summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitmodules9
-rw-r--r--data.d/etc-nixos/.gitignore2
-rw-r--r--data.d/etc-nixos/README.md119
-rw-r--r--data.d/etc-nixos/apps/vpn-tinc.nix283
-rw-r--r--data.d/etc-nixos/env/global.nix72
-rw-r--r--data.d/etc-nixos/env/laptop.nix13
-rw-r--r--data.d/etc-nixos/env/server.nix7
-rw-r--r--data.d/etc-nixos/env/workstation.nix74
-rw-r--r--data.d/etc-nixos/wm/awesome.nix30
-rw-r--r--data.d/etc-nixos/wm/herbstluftwm.nix22
-rw-r--r--data.d/etc-nixos/wm/kde.nix55
-rw-r--r--data.d/etc-portage/.gitignore1
-rw-r--r--data.d/etc-portage/make.conf/00-defaults.conf15
-rw-r--r--data.d/etc-portage/make.conf/10-global.conf54
-rw-r--r--data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords1
-rw-r--r--data.d/etc-portage/package.license1
-rw-r--r--data.d/etc-portage/package.use/15-apcupsd.use1
-rw-r--r--data.d/etc-portage/repos.conf/gentoo.conf19
-rw-r--r--data.d/k3s-master/helm.d/certmanager.yaml1
-rw-r--r--data.d/k3s-master/helm.d/mimir.yaml6
-rw-r--r--data.d/k3s-master/helm.d/minio.yaml29
-rw-r--r--data.d/k3s-master/helm.d/redis.yaml15
-rw-r--r--data.d/k3s-master/helm.d/seaweedfs-csi-driver.yaml1
-rw-r--r--data.d/k3s-master/manifests.d/jaomox/cluster-issuers.yaml33
-rw-r--r--data.d/k3s-master/manifests.d/jaomox/namespaces.yaml (renamed from playbooks.d/k3s-master/manifests/namespaces/personal-services.yaml)6
-rw-r--r--data.d/k3s-master/manifests.d/jaomox/persistent-volumes.yaml (renamed from playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/volume.yaml)10
-rw-r--r--data.d/k3s-master/manifests.d/jaomox/personal-services/minio/persistent-volume-claim.yaml14
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/helm-chart.yaml49
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml58
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml32
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml19
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml51
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/helm-chart13
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-production.yaml (renamed from playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/letsencrypt-production.yaml)2
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-staging.yaml (renamed from playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/letsencrypt-staging.yaml)2
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/base-system/garage/deployment.yaml68
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/base-system/garage/ingress.yaml35
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/base-system/garage/persistent-volume-claim.yaml38
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/base-system/garage/service.yaml35
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/auth-proxy.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/helm-chart.yaml15
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/service-monitor.yaml21
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/chat-system/biboumi/deployment.yaml55
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/configmap.yaml159
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/deployment.yaml66
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/ingress.yaml33
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/service.yaml54
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/chat-system/sleamdge/deployment.yaml51
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/event-bus.yaml20
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/helm-chart.yaml16
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml64
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/auth-proxy.yaml33
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/ingress.yaml40
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml101
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-bus/default.yaml20
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-sources/webhook.yaml28
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/default.yaml61
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/generic-raku.yaml61
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml52
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/fetch-git.yaml46
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic-raku.yaml82
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic.yaml43
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml90
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/qa-reuse.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util-raku.yaml216
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util.yaml107
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/kube-system/amdgpu-device-plugin/deamon-set.yaml40
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/helm-chart-config.yaml11
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml24
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml18
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml23
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-https.yaml11
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/monitoring/grafana/helm-chart.yaml33
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus-exporter-postgresql/helm-chart.yaml15
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/auth-proxy.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/helm-chart.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/namespaces.yaml53
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/configmap.yaml68
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/deployment.yaml51
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/ingress.yaml33
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/service.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/configmap.yaml38
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-backend.yaml60
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-frontend.yaml59
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/ingress.yaml32
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-backend.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-frontend.yaml (renamed from playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/service.yaml)14
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-blockdiag.yaml34
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-bpmn.yaml34
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-excalidraw.yaml34
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-mermaid.yaml33
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki.yaml53
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/ingress-kroki.yaml30
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-blockdiag.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-bpmn.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-excalidraw.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-mermaid.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki.yaml (renamed from playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/service.yaml)16
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/cron.yaml34
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/deployment.yaml45
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/ingress.yaml33
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/service.yaml (renamed from playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/service.yaml)16
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/deployment.yaml54
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/ingress.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/ingress.yaml)16
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/service.yaml (renamed from playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/service.yaml)10
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/auth-proxy.yaml32
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/deployment.yaml48
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/ingress.yaml32
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/service.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/ravenhosting/openproject/helm-chart.yaml11
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/deployment.yaml78
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/ingress.yaml32
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/service.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/auth-proxy.yaml32
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/deployment.yaml93
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/service.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/service.yaml)8
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/deployment.yaml96
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/ingress.yaml32
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/service.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/deployment.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/deployment.yaml)50
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/ingress.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/ingress.yaml)11
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/service.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/service.yaml)2
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/deployment.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/deployment.yaml)63
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/ingress.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/ingress.yaml)19
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/service.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/service.yaml)2
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/deployment.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/deployment.yaml)50
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/ingress.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/ingress.yaml)19
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/service.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/deployment.yaml66
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/ingress.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/ingress.yaml)19
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/service.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/service.yaml)2
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/deployment.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/deployment.yaml)63
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/ingress.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/ingress.yaml)19
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/service.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/service.yaml)2
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/deployment.yaml66
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/ingress.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/ingress.yaml)19
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/service.yaml (renamed from playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/service.yaml)2
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/unpackerr/deployment.yaml88
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/deployment.yaml60
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/ingress.yaml32
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/service.yaml22
-rw-r--r--data.d/k8s-master/manifests.d/base-system/helm-controller.yaml23
-rw-r--r--data.d/k8s-master/manifests.d/namespaces.yaml (renamed from playbooks.d/k3s-master/manifests/namespaces/base-system.yaml)0
-rw-r--r--data.d/vpn-tinc/hosts/anoia_tyil_net17
-rw-r--r--data.d/vpn-tinc/hosts/caeghi_tyil_net (renamed from playbooks.d/vpn-tinc/share/hosts/caeghi_tyil_net)2
-rw-r--r--data.d/vpn-tinc/hosts/edephas_tyil_net (renamed from playbooks.d/vpn-tinc/share/hosts/edephas_tyil_net)1
-rw-r--r--data.d/vpn-tinc/hosts/faiwoo_tyil_net (renamed from playbooks.d/vpn-tinc/share/hosts/faiwoo_tyil_net)2
-rw-r--r--data.d/vpn-tinc/hosts/gaeru_tyil_net17
-rw-r--r--data.d/vpn-tinc/hosts/jaomox_tyil_net17
-rw-r--r--data.d/vpn-tinc/hosts/ludifah_tyil_net16
-rw-r--r--data.d/vpn-tinc/hosts/mieshu_tyil_net18
-rw-r--r--data.d/vpn-tinc/hosts/nouki_tyil_net18
-rw-r--r--data.d/vpn-tinc/hosts/oolah_tyil_net17
-rw-r--r--data.d/vpn-tinc/hosts/plarabe_tyil_net16
-rw-r--r--data.d/vpn-tinc/hosts/qohrei_tyil_net18
-rw-r--r--data.d/vpn-tinc/hosts/ricui_tyil_net17
-rw-r--r--data.d/vpn-wireguard/.gitignore1
-rwxr-xr-xdata.d/vpn-wireguard/hooks/post-up44
-rw-r--r--data.d/vpn-wireguard/peers/faiwoo.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/jaomox.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/mieshu.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/nouki.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/qohrei.tyil.net5
-rw-r--r--data.d/vpn-wireguard/peers/ricui.tyil.net5
-rw-r--r--defaults51
-rw-r--r--hosts.d/anoia.tyil.net7
-rw-r--r--hosts.d/caeghi.tyil.net3
-rw-r--r--hosts.d/denahnu.tyil.net7
-rw-r--r--hosts.d/edephas.tyil.net25
-rw-r--r--hosts.d/faiwoo.tyil.net7
-rw-r--r--hosts.d/gaeru.tyil.net9
-rw-r--r--hosts.d/hurzak.tyil.net7
-rw-r--r--hosts.d/ivdea.tyil.net6
-rw-r--r--hosts.d/jaomox.tyil.net27
-rw-r--r--hosts.d/krohxe.tyil.net2
-rw-r--r--hosts.d/ludifah.tyil.net8
-rw-r--r--hosts.d/mieshu.tyil.net36
-rw-r--r--hosts.d/nouki.tyil.net8
-rw-r--r--hosts.d/oolah.tyil.net7
-rw-r--r--hosts.d/plarabe.tyil.net4
-rw-r--r--hosts.d/qohrei.tyil.net18
-rw-r--r--hosts.d/ricui.tyil.net11
-rw-r--r--os.d/linux-alpine_linux (renamed from playbooks.d/remotes)0
-rw-r--r--os.d/linux-debian_gnu_linux1
-rw-r--r--playbooks.d/dns-dnsmasq/description.txt1
-rw-r--r--playbooks.d/dns-dnsmasq/etc/defaults6
-rw-r--r--playbooks.d/dns-dnsmasq/etc/os.d/linux-gentoo1
-rw-r--r--playbooks.d/dns-dnsmasq/playbook.bash48
-rw-r--r--playbooks.d/dns-dnsmasq/share/dnsmasq.conf14
-rw-r--r--playbooks.d/etc-nixos/description.txt1
-rw-r--r--playbooks.d/etc-nixos/playbook.bash18
-rw-r--r--playbooks.d/etc-portage/description.txt1
-rw-r--r--playbooks.d/etc-portage/playbook.bash18
-rw-r--r--playbooks.d/git-server/playbook.bash2
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub2
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub2
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub5
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub1
-rw-r--r--playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub1
m---------playbooks.d/k3s-master0
-rw-r--r--playbooks.d/k3s-master/description.txt1
-rw-r--r--playbooks.d/k3s-master/etc/defaults8
-rw-r--r--playbooks.d/k3s-master/etc/os.d/linux-gentoo2
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/kustomization.yaml9
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/deployment.yaml77
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/ingress.yaml25
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/release.yaml48
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/secret.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/kustomization.yaml7
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/release.yaml41
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/values.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/kustomization.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/nitter/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/nitter/release.yaml33
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/deployment.yaml31
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/ingress.yaml25
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/deployment.yaml54
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/ingress.yaml25
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/deployment.yaml41
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/ingress.yaml25
-rw-r--r--playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/deployment.yaml31
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/ingress.yaml26
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/service.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/deployment.yaml77
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/ingress.yaml25
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/kustomization.yaml7
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/release.yaml41
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/values.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/kustomization.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/release.yaml33
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/deployment.yaml31
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/service.yaml22
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/deployment.yaml54
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/ingress.yaml25
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/service.yaml22
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/deployment.yaml41
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/ingress.yaml25
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/service.yaml22
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/deployment.yaml58
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/ingress.yaml20
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/service.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/configmap.yaml12
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/kustomization.yaml27
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/service.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/deployment.yaml63
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/deployment.yaml63
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/deployment.yaml76
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/kustomization.yaml7
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/service.yaml35
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/deployment.yaml76
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/kustomization.yaml7
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/service.yaml35
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/deployment.yaml76
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/kustomization.yaml7
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/service.yaml35
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/deployment.yaml76
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/kustomization.yaml7
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/service.yaml35
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/unpackerr/deployment.yaml41
-rw-r--r--playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/unpackerr/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/applications.yaml14
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/gotk-components.yaml5583
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/gotk-sync.yaml27
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/kustomization.yaml5
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-configuration.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-releases.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-sources.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/namespaces.yaml14
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/applications.yaml14
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-components.yaml5583
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-sync.yaml27
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/kustomization.yaml5
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-configuration.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-releases.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-sources.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/namespaces.yaml14
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/applications.yaml14
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-components.yaml5583
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-sync.yaml27
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/kustomization.yaml5
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-configuration.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-releases.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-sources.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/namespaces.yaml14
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/kustomization.yaml7
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/configuration/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/release.yaml20
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/kustomization.yaml7
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/release.yaml24
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/values.yaml17
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/release.yaml26
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/kustomization.yaml8
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/release.yaml19
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/kustomization.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/release.yaml22
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/bitnami.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/ingress-nginx.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/jetstack.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/kustomization.yaml12
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/nextcloud.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/seaweedfs.yaml12
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-invidious.yaml12
-rw-r--r--playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-nitter.yaml12
-rw-r--r--playbooks.d/k3s-master/manifests/namespaces/kustomization.yaml10
-rw-r--r--playbooks.d/k3s-master/manifests/namespaces/media.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/namespaces/public-services.yaml6
-rw-r--r--playbooks.d/k3s-master/manifests/namespaces/servarr.yaml6
-rw-r--r--playbooks.d/k3s-master/playbook.bash42
-rw-r--r--playbooks.d/k3s-node/description.txt1
-rw-r--r--playbooks.d/k3s-node/etc/defaults3
-rw-r--r--playbooks.d/k3s-node/etc/os.d/linux-gentoo2
-rw-r--r--playbooks.d/k3s-node/playbook.bash41
-rw-r--r--playbooks.d/k8s-master/description.txt1
-rw-r--r--playbooks.d/k8s-master/etc/defaults4
-rw-r--r--playbooks.d/k8s-master/playbook.bash115
-rw-r--r--playbooks.d/k8s-node/description.txt1
-rw-r--r--playbooks.d/k8s-node/etc/defaults4
-rw-r--r--playbooks.d/k8s-node/playbook.bash103
-rw-r--r--playbooks.d/nfs-server/description.txt1
-rw-r--r--playbooks.d/nfs-server/etc/defaults3
-rw-r--r--playbooks.d/nfs-server/etc/os.d/linux-gentoo1
-rw-r--r--playbooks.d/nfs-server/playbook.bash75
-rw-r--r--playbooks.d/nftables/description.txt1
-rw-r--r--playbooks.d/nftables/etc/defaults2
-rw-r--r--playbooks.d/nftables/playbook.bash99
-rw-r--r--playbooks.d/seaweedfs-filer/description.txt1
-rw-r--r--playbooks.d/seaweedfs-filer/etc/defaults1
-rw-r--r--playbooks.d/seaweedfs-filer/playbook.bash94
-rw-r--r--playbooks.d/seaweedfs-filer/share/filer.conf7
-rw-r--r--playbooks.d/seaweedfs-filer/share/filer.toml3
-rw-r--r--playbooks.d/seaweedfs-master/description.txt1
-rw-r--r--playbooks.d/seaweedfs-master/etc/defaults1
-rw-r--r--playbooks.d/seaweedfs-master/playbook.bash95
-rw-r--r--playbooks.d/seaweedfs-master/share/master.conf8
-rw-r--r--playbooks.d/seaweedfs-volume/description.txt1
-rw-r--r--playbooks.d/seaweedfs-volume/etc/defaults1
-rw-r--r--playbooks.d/seaweedfs-volume/playbook.bash105
-rw-r--r--playbooks.d/seaweedfs-volume/share/volume.conf12
-rw-r--r--playbooks.d/seaweedfs/description.txt1
-rw-r--r--playbooks.d/seaweedfs/etc/defaults1
-rw-r--r--playbooks.d/seaweedfs/playbook.bash47
-rw-r--r--playbooks.d/seaweedfs/share/master.conf8
-rw-r--r--playbooks.d/seaweedfs/share/server.conf14
-rw-r--r--playbooks.d/ssh/playbook.bash4
-rw-r--r--playbooks.d/ssh/share/motd.satpl (renamed from playbooks.d/ssh/share/motd)0
-rw-r--r--playbooks.d/ssh/share/sshd_config.satpl (renamed from playbooks.d/ssh/share/sshd_config)2
-rw-r--r--playbooks.d/user-tyil/share/gittab.d/vim5
-rw-r--r--playbooks.d/vpn-tinc/playbook.bash134
-rw-r--r--playbooks.d/vpn-tinc/share/host1
-rw-r--r--playbooks.d/vpn-tinc/share/hosts/anoia_tyil_net16
-rw-r--r--playbooks.d/vpn-tinc/share/hosts/denahnu_tyil_net16
-rw-r--r--playbooks.d/vpn-tinc/share/hosts/gaeru_tyil_net16
-rw-r--r--playbooks.d/vpn-tinc/share/hosts/hurzak_tyil_net16
-rw-r--r--playbooks.d/vpn-tinc/share/hosts/ivdea_tyil_net16
-rw-r--r--playbooks.d/vpn-tinc/share/hosts/jaomox_tyil_net16
-rw-r--r--playbooks.d/vpn-tinc/share/hosts/krohxe_tyil_net16
-rw-r--r--playbooks.d/vpn-tinc/share/tinc-up-ifconfig1
-rw-r--r--playbooks.d/vpn-tinc/share/tinc-up-ip1
-rw-r--r--playbooks.d/vpn-tinc/share/tinc.conf7
-rw-r--r--playbooks.d/vpn-wireguard/description.txt1
-rw-r--r--playbooks.d/vpn-wireguard/etc/defaults1
-rw-r--r--playbooks.d/vpn-wireguard/etc/os.d/linux-gentoo1
-rw-r--r--playbooks.d/vpn-wireguard/playbook.bash119
-rw-r--r--playbooks.d/vpn-wireguard/share/interface4
-rw-r--r--playbooks.d/vpn-wireguard/share/peer5
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/com.voidfire.mumble13
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.bazarr13
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.jellyseerr13
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.lidarr (renamed from playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.lid)0
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.prowlarr (renamed from playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.prowl)0
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.radarr (renamed from playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.rad)0
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.readarr (renamed from playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.read)0
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.sonarr (renamed from playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.son)0
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.tdarr13
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.ci12
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.media (renamed from playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.myl)2
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.ntfy (renamed from playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.baz)2
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s313
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s3.misskey13
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/com.voidfire.mumble49
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.bazarr (renamed from playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.myl)8
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.jellyseerr23
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.lidarr (renamed from playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.baz)8
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.prowlarr23
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.rad23
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.radarr (renamed from playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.lid)8
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.read23
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.readarr23
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.sonarr23
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.tdarr (renamed from playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.prowl)8
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.ci19
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git2
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.media (renamed from playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.son)11
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.ntfy31
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s320
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s3.misskey21
-rw-r--r--playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv6
m---------playbooks.d/www-blog0
-rw-r--r--playbooks.d/www-blog/description.txt1
-rw-r--r--playbooks.d/www-blog/etc/defaults2
-rw-r--r--playbooks.d/www-blog/playbook.bash24
-rw-r--r--registry.d/anoia.tyil.net5
-rw-r--r--registry.d/caeghi.tyil.net2
-rw-r--r--registry.d/denahnu.tyil.net4
-rw-r--r--registry.d/edephas.tyil.net1
-rw-r--r--registry.d/faiwoo.tyil.net1
-rw-r--r--registry.d/hurzak.tyil.net4
-rw-r--r--registry.d/ivdea.tyil.net4
-rw-r--r--registry.d/jaomox.tyil.net6
-rw-r--r--registry.d/krohxe.tyil.net3
-rw-r--r--registry.d/ludifah.tyil.net1
-rw-r--r--registry.d/mieshu.tyil.net8
-rw-r--r--registry.d/nouki.tyil.net6
-rw-r--r--registry.d/oolah.tyil.net5
-rw-r--r--registry.d/plarabe.tyil.net2
-rw-r--r--registry.d/qohrei.tyil.net4
-rw-r--r--registry.d/ricui.tyil.net4
452 files changed, 7120 insertions, 20069 deletions
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..ae999ae
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,9 @@
+[submodule "playbooks.d/www-blog"]
+ path = playbooks.d/www-blog
+ url = https://git.tyil.nl/bashtard/www-static
+[submodule "playbooks.d/vpn-tinc"]
+ path = playbooks.d/vpn-tinc
+ url = https://git.tyil.nl/bashtard/vpn-tinc
+[submodule "playbooks.d/k3s-hurzak"]
+ path = playbooks.d/k3s-master
+ url = https://git.tyil.nl/bashtard/k3s-master
diff --git a/data.d/etc-nixos/.gitignore b/data.d/etc-nixos/.gitignore
new file mode 100644
index 0000000..2ee4098
--- /dev/null
+++ b/data.d/etc-nixos/.gitignore
@@ -0,0 +1,2 @@
+configuration.nix
+hardware-configuration.nix
diff --git a/data.d/etc-nixos/README.md b/data.d/etc-nixos/README.md
new file mode 100644
index 0000000..798fe0c
--- /dev/null
+++ b/data.d/etc-nixos/README.md
@@ -0,0 +1,119 @@
+# Set variables
+
+```sh
+disk=...
+zfs_pool=...
+swap_ratio=1.5
+```
+
+# Partition disk
+
+```sh
+parted -s "$disk" mklabel gpt
+```
+
+## boot
+
+### MBR
+
+We don't do MBR anymore!
+
+### EFI
+
+```sh
+parted -a optimal "$disk" mkpart primary fat32 1MiB 1001MiB
+parted "$disk" set 1 esp on
+
+mkfs.vfat -F32 "${disk}1"
+```
+
+## swap
+
+```sh
+swap_end=$(awk '/MemTotal/ { print int($2 / 1000 * '"$swap_ratio"') + 1001 }' /proc/meminfo)
+parted -a optimal "$disk" mkpart primary linux-swap 1001MiB "$swap_end"
+
+mkswap "${disk}2"
+swapon "${disk}2"
+```
+
+## zpool
+
+```sh
+parted -a optimal "$disk" mkpart primary "$swap_end" 100%
+
+zpool create \
+ -O mountpoint=none \
+ -O encryption=on \
+ -O keyformat=passphrase \
+ -O keylocation=prompt \
+ -O acltype=posixacl \
+ -O xattr=sa \
+ -O compression=zstd \
+ -O dnodesize=auto \
+ -O normalization=formD \
+ -o ashift=12 \
+ -o autotrim=on \
+ -R /mnt \
+ "$zfs_pool" "${disk}3"
+```
+
+### zfs volumes
+
+```sh
+zfs create -o mountpoint=none "$zfs_pool/rootfs"
+zfs create -o mountpoint=legacy "$zfs_pool/rootfs/nixos"
+zfs create -o mountpoint=legacy "$zfs_pool/homefs"
+zfs create -o mountpoint=legacy "$zfs_pool/homefs/root"
+zfs create -o mountpoint=legacy "$zfs_pool/homefs/tyil"
+```
+
+# Mount partitions/volumes
+
+```sh
+mount -t zfs "$zfs_pool/rootfs/nixos" /mnt
+
+mkdir -pv -- /mnt/boot
+mount -t vfat "${disk}1" /mnt/boot
+
+mkdir -pv -- /mnt/home
+mount -t zfs "$zfs_pool/homefs" /mnt/home
+
+mkdir -pv -- /mnt/root
+mkdir -pv -- /mnt/home/tyil
+mount -t zfs "$zfs_pool/homefs/root" /mnt/root
+mount -t zfs "$zfs_pool/homefs/tyil" /mnt/home/tyil
+```
+
+# Install NixOS
+
+## Configure
+
+```sh
+nixos-generate-config --root /mnt
+```
+
+Apply configs in `/mnt/etc/nixos`
+
+```nix
+{
+ boot.supportedFilesystems = [ "zfs" ];
+ boot.zfs.devNodes = ...
+ boot.zfs.forceImportRoot = false;
+ networking.hostId = $(head -c4 /dev/urandom | od -A none -t x4)
+ networking.hostName = ...
+}
+```
+
+## Install
+
+```sh
+cd /mnt && nixos-install
+```
+
+## Reboot
+
+```sh
+umount -lR /mnt
+zpool export "$zfs_pool"
+```
diff --git a/data.d/etc-nixos/apps/vpn-tinc.nix b/data.d/etc-nixos/apps/vpn-tinc.nix
new file mode 100644
index 0000000..0634ecc
--- /dev/null
+++ b/data.d/etc-nixos/apps/vpn-tinc.nix
@@ -0,0 +1,283 @@
+{ config, pkgs, ... }:
+
+# To have this node join the network, generate keys, add the new host with its
+# public keys to the list in this file, then rebuild.
+#
+# - mkdir -pv -- /etc/tinc/tyilnet
+# - nix-shell -p tinc_pre --run "tinc -n tyilnet generate-keys 4096"
+# - $EDITOR /etc/nixos/configuration.nix
+# ? networking.interfaces."tinc.tyilnet".address
+# - services.tinc.networks.tyilnet.name
+# - imports += [ "./apps/vpn-tinc.nix" ]
+# - cat /etc/tinc/tyilnet/*.pub
+# - $EDITOR /etc/nixos/apps/vpn-tinc.nix
+
+{
+ environment = {
+ etc = {
+ # This part should be written to configuration.nix while I try to learn
+ # how to do it cleanly with a simple variable
+ #
+ #"tinc/tyilnet/tinc-up".source = pkgs.writeScript "tinc-up" ''
+ # #!${pkgs.stdenv.shell}
+ # ${pkgs.nettools}/bin/ifconfig $INTERFACE 10.57.50.50 netmask 255.255.0.0
+ #'';
+ "tinc/tyilnet/tinc-down".source = pkgs.writeScript "tinc-down" ''
+ #!${pkgs.stdenv.shell}
+ /run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down
+ '';
+ };
+ };
+
+ networking = {
+ firewall = {
+ allowedUDPPorts = [ 655 ];
+ allowedTCPPorts = [ 655 ];
+ };
+ };
+
+ security.sudo.extraRules = [
+ {
+ users = [ "tinc.tyilnet" ];
+ commands = [
+ {
+ command = "${pkgs.nettools}/bin/ifconfig";
+ options = [ "NOPASSWD" ];
+ }
+ ];
+ }
+ ];
+
+ services = {
+ tinc = {
+ networks = {
+ tyilnet = {
+ debugLevel = 3;
+ chroot = false;
+ interfaceType = "tap";
+
+ extraConfig = ''
+ ConnectTo = caeghi_tyil_net
+ ConnectTo = denahnu_tyil_net
+ ConnectTo = faiwoo_tyil_net
+ ConnectTo = gaeru_tyil_net
+ ConnectTo = hurzak_tyil_net
+ ConnectTo = jaomox_tyil_net
+
+ Ed25519PrivateKeyFile = /etc/tinc/tyilnet/ed25519_key.priv
+ PrivateKeyFile = /etc/tinc/tyilnet/rsa_key.priv
+ '';
+
+ hosts = {
+ anoia_tyil_net = ''
+ Subnet = 10.57.100.3/32
+
+ Ed25519PublicKey = 04G6200IYDzDT3H0Yj6ZjQUIUc8tCIvzPaXmyk36e2M
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAt+7D3zRySAfd9cYnMSNhp/yRnBygmnfLdKm/dH9X7QbJ1BNcQpTP
+ I1RmC9lNlWABhB46DJUqQAQeGlZPUHxbCnmdDN6HyDaSA45m/yGUbVhN/ClK7iap
+ EXfNmxZbtE4eBHDz5DsFe7i2nla4gogyiUQsvRgIP2b2v9qzBhqf2kXwv0X+n7hv
+ HvQOdN60x/xm1+Vh6wsdX2HYatEh3dy1pfj+1RCQIWV1FDS1YVbFZFb1UJz917G/
+ DIpM/Cb/3txH0ffVh2NVqFBW3kd60Cs42/6htpHucBQ1dRVZUCKKWz1sgi5H4nty
+ HdPDPwOphrvNE7kXjvhkPIif1KtCr2SLwOK0UXR9iZtWuDH/Uxn2v7ofa0a3zKGf
+ yPrVwzhciv2cdbXPiTFyAS8YbpQUQTcuqDVi1AxE8Z0KmuvgBtTtAzMDyoTLOfzS
+ yZ3a0qQhX3nvLkXWh7cA7cquuP4LgP5iY1vJSRO2EZA61/WdKs8asl0EN8Zn8EEz
+ opnvcM3M0ptBZy1Dz2X6Lz0QliQrzajmSRhfUMTOq3ARvnLsES14ZqehavH5Ntms
+ G1OVdVnd7fqibMhWz/dKiB3uG+1e39isTPW3+22MEm4R0ngfF6olZ8SdHrIWFPW8
+ bvdzf7ebFrjuqi6qN/NdUwrzWdDGU83W2xEBsHHbHcoKaB2uwcCKvjcCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ bast_tyil_net = ''
+ Subnet = 10.57.50.50/32
+
+ Ed25519PublicKey = De60ft6TStf9oJ060kxpSmX7xJ/ZVO9EFXgQdqWcWaO
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAwvOYvgciXHsrqMHIWKDUcJjCF1ARjAxqb3s/BzRlz0XcynzpYDV/
+ EtiZWRkKmDveUILe8pk3gFlu2vwen9DGVydg+tW4G0z4NIejoC9FR8a/NpjTzMvw
+ gNCihTFpPqoqn7loy+OdHIWv34v26zUFY8r0W1XUX0O0vtUcWTHwkV6DggujFPxG
+ SM9yGyl7MxuDbr9EP520dsklWGQT93RlUizr1dm2QNLgQN6+FMTpVPJN/2uaHSMo
+ 9xx3vLltqweyvMrIWCPQQSu+vj9Dqq+4ToC2rXkEfMsjkDyVJViOzSarZfAHCdJL
+ S/aZh4PC9EMsc+DmoIQwN7fKG3CQkm3QZ2P1WKG0jNZ2jdC50G7G9QypKdPFh5Al
+ Oy6z/+VG05+ouRmfQTi12Kap7aakMOw9vjL1BSGgoTxToS7m+O5Q9ByodhVhRBMc
+ pp0ZHvPhZjM0jmtqrTtTkQDGonCiN/IxOdneTkiM0lW9UnROWqYJHL1B92sVyADw
+ S9ddyfUbUFLnOdJkF/JBFR3d5GxIcY1HVfYbugbIBGnal5koALFfhDkYJqQbbuAz
+ z1rSm4yYFWKKFThpZA1oRvEh9UJNbFOepreImCmUKZurgQZFMUjRMRtTcRXy07fR
+ /EctKPyzDKmQOHlnR4hNd3laefwL0vMO7Wra4NqoJx4MMmnPtl5s8okCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ caeghi_tyil_net = ''
+ Address = 116.202.102.33
+ Subnet = 10.57.20.2/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA2abFKFB1Dr1YMcAIWcy/2+jJn+suPyiQjz6vgt476P9a/I7SUCta
+ P5QUPxvS9pZxFVTFKzpmdKxG1pbCAkhArtNg2R1VFEiYCxS+iey+F11pMPEZFVpC
+ EIXeVDQeBm9UXjrOpcTRIwEO7Q2J2lzRrhGm6Rpb6XbdmtQ3S8XgVsXYwWoV7muf
+ TE/d5fgtz8Hghti8w86FP9q61iH6AHCREwbHEUyat5hwznmbiNJHyjx+otI63sQo
+ FS37EazhqCEvt9jyvVSmB7kVTOLnIVATWDaUlPCLLvps09eRsz6aAa7RHCGd3x/W
+ mRHxDCbeKL4ilpo/FPZhANdQImLmFovOtwZ6xawRWKPcRXhkaL24qQC0MLH9wmnY
+ oM6EMioWUa0F11iFM99DTK+NF2Pk8vHNzm0Ep5g0SHzqnAIDDzeNTC9ogwsETqL5
+ t7VY1GXuKWgta9L2q03X7FMEgjIc3lPgVLc0Ccx11MTgVzcIaLxFQ58oo+xFuc9I
+ rBqjZgJwg5MTdZiyZesLJuV+YP+yRat3LifAwIZhloSBVPU6YKx/y30BHjDM8FP1
+ OM2IzJLrafZDy034XyD4s62YsKrHMcQ3CeoQ80QjvSyWvSlvn2vEqrbWIZADi0d/
+ 8vgl44gF9g9yN++G6S7BsTJ5PNgv0jrRFu/RpEN1hVOuo+nBqFsvxW8CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ denahnu_tyil_net = ''
+ Address = 81.2.254.110
+ Subnet = 10.57.20.4/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEApFXqCta82BLknLg9jI4ZLmjROl9S9worvIo4hQeDFtZrKlelfx8f
+ RwfT9xF4YwI688FAlmZcGc1iRUTuCt+Pfbc+Lws6Kw1U/QIqAnga80chLzOkwPxV
+ idZyMPpZ0nWc/XCj63znozr6KGPVgibNKB3p/qGI7f00CVWJHlff7knAmCiShxyK
+ z+d7WglolSv7H7QE0Qz5tyMq7zkeide2MINd8Es+UpM4RpJHNIjFZmXm+lmfk/mW
+ fYYIi0z7dbOv+9fKdgljyAahL+sKIH1lfVTIaywY50eq7rAuG0UrA6/HXrNS9Hs2
+ LNPfUcDVQLwqM+ZTCbVykQ29/EyU28RRwDM/L85NY6YFSvCv35lqaeo+PokTFMI4
+ Dzro+IyEI4VvCQ4CeA8085HVTErnVMCRI4hwooyuBBmiKVB62KfHDD6D5J49dg8A
+ NzSkjmx1tqF+B8bOpk+gHJsk2ZXc1oU44S+1ydG7SdbqF2KWufpr9DIVIkTL64Cl
+ 9ymrmdW86NYTpsvUJVdqw+RW+hE55vUPr+/0mMkNVFdWy56EICxKqhW+wN80CxNE
+ raiNuFWqKPxw3yrAomsgPIuH/a3bmqsTzHb5Rmkw5nArWqSENagF5tVFSBUcZkWb
+ 6wwu/ourq6q1HXwP3Z9/03quelwKqmjPxwUCkl7CYeo8um1tjANeZvUCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ edephas_tyil_net = ''
+ Subnet = 10.57.100.7/32
+
+ Ed25519PublicKey = 4ABczlbBBLs5WMztIzafWw1ozwKZVkj4/of3Jc6awiO
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEApxmzAXv4Mch5FP5AxHmpvHjkJGxcegbFzdFzHjhdLDJ9MQQZdM1p
+ PomhyYXB9Gsq4oJIOcjqJJdbp4dchYGJ++eS3V1wwstLMTl/+kWZ4ojI9sb/J5rl
+ a3gknTjipdUuoOpdkAkXKCbq9AXyFsvLr4Q6WaFpeTuIjNb2QgPOLUmcD1eNCdnn
+ KcHQAGR3zRh3uu8zMkaJZwQDZAdRLV6b77OLe7PXCsYgQ68qw3uti3JENv8VC80T
+ UxUmv8He7xgAqRCJbD3FH3WT2O63mK9jpnFj/BKDTm5k4hUDtZRY1O92JUqQAruw
+ gq3I8mhSqFMkvt+S67u950hRzN4/ZGs7lzxRkDqDqLy+ZISN2cDpbX1i4WmZFfex
+ zj7ZbmfsVzwSF/+K31AOQrODt79bGGFwjZgAVn9Cny/bysBxrOJy39D2Awioynpc
+ mjICtRP7utpo959YmSNsEcjfamIHVfUOTsEoIYhYASmWRjrSF6v7j2bbC+aFOWsf
+ yIRZc0EtH803/Ks++ieIDWFmhB0ydtkqFm8HK2eyqOqnlHTepmrDflkxfao3JTXP
+ CbldDpUGKBcLZ5FNaJ5hlQHnJGzU+wbnc133cdYtg9vvhFVgameme8ElcOjZZxMJ
+ fPWXMAWc2Szx3Hs/jlaTSIH2GoX1Rr2HdrrNg0qOG/qhLPNrtmrxH/sCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ faiwoo_tyil_net = ''
+ Address = 65.21.5.254
+ Subnet = 10.57.20.5/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA3nBf2UWehfNWNrR6i4HJp64aPYI5SpV/7LplRwqXcmnJuHmQJ8Ht
+ Tozv5RHGGUNoSigbDxJSe16RQ0ESAzGNPSUEV6kntySXLvHSYb+SdjFm2wRpL8FI
+ 8t69ZnRF0x+4ZShfa0rgco8sDdkhuPMNrPu8U6bMs+o4Lh8sVTRhDThv2+VfQkxG
+ T4G9kgdsxP0yi8sq1uflSYY3mYlVl9OPZwSO+vcVO9JFPvkVYFrqDHtvFGFqziQ/
+ KvKcjwDTjpNVkFfJD6SIheeVrhysGk8qQIVMYc8yW9I8HGD7uP1BccZ0C/+b310i
+ y3qkNz/qqtgy0AxrrzbmFsVDgVyiPlwsD2SL+C4m6uEvB0FvYeL2/7vL8fI4RqcJ
+ ORAcA5G4FgzZRgHdZoZ1W4OB6eUCV4g9l425qbP3VVngJjX9PjPA/puz0i1IB0ZW
+ 6ijGccgYtyj5+ibt3if0+inepT2BJba7pyQ4A92ogfsQKlSg1x27CfvsGKuMZjdo
+ y/akxYPEqKHQK37smpjcQTLVmLTTbGnf30ObTNW5LOJUmBue9B4fqBA/NV4fM1Gj
+ Omw/lazjwrJuenwEeGegRQhvjKlBLdjOnzsLoVrCCIe90KK/+RVSC0Mi2D0dzEPE
+ BNSbD4EJYs+6dJVT7+sneS8iwg9kG9wZ+UjeO4vraEjMrKj9BaKiJ1cCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ gaeru_tyil_net = ''
+ Address = 37.48.120.26
+ Subnet = 10.57.20.6/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA9NUrWO0L8lqrfs4BgZsLdfJZPfKx+Fi8P4k79CIBuVfkQ4OzJmoV
+ ahupoOo5edjYLJK09epa9zFRc1DuaotYC7Wm9DdIF82WNZXN9x/Mvuq06WaKXBdj
+ iTJKbYfVN/yv8Xfjzfp4DH3txwsq+9AuICHJkHOmb0lsDinpfbmP8C8ozBnutrLM
+ XGaIzXzkV2NbunyjaiR7dho5+4P6wedck+IV63KRzepbX36OW9xImmEEpBPeMPzd
+ VOgWs35FIgnE5uumXXfIax9CA9wFahvMYUlQbxA6kCg9PTteM3C44udFx8DxzGcR
+ giKEbfxjcZ4pK9JG+LTxNZC2BK1gsUNw8sX6mEEY496cs0T10RWzRZM/HvMIpj1W
+ 5i72yh6kc8ieSr9hGIkm/oM/gwrFeC11PZQKis1P/0O5j7Lv6S7u6Edrpy/+WziV
+ Yk10eZXzHcFuVAh9+wQUeD3v4bMQA/mE8RPI9JX4Xkpbu1LOhtglEwFU1CWlG179
+ B990cfr3cjJkTqS7qEfWuNh2lQd4iwpgqyPZB7Dd7tHT5EKEZSZ+4+w9Xo8xfy0v
+ 7pdfImVHZ1PGVEsRk6AZZqcVcCRrjbKfqqL0m9JmB8vV5L3oZL/mXhFkh52aRMeZ
+ tzODNlBH0LW2TVVrBw3DJxFyRCRYjk4At8jagVe9fYM4ERkTQxqCFi0CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ hurzak_tyil_net = ''
+ Address = 178.162.131.11
+ Subnet = 10.57.20.7/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAmL0UOj+pMAV7R1Lq0rj3D+oGRnp5fz1q+jtbK3janX7gz0lFcXA8
+ k6nOAzwksihQ9QfPLa0NEFpZ8PbLZP1mTFCf4f+1RWy9S2o4hLEzi+Ka8h/X54oH
+ jOcEZQd7hGpwDGvU/lTG+1Iofh4NAsuiKIS/pT58fZ8WIGDIbL5PHYGas44MEJX6
+ BXn9CJx8kzktFGJ27isCrl93kueSqp9ajNCCsmoisJxxdyxG8L+iWktuusTOoi31
+ IhmKqhA9wf87p5bYJ7Ae1079OXT7RxjExG+z2C9s6UouxDEmI2oXtmn5luRQkikw
+ T/nV29NJoUETcgVgrW3LHKr25cbXoaeosIgRsD6bLs0plOzECNrpl+/7ZKhr86M0
+ ZynJyfoAWFVKaCHSqD9Js5HH13U7oOpTPMIZgZO0CwtESeUE1z7j4xNPMF8x9Ajg
+ E7zny0SVO5JJNPqy6WFa1s5fWjU4YlFZKPG2jpIBqgw/unOCywQlQlrJH26Oo8RF
+ 5l9ccLmdQY2HWIpeY/BCEBCAZnsEt1/dV82HvgDeULXDyUOmpPgaNzCH445lzsg6
+ xKtAyWt32VWS9x/OdAflmeHvKk+GM7g0X7g7IxCzkLRMYSn3M87IBKQ/cjE7yg50
+ CbaLBdiDc3tVmR90fRalt/7PCccPychrFRFzE7E1/RIJKzqh6JTHUVkCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ ivdea_tyil_net = ''
+ Subnet = 10.57.100.8/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA1cPD37/K8EHfro9L/qmEGcG7Ivu6Lvc9K9ry2f6YAjvLQHAwFrf3
+ WXOHwg+x6aaE8Us7f2gHs8tU4NMNz4ggSIOesDOSUrVPOrrvZJnDaPzl8+bIOCrq
+ WOlgmo3RJv4w9G0QGmE7QGK2nX/gA05zaAMDP7Jd+yh7ohtYosth3/j/hetRdLD4
+ j6D9tuwGKoQND3rlc7P4QV9bMM1wvKw63hj08YowBzD5GkYN+J833ZN2wmRqAvLp
+ cRnELg/UqSp0wu0l5VJImi8oz59zGzWPzxFBakemjCkM7xVe5LKK3ZkjwojWDTqG
+ BQXnhInrFplDm6j+A+jM1iOLwhwg1LbWthhzvrvZd68Dl3oBAsmRM8YmY7RjDpNW
+ nhqPWen5fum9kURwczY9GLj5GcRkBjEXVTU3KTpYKXeTZrRc3HT69WbbzdfXNKYj
+ aKRdL/OJZG4hNZFRgPHJP1svNrf4DLZiWIoAjeAdgXcHih1cUi2rP530YvRaajwT
+ FFDgcfRdWp00WQUkJ8Fcl//rynnZWjHSi4NXTsB7qVvdFClNqglxVewzBgBkriEO
+ n7SIXz6iNTaKLD63YaUY4oiqg4yY12P6ggY6U2atcXmK1g9syaYTIVD6MAA7XDxY
+ uI88cs2AZnjLsfpW4p7TD90r1qRZjbkguLhy71cEaIZMbH+H/8eAyD0CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ jaomox_tyil_net = ''
+ Address = 163.172.218.246
+ Subnet = 10.57.21.1/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA1hTIMQha2vUVy0c8Ci5jF06T62IDDj9FhBtDBKOsvlZ1Lzh9OsqH
+ x7blL0WNBDoqmgyX0RdDwUIqnMOttMFK4y6ARY50Yw+s8m2uy3i9FgRUn2Y+Qjc8
+ SmFh1fKt9yThKfBFDhUmTW0vjXlWR3jf77QB1PAJzk8wRmDx0GbBzcrsRMBrKc9a
+ rUN5mXz96xjkzq4vsAQ8W8aa4OmTR+oZcSe5iGzksXoh5BxmV8WjHK5ZpjuNi6qt
+ t1pWWanq3DG44/5pfvobULDh2Z1b8dV4oTGZW9CFFHmjOve5f+AQuy6nnFX9FH6R
+ dQ41GRCt3FFGMiCmej1BErPW2dE53A618vmcdd0J5Tt41TXX3oJo+gw3F1R5pNV7
+ rd6hg634Iyx5y3JIJh9gQXbygCAnq32vtI6/j60MyGHk2Iu6KjfhtN56X/PRnJxa
+ G2swLdJtUi11WgEhEdBd2x3l3P46eVj4YS48d3J++9mFKZ+ejoKosc7u5Xaj055I
+ q0fQudOZswD4i8JT5cn7VFYAZSM+Po9Yxq9tfaIm5jld4f/XJGYL39lXBrUTFBWh
+ PFXDrb35MstSVgHWlKtsLJj+Por4K5NxHdUHRIsOaMGem5GgOYos0AvkLYiQngey
+ noZ41YSSyJwitHefW46+PKmx5MVlcMcwDOSpvZImTphnlKEttg9/RwMCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+
+ ludifah_tyil_net = ''
+ Subnet = 10.57.100.9/32
+
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA2pXuIIPoQhWLzTSsO0bvgkQ1+7RgqPVv8b6zNfmRUfj2uKy3OZEn
+ HS5TfmukDtHev/Z2p/UmBSHtaMT2/G+Nz7ogT0rMRBtjAk+DR9FYFz75zmsjQuFQ
+ U+deh/fQgrpsEDiNmapRtM6EwYYH/A/0MJ2eN9HPVUB864mN79ZfEhTWMbv6khbq
+ VwqAd+9GbjfRPLqifRpS9LuspXNpCBOl+r5l7+T1llN/BUgs71BVWbssaRUH7B2I
+ rS9qjhWfUN9RC3PX98yVbzTOeL/jxNn57eOr/KUDtRpqQwy2zFTAxT+d+X37abYK
+ OyHXBs3rLtpleoh6Hw9UNwLDUVfjpcrxwgFEogJosiA+CBG26b5H6mm+updkyKTE
+ 4r5y1+8dLQpmaLIaI7KFbPJTUaJvfGRwzulA/lDRdmZaetrHKrMqZyQ4M1Yq67Ba
+ 0cqDQEvnY/XoKTJTgNxn8cWMKm+biB7zs/92pKKPRmv6DQ+gjrDTepn5XzVbIFS9
+ GM30AqQiqoNL0PbTYWMPQmznEJo8LyehWr621/GARLTMFa3Pp7eGm7Afwy4zA4hG
+ AZLNXdEE7YMVoQUHWfiTGUl9yxX7o6g3gdZloAwGjeGB7BHOmi4SJEg1hUJ8wOn8
+ wtnjybxDTxdRkQ2RMdlsfSGZsu7jUxSjnPvwLWH/2cHXSmencQXOhTUCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/env/global.nix b/data.d/etc-nixos/env/global.nix
new file mode 100644
index 0000000..9bf9882
--- /dev/null
+++ b/data.d/etc-nixos/env/global.nix
@@ -0,0 +1,72 @@
+{ config, pkgs, ... }:
+
+{
+ boot = {
+ supportedFilesystems = [ "zfs" ];
+ zfs = {
+ forceImportRoot = false;
+ };
+ };
+
+ environment = {
+ binsh = "${pkgs.dash}/bin/dash";
+ shells = with pkgs; [
+ bash
+ dash
+ zsh
+ ];
+ systemPackages = with pkgs; [
+ borgbackup
+ git
+ gnupg
+ jq
+ mosh
+ silver-searcher
+ tmux
+ vim
+ ];
+ };
+
+ i18n = {
+ defaultLocale = "en_US.UTF-8";
+ supportedLocales = [
+ "C.UTF-8/UTF-8"
+ "en_US.UTF-8/UTF-8"
+ "nl_NL.UTF-8/UTF-8"
+ ];
+ };
+
+ networking = {
+ domain = "tyil.net";
+ };
+
+ programs = {
+ zsh = {
+ enable = true;
+ };
+ };
+
+ services = {
+ openssh = {
+ enable = true;
+ };
+ };
+
+ system = {
+ copySystemConfiguration = true;
+ };
+
+ time = {
+ timeZone = "Europe/Amsterdam";
+ };
+
+ users = {
+ users = {
+ tyil = {
+ extraGroups = [ "wheel" ];
+ isNormalUser = true;
+ shell = pkgs.zsh;
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/env/laptop.nix b/data.d/etc-nixos/env/laptop.nix
new file mode 100644
index 0000000..2681547
--- /dev/null
+++ b/data.d/etc-nixos/env/laptop.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ./workstation.nix
+ ];
+
+ environment = {
+ systemPackages = with pkgs; [
+ acpi
+ ];
+ };
+}
diff --git a/data.d/etc-nixos/env/server.nix b/data.d/etc-nixos/env/server.nix
new file mode 100644
index 0000000..b04af8d
--- /dev/null
+++ b/data.d/etc-nixos/env/server.nix
@@ -0,0 +1,7 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ./global.nix
+ ];
+}
diff --git a/data.d/etc-nixos/env/workstation.nix b/data.d/etc-nixos/env/workstation.nix
new file mode 100644
index 0000000..93cef52
--- /dev/null
+++ b/data.d/etc-nixos/env/workstation.nix
@@ -0,0 +1,74 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ./global.nix
+ ];
+
+ environment = {
+ systemPackages = with pkgs; [
+ # CLI programs
+ kubectl
+ kubernetes-helm
+ neomutt
+ notmuch
+ ntfy-sh
+ pass
+ plantuml
+ shellcheck
+ tree
+
+ # GUI utils
+ xclip
+ xdotool
+ xprintidle
+
+ # GUI programs
+ alacritty
+ chromium
+ feh
+ mpv
+ nextcloud-client
+ pavucontrol
+ qutebrowser
+ scrot
+ yt-dlp
+ zathura
+ signal-desktop
+ ];
+ };
+
+ fonts.fonts = with pkgs; [
+ open-sans
+ liberation_ttf
+ ];
+
+ hardware = {
+ pulseaudio = {
+ enable = true;
+ };
+ };
+
+ programs = {
+ gnupg = {
+ agent = {
+ enable = true;
+ enableSSHSupport = true;
+ };
+ };
+ };
+
+ services = {
+ pcscd = {
+ enable = true;
+ };
+ };
+
+ users = {
+ users = {
+ tyil = {
+ extraGroups = [ "audio" "video" ];
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/wm/awesome.nix b/data.d/etc-nixos/wm/awesome.nix
new file mode 100644
index 0000000..b427f4a
--- /dev/null
+++ b/data.d/etc-nixos/wm/awesome.nix
@@ -0,0 +1,30 @@
+{ config, pkgs, ... }:
+
+{
+ environment = {
+ systemPackages = with pkgs; [
+ dunst
+ physlock
+ redshift
+ rofi
+ sxhkd
+ xcompmgr
+ ];
+ };
+
+ services = {
+ xserver = {
+ enable = true;
+ displayManager = {
+ startx = {
+ enable = true;
+ };
+ };
+ windowManager = {
+ awesome = {
+ enable = true;
+ };
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/wm/herbstluftwm.nix b/data.d/etc-nixos/wm/herbstluftwm.nix
new file mode 100644
index 0000000..5dd884b
--- /dev/null
+++ b/data.d/etc-nixos/wm/herbstluftwm.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+
+{
+ environment = {
+ systemPackages = with pkgs; [
+ redshift
+ xcompmgr
+ rofi
+ ];
+ };
+
+ services = {
+ xserver = {
+ enable = true;
+ windowManager = {
+ herbstluftwm = {
+ enable = true;
+ };
+ };
+ };
+ };
+}
diff --git a/data.d/etc-nixos/wm/kde.nix b/data.d/etc-nixos/wm/kde.nix
new file mode 100644
index 0000000..6f60249
--- /dev/null
+++ b/data.d/etc-nixos/wm/kde.nix
@@ -0,0 +1,55 @@
+{ config, pkgs, ... }:
+
+{
+ environment = {
+ systemPackages = with pkgs; [
+ arc-kde-theme
+ kmymoney
+ plasma-pass
+ pinentry-qt
+ libsForQt5.kaccounts-integration
+ libsForQt5.kaccounts-providers
+ libsForQt5.kweather
+ libsForQt5.kalendar
+ libsForQt5.kmail
+ thunderbird
+ ];
+ };
+
+ networking = {
+ firewall = {
+ allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; # kdeconnect
+ allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; # kdeconnect
+ };
+ };
+
+ programs = {
+ dconf = {
+ enable = true;
+ };
+ gnupg = {
+ agent = {
+ pinentryFlavor = "qt";
+ };
+ };
+ kdeconnect = {
+ enable = true;
+ };
+ };
+
+ services = {
+ xserver = {
+ enable = true;
+ displayManager = {
+ sddm = {
+ enable = true;
+ };
+ };
+ desktopManager = {
+ plasma5 = {
+ enable = true;
+ };
+ };
+ };
+ };
+}
diff --git a/data.d/etc-portage/.gitignore b/data.d/etc-portage/.gitignore
new file mode 100644
index 0000000..72e8ffc
--- /dev/null
+++ b/data.d/etc-portage/.gitignore
@@ -0,0 +1 @@
+*
diff --git a/data.d/etc-portage/make.conf/00-defaults.conf b/data.d/etc-portage/make.conf/00-defaults.conf
new file mode 100644
index 0000000..21c3c58
--- /dev/null
+++ b/data.d/etc-portage/make.conf/00-defaults.conf
@@ -0,0 +1,15 @@
+# These settings were set by the catalyst build script that automatically
+# built this stage.
