuer-chart-git 7 | namespace: flux-system 8 | spec: 9 | interval: 10m 10 | url: https://github.com/cloudflare/origin-ca-issuer 11 | ref: 12 | branch: trunk 13 | ignore: | 14 | # exclude all 15 | /* 16 | # include charts directory 17 | !/deploy/ 18 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/actions-runner-controller.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: actions-runner-controller 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://actions-runner-controller.github.io/actions-runner-controller 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/backstage-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: backstage-chart 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://backstage.github.io/charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/backube-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: backube-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://backube.github.io/helm-charts/ 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/bitnami-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: bitnami-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.bitnami.com/bitnami 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/cilium-chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: cilium-chart 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://helm.cilium.io/ 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/coredns-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: coredns-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://coredns.github.io/helm 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/crossplane-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: crossplane-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.crossplane.io/stable 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/crowdsec-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: crowdsec-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://crowdsecurity.github.io/helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/csi-driver-nfs-chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: csi-driver-nfs-chart 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/democratic-csi-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: democratic-csi-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://democratic-csi.github.io/charts/ 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/descheduler-chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: descheduler-chart 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes-sigs.github.io/descheduler 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/dex-chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: dex-chart 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.dexidp.io 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/emberstack-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: emberstack-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://emberstack.github.io/helm-charts/ 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/emqx-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: emqx-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://repos.emqx.io/charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/external-dns-chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: external-dns-chart 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes-sigs.github.io/external-dns 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/fairwinds-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: fairwinds-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.fairwinds.com/stable 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/falco-security-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: falco-security-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://falcosecurity.github.io/charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/flagger-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: flagger-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://flagger.app 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/fluxcd-kustomize-mutating-webhook-chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/refs/heads/main/helmrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: fluxcd-kustomize-mutating-webhook 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://xunholy.github.io/fluxcd-kustomize-mutating-webhook 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/gatekeeper-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: gatekeeper-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://open-policy-agent.github.io/gatekeeper/charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/grafana-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: grafana-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://grafana.github.io/helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/ingress-nginx-chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: ingress-nginx-chart 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes.github.io/ingress-nginx 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/istio-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: istio-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://istio-release.storage.googleapis.com/charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/jaegertracing-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: jaegertracing-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://jaegertracing.github.io/helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/jetstack-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: jetstack-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.jetstack.io/ 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/kiali-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: kiali-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kiali.org/helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/kubefed-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: kubefed-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://raw.githubusercontent.com/kubernetes-sigs/kubefed/master/charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/kubereboot-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: kubereboot-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubereboot.github.io/charts/ 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/kubernetes-stable-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: kubernetes-stable-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.helm.sh/stable 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/kyverno-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: kyverno-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kyverno.github.io/kyverno/ 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/litmuschaos-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: litmuschaos-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://litmuschaos.github.io/litmus-helm/ 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/loft-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: loft-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.loft.sh 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/mayastor-chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: mayastor-chart 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://openebs.github.io/mayastor-extensions/ 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/metallb-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: metallb-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://metallb.github.io/metallb 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/metrics-server-chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: metrics-server-chart 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes-sigs.github.io/metrics-server 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/minecraft-server-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: minecraft-server-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://itzg.github.io/minecraft-server-charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/node-feature-discovery-chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: node-feature-discovery-chart 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes-sigs.github.io/node-feature-discovery/charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/oauth2-proxy-chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: oauth2-proxy-chart 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://oauth2-proxy.github.io/manifests 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/openebs-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: openebs-chart 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://openebs.github.io/openebs 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/openfaas-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: openfaas-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://openfaas.github.io/faas-netes/ 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/otel-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: otel-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://open-telemetry.github.io/opentelemetry-helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/postfinance-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: postfinance-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://postfinance.github.io/kubelet-csr-approver 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/rook-ceph.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: rook-ceph 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://charts.rook.io/release 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/sealed-secrets-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: sealed-secrets-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://bitnami-labs.github.io/sealed-secrets 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/secrets-store-csi-driver-chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: secrets-store-csi-driver-chart 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/stakater-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: stakater-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://stakater.github.io/stakater-charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/traefik-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: traefik-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://helm.traefik.io/traefik 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/vernemq-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: vernemq-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://vernemq.github.io/docker-vernemq 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/vmware-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: vmware-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://vmware-tanzu.github.io/helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/helm/xunholy-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: xunholy-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 3m 10 | url: https://xunholy.github.io/charts 11 | timeout: 3m 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - git 7 | - helm 8 | - oci 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/oci/bjw-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: OCIRepository 5 | metadata: 6 | name: app-template 7 | namespace: flux-system 8 | spec: 9 | interval: 5m 10 | layerSelector: 11 | mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip 12 | operation: copy 13 | ref: 14 | tag: 4.0.1 15 | url: oci://ghcr.io/bjw-s-labs/helm/app-template 16 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/oci/controlplaneio-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: controlplaneio-charts 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 2h 11 | url: oci://ghcr.io/controlplaneio-fluxcd/charts 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/oci/gha-runner-scale-set-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: gha-runner-scale-set-charts 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 2h 11 | url: oci://ghcr.io/actions/actions-runner-controller-charts 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/oci/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | 7 | resources: 8 | - bjw-charts.yaml 9 | - gha-runner-scale-set-charts.yaml 10 | - controlplaneio-charts.yaml 11 | - prometheus-community-charts.yaml 12 | - xentra-charts.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/oci/prometheus-community-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: prometheus-community-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 120m 10 | type: oci 11 | url: oci://ghcr.io/prometheus-community/charts 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/repositories/oci/xentra-charts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/source.toolkit.fluxcd.io/helmrepository_v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: xentra-charts 7 | namespace: flux-system 8 | spec: 9 | interval: 120m 10 | type: oci 11 | url: oci://ghcr.io/xentra-ai/charts 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/webhooks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - receiver.yaml 7 | - secret.enc.yaml 8 | - virtualservice.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/flux-system/addons/webhooks/receiver.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/notification.toolkit.fluxcd.io/receiver_v1.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1 4 | kind: Receiver 5 | metadata: 6 | name: k8s-gitops 7 | namespace: flux-system 8 | spec: 9 | type: github 10 | events: 11 | - 'ping' 12 | - 'push' 13 | secretRef: 14 | name: webhook-token 15 | resources: 16 | - apiVersion: source.toolkit.fluxcd.io/v1 17 | kind: GitRepository 18 | name: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/enemy-territory/app/dnsendpoint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: externaldns.k8s.io/v1alpha1 3 | kind: DNSEndpoint 4 | metadata: 5 | name: enemy-territory 6 | namespace: game-servers 7 | annotations: 8 | external-dns.alpha.kubernetes.io/target: "et.${CLUSTER_DOMAIN}" 9 | external-dns.alpha.kubernetes.io/external: 'true' 10 | spec: 11 | endpoints: 12 | - dnsName: "et.${CLUSTER_DOMAIN}" 13 | recordType: CNAME 14 | targets: 15 | - "${CLOUDFLARED_TUNNEL_ID}.cfargotunnel.com" 16 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/enemy-territory/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | # - dnsendpoint.yaml 8 | - helmrelease.yaml 9 | # - ingress.yaml 10 | - secret.enc.yaml 11 | - pvc.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/enemy-territory/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: enemy-territory 6 | namespace: game-servers 7 | spec: 8 | accessModes: ["ReadWriteOnce"] 9 | resources: 10 | requests: 11 | storage: 10Gi 12 | storageClassName: truenas-iscsi-csi 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: game-servers 6 | 7 | components: 8 | - ../../../components/common 9 | 10 | resources: 11 | - namespace.yaml 12 | # - networkpolicy.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft-bedrock/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | - kind: Secret 9 | version: v1 10 | fieldSpecs: 11 | - path: spec/valuesFrom/name 12 | kind: HelmRelease 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft-bedrock/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: minecraft-bedrock 6 | namespace: game-servers 7 | spec: 8 | accessModes: ["ReadWriteOnce"] 9 | resources: 10 | requests: 11 | storage: 10Gi 12 | storageClassName: truenas-iscsi-csi 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft-bedrock/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: minecraft-bedrock 7 | namespace: game-servers 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 5m 12 | path: "./kubernetes/apps/base/game-servers/minecraft-bedrock/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft-ketting/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | - kind: ConfigMap 9 | version: v1 10 | fieldSpecs: 11 | - path: spec/values/extraVolumes/volumes/configMap/name 12 | kind: HelmRelease 13 | - kind: Secret 14 | version: v1 15 | fieldSpecs: 16 | - path: spec/valuesFrom/name 17 | kind: HelmRelease 18 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft-ketting/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: minecraft-ketting 6 | namespace: game-servers 7 | spec: 8 | accessModes: ["ReadWriteOnce"] 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | storageClassName: truenas-iscsi-csi 13 | --- 14 | apiVersion: v1 15 | kind: PersistentVolumeClaim 16 | metadata: 17 | name: ketting-geyser-data 18 | namespace: game-servers 19 | spec: 20 | accessModes: ["ReadWriteOnce"] 21 | resources: 22 | requests: 23 | storage: 1Gi 24 | storageClassName: truenas-iscsi-csi 25 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft-ketting/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: minecraft-ketting 7 | namespace: game-servers 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 5m 12 | path: "./kubernetes/apps/base/game-servers/minecraft-ketting/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft-proxy/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: game-servers 6 | 7 | resources: 8 | - helmrelease.yaml 9 | 10 | configMapGenerator: 11 | - name: mincraft-proxy-values 12 | namespace: game-servers 13 | files: 14 | - values.yaml=./values.yaml 15 | 16 | generatorOptions: 17 | annotations: 18 | kustomize.toolkit.fluxcd.io/substitute: disabled 19 | 20 | configurations: 21 | - kustomizeconfig.yaml 22 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft-proxy/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft-proxy/app/values.yaml: -------------------------------------------------------------------------------- 1 | minecraftProxy: 2 | type: BUNGEECORD 3 | onlineMode: true 4 | rcon: 5 | enabled: true 6 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft-proxy/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: minecraft-proxy 7 | namespace: game-servers 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 5m 12 | path: "./kubernetes/apps/base/game-servers/minecraft-proxy/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft-rcon-web/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: game-servers 6 | 7 | resources: 8 | - helmrelease.yaml 9 | - virtualservice.yaml 10 | 11 | configMapGenerator: 12 | - name: mincraft-rcon-web-values 13 | namespace: game-servers 14 | files: 15 | - values.yaml=./values.yaml 16 | 17 | generatorOptions: 18 | annotations: 19 | kustomize.toolkit.fluxcd.io/substitute: disabled 20 | 21 | configurations: 22 | - kustomizeconfig.yaml 23 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft-rcon-web/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft-rcon-web/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: minecraft-rcon-web 7 | namespace: game-servers 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 5m 12 | path: "./kubernetes/apps/base/game-servers/minecraft-rcon-web/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft-router/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: game-servers 6 | 7 | resources: 8 | - helmrelease.yaml 9 | 10 | configMapGenerator: 11 | - name: mincraft-router-values 12 | namespace: game-servers 13 | files: 14 | - values.yaml=./values.yaml 15 | 16 | configurations: 17 | - kustomizeconfig.yaml 18 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft-router/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft-router/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: minecraft-router 7 | namespace: game-servers 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 5m 12 | path: "./kubernetes/apps/base/game-servers/minecraft-router/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | - kind: ConfigMap 9 | version: v1 10 | fieldSpecs: 11 | - path: spec/values/extraVolumes/volumes/configMap/name 12 | kind: HelmRelease 13 | - kind: Secret 14 | version: v1 15 | fieldSpecs: 16 | - path: spec/valuesFrom/name 17 | kind: HelmRelease 18 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: minecraft 6 | namespace: game-servers 7 | spec: 8 | accessModes: ["ReadWriteOnce"] 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | storageClassName: truenas-iscsi-csi 13 | --- 14 | apiVersion: v1 15 | kind: PersistentVolumeClaim 16 | metadata: 17 | name: geyser-data 18 | namespace: game-servers 19 | spec: 20 | accessModes: ["ReadWriteOnce"] 21 | resources: 22 | requests: 23 | storage: 1Gi 24 | storageClassName: truenas-iscsi-csi 25 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/minecraft/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: minecraft 7 | namespace: game-servers 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 5m 12 | path: "./kubernetes/apps/base/game-servers/minecraft/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/game-servers/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: game-servers 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/audit: privileged 10 | pod-security.kubernetes.io/enforce: privileged 11 | pod-security.kubernetes.io/warn: privileged 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/autobrr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: home-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | - pvc.yaml 10 | - secret.enc.yaml 11 | - virtualservice.