+# Please consult /usr/share/portage/config/make.conf.example for a more
+# detailed example.
+COMMON_FLAGS="-O2 -pipe"
+CFLAGS="${COMMON_FLAGS}"
+CXXFLAGS="${COMMON_FLAGS}"
+FCFLAGS="${COMMON_FLAGS}"
+FFLAGS="${COMMON_FLAGS}"
+
+# NOTE: This stage was built with the bindist Use flag enabled
+
+# This sets the language of build output to English.
+# Please keep this setting intact when reporting bugs.
+LC_MESSAGES=C.utf8
diff --git a/data.d/etc-portage/make.conf/10-global.conf b/data.d/etc-portage/make.conf/10-global.conf
new file mode 100644
index 0000000..deff7d8
--- /dev/null
+++ b/data.d/etc-portage/make.conf/10-global.conf
@@ -0,0 +1,54 @@
+USE="
+ bash-completion
+ introspection
+ vim-syntax
+ zsh-completion
+"
+
+FEATURES="
+ $FEATURES
+ buildpkg
+ network-sandbox
+ parallel-fetch
+ parallel-install
+ sandbox
+ sign
+ userfetch
+ userpriv
+ usersandbox
+ usersync
+"
+
+EMERGE_DEFAULT_OPTS="
+ $EMERGE_DEFAULT_OPTS
+ --alert
+ --ask
+ --binpkg-changed-deps=y
+ --binpkg-respect-use=y
+ --buildpkg-exclude */*-bin
+ --buildpkg-exclude acct-*/*
+ --buildpkg-exclude sys-kernel/*-sources
+ --buildpkg-exclude virtual/*
+ --keep-going
+ --tree
+ --usepkg-exclude */*-bin
+ --usepkg-exclude acct-*/*
+ --usepkg-exclude sys-kernel/*-sources
+ --usepkg-exclude virtual/*
+ --verbose
+"
+
+PKGDIR="/var/portage/packages"
+DISTDIR="/var/portage/distfiles"
+
+ACCEPT_LICENSE="
+ -*
+ @FREE
+"
+
+LC_MESSAGES=C.UTF8
+
+L10N="
+ en
+ nl
+"
diff --git a/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords b/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords
new file mode 100644
index 0000000..2376e42
--- /dev/null
+++ b/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords
@@ -0,0 +1 @@
+net-vpn/tinc ~*
diff --git a/data.d/etc-portage/package.license b/data.d/etc-portage/package.license
new file mode 100644
index 0000000..348558e
--- /dev/null
+++ b/data.d/etc-portage/package.license
@@ -0,0 +1 @@
+sys-kernel/linux-firmware linux-fw-redistributable
diff --git a/data.d/etc-portage/package.use/15-apcupsd.use b/data.d/etc-portage/package.use/15-apcupsd.use
new file mode 100644
index 0000000..91eeffb
--- /dev/null
+++ b/data.d/etc-portage/package.use/15-apcupsd.use
@@ -0,0 +1 @@
+sys-apps/util-linux tty-helpers
diff --git a/data.d/etc-portage/repos.conf/gentoo.conf b/data.d/etc-portage/repos.conf/gentoo.conf
new file mode 100644
index 0000000..6cb6e3b
--- /dev/null
+++ b/data.d/etc-portage/repos.conf/gentoo.conf
@@ -0,0 +1,19 @@
+[DEFAULT]
+main-repo = gentoo
+
+[gentoo]
+location = /var/db/repos/gentoo
+sync-type = rsync
+sync-uri = rsync://rsync.gentoo.org/gentoo-portage
+auto-sync = yes
+sync-rsync-verify-jobs = 1
+sync-rsync-verify-metamanifest = yes
+sync-rsync-verify-max-age = 24
+sync-openpgp-key-path = /usr/share/openpgp-keys/gentoo-release.asc
+sync-openpgp-keyserver = hkps://keys.gentoo.org
+sync-openpgp-key-refresh-retry-count = 40
+sync-openpgp-key-refresh-retry-overall-timeout = 1200
+sync-openpgp-key-refresh-retry-delay-exp-base = 2
+sync-openpgp-key-refresh-retry-delay-max = 60
+sync-openpgp-key-refresh-retry-delay-mult = 4
+sync-webrsync-verify-signature = yes
diff --git a/data.d/k3s-master/helm.d/certmanager.yaml b/data.d/k3s-master/helm.d/certmanager.yaml
new file mode 100644
index 0000000..1b4551c
--- /dev/null
+++ b/data.d/k3s-master/helm.d/certmanager.yaml
@@ -0,0 +1 @@
+installCRDs: true
diff --git a/data.d/k3s-master/helm.d/mimir.yaml b/data.d/k3s-master/helm.d/mimir.yaml
new file mode 100644
index 0000000..31a8b93
--- /dev/null
+++ b/data.d/k3s-master/helm.d/mimir.yaml
@@ -0,0 +1,6 @@
+minio:
+ enabled: false
+ingester:
+ replicas: 1
+ persistentVolume:
+ storageClass: "local-path"
diff --git a/data.d/k3s-master/helm.d/minio.yaml b/data.d/k3s-master/helm.d/minio.yaml
new file mode 100644
index 0000000..3a4731d
--- /dev/null
+++ b/data.d/k3s-master/helm.d/minio.yaml
@@ -0,0 +1,29 @@
+mode: standalone
+replicas: 1
+ingress:
+ enabled: true
+ annotations:
+ cert-manager.io/cluster-issuer: letsencrypt-production
+ hosts:
+ - s3.tyil.nl
+ tls:
+ - hosts:
+ - s3.tyil.nl
+ secretName: tls-nl.tyil.s3
+consoleIngress:
+ enabled: true
+ annotations:
+ cert-manager.io/cluster-issuer: letsencrypt-production
+ path: /
+ hosts:
+ - minio.tyil.nl
+ tls:
+ - hosts:
+ - minio.tyil.nl
+ secretName: tls-nl.tyil.minio
+persistence:
+ enabled: true
+ existingClaim: minio-data
+resources:
+ requests:
+ memory: 512Mi
diff --git a/data.d/k3s-master/helm.d/redis.yaml b/data.d/k3s-master/helm.d/redis.yaml
new file mode 100644
index 0000000..1163194
--- /dev/null
+++ b/data.d/k3s-master/helm.d/redis.yaml
@@ -0,0 +1,15 @@
+architecture: standalone
+master:
+ resources:
+ requests:
+ memory: 16Mi
+ limits:
+ memory: 128Mi
+replica:
+ replicaCount: 0
+auth:
+ enabled: false
+ sentinel: false
+commonConfiguration: |-
+ maxmemory 100mb
+ maxmemory-policy allkeys-lfu
diff --git a/data.d/k3s-master/helm.d/seaweedfs-csi-driver.yaml b/data.d/k3s-master/helm.d/seaweedfs-csi-driver.yaml
new file mode 100644
index 0000000..77b6962
--- /dev/null
+++ b/data.d/k3s-master/helm.d/seaweedfs-csi-driver.yaml
@@ -0,0 +1 @@
+seaweedfsFiler: "10.57.101.10:8888"
diff --git a/data.d/k3s-master/manifests.d/jaomox/cluster-issuers.yaml b/data.d/k3s-master/manifests.d/jaomox/cluster-issuers.yaml
new file mode 100644
index 0000000..bb2758e
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/jaomox/cluster-issuers.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+ name: letsencrypt-staging
+spec:
+ acme:
+ email: root@tyil.net
+ server: https://acme-staging-v02.api.letsencrypt.org/directory
+ privateKeySecretRef:
+ name: clusterissuer-letsencrypt-staging
+ solvers:
+ - http01:
+ ingress:
+ class: traefik
+ selector: {}
+...
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+ name: letsencrypt-production
+spec:
+ acme:
+ email: root@tyil.net
+ server: https://acme-v02.api.letsencrypt.org/directory
+ privateKeySecretRef:
+ name: clusterissuer-letsencrypt-production
+ solvers:
+ - http01:
+ ingress:
+ class: traefik
+...
diff --git a/playbooks.d/k3s-master/manifests/namespaces/personal-services.yaml b/data.d/k3s-master/manifests.d/jaomox/namespaces.yaml
index f9151e9..2211e87 100644
--- a/playbooks.d/k3s-master/manifests/namespaces/personal-services.yaml
+++ b/data.d/k3s-master/manifests.d/jaomox/namespaces.yaml
@@ -2,5 +2,11 @@
apiVersion: v1
kind: Namespace
metadata:
+ name: base-system
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
name: personal-services
...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/volume.yaml b/data.d/k3s-master/manifests.d/jaomox/persistent-volumes.yaml
index ce857ab..5ee32dd 100644
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/volume.yaml
+++ b/data.d/k3s-master/manifests.d/jaomox/persistent-volumes.yaml
@@ -2,13 +2,13 @@
apiVersion: v1
kind: PersistentVolume
metadata:
- name: nextcloud-data
- namespace: personal-services
+ name: minio-data
spec:
- accessModes:
- - ReadWriteOnce
+ storageClassName: local-path
capacity:
storage: 50Gi
+ accessModes:
+ - ReadWriteOnce
hostPath:
- path: "/var/www/nl.tyil.cloud/data"
+ path: /srv/personal-services/minio-data
...
diff --git a/data.d/k3s-master/manifests.d/jaomox/personal-services/minio/persistent-volume-claim.yaml b/data.d/k3s-master/manifests.d/jaomox/personal-services/minio/persistent-volume-claim.yaml
new file mode 100644
index 0000000..ca3ee2b
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/jaomox/personal-services/minio/persistent-volume-claim.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: minio-data
+ namespace: personal-services
+spec:
+ storageClassName: local-path
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 50Gi
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/helm-chart.yaml
new file mode 100644
index 0000000..bfa00c1
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/helm-chart.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: keycloak
+ namespace: auth-system
+spec:
+ chart: oci://registry-1.docker.io/bitnamicharts/keycloak
+ valuesContent: |-
+ global:
+ storageClass: longhorn
+ clusterDomain: k3s.tyil.nl
+ externalDatabase:
+ existingSecret: keycloak-database
+ existingSecretHostKey: host
+ existingSecretPortKey: port
+ existingSecretUserKey: user
+ existingSecretDatabaseKey: database
+ existingSecretPasswordKey: password
+ extraEnvVars:
+ - name: KC_HOSTNAME_URL
+ value: "https://keycloak.tyil.nl"
+ - name: KC_HOSTNAME_ADMIN_URL
+ value: "https://keycloak.tyil.nl"
+ - name: KC_PROXY
+ value: "edge"
+ resources:
+ requests:
+ cpu: 100m
+ memory: 512Mi
+ limits:
+ cpu: 200m
+ memory: 1024Mi
+ ingress:
+ enabled: true
+ certManager: true
+ tls: true
+ hostname: keycloak.tyil.nl
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+ ingressClassName: traefik
+ metrics:
+ enabled: true
+ serviceMonitor:
+ enabled: true
+ postgresql:
+ enabled: false
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml
new file mode 100644
index 0000000..26f46ef
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml
@@ -0,0 +1,58 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: lldap
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ spec:
+ nodeName: oolah.tyil.net
+ containers:
+ - env:
+ - name: GID
+ value: "1001"
+ - name: TZ
+ value: Europe/Amsterdam
+ - name: UID
+ value: "1001"
+ image: nitnelave/lldap:stable
+ name: lldap
+ ports:
+ - containerPort: 3890
+ - containerPort: 6360
+ - containerPort: 17170
+ volumeMounts:
+ - mountPath: /data
+ name: data
+ resources:
+ requests:
+ memory: 32Mi
+ limits:
+ memory: 128Mi
+ restartPolicy: Always
+ volumes:
+ - name: data
+ hostPath:
+ path: /etc/lldap
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml
new file mode 100644
index 0000000..4e32f29
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: lldap
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+spec:
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - ldap.tyil.nl
+ secretName: tls-nl.tyil.ldap
+ rules:
+ - host: ldap.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: lldap
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml
new file mode 100644
index 0000000..38479d4
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: lldap
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+spec:
+ storageClassName: longhorn
+ resources:
+ requests:
+ storage: "1Mi"
+ accessModes:
+ - ReadWriteMany
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml
new file mode 100644
index 0000000..76aea0f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: lldap
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ ports:
+ - name: http
+ port: 80
+ targetPort: 17170
+...
+---
+apiVersion: v1
+kind: Service
+metadata:
+ # This port may _not_ be named "lldap_ldap", as the application itself wants
+ # to use LLDAP_LDAP_PORT, which Kubernetes will override with a value the
+ # application can't handle.
+ name: ldap
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ type: LoadBalancer
+ ports:
+ - name: ldap
+ port: 389
+ targetPort: 3890
+ - name: ldaps
+ port: 636
+ targetPort: 6360
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/helm-chart b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/helm-chart
new file mode 100644
index 0000000..4350177
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/helm-chart
@@ -0,0 +1,13 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: certmanager
+ namespace: kube-system
+spec:
+ repo: https://charts.jetstack.io
+ chart: cert-manager
+ targetNamespace: base-system
+ valuesContent: |
+ installCRDs: true
+...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/letsencrypt-production.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-production.yaml
index 75aea5f..dbff2c2 100644
--- a/playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/letsencrypt-production.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-production.yaml
@@ -12,5 +12,5 @@ spec:
solvers:
- http01:
ingress:
- class: nginx
+ class: traefik
...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/letsencrypt-staging.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-staging.yaml
index 73a1f50..9b0a27d 100644
--- a/playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/letsencrypt-staging.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-staging.yaml
@@ -12,6 +12,6 @@ spec:
solvers:
- http01:
ingress:
- class: nginx
+ class: traefik
selector: {}
...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/deployment.yaml
new file mode 100644
index 0000000..68b920f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/deployment.yaml
@@ -0,0 +1,68 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: garage
+ namespace: base-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: garage
+ app.kubernetes.io/part-of: base-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: garage
+ app.kubernetes.io/part-of: base-system
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: garage
+ app.kubernetes.io/part-of: base-system
+ spec:
+ nodeName: mieshu.tyil.net
+ containers:
+ - image: dxflrs/garage:v0.8.0
+ name: garage
+ ports:
+ - containerPort: 3900
+ - containerPort: 3901
+ - containerPort: 3902
+ - containerPort: 3903
+ - containerPort: 3904
+ volumeMounts:
+ - mountPath: /var/lib/garage/meta
+ name: meta
+ - mountPath: /var/lib/garage/data
+ name: data
+ - mountPath: /etc/garage.toml
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: data
+ hostPath:
+ path: /mnt/pool/garage/data
+ - name: meta
+ hostPath:
+ path: /mnt/pool/garage/meta
+ - name: config
+ hostPath:
+ path: /etc/garage.toml
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/name
+ operator: In
+ values:
+ - garage
+ topologyKey: "kubernetes.io/hostname"
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/ingress.yaml
new file mode 100644
index 0000000..92458cc
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/ingress.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: garage
+ namespace: base-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: s3
+ app.kubernetes.io/part-of: garage
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+spec:
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - misskey.s3.tyil.nl
+ secretName: tls-nl.tyil.s3.misskey
+ - hosts:
+ - dist.s3.tyil.nl
+ secretName: tls-nl-tyil.s3.dist
+ rules:
+ - host: "*.s3.tyil.nl"
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: garage
+ port:
+ number: 3902
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/persistent-volume-claim.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/persistent-volume-claim.yaml
new file mode 100644
index 0000000..8e54918
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/persistent-volume-claim.yaml
@@ -0,0 +1,38 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: garage-data
+ namespace: base-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: garage-data
+ app.kubernetes.io/part-of: base-system
+spec:
+ storageClassName: longhorn
+ resources:
+ requests:
+ storage: "10Gi"
+ accessModes:
+ - ReadWriteMany
+...
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: garage-meta
+ namespace: base-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: garage-meta
+ app.kubernetes.io/part-of: base-system
+spec:
+ storageClassName: longhorn
+ resources:
+ requests:
+ storage: "5Gi"
+ accessModes:
+ - ReadWriteMany
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/service.yaml
new file mode 100644
index 0000000..fa48032
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/service.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: garage
+ namespace: base-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: garage
+ app.kubernetes.io/part-of: base-system
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: garage
+ app.kubernetes.io/part-of: base-system
+ type: LoadBalancer
+ ports:
+ - name: s3
+ port: 3900
+ targetPort: 3900
+ - name: s3-rpc
+ port: 3901
+ targetPort: 3901
+ - name: s3-web
+ port: 3902
+ targetPort: 3902
+ - name: s3-admin
+ port: 3903
+ targetPort: 3903
+ - name: s3-k2v
+ port: 3904
+ targetPort: 3904
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/auth-proxy.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/auth-proxy.yaml
new file mode 100644
index 0000000..d3823c1
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/auth-proxy.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: auth-proxy-longhorn
+ namespace: base-system
+spec:
+ chart: https://git.tyil.nl/helm/oauth2-proxy/snapshot/oauth2-proxy-497a618778ead59ce985b81031a863dda9ff2126.tar.gz
+ valuesContent: |-
+ image:
+ tag: v7.4.0
+ secret:
+ enabled: false
+ envFrom:
+ secretRef:
+ - name: auth-proxy-longhorn
+ ingress:
+ enabled: true
+ ingressClassName: traefik
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+ tls:
+ - secretName: tls-nl.tyil.longhorn
+ hosts:
+ - longhorn.tyil.nl
+ hosts:
+ - host: longhorn.tyil.nl
+ paths:
+ - path: /
+ pathType: Prefix
diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/helm-chart.yaml
new file mode 100644
index 0000000..e5cce42
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/helm-chart.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: longhorn
+ namespace: base-system
+spec:
+ repo: https://charts.longhorn.io
+ chart: longhorn
+ valuesContent: |-
+ persistence:
+ defaultClass: true
+ defaultFsType: xfs
+ defaultClassReplicaCount: 1
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/service-monitor.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/service-monitor.yaml
new file mode 100644
index 0000000..07981b6
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/service-monitor.yaml
@@ -0,0 +1,21 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: longhorn
+ namespace: base-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: longhorn
+ app.kubernetes.io/part-of: base-system
+spec:
+ selector:
+ matchLabels:
+ app: longhorn-manager
+ namespaceSelector:
+ matchNames:
+ - base-system
+ endpoints:
+ - port: manager
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/chat-system/biboumi/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/chat-system/biboumi/deployment.yaml
new file mode 100644
index 0000000..60f07d7
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/chat-system/biboumi/deployment.yaml
@@ -0,0 +1,55 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: biboumi
+ namespace: chat-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: biboumi
+ app.kubernetes.io/part-of: chat-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: biboumi
+ app.kubernetes.io/part-of: chat-system
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: biboumi
+ app.kubernetes.io/part-of: chat-system
+ spec:
+ containers:
+ - image: louiz/biboumi:9.0
+ name: biboumi
+ ports:
+ - containerPort: 5437
+ env:
+ - name: BIBOUMI_ADMIN
+ value: tyil@chat.tyil.nl
+ - name: BIBOUMI_DB_NAME
+ valueFrom:
+ secretKeyRef:
+ name: biboumi-config
+ key: db-name
+ - name: BIBOUMI_HOSTNAME
+ value: biboumi.chat.tyil.nl
+ - name: BIBOUMI_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: biboumi-config
+ key: password
+ - name: BIBOUMI_XMPP_SERVER_IP
+ value: prosody
+ - name: BIBOUMI_PERSISTENT_BY_DEFAULT
+ value: "true"
+ restartPolicy: Always
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/configmap.yaml b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/configmap.yaml
new file mode 100644
index 0000000..64a6e5f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/configmap.yaml
@@ -0,0 +1,159 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: prosody-config
+ namespace: chat-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: chat-system
+data:
+ prosody.cfg.lua: |
+ -- Information on configuring Prosody can be found on our
+ -- website at https://prosody.im/doc/configure
+
+ daemonize = false;
+
+ ---------- Server-wide settings ----------
+ admins = {
+ "tyil@chat.tyil.nl",
+ }
+
+ log = {
+ { levels = { min = "debug" }, to = "console" };
+ }
+
+ plugin_paths = { "/usr/local/lib/prosody/modules" }
+
+ modules_enabled = {
+ -- Generally required
+ "disco"; -- Service discovery
+ "roster"; -- Allow users to have a roster. Recommended ;)
+ "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
+ "tls"; -- Add support for secure TLS on c2s/s2s connections
+
+ -- Not essential, but recommended
+ "adhoc"; -- XEP-0050
+ "blocklist"; -- Allow users to block communications with other users
+ --"bookmarks"; -- Synchronise the list of open rooms between clients
+ "carbons"; -- Keep multiple online clients in sync
+ "dialback"; -- Support for verifying remote servers using DNS
+ "limits"; -- Enable bandwidth limiting for XMPP connections
+ "pep"; -- Allow users to store public and private data in their account
+ "private"; -- Legacy account storage mechanism (XEP-0049)
+ --"smacks"; -- Stream management and resumption (XEP-0198)
+ "vcard4"; -- User profiles (stored in PEP)
+ "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
+
+ -- Nice to have
+ "csi_simple"; -- Simple but effective traffic optimizations for mobile devices
+ --"invites"; -- Create and manage invites
+ --"invites_adhoc"; -- Allow admins/users to create invitations via their client
+ --"invites_register"; -- Allows invited users to create accounts
+ "ping"; -- Replies to XMPP pings with pongs
+ "register"; -- Allow users to register on this server using a client and change passwords
+ "time"; -- Let others know the time here on this server
+ "uptime"; -- Report how long server has been running
+ "version"; -- Replies to server version requests
+ "mam"; -- Store recent messages to allow multi-device synchronization
+ --"turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls
+
+ -- Admin interfaces
+ "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
+ --"admin_shell"; -- Allow secure administration via 'prosodyctl shell'
+
+ -- HTTP modules
+ --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
+ --"http_openmetrics"; -- for exposing metrics to stats collectors
+ --"websocket"; -- XMPP over WebSockets
+
+ -- Other specific functionality
+ "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
+ --"announce"; -- Send announcement to all online users
+ --"groups"; -- Shared roster support
+ --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
+ --"mimicking"; -- Prevent address spoofing
+ --"motd"; -- Send a message to users when they log in
+ --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
+ --"s2s_bidi"; -- Bi-directional server-to-server (XEP-0288)
+ --"server_contact_info"; -- Publish contact information for this service
+ --"tombstones"; -- Prevent registration of deleted accounts
+ --"watchregistrations"; -- Alert admins of registrations
+ --"welcome"; -- Welcome users who register accounts
+ }
+
+ modules_disabled = {
+ -- "offline"; -- Store offline messages
+ -- "c2s"; -- Handle client connections
+ -- "s2s"; -- Handle server-to-server connections
+ }
+
+ s2s_secure_auth = true
+
+ limits = {
+ c2s = {
+ rate = "10kb/s";
+ };
+ s2sin = {
+ rate = "30kb/s";
+ };
+ }
+
+ authentication = "internal_hashed"
+ archive_expires_after = "1w" -- Remove archived messages after 1 week
+
+ -- Audio/video call relay (STUN/TURN)
+ -- To ensure clients connected to the server can establish connections for
+ -- low-latency media streaming (such as audio and video calls), it is
+ -- recommended to run a STUN/TURN server for clients to use. If you do this,
+ -- specify the details here so clients can discover it.
+ -- Find more information at https://prosody.im/doc/turn
+
+ -- Specify the address of the TURN service (you may use the same domain as XMPP)
+ --turn_external_host = "turn.example.com"
+
+ -- This secret must be set to the same value in both Prosody and the TURN server
+ --turn_external_secret = "your-secret-turn-access-token"
+ statistics = "internal"
+
+ -- Load configuration from secrets
+ Include "secrets.d/*"
+
+ -- Configure components
+ component_ports = {
+ 5347,
+ }
+ component_interfaces = {
+ "*",
+ "::",
+ }
+
+ Include "components.d/*"
+
+ -- Load configuration for additional hosts
+ Include "hosts.d/*"
+...
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: prosody-vhosts
+ namespace: chat-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: chat-system
+data:
+ chat.tyil.nl: |
+ VirtualHost "chat.tyil.nl"
+ ssl = {
+ certificate = "certs.d/chat.tyil.nl/tls.crt";
+ key = "certs.d/chat.tyil.nl/tls.key";
+ }
+
+ Component "muc.chat.tyil.nl" "muc"
+ name = "Tyil's Chatrooms"
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/deployment.yaml
new file mode 100644
index 0000000..ad91eea
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/deployment.yaml
@@ -0,0 +1,66 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: prosody
+ namespace: chat-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: chat-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: chat-system
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: chat-system
+ spec:
+ containers:
+ - image: prosody/prosody:0.11
+ name: prosody
+ ports:
+ - containerPort: 5222
+ - containerPort: 5269
+ - containerPort: 5347
+ volumeMounts:
+ - mountPath: /etc/prosody
+ name: config
+ - mountPath: /etc/prosody/secrets.d
+ name: config-secret
+ - mountPath: /etc/prosody/components.d
+ name: config-components
+ - mountPath: /etc/prosody/hosts.d
+ name: config-hosts
+ - mountPath: /etc/prosody/certs.d/chat.tyil.nl
+ name: cert-nl-tyil-chat
+ readOnly: true
+ restartPolicy: Always
+ volumes:
+ - name: config
+ configMap:
+ name: prosody-config
+ - name: config-secret
+ secret:
+ secretName: prosody-config
+ - name: config-components
+ secret:
+ secretName: prosody-components
+ - name: config-hosts
+ configMap:
+ name: prosody-vhosts
+ - name: cert-nl-tyil-chat
+ secret:
+ secretName: tls-nl.tyil.chat
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/ingress.yaml
new file mode 100644
index 0000000..64b47c8
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/ingress.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: prosody
+ namespace: chat-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: chat-system
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - chat.tyil.nl
+ - muc.chat.tyil.nl
+ - share.chat.tyil.nl
+ secretName: tls-nl.tyil.chat
+ rules:
+ - host: chat.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: prosody
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/service.yaml
new file mode 100644
index 0000000..8ecd4b8
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/service.yaml
@@ -0,0 +1,54 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: xmpp
+ namespace: chat-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: xmpp
+ app.kubernetes.io/part-of: chat-system
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: chat-system
+ type: NodePort
+ ports:
+ - name: xmpp-c2s
+ port: 5222
+ nodePort: 5222
+ - name: xmpp-s2s
+ port: 5269
+ nodePort: 5269
+...
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: prosody
+ namespace: chat-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: chat-system
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prosody
+ app.kubernetes.io/part-of: chat-system
+ ports:
+ - name: xmpp-c2s
+ port: 5222
+ targetPort: 5222
+ - name: xmpp-s2s
+ port: 5269
+ targetPort: 5269
+ - name: components
+ port: 5347
+ targetPort: 5347
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/chat-system/sleamdge/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/chat-system/sleamdge/deployment.yaml
new file mode 100644
index 0000000..7816ab5
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/chat-system/sleamdge/deployment.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: sleamdge
+ namespace: chat-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sleamdge
+ app.kubernetes.io/part-of: chat-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sleamdge
+ app.kubernetes.io/part-of: chat-system
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sleamdge
+ app.kubernetes.io/part-of: chat-system
+ spec:
+ nodeName: "oolah.tyil.net"
+ containers:
+ - image: nicocool84/sleamdge:master
+ name: sleamdge
+ args:
+ - "--secret=$(SECRET)"
+ - "--jid=$(JID)"
+ env:
+ - name: SECRET
+ value: "rl3iB4RTX8qgX30ECGNyhzQgfbnVpAgkGIlw6UGqNbWfnIuGyYzzuQPQh1CV"
+ - name: JID
+ value: "sleamdge.chat.tyil.nl"
+ volumeMounts:
+ - name: data
+ mountPath: /var/lib/slidge
+ restartPolicy: Always
+ volumes:
+ - name: data
+ hostPath:
+ path: /var/lib/slidge
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/event-bus.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/event-bus.yaml
new file mode 100644
index 0000000..de5b67f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/event-bus.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: EventBus
+metadata:
+ name: default
+ namespace: cicd-system
+spec:
+ nats:
+ native:
+ replicas: 3
+ containerTemplate:
+ resources:
+ requests:
+ cpu: "10m"
+ memory: "64Mi"
+ persistence:
+ storageClassName: longhorn
+ accessMode: ReadWriteOnce
+ volumeSize: 1Gi
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/helm-chart.yaml
new file mode 100644
index 0000000..3acd2cd
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/helm-chart.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: argo-events
+ namespace: cicd-system
+spec:
+ repo: https://argoproj.github.io/argo-helm
+ chart: argo-events
+ valuesContent: |-
+ controller:
+ rbac:
+ namespaced: true
+ serviceAccount:
+ name: argo-events
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml
new file mode 100644
index 0000000..7978820
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml
@@ -0,0 +1,64 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: argo-workflows
+ namespace: cicd-system
+spec:
+ repo: https://argoproj.github.io/argo-helm
+ chart: argo-workflows
+ valuesContent: |-
+ artifactRepository:
+ archiveLogs: true
+ s3:
+ bucket: argo
+ endpoint: 10.57.101.1:3900
+ insecure: true
+ accessKeySecret:
+ name: credentials
+ key: garageAccessKey
+ secretKeySecret:
+ name: credentials
+ key: garageSecretKey
+ controller:
+ persistence:
+ archive: true
+ postgresql:
+ host: 10.57.101.20
+ port: 5432
+ database: argo
+ tableName: argo_workflows
+ userNameSecret:
+ name: credentials
+ key: postgresqlUsername
+ passwordSecret:
+ name: credentials
+ key: postgresqlPassword
+ workflowDefaults:
+ spec:
+ entrypoint: main
+ serviceAccountName: "argo-runner"
+ ttlStrategy:
+ secondsAfterCompletion: 300
+ podGC:
+ strategy: null
+ singleNamespace: true
+ server:
+ extraArgs:
+ - "--auth-mode=server"
+ ingress:
+ enabled: false
+ ingressClassName: traefik
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+ tls:
+ - secretName: tls-nl.tyil.ci
+ hosts:
+ - ci.tyil.nl
+ hosts:
+ - ci.tyil.nl
+ workflow:
+ serviceAccount:
+ create: true
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/auth-proxy.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/auth-proxy.yaml
new file mode 100644
index 0000000..3b96bf8
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/auth-proxy.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: auth-proxy-ci
+ namespace: cicd-system
+spec:
+ chart: https://git.tyil.nl/helm/oauth2-proxy/snapshot/oauth2-proxy-497a618778ead59ce985b81031a863dda9ff2126.tar.gz
+ valuesContent: |-
+ image:
+ tag: v7.4.0
+ secret:
+ enabled: false
+ envFrom:
+ secretRef:
+ - name: auth-proxy-ci
+ ingress:
+ enabled: true
+ ingressClassName: traefik
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-headers-argo@kubernetescrd
+ tls:
+ - secretName: tls-nl.tyil.ci
+ hosts:
+ - ci.tyil.nl
+ hosts:
+ - host: ci.tyil.nl
+ paths:
+ - path: /
+ pathType: Prefix
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/ingress.yaml
new file mode 100644
index 0000000..39da576
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/ingress.yaml
@@ -0,0 +1,40 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: ci
+ namespace: cicd-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: trigger-bashtard
+ app.kubernetes.io/part-of: cicd-system
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-headers-argo@kubernetescrd
+spec:
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - ci.tyil.nl
+ secretName: tls-nl.tyil.ci
+ rules:
+ - host: ci.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: auth-proxy-ci-oauth2-proxy
+ port:
+ number: 4180
+ - path: /trigger
+ pathType: Prefix
+ backend:
+ service:
+ name: webhook-eventsource-svc
+ port:
+ number: 12000
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml
new file mode 100644
index 0000000..ddca028
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml
@@ -0,0 +1,101 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: argo-runner
+ namespace: cicd-system
+automountServiceAccountToken: true
+...
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: argo-runner
+ namespace: cicd-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ - persistentvolumeclaims
+ - pods
+ verbs:
+ - get
+ - list
+ - create
+ - update
+ - delete
+ - patch
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ verbs:
+ - get
+ - list
+ - create
+ - update
+ - delete
+ - patch
+ - watch
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - clusterroles
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - argoproj.io
+ resources:
+ - eventbus
+ - eventsources
+ - sensors
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - argoproj.io
+ resources:
+ - workflows
+ - workflowtaskresults
+ verbs:
+ - get
+ - list
+ - create
+ - update
+ - patch
+ - watch
+...
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: argo-runner
+ namespace: cicd-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: argo-runner
+subjects:
+- kind: ServiceAccount
+ name: argo-runner
+ namespace: cicd-system
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-bus/default.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-bus/default.yaml
new file mode 100644
index 0000000..de5b67f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-bus/default.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: EventBus
+metadata:
+ name: default
+ namespace: cicd-system
+spec:
+ nats:
+ native:
+ replicas: 3
+ containerTemplate:
+ resources:
+ requests:
+ cpu: "10m"
+ memory: "64Mi"
+ persistence:
+ storageClassName: longhorn
+ accessMode: ReadWriteOnce
+ volumeSize: 1Gi
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-sources/webhook.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-sources/webhook.yaml
new file mode 100644
index 0000000..1b901e0
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-sources/webhook.yaml
@@ -0,0 +1,28 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: EventSource
+metadata:
+ name: webhook
+ namespace: cicd-system
+spec:
+ service:
+ ports:
+ - port: 12000
+ targetPort: 12000
+ webhook:
+ default:
+ endpoint: /trigger
+ method: POST
+ port: "12000"
+ url: https://ci.tyil.nl
+ generic-raku:
+ endpoint: /trigger/generic-raku
+ method: POST
+ port: "12000"
+ url: https://ci.tyil.nl
+ project-bashtard:
+ endpoint: /trigger/project-bashtard
+ method: POST
+ port: "12000"
+ url: https://ci.tyil.nl
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/default.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/default.yaml
new file mode 100644
index 0000000..b97239c
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/default.yaml
@@ -0,0 +1,61 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Sensor
+metadata:
+ name: default
+ namespace: cicd-system
+spec:
+ template:
+ serviceAccountName: argo-runner
+ dependencies:
+ - name: webhook
+ eventSourceName: webhook
+ eventName: generic
+ triggers:
+ - template:
+ name: webhook-workflow-trigger
+ k8s:
+ operation: create
+ source:
+ resource:
+ apiVersion: argoproj.io/v1alpha1
+ kind: Workflow
+ metadata:
+ generateName: generic
+ spec:
+ entrypoint: main
+ arguments:
+ parameters:
+ - name: ref
+ value: ""
+ - name: repo
+ value: ""
+ templates:
+ - name: main
+ inputs:
+ parameters:
+ - name: ref
+ value: "{{workflows.parameters.ref}}"
+ steps:
+ - - name: main
+ templateRef:
+ name: generic
+ template: main
+ arguments:
+ parameters:
+ - name: ref
+ value: "{{inputs.parameters.ref}}"
+ - name: repo
+ value: "{{inputs.parameters.repo}}"
+ parameters:
+ - src:
+ dependencyName: webhook
+ dataKey: body.commit
+ value: "origin/master"
+ dest: spec.arguments.parameters.0.value
+ - src:
+ dependencyName: "webhook"
+ dataKey: body.repo
+ value: ""
+ dest: spec.arguments.parameters.1.value
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/generic-raku.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/generic-raku.yaml
new file mode 100644
index 0000000..ca42ce9
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/generic-raku.yaml
@@ -0,0 +1,61 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Sensor
+metadata:
+ name: generic-raku
+ namespace: cicd-system
+spec:
+ template:
+ serviceAccountName: argo-runner
+ dependencies:
+ - name: webhook
+ eventSourceName: webhook
+ eventName: project-raku-config-parser-toml
+ triggers:
+ - template:
+ name: webhook-workflow-trigger
+ k8s:
+ operation: create
+ source:
+ resource:
+ apiVersion: argoproj.io/v1alpha1
+ kind: Workflow
+ metadata:
+ generateName: generic-raku-
+ spec:
+ entrypoint: main
+ arguments:
+ parameters:
+ - name: ref
+ value: ""
+ - name: repo
+ value: ""
+ templates:
+ - name: main
+ inputs:
+ parameters:
+ - name: ref
+ value: "{{workflows.parameters.ref}}"
+ steps:
+ - - name: main
+ templateRef:
+ name: generic-raku
+ template: main
+ arguments:
+ parameters:
+ - name: ref
+ value: "{{inputs.parameters.ref}}"
+ - name: repo
+ value: "{{inputs.parameters.repo}}"
+ parameters:
+ - src:
+ dependencyName: webhook
+ dataKey: body.commit
+ value: "origin/master"
+ dest: spec.arguments.parameters.0.value
+ - src:
+ dependencyName: "webhook"
+ dataKey: body.repo
+ value: ""
+ dest: spec.arguments.parameters.1.value
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml
new file mode 100644
index 0000000..8e77b3a
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml
@@ -0,0 +1,52 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Sensor
+metadata:
+ name: project-bashtard
+ namespace: cicd-system
+spec:
+ template:
+ serviceAccountName: argo-runner
+ dependencies:
+ - name: webhook
+ eventSourceName: webhook
+ eventName: project-bashtard
+ triggers:
+ - template:
+ name: webhook-workflow-trigger
+ k8s:
+ operation: create
+ source:
+ resource:
+ apiVersion: argoproj.io/v1alpha1
+ kind: Workflow
+ metadata:
+ generateName: project-bashtard-
+ spec:
+ entrypoint: main
+ arguments:
+ parameters:
+ - name: ref
+ value: ""
+ templates:
+ - name: main
+ inputs:
+ parameters:
+ - name: ref
+ value: "{{workflows.parameters.ref}}"
+ steps:
+ - - name: main
+ templateRef:
+ name: project-bashtard
+ template: main
+ arguments:
+ parameters:
+ - name: ref
+ value: "{{inputs.parameters.ref}}"
+ parameters:
+ - src:
+ dependencyName: webhook
+ dataKey: body.commit
+ value: "master"
+ dest: spec.arguments.parameters.0.value
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/fetch-git.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/fetch-git.yaml
new file mode 100644
index 0000000..0742e79
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/fetch-git.yaml
@@ -0,0 +1,46 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: fetch-git
+ namespace: cicd-system
+spec:
+ arguments:
+ parameters:
+ - name: repo
+ value: ""
+ - name: ref
+ value: master
+ - name: path
+ value: "/usr/src"
+ templates:
+ - name: main
+ inputs:
+ parameters:
+ - name: repo
+ value: "{{workflow.parameters.repo}}"
+ - name: ref
+ value: "{{workflow.parameters.ref}}"
+ - name: path
+ value: "{{workflow.parameters.path}}"
+ outputs:
+ artifacts:
+ - name: src
+ path: "{{inputs.parameters.path}}"
+ script:
+ image: debian
+ command:
+ - dash
+ source: |
+ export DEBIAN_FRONTEND=noninteractive
+ export GIT_WORK_TREE="{{inputs.parameters.path}}"
+ export GIT_DIR="$(mktemp -d)"
+ mkdir -pv -- "$GIT_WORK_TREE"
+
+ apt update && apt install -y git
+
+ git init
+ git remote add origin "{{inputs.parameters.repo}}"
+ git fetch origin -a
+ git reset --hard "{{inputs.parameters.ref}}"
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic-raku.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic-raku.yaml
new file mode 100644
index 0000000..869c497
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic-raku.yaml
@@ -0,0 +1,82 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: generic-raku
+ namespace: cicd-system
+spec:
+ entrypoint: main
+ arguments:
+ parameters:
+ - name: dist
+ value: false
+ - name: ref
+ value: origin/master
+ - name: repo
+ value: ""
+ templates:
+ - name: main
+ dag:
+ tasks:
+ - name: workdir
+ templateRef:
+ name: util
+ template: pvc-create
+ - name: fetch
+ templateRef:
+ name: util
+ template: fetch-git
+ arguments:
+ parameters:
+ - name: ref
+ value: "{{workflow.parameters.ref}}"
+ - name: repo
+ value: "{{workflow.parameters.repo}}"
+ - name: workingPVC
+ value: "{{tasks.workdir.outputs.parameters.name}}"
+ dependencies:
+ - workdir
+ - name: qa-prove
+ templateRef:
+ name: util-raku
+ template: qa-prove
+ arguments:
+ parameters:
+ - name: workingPVC
+ value: "{{tasks.workdir.outputs.parameters.name}}"
+ dependencies:
+ - fetch
+ - name: qa-reuse
+ templateRef:
+ name: util
+ template: qa-reuse
+ arguments:
+ parameters:
+ - name: workingPVC
+ value: "{{tasks.workdir.outputs.parameters.name}}"
+ dependencies:
+ - fetch
+ - name: qa-fez
+ templateRef:
+ name: util-raku
+ template: qa-fez
+ arguments:
+ parameters:
+ - name: workingPVC
+ value: "{{tasks.workdir.outputs.parameters.name}}"
+ dependencies:
+ - fetch
+ - name: dist-fez
+ templateRef:
+ name: util-raku
+ template: dist-fez
+ arguments:
+ parameters:
+ - name: workingPVC
+ value: "{{tasks.workdir.outputs.parameters.name}}"
+ dependencies:
+ - qa-prove
+ - qa-reuse
+ - qa-fez
+ when: "{{workflow.parameters.dist}} == true"
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic.yaml
new file mode 100644
index 0000000..5e541df
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic.yaml
@@ -0,0 +1,43 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: generic
+ namespace: cicd-system
+spec:
+ entrypoint: main
+ arguments:
+ parameters:
+ - name: ref
+ value: origin/master
+ - name: repo
+ value: ""
+ - name: vcs
+ value: "git"
+ templates:
+ - name: main
+ dag:
+ tasks:
+ - name: workdir
+ templateRef:
+ name: util
+ template: pvc-create
+ # TODO: Decide on fetch function
+ # TODO: Check for Makefile
+ # TODO: Run make install-deps
+ # TODO: Run make test
+ - name: fetch
+ templateRef:
+ name: util
+ template: fetch-git
+ arguments:
+ parameters:
+ - name: ref
+ value: "{{workflow.parameters.ref}}"
+ - name: repo
+ value: "{{workflow.parameters.repo}}"
+ - name: workingPVC
+ value: "{{tasks.workdir.outputs.parameters.name}}"
+ dependencies:
+ - workdir
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml
new file mode 100644
index 0000000..0642028
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml
@@ -0,0 +1,90 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: project-bashtard
+ namespace: cicd-system
+spec:
+ arguments:
+ parameters:
+ - name: ref
+ value: origin/master
+ templates:
+ - name: main
+ steps:
+ - - name: fetch
+ templateRef:
+ name: fetch-git
+ template: main
+ arguments:
+ parameters:
+ - name: ref
+ value: "{{workflow.parameters.ref}}"
+ - name: repo
+ value: "https://git.tyil.nl/bashtard"
+ - - name: qa-reuse
+ templateRef:
+ name: qa-reuse
+ template: main
+ arguments:
+ artifacts:
+ - name: src
+ from: "{{steps.fetch.outputs.artifacts.src}}"
+ - name: qa-shellcheck
+ template: qa-shellcheck
+ arguments:
+ artifacts:
+ - name: src
+ from: "{{steps.fetch.outputs.artifacts.src}}"
+ - - name: dist-tar-gz
+ template: dist
+ arguments:
+ artifacts:
+ - name: src
+ from: "{{steps.fetch.outputs.artifacts.src}}"
+ parameters:
+ - name: format
+ value: targz
+ - name: dist-deb
+ template: dist
+ arguments:
+ artifacts:
+ - name: src
+ from: "{{steps.fetch.outputs.artifacts.src}}"
+ parameters:
+ - name: format
+ value: debian
+
+ - name: qa-shellcheck
+ inputs:
+ artifacts:
+ - name: src
+ path: "/code"
+ script:
+ image: pipelinecomponents/shellcheck
+ command:
+ - bash
+ source: |-
+ shellcheck -s sh bin/bashtard
+ shellcheck -x -s bash **/*.bash
+
+ - name: dist
+ inputs:
+ artifacts:
+ - name: src
+ path: "/usr/src/bashtard-{{workflow.parameters.ref}}"
+ parameters:
+ - name: format
+ value: "targz"
+ script:
+ image: debian
+ command:
+ - dash
+ source: |-
+ export DEBIAN_FRONTEND=noninteractive
+
+ cd -- "/usr/src/bashtard-{{workflow.parameters.ref}}"
+
+ apt update && apt install -y make
+ make pkg-{{inputs.parameters.format}}
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/qa-reuse.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/qa-reuse.yaml
new file mode 100644
index 0000000..7c7d455
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/qa-reuse.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: qa-reuse
+ namespace: cicd-system
+spec:
+ arguments:
+ parameters:
+ - name: path
+ value: "/usr/src"
+ artifacts:
+ - name: src
+ from: ""
+ templates:
+ - name: main
+ inputs:
+ parameters:
+ - name: path
+ value: "{{workflow.parameters.path}}"
+ artifacts:
+ - name: src
+ path: "{{workflow.artifacts.path}}"
+ container:
+ image: fsfe/reuse
+ workdir: "{{inputs.parameters.path}}"
+ command:
+ - reuse
+ args:
+ - lint
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util-raku.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util-raku.yaml
new file mode 100644
index 0000000..2d0f606
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util-raku.yaml
@@ -0,0 +1,216 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: util-raku
+ namespace: cicd-system
+spec:
+ templates:
+ - name: dist-fez
+ inputs:
+ parameters:
+ - name: fezUsernameSecret
+ value: "credentials-fez"
+ - name: fezPasswordSecret
+ value: "credentials-fez"
+ - name: fezUsernameSecretKey
+ value: "username"
+ - name: fezPasswordSecretKey
+ value: "password"
+ - name: workingDir
+ value: "/work"
+ - name: workingPVC
+ value: ""
+ script:
+ image: rakudo-star
+ env:
+ - name: FEZ_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.fezUsernameSecret}}"
+ key: "{{inputs.parameters.fezUsernameSecretKey}}"
+ - name: FEZ_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.fezPasswordSecret}}"
+ key: "{{inputs.parameters.fezPasswordSecretKey}}"
+ command:
+ - sh
+ source: |
+ cd -- "{{inputs.parameters.workingDir}}"
+
+ set -x
+
+ apt update && apt install -y expect
+ zef install fez --exclude="z"
+
+ expect <<-EOF
+ set timeout 30
+
+ spawn fez login
+
+ expect ">>= Username*" {
+ send -- "$FEZ_USERNAME\r"
+ }
+
+ expect ">>= Password*" {
+ log_user 0
+ send -- "$FEZ_PASSWORD\r"
+ log_user 1
+ }
+
+ expect {
+ eof {
+ exit 0
+ }
+
+ "*Failed to login*" {
+ exit 1
+ }
+ }
+
+ EOF
+
+ printf "\n"
+
+ expect <<-EOF
+ set timeout 60
+
+ spawn fez upload -f
+
+ expect {
+ "Upload anyway*" {
+ send -- "n\r"
+ exit 1
+ }
+ eof {
+ exit 0
+ }
+ }
+ EOF
+ volumeMounts:
+ - name: workdir
+ mountPath: "{{inputs.parameters.workingDir}}"
+ volumes:
+ - name: workdir
+ persistentVolumeClaim:
+ claimName: "{{inputs.parameters.workingPVC}}"
+
+ - name: qa-fez
+ inputs:
+ parameters:
+ - name: fezUsernameSecret
+ value: "credentials-fez"
+ - name: fezPasswordSecret
+ value: "credentials-fez"
+ - name: fezUsernameSecretKey
+ value: "username"
+ - name: fezPasswordSecretKey
+ value: "password"
+ - name: workingDir
+ value: "/work"
+ - name: workingPVC
+ value: ""
+ script:
+ image: rakudo-star
+ env:
+ - name: FEZ_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.fezUsernameSecret}}"
+ key: "{{inputs.parameters.fezUsernameSecretKey}}"
+ - name: FEZ_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: "{{inputs.parameters.fezPasswordSecret}}"
+ key: "{{inputs.parameters.fezPasswordSecretKey}}"
+ command:
+ - sh
+ source: |
+ cd -- "{{inputs.parameters.workingDir}}"
+
+ set -x
+
+ apt update && apt install -y expect
+ zef install fez --exclude="z"
+
+ expect <<-EOF
+ set timeout 30
+ log_user 0
+
+ spawn fez login
+
+ expect ">>= Username*" {
+ send -- "$FEZ_USERNAME\r"
+ }
+
+ expect ">>= Password*" {
+ send -- "$FEZ_PASSWORD\r"
+ }
+
+ expect {
+ eof {
+ exit 0
+ }
+
+ "*Failed to login*" {
+ exit 1
+ }
+ }
+ EOF
+
+ printf "\n"
+
+ expect <<-EOF
+ set timeout 60
+
+ spawn fez upload --dry-run
+
+ expect {
+ "*ERROR*" {
+ exit 1
+ }
+
+ eof {
+ exit 0
+ }
+ }
+ EOF
+ fez_exit=$?
+
+ rm -fr -- sdist # Who in their right mind leaves trash on a dry-run
+ exit $fez_exit
+ volumeMounts:
+ - name: workdir
+ mountPath: "{{inputs.parameters.workingDir}}"
+ volumes:
+ - name: workdir
+ persistentVolumeClaim:
+ claimName: "{{inputs.parameters.workingPVC}}"
+
+ - name: qa-prove
+ inputs:
+ parameters:
+ - name: workingDir
+ value: "/work"
+ - name: workingPVC
+ value: ""
+ script:
+ image: rakudo-star
+ command:
+ - sh
+ source: |
+ cd -- "{{inputs.parameters.workingDir}}"
+
+ set -x
+
+ zef install . --deps-only
+ prove6 -lv --timer
+ volumeMounts:
+ - name: workdir
+ mountPath: "{{inputs.parameters.workingDir}}"
+ volumes:
+ - name: workdir
+ persistentVolumeClaim:
+ claimName: "{{inputs.parameters.workingPVC}}"
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util.yaml
new file mode 100644
index 0000000..465311b
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util.yaml
@@ -0,0 +1,107 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+ name: util
+ namespace: cicd-system
+spec:
+ templates:
+ - name: fetch-git
+ inputs:
+ parameters:
+ - name: repo
+ value: ""
+ - name: ref
+ value: "origin/master"
+ - name: workingDir
+ value: "/work"
+ - name: workingPVC
+ value: ""
+ script:
+ image: debian
+ command:
+ - dash
+ source: |
+ export DEBIAN_FRONTEND=noninteractive
+ export GIT_WORK_TREE="{{inputs.parameters.workingDir}}"
+ export GIT_DIR="$GIT_WORK_TREE/.git"
+
+ apt update && apt install -y git
+
+ git init
+ git remote add origin "{{inputs.parameters.repo}}"
+ git fetch origin -a
+ git reset --hard "{{inputs.parameters.ref}}"
+ volumeMounts:
+ - name: workdir
+ mountPath: "{{inputs.parameters.workingDir}}"
+ volumes:
+ - name: workdir
+ persistentVolumeClaim:
+ claimName: "{{inputs.parameters.workingPVC}}"
+
+ - name: pvc-create
+ inputs:
+ parameters:
+ - name: size
+ value: 1Gi
+ - name: storageClass
+ value: longhorn
+ - name: namePrefix
+ value: argo-
+ outputs:
+ parameters:
+ - name: name
+ valueFrom:
+ jsonPath: "{.metadata.name}"
+ resource:
+ action: create
+ setOwnerReference: true
+ manifest: |
+ apiVersion: v1
+ kind: PersistentVolumeClaim
+ metadata:
+ generateName: "{{inputs.parameters.namePrefix}}"
+ spec:
+ storageClassName: "{{inputs.parameters.storageClass}}"
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: "{{inputs.parameters.size}}"
+
+ - name: pvc-delete
+ inputs:
+ parametes:
+ - name: name
+ value: ""
+ resource:
+ action: delete
+ manifest: |
+ apiVersion: v1
+ kind: PersistentVolumeClaim
+ metadata:
+ name: "{{inputs.parameters.name}}"
+
+ - name: qa-reuse
+ inputs:
+ parameters:
+ - name: workingDir
+ value: "/work"
+ - name: workingPVC
+ value: ""
+ script:
+ image: fsfe/reuse
+ command:
+ - sh
+ source: |
+ cd -- "{{inputs.parameters.workingDir}}"
+ reuse lint
+ volumeMounts:
+ - name: workdir
+ mountPath: "{{inputs.parameters.workingDir}}"
+ volumes:
+ - name: workdir
+ persistentVolumeClaim:
+ claimName: "{{inputs.parameters.workingPVC}}"
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/amdgpu-device-plugin/deamon-set.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/amdgpu-device-plugin/deamon-set.yaml
new file mode 100644
index 0000000..9faf539
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/amdgpu-device-plugin/deamon-set.yaml
@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: amdgpu-device-plugin-daemonset
+ namespace: kube-system
+spec:
+ selector:
+ matchLabels:
+ name: amdgpu-dp-ds
+ template:
+ metadata:
+ labels:
+ name: amdgpu-dp-ds
+ spec:
+ nodeSelector:
+ kubernetes.io/arch: amd64
+ amdgpu: "true"
+ priorityClassName: system-node-critical
+ tolerations:
+ - key: CriticalAddonsOnly
+ operator: Exists
+ containers:
+ - image: rocm/k8s-device-plugin
+ name: amdgpu-dp-cntr
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ volumeMounts:
+ - name: dp
+ mountPath: /var/lib/kubelet/device-plugins
+ - name: sys
+ mountPath: /sys
+ volumes:
+ - name: dp
+ hostPath:
+ path: /var/lib/kubelet/device-plugins
+ - name: sys
+ hostPath:
+ path: /sys
diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/helm-chart-config.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/helm-chart-config.yaml
new file mode 100644
index 0000000..a9ab6af
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/helm-chart-config.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChartConfig
+metadata:
+ name: traefik
+ namespace: kube-system
+spec:
+ valuesContent: |-
+ deployment:
+ kind: DaemonSet
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml
new file mode 100644
index 0000000..f88167f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: headers-argo
+ namespace: kube-system
+spec:
+ headers:
+ stsPreload: true
+ forceSTSHeader: true
+ contentSecurityPolicy: >-
+ default-src
+ 'self'
+ 'unsafe-eval'
+ 'unsafe-inline'
+ ;
+ img-src
+ 'self'
+ data:
+ ;
+ worker-src
+ *
+ ;
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml
new file mode 100644
index 0000000..8619e15
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: headers-keycloak
+ namespace: kube-system
+spec:
+ headers:
+ stsPreload: true
+ forceSTSHeader: true
+ contentSecurityPolicy: >-
+ default-src
+ 'self'
+ ;
+ style-src
+ 'unsafe-inline'
+ ;
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml
new file mode 100644
index 0000000..f013ab2
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: headers-nextcloud
+ namespace: kube-system
+spec:
+ headers:
+ stsPreload: true
+ forceSTSHeader: true
+ contentSecurityPolicy: >-
+ default-src
+ 'self'
+ data:
+ 'unsafe-inline'
+ ;
+ img-src
+ 'self'
+ data:
+ *.tile.openstreetmap.org
+ nominatim.openstreetmap.org
+ ;
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-https.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-https.yaml
new file mode 100644
index 0000000..0bfb82c
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-https.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: redirect-https
+ namespace: kube-system
+spec:
+ redirectScheme:
+ scheme: https
+ permanent: true
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/monitoring/grafana/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/monitoring/grafana/helm-chart.yaml
new file mode 100644
index 0000000..20fc702
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/monitoring/grafana/helm-chart.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: grafana
+ namespace: kube-system
+spec:
+ repo: https://grafana.github.io/helm-charts
+ chart: grafana
+ targetNamespace: monitoring
+ valuesContent: |-
+ ingress:
+ enabled: true
+ ingressClassName: "traefik"
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ tls:
+ - hosts:
+ - grafana.tyil.nl
+ secretName: tls-nl.tyil.grafana
+ hosts:
+ - "grafana.tyil.nl"
+ envFromSecret: "grafana-env"
+ grafana.ini:
+ auth.ldap:
+ enabled: true
+ allow_sign_up: true
+ database:
+ type: "postgres"
+ ldap:
+ enabled: true
+ existingSecret: grafana-config
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus-exporter-postgresql/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus-exporter-postgresql/helm-chart.yaml
new file mode 100644
index 0000000..88b237d
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus-exporter-postgresql/helm-chart.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: prometheus-exporter-postgresql
+ namespace: monitoring
+spec:
+ repo: https://prometheus-community.github.io/helm-charts
+ chart: prometheus-postgres-exporter
+ valuesContent: |-
+ config:
+ datasourceSecret:
+ name: prometheus-exporter-postgresql
+ key: connection-string
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/auth-proxy.yaml b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/auth-proxy.yaml
new file mode 100644
index 0000000..8388e3a
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/auth-proxy.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: auth-proxy-prometheus
+ namespace: monitoring
+spec:
+ chart: https://git.tyil.nl/helm/oauth2-proxy/snapshot/oauth2-proxy-497a618778ead59ce985b81031a863dda9ff2126.tar.gz
+ valuesContent: |-
+ image:
+ tag: v7.4.0
+ secret:
+ enabled: false
+ envFrom:
+ secretRef:
+ - name: auth-proxy-prometheus
+ ingress:
+ enabled: true
+ ingressClassName: traefik
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+ tls:
+ - secretName: tls-nl.tyil.prometheus
+ hosts:
+ - prometheus.tyil.nl
+ hosts:
+ - host: prometheus.tyil.nl
+ paths:
+ - path: /
+ pathType: Prefix
diff --git a/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/helm-chart.yaml
new file mode 100644
index 0000000..43d78b4
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/helm-chart.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: prometheus
+ namespace: monitoring
+spec:
+ repo: https://prometheus-community.github.io/helm-charts
+ chart: kube-prometheus-stack
+ valuesContent: |-
+ alertmanager:
+ enabled: false
+ grafana:
+ enabled: false
+ prometheus:
+ enabled: true
+ prometheusSpec:
+ retention: 10d
+ serviceMonitorSelectorNilUsesHelmValues: false
+ storageSpec:
+ emptyDir: {}
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/namespaces.yaml b/data.d/k3s-master/manifests.d/tyilnet/namespaces.yaml
new file mode 100644
index 0000000..768c5f4
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/namespaces.yaml
@@ -0,0 +1,53 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: auth-system
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: chat-system
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: cicd-system
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: base-system
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: monitoring
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: personal-services
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: public-services
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: ravenhosting
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: servarr
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/configmap.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/configmap.yaml
new file mode 100644
index 0000000..bdbc8b2
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/configmap.yaml
@@ -0,0 +1,68 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: cgit
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+data:
+ cgitrc: |
+ root-desc=All public repos from tyil
+
+ source-filter=/usr/lib/cgit/filters/syntax-highlighting.sh
+ about-filter=/usr/lib/cgit/filters/about-formatting.sh
+
+ readme=:INSTALL
+ readme=:INSTALL.htm
+ readme=:INSTALL.html
+ readme=:INSTALL.md
+ readme=:INSTALL.mkd
+ readme=:INSTALL.rst
+ readme=:INSTALL.txt
+ readme=:README
+ readme=:README.htm
+ readme=:README.html
+ readme=:README.md
+ readme=:README.mkd
+ readme=:README.pod6
+ readme=:README.rakudoc
+ readme=:README.rst
+ readme=:README.txt
+ readme=:install
+ readme=:install.htm
+ readme=:install.html
+ readme=:install.md
+ readme=:install.mkd
+ readme=:install.rst
+ readme=:install.txt
+ readme=:readme
+ readme=:readme.htm
+ readme=:readme.html
+ readme=:readme.md
+ readme=:readme.mkd
+ readme=:readme.rst
+ readme=:readme.txt
+
+ css=/cgit-css/cgit.css
+ logo=/cgit-css/cgit.png
+
+ #cache-root=/var/cache/cgit
+ #cache-size=1000
+
+ clone-prefix=https://git.tyil.nl
+ enable-git-config=1
+ enable-index-links=1
+ enable-index-owner=0
+ enable-log-filecount=1
+ enable-log-linecount=1
+ remove-suffix=1
+ robots=index, follow
+ scan-path=/srv/git/
+ section-from-path=1
+ snapshots=tar.gz tar.bz2
+ virtual-root=/
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/deployment.yaml
new file mode 100644
index 0000000..715a3f6
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/deployment.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: cgit
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: emarcs/nginx-cgit
+ name: cgit
+ ports:
+ - containerPort: 80
+ volumeMounts:
+ - mountPath: /srv/git
+ name: data
+ - mountPath: /etc/cgitrc
+ subPath: cgitrc
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: data
+ hostPath:
+ path: /mnt/pool/git
+ type: DirectoryOrCreate
+ - name: config
+ configMap:
+ name: cgit
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/ingress.yaml
new file mode 100644
index 0000000..e8b30d3
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/ingress.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: cgit
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: >-
+ kube-system-redirect-https@kubernetescrd
+spec:
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - git.tyil.nl
+ secretName: tls-nl.tyil.git
+ rules:
+ - host: git.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: cgit
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/service.yaml
new file mode 100644
index 0000000..ac2ab26
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: cgit
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: cgit
+ app.kubernetes.io/part-of: personal-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/configmap.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/configmap.yaml
new file mode 100644
index 0000000..b78a822
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/configmap.yaml
@@ -0,0 +1,38 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: grocy
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: grocy
+ app.kubernetes.io/part-of: personal-services
+data:
+ # A custom common.conf is required because the name of the backend service is
+ # not configurable through conventional means. Instead, I supply my own
+ # version with the correct backend name and overwrite the one supplied by the
+ # grocy docker container itself.
+ common.conf: |
+ charset utf-8;
+
+ location / {
+ try_files $uri /index.php$is_args$query_string;
+ }
+
+ location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
+ expires 365d;
+ }
+
+ location ~ \.php$ {
+ fastcgi_pass grocy-backend:80;
+ fastcgi_index index.php;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ include fastcgi_params;
+ }
+
+ location ~ /\.ht {
+ deny all;
+ }
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-backend.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-backend.yaml
new file mode 100644
index 0000000..ef77883
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-backend.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: grocy-backend
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: grocy-backend
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: grocy-backend
+ app.kubernetes.io/part-of: personal-services
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: grocy-backend
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: grocy/backend:v3.3.2
+ name: grocy
+ env:
+ - name: GROCY_CURRENCY
+ value: "EUR"
+ - name: GROCY_MODE
+ value: "production"
+ - name: GROCY_CULTURE
+ name: "en"
+ - name: MAX_UPLOAD
+ value: "50M"
+ - name: PHP_MAX_FILE_UPLOAD
+ value: "200"
+ - name: PHP_MAX_POST
+ value: "100M"
+ - name: PHP_MEMORY_LIMIT
+ value: "512M"
+ ports:
+ - containerPort: 9000
+ volumeMounts:
+ - mountPath: /var/www/data
+ name: data
+ restartPolicy: Always
+ volumes:
+ - name: data
+ hostPath:
+ path: /etc/grocy
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-frontend.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-frontend.yaml
new file mode 100644
index 0000000..07fbb68
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-frontend.yaml
@@ -0,0 +1,59 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: grocy-frontend
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: grocy-frontend
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: grocy-frontend
+ app.kubernetes.io/part-of: personal-services
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: grocy-frontend
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ containers:
+ - image: grocy/frontend:v3.3.2
+ name: grocy
+ env:
+ - name: GROCY_CURRENCY
+ value: "EUR"
+ - name: GROCY_MODE
+ value: "production"
+ - name: GROCY_CULTURE
+ name: "en"
+ - name: MAX_UPLOAD
+ value: "50M"
+ - name: PHP_MAX_FILE_UPLOAD
+ value: "200"
+ - name: PHP_MAX_POST
+ value: "100M"
+ - name: PHP_MEMORY_LIMIT
+ value: "512M"
+ ports:
+ - containerPort: 8080
+ volumeMounts:
+ - mountPath: /etc/nginx/common.conf
+ subPath: common.conf
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: config
+ configMap:
+ name: grocy
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/ingress.yaml
new file mode 100644
index 0000000..80d1089
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/ingress.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: grocy
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: grocy
+ app.kubernetes.io/part-of: personal-services
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+spec:
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - erp.tyil.nl
+ secretName: tls-nl.tyil.erp
+ rules:
+ - host: erp.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: grocy-frontend
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-backend.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-backend.yaml
new file mode 100644
index 0000000..e9a179d
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-backend.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: grocy-backend
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: grocy-backend
+ app.kubernetes.io/part-of: personal-services
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: grocy-backend
+ app.kubernetes.io/part-of: personal-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 9000
+...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-frontend.yaml
index 14e9c61..d9d1e93 100644
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/service.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-frontend.yaml
@@ -2,21 +2,21 @@
apiVersion: v1
kind: Service
metadata:
- name: dirlist
- namespace: media
+ name: grocy-frontend
+ namespace: personal-services
labels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
+ app.kubernetes.io/name: grocy-frontend
+ app.kubernetes.io/part-of: personal-services
spec:
selector:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
+ app.kubernetes.io/name: grocy-frontend
+ app.kubernetes.io/part-of: personal-services
ports:
- - protocol: TCP
+ - name: http
port: 80
targetPort: 8080
...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-blockdiag.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-blockdiag.yaml
new file mode 100644
index 0000000..6eb7fea
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-blockdiag.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kroki-blockdiag
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-blockdiag
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-blockdiag
+ app.kubernetes.io/part-of: personal-services
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-blockdiag
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ containers:
+ - image: yuzutech/kroki-blockdiag
+ name: blockdiag
+ ports:
+ - containerPort: 8001
+ restartPolicy: Always
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-bpmn.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-bpmn.yaml
new file mode 100644
index 0000000..26acd15
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-bpmn.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kroki-bpmn
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-bpmn
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-bpmn
+ app.kubernetes.io/part-of: personal-services
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-bpmn
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ containers:
+ - image: yuzutech/kroki-bpmn
+ name: bpmn
+ ports:
+ - containerPort: 8003
+ restartPolicy: Always
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-excalidraw.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-excalidraw.yaml
new file mode 100644
index 0000000..d1c6699
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-excalidraw.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kroki-excalidraw
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-excalidraw
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-excalidraw
+ app.kubernetes.io/part-of: personal-services
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-excalidraw
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ containers:
+ - image: yuzutech/kroki-excalidraw
+ name: excalidraw
+ ports:
+ - containerPort: 8004
+ restartPolicy: Always
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-mermaid.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-mermaid.yaml
new file mode 100644
index 0000000..ee6edaf
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-mermaid.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kroki-mermaid
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-mermaid
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-mermaid
+ app.kubernetes.io/part-of: personal-services
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-mermaid
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ containers:
+ - image: yuzutech/kroki-mermaid
+ name: mermaid
+ ports:
+ - containerPort: 8002
+ restartPolicy: Always
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki.yaml
new file mode 100644
index 0000000..f192697
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki.yaml
@@ -0,0 +1,53 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kroki
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki
+ app.kubernetes.io/part-of: personal-services
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ containers:
+ - image: yuzutech/kroki
+ name: kroki
+ env:
+ - name: KROKI_BLOCKDIAG_HOST
+ value: kroki-blockdiag
+ - name: KROKI_BLOCKDIAG_PORT
+ value: "80"
+ - name: KROKI_BPMN_HOST
+ value: kroki-bpmn
+ - name: KROKI_BPMN_PORT
+ value: "80"
+ - name: KROKI_EXCALIDRAW_HOST
+ value: kroki-excalidraw
+ - name: KROKI_EXCALIDRAW_PORT
+ value: "80"
+ - name: KROKI_MERMAID_HOST
+ value: kroki-mermaid
+ - name: KROKI_MERMAID_PORT
+ value: "80"
+ - name: KROKI_MAX_URI_LENGTH
+ value: "4096"
+ ports:
+ - containerPort: 8000
+ restartPolicy: Always
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/ingress-kroki.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/ingress-kroki.yaml
new file mode 100644
index 0000000..c33644e
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/ingress-kroki.yaml
@@ -0,0 +1,30 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: kroki
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki
+ app.kubernetes.io/part-of: personal-services
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+ tls:
+ - hosts:
+ - kroki.tyil.nl
+ secretName: tls-nl.tyil.kroki
+ rules:
+ - host: kroki.tyil.nl
+ http:
+ paths:
+ - pathType: Prefix
+ path: "/"
+ backend:
+ service:
+ name: kroki
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-blockdiag.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-blockdiag.yaml
new file mode 100644
index 0000000..7ac6c4e
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-blockdiag.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: kroki-blockdiag
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-blockdiag
+ app.kubernetes.io/part-of: personal-services
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-blockdiag
+ app.kubernetes.io/part-of: personal-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8001
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-bpmn.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-bpmn.yaml
new file mode 100644
index 0000000..73e2c58
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-bpmn.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: kroki-bpmn
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-bpmn
+ app.kubernetes.io/part-of: personal-services
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-bpmn
+ app.kubernetes.io/part-of: personal-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8003
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-excalidraw.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-excalidraw.yaml
new file mode 100644
index 0000000..a011428
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-excalidraw.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: kroki-excalidraw
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-excalidraw
+ app.kubernetes.io/part-of: personal-services
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-excalidraw
+ app.kubernetes.io/part-of: personal-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8004
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-mermaid.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-mermaid.yaml
new file mode 100644
index 0000000..872433c
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-mermaid.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: kroki-mermaid
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-mermaid
+ app.kubernetes.io/part-of: personal-services
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: kroki-mermaid
+ app.kubernetes.io/part-of: personal-services
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8002
+...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki.yaml
index b91c1d1..0c98dc8 100644
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/service.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki.yaml
@@ -2,21 +2,21 @@
apiVersion: v1
kind: Service
metadata:
- name: teddit
- namespace: public-services
+ name: kroki
+ namespace: personal-services
labels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
- app.kubernetes.io/part-of: public-services
+ app.kubernetes.io/name: kroki
+ app.kubernetes.io/part-of: personal-services
spec:
selector:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
- app.kubernetes.io/part-of: public-services
+ app.kubernetes.io/name: kroki
+ app.kubernetes.io/part-of: personal-services
ports:
- - protocol: TCP
+ - name: http
port: 80
- targetPort: 8080
+ targetPort: 8000
...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/cron.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/cron.yaml
new file mode 100644
index 0000000..1f0b3a1
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/cron.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: nextcloud
+ namespace: personal-services
+spec:
+ schedule: "*/5 * * * *"
+ jobTemplate:
+ spec:
+ template:
+ spec:
+ securityContext:
+ runAsUser: 33
+ runAsGroup: 33
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - name: nextcloud
+ image: nextcloud:27
+ command:
+ - php
+ args:
+ - -f
+ - /var/www/html/cron.php
+ volumeMounts:
+ - mountPath: /var/www/html
+ name: data
+ restartPolicy: OnFailure
+ volumes:
+ - name: data
+ hostPath:
+ path: /mnt/pool/nextcloud
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/deployment.yaml
new file mode 100644
index 0000000..250f670
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/deployment.yaml
@@ -0,0 +1,45 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: nextcloud
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: personal-services
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: personal-services
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: personal-services
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: nextcloud:27
+ name: nextcloud
+ ports:
+ - containerPort: 80
+ volumeMounts:
+ - mountPath: /var/www/html
+ name: data
+ restartPolicy: Always
+ volumes:
+ - name: data
+ hostPath:
+ path: /mnt/pool/nextcloud
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/ingress.yaml
new file mode 100644
index 0000000..fca1adc
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/ingress.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: nextcloud
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: personal-services
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: >-
+ kube-system-headers-nextcloud@kubernetescrd
+spec:
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - cloud.tyil.nl
+ secretName: tls-nl.tyil.cloud
+ rules:
+ - host: cloud.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: nextcloud
+ port:
+ number: 80
+...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/service.yaml
index f848c14..fd9a7d6 100644
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/service.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/service.yaml
@@ -2,21 +2,21 @@
apiVersion: v1
kind: Service
metadata:
- name: omgur
- namespace: public-services
+ name: nextcloud
+ namespace: personal-services
labels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
- app.kubernetes.io/part-of: public-services
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: personal-services
spec:
selector:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
- app.kubernetes.io/part-of: public-services
+ app.kubernetes.io/name: nextcloud
+ app.kubernetes.io/part-of: personal-services
ports:
- - protocol: TCP
+ - name: http
port: 80
- targetPort: 8080
+ targetPort: 80
...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/deployment.yaml
new file mode 100644
index 0000000..d910c47
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/deployment.yaml
@@ -0,0 +1,54 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: invidious
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: invidious
+ app.kubernetes.io/part-of: public-services
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: invidious
+ app.kubernetes.io/part-of: public-services
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: invidious
+ app.kubernetes.io/part-of: public-services
+ spec:
+ containers:
+ - name: invidious
+ image: quay.io/invidious/invidious:latest
+ ports:
+ - containerPort: 8080
+ env:
+ - name: INVIDIOUS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: invidious-config
+ key: config.yml
+ resources:
+ requests:
+ memory: 64Mi
+ limits:
+ memory: 128Mi
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: app.kubernetes.io/name
+ operator: In
+ values:
+ - invidious
+ topologyKey: "kubernetes.io/hostname"
+...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/ingress.yaml
index ca92947..cb675a9 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/ingress.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/ingress.yaml
@@ -2,24 +2,30 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
- name: omgur
+ name: invidious
namespace: public-services
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
labels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
+ app.kubernetes.io/name: invidious
app.kubernetes.io/part-of: public-services
spec:
- ingressClassName: "nginx"
+ ingressClassName: "traefik"
+ tls:
+ - hosts:
+ - youtube.alt.tyil.nl
+ secretName: tls-nl.tyil.alt.youtube
rules:
- - host: imgur.alt.tyil.nl
+ - host: youtube.alt.tyil.nl
http:
paths:
- path: /
pathType: Prefix
backend:
service:
- name: omgur
+ name: invidious-http
port:
number: 80
...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/service.yaml
index 80b802b..e4f95be 100644
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/service.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/service.yaml
@@ -2,21 +2,23 @@
apiVersion: v1
kind: Service
metadata:
- name: searx
+ # Funfact: if this name is set to "invidious", things will break!
+ # https://github.com/iv-org/invidious/issues/2970
+ name: invidious-http
namespace: public-services
labels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
+ app.kubernetes.io/name: invidious
app.kubernetes.io/part-of: public-services
spec:
selector:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
+ app.kubernetes.io/name: invidious
app.kubernetes.io/part-of: public-services
ports:
- protocol: TCP
port: 80
- targetPort: 8080
+ targetPort: 3000
...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/auth-proxy.yaml b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/auth-proxy.yaml
new file mode 100644
index 0000000..0196271
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/auth-proxy.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: auth-proxy-gollum
+ namespace: ravenhosting
+spec:
+ chart: https://git.tyil.nl/helm/oauth2-proxy/snapshot/oauth2-proxy-497a618778ead59ce985b81031a863dda9ff2126.tar.gz
+ valuesContent: |-
+ image:
+ tag: v7.4.0
+ secret:
+ enabled: false
+ envFrom:
+ secretRef:
+ - name: auth-proxy-gollum
+ ingress:
+ enabled: true
+ ingressClassName: traefik
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+ tls:
+ - secretName: tls-eu.ravenhosting.wiki
+ hosts:
+ - wiki.ravenhosting.eu
+ hosts:
+ - host: wiki.ravenhosting.eu
+ paths:
+ - path: /
+ pathType: Prefix
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/deployment.yaml
new file mode 100644
index 0000000..0a6c7c3
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/deployment.yaml
@@ -0,0 +1,48 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: gollum
+ namespace: ravenhosting
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: gollum
+ app.kubernetes.io/part-of: ravenhosting
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: gollum
+ app.kubernetes.io/part-of: ravenhosting
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: gollum
+ app.kubernetes.io/part-of: ravenhosting
+ spec:
+ nodeName: "oolah.tyil.net"
+ containers:
+ - name: gollum
+ image: gollumwiki/gollum:master
+ args:
+ - -c
+ - "/wiki/config.rb"
+ ports:
+ - containerPort: 80
+ volumeMounts:
+ - mountPath: /wiki
+ name: data
+ restartPolicy: Always
+ volumes:
+ - name: data
+ hostPath:
+ path: /home/tyil/projects/ravenhosting/docs
+ type: DirectoryOrCreate
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/ingress.yaml
new file mode 100644
index 0000000..efc8e24
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/ingress.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: gollum
+ namespace: ravenhosting
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: gollum
+ app.kubernetes.io/part-of: ravenhosting
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+spec:
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - wiki.ravenhosting.eu
+ secretName: tls-eu.ravenhosting.wiki
+ rules:
+ - host: wiki.ravenhosting.eu
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: gollum
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/service.yaml
new file mode 100644
index 0000000..fa16a3f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: gollum
+ namespace: ravenhosting
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: gollum
+ app.kubernetes.io/part-of: ravenhosting
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: gollum
+ app.kubernetes.io/part-of: ravenhosting
+ ports:
+ - name: http
+ port: 80
+ targetPort: 4567
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/openproject/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/openproject/helm-chart.yaml
new file mode 100644
index 0000000..9dbc8af
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/openproject/helm-chart.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: openproject
+ namespace: ravenhosting
+spec:
+ repo: https://charts.openproject.org
+ chart: openproject
+ valuesContent: { } #|-
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/deployment.yaml
new file mode 100644
index 0000000..e967412
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/deployment.yaml
@@ -0,0 +1,78 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: bazarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: hotio/bazarr:testing
+ name: bazarr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 6767
+ volumeMounts:
+ - mountPath: /mnt/pool/media/anime-series/exported
+ name: anime-series
+ - mountPath: /mnt/pool/media/anime-movies/exported
+ name: anime-movies
+ - mountPath: /mnt/pool/media/series/exported
+ name: series
+ - mountPath: /mnt/pool/media/movies/exported
+ name: movies
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: anime-series
+ hostPath:
+ path: /mnt/pool/media/anime-series/exported
+ type: Directory
+ - name: anime-movies
+ hostPath:
+ path: /mnt/pool/media/anime-movies/exported
+ type: Directory
+ - name: series
+ hostPath:
+ path: /mnt/pool/media/series/exported
+ type: Directory
+ - name: movies
+ hostPath:
+ path: /mnt/pool/media/movies/exported
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/bazarr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/ingress.yaml
new file mode 100644
index 0000000..ff20477
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/ingress.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: bazarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+spec:
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - bazarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.bazarr
+ rules:
+ - host: bazarr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: bazarr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/service.yaml
new file mode 100644
index 0000000..1f3cc23
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: bazarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: bazarr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 6767
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/auth-proxy.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/auth-proxy.yaml
new file mode 100644
index 0000000..57ab370
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/auth-proxy.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+ name: auth-proxy-dirlist
+ namespace: kube-system
+spec:
+ chart: https://git.tyil.nl/helm/oauth2-proxy/snapshot/oauth2-proxy-497a618778ead59ce985b81031a863dda9ff2126.tar.gz
+ targetNamespace: servarr
+ valuesContent: |-
+ image:
+ tag: v7.4.0
+ secret:
+ enabled: false
+ envFrom:
+ secretRef:
+ - name: auth-proxy-dirlist
+ ingress:
+ enabled: true
+ ingressClassName: traefik
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+ tls:
+ - secretName: tls-nl.tyil.media
+ hosts:
+ - media.tyil.nl
+ hosts:
+ - host: media.tyil.nl
+ paths:
+ - path: /
+ pathType: Prefix
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/deployment.yaml
new file mode 100644
index 0000000..e3a3e26
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/deployment.yaml
@@ -0,0 +1,93 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: dirlist
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: dirlist
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: dirlist
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: dirlist
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: docker.io/svenstaro/miniserve:latest
+ args:
+ - --enable-tar
+ - --enable-tar-gz
+ - --qrcode
+ - /var/www
+ name: miniserve
+ ports:
+ - containerPort: 8080
+ volumeMounts:
+ - mountPath: /var/www/anime-movies
+ name: anime-movies
+ readOnly: true
+ - mountPath: /var/www/anime-series
+ name: anime-series
+ readOnly: true
+ - mountPath: /var/www/books
+ name: books
+ readOnly: true
+ - mountPath: /var/www/movies
+ name: movies
+ readOnly: true
+ - mountPath: /var/www/music
+ name: music
+ readOnly: true
+ - mountPath: /var/www/porn
+ name: porn
+ readOnly: true
+ - mountPath: /var/www/series
+ name: series
+ readOnly: true
+ restartPolicy: Always
+ volumes:
+ - name: anime-series
+ hostPath:
+ path: /mnt/pool/media/anime-series/exported
+ type: Directory
+ - name: anime-movies
+ hostPath:
+ path: /mnt/pool/media/anime-movies/exported
+ type: Directory
+ - name: books
+ hostPath:
+ path: /mnt/pool/media/books/exported
+ type: Directory
+ - name: movies
+ hostPath:
+ path: /mnt/pool/media/movies/exported
+ type: Directory
+ - name: music
+ hostPath:
+ path: /mnt/pool/media/music/exported
+ type: Directory
+ - name: porn
+ hostPath:
+ path: /mnt/pool/media/porn/exported
+ type: Directory
+ - name: series
+ hostPath:
+ path: /mnt/pool/media/series/exported
+ type: Directory
+...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/service.yaml
index 14e9c61..31f638f 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/service.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/service.yaml
@@ -3,20 +3,20 @@ apiVersion: v1
kind: Service
metadata:
name: dirlist
- namespace: media
+ namespace: servarr
labels:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
+ app.kubernetes.io/part-of: servarr
spec:
selector:
app.kubernetes.io/created-by: tyil
app.kubernetes.io/managed-by: manual
app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
+ app.kubernetes.io/part-of: servarr
ports:
- - protocol: TCP
+ - name: http
port: 80
targetPort: 8080
...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/deployment.yaml
new file mode 100644
index 0000000..18205c4
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/deployment.yaml
@@ -0,0 +1,96 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: jellyfin
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: jellyfin/jellyfin
+ name: jellyfin
+ ports:
+ - containerPort: 8096
+ volumeMounts:
+ - mountPath: /var/media/anime-movies
+ name: anime-movies
+ readOnly: true
+ - mountPath: /var/media/anime-series
+ name: anime-series
+ readOnly: true
+ - mountPath: /var/media/books
+ name: books
+ readOnly: true
+ - mountPath: /var/media/movies
+ name: movies
+ readOnly: true
+ - mountPath: /var/media/music
+ name: music
+ readOnly: true
+ - mountPath: /var/media/series
+ name: series
+ readOnly: true
+ - mountPath: /config
+ name: config
+ - mountPath: /cache
+ name: cache
+ resources:
+ limits:
+ amd.com/gpu: 1
+ restartPolicy: Always
+ volumes:
+ - name: anime-movies
+ hostPath:
+ path: /mnt/pool/media/anime-movies/exported
+ type: Directory
+ - name: anime-series
+ hostPath:
+ path: /mnt/pool/media/anime-series/exported
+ type: Directory
+ - name: books
+ hostPath:
+ path: /mnt/pool/media/books/exported
+ type: Directory
+ - name: movies
+ hostPath:
+ path: /mnt/pool/media/movies/exported
+ type: Directory
+ - name: music
+ hostPath:
+ path: /mnt/pool/media/music/exported
+ type: Directory
+ - name: series
+ hostPath:
+ path: /mnt/pool/media/series/exported
+ type: Directory
+ - name: cache
+ hostPath:
+ path: /var/cache/jellyfin
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/jellyfin
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/ingress.yaml
new file mode 100644
index 0000000..b527143
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/ingress.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: jellyfin
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+spec:
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - tv.tyil.nl
+ secretName: tls-nl.tyil.tv
+ rules:
+ - host: tv.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: jellyfin
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/service.yaml
new file mode 100644
index 0000000..cc0ae84
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: jellyfin
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyfin
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8096
+...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/deployment.yaml
index 7ab20fc..217f949 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/deployment.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/deployment.yaml
@@ -4,6 +4,11 @@ kind: Deployment
metadata:
name: jellyseerr
namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: jellyseerr
+ app.kubernetes.io/part-of: servarr
spec:
replicas: 1
selector:
@@ -12,6 +17,8 @@ spec:
app.kubernetes.io/managed-by: manual
app.kubernetes.io/name: jellyseerr
app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
template:
metadata:
labels:
@@ -20,39 +27,28 @@ spec:
app.kubernetes.io/name: jellyseerr
app.kubernetes.io/part-of: servarr
spec:
+ nodeName: "mieshu.tyil.net"
containers:
- - name: jellyseerr
- image: fallenbagel/jellyseerr:latest
- ports:
- - containerPort: 5055
- volumeMounts:
- - name: config
- subPath: config
- mountPath: /app/config
+ - image: fallenbagel/jellyseerr:latest
+ name: jellyseerr
env:
- - name: GUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: groupId
- - name: PUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: userId
- name: TZ
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: timezone
+ value: "Europe/Amsterdam"
- name: UMASK
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: umask
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 5055
+ volumeMounts:
+ - mountPath: /app/config
+ name: config
+ restartPolicy: Always
volumes:
- name: config
hostPath:
+ path: /etc/servarr/jellyseerr
type: Directory
- path: /srv/servarr/jellyseerr
...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/ingress.yaml
index 41f4852..11671d7 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/ingress.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/ingress.yaml
@@ -9,10 +9,17 @@ metadata:
app.kubernetes.io/managed-by: manual
app.kubernetes.io/name: jellyseerr
app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
spec:
- ingressClassName: "nginx"
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - jellyseerr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.jellyseerr
rules:
- - host: arr.tyil.nl
+ - host: jellyseerr.arr.tyil.nl
http:
paths:
- path: /
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/service.yaml
index f093194..a8f3b18 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/service.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/service.yaml
@@ -16,7 +16,7 @@ spec:
app.kubernetes.io/name: jellyseerr
app.kubernetes.io/part-of: servarr
ports:
- - protocol: TCP
+ - name: http
port: 80
targetPort: 5055
...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/deployment.yaml
index 274e277..baea1d9 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/deployment.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/deployment.yaml
@@ -4,6 +4,11 @@ kind: Deployment
metadata:
name: lidarr
namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lidarr
+ app.kubernetes.io/part-of: servarr
spec:
replicas: 1
selector:
@@ -12,6 +17,8 @@ spec:
app.kubernetes.io/managed-by: manual
app.kubernetes.io/name: lidarr
app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
template:
metadata:
labels:
@@ -20,44 +27,34 @@ spec:
app.kubernetes.io/name: lidarr
app.kubernetes.io/part-of: servarr
spec:
+ nodeName: "mieshu.tyil.net"
containers:
- - name: lidarr
- image: hotio/lidarr:release
- ports:
- - containerPort: 8686
- volumeMounts:
- - name: config
- mountPath: /config
- - name: media
- mountPath: /mnt/media
+ - image: hotio/lidarr:release
+ name: lidarr
env:
- - name: GUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: groupId
- - name: PUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: userId
- name: TZ
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: timezone
+ value: "Europe/Amsterdam"
- name: UMASK
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: umask
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 8686
+ volumeMounts:
+ - mountPath: /mnt/pool/media/music
+ name: music
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
volumes:
+ - name: music
+ hostPath:
+ path: /mnt/pool/media/music
+ type: Directory
- name: config
hostPath:
- type: DirectoryOrCreate
- path: /srv/servarr/lidarr/config
- - name: media
- nfs:
- server: 10.57.100.7
- path: /mnt/media
+ path: /etc/servarr/lidarr
+ type: Directory
...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/ingress.yaml
index fc56232..bff21d5 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/ingress.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/ingress.yaml
@@ -9,19 +9,16 @@ metadata:
app.kubernetes.io/managed-by: manual
app.kubernetes.io/name: lidarr
app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
spec:
- ingressClassName: "nginx"
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - lidarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.lidarr
rules:
- - host: lid.arr.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: lidarr
- port:
- number: 80
- host: lidarr.arr.tyil.nl
http:
paths:
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/service.yaml
index e4b75ba..f154924 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/service.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/service.yaml
@@ -16,7 +16,7 @@ spec:
app.kubernetes.io/name: lidarr
app.kubernetes.io/part-of: servarr
ports:
- - protocol: TCP
+ - name: http
port: 80
targetPort: 8686
...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/deployment.yaml
index 573a40a..4dcaf31 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/deployment.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/deployment.yaml
@@ -4,6 +4,11 @@ kind: Deployment
metadata:
name: prowlarr
namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prowlarr
+ app.kubernetes.io/part-of: servarr
spec:
replicas: 1
selector:
@@ -12,6 +17,8 @@ spec:
app.kubernetes.io/managed-by: manual
app.kubernetes.io/name: prowlarr
app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
template:
metadata:
labels:
@@ -20,39 +27,28 @@ spec:
app.kubernetes.io/name: prowlarr
app.kubernetes.io/part-of: servarr
spec:
+ nodeName: "mieshu.tyil.net"
containers:
- - name: prowlarr
- image: cr.hotio.dev/hotio/prowlarr:nightly
- ports:
- - containerPort: 9696
- volumeMounts:
- - name: config
- subPath: config
- mountPath: /config
+ - image: cr.hotio.dev/hotio/prowlarr:nightly
+ name: prowlarr
env:
- - name: GUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: groupId
- - name: PUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: userId
- name: TZ
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: timezone
+ value: "Europe/Amsterdam"
- name: UMASK
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: umask
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 9696
+ volumeMounts:
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
volumes:
- name: config
hostPath:
+ path: /etc/servarr/prowlarr
type: Directory
- path: /srv/servarr/prowlarr
...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/ingress.yaml
index dcffc36..1043a2d 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/ingress.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/ingress.yaml
@@ -9,19 +9,16 @@ metadata:
app.kubernetes.io/managed-by: manual
app.kubernetes.io/name: prowlarr
app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
spec:
- ingressClassName: "nginx"
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - prowlarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.prowlarr
rules:
- - host: prowl.arr.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: prowlarr
- port:
- number: 80
- host: prowlarr.arr.tyil.nl
http:
paths:
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/service.yaml
new file mode 100644
index 0000000..ff16907
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: prowlarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prowlarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: prowlarr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 9696
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/deployment.yaml
new file mode 100644
index 0000000..c49ccb0
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/deployment.yaml
@@ -0,0 +1,66 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: radarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: radarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: radarr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: radarr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: hotio/radarr:release
+ name: radarr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 8787
+ volumeMounts:
+ - mountPath: /mnt/pool/media/anime-movies
+ name: anime-movies
+ - mountPath: /mnt/pool/media/movies
+ name: movies
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: anime-movies
+ hostPath:
+ path: /mnt/pool/media/anime-movies
+ type: Directory
+ - name: movies
+ hostPath:
+ path: /mnt/pool/media/movies
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/radarr
+ type: Directory
+...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/ingress.yaml
index 3950a97..ace583f 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/ingress.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/ingress.yaml
@@ -9,19 +9,16 @@ metadata:
app.kubernetes.io/managed-by: manual
app.kubernetes.io/name: radarr
app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
spec:
- ingressClassName: "nginx"
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - radarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.radarr
rules:
- - host: rad.arr.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: radarr
- port:
- number: 80
- host: radarr.arr.tyil.nl
http:
paths:
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/service.yaml
index 9b8107c..28df782 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/service.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/service.yaml
@@ -16,7 +16,7 @@ spec:
app.kubernetes.io/name: radarr
app.kubernetes.io/part-of: servarr
ports:
- - protocol: TCP
+ - name: http
port: 80
targetPort: 7878
...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/deployment.yaml
index dc97919..a266b8d 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/deployment.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/deployment.yaml
@@ -4,6 +4,11 @@ kind: Deployment
metadata:
name: readarr
namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: readarr
+ app.kubernetes.io/part-of: servarr
spec:
replicas: 1
selector:
@@ -12,6 +17,8 @@ spec:
app.kubernetes.io/managed-by: manual
app.kubernetes.io/name: readarr
app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
template:
metadata:
labels:
@@ -20,44 +27,34 @@ spec:
app.kubernetes.io/name: readarr
app.kubernetes.io/part-of: servarr
spec:
+ nodeName: "mieshu.tyil.net"
containers:
- - name: readarr
- image: hotio/readarr:testing
- ports:
- - containerPort: 8787
- volumeMounts:
- - name: config
- mountPath: /config
- - name: media
- mountPath: /mnt/media
+ - image: hotio/readarr:testing
+ name: readarr
env:
- - name: GUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: groupId
- - name: PUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: userId
- name: TZ
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: timezone
+ value: "Europe/Amsterdam"
- name: UMASK
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: umask
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 8787
+ volumeMounts:
+ - mountPath: /mnt/pool/media/books
+ name: books
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
volumes:
+ - name: books
+ hostPath:
+ path: /mnt/pool/media/books
+ type: Directory
- name: config
hostPath:
- type: DirectoryOrCreate
- path: /srv/servarr/readarr/config
- - name: media
- nfs:
- server: 10.57.100.7
- path: /mnt/media
+ path: /etc/servarr/readarr
+ type: Directory
...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/ingress.yaml
index 17e0e7f..94aa05e 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/ingress.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/ingress.yaml
@@ -9,19 +9,16 @@ metadata:
app.kubernetes.io/managed-by: manual
app.kubernetes.io/name: readarr
app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
spec:
- ingressClassName: "nginx"
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - readarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.readarr
rules:
- - host: read.arr.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: readarr
- port:
- number: 80
- host: readarr.arr.tyil.nl
http:
paths:
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/service.yaml
index 43e01c8..3d6cdc7 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/service.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/service.yaml
@@ -16,7 +16,7 @@ spec:
app.kubernetes.io/name: readarr
app.kubernetes.io/part-of: servarr
ports:
- - protocol: TCP
+ - name: http
port: 80
targetPort: 8787
...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/deployment.yaml
new file mode 100644
index 0000000..126acfe
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/deployment.yaml
@@ -0,0 +1,66 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: sonarr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sonarr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sonarr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: sonarr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: hotio/sonarr:release
+ name: sonarr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 8787
+ volumeMounts:
+ - mountPath: /mnt/pool/media/anime-series
+ name: anime-series
+ - mountPath: /mnt/pool/media/series
+ name: series
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: anime-series
+ hostPath:
+ path: /mnt/pool/media/anime-series
+ type: Directory
+ - name: series
+ hostPath:
+ path: /mnt/pool/media/series
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/sonarr
+ type: Directory
+...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/ingress.yaml
index a053682..e53868a 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/ingress.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/ingress.yaml
@@ -9,19 +9,16 @@ metadata:
app.kubernetes.io/managed-by: manual
app.kubernetes.io/name: sonarr
app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
spec:
- ingressClassName: "nginx"
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - sonarr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.sonarr
rules:
- - host: son.arr.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: sonarr
- port:
- number: 80
- host: sonarr.arr.tyil.nl
http:
paths:
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/service.yaml
index 9db5fb2..5251050 100644
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/service.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/service.yaml
@@ -16,7 +16,7 @@ spec:
app.kubernetes.io/name: sonarr
app.kubernetes.io/part-of: servarr
ports:
- - protocol: TCP
+ - name: http
port: 80
targetPort: 8989
...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/unpackerr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/unpackerr/deployment.yaml
new file mode 100644
index 0000000..d54c478
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/unpackerr/deployment.yaml
@@ -0,0 +1,88 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: unpackerr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: unpackerr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: unpackerr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: unpackerr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: golift/unpackerr:latest
+ name: unpackerr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ volumeMounts:
+ - mountPath: /mnt/pool/media/anime-movies
+ name: anime-movies
+ - mountPath: /mnt/pool/media/anime-series
+ name: anime-series
+ - mountPath: /mnt/pool/media/books
+ name: books
+ - mountPath: /mnt/pool/media/movies
+ name: movies
+ - mountPath: /mnt/pool/media/music
+ name: music
+ - mountPath: /mnt/pool/media/series
+ name: series
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: anime-series
+ hostPath:
+ path: /mnt/pool/media/anime-series
+ type: Directory
+ - name: anime-movies
+ hostPath:
+ path: /mnt/pool/media/anime-movies
+ type: Directory
+ - name: books
+ hostPath:
+ path: /mnt/pool/media/books
+ type: Directory
+ - name: movies
+ hostPath:
+ path: /mnt/pool/media/movies
+ type: Directory
+ - name: music
+ hostPath:
+ path: /mnt/pool/media/music
+ type: Directory
+ - name: series
+ hostPath:
+ path: /mnt/pool/media/series
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/unpackerr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/deployment.yaml
new file mode 100644
index 0000000..f650a60
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/deployment.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: whisparr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+ spec:
+ nodeName: "mieshu.tyil.net"
+ containers:
+ - image: cr.hotio.dev/hotio/whisparr:nightly
+ name: whisparr
+ env:
+ - name: TZ
+ value: "Europe/Amsterdam"
+ - name: UMASK
+ value: "002"
+ - name: GUID
+ value: "169"
+ - name: PUID
+ value: "169"
+ ports:
+ - containerPort: 6969
+ volumeMounts:
+ - mountPath: /mnt/pool/media/porn
+ name: porn
+ - mountPath: /config
+ name: config
+ restartPolicy: Always
+ volumes:
+ - name: porn
+ hostPath:
+ path: /mnt/pool/media/porn
+ type: Directory
+ - name: config
+ hostPath:
+ path: /etc/servarr/whisparr
+ type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/ingress.yaml
new file mode 100644
index 0000000..a71692c
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/ingress.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: whisparr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+spec:
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - whisparr.arr.tyil.nl
+ secretName: tls-nl.tyil.arr.whisparr
+ rules:
+ - host: whisparr.arr.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: whisparr
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/service.yaml
new file mode 100644
index 0000000..abafcaf
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: whisparr
+ namespace: servarr
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: whisparr
+ app.kubernetes.io/part-of: servarr
+ ports:
+ - name: http
+ port: 80
+ targetPort: 6969
+...