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/autobrr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: autobrr 6 | namespace: home-system 7 | spec: 8 | accessModes: ["ReadWriteOnce"] 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | storageClassName: truenas-iscsi-csi 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/autobrr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app autobrr 7 | namespace: home-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/home-system/autobrr/app" 15 | prune: true 16 | wait: false 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | dependsOn: 22 | - name: democratic-csi 23 | namespace: democratic-csi 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/bazarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: home-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | - pvc.yaml 10 | - secret.enc.yaml 11 | - virtualservice.yaml 12 | 13 | configMapGenerator: 14 | - name: bazarr-scripts 15 | namespace: home-system 16 | files: 17 | - subcleaner.sh=./resources/subcleaner.sh 18 | 19 | generatorOptions: 20 | annotations: 21 | kustomize.toolkit.fluxcd.io/substitute: disabled 22 | 23 | configurations: 24 | - kustomizeconfig.yaml 25 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/bazarr/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/values/persistence/scripts/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/bazarr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: bazarr 6 | namespace: home-system 7 | spec: 8 | accessModes: ["ReadWriteOnce"] 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | storageClassName: truenas-iscsi-csi 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/bazarr/app/resources/subcleaner.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | printf "Cleaning subtitles for '%s' ...\n" "$1" 4 | python3 /subcleaner/subcleaner/subcleaner.py "$1" -s 5 | 6 | case $1 in 7 | *movies*) section="1";; 8 | *shows*) section="2";; 9 | esac 10 | 11 | if [[ -n "$section" ]]; then 12 | printf "Refreshing Plex section '%s' for '%s' ...\n" "$section" "$(dirname "$1")" 13 | /usr/bin/curl -I -X GET -G \ 14 | --data-urlencode "path=$(dirname "$1")" \ 15 | --data-urlencode "X-Plex-Token=${PLEX_TOKEN}" \ 16 | --no-progress-meter \ 17 | "http://plex.home-system.svc.cluster.local:32400/library/sections/${section}/refresh" 18 | fi 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/bazarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &app bazarr 7 | namespace: home-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/home-system/bazarr/app" 15 | prune: true 16 | wait: false 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | dependsOn: 22 | - name: democratic-csi 23 | namespace: democratic-csi 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/cross-seed/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: home-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | - pvc.yaml 10 | 11 | secretGenerator: 12 | - name: cross-seed-secret 13 | namespace: home-system 14 | files: 15 | - config.js=secret.enc.yaml 16 | 17 | generatorOptions: 18 | annotations: 19 | kustomize.toolkit.fluxcd.io/substitute: disabled 20 | 21 | configurations: 22 | - kustomizeconfig.yaml 23 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/cross-seed/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | nameReference: 2 | - kind: Secret 3 | version: v1 4 | fieldSpecs: 5 | - path: spec/values/persistence/secret-file/name 6 | kind: HelmRelease 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/cross-seed/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: cross-seed 6 | namespace: home-system 7 | spec: 8 | accessModes: ["ReadWriteOnce"] 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | storageClassName: truenas-iscsi-csi 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/cross-seed/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: cross-seed 7 | namespace: home-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/home-system/cross-seed/app" 15 | prune: true 16 | wait: false 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | dependsOn: 22 | - name: democratic-csi 23 | namespace: democratic-csi 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/home-assistant/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - pvc.yaml 9 | - virtualservice.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/home-assistant/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: home-assistant 5 | namespace: home-system 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | storageClassName: truenas-iscsi-csi 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/jellyseerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - pvc.yaml 9 | - secret.enc.yaml 10 | - virtualservice.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/jellyseerr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: jellyseerr 6 | namespace: home-system 7 | spec: 8 | accessModes: ["ReadWriteOnce"] 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | storageClassName: truenas-iscsi-csi 13 | --- 14 | apiVersion: v1 15 | kind: PersistentVolumeClaim 16 | metadata: 17 | name: jellyseerr-cache 18 | namespace: home-system 19 | spec: 20 | accessModes: ["ReadWriteOnce"] 21 | resources: 22 | requests: 23 | storage: 10Gi 24 | storageClassName: truenas-iscsi-csi 25 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/jellyseerr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: jellyseerr 7 | namespace: home-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/home-system/jellyseerr/app" 15 | prune: true 16 | wait: false 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | dependsOn: 22 | - name: democratic-csi 23 | namespace: democratic-csi 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: home-system 6 | 7 | components: 8 | - ../../../components/common 9 | 10 | resources: 11 | - namespace.yaml 12 | - networkpolicy.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/mosquitto/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - pvc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/mosquitto/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: mosquitto-cache 5 | namespace: home-system 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 1Gi 12 | storageClassName: truenas-iscsi-csi 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/mosquitto/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: mosquitto 7 | namespace: home-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/home-system/mosquitto/app" 15 | prune: true 16 | wait: false 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: home-system 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/audit: privileged 10 | pod-security.kubernetes.io/enforce: privileged 11 | pod-security.kubernetes.io/warn: privileged 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/prowlarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - pvc.yaml 9 | - secret.enc.yaml 10 | - virtualservice.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/prowlarr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: prowlarr 6 | namespace: home-system 7 | spec: 8 | accessModes: ["ReadWriteOnce"] 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | storageClassName: truenas-iscsi-csi 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/prowlarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: prowlarr 7 | namespace: home-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/home-system/prowlarr/app" 15 | prune: true 16 | wait: false 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | dependsOn: 22 | - name: democratic-csi 23 | namespace: democratic-csi 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/qbittorrent/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: home-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | - pvc.yaml 10 | - secret.enc.yaml 11 | - virtualservice.yaml 12 | 13 | configMapGenerator: 14 | - name: qbittorrent-scripts 15 | files: 16 | - resources/xseed.sh 17 | 18 | generatorOptions: 19 | annotations: 20 | kustomize.toolkit.fluxcd.io/substitute: disabled 21 | 22 | configurations: 23 | - kustomizeconfig.yaml 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/qbittorrent/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/values/persistence/scripts/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/qbittorrent/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: qbittorrent 6 | namespace: home-system 7 | spec: 8 | accessModes: ["ReadWriteOnce"] 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | storageClassName: truenas-iscsi-csi 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/qbittorrent/tools/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: home-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | - qbtools-config.enc.yaml 10 | - secret.enc.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/radarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - pvc.yaml 9 | - secret.enc.yaml 10 | - virtualservice.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/radarr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: radarr 6 | namespace: home-system 7 | spec: 8 | accessModes: ["ReadWriteOnce"] 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | storageClassName: truenas-iscsi-csi 13 | --- 14 | apiVersion: v1 15 | kind: PersistentVolumeClaim 16 | metadata: 17 | name: radarr-cache 18 | namespace: home-system 19 | spec: 20 | accessModes: ["ReadWriteOnce"] 21 | resources: 22 | requests: 23 | storage: 10Gi 24 | storageClassName: truenas-iscsi-csi 25 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/radarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: radarr 7 | namespace: home-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/home-system/radarr/app" 15 | prune: true 16 | wait: false 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | dependsOn: 22 | - name: democratic-csi 23 | namespace: democratic-csi 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/recyclarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: home-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | - pvc.yaml 10 | - secret.enc.yaml 11 | 12 | configMapGenerator: 13 | - name: recyclarr-configmap 14 | files: 15 | - recyclarr.yml=./resources/recyclarr.yml 16 | 17 | configurations: 18 | - kustomizeconfig.yaml 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/recyclarr/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | nameReference: 2 | - kind: ConfigMap 3 | version: v1 4 | fieldSpecs: 5 | - path: spec/values/persistence/config-file/name 6 | kind: HelmRelease 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/recyclarr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: recyclarr 6 | namespace: home-system 7 | spec: 8 | accessModes: ["ReadWriteOnce"] 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | storageClassName: truenas-iscsi-csi 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/recyclarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: recyclarr 7 | namespace: home-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/home-system/recyclarr/app" 15 | prune: true 16 | wait: false 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | dependsOn: 22 | - name: democratic-csi 23 | namespace: democratic-csi 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/sabnzbd/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: home-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | - pvc.yaml 10 | - secret.enc.yaml 11 | - virtualservice.yaml 12 | 13 | configMapGenerator: 14 | - name: sabnzbd-scripts 15 | files: 16 | - resources/xseed.sh 17 | 18 | generatorOptions: 19 | annotations: 20 | kustomize.toolkit.fluxcd.io/substitute: disabled 21 | 22 | configurations: 23 | - kustomizeconfig.yaml 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/sabnzbd/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/values/persistence/scripts/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/sabnzbd/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: sabnzbd 6 | namespace: home-system 7 | spec: 8 | accessModes: ["ReadWriteOnce"] 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | storageClassName: truenas-iscsi-csi 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/sabnzbd/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: sabnzbd 7 | namespace: home-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/home-system/sabnzbd/app" 15 | prune: true 16 | wait: false 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | dependsOn: 22 | - name: democratic-csi 23 | namespace: democratic-csi 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/sonarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - pvc.yaml 9 | - secret.enc.yaml 10 | - virtualservice.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/sonarr/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: sonarr 6 | namespace: home-system 7 | spec: 8 | accessModes: ["ReadWriteOnce"] 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | storageClassName: truenas-iscsi-csi 13 | --- 14 | apiVersion: v1 15 | kind: PersistentVolumeClaim 16 | metadata: 17 | name: sonarr-cache 18 | namespace: home-system 19 | spec: 20 | accessModes: ["ReadWriteOnce"] 21 | resources: 22 | requests: 23 | storage: 10Gi 24 | storageClassName: truenas-iscsi-csi 25 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/sonarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: sonarr 7 | namespace: home-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/home-system/sonarr/app" 15 | prune: true 16 | wait: false 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | dependsOn: 22 | - name: democratic-csi 23 | namespace: democratic-csi 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/tautulli/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - pvc.yaml 9 | - virtualservice.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/tautulli/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: tautulli 6 | namespace: home-system 7 | spec: 8 | accessModes: ["ReadWriteOnce"] 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | storageClassName: truenas-iscsi-csi 13 | --- 14 | apiVersion: v1 15 | kind: PersistentVolumeClaim 16 | metadata: 17 | name: tautulli-cache 18 | namespace: home-system 19 | spec: 20 | accessModes: ["ReadWriteOnce"] 21 | resources: 22 | requests: 23 | storage: 15Gi 24 | storageClassName: truenas-iscsi-csi 25 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/tautulli/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: tautulli 7 | namespace: home-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/home-system/tautulli/app" 15 | prune: true 16 | wait: false 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | dependsOn: 22 | - name: democratic-csi 23 | namespace: democratic-csi 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/zigbee2mqtt/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: home-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | # TODO: Re-enable once confirmed working 10 | # - networkpolicy.yaml 11 | - pvc.yaml 12 | - virtualservice.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/home-system/zigbee2mqtt/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: zigbee2mqtt-cache 5 | namespace: home-system 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 1Gi 12 | storageClassName: truenas-iscsi-csi 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-ingress/github/destinationrule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: DestinationRule 3 | metadata: 4 | name: github 5 | namespace: istio-ingress 6 | spec: 7 | host: "xunholy.github.io" 8 | trafficPolicy: 9 | tls: 10 | mode: SIMPLE 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-ingress/github/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - destinationrule.yaml 8 | - serviceentry.yaml 9 | - virtualservice.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-ingress/github/serviceentry.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/networking.istio.io/serviceentry_v1beta1.json 3 | apiVersion: networking.istio.io/v1beta1 4 | kind: ServiceEntry 5 | metadata: 6 | name: github 7 | namespace: istio-ingress 8 | spec: 9 | hosts: 10 | - xunholy.github.io 11 | location: MESH_EXTERNAL 12 | ports: 13 | - number: 443 14 | name: https 15 | protocol: TLS 16 | resolution: DNS 17 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-ingress/github/virtualservice.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/networking.istio.io/virtualservice_v1beta1.json 3 | apiVersion: networking.istio.io/v1beta1 4 | kind: VirtualService 5 | metadata: 6 | name: github 7 | namespace: istio-ingress 8 | spec: 9 | gateways: 10 | - istio-ingress/istio-ingressgateway 11 | hosts: 12 | - '${CLUSTER_DOMAIN}' 13 | http: 14 | - match: 15 | - uri: 16 | exact: "/" 17 | rewrite: 18 | uri: "/k8s-gitops" 19 | authority: xunholy.github.io 20 | route: 21 | - destination: 22 | host: xunholy.github.io 23 | port: 24 | number: 443 25 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-ingress/istio-gateway/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - ../../github 8 | - authorization-policy.yaml 9 | - certificates.yaml 10 | - gateway.yaml 11 | - helmrelease.yaml 12 | - secret.enc.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-ingress/istio-gateway/app/originissuer.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/cert-manager.k8s.cloudflare.com/originissuer_v1.json 3 | apiVersion: cert-manager.k8s.cloudflare.com/v1 4 | kind: OriginIssuer 5 | metadata: 6 | name: prod-issuer 7 | namespace: istio-ingress 8 | spec: 9 | requestType: OriginECC 10 | auth: 11 | serviceKeyRef: 12 | name: cloudflare-origin-ca-key 13 | key: key 14 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-ingress/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: istio-ingress 6 | 7 | components: 8 | - ../../../components/common 9 | 10 | resources: 11 | - namespace.yaml 12 | # - networkpolicy.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-ingress/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: istio-ingress 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | istio-injection: enabled 9 | kustomize.toolkit.fluxcd.io/prune: disabled 10 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-system/flagger/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-system/flagger/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: flagger 7 | namespace: istio-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/istio-system/flagger/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | dependsOn: 20 | - name: istiod 21 | namespace: istio-system 22 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-system/istio-base/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-system/istio-base/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: istio-base 7 | namespace: istio-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/istio-system/istio-base/app" 13 | prune: true 14 | wait: false 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-system/istio-cni/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-system/istio-cni/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: istio-cni 7 | namespace: istio-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/istio-system/istio-cni/app" 13 | prune: true 14 | wait: false 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | dependsOn: 20 | - name: istio-base 21 | namespace: istio-system 22 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-system/istiod/addons/monitoring/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - podmonitor.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-system/istiod/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: istio-system 6 | 7 | resources: 8 | - ../addons/monitoring 9 | - helmrelease.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-system/istiod/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: istiod 7 | namespace: istio-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/istio-system/istiod/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | dependsOn: 20 | - name: istio-cni 21 | namespace: istio-system 22 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: istio-system 6 | 7 | components: 8 | - ../../../components/common 9 | 10 | resources: 11 | - namespace.