diff --git a/data.d/k8s-master/manifests.d/base-system/helm-controller.yaml b/data.d/k8s-master/manifests.d/base-system/helm-controller.yaml
new file mode 100644
index 0000000..cd5895b
--- /dev/null
+++ b/data.d/k8s-master/manifests.d/base-system/helm-controller.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: helm-controller
+ namespace: base-system
+ labels:
+ app: helm-controller
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: helm-controller
+ template:
+ metadata:
+ labels:
+ app: helm-controller
+ spec:
+ containers:
+ - name: helm-controller
+ image: rancher/helm-controller:v0.12.1
+ command: ["helm-controller"]
+...
diff --git a/playbooks.d/k3s-master/manifests/namespaces/base-system.yaml b/data.d/k8s-master/manifests.d/namespaces.yaml
index 78d7ab7..78d7ab7 100644
--- a/playbooks.d/k3s-master/manifests/namespaces/base-system.yaml
+++ b/data.d/k8s-master/manifests.d/namespaces.yaml
diff --git a/data.d/vpn-tinc/hosts/anoia_tyil_net b/data.d/vpn-tinc/hosts/anoia_tyil_net
new file mode 100644
index 0000000..ff46bf7
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/anoia_tyil_net
@@ -0,0 +1,17 @@
+Subnet = 10.57.100.3/32
+Subnet = fd68:1057:1992:3381:0:3317:0:2/128
+
+Ed25519PublicKey = 04G6200IYDzDT3H0Yj6ZjQUIUc8tCIvzPaXmyk36e2M
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAt+7D3zRySAfd9cYnMSNhp/yRnBygmnfLdKm/dH9X7QbJ1BNcQpTP
+I1RmC9lNlWABhB46DJUqQAQeGlZPUHxbCnmdDN6HyDaSA45m/yGUbVhN/ClK7iap
+EXfNmxZbtE4eBHDz5DsFe7i2nla4gogyiUQsvRgIP2b2v9qzBhqf2kXwv0X+n7hv
+HvQOdN60x/xm1+Vh6wsdX2HYatEh3dy1pfj+1RCQIWV1FDS1YVbFZFb1UJz917G/
+DIpM/Cb/3txH0ffVh2NVqFBW3kd60Cs42/6htpHucBQ1dRVZUCKKWz1sgi5H4nty
+HdPDPwOphrvNE7kXjvhkPIif1KtCr2SLwOK0UXR9iZtWuDH/Uxn2v7ofa0a3zKGf
+yPrVwzhciv2cdbXPiTFyAS8YbpQUQTcuqDVi1AxE8Z0KmuvgBtTtAzMDyoTLOfzS
+yZ3a0qQhX3nvLkXWh7cA7cquuP4LgP5iY1vJSRO2EZA61/WdKs8asl0EN8Zn8EEz
+opnvcM3M0ptBZy1Dz2X6Lz0QliQrzajmSRhfUMTOq3ARvnLsES14ZqehavH5Ntms
+G1OVdVnd7fqibMhWz/dKiB3uG+1e39isTPW3+22MEm4R0ngfF6olZ8SdHrIWFPW8
+bvdzf7ebFrjuqi6qN/NdUwrzWdDGU83W2xEBsHHbHcoKaB2uwcCKvjcCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/playbooks.d/vpn-tinc/share/hosts/caeghi_tyil_net b/data.d/vpn-tinc/hosts/caeghi_tyil_net
index c5d5b05..7816713 100644
--- a/playbooks.d/vpn-tinc/share/hosts/caeghi_tyil_net
+++ b/data.d/vpn-tinc/hosts/caeghi_tyil_net
@@ -1,5 +1,7 @@
Address = 116.202.102.33
+Address = 2a01:4f8:c010:ca5::1
Subnet = 10.57.20.2/32
+Subnet = fd68:1057:1992:3381:0:1:0:1
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA2abFKFB1Dr1YMcAIWcy/2+jJn+suPyiQjz6vgt476P9a/I7SUCta
diff --git a/playbooks.d/vpn-tinc/share/hosts/edephas_tyil_net b/data.d/vpn-tinc/hosts/edephas_tyil_net
index 6e095bb..e0e2f3b 100644
--- a/playbooks.d/vpn-tinc/share/hosts/edephas_tyil_net
+++ b/data.d/vpn-tinc/hosts/edephas_tyil_net
@@ -1,4 +1,5 @@
Subnet = 10.57.100.7/32
+Subnet = fd68:1057:1992:3381:0:3317:0:1/128
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEApxmzAXv4Mch5FP5AxHmpvHjkJGxcegbFzdFzHjhdLDJ9MQQZdM1p
diff --git a/playbooks.d/vpn-tinc/share/hosts/faiwoo_tyil_net b/data.d/vpn-tinc/hosts/faiwoo_tyil_net
index f5eb8f3..1a7aeac 100644
--- a/playbooks.d/vpn-tinc/share/hosts/faiwoo_tyil_net
+++ b/data.d/vpn-tinc/hosts/faiwoo_tyil_net
@@ -1,5 +1,7 @@
Address = 65.21.5.254
+Address = 2a01:4f9:c010:e20c::1
Subnet = 10.57.20.5/32
+Subnet = fd68:1057:1992:3381:0:1:1:2
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA3nBf2UWehfNWNrR6i4HJp64aPYI5SpV/7LplRwqXcmnJuHmQJ8Ht
diff --git a/data.d/vpn-tinc/hosts/gaeru_tyil_net b/data.d/vpn-tinc/hosts/gaeru_tyil_net
new file mode 100644
index 0000000..d947b01
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/gaeru_tyil_net
@@ -0,0 +1,17 @@
+Address = 37.48.120.26
+Subnet = 10.57.20.6/32
+Subnet = fd68:1057:1992:3381:0:2:0:1
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAvoIVYdxmypwYxZh89WAQDjpNWs8TDhn/mQVRy+WPqT39HCkHhOab
+6GN8Ktsi6WU6arxL3PKfRzyXJhFbVktfzgHv6fKuBZwWSZM/qQ5T7DmtUkHv4NPB
+AaRCDD1vkK0oGjX/BYOVCo9oCfaGWheAg/usw2XLZE+nz3FSb4GBs6vRQV95D7Px
+v8/vmBJSfd3dIRvf0C6fvSSLH2Caq2E2cnKB+CG6F/1qbvhbppVnMJTySR+xCbW/
+YQv1pqND5TYZ0KZ8YuPmjxsd23L6roZJBgBbsiUPWktnKyUP2MEjrpZLcpD7Hnj8
+Qs1bkIdpz9Lj1i8g+k02IfoeRsSi0sf+hbyXovjHLfmdDoEeCtwbrL+JMPCtmzuS
+S+AMIpWW4x74o0YNKgXFbjj179+BCVBXzGJBjoJ1dS1r/xDi97m5UxVVK6hfocBc
+5x42h0Oc/b20lzoQ1Ixk+qRa71gEAa4OQgwDAKgQZnLgnmqq8mSU/x+f7pcRNGf5
+M/Ae6+rnOghLihReYpw09UinZT7Wqcp1MgAnsYqDohsJe5lEMfJkUS9zdLXlzlpv
+PnAEknM4Nb2I3xEeHIeAnD0ZfzY81Jp+sfxdArGv+Hu+s9nTChlC8HlpVIsdUOFo
+mVD3iOVvNEjR8LqfWexkhlG3qr69bzUUiguRLJicPaKZRJ68IOsX5EsCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/jaomox_tyil_net b/data.d/vpn-tinc/hosts/jaomox_tyil_net
new file mode 100644
index 0000000..c440db1
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/jaomox_tyil_net
@@ -0,0 +1,17 @@
+Address = 163.172.218.246
+Subnet = 10.57.21.1/32
+Subnet = fd68:1057:1992:3381:0:3:3:1
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAuIBWktCuiEBGV0xDHqXXyUNXjfKf4WWKjCYmA3eFbVMEDinoZef3
+wHTtLuEieJ5kA7xjaYBLCSenaj1RSQQt+tUaLoB2/gARTLteuUCuBjkO4/+h7UOd
++GaqR7+w6mkHaB/03Bl07loEZhgHA6Acrufg2jV0n9krOqv3opk8zrLN3BdwSrXE
++ZWZIqgakDVmQzc57VZEb3O8wZzNHmAZXIiv4gkvKs59sVvSfcPEMywo2cSPPfK9
+UdaZiejjymDY9kbzcp26cwfsksvwxewZk0JKYK9kx96DC97amTZYeEKCkuy4cSZF
+qSWcxSfoNkFXYas/UCy7kPegyim9ZMshfzV8dH5HHpvMsaIaMH5674U+LCoViN57
+AD1AabNXSAKuI3KGDJhSC2TDgMbXrj8dV9Sc+hLwwqwi14M6ld7MZBfEQ8Jma+Hz
+14Ps2t3p3tZeoeEcySJCvU2nw4i5lkHjsObcgw7g5IaW2u/wYsPi3nprcz1HmUXW
+PUHWaOLzLc79xGVq/xKcxyHS0yqrlfa26j6IMc8OaBwIdJW+cyNnlb/xjxwyMEsW
+wdGNn2U7FYxatxGfnRWnSn68lJX5RUQsAX0Wnw4cJruyytt3Xq3fZfX0F0dLRiVo
+tmfbogj+5ajBKw747CaZgczhMIxWpjzC/JwHXWa0kEuRhC7U90D5mqkCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/ludifah_tyil_net b/data.d/vpn-tinc/hosts/ludifah_tyil_net
new file mode 100644
index 0000000..c236163
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/ludifah_tyil_net
@@ -0,0 +1,16 @@
+Subnet = 10.57.100.9/32
+Subnet = fd68:1057:1992:3381:0:3317:0:4/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEA2pXuIIPoQhWLzTSsO0bvgkQ1+7RgqPVv8b6zNfmRUfj2uKy3OZEn
+HS5TfmukDtHev/Z2p/UmBSHtaMT2/G+Nz7ogT0rMRBtjAk+DR9FYFz75zmsjQuFQ
+U+deh/fQgrpsEDiNmapRtM6EwYYH/A/0MJ2eN9HPVUB864mN79ZfEhTWMbv6khbq
+VwqAd+9GbjfRPLqifRpS9LuspXNpCBOl+r5l7+T1llN/BUgs71BVWbssaRUH7B2I
+rS9qjhWfUN9RC3PX98yVbzTOeL/jxNn57eOr/KUDtRpqQwy2zFTAxT+d+X37abYK
+OyHXBs3rLtpleoh6Hw9UNwLDUVfjpcrxwgFEogJosiA+CBG26b5H6mm+updkyKTE
+4r5y1+8dLQpmaLIaI7KFbPJTUaJvfGRwzulA/lDRdmZaetrHKrMqZyQ4M1Yq67Ba
+0cqDQEvnY/XoKTJTgNxn8cWMKm+biB7zs/92pKKPRmv6DQ+gjrDTepn5XzVbIFS9
+GM30AqQiqoNL0PbTYWMPQmznEJo8LyehWr621/GARLTMFa3Pp7eGm7Afwy4zA4hG
+AZLNXdEE7YMVoQUHWfiTGUl9yxX7o6g3gdZloAwGjeGB7BHOmi4SJEg1hUJ8wOn8
+wtnjybxDTxdRkQ2RMdlsfSGZsu7jUxSjnPvwLWH/2cHXSmencQXOhTUCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/mieshu_tyil_net b/data.d/vpn-tinc/hosts/mieshu_tyil_net
new file mode 100644
index 0000000..7e3c050
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/mieshu_tyil_net
@@ -0,0 +1,18 @@
+Address = 2a10:3781:2453:1:4950:47ce:f8db:1fed
+Subnet = 10.57.101.10/32
+Subnet = fd68:1057:1992:3381:0:3317:3:1/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAtanpLzqjn0nFSeGBxJvVlTsmkXLkXa5QZZkXg4P6xGcXkIq38DV5
+sxpRxHfnL7gWap7K/6VffMmKk/hryob6PRREGjzff2JX72JTskdZh8yXv/9CWD4p
+HCaICKz7Rfq6XdrERuSdIDQ+nRTsvQrotbBky7O7BgpT6kHasVpIVRlhjppuZqIM
+Vt3U3pTHFR5ltrZlTmHxkuXH2KFlpZuBkqCwfSdrKjkeJke/pJo+BKBPBVJZzE7p
+lRxrLJmshdlixoW0A2x5O+kvy75Zd2Nche2si8VJytOaKbOD1frRXZEC0Njz6PtB
+Egje+6b49d9v3/EO8va6Gqf83Ef2PDbYc7Ev2aFqCyB+mlkYNUGUM4NXsSUyyY7/
+JroKpchNAVOabFSwdZ05iHsCBG1+IUimT/u2OjQpfcA6jjG5EoY3udgyI0jt8LHj
+LnhkKjS+bCxvrfZ7eVY8ZRSGUjKNNG9QuTiVDBqndWCMrZMykuJuLElpchQym7ib
+KaMzsrcVpDVqKi6EpkI1lMMT8RuD2reLqp/few5+bnJ28q5EaxdO5HNGb5R/GUMu
+20Zl05WAFdlsmyL2K1+1tEUOqphFb3PwfJwLmyZbiNcg4l3E8thz0dRoZtfozNQH
+DlsCy8vIsUQrcc10Qe3PtI3zaJbNnFkrLEUv92CmsDRbC6cuTB9cNaUCAwEAAQ==
+-----END RSA PUBLIC KEY-----
+Ed25519PublicKey = uhJdCV4h/0W+1QWzOlne2BWDX6G/d27QPHdDwNZjUMB
diff --git a/data.d/vpn-tinc/hosts/nouki_tyil_net b/data.d/vpn-tinc/hosts/nouki_tyil_net
new file mode 100644
index 0000000..b31d087
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/nouki_tyil_net
@@ -0,0 +1,18 @@
+Address = 2a10:3781:2453:1:b4e0:9393:3c64:7fd8
+Subnet = 10.57.101.20/32
+Subnet = fd68:1057:1992:3381:0:2:3317:1/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAvBBrlZ9vU+LiW30AWQAMfJDMH4IJcr3CuQNWqnYs7xRKtAE3Rqnc
+OjMFavgyCnMZd0SAguQYzFRY4jUlM7FtznmeMaf21/9/qfBQRRpCaKB/6frQfieY
+NA1eDgE+nfLn5i2l8Of2LBM7YNjhkLGMqgTU1rZUOkD8wv1pn8Z5YpwGISmBAk5o
+S4HfbFGq4QpLR4IW33qmmWUUHU5saBHde/MuJyxgff7BtLg6Z5kgaAyG/Oj0NM1W
+96KC4u6QjIxeHLVHy4FI298JXMm7txuIGmb3D5hcpFb3Yh5hE9RXAV6aBN3p1s+c
++L8YANlQZTAAlzNveHLF8TKtQa0CVBM3Y4TIpwpFlRGrPpPqExnoAw8pCvjAsUbZ
+XvJwNWH6ifo9Snf1Ww3d6zv8at0+ULxIlWAW0AGwDThMJx8qalqyiv1r8eNjANXw
+qPXH9f49iZ4OwPgoWC91AQSjgrVKuZStRbjHzalbjDidpLTLceMvjg+MExLzbzpj
+Jl4AIp0Oxn9GLEiiVMuvPvfViF0wf3EzQl0GVYdZrftwozJU9/I3hSETl8ISAVa2
+vxm0nzw1d5eZ3MPj36t7K4sNDbIasqJLMDbIHNFhA2GjsP3WlX2eHNY2lThbhScG
+qqm4q3bdVo3VCgh0iiMJchw0m7PVntF0FMC6Ghxwcds7u2CsrsBK738CAwEAAQ==
+-----END RSA PUBLIC KEY-----
+Ed25519PublicKey = z6XeVexx6bPgOqM4LA3Jg0hZehhZZRo/KCM+sf0po/H
diff --git a/data.d/vpn-tinc/hosts/oolah_tyil_net b/data.d/vpn-tinc/hosts/oolah_tyil_net
new file mode 100644
index 0000000..e5d0e66
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/oolah_tyil_net
@@ -0,0 +1,17 @@
+Address = 2a10:3781:2453:1:7aaf:8ff:fe7a:9ba8
+Subnet = 10.57.101.1/32
+Subnet = fd68:1057:1992:3381:0:3317:1:1/128
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEA3uaxPI2q7VPAVOh4D9u8b6kSFXNMLtvJQozlhH/Hr3+5Cv/wfKlB
+vMPnavGf2J4dlw4d0EoYCCD8k84NkvWCcaXnCpRy80zVQmge2OLaIU7zScCAAqpj
+BvCF5q9AbeeI0hxdD8sJI0yYjWpdxsS3tN63kTm0JeYSfrMIwNOoajMUuYOApDB4
+JpZCR3SEgnbkTXsr0uWWUQs9IPnrn2BtwfaN3YDK0KQal36eDwNYiInFutfgWMMh
+6WmBLJwNtU4OA68sifs9HGqAkJe+M+Ro43/n8BtUgkNH+RnAtwegZgAWLMMkEoPL
+WAGumBsg1QwxLfmSZovUTe4QFFqEYSFhRzRVUTvvBYJI/GGRBBx7igKsc3rfTH6S
+Pm483NYeXdNri90Wf77rpfJuEWXtNk9TVRniSHEcs7jxsCs0wxTDE5ozKw3xhlY8
+ezWdbZnY6YKXyvJnHE+Wbe4bO3yt2lPB5Xli7OyGm9TP9TeXnhM60Q12KOIYxhBw
+NO7MnyrIAvV3rURaMNJQdDJEtTstgxnXsEjtTQHhduw6RqbDf3Pjz/8XNqium/ss
+ifhXawQL6aTzU3N0z/MVh4yYE/svcV36Eh8whnRVGD/p41WwaqDOeAxpxlkB7/rZ
+ROujwLLJG4hFHefPtU0cdrFi/oQVGjvywJRro2eqMjPRBwfBELDTTEUCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/plarabe_tyil_net b/data.d/vpn-tinc/hosts/plarabe_tyil_net
new file mode 100644
index 0000000..0d2a970
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/plarabe_tyil_net
@@ -0,0 +1,16 @@
+Subnet = 10.57.100.10/32
+Subnet = fd68:1057:1992:3381:0:3317:0:3
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAvply9cPmEi7zqZEqIEYpTisk+OJvIOXhEL1uwz3ntf8z/1CjG7bq
+lGCtgwEx4ilQ4M4JUp5Y+7DSt2JQmpzfunQszhVNSNIBm57iLM7pkhfr6LEXglfW
+eGe8nFv4Kph8D+N0kY9xdRIMDCDxvcsdaMcnjCBs+NoGXeF0Yl2Z1pXw0jU4bAe4
+JfXT/AvuvOrBTXVZ+vzqiKbOCxJRK6gWeyfs3gnHTgSQ2eOjyYFOLkTAxnYmFLkO
+DPkhQ/s1QviqYFgvJ0of99Q9WnyK7Ki1w5Wx46qoh05ic9FwJ5/AV/1s83TDvUfD
+YiVtsdLQxwZcsiXfLa1whisDRy0z93CrnzrVOTEncxo3tGu+Fmz43h5NgQLnIxKq
+EWT7SOA0yvyynNRpWmav7XEfWMFJAw08Cz3hlCK+nYAL9w92PIMOVxGQ9QpWcQTb
+bxkKNF9A08GKUb3OHjxM3Va+7f4/Ju8fQJ5Ce7UvGAaoWIVSIdO/bWtaKBLpSNou
+kgvpyyuOCAMfBFD1c44m8pqtHBfkM6dH5Yp55dV4Q249/E5r/6nErwBYtAcUdRcu
+9Tchbc5nLynfRwmG8xVG+sNS/Vmp3S0BFVzqrnmKvB3j5GqU2GZIP7TcWgzf+Y4t
+E5mGIbAjTSw7DCqodMzl8MDQqSaauB5rSpy+TfFnw3dsImQyfXN7Lm8CAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/qohrei_tyil_net b/data.d/vpn-tinc/hosts/qohrei_tyil_net
new file mode 100644
index 0000000..f38fc9c
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/qohrei_tyil_net
@@ -0,0 +1,18 @@
+Address = 37.27.37.131
+Address = 2a01:4f9:c012:6273::1
+Subnet = 10.57.250.250/32
+Subnet = fd68:1057:1992:3381:0:1:1:1
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEA3xeAUoTfq/aF4/y9+O8gmYM733srXyqtXuA7HKfeDOsmGO1myVOo
+YIOp0NnXLXB+IorfDe1yHxHOgZrIWib6Hh1fKNJ62to2+X5015ubiQfd3hC2+sCP
+BJGTwfcWmZ44fo8Pnbxa7ZJkqcqNs/3NPtg5I+yQ8shRF7B/7Am4mwL15tnqsThG
+07BxqvUcxvYJs6MZvDIcNMYbalOs5JQDBkcqi+ekkR92S3qjpKBGoBzjA5tIklNv
+OC4FERxNVfxYHufrbpQv9Uh8L4Z6D9XDIf787LYCu721wNk30y4xQXojCniqPvRc
+KQWMMyElw8E7h+EPPEbCWKF6dnWUOYcK5baPDlRosOLS1V/2WvP3bpcfrseMw+Zp
+EKXf60T9iva4VMRgHmo5nI4m8fj4KzEYGXfm7iNVXvvX3pdZQSvDyenEo9oV9CaR
+IFUhNuK1ATCiRcJif9jRG1iH0XQ83eT4EEIMXhot+e94K1dV+icYZQ8ig/F47B8c
+C8absE5zgwMtbKTpUI9tIRLAazMkp2eHkrPGDRc6ccSzpE3NIJ/Ba7mMO7dC9ukw
+XsE7S1kLEO6im8v823EIvtuHle098rqDjljtm+R3blTXyAUIdvqteKHY/b2LSqPZ
+OSnpvQ9/qjlIscAMLqQLFUjmCesJV0Bn2C6xDvgBoI31Ye9KEEXmGQsCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-tinc/hosts/ricui_tyil_net b/data.d/vpn-tinc/hosts/ricui_tyil_net
new file mode 100644
index 0000000..02d4cb7
--- /dev/null
+++ b/data.d/vpn-tinc/hosts/ricui_tyil_net
@@ -0,0 +1,17 @@
+Subnet = 10.57.20.7/32
+Subnet = fd68:1057:1992:3381:0:1:1:3/128
+
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEA3d5Kb3dOU9qaDko7jbmSwQ8heCVdJtNYV5biGDoqz4KdxFafsDKD
+Fd/kH2YnquqSDmtHwxX3fIovnV3PQExqXPTbDWUa5WjR5HOi9JZUIjlyY1YJol6G
+KY0c3YHUB0D1qiZCo07vCO+E/RNxeS/GYtugVwEQD9DeIzI8uTOYx+cCEzn6XSbV
+bEZ02cBjgjx0CctBEDKl9dVTzKc/ijSU/U4MtUbC5u5OnyL0+E7uzU05Yc1ucHuY
+QcchyYZ/o9liNXQ3K680KHnnYiy4ywOD/9hLOTMC5fKtoSp2s+Q5e7Fjy3AXrVY2
+xgywp3id2VOdbvcOPDwxrzLIj0ndjNAlPG4P6y3XTloe3wkKawXIl1mtcolIsl8u
+stfXSU5S+JQa3M2tFpJKPQUYdjq+jbc/O7epNQWbMzd5N/EyG42fcP0gV6MWGzoA
+Ns+/JePxzToD/FlXAXqoS+1DFPBxM7O+CjEGjFc0wPCATR8jGzOyHBaMaYgjbkaZ
+KI+uvtusAjDLR9NPHsaqLNURUcVs5ZLTYtUfHD2vyL6njbJlKVgnqcID34hbXF6k
+FZ8k0CH3QWzmS5ZTBLD95i4uL48cYIf/4vuapYigzntaxUju1azejMN7ACMZm2iQ
+hIA1TfNVsrMLTNjfiMqgvXSUfa3MtoBU7OrVEuyDQRJJuw+mwecwms8CAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/data.d/vpn-wireguard/.gitignore b/data.d/vpn-wireguard/.gitignore
new file mode 100644
index 0000000..ae60a25
--- /dev/null
+++ b/data.d/vpn-wireguard/.gitignore
@@ -0,0 +1 @@
+privkey
diff --git a/data.d/vpn-wireguard/hooks/post-up b/data.d/vpn-wireguard/hooks/post-up
new file mode 100755
index 0000000..b200922
--- /dev/null
+++ b/data.d/vpn-wireguard/hooks/post-up
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+readonly COLOR_RESET="\033[0m"
+readonly COLOR_OK="\033[32;1m"
+readonly COLOR_NOK="\033[31;1m"
+
+main() {
+ printf "Verifying connectability...\n"
+
+ # Ping all known hosts, as it seems that the wireguard interface comes up when
+ # only after it gets used on the machine itself.
+ while read -r addr;
+ do
+ check "$addr" &
+ done < <(awk -F= '/vpn-wireguard.ipv(4|6)=/ { print $NF }' /etc/bashtard/hosts.d/*)
+
+ wait
+}
+
+check() {
+ local addr="$1"
+
+ if ping -c 1 -q -w 1 "$addr" > /dev/null
+ then
+ log OK "$addr"
+ else
+ log NOK "$addr"
+ fi
+}
+
+log() {
+ local state="$1"
+ local addr="$2"
+ local color="$COLOR_NOK"
+
+ if [[ $state == "OK" ]]
+ then
+ color="$COLOR_OK"
+ fi
+
+ printf "%b%3s%b: %s\n" "$color" "$state" "$COLOR_RESET" "$addr" >&2
+}
+
+main "$@"
diff --git a/data.d/vpn-wireguard/peers/faiwoo.tyil.net b/data.d/vpn-wireguard/peers/faiwoo.tyil.net
new file mode 100644
index 0000000..a0d9b00
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/faiwoo.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:1:2/128,10.58.1.2/32
+Endpoint = [2a01:4f9:c010:e20c::1]:51820
+PublicKey = VFum7R3gltUKMhx8XHDYpPHJzVmgb9cuYSKyIEyOKkc=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/jaomox.tyil.net b/data.d/vpn-wireguard/peers/jaomox.tyil.net
new file mode 100644
index 0000000..d5ca415
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/jaomox.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:3:3:1/128,10.58.3.1/32
+Endpoint = [163.172.218.246]:51820
+PublicKey = gn9hMP+0mljBktybTlPDMI+/QIWNyk1lKO46o8cY82A=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/mieshu.tyil.net b/data.d/vpn-wireguard/peers/mieshu.tyil.net
new file mode 100644
index 0000000..edd7dbc
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/mieshu.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:3:3317:2/128,10.58.3.2/32
+Endpoint = [2a10:3781:2453:1:7aaf:8ff:fe7a:9ba8]:51820
+PublicKey = gY8H+0sKzjr1hGLtsF+dTJsTM746k3Ufw6BczudRMmQ=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/nouki.tyil.net b/data.d/vpn-wireguard/peers/nouki.tyil.net
new file mode 100644
index 0000000..d93f1ba
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/nouki.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:2:3317:1/128,10.58.2.1/32
+Endpoint = [2a10:3781:2453:1:c8cb:d1a:bc0:dc38]:51820
+PublicKey = geCOglWhIHapf8V/5GuQglEcSJhBqUAP6GKOkZqC9Rg=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/qohrei.tyil.net b/data.d/vpn-wireguard/peers/qohrei.tyil.net
new file mode 100644
index 0000000..9ad882b
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/qohrei.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:1:1/128,10.58.1.1/32
+Endpoint = [2a01:4f9:c012:6273::1]:51820
+PublicKey = 944GFpkZnrVRziBBR1ST52PDwuFjW/XfXwggmLH46E8=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/ricui.tyil.net b/data.d/vpn-wireguard/peers/ricui.tyil.net
new file mode 100644
index 0000000..41ad9f9
--- /dev/null
+++ b/data.d/vpn-wireguard/peers/ricui.tyil.net
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = fd68:1058:1992:3381:0:1:1:3/128,10.58.1.3/32
+Endpoint = [2a01:4f8:1c1b:67d7::1]:51820
+PublicKey = sEMRuNGxTLUsUocC9Oq2WSpuBTFjHBdssaSNXCzmx0Y=
+PersistentKeepalive = 10
diff --git a/defaults b/defaults
index b5ec7fa..50fdd15 100644
--- a/defaults
+++ b/defaults
@@ -1,13 +1,56 @@
bashtard.backup.elements.0=filesystem
bashtard.backup.fs.paths.0=/etc
bashtard.backup.repositories.edephas=backup@edephas:{fqdn}
-k3s.network.cidr.pods=10.57.40.0/20
-k3s.network.cidr.svcs=10.57.48.0/20
-k3s.network.service.dns=10.57.48.53
-k3s.flux.repo.url=ssh://git@10.57.100.7/srv/git/tyilnet
dns.domain=tyil.net
dns.upstream.0=185.181.61.24
dns.upstream.1=188.68.231.82
dns.upstream.2=51.83.172.84
dns.upstream.3=2a03:94e0:1804::1
dns.upstream.4=2001:470:71:6dc::53
+etc-nixos.path=/etc/nixos
+etc-portage.path=/etc/portage
+k3s-master.cluster-domain=k3s.tyil.nl
+k3s-master.helm.apps.certmanager.chart=jetstack/cert-manager
+k3s-master.helm.apps.certmanager.namespace=base-system
+k3s-master.helm.apps.certmanager.values=certmanager.yaml
+k3s-master.helm.repos.jetstack.url=https://charts.jetstack.io
+k3s-master.service-node-port-min=1025
+k3s-node.cluster-domain=k3s.tyil.nl
+k3s-node.entry.host=10.57.101.1
+k3s-node.service-node-port-min=1025
+k8s-master.flags.control-plane-endpoint=k8s.tyil.nl
+k8s-master.flags.pod-network-cidr=fd68:1058:1992:8888::0/64
+k8s-master.flags.service-cidr=fd68:1058:1992:3381::80:0/108
+k8s-master.flags.service-dns-domain=k8s.tyil.nl
+k8s-node.master.address=k8s.tyil.nl
+k8s-node.node-ip&=vpn-wireguard.ipv6
+nftables.input.icmp.ipv4.policy=accept
+nftables.input.icmp.ipv4.rate=2/second
+nftables.input.icmp.ipv6.policy=accept
+nftables.input.icmp.ipv6.rate=2/second
+nftables.input.interfaces.lo.policy=accept
+nftables.input.interfaces.tyilnet.policy=accept
+nftables.input.interfaces.tyilnet1058.policy=accept
+nftables.input.policy=drop
+nftables.input.rules.mosh.policy=accept
+nftables.input.rules.mosh.port=60000-61000
+nftables.input.rules.mosh.proto=udp
+nftables.input.rules.ssh.policy=accept
+nftables.input.rules.ssh.port=22
+nftables.input.rules.ssh.proto=tcp
+nftables.input.rules.tincd.policy=accept
+nftables.input.rules.tincd.port=655
+nftables.input.rules.tincd.proto=tcp,udp
+nftables.input.rules.wireguard.policy=accept
+nftables.input.rules.wireguard.port=51820
+nftables.input.rules.wireguard.proto=udp
+nftables.input.state.established.policy=accept
+nftables.input.state.invalid.policy=drop
+nftables.input.state.related.policy=accept
+seaweedfs-master.replication=100
+vpn-tinc.name=tyilnet
+vpn-wireguard.interface=tyilnet1058
+vpn-wireguard.keepalive=10
+www-blog.generator=hugo
+www-blog.path=/var/www/nl.tyil.www
+www-blog.repository=https://git.tyil.nl/blog
diff --git a/hosts.d/anoia.tyil.net b/hosts.d/anoia.tyil.net
index e76c81b..40e23e4 100644
--- a/hosts.d/anoia.tyil.net
+++ b/hosts.d/anoia.tyil.net
@@ -1,4 +1,7 @@
-bashtard.backup.fs.paths.1=/home/tyil
+bashtard.backup.fs.paths.1=/etc
+bashtard.backup.fs.paths.2=/home/tyil
+bashtard.backup.repositories.1=rsync.net:{fqdn}
bashtard.ssh.host=10.57.100.3
meta.provider=self
-vpn.ipv4=10.57.100.3
+vpn-tinc.ipv4=10.57.100.3
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:3317:0:2
diff --git a/hosts.d/caeghi.tyil.net b/hosts.d/caeghi.tyil.net
index 652652e..35c70c3 100644
--- a/hosts.d/caeghi.tyil.net
+++ b/hosts.d/caeghi.tyil.net
@@ -5,4 +5,5 @@ bashtard.backup.fs.paths.3=/var/lib/mumble-server
bashtard.backup.repositories.1=rsync.net:{fqdn}
bashtard.ssh.host=10.57.20.2
meta.provider=hetzner
-vpn.ipv4=10.57.20.2
+vpn-tinc.ipv4=10.57.20.2
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:0:1
diff --git a/hosts.d/denahnu.tyil.net b/hosts.d/denahnu.tyil.net
deleted file mode 100644
index c9312f3..0000000
--- a/hosts.d/denahnu.tyil.net
+++ /dev/null
@@ -1,7 +0,0 @@
-bashtard.backup.borg.remote_paths.1=borg1
-bashtard.backup.fs.paths.1=/usr/home
-bashtard.backup.fs.paths.2=/usr/local/etc
-bashtard.backup.repositories.1=rsync.net:{fqdn}
-bashtard.ssh.host=10.57.20.4
-meta.provider=arubacloud
-vpn.ipv4=10.57.20.4
diff --git a/hosts.d/edephas.tyil.net b/hosts.d/edephas.tyil.net
index 9654d2b..75197a4 100644
--- a/hosts.d/edephas.tyil.net
+++ b/hosts.d/edephas.tyil.net
@@ -1,31 +1,12 @@
bashtard.backup.borg.remote_paths.rsync=borg1
bashtard.backup.db.postgresql.user=postgres
-bashtard.backup.elements.1=database_postgres
+bashtard.backup.elements.1=database_postgresql
bashtard.backup.fs.paths.1=/home/tyil
bashtard.backup.fs.paths.2=/home/tyil/.local/git
bashtard.backup.fs.paths.3=/var/www/*
bashtard.backup.repositories.edephas=/var/media/backups/{fqdn}
bashtard.backup.repositories.rsync=rsync.net:{fqdn}
bashtard.ssh.host=10.57.100.7
-git.repos.bashtard.description=Configuration Management System in Bash
-git.repos.blog.description=The source files to my blog, www.tyil.nl
-git.repos.dotfiles.description=My user-level configuration files, use with caution!
-git.repos.helm/invidious.description=Helm chart to deploy Invidious
-git.repos.helm/nitter.description=Helm chart to deploy Nitter
-git.repos.raku/config-parser-toml.description=TOML parser for Config
-git.repos.raku/config-parser-yaml.description=YAML parser for Config
-git.repos.raku/config.description=Extensible library for reading and writing configuration files in the Raku programming language
-git.repos.raku/hash-merge.description=Raku module for deep merging of Hashes
-git.repos.raku/io-path-xdg.description=Convenience functions for working with the XDG Base Directory Specification in the Raku programming language
-git.repos.raku/irc-client.description=Sources for the IRC::Client module for the Raku programming language
-git.repos.raku/irc-grammar.description=Grammar to parse IRC messages
-git.repos.raku/log-colored.description=A Log implementation with colored output
-git.repos.raku/log-json.description=A Log implementation with JSON formatted output
-git.repos.raku/log-simple.description=A simple implementation of the Log library for the Raku programming language
-git.repos.raku/log.description=An interface for logging mechanisms in the Raku programming language
-git.repos.raku/string-fold.description=Fold strings to a certain length
-git.repos.raku/url.description=A Raku library to handle URLs
-git.repos.rakudo-star.description=User-friendly distribution of the Raku programming language
-git.repos.tyilnet.description=Configuration for machines in my personal network
meta.provider=self
-vpn.ipv4=10.57.100.7
+vpn-tinc.ipv4=10.57.100.7
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:3317:0:1
diff --git a/hosts.d/faiwoo.tyil.net b/hosts.d/faiwoo.tyil.net
index e825963..27a007f 100644
--- a/hosts.d/faiwoo.tyil.net
+++ b/hosts.d/faiwoo.tyil.net
@@ -1,7 +1,12 @@
bashtard.backup.borg.remote_paths.1=borg1
bashtard.backup.fs.paths.1=/home
bashtard.backup.fs.paths.2=/var/www
+bashtard.backup.fs.paths.3=/etc
bashtard.backup.repositories.1=rsync.net:{fqdn}
bashtard.ssh.host=10.57.20.5
meta.provider=hetzner
-vpn.ipv4=10.57.20.5
+vpn-tinc.ipv4=10.57.20.5
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:1:2
+vpn-wireguard.endpoint=2a01:4f9:c010:e20c::1
+vpn-wireguard.ipv4=10.58.1.2
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:1:2
diff --git a/hosts.d/gaeru.tyil.net b/hosts.d/gaeru.tyil.net
index b895fa0..e3fc506 100644
--- a/hosts.d/gaeru.tyil.net
+++ b/hosts.d/gaeru.tyil.net
@@ -1,3 +1,8 @@
+bashtard.backup.borg.remote_paths.1=borg1
+bashtard.backup.fs.paths.1=/etc
+bashtard.backup.fs.paths.2=/home
+bashtard.backup.repositories.1=rsync.net:{fqdn}
bashtard.ssh.host=10.57.20.6
-meta.provider=hetzner
-vpn.ipv4=10.57.20.6
+meta.provider=leaseweb
+vpn-tinc.ipv4=10.57.20.6
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:2:0:1
diff --git a/hosts.d/hurzak.tyil.net b/hosts.d/hurzak.tyil.net
deleted file mode 100644
index 2731515..0000000
--- a/hosts.d/hurzak.tyil.net
+++ /dev/null
@@ -1,7 +0,0 @@
-bashtard.backup.borg.remote_paths.1=borg1
-bashtard.backup.fs.paths.1=/etc
-bashtard.backup.fs.paths.2=/home
-bashtard.backup.repositories.1=rsync.net:{fqdn}
-bashtard.ssh.host=10.57.20.7
-meta.provider=leaseweb
-vpn.ipv4=10.57.20.7
diff --git a/hosts.d/ivdea.tyil.net b/hosts.d/ivdea.tyil.net
deleted file mode 100644
index 826ab5a..0000000
--- a/hosts.d/ivdea.tyil.net
+++ /dev/null
@@ -1,6 +0,0 @@
-bashtard.backup.borg.remote_paths.1=borg1
-bashtard.backup.fs.paths.1=/etc
-bashtard.backup.fs.paths.2=/home/tyil
-bashtard.ssh.host=10.57.100.8
-meta.provider=self
-vpn.ipv4=10.57.100.8
diff --git a/hosts.d/jaomox.tyil.net b/hosts.d/jaomox.tyil.net
index e7901ef..3aed991 100644
--- a/hosts.d/jaomox.tyil.net
+++ b/hosts.d/jaomox.tyil.net
@@ -1,6 +1,29 @@
bashtard.backup.borg.remote_paths.1=borg1
bashtard.backup.fs.paths.1=/etc
bashtard.backup.fs.paths.2=/home/tyil
+bashtard.backup.repositories.1=rsync.net:{fqdn}
bashtard.ssh.host=10.57.21.1
-meta.provider=self
-vpn.ipv4=10.57.21.1
+meta.provider=oneprovider
+nftables.input.rules.seaweedfs-filer.policy=accept
+nftables.input.rules.seaweedfs-filer.port=8888
+nftables.input.rules.seaweedfs-filer.proto=tcp
+nftables.input.rules.seaweedfs-master.policy=accept
+nftables.input.rules.seaweedfs-master.port=9333
+nftables.input.rules.seaweedfs-master.proto=tcp
+nftables.input.rules.seaweedfs-s3.policy=accept
+nftables.input.rules.seaweedfs-s3.port=8333
+nftables.input.rules.seaweedfs-s3.proto=tcp
+nftables.input.rules.seaweedfs-volume-0.policy=accept
+nftables.input.rules.seaweedfs-volume-0.port=8080
+nftables.input.rules.seaweedfs-volume-0.proto=tcp
+seaweedfs-filer.ip&=vpn-wireguard.ipv6
+seaweedfs-master.ip&=vpn-wireguard.ipv6
+seaweedfs-volume.ip&=vpn-wireguard.ipv6
+seaweedfs-volume.dc&=meta.provider
+seaweedfs-volume.rack=amsterdam
+seaweedfs-volume.volumes.0.port=8080
+vpn-tinc.ipv4=10.57.21.1
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:3:3:1
+vpn-wireguard.endpoint=163.172.218.246
+vpn-wireguard.ipv4=10.58.3.1
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:3:3:1
diff --git a/hosts.d/krohxe.tyil.net b/hosts.d/krohxe.tyil.net
deleted file mode 100644
index e705492..0000000
--- a/hosts.d/krohxe.tyil.net
+++ /dev/null
@@ -1,2 +0,0 @@
-meta.provider=self
-vpn.ipv4=10.57.20.8
diff --git a/hosts.d/ludifah.tyil.net b/hosts.d/ludifah.tyil.net
new file mode 100644
index 0000000..810bf8d
--- /dev/null
+++ b/hosts.d/ludifah.tyil.net
@@ -0,0 +1,8 @@
+bashtard.backup.borg.remote_paths.1=borg1
+bashtard.backup.fs.paths.1=/etc
+bashtard.backup.fs.paths.2=/home/tyil
+bashtard.backup.repositories.1=rsync.net:{fqdn}
+bashtard.ssh.host=10.57.100.9
+meta.provider=self
+vpn-tinc.ipv4=10.57.100.9
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:3317:0:4
diff --git a/hosts.d/mieshu.tyil.net b/hosts.d/mieshu.tyil.net
new file mode 100644
index 0000000..701dc57
--- /dev/null
+++ b/hosts.d/mieshu.tyil.net
@@ -0,0 +1,36 @@
+bashtard.ssh.host=10.57.101.10
+git.repodir=/mnt/pool/git
+git.repos.bashtard.description=Configuration Management System in Bash
+git.repos.bashtard/k3s-master.description=A Bashtard playbook to set up k3s on a single-node
+git.repos.bashtard/vpn-tinc.description=A Bashtard playbook for configuring tinc
+git.repos.bashtard/www-static.description=A Bashtard playbook for generating static websites
+git.repos.blog.description=The source files to my blog, www.tyil.nl
+git.repos.dotfiles.description=My user-level configuration files, use with caution!