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/istio-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: istio-system 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/enforce: privileged 10 | pod-security.kubernetes.io/warn: privileged 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-guardian/kube-guardian/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | 9 | configMapGenerator: 10 | - name: kube-guardian-values 11 | namespace: kube-guardian 12 | files: 13 | - values.yaml=./values.yaml 14 | 15 | generatorOptions: 16 | annotations: 17 | kustomize.toolkit.fluxcd.io/substitute: disabled 18 | 19 | configurations: 20 | - kustomizeconfig.yaml 21 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-guardian/kube-guardian/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-guardian/kube-guardian/app/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-guardian/kube-guardian/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: kube-guardian 7 | namespace: kube-guardian 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/kube-guardian/kube-guardian/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-guardian/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-guardian 6 | 7 | components: 8 | - ../../../components/common 9 | 10 | resources: 11 | - namespace.yaml 12 | # - networkpolicy.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-guardian/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: kube-guardian 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/enforce: privileged 10 | pod-security.kubernetes.io/warn: privileged 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/cilium/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | 10 | configMapGenerator: 11 | - name: cilium-values 12 | files: 13 | - values.yaml=./values.yaml 14 | 15 | generatorOptions: 16 | annotations: 17 | kustomize.toolkit.fluxcd.io/substitute: disabled 18 | 19 | configurations: 20 | - kustomizeconfig.yaml 21 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/cilium/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | nameReference: 2 | - kind: ConfigMap 3 | version: v1 4 | fieldSpecs: 5 | - path: spec/valuesFrom/name 6 | kind: HelmRelease 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/cilium/config/virtualservice.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/networking.istio.io/virtualservice_v1beta1.json 3 | apiVersion: networking.istio.io/v1beta1 4 | kind: VirtualService 5 | metadata: 6 | name: hubble-ui 7 | spec: 8 | hosts: 9 | - 'hubble.${CLUSTER_DOMAIN}' 10 | gateways: 11 | - istio-ingress/istio-ingressgateway 12 | http: 13 | - match: 14 | - port: 443 15 | route: 16 | - destination: 17 | port: 18 | number: 80 19 | host: hubble-ui.kube-system.svc.cluster.local 20 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/descheduler/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/descheduler/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: descheduler 7 | namespace: kube-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/kube-system/descheduler/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/kubelet-csr-approver/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | 9 | configMapGenerator: 10 | - name: kubelet-csr-approver-values 11 | namespace: kube-system 12 | files: 13 | - values.yaml 14 | 15 | configurations: 16 | - kustomizeconfig.yaml 17 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | nameReference: 2 | - kind: ConfigMap 3 | version: v1 4 | fieldSpecs: 5 | - path: spec/valuesFrom/name 6 | kind: HelmRelease 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/kubelet-csr-approver/app/values.yaml: -------------------------------------------------------------------------------- 1 | metrics: 2 | enable: true 3 | serviceMonitor: 4 | enabled: true 5 | providerRegex: ^talos-\d$ 6 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/kubelet-csr-approver/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: kubelet-csr-approver 7 | namespace: kube-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/kube-system/kubelet-csr-approver/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | 7 | components: 8 | - ../../../components/common 9 | 10 | resources: 11 | - namespace.yaml 12 | - priorityclass.yaml 13 | - networkpolicy.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/metrics-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/metrics-server/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: metrics-server 7 | namespace: kube-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/kube-system/metrics-server/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: kube-system 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/priorityclass.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: scheduling.k8s.io/v1 3 | description: Used for cluster critical pods that must not be moved from their current node. 4 | kind: PriorityClass 5 | metadata: 6 | name: platform-cluster-critical 7 | preemptionPolicy: PreemptLowerPriority 8 | value: 100000000 9 | --- 10 | apiVersion: scheduling.k8s.io/v1 11 | description: Used for cluster critical pods that must not be moved from their current node. 12 | kind: PriorityClass 13 | metadata: 14 | name: platform-node-critical 15 | preemptionPolicy: PreemptLowerPriority 16 | value: 100001000 17 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/reflector/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/reflector/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: reflector 7 | namespace: kube-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/kube-system/reflector/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/tetragon/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: kube-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | 10 | configMapGenerator: 11 | - name: tetragon-values 12 | files: 13 | - values.yaml=values.yaml 14 | 15 | configurations: 16 | - kustomizeconfig.yaml 17 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/tetragon/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | nameReference: 2 | - kind: ConfigMap 3 | version: v1 4 | fieldSpecs: 5 | - path: spec/valuesFrom/name 6 | kind: HelmRelease 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/kube-system/tetragon/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: tetragon 7 | namespace: kube-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/kube-system/tetragon/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/blocky/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | 9 | configMapGenerator: 10 | - name: blocky 11 | files: 12 | - ./configs/config.yml 13 | 14 | configurations: 15 | - kustomizeconfig.yaml 16 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/blocky/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | nameReference: 2 | - kind: ConfigMap 3 | version: v1 4 | fieldSpecs: 5 | - path: spec/values/persistence/config/name 6 | kind: HelmRelease 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/blocky/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: blocky 7 | namespace: network-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/network-system/blocky/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/cert-manager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | - secret.enc.yaml 10 | 11 | configMapGenerator: 12 | - name: cert-manager-values 13 | namespace: flux-system 14 | files: 15 | - values.yaml=./values.yaml 16 | 17 | generatorOptions: 18 | annotations: 19 | kustomize.toolkit.fluxcd.io/substitute: disabled 20 | 21 | configurations: 22 | - kustomizeconfig.yaml 23 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/cert-manager/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/cert-manager/issuers/clusterissuer-prod.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/cert-manager.io/clusterissuer_v1.json 3 | apiVersion: cert-manager.io/v1 4 | kind: ClusterIssuer 5 | metadata: 6 | name: letsencrypt-prod 7 | spec: 8 | acme: 9 | server: https://acme-v02.api.letsencrypt.org/directory 10 | email: michaelfornaro@gmail.com 11 | privateKeySecretRef: 12 | name: letsencrypt-prod 13 | solvers: 14 | - dns01: 15 | cloudflare: 16 | email: michaelfornaro@gmail.com 17 | apiTokenSecretRef: 18 | name: cloudflare-cert-manager-token 19 | key: api-token 20 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/cert-manager/issuers/clusterissuer-stg.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/cert-manager.io/clusterissuer_v1.json 3 | apiVersion: cert-manager.io/v1 4 | kind: ClusterIssuer 5 | metadata: 6 | name: letsencrypt-staging 7 | spec: 8 | acme: 9 | server: https://acme-staging-v02.api.letsencrypt.org/directory 10 | email: michaelfornaro@gmail.com 11 | privateKeySecretRef: 12 | name: letsencrypt-staging 13 | solvers: 14 | - dns01: 15 | cloudflare: 16 | email: michaelfornaro@gmail.com 17 | apiTokenSecretRef: 18 | name: cloudflare-cert-manager-token 19 | key: api-token 20 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/cert-manager/issuers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network-system 6 | resources: 7 | - clusterissuer-prod.yaml 8 | - clusterissuer-stg.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/cloudflare-ddns/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - deployment.yaml 8 | - secret.enc.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/cloudflare-ddns/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: cloudflare-ddns 7 | namespace: network-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/network-system/cloudflare-ddns/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/cloudflared/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network-system 6 | 7 | resources: 8 | - dnsendpoint.yaml 9 | - helmrelease.yaml 10 | - secret.enc.yaml 11 | 12 | configMapGenerator: 13 | - name: cloudflared 14 | files: 15 | - ./configs/config.yaml 16 | 17 | configurations: 18 | - kustomizeconfig.yaml 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/cloudflared/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | nameReference: 2 | - kind: ConfigMap 3 | version: v1 4 | fieldSpecs: 5 | - path: spec/values/persistence/config/name 6 | kind: HelmRelease 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/dex-k8s-authenticator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - clusterrolebinding.yaml 8 | - helmrelease.yaml 9 | - virtualservice.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/dex-k8s-authenticator/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: dex-k8s-authenticator 7 | namespace: network-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/network-system/dex-k8s-authenticator/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | dependsOn: 20 | - name: istiod 21 | namespace: istio-system 22 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/dex/app/README.md: -------------------------------------------------------------------------------- 1 | # Dex 2 | 3 | Enter valid secrets into the values.yaml and use the following command to generate the secret, then use sealed secrets to encrypt these values to be used within the helm release resource. 4 | 5 | ```bash 6 | kubectl create secret generic dex-helm-values --from-file=values.yaml=config/dex/values.yaml --dry-run=client -n network -o yaml > secret.yaml 7 | ``` 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/dex/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - secret.enc.yaml 9 | - virtualservice.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/dex/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: dex 7 | namespace: network-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/network-system/dex/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | dependsOn: 22 | - name: istiod 23 | namespace: istio-system 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/echo-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network-system 6 | 7 | resources: 8 | - helmrelease.yaml 9 | - virtualservice.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/echo-server/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: echo-server 7 | namespace: network-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/network-system/echo-server/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | dependsOn: 20 | - name: istiod 21 | namespace: istio-system 22 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/external-dns/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - secret.enc.yaml 9 | # REQUIRED: This installed the DNSEndpoint CRD which is not installed automatically via the Helm chart currently. 10 | # Added in recent version: https://github.com/kubernetes-sigs/external-dns/commit/aef83b936b73cffc7e6c44b0804cbf7f7687cf46 11 | # - https://raw.githubusercontent.com/kubernetes-sigs/external-dns/master/docs/contributing/crd-source/crd-manifest.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/external-dns/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: external-dns 7 | namespace: network-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/network-system/external-dns/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network-system 6 | 7 | components: 8 | - ../../../components/common 9 | 10 | resources: 11 | - namespace.yaml 12 | # Test disabling network policy to debug node-feature-discovery connectivity issue 13 | # - networkpolicy.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/multus/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - rbac.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/multus/networks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network-system 6 | 7 | resources: 8 | - network.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: network-system 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/audit: privileged 10 | pod-security.kubernetes.io/enforce: privileged 11 | pod-security.kubernetes.io/warn: privileged 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/node-feature-discovery/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | # - networkpolicy.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/node-feature-discovery/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: node-feature-discovery 7 | namespace: network-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/network-system/node-feature-discovery/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/network-system/oauth2-proxy/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - secret.enc.yaml 9 | - virtualservice.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/base/nginx-ingress/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: nginx-ingress 6 | 7 | components: 8 | - ../../../components/common 9 | 10 | resources: 11 | - namespace.yaml 12 | # - networkpolicy.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/nginx-ingress/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: nginx-ingress 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/nginx-ingress/nginx-ingress/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/nginx-ingress/nginx-ingress/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: nginx-ingress 7 | namespace: nginx-ingress 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/nginx-ingress/nginx-ingress/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/README.md: -------------------------------------------------------------------------------- 1 | # Jaeger 2 | 3 | TODO: Currently not supporting ARM64 4 | 5 | # Prometheus-Operator 6 | 7 | ```bash 8 | kubectl create secret generic grafana-admin-creds \ 9 | --from-literal=admin-user="" \ 10 | --from-literal=admin-password="" \ 11 | --namespace observability --dry-run -o yaml > .secrets/k8s-secret-grafana-admin-creds.yaml 12 | ``` 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/goldilocks/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - virtualservice.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/goldilocks/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: goldilocks 7 | namespace: observability 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/observability/goldilocks/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | dependsOn: 22 | - name: istiod 23 | namespace: istio-system 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/grafana/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - secret.enc.yaml 8 | - virtualservice.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/grafana/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: grafana 7 | namespace: observability 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/observability/grafana/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | dependsOn: 22 | - name: istiod 23 | namespace: istio-system 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/jaeger/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - virtualservice.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/jaeger/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: jaeger 7 | namespace: observability 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/observability/jaeger/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | dependsOn: 22 | - name: istiod 23 | namespace: istio-system 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/kiali/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | - virtualservice.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/kiali/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: kiali 7 | namespace: observability 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/observability/kiali/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/kromgo/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: observability 6 | 7 | resources: 8 | - helmrelease.yaml 9 | - virtualservice.yaml 10 | 11 | configMapGenerator: 12 | - name: kromgo-config 13 | files: 14 | - config.yaml=./resources/config.yaml 15 | 16 | generatorOptions: 17 | annotations: 18 | kustomize.toolkit.fluxcd.io/substitute: disabled 19 | 20 | configurations: 21 | - kustomizeconfig.yaml 22 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/kromgo/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | nameReference: 2 | - kind: ConfigMap 3 | version: v1 4 | fieldSpecs: 5 | - path: spec/values/persistence/config-file/name 6 | kind: HelmRelease 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/kromgo/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: kromgo 7 | namespace: observability 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/observability/kromgo/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/kube-prometheus-stack/addons/alerts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - oomkilled.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/kube-prometheus-stack/addons/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - ./alerts 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/kube-prometheus-stack/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: observability 6 | 7 | resources: 8 | - etcd-client-cert.enc.yaml 9 | - helmrelease.yaml 10 | - secret.enc.yaml 11 | - virtualservice.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: observability 6 | 7 | components: 8 | - ../../../components/common 9 | 10 | resources: 11 | - namespace.yaml 12 | # - networkpolicy.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/loki/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/loki/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: loki 7 | namespace: observability 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/observability/loki/app" 13 | prune: true 14 | wait: false 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: observability 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/enforce: privileged 10 | pod-security.kubernetes.io/warn: privileged 11 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/otel/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/otel/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: otel 7 | namespace: observability 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/observability/otel/app" 13 | prune: true 14 | wait: false 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/thanos/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | - secret.enc.yaml 9 | - virtualservice.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/thanos/app/virtualservice.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/networking.istio.io/virtualservice_v1beta1.json 3 | apiVersion: networking.istio.io/v1beta1 4 | kind: VirtualService 5 | metadata: 6 | name: thanos 7 | namespace: observability 8 | spec: 9 | hosts: 10 | - 'thanos.${CLUSTER_DOMAIN}' 11 | gateways: 12 | - istio-ingress/istio-ingressgateway 13 | http: 14 | - match: 15 | - port: 443 16 | route: 17 | - destination: 18 | port: 19 | number: 9090 20 | host: thanos-query.observability.svc.cluster.local 21 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/thanos/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: thanos 7 | namespace: observability 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/apps/base/observability/thanos/app" 15 | prune: true 16 | wait: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | dependsOn: 22 | - name: istiod 23 | namespace: istio-system 24 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/vpa/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/observability/vpa/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: vpa 7 | namespace: observability 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/observability/vpa/app" 13 | prune: true 14 | wait: false 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | -------------------------------------------------------------------------------- /kubernetes/apps/base/security-system/crowdsec/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | # - virtualservice.