+git.repos.helm/invidious.description=Helm chart to deploy Invidious
+git.repos.helm/nitter.description=Helm chart to deploy Nitter
+git.repos.kubernetes/nfs-operator.description=An operator for Kubernetes to provision NFS mounts for PVC resources
+git.repos.raku/config.description=Extensible library for reading and writing configuration files in the Raku programming language
+git.repos.raku/config-parser-toml.description=TOML parser for Config
+git.repos.raku/config-parser-yaml.description=YAML parser for Config
+git.repos.rakudo-star.description=User-friendly distribution of the Raku programming language
+git.repos.raku/hash-merge.description=Raku module for deep merging of Hashes
+git.repos.raku/io-path-xdg.description=Convenience functions for working with the XDG Base Directory Specification in the Raku programming language
+git.repos.raku/irc-client.description=Sources for the IRC::Client module for the Raku programming language
+git.repos.raku/irc-grammar.description=Grammar to parse IRC messages
+git.repos.raku/log-colored.description=A Log implementation with colored output
+git.repos.raku/log.description=An interface for logging mechanisms in the Raku programming language
+git.repos.raku/log-json.description=A Log implementation with JSON formatted output
+git.repos.raku/log-simple.description=A simple implementation of the Log library for the Raku programming language
+git.repos.raku/string-fold.description=Fold strings to a certain length
+git.repos.raku/url.description=A Raku library to handle URLs
+git.repos.tyilnet.description=Configuration for machines in my personal network
+git.repos.vim/camelcasemotion.description=A plugin for vim to make motions stop at camelCase or snake_case boundaries
+k3s-node.role=server
+meta.provider=self
+nfs-server.exports./mnt/exports/invidious.fsid=97d3493c-1397-479f-bb8a-5c71833b9e17
+nfs-server.exports./mnt/exports/prometheus.fsid=052f42b5-33c0-40b9-aa69-d05dc03a9fa1
+vpn-tinc.ipv4=10.57.101.10
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:3317:3:1
+vpn-wireguard.endpoint=2a10:3781:2453:1:7aaf:8ff:fe7a:9ba8
+vpn-wireguard.ipv4=10.58.3.2
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:3:3317:2
diff --git a/hosts.d/nouki.tyil.net b/hosts.d/nouki.tyil.net
new file mode 100644
index 0000000..d931892
--- /dev/null
+++ b/hosts.d/nouki.tyil.net
@@ -0,0 +1,8 @@
+bashtard.ssh.host=10.57.101.20
+k3s-node.role=server
+meta.provider=self
+vpn-tinc.ipv4=10.57.101.20
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:3317:2:1
+vpn-wireguard.endpoint=2a10:3781:2453:1:c8cb:d1a:bc0:dc38
+vpn-wireguard.ipv4=10.58.2.1
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:2:3317:1
diff --git a/hosts.d/oolah.tyil.net b/hosts.d/oolah.tyil.net
new file mode 100644
index 0000000..d9800bf
--- /dev/null
+++ b/hosts.d/oolah.tyil.net
@@ -0,0 +1,7 @@
+bashtard.ssh.host=10.57.101.1
+k3s-master.manifest-prefix=tyilnet
+k3s-node.role=server
+k3s-node.entry.host=10.57.101.20
+meta.provider=self
+vpn-tinc.ipv4=10.57.101.1
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:3317:1:1
diff --git a/hosts.d/plarabe.tyil.net b/hosts.d/plarabe.tyil.net
new file mode 100644
index 0000000..8a8ef11
--- /dev/null
+++ b/hosts.d/plarabe.tyil.net
@@ -0,0 +1,4 @@
+bashtard.ssh.host=10.57.100.10
+meta.provider=self
+vpn-tinc.ipv4=10.57.100.10
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:3317:0:3
diff --git a/hosts.d/qohrei.tyil.net b/hosts.d/qohrei.tyil.net
new file mode 100644
index 0000000..536b51f
--- /dev/null
+++ b/hosts.d/qohrei.tyil.net
@@ -0,0 +1,18 @@
+k8s-master.flags.apiserver-advertise-address&=vpn-wireguard.ipv6
+meta.provider=hetzner
+nftables.input.interfaces.cilium*.policy=accept
+nftables.input.interfaces.lxc*.policy=accept
+nftables.input.rules.etcd.policy=accept
+nftables.input.rules.etcd.port=2379-2381
+nftables.input.rules.etcd.proto=tcp
+nftables.input.rules.kubeapi.policy=accept
+nftables.input.rules.kubeapi.port=6443
+nftables.input.rules.kubeapi.proto=tcp
+nftables.input.rules.kubelet.policy=accept
+nftables.input.rules.kubelet.port=10250
+nftables.input.rules.kubelet.proto=tcp
+vpn-tinc.ipv4=10.57.250.250
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:1:1
+vpn-wireguard.endpoint=2a01:4f9:c012:6273::1
+vpn-wireguard.ipv4=10.58.1.1
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:1:1
diff --git a/hosts.d/ricui.tyil.net b/hosts.d/ricui.tyil.net
new file mode 100644
index 0000000..3100c45
--- /dev/null
+++ b/hosts.d/ricui.tyil.net
@@ -0,0 +1,11 @@
+meta.provider=hetzner
+nftables.input.interfaces.cilium*.policy=accept
+nftables.input.interfaces.lxc*.policy=accept
+nftables.input.rules.kubelet.policy=accept
+nftables.input.rules.kubelet.port=10250
+nftables.input.rules.kubelet.proto=tcp
+vpn-tinc.ipv4=10.57.20.7
+vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:1:3
+vpn-wireguard.endpoint=2a01:4f8:1c1b:67d7::1
+vpn-wireguard.ipv4=10.58.1.3
+vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:1:3
diff --git a/playbooks.d/remotes b/os.d/linux-alpine_linux
index e69de29..e69de29 100644
--- a/playbooks.d/remotes
+++ b/os.d/linux-alpine_linux
diff --git a/os.d/linux-debian_gnu_linux b/os.d/linux-debian_gnu_linux
index e69de29..b0d8bb7 100644
--- a/os.d/linux-debian_gnu_linux
+++ b/os.d/linux-debian_gnu_linux
@@ -0,0 +1 @@
+pkg.borg=borgbackup
diff --git a/playbooks.d/dns-dnsmasq/description.txt b/playbooks.d/dns-dnsmasq/description.txt
deleted file mode 100644
index 0c12e3a..0000000
--- a/playbooks.d/dns-dnsmasq/description.txt
+++ /dev/null
@@ -1 +0,0 @@
-Local DNS resolver with dnsmasq
diff --git a/playbooks.d/dns-dnsmasq/etc/defaults b/playbooks.d/dns-dnsmasq/etc/defaults
deleted file mode 100644
index 4d3305a..0000000
--- a/playbooks.d/dns-dnsmasq/etc/defaults
+++ /dev/null
@@ -1,6 +0,0 @@
-pkg.dnsmasq=dnsmasq
-svc.dnsmasq=dnsmasq
-
-dns.port=53
-dns.host=127.0.0.1
-dns.domain=localhost
diff --git a/playbooks.d/dns-dnsmasq/etc/os.d/linux-gentoo b/playbooks.d/dns-dnsmasq/etc/os.d/linux-gentoo
deleted file mode 100644
index 2aec434..0000000
--- a/playbooks.d/dns-dnsmasq/etc/os.d/linux-gentoo
+++ /dev/null
@@ -1 +0,0 @@
-pkg.dnsmasq=net-dns/dnsmasq
diff --git a/playbooks.d/dns-dnsmasq/playbook.bash b/playbooks.d/dns-dnsmasq/playbook.bash
deleted file mode 100644
index f4be8cd..0000000
--- a/playbooks.d/dns-dnsmasq/playbook.bash
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/usr/bin/env bash
-
-playbook_add() {
- info "$BASHTARD_PLAYBOOK" "Installing packages"
- pkg install dnsmasq
-
- playbook_sync
-
- info "$BASHTARD_PLAYBOOK" "Enabling services"
- svc enable dnsmasq
- svc start dnsmasq
-}
-
-playbook_sync() {
- mkdir -pv -- "$(config "fs.etcdir")/dnsmasq.d"
-
- info "$BASHTARD_PLAYBOOK" "Writing config"
- file_template "dnsmasq.conf" \
- "host=$(config "dns.host")" \
- "port=$(config "dns.port")" \
- "domain=$(config "dns.domain")" \
- "confd=$(config "fs.etcdir")/dnsmasq.d" \
- > "$(config "fs.etcdir")/dnsmasq.conf"
-
- while read -r key
- do
- printf "server=%s\n" "$(config "dns.upstream.$key")"
- done < <(config_subkeys "dns.upstream") > "$(config "fs.etcdir")/dnsmasq.d/servers.conf"
-
- while read -r key
- do
- printf "address=/$(config "dns.address.$key" | sed s@:@/@)\n"
- done < <(config_subkeys "dns.address") > "$(config "fs.etcdir")/dnsmasq.d/addresses.conf"
-
- [[ "$BASHTARD_COMMAND" == "add" ]] && return
-
- info "$BASHTARD_PLAYBOOK" "Restarting services"
- svc restart dnsmasq
-}
-
-playbook_del() {
- info "$BASHTARD_PLAYBOOK" "Disabling services"
- svc stop dnsmasq
- svc disable dnsmasq
-
- info "$BASHTARD_PLAYBOOK" "Uninstalling packages"
- pkg uninstall dnsmasq
-}
diff --git a/playbooks.d/dns-dnsmasq/share/dnsmasq.conf b/playbooks.d/dns-dnsmasq/share/dnsmasq.conf
deleted file mode 100644
index 4fe090c..0000000
--- a/playbooks.d/dns-dnsmasq/share/dnsmasq.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# Binding
-listen-address=${host}
-port=${port}
-bind-interfaces
-
-# Local domain
-domain=${domain}
-
-# Upstream DNS Servers
-no-resolv
-conf-file=${confd}/servers.conf
-
-# Addresses
-conf-file=${confd}/addresses.conf
diff --git a/playbooks.d/etc-nixos/description.txt b/playbooks.d/etc-nixos/description.txt
new file mode 100644
index 0000000..8d90523
--- /dev/null
+++ b/playbooks.d/etc-nixos/description.txt
@@ -0,0 +1 @@
+A symlinked directory to keep its content synced through Bashtard
diff --git a/playbooks.d/etc-nixos/playbook.bash b/playbooks.d/etc-nixos/playbook.bash
new file mode 100644
index 0000000..3140bb3
--- /dev/null
+++ b/playbooks.d/etc-nixos/playbook.bash
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+# shellcheck disable=SC2034
+
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.path]="required"
+
+playbook_add() {
+ mkdir -pv -- "$(dirname "$(config "$BASHTARD_PLAYBOOK.path")")"
+ ln -sv -- "$(playbook_path "data")" "$(config "$BASHTARD_PLAYBOOK.path")"
+}
+
+playbook_sync() {
+ :;
+}
+
+playbook_del() {
+ rm -- "$(config "$BASHTARD_PLAYBOOK.path")"
+}
diff --git a/playbooks.d/etc-portage/description.txt b/playbooks.d/etc-portage/description.txt
new file mode 100644
index 0000000..8d90523
--- /dev/null
+++ b/playbooks.d/etc-portage/description.txt
@@ -0,0 +1 @@
+A symlinked directory to keep its content synced through Bashtard
diff --git a/playbooks.d/etc-portage/playbook.bash b/playbooks.d/etc-portage/playbook.bash
new file mode 100644
index 0000000..3140bb3
--- /dev/null
+++ b/playbooks.d/etc-portage/playbook.bash
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+# shellcheck disable=SC2034
+
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.path]="required"
+
+playbook_add() {
+ mkdir -pv -- "$(dirname "$(config "$BASHTARD_PLAYBOOK.path")")"
+ ln -sv -- "$(playbook_path "data")" "$(config "$BASHTARD_PLAYBOOK.path")"
+}
+
+playbook_sync() {
+ :;
+}
+
+playbook_del() {
+ rm -- "$(config "$BASHTARD_PLAYBOOK.path")"
+}
diff --git a/playbooks.d/git-server/playbook.bash b/playbooks.d/git-server/playbook.bash
index f1b8287..74eda61 100644
--- a/playbooks.d/git-server/playbook.bash
+++ b/playbooks.d/git-server/playbook.bash
@@ -32,7 +32,7 @@ playbook_sync() {
while read -r repo
do
local name="$(config "git.repos.$repo.name" "$repo")"
- local path="$(config "git.repodir")/$(config "git.repos.$repo.path" "$name")"
+ local path="$(config "git.repodir")/$(config "git.repos.$repo.path" "$name").git"
info "$BASHTARD_PLAYBOOK" "Ensuring $name exists ($repo)"
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub
deleted file mode 100644
index e1d7ab3..0000000
--- a/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICk/6jLojpp5Jaum8C1trxqtZuLd/GJH8sh0SB/Z/y9J root@bast
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub
index 3056a3d..fe3c6a7 100644
--- a/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub
+++ b/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICj0hW49y+AGuMN2D672I5K6ZVLPVZLCsd+2MIat54nP root@gaeru.tyil.net
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmqoy/OXsmmNpxEN/xISbHwDFt2u8f3HmGIvS2CASHm root@gaeru.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub
new file mode 100644
index 0000000..0faf439
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJLcXzcOPEYQWEARFgPpZCq2NZhTBWTsIezd4Mrkt0PY root@mieshu.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub
new file mode 100644
index 0000000..a19b34e
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh9xYBxb5n2N20Dj03lsij32UkPJ27EMQ/6VdKhjWVJ root@nouki.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub
new file mode 100644
index 0000000..d4c3c0d
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII6oh68n5HXeK45YaNnQC0mHufB/bUgsEyE500OW40B1 root@oolah.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub
index aea0daa..f1b7158 100644
--- a/playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLpn3Tny1LSWaLeIDmdAkZZoAajSJN9CQvfFdgLFfsK tyil@anoia.tyil.net
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtUkeSiwk+1UnMfy8Z53cQkKTlBBFZXUuDiXfPcalHj tyil@anoia
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub
deleted file mode 100644
index 00e492d..0000000
--- a/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub
+++ /dev/null
@@ -1,5 +0,0 @@
-<<<<<<< HEAD
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAXhPa+EGS4NySl0YqG38xGEab6uqdimseqq4tlLWyV4 tyil@bast.tyil.net
-=======
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILE1+6HjG3XvLQDHLwnFzq78SEsPTNa8Wu6+inmTMqu7 tyil@bast
->>>>>>> d8b0063 (Update pubkey for tyil@bast)
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub
new file mode 100644
index 0000000..d5632d9
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ94ffGPvEb/Hi2B2XSaYjKpMiV93fzGLe0QUlXRJb1L tyil@gaeru.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub
deleted file mode 100644
index 834bcd2..0000000
--- a/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+Ki28DBM3A8QUpxbAlZx2x111+rhn8JPcec67y9xi/ tyil@ivdea.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub
new file mode 100644
index 0000000..e3503e7
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIVPGs2LkDvdkMzwR1Crk8OblMQD2snClUuIcYgUYcu4 tyil@ludifah.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub
new file mode 100644
index 0000000..a70b37c
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFqLhjoIYRZmkD9sv1l1c03x6EpkadjfrGJ+4gqgkmp5 tyil@mieshu.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub
new file mode 100644
index 0000000..52f292a
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNztf75LVF+UvoIDyduHfynZupdC+9g7RaIs6cGgmCa tyil@nouki.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub
new file mode 100644
index 0000000..dabadac
--- /dev/null
+++ b/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkjrJ6agLK5Bdg2Y5B+88XDbP5UsQyvdUbd3LrOVmjI tyil@oolah.tyil.net
diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub
deleted file mode 100644
index 1b8d9e6..0000000
--- a/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqntlHQ/3HHPUoNl7bpQ6pZIxZHnUAAIXTB5eBjDE0auJZE0Qz5HjUkqZNSb0SzoK9GgLLMH7yNMaYMSTRJguRARRTY3MpdQbrsMu5/8HbKZwxhy7jVRAODnIDO2b3A67ZOHQAazNZYlX873fVhDJHP3RPpYWJS1L2jyk6Z3euvg0duo4JolBEHzmuDi8mEhdNhjW54VM9CRofRrD2VBrnxbmH6LCQwVfuEiz7jVlyugKIiPtaX/9fSnwUVjpNVn0TA93FL0M6xypZFywORrAGLV9kuoQ/G0iVfXqH1A04OFzH1RGNq+oHfHWYZdE098SS+ur9E8+wXcIDBkkI37kF tyil@sessifet.tyil.net
diff --git a/playbooks.d/k3s-master b/playbooks.d/k3s-master
new file mode 160000
+Subproject 27d48e4dec3e2eee30d6000f16dc7eb8f67b85e
diff --git a/playbooks.d/k3s-master/description.txt b/playbooks.d/k3s-master/description.txt
deleted file mode 100644
index bf1fbab..0000000
--- a/playbooks.d/k3s-master/description.txt
+++ /dev/null
@@ -1 +0,0 @@
-Playbook for a k3s node
diff --git a/playbooks.d/k3s-master/etc/defaults b/playbooks.d/k3s-master/etc/defaults
deleted file mode 100644
index eab4aee..0000000
--- a/playbooks.d/k3s-master/etc/defaults
+++ /dev/null
@@ -1,8 +0,0 @@
-pkg.k3s=k3s
-pkg.helm=helm
-
-k3s.domain=cluster.local
-k3s.network.cidr.pods=172.19.0.0/16
-k3s.network.cidr.svcs=172.20.0.0/16
-k3s.network.service.dns=172.20.0.53
-k3s.flux.repo.branch=master
diff --git a/playbooks.d/k3s-master/etc/os.d/linux-gentoo b/playbooks.d/k3s-master/etc/os.d/linux-gentoo
deleted file mode 100644
index 4aaaabf..0000000
--- a/playbooks.d/k3s-master/etc/os.d/linux-gentoo
+++ /dev/null
@@ -1,2 +0,0 @@
-pkg.k3s=sys-cluster/k3s
-pkg.helm=app-admin/helm
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/kustomization.yaml
deleted file mode 100644
index c5b9583..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- media
-- personal-services
-- public-services
-- servarr
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/deployment.yaml
deleted file mode 100644
index 9e5acd9..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/deployment.yaml
+++ /dev/null
@@ -1,77 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: dirlist
- namespace: media
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
- spec:
- containers:
- - name: miniserve
- image: docker.io/svenstaro/miniserve:latest
- args:
- - "--enable-tar-gz"
- - "--qrcode"
- - "--enable-tar"
- - "/var/www"
- ports:
- - containerPort: 8080
- volumeMounts:
- - name: anime-movies
- mountPath: /var/www/anime-movies
- readOnly: true
- - name: anime-series
- mountPath: /var/www/anime-series
- readOnly: true
- - name: books
- mountPath: /var/www/books
- readOnly: true
- - name: movies
- mountPath: /var/www/movies
- readOnly: true
- - name: music
- mountPath: /var/www/music
- readOnly: true
- - name: series
- mountPath: /var/www/series
- readOnly: true
- volumes:
- - name: anime-movies
- hostPath:
- type: Directory
- path: /mnt/media/anime-movies/exported
- - name: anime-series
- hostPath:
- type: Directory
- path: /mnt/media/anime-series/exported
- - name: books
- hostPath:
- type: Directory
- path: /mnt/media/books/exported
- - name: movies
- hostPath:
- type: Directory
- path: /mnt/media/movies/exported
- - name: music
- hostPath:
- type: Directory
- path: /mnt/media/music/exported
- - name: series
- hostPath:
- type: Directory
- path: /mnt/media/series/exported
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/ingress.yaml
deleted file mode 100644
index 4a87af7..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/ingress.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: dirlist
- namespace: media
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
-spec:
- ingressClassName: "nginx"
- rules:
- - host: media.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: dirlist
- port:
- number: 80
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/kustomization.yaml
deleted file mode 100644
index 8059d7b..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- dirlist
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/kustomization.yaml
deleted file mode 100644
index 5674eec..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- nextcloud
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/kustomization.yaml
deleted file mode 100644
index 9708886..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- release.yaml
-- secret.yaml
-- volume.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/release.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/release.yaml
deleted file mode 100644
index daef587..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/release.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: nextcloud
- namespace: personal-services
-spec:
- interval: 5m
- chart:
- spec:
- chart: nextcloud
- version: 3.1.2
- sourceRef:
- kind: HelmRepository
- name: nextcloud
- namespace: flux-system
- interval: 1m
- valuesFrom:
- - kind: Secret
- name: nextcloud-values
- values:
- ingress:
- enabled: true
- nextcloud:
- host: cloud.tyil.nl
- mail:
- enabled: true
- fromAddress: cloud
- domain: tyil.nl
- smtp:
- host: tyil.email
- secure: ssl
- port: 456
- authtype: LOGIN
- externalDatabase:
- enabled: true
- type: postgresql
- host: 10.57.100.7
- database: nextcloud
- cronjob:
- enabled: true
- metrics:
- enabled: true
- persistence:
- nextcloudData:
- enabled: true
- existingClaim: nextcloud-data
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/secret.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/secret.yaml
deleted file mode 100644
index c2f4953..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/secret.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
- creationTimestamp: null
- name: nextcloud-values
- namespace: personal-services
-spec:
- encryptedData:
- values.yaml: AgCdGVEMcUN0W5n2SRTsptx6vvPjf1kf2NBz0MMg4KAYLWikWJRfLqLHyy8axwuMWfMf+OyIllXVkdu3QisM51Z6Y4r2pBW+hpfMIk0Zo0l/0XhipOv3erVhrKBAOR2qPsp/bHBGIe76UNG0QYzGjrLjVDfG9Xk42tNQ+bMIn0uSvXF3Q0mNeL6GZehTijS7y/VG3kXd8HccoMTAcsPKXy442CrFwtv2i9FToJ6Rpz7vLu510/8odM1SARnA4mGRUm3dm1e9P/uUvX/MEML3pEkRgzBGnQEtJppDQ92zt9HOAJmsF96vy5KCtF0mbU7xDzoRsoVmHljLMrChQJTyis7d4meA364s61BmG2VMBSEFargqPeWu95/Ts6GM2fe4vyt57x+lW8vGq51pDnSIUl9aF0wi4inEmvYybYf9njCLjqMCG/hRdqBtnUJWlXUxzDfN9iQU5k+49DYWJf9x47ShOOQjO4p6idBuBPe62Ct33fYVEvxTF/yN3a3nB0ntndNzs2wcl+xCJ5iNCAjtZ3cTEPBGa45b5PYffJJcPCSpI+xx7Lxule+qVR1VUn8Q0ieRQ/PjwFA68DHEqDqKd/RvzKAEvvwYzd1ONd5pwGYn5XaczrQcR4wjRZRrcM2Rsr+hcdur+zPNhflrcvRACipNk3Jye2kqwZGgltq7/ftGyPBP+MH68MjWM7GtQWnzhyEjmHNYBQB3DFwPRE3jdN9MlfpXgc/MCUc5tKLfuqo9Skiajefx1pC6U7bS0vPPSm8vWBf+wekgdI3zW0hWdN0DDuatuGYrcbZYmezebz8zr/Pa6IOtJ73pzdK9K/obUt0Vkuy4/uLsC7WqyRwYRHT6ZU4rggeae8RNyMmhuUjZOFezwNL71AZrilh/I05xF8jvdRqLZXlRmZFDBj9/7qm30cHBU436FTbxmbB2YIl3NjXa9x47IgmDKjaNL9Als4fEZ6dfE5j6W7EkcgPLdMXK+G1S/F6aK08IA5n1QecPISDwpaIO44FK2yJz5+K/i6cb
- template:
- data: null
- metadata:
- creationTimestamp: null
- name: nextcloud-values
- namespace: personal-services
- type: Opaque
-
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/kustomization.yaml
deleted file mode 100644
index ab637fe..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- release.yaml
-- values.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/release.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/release.yaml
deleted file mode 100644
index 3664202..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/release.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: invidious
- namespace: public-services
-spec:
- interval: 5m
- chart:
- spec:
- chart: .
- version: 2.0.2
- sourceRef:
- kind: GitRepository
- name: tyil-helm-invidious
- namespace: flux-system
- interval: 1m
- valuesFrom:
- - name: invidious-config
- kind: Secret
- values:
- replicaCount: 1
- ingress:
- enabled: true
- className: nginx
- hosts:
- - host: youtube.alt.tyil.nl
- paths:
- - path: /
- config:
- channel_threads: 1
- db:
- user: invidious
- host: 10.57.100.7
- port: 5432
- dbname: invidious
- domain: youtube.alt.tyil.nl
- feed_threads: 1
- full_refresh: false
- https_only: true
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/values.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/values.yaml
deleted file mode 100644
index 78c730f..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/values.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
- creationTimestamp: null
- name: invidious-config
- namespace: public-services
-spec:
- encryptedData:
- values.yaml: AgCuc3T5kWhkGE1FWFLcuq3psNmphDVhAV/20KVnCVyvdmE6doLsPB77LU9y4hmGBRBsrVaN7jk7ZyeYgHE6oO56eX+9f60iz0Brx8LQQNIhGjuXDsjMWY3k6pWecgaWqcMSN05RNJ5C1c2g2zjUjr1TSuuvxibaVBWC34WRlIpO3xjzxJkW9XbJ6b/HyfCa+qu9pKT050Shx4CfHNGLUSzeOHktllGrdiizbjzU08DJFz5MVwZT2u4oEDYVKyAjF3at/61f/5u5ge7BmR0fR0vgM3Nd41oOX1frbHEjqwZmWT1Pbzm7MlYWmzMx7VC+lh7xepSKvmK2Xv6xMwOgXZErgE5v/VO0bVBzbpT/i623Av4ttmpmJNBRHV5Zhsi+fW/Cm0r2Y/e4ZRxd5XP4NqAkYrfwbSXsVFpN//ioZbeDdAK7u4ItfMWXUhOvg2ioxPBUwpUyFQpJ3r5zHCHKIdSQzramnTuA71R9s/z4O7AQGiv+xtUESFJPxiAn6q264yntI+NXM4dc7rw2gaTzan3uKKIdP6sXNTsH0VoYuPX4nNAkJXAk6vsnbJUUhDX4ZFcYwKtfCwbRMO2fXsRtrlvWEZhxnzYQVaV0T8gynzqRBvgy4AafIt4CRHXyQ7NnwlXxU3E3IwcuQ4YUjGqo0eiWzpYCxSEBLXavdqe74v/X/Gb/mrdaSPfKwzPO1YK9cQeaoGbQIN5THFo5rVxl3U3lfIMi4q7zcwaDBIPIaom4lkO8UWn4DWY/g5Lsz0bHLJXkT1wKBMr1m7Gbk+M1kgkVZy/7AeYiTVCuM47mAo09cauEn8T9XxwhQQ==
- template:
- data: null
- metadata:
- creationTimestamp: null
- name: invidious-config
- namespace: public-services
- type: Opaque
-
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/kustomization.yaml
deleted file mode 100644
index 3ce6c98..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/kustomization.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- invidious
-- nitter
-- omgur
-- searx
-- teddit
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/nitter/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/nitter/kustomization.yaml
deleted file mode 100644
index 3c7eaaa..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/nitter/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- release.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/nitter/release.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/nitter/release.yaml
deleted file mode 100644
index 80a11ca..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/nitter/release.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: nitter
- namespace: public-services
-spec:
- interval: 5m
- chart:
- spec:
- chart: .
- version: 0.1.0
- sourceRef:
- kind: GitRepository
- name: tyil-helm-nitter
- namespace: flux-system
- interval: 1m
- values:
- replicaCount: 1
- ingress:
- enabled: true
- className: nginx
- hosts:
- - host: twitter.alt.tyil.nl
- paths:
- - path: /
- redis:
- host: 10.57.100.7
- urlReplacements:
- twitter: twitter.alt.tyil.nl
- youtube: yewtu.be
- reddit: reddit.alt.tyil.nl
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/deployment.yaml
deleted file mode 100644
index a4647dd..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/deployment.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: omgur
- namespace: public-services
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
- app.kubernetes.io/part-of: public-services
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
- app.kubernetes.io/part-of: public-services
- spec:
- containers:
- - name: omgur
- image: registry.gitlab.com/geraldwuhoo/omgur:latest
- ports:
- - containerPort: 8080
- env:
- - name: REDIS_HOST
- value: "10.57.100.7"
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/ingress.yaml
deleted file mode 100644
index ca92947..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/ingress.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: omgur
- namespace: public-services
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
- app.kubernetes.io/part-of: public-services
-spec:
- ingressClassName: "nginx"
- rules:
- - host: imgur.alt.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: omgur
- port:
- number: 80
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/deployment.yaml
deleted file mode 100644
index 7bfb6cc..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/deployment.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: searx
- namespace: public-services
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
- app.kubernetes.io/part-of: public-services
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
- app.kubernetes.io/part-of: public-services
- spec:
- containers:
- - name: searx
- image: searx/searx:latest
- ports:
- - containerPort: 8080
- env:
- - name: BIND_ADDRESS
- value: "0.0.0.0:8080"
- - name: BASE_URL
- value: "https://searx.tyil.nl"
- volumeMounts:
- - name: srv
- subPath: config
- mountPath: /etc/searx
- - name: filtron
- image: dalf/filtron
- args: [
- "-listen", "0.0.0.0:4040",
- "-target", "searx:8080",
- ]
- ports:
- - containerPort: 4040
- volumeMounts:
- - name: srv
- subPath: rules.json
- mountPath: /etc/filtron/rules.json
- volumes:
- - name: srv
- hostPath:
- type: Directory
- path: /srv/searx
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/ingress.yaml
deleted file mode 100644
index fdbc6bf..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/ingress.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: searx
- namespace: public-services
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
- app.kubernetes.io/part-of: public-services
-spec:
- ingressClassName: "nginx"
- rules:
- - host: searx.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: searx
- port:
- number: 80
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/deployment.yaml
deleted file mode 100644
index 9542cde..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/deployment.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: teddit
- namespace: public-services
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
- app.kubernetes.io/part-of: public-services
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
- app.kubernetes.io/part-of: public-services
- spec:
- containers:
- - name: teddit
- image: teddit/teddit:latest
- ports:
- - containerPort: 8080
- env:
- - name: DOMAIN
- value: "reddit.alt.tyil.nl"
- - name: REDIS_DB
- value: "1"
- - name: REDIS_HOST
- value: "10.57.100.7"
- - name: TRUST_PROXY
- value: "true"
- - name: USE_HELMET
- value: "true"
- - name: USE_HELMET_HSTS
- value: "true"
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/ingress.yaml
deleted file mode 100644
index 55fc30a..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/ingress.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: teddit
- namespace: public-services
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
- app.kubernetes.io/part-of: public-services
-spec:
- ingressClassName: "nginx"
- rules:
- - host: reddit.alt.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: teddit
- port:
- number: 80
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/kustomization.yaml
deleted file mode 100644
index 8020a53..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- public-services
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/kustomization.yaml
deleted file mode 100644
index 168bb15..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- searxng
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/deployment.yaml
deleted file mode 100644
index f5f6064..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/deployment.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: searxng
- namespace: public-services
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searxng
- app.kubernetes.io/part-of: searxng
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searxng
- app.kubernetes.io/part-of: searxng
- spec:
- containers:
- - name: searxng
- image: searxng/searxng:2022.08.01-7c9c1124
- ports:
- - containerPort: 8080
- env:
- - name: BASE_URL
- value: https://searxng.tyil.nl
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/ingress.yaml
deleted file mode 100644
index 8bd3d94..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/ingress.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: searxng
- namespace: public-services
- annotations:
- cert-manager.io/cluster-issuer: "letsencrypt-production"
-spec:
- ingressClassName: "nginx"
- tls:
- - hosts:
- - searxng.tyil.nl
- secretName: tls-nl.tyil.searxng
- rules:
- - host: searxng.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: searxng
- port:
- number: 80
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/kustomization.yaml
deleted file mode 100644
index e0ff25d..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- service.yaml
-- ingress.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/service.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/service.yaml
deleted file mode 100644
index 23fb8ac..0000000
--- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/service.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: searxng
- namespace: public-services
-spec:
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searxng
- app.kubernetes.io/part-of: searxng
- ports:
- - protocol: TCP
- port: 80
- targetPort: 8080
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/deployment.yaml
deleted file mode 100644
index 920b1f5..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/deployment.yaml
+++ /dev/null
@@ -1,77 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: dirlist
- namespace: media
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
- spec:
- containers:
- - name: miniserve
- image: docker.io/svenstaro/miniserve:latest
- args:
- - "--enable-tar-gz"
- - "--qrcode"
- - "--enable-tar"
- - "/var/www"
- ports:
- - containerPort: 8080
- volumeMounts:
- - name: anime-movies
- mountPath: /var/www/anime-movies
- readOnly: true
- - name: anime-series
- mountPath: /var/www/anime-series
- readOnly: true
- - name: books
- mountPath: /var/www/books
- readOnly: true
- - name: movies
- mountPath: /var/www/movies
- readOnly: true
- - name: music
- mountPath: /var/www/music
- readOnly: true
- - name: series
- mountPath: /var/www/series
- readOnly: true
- volumes:
- - name: anime-movies
- nfs:
- server: 10.57.100.7
- path: /mnt/media/anime-movies/exported
- - name: anime-series
- nfs:
- server: 10.57.100.7
- path: /mnt/media/anime-series/exported
- - name: books
- nfs:
- server: 10.57.100.7
- path: /mnt/media/books/exported
- - name: movies
- nfs:
- server: 10.57.100.7
- path: /mnt/media/movies/exported
- - name: music
- nfs:
- server: 10.57.100.7
- path: /mnt/media/music/exported
- - name: series
- nfs:
- server: 10.57.100.7
- path: /mnt/media/series/exported
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/ingress.yaml
deleted file mode 100644
index 4a87af7..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/ingress.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: dirlist
- namespace: media
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: dirlist
- app.kubernetes.io/part-of: media
-spec:
- ingressClassName: "nginx"
- rules:
- - host: media.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: dirlist
- port:
- number: 80
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/kustomization.yaml
deleted file mode 100644
index 8059d7b..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- dirlist
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/kustomization.yaml
deleted file mode 100644
index ab637fe..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- release.yaml
-- values.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/release.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/release.yaml
deleted file mode 100644
index 3664202..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/release.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: invidious
- namespace: public-services
-spec:
- interval: 5m
- chart:
- spec:
- chart: .
- version: 2.0.2
- sourceRef:
- kind: GitRepository
- name: tyil-helm-invidious
- namespace: flux-system
- interval: 1m
- valuesFrom:
- - name: invidious-config
- kind: Secret
- values:
- replicaCount: 1
- ingress:
- enabled: true
- className: nginx
- hosts:
- - host: youtube.alt.tyil.nl
- paths:
- - path: /
- config:
- channel_threads: 1
- db:
- user: invidious
- host: 10.57.100.7
- port: 5432
- dbname: invidious
- domain: youtube.alt.tyil.nl
- feed_threads: 1
- full_refresh: false
- https_only: true
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/values.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/values.yaml
deleted file mode 100644
index 1db538b..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/values.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
- creationTimestamp: null
- name: invidious-config
- namespace: public-services
-spec:
- encryptedData:
- values.yaml: AgAPilCc/Cr7+x+lpKGQxINSPwCMyn6UomHo5GSszksUtU3GcUagAbtQCi8s8uOuk3lTdhQ7poGc0bQiPxoN1cWLyhe4yo5iQ2Ad+uNUDxp7crlWUVQb9fQr/wvveBsm2RV1JmhhIHSVEAVtGAqwjTG44qyRsvlAI9umFuuQio1P4CxNxJGsI3BRbDA/Y3PDSxJ2PufYxkYxMDVPuWR/wB7s4qpgz8VSAvIfQvqs9KGOZ0oVwEGMj/zBHPXkn978hHSebB2rZWn5Gli91Yec0EP1jyDA0nVynanZDabOcnk+KQFCx17pJklZqRG3GEEHVVCDE1L1O96UfLz9tL+a8Y8/26pWbBuvIvuLq7w4j1pg/K3NKtA7ZfM316WOBUvLc8iNnr0hqagA9YF0w4VZMNjxxTPjOmpo+NP71fAc95i+qK5VBPat2LpiPES/+HV0Gr0k7g6ejIuy94/IQH0jFvg5Cmv7Tuo+uGuOhkOC78DZG2igdDRAk7eS6i+LfooTegKgWxCyfWct60ulBUZ+RRa987kmihAZ5XOxAy2J5+CU+HCZc8KeU7Km2bJooKBauWTUDVMraeAfVFA00oiczS1y5DfrwJIQeozDaknxmqQq1bN9ouKAuA+BIaZ/cZ80LYcJmw40dc5wI6UtgBMVZaV0iwhd00Hio6iVvB8ABynpwYdQVCRFARl4GcuwK6Or/uFRkQPaosFk807VjKOZsA0YJU1rc0El8UR7TmYIFK75FU8iecuGZbc1HlzWjrWjFa+ayIRng5EOW59x02GT8n/wDb/m6HapRG5DtkGk95iBoEupexmVXYO28w==
- template:
- data: null
- metadata:
- creationTimestamp: null
- name: invidious-config
- namespace: public-services
- type: Opaque
-
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/kustomization.yaml
deleted file mode 100644
index 3ce6c98..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/kustomization.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- invidious
-- nitter
-- omgur
-- searx
-- teddit
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/kustomization.yaml
deleted file mode 100644
index 3c7eaaa..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- release.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/release.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/release.yaml
deleted file mode 100644
index 80a11ca..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/release.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: nitter
- namespace: public-services
-spec:
- interval: 5m
- chart:
- spec:
- chart: .
- version: 0.1.0
- sourceRef:
- kind: GitRepository
- name: tyil-helm-nitter
- namespace: flux-system
- interval: 1m
- values:
- replicaCount: 1
- ingress:
- enabled: true
- className: nginx
- hosts:
- - host: twitter.alt.tyil.nl
- paths:
- - path: /
- redis:
- host: 10.57.100.7
- urlReplacements:
- twitter: twitter.alt.tyil.nl
- youtube: yewtu.be
- reddit: reddit.alt.tyil.nl
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/deployment.yaml
deleted file mode 100644
index a4647dd..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/deployment.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: omgur
- namespace: public-services
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
- app.kubernetes.io/part-of: public-services
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
- app.kubernetes.io/part-of: public-services
- spec:
- containers:
- - name: omgur
- image: registry.gitlab.com/geraldwuhoo/omgur:latest
- ports:
- - containerPort: 8080
- env:
- - name: REDIS_HOST
- value: "10.57.100.7"
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/service.yaml
deleted file mode 100644
index f848c14..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/service.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: omgur
- namespace: public-services
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
- app.kubernetes.io/part-of: public-services
-spec:
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: omgur
- app.kubernetes.io/part-of: public-services
- ports:
- - protocol: TCP
- port: 80
- targetPort: 8080
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/deployment.yaml
deleted file mode 100644
index ff93f12..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/deployment.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: searx
- namespace: public-services
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
- app.kubernetes.io/part-of: public-services
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
- app.kubernetes.io/part-of: public-services
- spec:
- containers:
- - name: searx
- image: searx/searx:latest
- ports:
- - containerPort: 8080
- env:
- - name: BIND_ADDRESS
- value: "0.0.0.0:8080"
- - name: BASE_URL
- value: "https://searx.tyil.nl"
- volumeMounts:
- - name: srv
- subPath: config
- mountPath: /etc/searx
- - name: filtron
- image: dalf/filtron
- args: [
- "-listen", "0.0.0.0:4040",
- "-target", "searx:8080",
- ]
- ports:
- - containerPort: 4040
- volumeMounts:
- - name: srv
- subPath: rules.json
- mountPath: /etc/filtron/rules.json
- volumes:
- - name: srv
- nfs:
- server: 10.57.100.7
- path: /srv/searx
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/ingress.yaml
deleted file mode 100644
index fdbc6bf..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/ingress.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: searx
- namespace: public-services
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
- app.kubernetes.io/part-of: public-services
-spec:
- ingressClassName: "nginx"
- rules:
- - host: searx.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: searx
- port:
- number: 80
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/service.yaml
deleted file mode 100644
index 80b802b..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/service.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: searx
- namespace: public-services
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
- app.kubernetes.io/part-of: public-services
-spec:
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: searx
- app.kubernetes.io/part-of: public-services
- ports:
- - protocol: TCP
- port: 80
- targetPort: 8080
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/deployment.yaml
deleted file mode 100644
index 9542cde..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/deployment.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: teddit
- namespace: public-services
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
- app.kubernetes.io/part-of: public-services
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
- app.kubernetes.io/part-of: public-services
- spec:
- containers:
- - name: teddit
- image: teddit/teddit:latest
- ports:
- - containerPort: 8080
- env:
- - name: DOMAIN
- value: "reddit.alt.tyil.nl"
- - name: REDIS_DB
- value: "1"
- - name: REDIS_HOST
- value: "10.57.100.7"
- - name: TRUST_PROXY
- value: "true"
- - name: USE_HELMET
- value: "true"
- - name: USE_HELMET_HSTS
- value: "true"
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/ingress.yaml
deleted file mode 100644
index 55fc30a..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/ingress.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: teddit
- namespace: public-services
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
- app.kubernetes.io/part-of: public-services
-spec:
- ingressClassName: "nginx"
- rules:
- - host: reddit.alt.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: teddit
- port:
- number: 80
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/service.yaml
deleted file mode 100644
index b91c1d1..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/service.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: teddit
- namespace: public-services
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
- app.kubernetes.io/part-of: public-services
-spec:
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: teddit
- app.kubernetes.io/part-of: public-services
- ports:
- - protocol: TCP
- port: 80
- targetPort: 8080
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/deployment.yaml
deleted file mode 100644
index b923688..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/deployment.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: bazarr
- namespace: servarr
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: bazarr
- app.kubernetes.io/part-of: servarr
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: bazarr
- app.kubernetes.io/part-of: servarr
- spec:
- containers:
- - name: bazar
- image: cr.hotio.dev/hotio/bazarr:nightly
- ports:
- - containerPort: 8090
- volumeMounts:
- - name: config
- subPath: config
- mountPath: /config
- env:
- - name: GUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: groupId
- - name: PUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: userId
- - name: TZ
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: timezone
- - name: UMASK
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: umask
- volumes:
- - name: config
- hostPath:
- type: Directory
- path: /srv/servarr/bazarr
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/ingress.yaml
deleted file mode 100644
index c8a6938..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/ingress.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: bazarr
- namespace: servarr
-spec:
- ingressClassName: "nginx"
- rules:
- - host: baz.arr.tyil.nl
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: bazarr
- port:
- number: 80
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/service.yaml
deleted file mode 100644
index 157ac0a..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/service.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: bazarr
- namespace: servarr
-spec:
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: bazarr
- app.kubernetes.io/part-of: servarr
- ports:
- - protocol: TCP
- port: 80
- targetPort: 6767
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/configmap.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/configmap.yaml
deleted file mode 100644
index 8d0b56d..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/configmap.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: servarr
- namespace: servarr
-data:
- groupId: "1001" # media
- timezone: "Europe/Amsterdam"
- umask: "002"
- userId: "169" # transmission
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/kustomization.yaml
deleted file mode 100644
index 5b9baeb..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/kustomization.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-# Shared configuration
-- configmap.yaml
-
-# Main deployments
-- lidarr
-- radarr
-- readarr
-- sonarr
-
-# Download clients
-- transmission-lidarr
-- transmission-radarr
-- transmission-readarr
-- transmission-sonarr
-
-# Management
-- prowlarr
-- jellyseerr
-
-# Additional helper services
-- bazarr
-- unpackerr
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/service.yaml
deleted file mode 100644
index fd8a7b2..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/service.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: prowlarr
- namespace: servarr
-spec:
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: prowlarr
- app.kubernetes.io/part-of: servarr
- ports:
- - protocol: TCP
- port: 80
- targetPort: 9696
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/deployment.yaml
deleted file mode 100644
index c9ccfe8..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/deployment.yaml
+++ /dev/null
@@ -1,63 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: radarr
- namespace: servarr
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: radarr
- app.kubernetes.io/part-of: servarr
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: radarr
- app.kubernetes.io/part-of: servarr
- spec:
- containers:
- - name: radarr
- image: hotio/radarr:release
- ports:
- - containerPort: 7878
- volumeMounts:
- - name: config
- mountPath: /config
- - name: media
- mountPath: /mnt/media
- env:
- - name: GUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: groupId
- - name: PUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: userId
- - name: TZ
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: timezone
- - name: UMASK
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: umask
- volumes:
- - name: config
- hostPath:
- type: DirectoryOrCreate
- path: /srv/servarr/radarr/config
- - name: media
- nfs:
- server: 10.57.100.7
- path: /mnt/media
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/deployment.yaml
deleted file mode 100644
index 97261ba..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/deployment.yaml
+++ /dev/null
@@ -1,63 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: sonarr
- namespace: servarr
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: sonarr
- app.kubernetes.io/part-of: servarr
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: sonarr
- app.kubernetes.io/part-of: servarr
- spec:
- containers:
- - name: sonarr
- image: hotio/sonarr:release
- ports:
- - containerPort: 8989
- volumeMounts:
- - name: config
- mountPath: /config
- - name: media
- mountPath: /mnt/media
- env:
- - name: GUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: groupId
- - name: PUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: userId
- - name: TZ
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: timezone
- - name: UMASK
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: umask
- volumes:
- - name: config
- hostPath:
- type: DirectoryOrCreate
- path: /srv/servarr/sonarr/config
- - name: media
- nfs:
- server: 10.57.100.7
- path: /mnt/media
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/kustomization.yaml
deleted file mode 100644
index 5ee3790..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- ingress.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/deployment.yaml
deleted file mode 100644
index a7fbf26..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/deployment.yaml
+++ /dev/null
@@ -1,76 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: transmission-lidarr
- namespace: servarr
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: transmission-lidarr
- app.kubernetes.io/part-of: servarr
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: transmission-lidarr
- app.kubernetes.io/part-of: servarr
- spec:
- containers:
- - name: transmission
- image: lscr.io/linuxserver/transmission:latest
- ports:
- - containerPort: 9091
- protocol: TCP
- - containerPort: 30012
- protocol: TCP
- - containerPort: 30012
- protocol: UDP
- volumeMounts:
- - name: config
- subPath: transmission-config
- mountPath: /config
- - name: downloads
- subPath: source-transmission
- mountPath: /mnt/media/music/source-transmission
- env:
- - name: GUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: groupId
- - name: PUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: userId
- - name: TZ
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: timezone
- - name: UMASK
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: umask
- - name: TRANSMISSION_WEB_HOME
- value: "/flood-for-transmission/"
- - name: PEERPORT
- value: "30012"
- volumes:
- - name: downloads
- nfs:
- server: 10.57.100.7
- path: /mnt/media/music
- - name: config
- nfs:
- server: 10.57.100.7
- path: /srv/servarr/lidarr
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/kustomization.yaml
deleted file mode 100644
index 3f8c40c..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/service.yaml
deleted file mode 100644
index 4081ca9..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/service.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: transmission-lidarr
- namespace: servarr
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: transmission-lidarr
- app.kubernetes.io/part-of: servarr
-spec:
- type: NodePort
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: transmission-lidarr
- app.kubernetes.io/part-of: servarr
- ports:
- - protocol: TCP
- port: 9091
- targetPort: 9091
- nodePort: 30013
- name: xmlrpc
- - protocol: TCP
- port: 30012
- targetPort: 30012
- nodePort: 30012
- name: peer-tcp
- - protocol: UDP
- port: 30012
- targetPort: 30012
- nodePort: 30012
- name: peer-udp
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/deployment.yaml
deleted file mode 100644
index 9e497d6..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/deployment.yaml
+++ /dev/null
@@ -1,76 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: transmission-radarr
- namespace: servarr
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: transmission-radarr
- app.kubernetes.io/part-of: servarr
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: transmission-radarr
- app.kubernetes.io/part-of: servarr
- spec:
- containers:
- - name: transmission
- image: lscr.io/linuxserver/transmission:latest
- ports:
- - containerPort: 9091
- protocol: TCP
- - containerPort: 30014
- protocol: TCP
- - containerPort: 30014
- protocol: UDP
- volumeMounts:
- - name: config
- subPath: transmission-config
- mountPath: /config
- - name: downloads
- subPath: source-transmission
- mountPath: /mnt/media/movies/source-transmission
- env:
- - name: GUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: groupId
- - name: PUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: userId
- - name: TZ
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: timezone
- - name: UMASK
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: umask
- - name: TRANSMISSION_WEB_HOME
- value: "/flood-for-transmission/"
- - name: PEERPORT
- value: "30014"
- volumes:
- - name: downloads
- nfs:
- server: 10.57.100.7
- path: /mnt/media/movies
- - name: config
- nfs:
- server: 10.57.100.7
- path: /srv/servarr/radarr
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/kustomization.yaml
deleted file mode 100644
index 3f8c40c..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/service.yaml
deleted file mode 100644
index 5789330..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/service.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: transmission-radarr
- namespace: servarr
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: transmission-radarr
- app.kubernetes.io/part-of: servarr
-spec:
- type: NodePort
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: transmission-radarr
- app.kubernetes.io/part-of: servarr
- ports:
- - protocol: TCP
- port: 9091
- targetPort: 9091
- nodePort: 30015
- name: xmlrpc
- - protocol: TCP
- port: 30014
- targetPort: 30014
- nodePort: 30014
- name: peer-tcp
- - protocol: UDP
- port: 30014
- targetPort: 30014
- nodePort: 30014
- name: peer-udp
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/deployment.yaml
deleted file mode 100644
index db2e429..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/deployment.yaml
+++ /dev/null
@@ -1,76 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: transmission-readarr
- namespace: servarr
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: transmission-readarr
- app.kubernetes.io/part-of: servarr
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: transmission-readarr
- app.kubernetes.io/part-of: servarr
- spec:
- containers:
- - name: transmission
- image: lscr.io/linuxserver/transmission:latest
- ports:
- - containerPort: 9091
- protocol: TCP
- - containerPort: 30014
- protocol: TCP
- - containerPort: 30014
- protocol: UDP
- volumeMounts:
- - name: config
- subPath: transmission-config
- mountPath: /config
- - name: downloads
- subPath: source-transmission
- mountPath: /mnt/media/books/source-transmission
- env:
- - name: GUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: groupId
- - name: PUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: userId
- - name: TZ
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: timezone
- - name: UMASK
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: umask
- - name: TRANSMISSION_WEB_HOME
- value: "/flood-for-transmission/"
- - name: PEERPORT
- value: "30014"
- volumes:
- - name: downloads
- nfs:
- server: 10.57.100.7
- path: /mnt/media/books
- - name: config
- nfs:
- server: 10.57.100.7
- path: /srv/servarr/readarr
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/kustomization.yaml
deleted file mode 100644
index 3f8c40c..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/service.yaml
deleted file mode 100644
index a2dfb2f..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/service.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: transmission-readarr
- namespace: servarr
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: transmission-readarr
- app.kubernetes.io/part-of: servarr
-spec:
- type: NodePort
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: transmission-readarr
- app.kubernetes.io/part-of: servarr
- ports:
- - protocol: TCP
- port: 9091
- targetPort: 9091
- nodePort: 30017
- name: xmlrpc
- - protocol: TCP
- port: 30016
- targetPort: 30016
- nodePort: 30016
- name: peer-tcp
- - protocol: UDP
- port: 30016
- targetPort: 30016
- nodePort: 30016
- name: peer-udp
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/deployment.yaml
deleted file mode 100644
index 64a2d8f..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/deployment.yaml
+++ /dev/null
@@ -1,76 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: transmission-sonarr
- namespace: servarr
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: transmission-sonarr
- app.kubernetes.io/part-of: servarr
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: transmission-sonarr
- app.kubernetes.io/part-of: servarr
- spec:
- containers:
- - name: transmission
- image: lscr.io/linuxserver/transmission:latest
- ports:
- - containerPort: 9091
- protocol: TCP
- - containerPort: 30010
- protocol: TCP
- - containerPort: 30010
- protocol: UDP
- volumeMounts:
- - name: config
- subPath: transmission-config
- mountPath: /config
- - name: downloads
- subPath: source-transmission
- mountPath: /mnt/media/series/source-transmission
- env:
- - name: GUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: groupId
- - name: PUID
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: userId
- - name: TZ
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: timezone
- - name: UMASK
- valueFrom:
- configMapKeyRef:
- name: servarr
- key: umask
- - name: TRANSMISSION_WEB_HOME
- value: "/flood-for-transmission/"
- - name: PEERPORT
- value: "30010"
- volumes:
- - name: downloads
- nfs:
- server: 10.57.100.7
- path: /mnt/media/series
- - name: config
- nfs:
- server: 10.57.100.7
- path: /srv/servarr/sonarr
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/kustomization.yaml
deleted file mode 100644
index 3f8c40c..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- service.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/service.yaml
deleted file mode 100644
index de91b67..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/service.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: transmission-sonarr
- namespace: servarr
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: transmission-sonarr
- app.kubernetes.io/part-of: servarr
-spec:
- type: NodePort
- selector:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: transmission-sonarr
- app.kubernetes.io/part-of: servarr
- ports:
- - protocol: TCP
- port: 9091
- targetPort: 9091
- nodePort: 30011
- name: xmlrpc
- - protocol: TCP
- port: 30010
- targetPort: 30010
- nodePort: 30010
- name: peer-tcp
- - protocol: UDP
- port: 30010
- targetPort: 30010
- nodePort: 30010
- name: peer-udp
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/unpackerr/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/unpackerr/deployment.yaml
deleted file mode 100644
index 7b72040..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/unpackerr/deployment.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: unpackerr
- namespace: servarr
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: unpackerr
- app.kubernetes.io/part-of: servarr
- template:
- metadata:
- labels:
- app.kubernetes.io/created-by: tyil
- app.kubernetes.io/managed-by: manual
- app.kubernetes.io/name: unpackerr
- app.kubernetes.io/part-of: servarr
- spec:
- containers:
- - name: unpackerr
- image: golift/unpackerr:latest
- volumeMounts:
- - name: config
- subPath: config
- mountPath: /etc/unpackerr
- - name: media
- mountPath: /mnt/media
- volumes:
- - name: config
- nfs:
- server: 10.57.100.7
- path: /srv/servarr/unpackerr
- - name: media
- nfs:
- server: 10.57.100.7
- path: /mnt/media
-...
diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/unpackerr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/unpackerr/kustomization.yaml
deleted file mode 100644
index 83c68dc..0000000
--- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/unpackerr/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/applications.yaml b/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/applications.yaml
deleted file mode 100644
index ffbd980..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/applications.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: applications
- namespace: flux-system
-spec:
- interval: 10m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/manifests/applications/edephas.tyil.net
- prune: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/gotk-components.yaml b/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/gotk-components.yaml
deleted file mode 100644
index 4c7ce9b..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/gotk-components.yaml
+++ /dev/null
@@ -1,5583 +0,0 @@
----
-# This manifest was generated by flux. DO NOT EDIT.
-# Flux Version: v0.31.5
-# Components: source-controller,kustomize-controller,helm-controller,notification-controller
-apiVersion: v1
-kind: Namespace
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- pod-security.kubernetes.io/warn: restricted
- pod-security.kubernetes.io/warn-version: latest
- name: flux-system
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: alerts.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Alert
- listKind: AlertList
- plural: alerts
- singular: alert
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Alert is the Schema for the alerts API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: AlertSpec defines an alerting rule for events involving a
- list of objects
- properties:
- eventSeverity:
- default: info
- description: Filter events based on severity, defaults to ('info').
- If set to 'info' no events will be filtered.
- enum:
- - info
- - error
- type: string
- eventSources:
- description: Filter events based on the involved objects.
- items:
- description: CrossNamespaceObjectReference contains enough information
- to let you locate the typed referenced object at cluster level
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - Bucket
- - GitRepository
- - Kustomization
- - HelmRelease
- - HelmChart
- - HelmRepository
- - ImageRepository
- - ImagePolicy
- - ImageUpdateAutomation
- type: string
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator
- is "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- name:
- description: Name of the referent
- maxLength: 53
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent
- maxLength: 53
- minLength: 1
- type: string
- required:
- - name
- type: object
- type: array
- exclusionList:
- description: A list of Golang regular expressions to be used for excluding
- messages.
- items:
- type: string
- type: array
- providerRef:
- description: Send events using this provider.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- summary:
- description: Short description of the impact and affected cluster.
- type: string
- suspend:
- description: This flag tells the controller to suspend subsequent
- events dispatching. Defaults to false.
- type: boolean
- required:
- - eventSources
- - providerRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: AlertStatus defines the observed state of Alert
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: buckets.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: Bucket
- listKind: BucketList
- plural: buckets
- singular: bucket
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.endpoint
- name: Endpoint
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Bucket is the Schema for the buckets API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BucketSpec defines the desired state of an S3 compatible
- bucket
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- bucketName:
- description: The bucket name.
- type: string
- endpoint:
- description: The bucket endpoint address.
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- insecure:
- description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
- type: boolean
- interval:
- description: The interval at which to check for bucket updates.
- type: string
- provider:
- default: generic
- description: The S3 compatible storage provider name, default ('generic').
- enum:
- - generic
- - aws
- - gcp
- type: string
- region:
- description: The bucket region.
- type: string
- secretRef:
- description: The name of the secret containing authentication credentials
- for the Bucket.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout for download operations, defaults to 60s.
- type: string
- required:
- - bucketName
- - endpoint
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: BucketStatus defines the observed state of a bucket
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- Bucket sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the Bucket.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the artifact output of the
- last Bucket sync.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.endpoint
- name: Endpoint
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: Bucket is the Schema for the buckets API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BucketSpec specifies the required configuration to produce
- an Artifact for an object storage bucket.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- bucketName:
- description: BucketName is the name of the object storage bucket.
- type: string
- endpoint:
- description: Endpoint is the object storage address the BucketName
- is located at.
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- insecure:
- description: Insecure allows connecting to a non-TLS HTTP Endpoint.
- type: boolean
- interval:
- description: Interval at which to check the Endpoint for updates.
- type: string
- provider:
- default: generic
- description: Provider of the object storage bucket. Defaults to 'generic',
- which expects an S3 (API) compatible object storage.
- enum:
- - generic
- - aws
- - gcp
- - azure
- type: string
- region:
- description: Region of the Endpoint where the BucketName is located
- in.
- type: string
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the Bucket.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this Bucket.
- type: boolean
- timeout:
- default: 60s
- description: Timeout for fetch operations, defaults to 60s.
- type: string
- required:
- - bucketName
- - endpoint
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: BucketStatus records the observed state of a Bucket.
- properties:
- artifact:
- description: Artifact represents the last successful Bucket reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the Bucket.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the Bucket object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: gitrepositories.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: GitRepository
- listKind: GitRepositoryList
- plural: gitrepositories
- shortNames:
- - gitrepo
- singular: gitrepository
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: GitRepository is the Schema for the gitrepositories API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: GitRepositorySpec defines the desired state of a Git repository.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- gitImplementation:
- default: go-git
- description: Determines which git client library to use. Defaults
- to go-git, valid values are ('go-git', 'libgit2').
- enum:
- - go-git
- - libgit2
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- include:
- description: Extra git repositories to map into the repository
- items:
- description: GitRepositoryInclude defines a source with a from and
- to path.
- properties:
- fromPath:
- description: The path to copy contents from, defaults to the
- root directory.
- type: string
- repository:
- description: Reference to a GitRepository to include.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- toPath:
- description: The path to copy contents to, defaults to the name
- of the source ref.
- type: string
- required:
- - repository
- type: object
- type: array
- interval:
- description: The interval at which to check for repository updates.
- type: string
- recurseSubmodules:
- description: When enabled, after the clone is created, initializes
- all submodules within, using their default settings. This option
- is available only when using the 'go-git' GitImplementation.
- type: boolean
- ref:
- description: The Git reference to checkout and monitor for changes,
- defaults to master branch.
- properties:
- branch:
- description: The Git branch to checkout, defaults to master.
- type: string
- commit:
- description: The Git commit SHA to checkout, if specified Tag
- filters will be ignored.
- type: string
- semver:
- description: The Git tag semver expression, takes precedence over
- Tag.
- type: string
- tag:
- description: The Git tag to checkout, takes precedence over Branch.
- type: string
- type: object
- secretRef:
- description: The secret name containing the Git credentials. For HTTPS
- repositories the secret must contain username and password fields.
- For SSH repositories the secret must contain identity and known_hosts
- fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout for remote Git operations like cloning, defaults
- to 60s.
- type: string
- url:
- description: The repository URL, can be a HTTP/S or SSH address.
- pattern: ^(http|https|ssh)://
- type: string
- verify:
- description: Verify OpenPGP signature for the Git commit HEAD points
- to.
- properties:
- mode:
- description: Mode describes what git object should be verified,
- currently ('head').
- enum:
- - head
- type: string
- secretRef:
- description: The secret name containing the public keys of all
- trusted Git authors.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - mode
- type: object
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: GitRepositoryStatus defines the observed state of a Git repository.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- repository sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the GitRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- includedArtifacts:
- description: IncludedArtifacts represents the included artifacts from
- the last successful repository sync.
- items:
- description: Artifact represents the output of a source synchronisation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the artifact output of the
- last repository sync.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: GitRepository is the Schema for the gitrepositories API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: GitRepositorySpec specifies the required configuration to
- produce an Artifact for a Git repository.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- gitImplementation:
- default: go-git
- description: GitImplementation specifies which Git client library
- implementation to use. Defaults to 'go-git', valid values are ('go-git',
- 'libgit2').
- enum:
- - go-git
- - libgit2
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- include:
- description: Include specifies a list of GitRepository resources which
- Artifacts should be included in the Artifact produced for this GitRepository.
- items:
- description: GitRepositoryInclude specifies a local reference to
- a GitRepository which Artifact (sub-)contents must be included,
- and where they should be placed.
- properties:
- fromPath:
- description: FromPath specifies the path to copy contents from,
- defaults to the root of the Artifact.
- type: string
- repository:
- description: GitRepositoryRef specifies the GitRepository which
- Artifact contents must be included.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- toPath:
- description: ToPath specifies the path to copy contents to,
- defaults to the name of the GitRepositoryRef.
- type: string
- required:
- - repository
- type: object
- type: array
- interval:
- description: Interval at which to check the GitRepository for updates.
- type: string
- recurseSubmodules:
- description: RecurseSubmodules enables the initialization of all submodules
- within the GitRepository as cloned from the URL, using their default
- settings. This option is available only when using the 'go-git'
- GitImplementation.
- type: boolean
- ref:
- description: Reference specifies the Git reference to resolve and
- monitor for changes, defaults to the 'master' branch.
- properties:
- branch:
- description: "Branch to check out, defaults to 'master' if no
- other field is defined. \n When GitRepositorySpec.GitImplementation
- is set to 'go-git', a shallow clone of the specified branch
- is performed."
- type: string
- commit:
- description: "Commit SHA to check out, takes precedence over all
- reference fields. \n When GitRepositorySpec.GitImplementation
- is set to 'go-git', this can be combined with Branch to shallow
- clone the branch, in which the commit is expected to exist."
- type: string
- semver:
- description: SemVer tag expression to check out, takes precedence
- over Tag.
- type: string
- tag:
- description: Tag to check out, takes precedence over Branch.
- type: string
- type: object
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the GitRepository. For HTTPS repositories the Secret
- must contain 'username' and 'password' fields. For SSH repositories
- the Secret must contain 'identity' and 'known_hosts' fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this GitRepository.
- type: boolean
- timeout:
- default: 60s
- description: Timeout for Git operations like cloning, defaults to
- 60s.
- type: string
- url:
- description: URL specifies the Git repository URL, it can be an HTTP/S
- or SSH address.
- pattern: ^(http|https|ssh)://
- type: string
- verify:
- description: Verification specifies the configuration to verify the
- Git commit signature(s).
- properties:
- mode:
- description: Mode specifies what Git object should be verified,
- currently ('head').
- enum:
- - head
- type: string
- secretRef:
- description: SecretRef specifies the Secret containing the public
- keys of trusted Git authors.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - mode
- type: object
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: GitRepositoryStatus records the observed state of a Git repository.
- properties:
- artifact:
- description: Artifact represents the last successful GitRepository
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the GitRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- contentConfigChecksum:
- description: 'ContentConfigChecksum is a checksum of all the configurations
- related to the content of the source artifact: - .spec.ignore -
- .spec.recurseSubmodules - .spec.included and the checksum of the
- included artifacts observed in .status.observedGeneration version
- of the object. This can be used to determine if the content of the
- included repository has changed. It has the format of `<algo>:<checksum>`,
- for example: `sha256:<checksum>`.'
- type: string
- includedArtifacts:
- description: IncludedArtifacts contains a list of the last successfully
- included Artifacts as instructed by GitRepositorySpec.Include.
- items:
- description: Artifact represents the output of a Source reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact
- file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact.
- It can be used to locate the file in the root of the Artifact
- storage on the local file system of the controller managing
- the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the GitRepository object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmcharts.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: HelmChart
- listKind: HelmChartList
- plural: helmcharts
- shortNames:
- - hc
- singular: helmchart
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.chart
- name: Chart
- type: string
- - jsonPath: .spec.version
- name: Version
- type: string
- - jsonPath: .spec.sourceRef.kind
- name: Source Kind
- type: string
- - jsonPath: .spec.sourceRef.name
- name: Source Name
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: HelmChart is the Schema for the helmcharts API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmChartSpec defines the desired state of a Helm chart.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- chart:
- description: The name or path the Helm chart is available at in the
- SourceRef.
- type: string
- interval:
- description: The interval at which to check the Source for updates.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: Determines what enables the creation of a new artifact.
- Valid values are ('ChartVersion', 'Revision'). See the documentation
- of the values for an explanation on their behavior. Defaults to
- ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: The reference to the Source the chart is available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent, valid values are ('HelmRepository',
- 'GitRepository', 'Bucket').
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- valuesFile:
- description: Alternative values file to use as the default chart values,
- expected to be a relative path in the SourceRef. Deprecated in favor
- of ValuesFiles, for backwards compatibility the file defined here
- is merged before the ValuesFiles items. Ignored when omitted.
- type: string
- valuesFiles:
- description: Alternative list of values files to use as the chart
- values (values.yaml is not included by default), expected to be
- a relative path in the SourceRef. Values files are merged in the
- order of this list with the last file overriding the first. Ignored
- when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: The chart version semver expression, ignored for charts
- from GitRepository and Bucket sources. Defaults to latest when omitted.
- type: string
- required:
- - chart
- - interval
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmChartStatus defines the observed state of the HelmChart.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- chart sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmChart.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the last chart pulled.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.chart
- name: Chart
- type: string
- - jsonPath: .spec.version
- name: Version
- type: string
- - jsonPath: .spec.sourceRef.kind
- name: Source Kind
- type: string
- - jsonPath: .spec.sourceRef.name
- name: Source Name
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: HelmChart is the Schema for the helmcharts API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmChartSpec specifies the desired state of a Helm chart.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- chart:
- description: Chart is the name or path the Helm chart is available
- at in the SourceRef.
- type: string
- interval:
- description: Interval is the interval at which to check the Source
- for updates.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: ReconcileStrategy determines what enables the creation
- of a new artifact. Valid values are ('ChartVersion', 'Revision').
- See the documentation of the values for an explanation on their
- behavior. Defaults to ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: SourceRef is the reference to the Source the chart is
- available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent, valid values are ('HelmRepository',
- 'GitRepository', 'Bucket').
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- valuesFile:
- description: ValuesFile is an alternative values file to use as the
- default chart values, expected to be a relative path in the SourceRef.
- Deprecated in favor of ValuesFiles, for backwards compatibility
- the file specified here is merged before the ValuesFiles items.
- Ignored when omitted.
- type: string
- valuesFiles:
- description: ValuesFiles is an alternative list of values files to
- use as the chart values (values.yaml is not included by default),
- expected to be a relative path in the SourceRef. Values files are
- merged in the order of this list with the last file overriding the
- first. Ignored when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: Version is the chart version semver expression, ignored
- for charts from GitRepository and Bucket sources. Defaults to latest
- when omitted.
- type: string
- required:
- - chart
- - interval
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmChartStatus records the observed state of the HelmChart.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmChart.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedChartName:
- description: ObservedChartName is the last observed chart name as
- specified by the resolved chart reference.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the HelmChart object.
- format: int64
- type: integer
- observedSourceArtifactRevision:
- description: ObservedSourceArtifactRevision is the last observed Artifact.Revision
- of the HelmChartSpec.SourceRef.
- type: string
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmreleases.helm.toolkit.fluxcd.io
-spec:
- group: helm.toolkit.fluxcd.io
- names:
- kind: HelmRelease
- listKind: HelmReleaseList
- plural: helmreleases
- shortNames:
- - hr
- singular: helmrelease
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v2beta1
- schema:
- openAPIV3Schema:
- description: HelmRelease is the Schema for the helmreleases API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmReleaseSpec defines the desired state of a Helm release.
- properties:
- chart:
- description: Chart defines the template of the v1beta2.HelmChart that
- should be created for this HelmRelease.
- properties:
- spec:
- description: Spec holds the template for the v1beta2.HelmChartSpec
- for this HelmRelease.
- properties:
- chart:
- description: The name or path the Helm chart is available
- at in the SourceRef.
- type: string
- interval:
- description: Interval at which to check the v1beta2.Source
- for updates. Defaults to 'HelmReleaseSpec.Interval'.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: Determines what enables the creation of a new
- artifact. Valid values are ('ChartVersion', 'Revision').
- See the documentation of the values for an explanation on
- their behavior. Defaults to ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: The name and namespace of the v1beta2.Source
- the chart is available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent.
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- maxLength: 253
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent.
- maxLength: 63
- minLength: 1
- type: string
- required:
- - name
- type: object
- valuesFile:
- description: Alternative values file to use as the default
- chart values, expected to be a relative path in the SourceRef.
- Deprecated in favor of ValuesFiles, for backwards compatibility
- the file defined here is merged before the ValuesFiles items.
- Ignored when omitted.
- type: string
- valuesFiles:
- description: Alternative list of values files to use as the
- chart values (values.yaml is not included by default), expected
- to be a relative path in the SourceRef. Values files are
- merged in the order of this list with the last file overriding
- the first. Ignored when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: Version semver expression, ignored for charts
- from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults
- to latest when omitted.
- type: string
- required:
- - chart
- - sourceRef
- type: object
- required:
- - spec
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to HelmRelease resources that must be ready
- before this HelmRelease can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- install:
- description: Install holds the configuration for Helm install actions
- for this HelmRelease.
- properties:
- crds:
- description: "CRDs upgrade CRDs from the Helm Chart's crds directory
- according to the CRD upgrade policy provided here. Valid values
- are `Skip`, `Create` or `CreateReplace`. Default is `Create`
- and if omitted CRDs are installed but not updated. \n Skip:
- do neither install nor replace (update) any CRDs. \n Create:
- new CRDs are created, existing CRDs are neither updated nor
- deleted. \n CreateReplace: new CRDs are created, existing CRDs
- are updated (replaced) but not deleted. \n By default, CRDs
- are applied (installed) during Helm install action. With this
- option users can opt-in to CRD replace existing CRDs on Helm
- install actions, which is not (yet) natively supported by Helm.
- https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
- enum:
- - Skip
- - Create
- - CreateReplace
- type: string
- createNamespace:
- description: CreateNamespace tells the Helm install action to
- create the HelmReleaseSpec.TargetNamespace if it does not exist
- yet. On uninstall, the namespace will not be garbage collected.
- type: boolean
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm install action.
- type: boolean
- disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm install
- action from validating rendered templates against the Kubernetes
- OpenAPI Schema.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm install has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm install has been performed.
- type: boolean
- remediation:
- description: Remediation holds the remediation configuration for
- when the Helm install action for the HelmRelease fails. The
- default is to not perform any action.
- properties:
- ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip
- remediation when the Helm tests are run after an install
- action but fail. Defaults to 'Test.IgnoreFailures'.
- type: boolean
- remediateLastFailure:
- description: RemediateLastFailure tells the controller to
- remediate the last failure, when no retries remain. Defaults
- to 'false'.
- type: boolean
- retries:
- description: Retries is the number of retries that should
- be attempted on failures before bailing. Remediation, using
- an uninstall, is performed between each attempt. Defaults
- to '0', a negative integer equals to unlimited retries.
- type: integer
- type: object
- replace:
- description: Replace tells the Helm install action to re-use the
- 'ReleaseName', but only if that name is a deleted release which
- remains in the history.
- type: boolean
- skipCRDs:
- description: "SkipCRDs tells the Helm install action to not install
- any CRDs. By default, CRDs are installed if not already present.
- \n Deprecated use CRD policy (`crds`) attribute with value `Skip`
- instead."
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- interval:
- description: Interval at which to reconcile the Helm release.
- type: string
- kubeConfig:
- description: KubeConfig for reconciling the HelmRelease on a remote
- cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,
- forces the controller to act on behalf of that Service Account at
- the target cluster. If the --default-service-account flag is set,
- its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName
- is empty.
- properties:
- secretRef:
- description: SecretRef holds the name to a secret that contains
- a key with the kubeconfig file as the value. If no key is specified
- the key will default to 'value'. The secret must be in the same
- namespace as the HelmRelease. It is recommended that the kubeconfig
- is self-contained, and the secret is regularly updated if credentials
- such as a cloud-access-token expire. Cloud specific `cmd-path`
- auth helpers will not function without adding binaries and credentials
- to the Pod that is responsible for reconciling the HelmRelease.
- properties:
- key:
- description: Key in the Secret, when not specified an implementation-specific
- default key is used.
- type: string
- name:
- description: Name of the Secret.
- type: string
- required:
- - name
- type: object
- type: object
- maxHistory:
- description: MaxHistory is the number of revisions saved by Helm for
- this HelmRelease. Use '0' for an unlimited number of revisions;
- defaults to '10'.
- type: integer
- postRenderers:
- description: PostRenderers holds an array of Helm PostRenderers, which
- will be applied in order of their definition.
- items:
- description: PostRenderer contains a Helm PostRenderer specification.
- properties:
- kustomize:
- description: Kustomization to apply as PostRenderer.
- properties:
- images:
- description: Images is a list of (image name, new name,
- new tag or digest) for changing image names, tags or digests.
- This can also be achieved with a patch, but this operator
- is simpler to specify.
- items:
- description: Image contains an image name, a new name,
- a new tag or digest, which will replace the original
- name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the
- original image tag. If digest is present NewTag
- value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace
- the original name.
- type: string
- newTag:
- description: NewTag is the value used to replace the
- original tag.
- type: string
- required:
- - name
- type: object
- type: array
- patches:
- description: Strategic merge and JSON patches, defined as
- inline YAML objects, capable of targeting objects based
- on kind, label and annotation selectors.
- items:
- description: Patch contains an inline StrategicMerge or
- JSON6902 patch, and the target the patch should be applied
- to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge
- patch or an inline JSON6902 patch with an array
- of operation objects.
- type: string
- target:
- description: Target points to the resources that the
- patch document should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that
- follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select
- resources from. Together with Version and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources
- from. Together with Group and Version it is
- capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select
- resources from. Together with Group and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: JSON 6902 patches, defined as inline YAML objects.
- items:
- description: JSON6902Patch contains a JSON6902 patch and
- the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document
- with an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object.
- https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value
- that references a location within the target
- document where the operation is performed.
- The meaning of the value depends on the value
- of Op, and is NOT taken into account by all
- operations.
- type: string
- op:
- description: Op indicates the operation to perform.
- Its value MUST be one of "add", "remove",
- "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer
- value that references a location within the
- target document where the operation is performed.
- The meaning of the value depends on the value
- of Op.
- type: string
- value:
- description: Value contains a valid JSON structure.
- The meaning of the value depends on the value
- of Op, and is NOT taken into account by all
- operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the
- patch document should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that
- follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select
- resources from. Together with Version and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources
- from. Together with Group and Version it is
- capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select
- resources from. Together with Group and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: Strategic merge patches, defined as inline
- YAML objects.
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- type: object
- type: object
- type: array
- releaseName:
- description: ReleaseName used for the Helm release. Defaults to a
- composition of '[TargetNamespace-]Name'.
- maxLength: 53
- minLength: 1
- type: string
- rollback:
- description: Rollback holds the configuration for Helm rollback actions
- for this HelmRelease.
- properties:
- cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created
- during the Helm rollback action when it fails.
- type: boolean
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm rollback action.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm rollback has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm rollback has been performed.
- type: boolean
- force:
- description: Force forces resource updates through a replacement
- strategy.
- type: boolean
- recreate:
- description: Recreate performs pod restarts for the resource if
- applicable.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this HelmRelease.
- type: string
- storageNamespace:
- description: StorageNamespace used for the Helm storage. Defaults
- to the namespace of the HelmRelease.
- maxLength: 63
- minLength: 1
- type: string
- suspend:
- description: Suspend tells the controller to suspend reconciliation
- for this HelmRelease, it does not apply to already started reconciliations.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace to target when performing operations
- for the HelmRelease. Defaults to the namespace of the HelmRelease.
- maxLength: 63
- minLength: 1
- type: string
- test:
- description: Test holds the configuration for Helm test actions for
- this HelmRelease.
- properties:
- enable:
- description: Enable enables Helm test actions for this HelmRelease
- after an Helm install or upgrade action has been performed.
- type: boolean
- ignoreFailures:
- description: IgnoreFailures tells the controller to skip remediation
- when the Helm tests are run but fail. Can be overwritten for
- tests run after install or upgrade actions in 'Install.IgnoreTestFailures'
- and 'Upgrade.IgnoreTestFailures'.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation during the performance of a Helm test action. Defaults
- to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a Helm
- action. Defaults to '5m0s'.
- type: string
- uninstall:
- description: Uninstall holds the configuration for Helm uninstall
- actions for this HelmRelease.
- properties:
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm rollback action.
- type: boolean
- disableWait:
- description: DisableWait disables waiting for all the resources
- to be deleted after a Helm uninstall is performed.
- type: boolean
- keepHistory:
- description: KeepHistory tells Helm to remove all associated resources
- and mark the release as deleted, but retain the release history.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- upgrade:
- description: Upgrade holds the configuration for Helm upgrade actions
- for this HelmRelease.
- properties:
- cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created
- during the Helm upgrade action when it fails.
- type: boolean
- crds:
- description: "CRDs upgrade CRDs from the Helm Chart's crds directory
- according to the CRD upgrade policy provided here. Valid values
- are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and
- if omitted CRDs are neither installed nor upgraded. \n Skip:
- do neither install nor replace (update) any CRDs. \n Create:
- new CRDs are created, existing CRDs are neither updated nor
- deleted. \n CreateReplace: new CRDs are created, existing CRDs
- are updated (replaced) but not deleted. \n By default, CRDs
- are not applied during Helm upgrade action. With this option
- users can opt-in to CRD upgrade, which is not (yet) natively
- supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
- enum:
- - Skip
- - Create
- - CreateReplace
- type: string
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm upgrade action.
- type: boolean
- disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm upgrade
- action from validating rendered templates against the Kubernetes
- OpenAPI Schema.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm upgrade has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm upgrade has been performed.
- type: boolean
- force:
- description: Force forces resource updates through a replacement
- strategy.
- type: boolean
- preserveValues:
- description: PreserveValues will make Helm reuse the last release's
- values and merge in overrides from 'Values'. Setting this flag
- makes the HelmRelease non-declarative.
- type: boolean
- remediation:
- description: Remediation holds the remediation configuration for
- when the Helm upgrade action for the HelmRelease fails. The
- default is to not perform any action.
- properties:
- ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip
- remediation when the Helm tests are run after an upgrade
- action but fail. Defaults to 'Test.IgnoreFailures'.
- type: boolean
- remediateLastFailure:
- description: RemediateLastFailure tells the controller to
- remediate the last failure, when no retries remain. Defaults
- to 'false' unless 'Retries' is greater than 0.
- type: boolean
- retries:
- description: Retries is the number of retries that should
- be attempted on failures before bailing. Remediation, using
- 'Strategy', is performed between each attempt. Defaults
- to '0', a negative integer equals to unlimited retries.
- type: integer
- strategy:
- description: Strategy to use for failure remediation. Defaults
- to 'rollback'.
- enum:
- - rollback
- - uninstall
- type: string
- type: object
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- values:
- description: Values holds the values for this Helm release.
- x-kubernetes-preserve-unknown-fields: true
- valuesFrom:
- description: ValuesFrom holds references to resources containing Helm
- values for this HelmRelease, and information about how they should
- be merged.
- items:
- description: ValuesReference contains a reference to a resource
- containing Helm values, and optionally the key they can be found
- at.
- properties:
- kind:
- description: Kind of the values referent, valid values are ('Secret',
- 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside in the
- same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- optional:
- description: Optional marks this ValuesReference as optional.
- When set, a not found error for the values reference is ignored,
- but any ValuesKey, TargetPath or transient error will still
- result in a reconciliation failure.
- type: boolean
- targetPath:
- description: TargetPath is the YAML dot notation path the value
- should be merged at. When set, the ValuesKey is expected to
- be a single flat value. Defaults to 'None', which results
- in the values getting merged at the root.
- type: string
- valuesKey:
- description: ValuesKey is the data key where the values.yaml
- or a specific value can be found at. Defaults to 'values.yaml'.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- required:
- - chart
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmReleaseStatus defines the observed state of a HelmRelease.
- properties:
- conditions:
- description: Conditions holds the conditions for the HelmRelease.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- failures:
- description: Failures is the reconciliation failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- helmChart:
- description: HelmChart is the namespaced name of the HelmChart resource
- created by the controller for the HelmRelease.
- type: string
- installFailures:
- description: InstallFailures is the install failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- lastAppliedRevision:
- description: LastAppliedRevision is the revision of the last successfully
- applied source.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastAttemptedValuesChecksum:
- description: LastAttemptedValuesChecksum is the SHA1 checksum of the
- values of the last reconciliation attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- lastReleaseRevision:
- description: LastReleaseRevision is the revision of the last successful
- Helm release.
- type: integer
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- upgradeFailures:
- description: UpgradeFailures is the upgrade failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmrepositories.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: HelmRepository
- listKind: HelmRepositoryList
- plural: helmrepositories
- shortNames:
- - helmrepo
- singular: helmrepository
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: HelmRepository is the Schema for the helmrepositories API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmRepositorySpec defines the reference to a Helm repository.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- interval:
- description: The interval at which to check the upstream for updates.
- type: string
- passCredentials:
- description: PassCredentials allows the credentials from the SecretRef
- to be passed on to a host that does not match the host as defined
- in URL. This may be required if the host of the advertised chart
- URLs in the index differ from the defined URL. Enabling this should
- be done with caution, as it can potentially result in credentials
- getting stolen in a MITM-attack.
- type: boolean
- secretRef:
- description: The name of the secret containing authentication credentials
- for the Helm repository. For HTTP/S basic auth the secret must contain
- username and password fields. For TLS the secret must contain a
- certFile and keyFile, and/or caCert fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout of index downloading, defaults to 60s.
- type: string
- url:
- description: The Helm repository URL, a valid URL contains at least
- a protocol and host.
- type: string
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmRepositoryStatus defines the observed state of the HelmRepository.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- repository sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the last index fetched.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: HelmRepository is the Schema for the helmrepositories API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmRepositorySpec specifies the required configuration to
- produce an Artifact for a Helm repository index YAML.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- interval:
- description: Interval at which to check the URL for updates.
- type: string
- passCredentials:
- description: PassCredentials allows the credentials from the SecretRef
- to be passed on to a host that does not match the host as defined
- in URL. This may be required if the host of the advertised chart
- URLs in the index differ from the defined URL. Enabling this should
- be done with caution, as it can potentially result in credentials
- getting stolen in a MITM-attack.
- type: boolean
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the HelmRepository. For HTTP/S basic auth the secret
- must contain 'username' and 'password' fields. For TLS the secret
- must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this HelmRepository.
- type: boolean
- timeout:
- default: 60s
- description: Timeout of the index fetch operation, defaults to 60s.
- type: string
- type:
- description: Type of the HelmRepository. When this field is set to "oci",
- the URL field value must be prefixed with "oci://".
- enum:
- - default
- - oci
- type: string
- url:
- description: URL of the Helm repository, a valid URL contains at least
- a protocol and host.
- type: string
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmRepositoryStatus records the observed state of the HelmRepository.
- properties:
- artifact:
- description: Artifact represents the last successful HelmRepository
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the HelmRepository object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: kustomizations.kustomize.toolkit.fluxcd.io
-spec:
- group: kustomize.toolkit.fluxcd.io
- names:
- kind: Kustomization
- listKind: KustomizationList
- plural: kustomizations
- shortNames:
- - ks
- singular: kustomization
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Kustomization is the Schema for the kustomizations API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: KustomizationSpec defines the desired state of a kustomization.
- properties:
- decryption:
- description: Decrypt Kubernetes secrets before applying them on the
- cluster.
- properties:
- provider:
- description: Provider is the name of the decryption engine.
- enum:
- - sops
- type: string
- secretRef:
- description: The secret name containing the private OpenPGP keys
- used for decryption.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - provider
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to Kustomization resources that must be ready
- before this Kustomization can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- force:
- default: false
- description: Force instructs the controller to recreate resources
- when patching fails due to an immutable field change.
- type: boolean
- healthChecks:
- description: A list of resources to be included in the health assessment.
- items:
- description: NamespacedObjectKindReference contains enough information
- to locate the typed referenced Kubernetes resource object in any
- namespace.
- properties:
- apiVersion:
- description: API version of the referent, if not specified the
- Kubernetes preferred version will be used.
- type: string
- kind:
- description: Kind of the referent.
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- images:
- description: Images is a list of (image name, new name, new tag or
- digest) for changing image names, tags or digests. This can also
- be achieved with a patch, but this operator is simpler to specify.
- items:
- description: Image contains an image name, a new name, a new tag
- or digest, which will replace the original name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the original
- image tag. If digest is present NewTag value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace the original
- name.
- type: string
- newTag:
- description: NewTag is the value used to replace the original
- tag.
- type: string
- required:
- - name
- type: object
- type: array
- interval:
- description: The interval at which to reconcile the Kustomization.
- type: string
- kubeConfig:
- description: The KubeConfig for reconciling the Kustomization on a
- remote cluster. When specified, KubeConfig takes precedence over
- ServiceAccountName.
- properties:
- secretRef:
- description: SecretRef holds the name to a secret that contains
- a 'value' key with the kubeconfig file as the value. It must
- be in the same namespace as the Kustomization. It is recommended
- that the kubeconfig is self-contained, and the secret is regularly
- updated if credentials such as a cloud-access-token expire.
- Cloud specific `cmd-path` auth helpers will not function without
- adding binaries and credentials to the Pod that is responsible
- for reconciling the Kustomization.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- type: object
- patches:
- description: Strategic merge and JSON patches, defined as inline YAML
- objects, capable of targeting objects based on kind, label and annotation
- selectors.
- items:
- description: Patch contains an inline StrategicMerge or JSON6902
- patch, and the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge patch or
- an inline JSON6902 patch with an array of operation objects.
- type: string
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: JSON 6902 patches, defined as inline YAML objects.
- items:
- description: JSON6902Patch contains a JSON6902 patch and the target
- the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document with
- an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value that references
- a location within the target document where the operation
- is performed. The meaning of the value depends on the
- value of Op, and is NOT taken into account by all operations.
- type: string
- op:
- description: Op indicates the operation to perform. Its
- value MUST be one of "add", "remove", "replace", "move",
- "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer value that
- references a location within the target document where
- the operation is performed. The meaning of the value
- depends on the value of Op.
- type: string
- value:
- description: Value contains a valid JSON structure. The
- meaning of the value depends on the value of Op, and
- is NOT taken into account by all operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: Strategic merge patches, defined as inline YAML objects.
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- path:
- description: Path to the directory containing the kustomization.yaml
- file, or the set of plain YAMLs a kustomization.yaml should be generated
- for. Defaults to 'None', which translates to the root path of the
- SourceRef.
- type: string
- postBuild:
- description: PostBuild describes which actions to perform on the YAML
- manifest generated by building the kustomize overlay.
- properties:
- substitute:
- additionalProperties:
- type: string
- description: Substitute holds a map of key/value pairs. The variables
- defined in your YAML manifests that match any of the keys defined
- in the map will be substituted with the set value. Includes
- support for bash string replacement functions e.g. ${var:=default},
- ${var:position} and ${var/substring/replacement}.
- type: object
- substituteFrom:
- description: SubstituteFrom holds references to ConfigMaps and
- Secrets containing the variables and their values to be substituted
- in the YAML manifests. The ConfigMap and the Secret data keys
- represent the var names and they must match the vars declared
- in the manifests for the substitution to happen.
- items:
- description: SubstituteReference contains a reference to a resource
- containing the variables name and value.
- properties:
- kind:
- description: Kind of the values referent, valid values are
- ('Secret', 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside
- in the same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- type: object
- prune:
- description: Prune enables garbage collection.
- type: boolean
- retryInterval:
- description: The interval at which to retry a previously failed reconciliation.
- When not specified, the controller uses the KustomizationSpec.Interval
- value to retry failures.
- type: string
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this Kustomization.
- type: string
- sourceRef:
- description: Reference of the source where the kustomization file
- is.
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent
- type: string
- namespace:
- description: Namespace of the referent, defaults to the Kustomization
- namespace
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- kustomize executions, it does not apply to already started executions.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace sets or overrides the namespace in the
- kustomization.yaml file.
- maxLength: 63
- minLength: 1
- type: string
- timeout:
- description: Timeout for validation, apply and health checking operations.
- Defaults to 'Interval' duration.
- type: string
- validation:
- description: Validate the Kubernetes objects before applying them
- on the cluster. The validation strategy can be 'client' (local dry-run),
- 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',
- validation will fallback to 'client' if set to 'server' because
- server-side validation is not supported in this scenario.
- enum:
- - none
- - client
- - server
- type: string
- required:
- - interval
- - prune
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: KustomizationStatus defines the observed state of a kustomization.
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastAppliedRevision:
- description: The last successfully applied revision. The revision
- format for Git sources is <branch|tag>/<commit-sha>.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- snapshot:
- description: The last successfully applied revision metadata.
- properties:
- checksum:
- description: The manifests sha1 checksum.
- type: string
- entries:
- description: A list of Kubernetes kinds grouped by namespace.
- items:
- description: Snapshot holds the metadata of namespaced Kubernetes
- objects
- properties:
- kinds:
- additionalProperties:
- type: string
- description: The list of Kubernetes kinds.
- type: object
- namespace:
- description: The namespace of this entry.
- type: string
- required:
- - kinds
- type: object
- type: array
- required:
- - checksum
- - entries
- type: object
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: Kustomization is the Schema for the kustomizations API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: KustomizationSpec defines the configuration to calculate
- the desired state from a Source using Kustomize.
- properties:
- decryption:
- description: Decrypt Kubernetes secrets before applying them on the
- cluster.
- properties:
- provider:
- description: Provider is the name of the decryption engine.
- enum:
- - sops
- type: string
- secretRef:
- description: The secret name containing the private OpenPGP keys
- used for decryption.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - provider
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to Kustomization resources that must be ready
- before this Kustomization can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- force:
- default: false
- description: Force instructs the controller to recreate resources
- when patching fails due to an immutable field change.
- type: boolean
- healthChecks:
- description: A list of resources to be included in the health assessment.
- items:
- description: NamespacedObjectKindReference contains enough information
- to locate the typed referenced Kubernetes resource object in any
- namespace.
- properties:
- apiVersion:
- description: API version of the referent, if not specified the
- Kubernetes preferred version will be used.
- type: string
- kind:
- description: Kind of the referent.
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- images:
- description: Images is a list of (image name, new name, new tag or
- digest) for changing image names, tags or digests. This can also
- be achieved with a patch, but this operator is simpler to specify.
- items:
- description: Image contains an image name, a new name, a new tag
- or digest, which will replace the original name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the original
- image tag. If digest is present NewTag value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace the original
- name.
- type: string
- newTag:
- description: NewTag is the value used to replace the original
- tag.
- type: string
- required:
- - name
- type: object
- type: array
- interval:
- description: The interval at which to reconcile the Kustomization.
- type: string
- kubeConfig:
- description: The KubeConfig for reconciling the Kustomization on a
- remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,
- forces the controller to act on behalf of that Service Account at
- the target cluster. If the --default-service-account flag is set,
- its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName
- is empty.
- properties:
- secretRef:
- description: SecretRef holds the name of a secret that contains
- a key with the kubeconfig file as the value. If no key is set,
- the key will default to 'value'. The secret must be in the same
- namespace as the Kustomization. It is recommended that the kubeconfig
- is self-contained, and the secret is regularly updated if credentials
- such as a cloud-access-token expire. Cloud specific `cmd-path`
- auth helpers will not function without adding binaries and credentials
- to the Pod that is responsible for reconciling the Kustomization.
- properties:
- key:
- description: Key in the Secret, when not specified an implementation-specific
- default key is used.
- type: string
- name:
- description: Name of the Secret.
- type: string
- required:
- - name
- type: object
- type: object
- patches:
- description: Strategic merge and JSON patches, defined as inline YAML
- objects, capable of targeting objects based on kind, label and annotation
- selectors.
- items:
- description: Patch contains an inline StrategicMerge or JSON6902
- patch, and the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge patch or
- an inline JSON6902 patch with an array of operation objects.
- type: string
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:
- Use Patches instead.'
- items:
- description: JSON6902Patch contains a JSON6902 patch and the target
- the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document with
- an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value that references
- a location within the target document where the operation
- is performed. The meaning of the value depends on the
- value of Op, and is NOT taken into account by all operations.
- type: string
- op:
- description: Op indicates the operation to perform. Its
- value MUST be one of "add", "remove", "replace", "move",
- "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer value that
- references a location within the target document where
- the operation is performed. The meaning of the value
- depends on the value of Op.
- type: string
- value:
- description: Value contains a valid JSON structure. The
- meaning of the value depends on the value of Op, and
- is NOT taken into account by all operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: 'Strategic merge patches, defined as inline YAML objects.
- Deprecated: Use Patches instead.'
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- path:
- description: Path to the directory containing the kustomization.yaml
- file, or the set of plain YAMLs a kustomization.yaml should be generated
- for. Defaults to 'None', which translates to the root path of the
- SourceRef.
- type: string
- postBuild:
- description: PostBuild describes which actions to perform on the YAML
- manifest generated by building the kustomize overlay.
- properties:
- substitute:
- additionalProperties:
- type: string
- description: Substitute holds a map of key/value pairs. The variables
- defined in your YAML manifests that match any of the keys defined
- in the map will be substituted with the set value. Includes
- support for bash string replacement functions e.g. ${var:=default},
- ${var:position} and ${var/substring/replacement}.
- type: object
- substituteFrom:
- description: SubstituteFrom holds references to ConfigMaps and
- Secrets containing the variables and their values to be substituted
- in the YAML manifests. The ConfigMap and the Secret data keys
- represent the var names and they must match the vars declared
- in the manifests for the substitution to happen.
- items:
- description: SubstituteReference contains a reference to a resource
- containing the variables name and value.
- properties:
- kind:
- description: Kind of the values referent, valid values are
- ('Secret', 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside
- in the same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- optional:
- default: false
- description: Optional indicates whether the referenced resource
- must exist, or whether to tolerate its absence. If true
- and the referenced resource is absent, proceed as if the
- resource was present but empty, without any variables
- defined.
- type: boolean
- required:
- - kind
- - name
- type: object
- type: array
- type: object
- prune:
- description: Prune enables garbage collection.
- type: boolean
- retryInterval:
- description: The interval at which to retry a previously failed reconciliation.
- When not specified, the controller uses the KustomizationSpec.Interval
- value to retry failures.
- type: string
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this Kustomization.
- type: string
- sourceRef:
- description: Reference of the source where the kustomization file
- is.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- kind:
- description: Kind of the referent.
- enum:
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, defaults to the namespace
- of the Kubernetes resource object that contains the reference.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- kustomize executions, it does not apply to already started executions.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace sets or overrides the namespace in the
- kustomization.yaml file.
- maxLength: 63
- minLength: 1
- type: string
- timeout:
- description: Timeout for validation, apply and health checking operations.
- Defaults to 'Interval' duration.
- type: string
- validation:
- description: 'Deprecated: Not used in v1beta2.'
- enum:
- - none
- - client
- - server
- type: string
- wait:
- description: Wait instructs the controller to check the health of
- all the reconciled resources. When enabled, the HealthChecks are
- ignored. Defaults to false.
- type: boolean
- required:
- - interval
- - prune
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: KustomizationStatus defines the observed state of a kustomization.
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- inventory:
- description: Inventory contains the list of Kubernetes resource object
- references that have been successfully applied.
- properties:
- entries:
- description: Entries of Kubernetes resource object references.
- items:
- description: ResourceRef contains the information necessary
- to locate a resource within a cluster.
- properties:
- id:
- description: ID is the string representation of the Kubernetes
- resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
- type: string
- v:
- description: Version is the API version of the Kubernetes
- resource object's kind.
- type: string
- required:
- - id
- - v
- type: object
- type: array
- required:
- - entries
- type: object
- lastAppliedRevision:
- description: The last successfully applied revision. The revision
- format for Git sources is <branch|tag>/<commit-sha>.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: providers.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Provider
- listKind: ProviderList
- plural: providers
- singular: provider
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Provider is the Schema for the providers API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ProviderSpec defines the desired state of Provider
- properties:
- address:
- description: HTTP/S webhook address of this provider
- pattern: ^(http|https)://
- type: string
- certSecretRef:
- description: CertSecretRef can be given the name of a secret containing
- a PEM-encoded CA certificate (`caFile`)
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- channel:
- description: Alert channel for this provider
- type: string
- proxy:
- description: HTTP/S address of the proxy
- pattern: ^(http|https)://
- type: string
- secretRef:
- description: Secret reference containing the provider webhook URL
- using "address" as data key
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- events handling. Defaults to false.
- type: boolean
- type:
- description: Type of provider
- enum:
- - slack
- - discord
- - msteams
- - rocket
- - generic
- - github
- - gitlab
- - bitbucket
- - azuredevops
- - googlechat
- - webex
- - sentry
- - azureeventhub
- - telegram
- - lark
- - matrix
- - opsgenie
- - alertmanager
- - grafana
- - githubdispatch
- type: string
- username:
- description: Bot username for this provider
- type: string
- required:
- - type
- type: object
- status:
- default:
- observedGeneration: -1
- description: ProviderStatus defines the observed state of Provider
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: receivers.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Receiver
- listKind: ReceiverList
- plural: receivers
- singular: receiver
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Receiver is the Schema for the receivers API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ReceiverSpec defines the desired state of Receiver
- properties:
- events:
- description: A list of events to handle, e.g. 'push' for GitHub or
- 'Push Hook' for GitLab.
- items:
- type: string
- type: array
- resources:
- description: A list of resources to be notified about changes.