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/security-system/crowdsec/app/virtualservice.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/networking.istio.io/virtualservice_v1beta1.json 3 | apiVersion: networking.istio.io/v1beta1 4 | kind: VirtualService 5 | metadata: 6 | name: crowdsec 7 | namespace: security-system 8 | spec: 9 | hosts: 10 | - 'metabase.${CLUSTER_DOMAIN}' 11 | gateways: 12 | - istio-ingress/istio-ingressgateway 13 | http: 14 | - route: 15 | - destination: 16 | port: 17 | number: 3000 18 | host: crowdsec-service.network-system.svc.cluster.local 19 | weight: 100 20 | -------------------------------------------------------------------------------- /kubernetes/apps/base/security-system/crowdsec/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: crowdsec 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/security-system/crowdsec/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | -------------------------------------------------------------------------------- /kubernetes/apps/base/security-system/falco-exporter/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/security-system/falco-exporter/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: falco-exporter 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/security-system/falco-exporter/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | -------------------------------------------------------------------------------- /kubernetes/apps/base/security-system/falco/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/apps/base/security-system/falco/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: falco 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/security-system/falco/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | -------------------------------------------------------------------------------- /kubernetes/apps/base/security-system/gatekeeper/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/security-system/gatekeeper/app/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | # This will scrap for both audit and controller-manager as the label is consistent in both pods. 2 | --- 3 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/monitoring.coreos.com/podmonitor_v1.json 4 | apiVersion: monitoring.coreos.com/v1 5 | kind: PodMonitor 6 | metadata: 7 | name: gatekeeper 8 | namespace: gatekeeper-system 9 | spec: 10 | namespaceSelector: 11 | matchNames: 12 | - gatekeeper-system 13 | selector: 14 | matchLabels: 15 | gatekeeper.sh/system: 'yes' 16 | podMetricsEndpoints: 17 | - port: metrics 18 | -------------------------------------------------------------------------------- /kubernetes/apps/base/security-system/gatekeeper/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: gatekeeper 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/security-system/gatekeeper/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | -------------------------------------------------------------------------------- /kubernetes/apps/base/security-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: security-system 6 | 7 | components: 8 | - ../../../components/common 9 | 10 | resources: 11 | - namespace.yaml 12 | # - networkpolicy.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/apps/base/security-system/kyverno/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/apps/base/security-system/kyverno/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: kyverno 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | retryInterval: 1m 11 | timeout: 3m 12 | path: "./kubernetes/apps/base/security-system/kyverno/app" 13 | prune: true 14 | wait: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | -------------------------------------------------------------------------------- /kubernetes/apps/base/security-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: security-system 6 | labels: 7 | goldilocks.fairwinds.com/enabled: "true" 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/enforce: privileged 10 | pod-security.kubernetes.io/warn: privileged 11 | -------------------------------------------------------------------------------- /kubernetes/clusters/cluster-0/README.md: -------------------------------------------------------------------------------- 1 | # Cluster 1 - Raspberry Pi Cluster 2 | -------------------------------------------------------------------------------- /kubernetes/clusters/cluster-0/flux-system/flux-instance/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - ./helmrelease.yaml 8 | 9 | configMapGenerator: 10 | - name: flux-instance-helm-values 11 | namespace: flux-system 12 | files: 13 | - values.yaml=./values.yaml 14 | 15 | generatorOptions: 16 | annotations: 17 | kustomize.toolkit.fluxcd.io/substitute: disabled 18 | 19 | configurations: 20 | - kustomizeconfig.yaml 21 | -------------------------------------------------------------------------------- /kubernetes/clusters/cluster-0/flux-system/flux-instance/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/resources/spec/valuesFrom/name 7 | kind: ResourceSet 8 | -------------------------------------------------------------------------------- /kubernetes/clusters/cluster-0/flux-system/flux-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - ./helmrelease.yaml 8 | 9 | configMapGenerator: 10 | - name: flux-operator-helm-values 11 | namespace: flux-system 12 | files: 13 | - values.yaml=./values.yaml 14 | 15 | generatorOptions: 16 | annotations: 17 | kustomize.toolkit.fluxcd.io/substitute: disabled 18 | 19 | configurations: 20 | - kustomizeconfig.yaml 21 | -------------------------------------------------------------------------------- /kubernetes/clusters/cluster-0/flux-system/flux-operator/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/resources/spec/valuesFrom/name 7 | kind: ResourceSet 8 | -------------------------------------------------------------------------------- /kubernetes/clusters/cluster-0/flux-system/flux-operator/app/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | serviceMonitor: 3 | create: true 4 | -------------------------------------------------------------------------------- /kubernetes/clusters/cluster-0/flux-system/kustomize-mutating-webhook/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - ./helmrelease.yaml 8 | 9 | configMapGenerator: 10 | - name: kustomization-mutating-webhook-values 11 | namespace: flux-system 12 | files: 13 | - values.yaml=./values.yaml 14 | 15 | generatorOptions: 16 | annotations: 17 | kustomize.toolkit.fluxcd.io/substitute: disabled 18 | 19 | configurations: 20 | - kustomizeconfig.yaml 21 | -------------------------------------------------------------------------------- /kubernetes/clusters/cluster-0/flux-system/kustomize-mutating-webhook/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/clusters/cluster-0/flux-system/kustomize-mutating-webhook/app/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | image: 3 | repsotory: ghcr.io/xunholy/kustomize-mutating-webhook 4 | replicaCount: 1 5 | certManager: 6 | enabled: true 7 | configMaps: 8 | - create: false 9 | name: cluster-config 10 | secrets: 11 | - create: false 12 | name: cluster-secrets 13 | env: 14 | LOG_LEVEL: debug 15 | podDisruptionBudget: 16 | enabled: false 17 | securityContext: 18 | allowPrivilegeEscalation: false 19 | readOnlyRootFilesystem: true 20 | capabilities: 21 | drop: 22 | - ALL 23 | seccompProfile: 24 | type: RuntimeDefault 25 | service: 26 | headless: false 27 | -------------------------------------------------------------------------------- /kubernetes/clusters/cluster-0/flux-system/kustomize-mutating-webhook/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &appname kustomize-mutating-webhook 7 | namespace: flux-system 8 | labels: 9 | substitution.flux/enabled: true 10 | spec: 11 | interval: 30m 12 | retryInterval: 1m 13 | timeout: 3m 14 | path: "./kubernetes/clusters/cluster-0/flux-system/kustomize-mutating-webhook/app" 15 | prune: true 16 | wait: false 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/github/alerts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/alert_v1beta3.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Alert 5 | metadata: 6 | name: github-status 7 | spec: 8 | providerRef: 9 | name: github-status 10 | eventSources: 11 | - kind: Kustomization 12 | name: "*" 13 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/github/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - alerts.yaml 8 | - provider.yaml 9 | - secret.enc.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/github/provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.raspbernetes.com/notification.toolkit.fluxcd.io/provider_v1beta2.json 3 | apiVersion: notification.toolkit.fluxcd.io/v1beta3 4 | kind: Provider 5 | metadata: 6 | name: github-status 7 | namespace: flux-system 8 | spec: 9 | type: github 10 | address: https://github.com/xunholy/k8s-gitops 11 | secretRef: 12 | name: git-api-token 13 | -------------------------------------------------------------------------------- /kubernetes/components/common/alerts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - ./github 8 | -------------------------------------------------------------------------------- /kubernetes/components/common/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1alpha1 4 | kind: Component 5 | 6 | resources: 7 | - ./alerts 8 | -------------------------------------------------------------------------------- /kubernetes/tenants/base/kube-guardian/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | - namespace.yaml 8 | - networkpolicy.yaml 9 | - rolebinding.yaml 10 | - sync.yaml 11 | - tenant.