- items:
- description: CrossNamespaceObjectReference contains enough information
- to let you locate the typed referenced object at cluster level
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - Bucket
- - GitRepository
- - Kustomization
- - HelmRelease
- - HelmChart
- - HelmRepository
- - ImageRepository
- - ImagePolicy
- - ImageUpdateAutomation
- type: string
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator
- is "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- name:
- description: Name of the referent
- maxLength: 53
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent
- maxLength: 53
- minLength: 1
- type: string
- required:
- - name
- type: object
- type: array
- secretRef:
- description: Secret reference containing the token used to validate
- the payload authenticity
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- events handling. Defaults to false.
- type: boolean
- type:
- description: Type of webhook sender, used to determine the validation
- procedure and payload deserialization.
- enum:
- - generic
- - generic-hmac
- - github
- - gitlab
- - bitbucket
- - harbor
- - dockerhub
- - quay
- - gcr
- - nexus
- - acr
- type: string
- required:
- - resources
- - type
- type: object
- status:
- default:
- observedGeneration: -1
- description: ReceiverStatus defines the observed state of Receiver
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helm-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: kustomize-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: notification-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: source-controller
- namespace: flux-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: crd-controller-flux-system
-rules:
-- apiGroups:
- - source.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - kustomize.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - helm.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - notification.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - image.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - ""
- resources:
- - namespaces
- - secrets
- - configmaps
- - serviceaccounts
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
-- apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - ""
- resources:
- - configmaps/status
- verbs:
- - get
- - update
- - patch
-- apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: cluster-reconciler-flux-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
-- kind: ServiceAccount
- name: kustomize-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: helm-controller
- namespace: flux-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: crd-controller-flux-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: crd-controller-flux-system
-subjects:
-- kind: ServiceAccount
- name: kustomize-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: helm-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: source-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: notification-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: image-reflector-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: image-automation-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: notification-controller
- namespace: flux-system
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: notification-controller
- type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: source-controller
- namespace: flux-system
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: source-controller
- type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: webhook-receiver
- namespace: flux-system
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http-webhook
- selector:
- app: notification-controller
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: helm-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: helm-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: helm-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/helm-controller:v0.22.2
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: helm-controller
- terminationGracePeriodSeconds: 600
- volumes:
- - emptyDir: {}
- name: temp
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: kustomize-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: kustomize-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: kustomize-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/kustomize-controller:v0.26.3
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: kustomize-controller
- terminationGracePeriodSeconds: 60
- volumes:
- - emptyDir: {}
- name: temp
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: notification-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: notification-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: notification-controller
- spec:
- containers:
- - args:
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/notification-controller:v0.24.1
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9090
- name: http
- protocol: TCP
- - containerPort: 9292
- name: http-webhook
- protocol: TCP
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: notification-controller
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: temp
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: source-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: source-controller
- strategy:
- type: Recreate
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: source-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- - --storage-path=/data
- - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/source-controller:v0.25.11
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9090
- name: http
- protocol: TCP
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /
- port: http
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 50m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /data
- name: data
- - mountPath: /tmp
- name: tmp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: source-controller
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: data
- - emptyDir: {}
- name: tmp
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: allow-egress
- namespace: flux-system
-spec:
- egress:
- - {}
- ingress:
- - from:
- - podSelector: {}
- podSelector: {}
- policyTypes:
- - Ingress
- - Egress
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: allow-scraping
- namespace: flux-system
-spec:
- ingress:
- - from:
- - namespaceSelector: {}
- ports:
- - port: 8080
- protocol: TCP
- podSelector: {}
- policyTypes:
- - Ingress
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: allow-webhooks
- namespace: flux-system
-spec:
- ingress:
- - from:
- - namespaceSelector: {}
- podSelector:
- matchLabels:
- app: notification-controller
- policyTypes:
- - Ingress
diff --git a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/gotk-sync.yaml b/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/gotk-sync.yaml
deleted file mode 100644
index 7d0d7aa..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/gotk-sync.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-# This manifest was generated by flux. DO NOT EDIT.
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: GitRepository
-metadata:
- name: flux-system
- namespace: flux-system
-spec:
- interval: 1m0s
- ref:
- branch: master
- secretRef:
- name: flux-system
- url: ssh://git@10.57.100.7/srv/git/tyilnet
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: flux-system
- namespace: flux-system
-spec:
- interval: 10m0s
- path: ./playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net
- prune: true
- sourceRef:
- kind: GitRepository
- name: flux-system
diff --git a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/kustomization.yaml b/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/kustomization.yaml
deleted file mode 100644
index 3842229..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/kustomization.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- gotk-components.yaml
-- gotk-sync.yaml
diff --git a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-configuration.yaml b/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-configuration.yaml
deleted file mode 100644
index 2b28e78..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-configuration.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: infrastructure-configurations
- namespace: flux-system
-spec:
- interval: 10m0s
- dependsOn:
- - name: infrastructure-releases
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/manifests/infrastructure/configuration
- prune: true
- wait: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-releases.yaml b/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-releases.yaml
deleted file mode 100644
index 9006f0f..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-releases.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: infrastructure-releases
- namespace: flux-system
-spec:
- interval: 10m0s
- dependsOn:
- - name: infrastructure-sources
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/manifests/infrastructure/releases
- prune: true
- wait: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-sources.yaml b/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-sources.yaml
deleted file mode 100644
index b07ca57..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-sources.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: infrastructure-sources
- namespace: flux-system
-spec:
- interval: 10m0s
- dependsOn:
- - name: namespaces
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/manifests/infrastructure/sources
- prune: true
- wait: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/namespaces.yaml b/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/namespaces.yaml
deleted file mode 100644
index 6e0395e..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/namespaces.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: namespaces
- namespace: flux-system
-spec:
- interval: 10m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/manifests/namespaces
- prune: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/applications.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/applications.yaml
deleted file mode 100644
index 8e8d43c..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/applications.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: applications
- namespace: flux-system
-spec:
- interval: 10m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/share/manifests/applications/hurzak.tyil.net
- prune: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-components.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-components.yaml
deleted file mode 100644
index 4c7ce9b..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-components.yaml
+++ /dev/null
@@ -1,5583 +0,0 @@
----
-# This manifest was generated by flux. DO NOT EDIT.
-# Flux Version: v0.31.5
-# Components: source-controller,kustomize-controller,helm-controller,notification-controller
-apiVersion: v1
-kind: Namespace
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- pod-security.kubernetes.io/warn: restricted
- pod-security.kubernetes.io/warn-version: latest
- name: flux-system
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: alerts.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Alert
- listKind: AlertList
- plural: alerts
- singular: alert
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Alert is the Schema for the alerts API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: AlertSpec defines an alerting rule for events involving a
- list of objects
- properties:
- eventSeverity:
- default: info
- description: Filter events based on severity, defaults to ('info').
- If set to 'info' no events will be filtered.
- enum:
- - info
- - error
- type: string
- eventSources:
- description: Filter events based on the involved objects.
- items:
- description: CrossNamespaceObjectReference contains enough information
- to let you locate the typed referenced object at cluster level
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - Bucket
- - GitRepository
- - Kustomization
- - HelmRelease
- - HelmChart
- - HelmRepository
- - ImageRepository
- - ImagePolicy
- - ImageUpdateAutomation
- type: string
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator
- is "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- name:
- description: Name of the referent
- maxLength: 53
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent
- maxLength: 53
- minLength: 1
- type: string
- required:
- - name
- type: object
- type: array
- exclusionList:
- description: A list of Golang regular expressions to be used for excluding
- messages.
- items:
- type: string
- type: array
- providerRef:
- description: Send events using this provider.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- summary:
- description: Short description of the impact and affected cluster.
- type: string
- suspend:
- description: This flag tells the controller to suspend subsequent
- events dispatching. Defaults to false.
- type: boolean
- required:
- - eventSources
- - providerRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: AlertStatus defines the observed state of Alert
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: buckets.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: Bucket
- listKind: BucketList
- plural: buckets
- singular: bucket
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.endpoint
- name: Endpoint
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Bucket is the Schema for the buckets API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BucketSpec defines the desired state of an S3 compatible
- bucket
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- bucketName:
- description: The bucket name.
- type: string
- endpoint:
- description: The bucket endpoint address.
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- insecure:
- description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
- type: boolean
- interval:
- description: The interval at which to check for bucket updates.
- type: string
- provider:
- default: generic
- description: The S3 compatible storage provider name, default ('generic').
- enum:
- - generic
- - aws
- - gcp
- type: string
- region:
- description: The bucket region.
- type: string
- secretRef:
- description: The name of the secret containing authentication credentials
- for the Bucket.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout for download operations, defaults to 60s.
- type: string
- required:
- - bucketName
- - endpoint
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: BucketStatus defines the observed state of a bucket
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- Bucket sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the Bucket.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the artifact output of the
- last Bucket sync.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.endpoint
- name: Endpoint
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: Bucket is the Schema for the buckets API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BucketSpec specifies the required configuration to produce
- an Artifact for an object storage bucket.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- bucketName:
- description: BucketName is the name of the object storage bucket.
- type: string
- endpoint:
- description: Endpoint is the object storage address the BucketName
- is located at.
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- insecure:
- description: Insecure allows connecting to a non-TLS HTTP Endpoint.
- type: boolean
- interval:
- description: Interval at which to check the Endpoint for updates.
- type: string
- provider:
- default: generic
- description: Provider of the object storage bucket. Defaults to 'generic',
- which expects an S3 (API) compatible object storage.
- enum:
- - generic
- - aws
- - gcp
- - azure
- type: string
- region:
- description: Region of the Endpoint where the BucketName is located
- in.
- type: string
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the Bucket.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this Bucket.
- type: boolean
- timeout:
- default: 60s
- description: Timeout for fetch operations, defaults to 60s.
- type: string
- required:
- - bucketName
- - endpoint
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: BucketStatus records the observed state of a Bucket.
- properties:
- artifact:
- description: Artifact represents the last successful Bucket reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the Bucket.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the Bucket object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: gitrepositories.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: GitRepository
- listKind: GitRepositoryList
- plural: gitrepositories
- shortNames:
- - gitrepo
- singular: gitrepository
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: GitRepository is the Schema for the gitrepositories API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: GitRepositorySpec defines the desired state of a Git repository.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- gitImplementation:
- default: go-git
- description: Determines which git client library to use. Defaults
- to go-git, valid values are ('go-git', 'libgit2').
- enum:
- - go-git
- - libgit2
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- include:
- description: Extra git repositories to map into the repository
- items:
- description: GitRepositoryInclude defines a source with a from and
- to path.
- properties:
- fromPath:
- description: The path to copy contents from, defaults to the
- root directory.
- type: string
- repository:
- description: Reference to a GitRepository to include.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- toPath:
- description: The path to copy contents to, defaults to the name
- of the source ref.
- type: string
- required:
- - repository
- type: object
- type: array
- interval:
- description: The interval at which to check for repository updates.
- type: string
- recurseSubmodules:
- description: When enabled, after the clone is created, initializes
- all submodules within, using their default settings. This option
- is available only when using the 'go-git' GitImplementation.
- type: boolean
- ref:
- description: The Git reference to checkout and monitor for changes,
- defaults to master branch.
- properties:
- branch:
- description: The Git branch to checkout, defaults to master.
- type: string
- commit:
- description: The Git commit SHA to checkout, if specified Tag
- filters will be ignored.
- type: string
- semver:
- description: The Git tag semver expression, takes precedence over
- Tag.
- type: string
- tag:
- description: The Git tag to checkout, takes precedence over Branch.
- type: string
- type: object
- secretRef:
- description: The secret name containing the Git credentials. For HTTPS
- repositories the secret must contain username and password fields.
- For SSH repositories the secret must contain identity and known_hosts
- fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout for remote Git operations like cloning, defaults
- to 60s.
- type: string
- url:
- description: The repository URL, can be a HTTP/S or SSH address.
- pattern: ^(http|https|ssh)://
- type: string
- verify:
- description: Verify OpenPGP signature for the Git commit HEAD points
- to.
- properties:
- mode:
- description: Mode describes what git object should be verified,
- currently ('head').
- enum:
- - head
- type: string
- secretRef:
- description: The secret name containing the public keys of all
- trusted Git authors.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - mode
- type: object
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: GitRepositoryStatus defines the observed state of a Git repository.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- repository sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the GitRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- includedArtifacts:
- description: IncludedArtifacts represents the included artifacts from
- the last successful repository sync.
- items:
- description: Artifact represents the output of a source synchronisation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the artifact output of the
- last repository sync.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: GitRepository is the Schema for the gitrepositories API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: GitRepositorySpec specifies the required configuration to
- produce an Artifact for a Git repository.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- gitImplementation:
- default: go-git
- description: GitImplementation specifies which Git client library
- implementation to use. Defaults to 'go-git', valid values are ('go-git',
- 'libgit2').
- enum:
- - go-git
- - libgit2
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- include:
- description: Include specifies a list of GitRepository resources which
- Artifacts should be included in the Artifact produced for this GitRepository.
- items:
- description: GitRepositoryInclude specifies a local reference to
- a GitRepository which Artifact (sub-)contents must be included,
- and where they should be placed.
- properties:
- fromPath:
- description: FromPath specifies the path to copy contents from,
- defaults to the root of the Artifact.
- type: string
- repository:
- description: GitRepositoryRef specifies the GitRepository which
- Artifact contents must be included.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- toPath:
- description: ToPath specifies the path to copy contents to,
- defaults to the name of the GitRepositoryRef.
- type: string
- required:
- - repository
- type: object
- type: array
- interval:
- description: Interval at which to check the GitRepository for updates.
- type: string
- recurseSubmodules:
- description: RecurseSubmodules enables the initialization of all submodules
- within the GitRepository as cloned from the URL, using their default
- settings. This option is available only when using the 'go-git'
- GitImplementation.
- type: boolean
- ref:
- description: Reference specifies the Git reference to resolve and
- monitor for changes, defaults to the 'master' branch.
- properties:
- branch:
- description: "Branch to check out, defaults to 'master' if no
- other field is defined. \n When GitRepositorySpec.GitImplementation
- is set to 'go-git', a shallow clone of the specified branch
- is performed."
- type: string
- commit:
- description: "Commit SHA to check out, takes precedence over all
- reference fields. \n When GitRepositorySpec.GitImplementation
- is set to 'go-git', this can be combined with Branch to shallow
- clone the branch, in which the commit is expected to exist."
- type: string
- semver:
- description: SemVer tag expression to check out, takes precedence
- over Tag.
- type: string
- tag:
- description: Tag to check out, takes precedence over Branch.
- type: string
- type: object
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the GitRepository. For HTTPS repositories the Secret
- must contain 'username' and 'password' fields. For SSH repositories
- the Secret must contain 'identity' and 'known_hosts' fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this GitRepository.
- type: boolean
- timeout:
- default: 60s
- description: Timeout for Git operations like cloning, defaults to
- 60s.
- type: string
- url:
- description: URL specifies the Git repository URL, it can be an HTTP/S
- or SSH address.
- pattern: ^(http|https|ssh)://
- type: string
- verify:
- description: Verification specifies the configuration to verify the
- Git commit signature(s).
- properties:
- mode:
- description: Mode specifies what Git object should be verified,
- currently ('head').
- enum:
- - head
- type: string
- secretRef:
- description: SecretRef specifies the Secret containing the public
- keys of trusted Git authors.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - mode
- type: object
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: GitRepositoryStatus records the observed state of a Git repository.
- properties:
- artifact:
- description: Artifact represents the last successful GitRepository
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the GitRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- contentConfigChecksum:
- description: 'ContentConfigChecksum is a checksum of all the configurations
- related to the content of the source artifact: - .spec.ignore -
- .spec.recurseSubmodules - .spec.included and the checksum of the
- included artifacts observed in .status.observedGeneration version
- of the object. This can be used to determine if the content of the
- included repository has changed. It has the format of `<algo>:<checksum>`,
- for example: `sha256:<checksum>`.'
- type: string
- includedArtifacts:
- description: IncludedArtifacts contains a list of the last successfully
- included Artifacts as instructed by GitRepositorySpec.Include.
- items:
- description: Artifact represents the output of a Source reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact
- file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact.
- It can be used to locate the file in the root of the Artifact
- storage on the local file system of the controller managing
- the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the GitRepository object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmcharts.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: HelmChart
- listKind: HelmChartList
- plural: helmcharts
- shortNames:
- - hc
- singular: helmchart
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.chart
- name: Chart
- type: string
- - jsonPath: .spec.version
- name: Version
- type: string
- - jsonPath: .spec.sourceRef.kind
- name: Source Kind
- type: string
- - jsonPath: .spec.sourceRef.name
- name: Source Name
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: HelmChart is the Schema for the helmcharts API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmChartSpec defines the desired state of a Helm chart.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- chart:
- description: The name or path the Helm chart is available at in the
- SourceRef.
- type: string
- interval:
- description: The interval at which to check the Source for updates.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: Determines what enables the creation of a new artifact.
- Valid values are ('ChartVersion', 'Revision'). See the documentation
- of the values for an explanation on their behavior. Defaults to
- ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: The reference to the Source the chart is available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent, valid values are ('HelmRepository',
- 'GitRepository', 'Bucket').
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- valuesFile:
- description: Alternative values file to use as the default chart values,
- expected to be a relative path in the SourceRef. Deprecated in favor
- of ValuesFiles, for backwards compatibility the file defined here
- is merged before the ValuesFiles items. Ignored when omitted.
- type: string
- valuesFiles:
- description: Alternative list of values files to use as the chart
- values (values.yaml is not included by default), expected to be
- a relative path in the SourceRef. Values files are merged in the
- order of this list with the last file overriding the first. Ignored
- when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: The chart version semver expression, ignored for charts
- from GitRepository and Bucket sources. Defaults to latest when omitted.
- type: string
- required:
- - chart
- - interval
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmChartStatus defines the observed state of the HelmChart.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- chart sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmChart.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the last chart pulled.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.chart
- name: Chart
- type: string
- - jsonPath: .spec.version
- name: Version
- type: string
- - jsonPath: .spec.sourceRef.kind
- name: Source Kind
- type: string
- - jsonPath: .spec.sourceRef.name
- name: Source Name
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: HelmChart is the Schema for the helmcharts API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmChartSpec specifies the desired state of a Helm chart.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- chart:
- description: Chart is the name or path the Helm chart is available
- at in the SourceRef.
- type: string
- interval:
- description: Interval is the interval at which to check the Source
- for updates.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: ReconcileStrategy determines what enables the creation
- of a new artifact. Valid values are ('ChartVersion', 'Revision').
- See the documentation of the values for an explanation on their
- behavior. Defaults to ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: SourceRef is the reference to the Source the chart is
- available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent, valid values are ('HelmRepository',
- 'GitRepository', 'Bucket').
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- valuesFile:
- description: ValuesFile is an alternative values file to use as the
- default chart values, expected to be a relative path in the SourceRef.
- Deprecated in favor of ValuesFiles, for backwards compatibility
- the file specified here is merged before the ValuesFiles items.
- Ignored when omitted.
- type: string
- valuesFiles:
- description: ValuesFiles is an alternative list of values files to
- use as the chart values (values.yaml is not included by default),
- expected to be a relative path in the SourceRef. Values files are
- merged in the order of this list with the last file overriding the
- first. Ignored when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: Version is the chart version semver expression, ignored
- for charts from GitRepository and Bucket sources. Defaults to latest
- when omitted.
- type: string
- required:
- - chart
- - interval
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmChartStatus records the observed state of the HelmChart.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmChart.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedChartName:
- description: ObservedChartName is the last observed chart name as
- specified by the resolved chart reference.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the HelmChart object.
- format: int64
- type: integer
- observedSourceArtifactRevision:
- description: ObservedSourceArtifactRevision is the last observed Artifact.Revision
- of the HelmChartSpec.SourceRef.
- type: string
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmreleases.helm.toolkit.fluxcd.io
-spec:
- group: helm.toolkit.fluxcd.io
- names:
- kind: HelmRelease
- listKind: HelmReleaseList
- plural: helmreleases
- shortNames:
- - hr
- singular: helmrelease
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v2beta1
- schema:
- openAPIV3Schema:
- description: HelmRelease is the Schema for the helmreleases API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmReleaseSpec defines the desired state of a Helm release.
- properties:
- chart:
- description: Chart defines the template of the v1beta2.HelmChart that
- should be created for this HelmRelease.
- properties:
- spec:
- description: Spec holds the template for the v1beta2.HelmChartSpec
- for this HelmRelease.
- properties:
- chart:
- description: The name or path the Helm chart is available
- at in the SourceRef.
- type: string
- interval:
- description: Interval at which to check the v1beta2.Source
- for updates. Defaults to 'HelmReleaseSpec.Interval'.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: Determines what enables the creation of a new
- artifact. Valid values are ('ChartVersion', 'Revision').
- See the documentation of the values for an explanation on
- their behavior. Defaults to ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: The name and namespace of the v1beta2.Source
- the chart is available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent.
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- maxLength: 253
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent.
- maxLength: 63
- minLength: 1
- type: string
- required:
- - name
- type: object
- valuesFile:
- description: Alternative values file to use as the default
- chart values, expected to be a relative path in the SourceRef.
- Deprecated in favor of ValuesFiles, for backwards compatibility
- the file defined here is merged before the ValuesFiles items.
- Ignored when omitted.
- type: string
- valuesFiles:
- description: Alternative list of values files to use as the
- chart values (values.yaml is not included by default), expected
- to be a relative path in the SourceRef. Values files are
- merged in the order of this list with the last file overriding
- the first. Ignored when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: Version semver expression, ignored for charts
- from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults
- to latest when omitted.
- type: string
- required:
- - chart
- - sourceRef
- type: object
- required:
- - spec
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to HelmRelease resources that must be ready
- before this HelmRelease can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- install:
- description: Install holds the configuration for Helm install actions
- for this HelmRelease.
- properties:
- crds:
- description: "CRDs upgrade CRDs from the Helm Chart's crds directory
- according to the CRD upgrade policy provided here. Valid values
- are `Skip`, `Create` or `CreateReplace`. Default is `Create`
- and if omitted CRDs are installed but not updated. \n Skip:
- do neither install nor replace (update) any CRDs. \n Create:
- new CRDs are created, existing CRDs are neither updated nor
- deleted. \n CreateReplace: new CRDs are created, existing CRDs
- are updated (replaced) but not deleted. \n By default, CRDs
- are applied (installed) during Helm install action. With this
- option users can opt-in to CRD replace existing CRDs on Helm
- install actions, which is not (yet) natively supported by Helm.
- https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
- enum:
- - Skip
- - Create
- - CreateReplace
- type: string
- createNamespace:
- description: CreateNamespace tells the Helm install action to
- create the HelmReleaseSpec.TargetNamespace if it does not exist
- yet. On uninstall, the namespace will not be garbage collected.
- type: boolean
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm install action.
- type: boolean
- disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm install
- action from validating rendered templates against the Kubernetes
- OpenAPI Schema.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm install has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm install has been performed.
- type: boolean
- remediation:
- description: Remediation holds the remediation configuration for
- when the Helm install action for the HelmRelease fails. The
- default is to not perform any action.
- properties:
- ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip
- remediation when the Helm tests are run after an install
- action but fail. Defaults to 'Test.IgnoreFailures'.
- type: boolean
- remediateLastFailure:
- description: RemediateLastFailure tells the controller to
- remediate the last failure, when no retries remain. Defaults
- to 'false'.
- type: boolean
- retries:
- description: Retries is the number of retries that should
- be attempted on failures before bailing. Remediation, using
- an uninstall, is performed between each attempt. Defaults
- to '0', a negative integer equals to unlimited retries.
- type: integer
- type: object
- replace:
- description: Replace tells the Helm install action to re-use the
- 'ReleaseName', but only if that name is a deleted release which
- remains in the history.
- type: boolean
- skipCRDs:
- description: "SkipCRDs tells the Helm install action to not install
- any CRDs. By default, CRDs are installed if not already present.
- \n Deprecated use CRD policy (`crds`) attribute with value `Skip`
- instead."
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- interval:
- description: Interval at which to reconcile the Helm release.
- type: string
- kubeConfig:
- description: KubeConfig for reconciling the HelmRelease on a remote
- cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,
- forces the controller to act on behalf of that Service Account at
- the target cluster. If the --default-service-account flag is set,
- its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName
- is empty.
- properties:
- secretRef:
- description: SecretRef holds the name to a secret that contains
- a key with the kubeconfig file as the value. If no key is specified
- the key will default to 'value'. The secret must be in the same
- namespace as the HelmRelease. It is recommended that the kubeconfig
- is self-contained, and the secret is regularly updated if credentials
- such as a cloud-access-token expire. Cloud specific `cmd-path`
- auth helpers will not function without adding binaries and credentials
- to the Pod that is responsible for reconciling the HelmRelease.
- properties:
- key:
- description: Key in the Secret, when not specified an implementation-specific
- default key is used.
- type: string
- name:
- description: Name of the Secret.
- type: string
- required:
- - name
- type: object
- type: object
- maxHistory:
- description: MaxHistory is the number of revisions saved by Helm for
- this HelmRelease. Use '0' for an unlimited number of revisions;
- defaults to '10'.
- type: integer
- postRenderers:
- description: PostRenderers holds an array of Helm PostRenderers, which
- will be applied in order of their definition.
- items:
- description: PostRenderer contains a Helm PostRenderer specification.
- properties:
- kustomize:
- description: Kustomization to apply as PostRenderer.
- properties:
- images:
- description: Images is a list of (image name, new name,
- new tag or digest) for changing image names, tags or digests.
- This can also be achieved with a patch, but this operator
- is simpler to specify.
- items:
- description: Image contains an image name, a new name,
- a new tag or digest, which will replace the original
- name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the
- original image tag. If digest is present NewTag
- value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace
- the original name.
- type: string
- newTag:
- description: NewTag is the value used to replace the
- original tag.
- type: string
- required:
- - name
- type: object
- type: array
- patches:
- description: Strategic merge and JSON patches, defined as
- inline YAML objects, capable of targeting objects based
- on kind, label and annotation selectors.
- items:
- description: Patch contains an inline StrategicMerge or
- JSON6902 patch, and the target the patch should be applied
- to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge
- patch or an inline JSON6902 patch with an array
- of operation objects.
- type: string
- target:
- description: Target points to the resources that the
- patch document should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that
- follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select
- resources from. Together with Version and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources
- from. Together with Group and Version it is
- capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select
- resources from. Together with Group and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: JSON 6902 patches, defined as inline YAML objects.
- items:
- description: JSON6902Patch contains a JSON6902 patch and
- the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document
- with an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object.
- https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value
- that references a location within the target
- document where the operation is performed.
- The meaning of the value depends on the value
- of Op, and is NOT taken into account by all
- operations.
- type: string
- op:
- description: Op indicates the operation to perform.
- Its value MUST be one of "add", "remove",
- "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer
- value that references a location within the
- target document where the operation is performed.
- The meaning of the value depends on the value
- of Op.
- type: string
- value:
- description: Value contains a valid JSON structure.
- The meaning of the value depends on the value
- of Op, and is NOT taken into account by all
- operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the
- patch document should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that
- follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select
- resources from. Together with Version and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources
- from. Together with Group and Version it is
- capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select
- resources from. Together with Group and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: Strategic merge patches, defined as inline
- YAML objects.
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- type: object
- type: object
- type: array
- releaseName:
- description: ReleaseName used for the Helm release. Defaults to a
- composition of '[TargetNamespace-]Name'.
- maxLength: 53
- minLength: 1
- type: string
- rollback:
- description: Rollback holds the configuration for Helm rollback actions
- for this HelmRelease.
- properties:
- cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created
- during the Helm rollback action when it fails.
- type: boolean
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm rollback action.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm rollback has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm rollback has been performed.
- type: boolean
- force:
- description: Force forces resource updates through a replacement
- strategy.
- type: boolean
- recreate:
- description: Recreate performs pod restarts for the resource if
- applicable.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this HelmRelease.
- type: string
- storageNamespace:
- description: StorageNamespace used for the Helm storage. Defaults
- to the namespace of the HelmRelease.
- maxLength: 63
- minLength: 1
- type: string
- suspend:
- description: Suspend tells the controller to suspend reconciliation
- for this HelmRelease, it does not apply to already started reconciliations.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace to target when performing operations
- for the HelmRelease. Defaults to the namespace of the HelmRelease.
- maxLength: 63
- minLength: 1
- type: string
- test:
- description: Test holds the configuration for Helm test actions for
- this HelmRelease.
- properties:
- enable:
- description: Enable enables Helm test actions for this HelmRelease
- after an Helm install or upgrade action has been performed.
- type: boolean
- ignoreFailures:
- description: IgnoreFailures tells the controller to skip remediation
- when the Helm tests are run but fail. Can be overwritten for
- tests run after install or upgrade actions in 'Install.IgnoreTestFailures'
- and 'Upgrade.IgnoreTestFailures'.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation during the performance of a Helm test action. Defaults
- to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a Helm
- action. Defaults to '5m0s'.
- type: string
- uninstall:
- description: Uninstall holds the configuration for Helm uninstall
- actions for this HelmRelease.
- properties:
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm rollback action.
- type: boolean
- disableWait:
- description: DisableWait disables waiting for all the resources
- to be deleted after a Helm uninstall is performed.
- type: boolean
- keepHistory:
- description: KeepHistory tells Helm to remove all associated resources
- and mark the release as deleted, but retain the release history.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- upgrade:
- description: Upgrade holds the configuration for Helm upgrade actions
- for this HelmRelease.
- properties:
- cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created
- during the Helm upgrade action when it fails.
- type: boolean
- crds:
- description: "CRDs upgrade CRDs from the Helm Chart's crds directory
- according to the CRD upgrade policy provided here. Valid values
- are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and
- if omitted CRDs are neither installed nor upgraded. \n Skip:
- do neither install nor replace (update) any CRDs. \n Create:
- new CRDs are created, existing CRDs are neither updated nor
- deleted. \n CreateReplace: new CRDs are created, existing CRDs
- are updated (replaced) but not deleted. \n By default, CRDs
- are not applied during Helm upgrade action. With this option
- users can opt-in to CRD upgrade, which is not (yet) natively
- supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
- enum:
- - Skip
- - Create
- - CreateReplace
- type: string
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm upgrade action.
- type: boolean
- disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm upgrade
- action from validating rendered templates against the Kubernetes
- OpenAPI Schema.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm upgrade has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm upgrade has been performed.
- type: boolean
- force:
- description: Force forces resource updates through a replacement
- strategy.
- type: boolean
- preserveValues:
- description: PreserveValues will make Helm reuse the last release's
- values and merge in overrides from 'Values'. Setting this flag
- makes the HelmRelease non-declarative.
- type: boolean
- remediation:
- description: Remediation holds the remediation configuration for
- when the Helm upgrade action for the HelmRelease fails. The
- default is to not perform any action.
- properties:
- ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip
- remediation when the Helm tests are run after an upgrade
- action but fail. Defaults to 'Test.IgnoreFailures'.
- type: boolean
- remediateLastFailure:
- description: RemediateLastFailure tells the controller to
- remediate the last failure, when no retries remain. Defaults
- to 'false' unless 'Retries' is greater than 0.
- type: boolean
- retries:
- description: Retries is the number of retries that should
- be attempted on failures before bailing. Remediation, using
- 'Strategy', is performed between each attempt. Defaults
- to '0', a negative integer equals to unlimited retries.
- type: integer
- strategy:
- description: Strategy to use for failure remediation. Defaults
- to 'rollback'.
- enum:
- - rollback
- - uninstall
- type: string
- type: object
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- values:
- description: Values holds the values for this Helm release.
- x-kubernetes-preserve-unknown-fields: true
- valuesFrom:
- description: ValuesFrom holds references to resources containing Helm
- values for this HelmRelease, and information about how they should
- be merged.
- items:
- description: ValuesReference contains a reference to a resource
- containing Helm values, and optionally the key they can be found
- at.
- properties:
- kind:
- description: Kind of the values referent, valid values are ('Secret',
- 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside in the
- same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- optional:
- description: Optional marks this ValuesReference as optional.
- When set, a not found error for the values reference is ignored,
- but any ValuesKey, TargetPath or transient error will still
- result in a reconciliation failure.
- type: boolean
- targetPath:
- description: TargetPath is the YAML dot notation path the value
- should be merged at. When set, the ValuesKey is expected to
- be a single flat value. Defaults to 'None', which results
- in the values getting merged at the root.
- type: string
- valuesKey:
- description: ValuesKey is the data key where the values.yaml
- or a specific value can be found at. Defaults to 'values.yaml'.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- required:
- - chart
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmReleaseStatus defines the observed state of a HelmRelease.
- properties:
- conditions:
- description: Conditions holds the conditions for the HelmRelease.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- failures:
- description: Failures is the reconciliation failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- helmChart:
- description: HelmChart is the namespaced name of the HelmChart resource
- created by the controller for the HelmRelease.
- type: string
- installFailures:
- description: InstallFailures is the install failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- lastAppliedRevision:
- description: LastAppliedRevision is the revision of the last successfully
- applied source.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastAttemptedValuesChecksum:
- description: LastAttemptedValuesChecksum is the SHA1 checksum of the
- values of the last reconciliation attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- lastReleaseRevision:
- description: LastReleaseRevision is the revision of the last successful
- Helm release.
- type: integer
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- upgradeFailures:
- description: UpgradeFailures is the upgrade failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmrepositories.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: HelmRepository
- listKind: HelmRepositoryList
- plural: helmrepositories
- shortNames:
- - helmrepo
- singular: helmrepository
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: HelmRepository is the Schema for the helmrepositories API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmRepositorySpec defines the reference to a Helm repository.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- interval:
- description: The interval at which to check the upstream for updates.
- type: string
- passCredentials:
- description: PassCredentials allows the credentials from the SecretRef
- to be passed on to a host that does not match the host as defined
- in URL. This may be required if the host of the advertised chart
- URLs in the index differ from the defined URL. Enabling this should
- be done with caution, as it can potentially result in credentials
- getting stolen in a MITM-attack.
- type: boolean
- secretRef:
- description: The name of the secret containing authentication credentials
- for the Helm repository. For HTTP/S basic auth the secret must contain
- username and password fields. For TLS the secret must contain a
- certFile and keyFile, and/or caCert fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout of index downloading, defaults to 60s.
- type: string
- url:
- description: The Helm repository URL, a valid URL contains at least
- a protocol and host.
- type: string
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmRepositoryStatus defines the observed state of the HelmRepository.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- repository sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the last index fetched.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: HelmRepository is the Schema for the helmrepositories API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmRepositorySpec specifies the required configuration to
- produce an Artifact for a Helm repository index YAML.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- interval:
- description: Interval at which to check the URL for updates.
- type: string
- passCredentials:
- description: PassCredentials allows the credentials from the SecretRef
- to be passed on to a host that does not match the host as defined
- in URL. This may be required if the host of the advertised chart
- URLs in the index differ from the defined URL. Enabling this should
- be done with caution, as it can potentially result in credentials
- getting stolen in a MITM-attack.
- type: boolean
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the HelmRepository. For HTTP/S basic auth the secret
- must contain 'username' and 'password' fields. For TLS the secret
- must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this HelmRepository.
- type: boolean
- timeout:
- default: 60s
- description: Timeout of the index fetch operation, defaults to 60s.
- type: string
- type:
- description: Type of the HelmRepository. When this field is set to "oci",
- the URL field value must be prefixed with "oci://".
- enum:
- - default
- - oci
- type: string
- url:
- description: URL of the Helm repository, a valid URL contains at least
- a protocol and host.
- type: string
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmRepositoryStatus records the observed state of the HelmRepository.
- properties:
- artifact:
- description: Artifact represents the last successful HelmRepository
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the HelmRepository object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: kustomizations.kustomize.toolkit.fluxcd.io
-spec:
- group: kustomize.toolkit.fluxcd.io
- names:
- kind: Kustomization
- listKind: KustomizationList
- plural: kustomizations
- shortNames:
- - ks
- singular: kustomization
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Kustomization is the Schema for the kustomizations API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: KustomizationSpec defines the desired state of a kustomization.
- properties:
- decryption:
- description: Decrypt Kubernetes secrets before applying them on the
- cluster.
- properties:
- provider:
- description: Provider is the name of the decryption engine.
- enum:
- - sops
- type: string
- secretRef:
- description: The secret name containing the private OpenPGP keys
- used for decryption.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - provider
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to Kustomization resources that must be ready
- before this Kustomization can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- force:
- default: false
- description: Force instructs the controller to recreate resources
- when patching fails due to an immutable field change.
- type: boolean
- healthChecks:
- description: A list of resources to be included in the health assessment.
- items:
- description: NamespacedObjectKindReference contains enough information
- to locate the typed referenced Kubernetes resource object in any
- namespace.
- properties:
- apiVersion:
- description: API version of the referent, if not specified the
- Kubernetes preferred version will be used.
- type: string
- kind:
- description: Kind of the referent.
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- images:
- description: Images is a list of (image name, new name, new tag or
- digest) for changing image names, tags or digests. This can also
- be achieved with a patch, but this operator is simpler to specify.
- items:
- description: Image contains an image name, a new name, a new tag
- or digest, which will replace the original name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the original
- image tag. If digest is present NewTag value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace the original
- name.
- type: string
- newTag:
- description: NewTag is the value used to replace the original
- tag.
- type: string
- required:
- - name
- type: object
- type: array
- interval:
- description: The interval at which to reconcile the Kustomization.
- type: string
- kubeConfig:
- description: The KubeConfig for reconciling the Kustomization on a
- remote cluster. When specified, KubeConfig takes precedence over
- ServiceAccountName.
- properties:
- secretRef:
- description: SecretRef holds the name to a secret that contains
- a 'value' key with the kubeconfig file as the value. It must
- be in the same namespace as the Kustomization. It is recommended
- that the kubeconfig is self-contained, and the secret is regularly
- updated if credentials such as a cloud-access-token expire.
- Cloud specific `cmd-path` auth helpers will not function without
- adding binaries and credentials to the Pod that is responsible
- for reconciling the Kustomization.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- type: object
- patches:
- description: Strategic merge and JSON patches, defined as inline YAML
- objects, capable of targeting objects based on kind, label and annotation
- selectors.
- items:
- description: Patch contains an inline StrategicMerge or JSON6902
- patch, and the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge patch or
- an inline JSON6902 patch with an array of operation objects.
- type: string
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: JSON 6902 patches, defined as inline YAML objects.
- items:
- description: JSON6902Patch contains a JSON6902 patch and the target
- the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document with
- an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value that references
- a location within the target document where the operation
- is performed. The meaning of the value depends on the
- value of Op, and is NOT taken into account by all operations.
- type: string
- op:
- description: Op indicates the operation to perform. Its
- value MUST be one of "add", "remove", "replace", "move",
- "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer value that
- references a location within the target document where
- the operation is performed. The meaning of the value
- depends on the value of Op.
- type: string
- value:
- description: Value contains a valid JSON structure. The
- meaning of the value depends on the value of Op, and
- is NOT taken into account by all operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: Strategic merge patches, defined as inline YAML objects.
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- path:
- description: Path to the directory containing the kustomization.yaml
- file, or the set of plain YAMLs a kustomization.yaml should be generated
- for. Defaults to 'None', which translates to the root path of the
- SourceRef.
- type: string
- postBuild:
- description: PostBuild describes which actions to perform on the YAML
- manifest generated by building the kustomize overlay.
- properties:
- substitute:
- additionalProperties:
- type: string
- description: Substitute holds a map of key/value pairs. The variables
- defined in your YAML manifests that match any of the keys defined
- in the map will be substituted with the set value. Includes
- support for bash string replacement functions e.g. ${var:=default},
- ${var:position} and ${var/substring/replacement}.
- type: object
- substituteFrom:
- description: SubstituteFrom holds references to ConfigMaps and
- Secrets containing the variables and their values to be substituted
- in the YAML manifests. The ConfigMap and the Secret data keys
- represent the var names and they must match the vars declared
- in the manifests for the substitution to happen.
- items:
- description: SubstituteReference contains a reference to a resource
- containing the variables name and value.
- properties:
- kind:
- description: Kind of the values referent, valid values are
- ('Secret', 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside
- in the same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- type: object
- prune:
- description: Prune enables garbage collection.
- type: boolean
- retryInterval:
- description: The interval at which to retry a previously failed reconciliation.
- When not specified, the controller uses the KustomizationSpec.Interval
- value to retry failures.
- type: string
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this Kustomization.
- type: string
- sourceRef:
- description: Reference of the source where the kustomization file
- is.
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent
- type: string
- namespace:
- description: Namespace of the referent, defaults to the Kustomization
- namespace
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- kustomize executions, it does not apply to already started executions.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace sets or overrides the namespace in the
- kustomization.yaml file.
- maxLength: 63
- minLength: 1
- type: string
- timeout:
- description: Timeout for validation, apply and health checking operations.
- Defaults to 'Interval' duration.
- type: string
- validation:
- description: Validate the Kubernetes objects before applying them
- on the cluster. The validation strategy can be 'client' (local dry-run),
- 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',
- validation will fallback to 'client' if set to 'server' because
- server-side validation is not supported in this scenario.
- enum:
- - none
- - client
- - server
- type: string
- required:
- - interval
- - prune
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: KustomizationStatus defines the observed state of a kustomization.
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastAppliedRevision:
- description: The last successfully applied revision. The revision
- format for Git sources is <branch|tag>/<commit-sha>.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- snapshot:
- description: The last successfully applied revision metadata.
- properties:
- checksum:
- description: The manifests sha1 checksum.
- type: string
- entries:
- description: A list of Kubernetes kinds grouped by namespace.
- items:
- description: Snapshot holds the metadata of namespaced Kubernetes
- objects
- properties:
- kinds:
- additionalProperties:
- type: string
- description: The list of Kubernetes kinds.
- type: object
- namespace:
- description: The namespace of this entry.
- type: string
- required:
- - kinds
- type: object
- type: array
- required:
- - checksum
- - entries
- type: object
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: Kustomization is the Schema for the kustomizations API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: KustomizationSpec defines the configuration to calculate
- the desired state from a Source using Kustomize.
- properties:
- decryption:
- description: Decrypt Kubernetes secrets before applying them on the
- cluster.
- properties:
- provider:
- description: Provider is the name of the decryption engine.
- enum:
- - sops
- type: string
- secretRef:
- description: The secret name containing the private OpenPGP keys
- used for decryption.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - provider
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to Kustomization resources that must be ready
- before this Kustomization can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- force:
- default: false
- description: Force instructs the controller to recreate resources
- when patching fails due to an immutable field change.
- type: boolean
- healthChecks:
- description: A list of resources to be included in the health assessment.
- items:
- description: NamespacedObjectKindReference contains enough information
- to locate the typed referenced Kubernetes resource object in any
- namespace.
- properties:
- apiVersion:
- description: API version of the referent, if not specified the
- Kubernetes preferred version will be used.
- type: string
- kind:
- description: Kind of the referent.
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- images:
- description: Images is a list of (image name, new name, new tag or
- digest) for changing image names, tags or digests. This can also
- be achieved with a patch, but this operator is simpler to specify.
- items:
- description: Image contains an image name, a new name, a new tag
- or digest, which will replace the original name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the original
- image tag. If digest is present NewTag value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace the original
- name.
- type: string
- newTag:
- description: NewTag is the value used to replace the original
- tag.
- type: string
- required:
- - name
- type: object
- type: array
- interval:
- description: The interval at which to reconcile the Kustomization.
- type: string
- kubeConfig:
- description: The KubeConfig for reconciling the Kustomization on a
- remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,
- forces the controller to act on behalf of that Service Account at
- the target cluster. If the --default-service-account flag is set,
- its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName
- is empty.
- properties:
- secretRef:
- description: SecretRef holds the name of a secret that contains
- a key with the kubeconfig file as the value. If no key is set,
- the key will default to 'value'. The secret must be in the same
- namespace as the Kustomization. It is recommended that the kubeconfig
- is self-contained, and the secret is regularly updated if credentials
- such as a cloud-access-token expire. Cloud specific `cmd-path`
- auth helpers will not function without adding binaries and credentials
- to the Pod that is responsible for reconciling the Kustomization.
- properties:
- key:
- description: Key in the Secret, when not specified an implementation-specific
- default key is used.
- type: string
- name:
- description: Name of the Secret.
- type: string
- required:
- - name
- type: object
- type: object
- patches:
- description: Strategic merge and JSON patches, defined as inline YAML
- objects, capable of targeting objects based on kind, label and annotation
- selectors.
- items:
- description: Patch contains an inline StrategicMerge or JSON6902
- patch, and the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge patch or
- an inline JSON6902 patch with an array of operation objects.
- type: string
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:
- Use Patches instead.'
- items:
- description: JSON6902Patch contains a JSON6902 patch and the target
- the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document with
- an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value that references
- a location within the target document where the operation
- is performed. The meaning of the value depends on the
- value of Op, and is NOT taken into account by all operations.
- type: string
- op:
- description: Op indicates the operation to perform. Its
- value MUST be one of "add", "remove", "replace", "move",
- "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer value that
- references a location within the target document where
- the operation is performed. The meaning of the value
- depends on the value of Op.
- type: string
- value:
- description: Value contains a valid JSON structure. The
- meaning of the value depends on the value of Op, and
- is NOT taken into account by all operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: 'Strategic merge patches, defined as inline YAML objects.
- Deprecated: Use Patches instead.'
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- path:
- description: Path to the directory containing the kustomization.yaml
- file, or the set of plain YAMLs a kustomization.yaml should be generated
- for. Defaults to 'None', which translates to the root path of the
- SourceRef.
- type: string
- postBuild:
- description: PostBuild describes which actions to perform on the YAML
- manifest generated by building the kustomize overlay.
- properties:
- substitute:
- additionalProperties:
- type: string
- description: Substitute holds a map of key/value pairs. The variables
- defined in your YAML manifests that match any of the keys defined
- in the map will be substituted with the set value. Includes
- support for bash string replacement functions e.g. ${var:=default},
- ${var:position} and ${var/substring/replacement}.
- type: object
- substituteFrom:
- description: SubstituteFrom holds references to ConfigMaps and
- Secrets containing the variables and their values to be substituted
- in the YAML manifests. The ConfigMap and the Secret data keys
- represent the var names and they must match the vars declared
- in the manifests for the substitution to happen.
- items:
- description: SubstituteReference contains a reference to a resource
- containing the variables name and value.
- properties:
- kind:
- description: Kind of the values referent, valid values are
- ('Secret', 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside
- in the same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- optional:
- default: false
- description: Optional indicates whether the referenced resource
- must exist, or whether to tolerate its absence. If true
- and the referenced resource is absent, proceed as if the
- resource was present but empty, without any variables
- defined.
- type: boolean
- required:
- - kind
- - name
- type: object
- type: array
- type: object
- prune:
- description: Prune enables garbage collection.
- type: boolean
- retryInterval:
- description: The interval at which to retry a previously failed reconciliation.
- When not specified, the controller uses the KustomizationSpec.Interval
- value to retry failures.
- type: string
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this Kustomization.
- type: string
- sourceRef:
- description: Reference of the source where the kustomization file
- is.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- kind:
- description: Kind of the referent.
- enum:
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, defaults to the namespace
- of the Kubernetes resource object that contains the reference.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- kustomize executions, it does not apply to already started executions.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace sets or overrides the namespace in the
- kustomization.yaml file.
- maxLength: 63
- minLength: 1
- type: string
- timeout:
- description: Timeout for validation, apply and health checking operations.
- Defaults to 'Interval' duration.
- type: string
- validation:
- description: 'Deprecated: Not used in v1beta2.'
- enum:
- - none
- - client
- - server
- type: string
- wait:
- description: Wait instructs the controller to check the health of
- all the reconciled resources. When enabled, the HealthChecks are
- ignored. Defaults to false.
- type: boolean
- required:
- - interval
- - prune
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: KustomizationStatus defines the observed state of a kustomization.
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- inventory:
- description: Inventory contains the list of Kubernetes resource object
- references that have been successfully applied.
- properties:
- entries:
- description: Entries of Kubernetes resource object references.
- items:
- description: ResourceRef contains the information necessary
- to locate a resource within a cluster.
- properties:
- id:
- description: ID is the string representation of the Kubernetes
- resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
- type: string
- v:
- description: Version is the API version of the Kubernetes
- resource object's kind.