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/tenants/base/kube-guardian/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: xdp-log 6 | labels: 7 | toolkit.fluxcd.io/tenant: kube-guardian 8 | kustomize.toolkit.fluxcd.io/prune: disabled 9 | pod-security.kubernetes.io/audit: privileged 10 | pod-security.kubernetes.io/enforce: privileged 11 | pod-security.kubernetes.io/warn: privileged 12 | -------------------------------------------------------------------------------- /kubernetes/tenants/base/kube-guardian/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: default-deny-policy 5 | namespace: xdp-log 6 | spec: 7 | podSelector: {} 8 | policyTypes: 9 | - Ingress 10 | - Egress 11 | ingress: [] 12 | egress: [] 13 | -------------------------------------------------------------------------------- /kubernetes/tenants/base/kube-guardian/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | labels: 6 | toolkit.fluxcd.io/tenant: kube-guardian 7 | name: kube-guardian-tenant-reconciler 8 | namespace: xdp-log 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: cluster-admin 13 | subjects: 14 | - apiGroup: rbac.authorization.k8s.io 15 | kind: User 16 | name: gotk:kube-guardian-tenant:reconciler 17 | - kind: ServiceAccount 18 | name: kube-guardian 19 | namespace: kube-guardian-tenant 20 | -------------------------------------------------------------------------------- /kubernetes/tenants/overlays/cluster-0/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: [] 7 | -------------------------------------------------------------------------------- /talos/integrations/cert-approver/.gitignore: -------------------------------------------------------------------------------- 1 | # Kustomize helmChart transformer creates a charts/ dir that can be ignored 2 | charts/ 3 | -------------------------------------------------------------------------------- /talos/integrations/cert-approver/README.md: -------------------------------------------------------------------------------- 1 | # Kubelet CSR Approver 2 | 3 | ## Create Static Kubelet CSR Approver Locally For Talos 4 | 5 | ```bash 6 | echo "Removing old local chart cache" 7 | rm -rf talos/integrations/cert-approver/charts 8 | echo "# This manifest was generated by automation. DO NOT EDIT." > talos/integrations/cert-approver/cert-approver.yaml 9 | kustomize build \ 10 | --enable-helm \ 11 | --load-restrictor=LoadRestrictionsNone \ 12 | talos/integrations/cert-approver \ 13 | >> talos/integrations/cert-approver/cert-approver.yaml 14 | ``` 15 | -------------------------------------------------------------------------------- /talos/integrations/cert-approver/transformers.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: builtin 3 | kind: LabelTransformer 4 | metadata: 5 | name: labels 6 | labels: 7 | app.kubernetes.io/managed-by: Helm 8 | fieldSpecs: 9 | - path: metadata/labels 10 | create: true 11 | --- 12 | apiVersion: builtin 13 | kind: AnnotationsTransformer 14 | metadata: 15 | name: annotations 16 | annotations: 17 | meta.helm.sh/release-name: kubelet-csr-approver 18 | meta.helm.sh/release-namespace: kube-system 19 | fieldSpecs: 20 | - path: metadata/annotations 21 | create: true 22 | -------------------------------------------------------------------------------- /talos/integrations/cilium/.gitignore: -------------------------------------------------------------------------------- 1 | # Kustomize helmChart transformer creates a charts/ dir that can be ignored 2 | charts/ 3 | -------------------------------------------------------------------------------- /talos/integrations/cilium/README.md: -------------------------------------------------------------------------------- 1 | # Cilium 2 | 3 | ## Create Static Cilium Locally For Talos 4 | 5 | ```bash 6 | echo "Removing old local chart cache" 7 | rm -rf talos/integrations/cilium/charts 8 | echo "# This manifest was generated by automation. DO NOT EDIT." > talos/integrations/cilium/cilium.yaml 9 | kustomize build \ 10 | --enable-helm \ 11 | --load-restrictor=LoadRestrictionsNone \ 12 | talos/integrations/cilium \ 13 | >> talos/integrations/cilium/cilium.yaml 14 | ``` 15 | -------------------------------------------------------------------------------- /talos/integrations/cilium/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | helmCharts: 7 | - name: cilium 8 | includeCRDs: true 9 | releaseName: cilium 10 | namespace: kube-system 11 | valuesFile: ../../../kubernetes/apps/base/kube-system/cilium/app/values.yaml 12 | version: 1.17.4 13 | repo: https://helm.cilium.io/ 14 | 15 | # REQUIRED: Use transformers to avoid creating the labels & annotations on all references rather than only metadata/annotations or metadata/labels respectively 16 | transformers: 17 | - transformers.yaml 18 | -------------------------------------------------------------------------------- /talos/integrations/cilium/transformers.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: builtin 3 | kind: LabelTransformer 4 | metadata: 5 | name: labels 6 | labels: 7 | app.kubernetes.io/managed-by: Helm 8 | fieldSpecs: 9 | - path: metadata/labels 10 | create: true 11 | --- 12 | apiVersion: builtin 13 | kind: AnnotationsTransformer 14 | metadata: 15 | name: annotations 16 | annotations: 17 | meta.helm.sh/release-name: cilium 18 | meta.helm.sh/release-namespace: kube-system 19 | fieldSpecs: 20 | - path: metadata/annotations 21 | create: true 22 | -------------------------------------------------------------------------------- /talos/patches/iscsi.yaml: -------------------------------------------------------------------------------- 1 | # https://www.talos.dev/v1.9/kubernetes-guides/configuration/replicated-local-storage-with-openebs/ 2 | machine: 3 | sysctls: 4 | vm.nr_hugepages: "1024" 5 | nodeLabels: 6 | openebs.io/engine: mayastor 7 | kubelet: 8 | extraMounts: 9 | - destination: /var/openebs/local 10 | type: bind 11 | source: /var/openebs/local 12 | options: 13 | - rbind 14 | - rshared 15 | - rw 16 | -------------------------------------------------------------------------------- /talos/patches/metric-server.yaml: -------------------------------------------------------------------------------- 1 | # https://www.talos.dev/v1.9/kubernetes-guides/configuration/deploy-metrics-server/ 2 | - op: add 3 | path: /machine/kubelet/extraArgs 4 | value: 5 | rotate-server-certificates: true 6 | -------------------------------------------------------------------------------- /talos/patches/metrics.yaml: -------------------------------------------------------------------------------- 1 | # https://www.talos.dev/v1.9/talos-guides/configuration/containerd/#exposing-metrics 2 | machine: 3 | files: 4 | - content: | 5 | [metrics] 6 | address = "0.0.0.0:11234" 7 | path: /etc/cri/conf.d/20-customization.part 8 | op: create 9 | -------------------------------------------------------------------------------- /terraform/cloudflare/_backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "gcs" { 3 | bucket = "raspbernetes-cloudflare-terraform-state" 4 | prefix = "terraform/state" 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /terraform/cloudflare/_providers.tf: -------------------------------------------------------------------------------- 1 | provider "cloudflare" { 2 | api_token = data.sops_file.secrets.data["api_token"] 3 | } 4 | -------------------------------------------------------------------------------- /terraform/cloudflare/data.tf: -------------------------------------------------------------------------------- 1 | data "cloudflare_zone" "domain" { 2 | name = var.domain 3 | } 4 | 5 | data "sops_file" "secrets" { 6 | source_file = "secret.enc.yaml" 7 | } 8 | -------------------------------------------------------------------------------- /terraform/cloudflare/outputs.tf: -------------------------------------------------------------------------------- 1 | output "zone_id" { 2 | value = data.cloudflare_zone.domain.id 3 | description = "The zone ID in Cloudflare." 4 | } 5 | -------------------------------------------------------------------------------- /terraform/cloudflare/variables.tf: -------------------------------------------------------------------------------- 1 | variable "domain" { 2 | description = "(OPTIONAL) The domain name to use for the cluster. (default: raspbernetes.com)" 3 | default = "raspbernetes.com" 4 | type = string 5 | } 6 | 7 | variable "kubernetes_cluster_api" { 8 | description = "(OPTIONAL) The Kubernetes cluster API endpoint to use for the cluster. (default: https://api.raspbernetes.com)" 9 | default = "api.raspbernetes.com" 10 | type = string 11 | } 12 | 13 | variable "session_duration" { 14 | description = "(OPTIONAL) The session duration for the cluster. (default: 24h)" 15 | default = "24h" 16 | type = string 17 | } 18 | -------------------------------------------------------------------------------- /terraform/cloudflare/version.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | cloudflare = { 4 | source = "cloudflare/cloudflare" 5 | version = "~> 5.0" 6 | } 7 | sops = { 8 | source = "carlpett/sops" 9 | version = "1.2.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform/gcp/README.md: -------------------------------------------------------------------------------- 1 | # Cloud Infrastructure 2 | 3 | ## Existing Project 4 | 5 | Use [terraformer](https://github.com/GoogleCloudPlatform/terraformer) to import existing cloud resources that have been created into TF files. 6 | 7 | GCP Example: 8 | 9 | ```bash 10 | terraformer import google --resources=gcs,forwardingRules,httpHealthChecks --connect=true --regions=europe-west1,europe-west4 --projects=aaa,fff 11 | ``` 12 | 13 | ## Tips 14 | 15 | Consider terraform repository structure [best practices](https://www.terraform-best-practices.com/code-structure) 16 | -------------------------------------------------------------------------------- /terraform/gcp/_backend.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "gcs" { 3 | bucket = "raspbernetes-gitops-terraform-state" 4 | prefix = "terraform/state" 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /terraform/gcp/_provider.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | project = var.project_id 3 | region = var.region 4 | } 5 | -------------------------------------------------------------------------------- /terraform/gcp/variables.tf: -------------------------------------------------------------------------------- 1 | variable "project_id" { 2 | description = "(OPTIONAL) The GCP project ID to use for the cluster. (default: raspbernetes)" 3 | default = "raspbernetes" 4 | type = string 5 | } 6 | 7 | variable "region" { 8 | description = "(OPTIONAL) The GCP region to use for the cluster. (default: us-central1)" 9 | default = "us-central1" 10 | type = string 11 | } 12 | --------------------------------------------------------------------------------