- type: string
- required:
- - id
- - v
- type: object
- type: array
- required:
- - entries
- type: object
- lastAppliedRevision:
- description: The last successfully applied revision. The revision
- format for Git sources is <branch|tag>/<commit-sha>.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: providers.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Provider
- listKind: ProviderList
- plural: providers
- singular: provider
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Provider is the Schema for the providers API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ProviderSpec defines the desired state of Provider
- properties:
- address:
- description: HTTP/S webhook address of this provider
- pattern: ^(http|https)://
- type: string
- certSecretRef:
- description: CertSecretRef can be given the name of a secret containing
- a PEM-encoded CA certificate (`caFile`)
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- channel:
- description: Alert channel for this provider
- type: string
- proxy:
- description: HTTP/S address of the proxy
- pattern: ^(http|https)://
- type: string
- secretRef:
- description: Secret reference containing the provider webhook URL
- using "address" as data key
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- events handling. Defaults to false.
- type: boolean
- type:
- description: Type of provider
- enum:
- - slack
- - discord
- - msteams
- - rocket
- - generic
- - github
- - gitlab
- - bitbucket
- - azuredevops
- - googlechat
- - webex
- - sentry
- - azureeventhub
- - telegram
- - lark
- - matrix
- - opsgenie
- - alertmanager
- - grafana
- - githubdispatch
- type: string
- username:
- description: Bot username for this provider
- type: string
- required:
- - type
- type: object
- status:
- default:
- observedGeneration: -1
- description: ProviderStatus defines the observed state of Provider
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: receivers.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Receiver
- listKind: ReceiverList
- plural: receivers
- singular: receiver
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Receiver is the Schema for the receivers API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ReceiverSpec defines the desired state of Receiver
- properties:
- events:
- description: A list of events to handle, e.g. 'push' for GitHub or
- 'Push Hook' for GitLab.
- items:
- type: string
- type: array
- resources:
- description: A list of resources to be notified about changes.
- items:
- description: CrossNamespaceObjectReference contains enough information
- to let you locate the typed referenced object at cluster level
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - Bucket
- - GitRepository
- - Kustomization
- - HelmRelease
- - HelmChart
- - HelmRepository
- - ImageRepository
- - ImagePolicy
- - ImageUpdateAutomation
- type: string
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator
- is "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- name:
- description: Name of the referent
- maxLength: 53
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent
- maxLength: 53
- minLength: 1
- type: string
- required:
- - name
- type: object
- type: array
- secretRef:
- description: Secret reference containing the token used to validate
- the payload authenticity
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- events handling. Defaults to false.
- type: boolean
- type:
- description: Type of webhook sender, used to determine the validation
- procedure and payload deserialization.
- enum:
- - generic
- - generic-hmac
- - github
- - gitlab
- - bitbucket
- - harbor
- - dockerhub
- - quay
- - gcr
- - nexus
- - acr
- type: string
- required:
- - resources
- - type
- type: object
- status:
- default:
- observedGeneration: -1
- description: ReceiverStatus defines the observed state of Receiver
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helm-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: kustomize-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: notification-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: source-controller
- namespace: flux-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: crd-controller-flux-system
-rules:
-- apiGroups:
- - source.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - kustomize.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - helm.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - notification.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - image.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - ""
- resources:
- - namespaces
- - secrets
- - configmaps
- - serviceaccounts
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
-- apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - ""
- resources:
- - configmaps/status
- verbs:
- - get
- - update
- - patch
-- apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: cluster-reconciler-flux-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
-- kind: ServiceAccount
- name: kustomize-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: helm-controller
- namespace: flux-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: crd-controller-flux-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: crd-controller-flux-system
-subjects:
-- kind: ServiceAccount
- name: kustomize-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: helm-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: source-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: notification-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: image-reflector-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: image-automation-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: notification-controller
- namespace: flux-system
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: notification-controller
- type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: source-controller
- namespace: flux-system
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: source-controller
- type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: webhook-receiver
- namespace: flux-system
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http-webhook
- selector:
- app: notification-controller
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: helm-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: helm-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: helm-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/helm-controller:v0.22.2
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: helm-controller
- terminationGracePeriodSeconds: 600
- volumes:
- - emptyDir: {}
- name: temp
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: kustomize-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: kustomize-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: kustomize-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/kustomize-controller:v0.26.3
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: kustomize-controller
- terminationGracePeriodSeconds: 60
- volumes:
- - emptyDir: {}
- name: temp
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: notification-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: notification-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: notification-controller
- spec:
- containers:
- - args:
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/notification-controller:v0.24.1
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9090
- name: http
- protocol: TCP
- - containerPort: 9292
- name: http-webhook
- protocol: TCP
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: notification-controller
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: temp
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: source-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: source-controller
- strategy:
- type: Recreate
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: source-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- - --storage-path=/data
- - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/source-controller:v0.25.11
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9090
- name: http
- protocol: TCP
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /
- port: http
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 50m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /data
- name: data
- - mountPath: /tmp
- name: tmp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: source-controller
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: data
- - emptyDir: {}
- name: tmp
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: allow-egress
- namespace: flux-system
-spec:
- egress:
- - {}
- ingress:
- - from:
- - podSelector: {}
- podSelector: {}
- policyTypes:
- - Ingress
- - Egress
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: allow-scraping
- namespace: flux-system
-spec:
- ingress:
- - from:
- - namespaceSelector: {}
- ports:
- - port: 8080
- protocol: TCP
- podSelector: {}
- policyTypes:
- - Ingress
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: allow-webhooks
- namespace: flux-system
-spec:
- ingress:
- - from:
- - namespaceSelector: {}
- podSelector:
- matchLabels:
- app: notification-controller
- policyTypes:
- - Ingress
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-sync.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-sync.yaml
deleted file mode 100644
index a14dbf3..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-sync.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-# This manifest was generated by flux. DO NOT EDIT.
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: GitRepository
-metadata:
- name: flux-system
- namespace: flux-system
-spec:
- interval: 1m0s
- ref:
- branch: master
- secretRef:
- name: flux-system
- url: ssh://tyil@10.57.100.7/home/tyil/.local/git/tyilnet
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: flux-system
- namespace: flux-system
-spec:
- interval: 10m0s
- path: ./playbooks.d/k3s-master/share/manifests/clusters/hurzak.tyil.net
- prune: true
- sourceRef:
- kind: GitRepository
- name: flux-system
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/kustomization.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/kustomization.yaml
deleted file mode 100644
index 3842229..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/kustomization.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- gotk-components.yaml
-- gotk-sync.yaml
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-configuration.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-configuration.yaml
deleted file mode 100644
index 9df248a..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-configuration.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: infrastructure-configurations
- namespace: flux-system
-spec:
- interval: 10m0s
- dependsOn:
- - name: infrastructure-releases
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/share/manifests/infrastructure/configuration
- prune: true
- wait: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-releases.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-releases.yaml
deleted file mode 100644
index cc449ac..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-releases.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: infrastructure-releases
- namespace: flux-system
-spec:
- interval: 10m0s
- dependsOn:
- - name: infrastructure-sources
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/share/manifests/infrastructure/releases
- prune: true
- wait: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-sources.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-sources.yaml
deleted file mode 100644
index eda76f3..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-sources.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: infrastructure-sources
- namespace: flux-system
-spec:
- interval: 10m0s
- dependsOn:
- - name: namespaces
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/share/manifests/infrastructure/sources
- prune: true
- wait: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/namespaces.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/namespaces.yaml
deleted file mode 100644
index 4fc4292..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/namespaces.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: namespaces
- namespace: flux-system
-spec:
- interval: 10m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/share/manifests/namespaces
- prune: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/applications.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/applications.yaml
deleted file mode 100644
index 809cdb4..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/applications.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: applications
- namespace: flux-system
-spec:
- interval: 10m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net
- prune: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-components.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-components.yaml
deleted file mode 100644
index 4c7ce9b..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-components.yaml
+++ /dev/null
@@ -1,5583 +0,0 @@
----
-# This manifest was generated by flux. DO NOT EDIT.
-# Flux Version: v0.31.5
-# Components: source-controller,kustomize-controller,helm-controller,notification-controller
-apiVersion: v1
-kind: Namespace
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- pod-security.kubernetes.io/warn: restricted
- pod-security.kubernetes.io/warn-version: latest
- name: flux-system
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: alerts.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Alert
- listKind: AlertList
- plural: alerts
- singular: alert
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Alert is the Schema for the alerts API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: AlertSpec defines an alerting rule for events involving a
- list of objects
- properties:
- eventSeverity:
- default: info
- description: Filter events based on severity, defaults to ('info').
- If set to 'info' no events will be filtered.
- enum:
- - info
- - error
- type: string
- eventSources:
- description: Filter events based on the involved objects.
- items:
- description: CrossNamespaceObjectReference contains enough information
- to let you locate the typed referenced object at cluster level
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - Bucket
- - GitRepository
- - Kustomization
- - HelmRelease
- - HelmChart
- - HelmRepository
- - ImageRepository
- - ImagePolicy
- - ImageUpdateAutomation
- type: string
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator
- is "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- name:
- description: Name of the referent
- maxLength: 53
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent
- maxLength: 53
- minLength: 1
- type: string
- required:
- - name
- type: object
- type: array
- exclusionList:
- description: A list of Golang regular expressions to be used for excluding
- messages.
- items:
- type: string
- type: array
- providerRef:
- description: Send events using this provider.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- summary:
- description: Short description of the impact and affected cluster.
- type: string
- suspend:
- description: This flag tells the controller to suspend subsequent
- events dispatching. Defaults to false.
- type: boolean
- required:
- - eventSources
- - providerRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: AlertStatus defines the observed state of Alert
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: buckets.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: Bucket
- listKind: BucketList
- plural: buckets
- singular: bucket
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.endpoint
- name: Endpoint
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Bucket is the Schema for the buckets API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BucketSpec defines the desired state of an S3 compatible
- bucket
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- bucketName:
- description: The bucket name.
- type: string
- endpoint:
- description: The bucket endpoint address.
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- insecure:
- description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
- type: boolean
- interval:
- description: The interval at which to check for bucket updates.
- type: string
- provider:
- default: generic
- description: The S3 compatible storage provider name, default ('generic').
- enum:
- - generic
- - aws
- - gcp
- type: string
- region:
- description: The bucket region.
- type: string
- secretRef:
- description: The name of the secret containing authentication credentials
- for the Bucket.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout for download operations, defaults to 60s.
- type: string
- required:
- - bucketName
- - endpoint
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: BucketStatus defines the observed state of a bucket
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- Bucket sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the Bucket.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the artifact output of the
- last Bucket sync.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.endpoint
- name: Endpoint
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: Bucket is the Schema for the buckets API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: BucketSpec specifies the required configuration to produce
- an Artifact for an object storage bucket.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- bucketName:
- description: BucketName is the name of the object storage bucket.
- type: string
- endpoint:
- description: Endpoint is the object storage address the BucketName
- is located at.
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- insecure:
- description: Insecure allows connecting to a non-TLS HTTP Endpoint.
- type: boolean
- interval:
- description: Interval at which to check the Endpoint for updates.
- type: string
- provider:
- default: generic
- description: Provider of the object storage bucket. Defaults to 'generic',
- which expects an S3 (API) compatible object storage.
- enum:
- - generic
- - aws
- - gcp
- - azure
- type: string
- region:
- description: Region of the Endpoint where the BucketName is located
- in.
- type: string
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the Bucket.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this Bucket.
- type: boolean
- timeout:
- default: 60s
- description: Timeout for fetch operations, defaults to 60s.
- type: string
- required:
- - bucketName
- - endpoint
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: BucketStatus records the observed state of a Bucket.
- properties:
- artifact:
- description: Artifact represents the last successful Bucket reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the Bucket.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the Bucket object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: gitrepositories.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: GitRepository
- listKind: GitRepositoryList
- plural: gitrepositories
- shortNames:
- - gitrepo
- singular: gitrepository
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: GitRepository is the Schema for the gitrepositories API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: GitRepositorySpec defines the desired state of a Git repository.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- gitImplementation:
- default: go-git
- description: Determines which git client library to use. Defaults
- to go-git, valid values are ('go-git', 'libgit2').
- enum:
- - go-git
- - libgit2
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- include:
- description: Extra git repositories to map into the repository
- items:
- description: GitRepositoryInclude defines a source with a from and
- to path.
- properties:
- fromPath:
- description: The path to copy contents from, defaults to the
- root directory.
- type: string
- repository:
- description: Reference to a GitRepository to include.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- toPath:
- description: The path to copy contents to, defaults to the name
- of the source ref.
- type: string
- required:
- - repository
- type: object
- type: array
- interval:
- description: The interval at which to check for repository updates.
- type: string
- recurseSubmodules:
- description: When enabled, after the clone is created, initializes
- all submodules within, using their default settings. This option
- is available only when using the 'go-git' GitImplementation.
- type: boolean
- ref:
- description: The Git reference to checkout and monitor for changes,
- defaults to master branch.
- properties:
- branch:
- description: The Git branch to checkout, defaults to master.
- type: string
- commit:
- description: The Git commit SHA to checkout, if specified Tag
- filters will be ignored.
- type: string
- semver:
- description: The Git tag semver expression, takes precedence over
- Tag.
- type: string
- tag:
- description: The Git tag to checkout, takes precedence over Branch.
- type: string
- type: object
- secretRef:
- description: The secret name containing the Git credentials. For HTTPS
- repositories the secret must contain username and password fields.
- For SSH repositories the secret must contain identity and known_hosts
- fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout for remote Git operations like cloning, defaults
- to 60s.
- type: string
- url:
- description: The repository URL, can be a HTTP/S or SSH address.
- pattern: ^(http|https|ssh)://
- type: string
- verify:
- description: Verify OpenPGP signature for the Git commit HEAD points
- to.
- properties:
- mode:
- description: Mode describes what git object should be verified,
- currently ('head').
- enum:
- - head
- type: string
- secretRef:
- description: The secret name containing the public keys of all
- trusted Git authors.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - mode
- type: object
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: GitRepositoryStatus defines the observed state of a Git repository.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- repository sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the GitRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- includedArtifacts:
- description: IncludedArtifacts represents the included artifacts from
- the last successful repository sync.
- items:
- description: Artifact represents the output of a source synchronisation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the artifact output of the
- last repository sync.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: GitRepository is the Schema for the gitrepositories API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: GitRepositorySpec specifies the required configuration to
- produce an Artifact for a Git repository.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- gitImplementation:
- default: go-git
- description: GitImplementation specifies which Git client library
- implementation to use. Defaults to 'go-git', valid values are ('go-git',
- 'libgit2').
- enum:
- - go-git
- - libgit2
- type: string
- ignore:
- description: Ignore overrides the set of excluded patterns in the
- .sourceignore format (which is the same as .gitignore). If not provided,
- a default will be used, consult the documentation for your version
- to find out what those are.
- type: string
- include:
- description: Include specifies a list of GitRepository resources which
- Artifacts should be included in the Artifact produced for this GitRepository.
- items:
- description: GitRepositoryInclude specifies a local reference to
- a GitRepository which Artifact (sub-)contents must be included,
- and where they should be placed.
- properties:
- fromPath:
- description: FromPath specifies the path to copy contents from,
- defaults to the root of the Artifact.
- type: string
- repository:
- description: GitRepositoryRef specifies the GitRepository which
- Artifact contents must be included.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- toPath:
- description: ToPath specifies the path to copy contents to,
- defaults to the name of the GitRepositoryRef.
- type: string
- required:
- - repository
- type: object
- type: array
- interval:
- description: Interval at which to check the GitRepository for updates.
- type: string
- recurseSubmodules:
- description: RecurseSubmodules enables the initialization of all submodules
- within the GitRepository as cloned from the URL, using their default
- settings. This option is available only when using the 'go-git'
- GitImplementation.
- type: boolean
- ref:
- description: Reference specifies the Git reference to resolve and
- monitor for changes, defaults to the 'master' branch.
- properties:
- branch:
- description: "Branch to check out, defaults to 'master' if no
- other field is defined. \n When GitRepositorySpec.GitImplementation
- is set to 'go-git', a shallow clone of the specified branch
- is performed."
- type: string
- commit:
- description: "Commit SHA to check out, takes precedence over all
- reference fields. \n When GitRepositorySpec.GitImplementation
- is set to 'go-git', this can be combined with Branch to shallow
- clone the branch, in which the commit is expected to exist."
- type: string
- semver:
- description: SemVer tag expression to check out, takes precedence
- over Tag.
- type: string
- tag:
- description: Tag to check out, takes precedence over Branch.
- type: string
- type: object
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the GitRepository. For HTTPS repositories the Secret
- must contain 'username' and 'password' fields. For SSH repositories
- the Secret must contain 'identity' and 'known_hosts' fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this GitRepository.
- type: boolean
- timeout:
- default: 60s
- description: Timeout for Git operations like cloning, defaults to
- 60s.
- type: string
- url:
- description: URL specifies the Git repository URL, it can be an HTTP/S
- or SSH address.
- pattern: ^(http|https|ssh)://
- type: string
- verify:
- description: Verification specifies the configuration to verify the
- Git commit signature(s).
- properties:
- mode:
- description: Mode specifies what Git object should be verified,
- currently ('head').
- enum:
- - head
- type: string
- secretRef:
- description: SecretRef specifies the Secret containing the public
- keys of trusted Git authors.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - mode
- type: object
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: GitRepositoryStatus records the observed state of a Git repository.
- properties:
- artifact:
- description: Artifact represents the last successful GitRepository
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the GitRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- contentConfigChecksum:
- description: 'ContentConfigChecksum is a checksum of all the configurations
- related to the content of the source artifact: - .spec.ignore -
- .spec.recurseSubmodules - .spec.included and the checksum of the
- included artifacts observed in .status.observedGeneration version
- of the object. This can be used to determine if the content of the
- included repository has changed. It has the format of `<algo>:<checksum>`,
- for example: `sha256:<checksum>`.'
- type: string
- includedArtifacts:
- description: IncludedArtifacts contains a list of the last successfully
- included Artifacts as instructed by GitRepositorySpec.Include.
- items:
- description: Artifact represents the output of a Source reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact
- file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact.
- It can be used to locate the file in the root of the Artifact
- storage on the local file system of the controller managing
- the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the GitRepository object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmcharts.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: HelmChart
- listKind: HelmChartList
- plural: helmcharts
- shortNames:
- - hc
- singular: helmchart
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.chart
- name: Chart
- type: string
- - jsonPath: .spec.version
- name: Version
- type: string
- - jsonPath: .spec.sourceRef.kind
- name: Source Kind
- type: string
- - jsonPath: .spec.sourceRef.name
- name: Source Name
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: HelmChart is the Schema for the helmcharts API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmChartSpec defines the desired state of a Helm chart.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- chart:
- description: The name or path the Helm chart is available at in the
- SourceRef.
- type: string
- interval:
- description: The interval at which to check the Source for updates.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: Determines what enables the creation of a new artifact.
- Valid values are ('ChartVersion', 'Revision'). See the documentation
- of the values for an explanation on their behavior. Defaults to
- ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: The reference to the Source the chart is available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent, valid values are ('HelmRepository',
- 'GitRepository', 'Bucket').
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- valuesFile:
- description: Alternative values file to use as the default chart values,
- expected to be a relative path in the SourceRef. Deprecated in favor
- of ValuesFiles, for backwards compatibility the file defined here
- is merged before the ValuesFiles items. Ignored when omitted.
- type: string
- valuesFiles:
- description: Alternative list of values files to use as the chart
- values (values.yaml is not included by default), expected to be
- a relative path in the SourceRef. Values files are merged in the
- order of this list with the last file overriding the first. Ignored
- when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: The chart version semver expression, ignored for charts
- from GitRepository and Bucket sources. Defaults to latest when omitted.
- type: string
- required:
- - chart
- - interval
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmChartStatus defines the observed state of the HelmChart.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- chart sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmChart.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the last chart pulled.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.chart
- name: Chart
- type: string
- - jsonPath: .spec.version
- name: Version
- type: string
- - jsonPath: .spec.sourceRef.kind
- name: Source Kind
- type: string
- - jsonPath: .spec.sourceRef.name
- name: Source Name
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: HelmChart is the Schema for the helmcharts API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmChartSpec specifies the desired state of a Helm chart.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- chart:
- description: Chart is the name or path the Helm chart is available
- at in the SourceRef.
- type: string
- interval:
- description: Interval is the interval at which to check the Source
- for updates.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: ReconcileStrategy determines what enables the creation
- of a new artifact. Valid values are ('ChartVersion', 'Revision').
- See the documentation of the values for an explanation on their
- behavior. Defaults to ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: SourceRef is the reference to the Source the chart is
- available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent, valid values are ('HelmRepository',
- 'GitRepository', 'Bucket').
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- valuesFile:
- description: ValuesFile is an alternative values file to use as the
- default chart values, expected to be a relative path in the SourceRef.
- Deprecated in favor of ValuesFiles, for backwards compatibility
- the file specified here is merged before the ValuesFiles items.
- Ignored when omitted.
- type: string
- valuesFiles:
- description: ValuesFiles is an alternative list of values files to
- use as the chart values (values.yaml is not included by default),
- expected to be a relative path in the SourceRef. Values files are
- merged in the order of this list with the last file overriding the
- first. Ignored when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: Version is the chart version semver expression, ignored
- for charts from GitRepository and Bucket sources. Defaults to latest
- when omitted.
- type: string
- required:
- - chart
- - interval
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmChartStatus records the observed state of the HelmChart.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmChart.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedChartName:
- description: ObservedChartName is the last observed chart name as
- specified by the resolved chart reference.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the HelmChart object.
- format: int64
- type: integer
- observedSourceArtifactRevision:
- description: ObservedSourceArtifactRevision is the last observed Artifact.Revision
- of the HelmChartSpec.SourceRef.
- type: string
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmreleases.helm.toolkit.fluxcd.io
-spec:
- group: helm.toolkit.fluxcd.io
- names:
- kind: HelmRelease
- listKind: HelmReleaseList
- plural: helmreleases
- shortNames:
- - hr
- singular: helmrelease
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v2beta1
- schema:
- openAPIV3Schema:
- description: HelmRelease is the Schema for the helmreleases API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmReleaseSpec defines the desired state of a Helm release.
- properties:
- chart:
- description: Chart defines the template of the v1beta2.HelmChart that
- should be created for this HelmRelease.
- properties:
- spec:
- description: Spec holds the template for the v1beta2.HelmChartSpec
- for this HelmRelease.
- properties:
- chart:
- description: The name or path the Helm chart is available
- at in the SourceRef.
- type: string
- interval:
- description: Interval at which to check the v1beta2.Source
- for updates. Defaults to 'HelmReleaseSpec.Interval'.
- type: string
- reconcileStrategy:
- default: ChartVersion
- description: Determines what enables the creation of a new
- artifact. Valid values are ('ChartVersion', 'Revision').
- See the documentation of the values for an explanation on
- their behavior. Defaults to ChartVersion when omitted.
- enum:
- - ChartVersion
- - Revision
- type: string
- sourceRef:
- description: The name and namespace of the v1beta2.Source
- the chart is available at.
- properties:
- apiVersion:
- description: APIVersion of the referent.
- type: string
- kind:
- description: Kind of the referent.
- enum:
- - HelmRepository
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- maxLength: 253
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent.
- maxLength: 63
- minLength: 1
- type: string
- required:
- - name
- type: object
- valuesFile:
- description: Alternative values file to use as the default
- chart values, expected to be a relative path in the SourceRef.
- Deprecated in favor of ValuesFiles, for backwards compatibility
- the file defined here is merged before the ValuesFiles items.
- Ignored when omitted.
- type: string
- valuesFiles:
- description: Alternative list of values files to use as the
- chart values (values.yaml is not included by default), expected
- to be a relative path in the SourceRef. Values files are
- merged in the order of this list with the last file overriding
- the first. Ignored when omitted.
- items:
- type: string
- type: array
- version:
- default: '*'
- description: Version semver expression, ignored for charts
- from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults
- to latest when omitted.
- type: string
- required:
- - chart
- - sourceRef
- type: object
- required:
- - spec
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to HelmRelease resources that must be ready
- before this HelmRelease can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- install:
- description: Install holds the configuration for Helm install actions
- for this HelmRelease.
- properties:
- crds:
- description: "CRDs upgrade CRDs from the Helm Chart's crds directory
- according to the CRD upgrade policy provided here. Valid values
- are `Skip`, `Create` or `CreateReplace`. Default is `Create`
- and if omitted CRDs are installed but not updated. \n Skip:
- do neither install nor replace (update) any CRDs. \n Create:
- new CRDs are created, existing CRDs are neither updated nor
- deleted. \n CreateReplace: new CRDs are created, existing CRDs
- are updated (replaced) but not deleted. \n By default, CRDs
- are applied (installed) during Helm install action. With this
- option users can opt-in to CRD replace existing CRDs on Helm
- install actions, which is not (yet) natively supported by Helm.
- https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
- enum:
- - Skip
- - Create
- - CreateReplace
- type: string
- createNamespace:
- description: CreateNamespace tells the Helm install action to
- create the HelmReleaseSpec.TargetNamespace if it does not exist
- yet. On uninstall, the namespace will not be garbage collected.
- type: boolean
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm install action.
- type: boolean
- disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm install
- action from validating rendered templates against the Kubernetes
- OpenAPI Schema.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm install has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm install has been performed.
- type: boolean
- remediation:
- description: Remediation holds the remediation configuration for
- when the Helm install action for the HelmRelease fails. The
- default is to not perform any action.
- properties:
- ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip
- remediation when the Helm tests are run after an install
- action but fail. Defaults to 'Test.IgnoreFailures'.
- type: boolean
- remediateLastFailure:
- description: RemediateLastFailure tells the controller to
- remediate the last failure, when no retries remain. Defaults
- to 'false'.
- type: boolean
- retries:
- description: Retries is the number of retries that should
- be attempted on failures before bailing. Remediation, using
- an uninstall, is performed between each attempt. Defaults
- to '0', a negative integer equals to unlimited retries.
- type: integer
- type: object
- replace:
- description: Replace tells the Helm install action to re-use the
- 'ReleaseName', but only if that name is a deleted release which
- remains in the history.
- type: boolean
- skipCRDs:
- description: "SkipCRDs tells the Helm install action to not install
- any CRDs. By default, CRDs are installed if not already present.
- \n Deprecated use CRD policy (`crds`) attribute with value `Skip`
- instead."
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- interval:
- description: Interval at which to reconcile the Helm release.
- type: string
- kubeConfig:
- description: KubeConfig for reconciling the HelmRelease on a remote
- cluster. When used in combination with HelmReleaseSpec.ServiceAccountName,
- forces the controller to act on behalf of that Service Account at
- the target cluster. If the --default-service-account flag is set,
- its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName
- is empty.
- properties:
- secretRef:
- description: SecretRef holds the name to a secret that contains
- a key with the kubeconfig file as the value. If no key is specified
- the key will default to 'value'. The secret must be in the same
- namespace as the HelmRelease. It is recommended that the kubeconfig
- is self-contained, and the secret is regularly updated if credentials
- such as a cloud-access-token expire. Cloud specific `cmd-path`
- auth helpers will not function without adding binaries and credentials
- to the Pod that is responsible for reconciling the HelmRelease.
- properties:
- key:
- description: Key in the Secret, when not specified an implementation-specific
- default key is used.
- type: string
- name:
- description: Name of the Secret.
- type: string
- required:
- - name
- type: object
- type: object
- maxHistory:
- description: MaxHistory is the number of revisions saved by Helm for
- this HelmRelease. Use '0' for an unlimited number of revisions;
- defaults to '10'.
- type: integer
- postRenderers:
- description: PostRenderers holds an array of Helm PostRenderers, which
- will be applied in order of their definition.
- items:
- description: PostRenderer contains a Helm PostRenderer specification.
- properties:
- kustomize:
- description: Kustomization to apply as PostRenderer.
- properties:
- images:
- description: Images is a list of (image name, new name,
- new tag or digest) for changing image names, tags or digests.
- This can also be achieved with a patch, but this operator
- is simpler to specify.
- items:
- description: Image contains an image name, a new name,
- a new tag or digest, which will replace the original
- name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the
- original image tag. If digest is present NewTag
- value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace
- the original name.
- type: string
- newTag:
- description: NewTag is the value used to replace the
- original tag.
- type: string
- required:
- - name
- type: object
- type: array
- patches:
- description: Strategic merge and JSON patches, defined as
- inline YAML objects, capable of targeting objects based
- on kind, label and annotation selectors.
- items:
- description: Patch contains an inline StrategicMerge or
- JSON6902 patch, and the target the patch should be applied
- to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge
- patch or an inline JSON6902 patch with an array
- of operation objects.
- type: string
- target:
- description: Target points to the resources that the
- patch document should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that
- follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select
- resources from. Together with Version and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources
- from. Together with Group and Version it is
- capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select
- resources from. Together with Group and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: JSON 6902 patches, defined as inline YAML objects.
- items:
- description: JSON6902Patch contains a JSON6902 patch and
- the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document
- with an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object.
- https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value
- that references a location within the target
- document where the operation is performed.
- The meaning of the value depends on the value
- of Op, and is NOT taken into account by all
- operations.
- type: string
- op:
- description: Op indicates the operation to perform.
- Its value MUST be one of "add", "remove",
- "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer
- value that references a location within the
- target document where the operation is performed.
- The meaning of the value depends on the value
- of Op.
- type: string
- value:
- description: Value contains a valid JSON structure.
- The meaning of the value depends on the value
- of Op, and is NOT taken into account by all
- operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the
- patch document should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that
- follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select
- resources from. Together with Version and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources
- from. Together with Group and Version it is
- capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select
- resources from. Together with Group and Kind
- it is capable of unambiguously identifying and/or
- selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: Strategic merge patches, defined as inline
- YAML objects.
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- type: object
- type: object
- type: array
- releaseName:
- description: ReleaseName used for the Helm release. Defaults to a
- composition of '[TargetNamespace-]Name'.
- maxLength: 53
- minLength: 1
- type: string
- rollback:
- description: Rollback holds the configuration for Helm rollback actions
- for this HelmRelease.
- properties:
- cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created
- during the Helm rollback action when it fails.
- type: boolean
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm rollback action.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm rollback has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm rollback has been performed.
- type: boolean
- force:
- description: Force forces resource updates through a replacement
- strategy.
- type: boolean
- recreate:
- description: Recreate performs pod restarts for the resource if
- applicable.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this HelmRelease.
- type: string
- storageNamespace:
- description: StorageNamespace used for the Helm storage. Defaults
- to the namespace of the HelmRelease.
- maxLength: 63
- minLength: 1
- type: string
- suspend:
- description: Suspend tells the controller to suspend reconciliation
- for this HelmRelease, it does not apply to already started reconciliations.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace to target when performing operations
- for the HelmRelease. Defaults to the namespace of the HelmRelease.
- maxLength: 63
- minLength: 1
- type: string
- test:
- description: Test holds the configuration for Helm test actions for
- this HelmRelease.
- properties:
- enable:
- description: Enable enables Helm test actions for this HelmRelease
- after an Helm install or upgrade action has been performed.
- type: boolean
- ignoreFailures:
- description: IgnoreFailures tells the controller to skip remediation
- when the Helm tests are run but fail. Can be overwritten for
- tests run after install or upgrade actions in 'Install.IgnoreTestFailures'
- and 'Upgrade.IgnoreTestFailures'.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation during the performance of a Helm test action. Defaults
- to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a Helm
- action. Defaults to '5m0s'.
- type: string
- uninstall:
- description: Uninstall holds the configuration for Helm uninstall
- actions for this HelmRelease.
- properties:
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm rollback action.
- type: boolean
- disableWait:
- description: DisableWait disables waiting for all the resources
- to be deleted after a Helm uninstall is performed.
- type: boolean
- keepHistory:
- description: KeepHistory tells Helm to remove all associated resources
- and mark the release as deleted, but retain the release history.
- type: boolean
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- upgrade:
- description: Upgrade holds the configuration for Helm upgrade actions
- for this HelmRelease.
- properties:
- cleanupOnFail:
- description: CleanupOnFail allows deletion of new resources created
- during the Helm upgrade action when it fails.
- type: boolean
- crds:
- description: "CRDs upgrade CRDs from the Helm Chart's crds directory
- according to the CRD upgrade policy provided here. Valid values
- are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and
- if omitted CRDs are neither installed nor upgraded. \n Skip:
- do neither install nor replace (update) any CRDs. \n Create:
- new CRDs are created, existing CRDs are neither updated nor
- deleted. \n CreateReplace: new CRDs are created, existing CRDs
- are updated (replaced) but not deleted. \n By default, CRDs
- are not applied during Helm upgrade action. With this option
- users can opt-in to CRD upgrade, which is not (yet) natively
- supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
- enum:
- - Skip
- - Create
- - CreateReplace
- type: string
- disableHooks:
- description: DisableHooks prevents hooks from running during the
- Helm upgrade action.
- type: boolean
- disableOpenAPIValidation:
- description: DisableOpenAPIValidation prevents the Helm upgrade
- action from validating rendered templates against the Kubernetes
- OpenAPI Schema.
- type: boolean
- disableWait:
- description: DisableWait disables the waiting for resources to
- be ready after a Helm upgrade has been performed.
- type: boolean
- disableWaitForJobs:
- description: DisableWaitForJobs disables waiting for jobs to complete
- after a Helm upgrade has been performed.
- type: boolean
- force:
- description: Force forces resource updates through a replacement
- strategy.
- type: boolean
- preserveValues:
- description: PreserveValues will make Helm reuse the last release's
- values and merge in overrides from 'Values'. Setting this flag
- makes the HelmRelease non-declarative.
- type: boolean
- remediation:
- description: Remediation holds the remediation configuration for
- when the Helm upgrade action for the HelmRelease fails. The
- default is to not perform any action.
- properties:
- ignoreTestFailures:
- description: IgnoreTestFailures tells the controller to skip
- remediation when the Helm tests are run after an upgrade
- action but fail. Defaults to 'Test.IgnoreFailures'.
- type: boolean
- remediateLastFailure:
- description: RemediateLastFailure tells the controller to
- remediate the last failure, when no retries remain. Defaults
- to 'false' unless 'Retries' is greater than 0.
- type: boolean
- retries:
- description: Retries is the number of retries that should
- be attempted on failures before bailing. Remediation, using
- 'Strategy', is performed between each attempt. Defaults
- to '0', a negative integer equals to unlimited retries.
- type: integer
- strategy:
- description: Strategy to use for failure remediation. Defaults
- to 'rollback'.
- enum:
- - rollback
- - uninstall
- type: string
- type: object
- timeout:
- description: Timeout is the time to wait for any individual Kubernetes
- operation (like Jobs for hooks) during the performance of a
- Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
- type: string
- type: object
- values:
- description: Values holds the values for this Helm release.
- x-kubernetes-preserve-unknown-fields: true
- valuesFrom:
- description: ValuesFrom holds references to resources containing Helm
- values for this HelmRelease, and information about how they should
- be merged.
- items:
- description: ValuesReference contains a reference to a resource
- containing Helm values, and optionally the key they can be found
- at.
- properties:
- kind:
- description: Kind of the values referent, valid values are ('Secret',
- 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside in the
- same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- optional:
- description: Optional marks this ValuesReference as optional.
- When set, a not found error for the values reference is ignored,
- but any ValuesKey, TargetPath or transient error will still
- result in a reconciliation failure.
- type: boolean
- targetPath:
- description: TargetPath is the YAML dot notation path the value
- should be merged at. When set, the ValuesKey is expected to
- be a single flat value. Defaults to 'None', which results
- in the values getting merged at the root.
- type: string
- valuesKey:
- description: ValuesKey is the data key where the values.yaml
- or a specific value can be found at. Defaults to 'values.yaml'.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- required:
- - chart
- - interval
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmReleaseStatus defines the observed state of a HelmRelease.
- properties:
- conditions:
- description: Conditions holds the conditions for the HelmRelease.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- failures:
- description: Failures is the reconciliation failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- helmChart:
- description: HelmChart is the namespaced name of the HelmChart resource
- created by the controller for the HelmRelease.
- type: string
- installFailures:
- description: InstallFailures is the install failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- lastAppliedRevision:
- description: LastAppliedRevision is the revision of the last successfully
- applied source.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastAttemptedValuesChecksum:
- description: LastAttemptedValuesChecksum is the SHA1 checksum of the
- values of the last reconciliation attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- lastReleaseRevision:
- description: LastReleaseRevision is the revision of the last successful
- Helm release.
- type: integer
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- upgradeFailures:
- description: UpgradeFailures is the upgrade failure count against
- the latest desired state. It is reset after a successful reconciliation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helmrepositories.source.toolkit.fluxcd.io
-spec:
- group: source.toolkit.fluxcd.io
- names:
- kind: HelmRepository
- listKind: HelmRepositoryList
- plural: helmrepositories
- shortNames:
- - helmrepo
- singular: helmrepository
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: HelmRepository is the Schema for the helmrepositories API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmRepositorySpec defines the reference to a Helm repository.
- properties:
- accessFrom:
- description: AccessFrom defines an Access Control List for allowing
- cross-namespace references to this object.
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- interval:
- description: The interval at which to check the upstream for updates.
- type: string
- passCredentials:
- description: PassCredentials allows the credentials from the SecretRef
- to be passed on to a host that does not match the host as defined
- in URL. This may be required if the host of the advertised chart
- URLs in the index differ from the defined URL. Enabling this should
- be done with caution, as it can potentially result in credentials
- getting stolen in a MITM-attack.
- type: boolean
- secretRef:
- description: The name of the secret containing authentication credentials
- for the Helm repository. For HTTP/S basic auth the secret must contain
- username and password fields. For TLS the secret must contain a
- certFile and keyFile, and/or caCert fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend the reconciliation
- of this source.
- type: boolean
- timeout:
- default: 60s
- description: The timeout of index downloading, defaults to 60s.
- type: string
- url:
- description: The Helm repository URL, a valid URL contains at least
- a protocol and host.
- type: string
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmRepositoryStatus defines the observed state of the HelmRepository.
- properties:
- artifact:
- description: Artifact represents the output of the last successful
- repository sync.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the artifact.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of this artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of this artifact.
- type: string
- revision:
- description: Revision is a human readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm index timestamp, a Helm chart version, etc.
- type: string
- url:
- description: URL is the HTTP address of this artifact.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: URL is the download link for the last index fetched.
- type: string
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.url
- name: URL
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: HelmRepository is the Schema for the helmrepositories API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: HelmRepositorySpec specifies the required configuration to
- produce an Artifact for a Helm repository index YAML.
- properties:
- accessFrom:
- description: 'AccessFrom specifies an Access Control List for allowing
- cross-namespace references to this object. NOTE: Not implemented,
- provisional as of https://github.com/fluxcd/flux2/pull/2092'
- properties:
- namespaceSelectors:
- description: NamespaceSelectors is the list of namespace selectors
- to which this ACL applies. Items in this list are evaluated
- using a logical OR operation.
- items:
- description: NamespaceSelector selects the namespaces to which
- this ACL applies. An empty map of MatchLabels matches all
- namespaces in a cluster.
- properties:
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- type: array
- required:
- - namespaceSelectors
- type: object
- interval:
- description: Interval at which to check the URL for updates.
- type: string
- passCredentials:
- description: PassCredentials allows the credentials from the SecretRef
- to be passed on to a host that does not match the host as defined
- in URL. This may be required if the host of the advertised chart
- URLs in the index differ from the defined URL. Enabling this should
- be done with caution, as it can potentially result in credentials
- getting stolen in a MITM-attack.
- type: boolean
- secretRef:
- description: SecretRef specifies the Secret containing authentication
- credentials for the HelmRepository. For HTTP/S basic auth the secret
- must contain 'username' and 'password' fields. For TLS the secret
- must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: Suspend tells the controller to suspend the reconciliation
- of this HelmRepository.
- type: boolean
- timeout:
- default: 60s
- description: Timeout of the index fetch operation, defaults to 60s.
- type: string
- type:
- description: Type of the HelmRepository. When this field is set to "oci",
- the URL field value must be prefixed with "oci://".
- enum:
- - default
- - oci
- type: string
- url:
- description: URL of the Helm repository, a valid URL contains at least
- a protocol and host.
- type: string
- required:
- - interval
- - url
- type: object
- status:
- default:
- observedGeneration: -1
- description: HelmRepositoryStatus records the observed state of the HelmRepository.
- properties:
- artifact:
- description: Artifact represents the last successful HelmRepository
- reconciliation.
- properties:
- checksum:
- description: Checksum is the SHA256 checksum of the Artifact file.
- type: string
- lastUpdateTime:
- description: LastUpdateTime is the timestamp corresponding to
- the last update of the Artifact.
- format: date-time
- type: string
- path:
- description: Path is the relative file path of the Artifact. It
- can be used to locate the file in the root of the Artifact storage
- on the local file system of the controller managing the Source.
- type: string
- revision:
- description: Revision is a human-readable identifier traceable
- in the origin source system. It can be a Git commit SHA, Git
- tag, a Helm chart version, etc.
- type: string
- size:
- description: Size is the number of bytes in the file.
- format: int64
- type: integer
- url:
- description: URL is the HTTP address of the Artifact as exposed
- by the controller managing the Source. It can be used to retrieve
- the Artifact for consumption, e.g. by another controller applying
- the Artifact contents.
- type: string
- required:
- - path
- - url
- type: object
- conditions:
- description: Conditions holds the conditions for the HelmRepository.
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last observed generation of
- the HelmRepository object.
- format: int64
- type: integer
- url:
- description: URL is the dynamic fetch link for the latest Artifact.
- It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact
- data is recommended.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: kustomizations.kustomize.toolkit.fluxcd.io
-spec:
- group: kustomize.toolkit.fluxcd.io
- names:
- kind: Kustomization
- listKind: KustomizationList
- plural: kustomizations
- shortNames:
- - ks
- singular: kustomization
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Kustomization is the Schema for the kustomizations API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: KustomizationSpec defines the desired state of a kustomization.
- properties:
- decryption:
- description: Decrypt Kubernetes secrets before applying them on the
- cluster.
- properties:
- provider:
- description: Provider is the name of the decryption engine.
- enum:
- - sops
- type: string
- secretRef:
- description: The secret name containing the private OpenPGP keys
- used for decryption.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - provider
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to Kustomization resources that must be ready
- before this Kustomization can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- force:
- default: false
- description: Force instructs the controller to recreate resources
- when patching fails due to an immutable field change.
- type: boolean
- healthChecks:
- description: A list of resources to be included in the health assessment.
- items:
- description: NamespacedObjectKindReference contains enough information
- to locate the typed referenced Kubernetes resource object in any
- namespace.
- properties:
- apiVersion:
- description: API version of the referent, if not specified the
- Kubernetes preferred version will be used.
- type: string
- kind:
- description: Kind of the referent.
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- images:
- description: Images is a list of (image name, new name, new tag or
- digest) for changing image names, tags or digests. This can also
- be achieved with a patch, but this operator is simpler to specify.
- items:
- description: Image contains an image name, a new name, a new tag
- or digest, which will replace the original name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the original
- image tag. If digest is present NewTag value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace the original
- name.
- type: string
- newTag:
- description: NewTag is the value used to replace the original
- tag.
- type: string
- required:
- - name
- type: object
- type: array
- interval:
- description: The interval at which to reconcile the Kustomization.
- type: string
- kubeConfig:
- description: The KubeConfig for reconciling the Kustomization on a
- remote cluster. When specified, KubeConfig takes precedence over
- ServiceAccountName.
- properties:
- secretRef:
- description: SecretRef holds the name to a secret that contains
- a 'value' key with the kubeconfig file as the value. It must
- be in the same namespace as the Kustomization. It is recommended
- that the kubeconfig is self-contained, and the secret is regularly
- updated if credentials such as a cloud-access-token expire.
- Cloud specific `cmd-path` auth helpers will not function without
- adding binaries and credentials to the Pod that is responsible
- for reconciling the Kustomization.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- type: object
- patches:
- description: Strategic merge and JSON patches, defined as inline YAML
- objects, capable of targeting objects based on kind, label and annotation
- selectors.
- items:
- description: Patch contains an inline StrategicMerge or JSON6902
- patch, and the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge patch or
- an inline JSON6902 patch with an array of operation objects.
- type: string
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: JSON 6902 patches, defined as inline YAML objects.
- items:
- description: JSON6902Patch contains a JSON6902 patch and the target
- the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document with
- an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value that references
- a location within the target document where the operation
- is performed. The meaning of the value depends on the
- value of Op, and is NOT taken into account by all operations.
- type: string
- op:
- description: Op indicates the operation to perform. Its
- value MUST be one of "add", "remove", "replace", "move",
- "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer value that
- references a location within the target document where
- the operation is performed. The meaning of the value
- depends on the value of Op.
- type: string
- value:
- description: Value contains a valid JSON structure. The
- meaning of the value depends on the value of Op, and
- is NOT taken into account by all operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: Strategic merge patches, defined as inline YAML objects.
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- path:
- description: Path to the directory containing the kustomization.yaml
- file, or the set of plain YAMLs a kustomization.yaml should be generated
- for. Defaults to 'None', which translates to the root path of the
- SourceRef.
- type: string
- postBuild:
- description: PostBuild describes which actions to perform on the YAML
- manifest generated by building the kustomize overlay.
- properties:
- substitute:
- additionalProperties:
- type: string
- description: Substitute holds a map of key/value pairs. The variables
- defined in your YAML manifests that match any of the keys defined
- in the map will be substituted with the set value. Includes
- support for bash string replacement functions e.g. ${var:=default},
- ${var:position} and ${var/substring/replacement}.
- type: object
- substituteFrom:
- description: SubstituteFrom holds references to ConfigMaps and
- Secrets containing the variables and their values to be substituted
- in the YAML manifests. The ConfigMap and the Secret data keys
- represent the var names and they must match the vars declared
- in the manifests for the substitution to happen.
- items:
- description: SubstituteReference contains a reference to a resource
- containing the variables name and value.
- properties:
- kind:
- description: Kind of the values referent, valid values are
- ('Secret', 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside
- in the same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- type: object
- prune:
- description: Prune enables garbage collection.
- type: boolean
- retryInterval:
- description: The interval at which to retry a previously failed reconciliation.
- When not specified, the controller uses the KustomizationSpec.Interval
- value to retry failures.
- type: string
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this Kustomization.
- type: string
- sourceRef:
- description: Reference of the source where the kustomization file
- is.
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent
- type: string
- namespace:
- description: Namespace of the referent, defaults to the Kustomization
- namespace
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- kustomize executions, it does not apply to already started executions.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace sets or overrides the namespace in the
- kustomization.yaml file.
- maxLength: 63
- minLength: 1
- type: string
- timeout:
- description: Timeout for validation, apply and health checking operations.
- Defaults to 'Interval' duration.
- type: string
- validation:
- description: Validate the Kubernetes objects before applying them
- on the cluster. The validation strategy can be 'client' (local dry-run),
- 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true',
- validation will fallback to 'client' if set to 'server' because
- server-side validation is not supported in this scenario.
- enum:
- - none
- - client
- - server
- type: string
- required:
- - interval
- - prune
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: KustomizationStatus defines the observed state of a kustomization.
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- lastAppliedRevision:
- description: The last successfully applied revision. The revision
- format for Git sources is <branch|tag>/<commit-sha>.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- snapshot:
- description: The last successfully applied revision metadata.
- properties:
- checksum:
- description: The manifests sha1 checksum.
- type: string
- entries:
- description: A list of Kubernetes kinds grouped by namespace.
- items:
- description: Snapshot holds the metadata of namespaced Kubernetes
- objects
- properties:
- kinds:
- additionalProperties:
- type: string
- description: The list of Kubernetes kinds.
- type: object
- namespace:
- description: The namespace of this entry.
- type: string
- required:
- - kinds
- type: object
- type: array
- required:
- - checksum
- - entries
- type: object
- type: object
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta2
- schema:
- openAPIV3Schema:
- description: Kustomization is the Schema for the kustomizations API.
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: KustomizationSpec defines the configuration to calculate
- the desired state from a Source using Kustomize.
- properties:
- decryption:
- description: Decrypt Kubernetes secrets before applying them on the
- cluster.
- properties:
- provider:
- description: Provider is the name of the decryption engine.
- enum:
- - sops
- type: string
- secretRef:
- description: The secret name containing the private OpenPGP keys
- used for decryption.
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- required:
- - provider
- type: object
- dependsOn:
- description: DependsOn may contain a meta.NamespacedObjectReference
- slice with references to Kustomization resources that must be ready
- before this Kustomization can be reconciled.
- items:
- description: NamespacedObjectReference contains enough information
- to locate the referenced Kubernetes resource object in any namespace.
- properties:
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - name
- type: object
- type: array
- force:
- default: false
- description: Force instructs the controller to recreate resources
- when patching fails due to an immutable field change.
- type: boolean
- healthChecks:
- description: A list of resources to be included in the health assessment.
- items:
- description: NamespacedObjectKindReference contains enough information
- to locate the typed referenced Kubernetes resource object in any
- namespace.
- properties:
- apiVersion:
- description: API version of the referent, if not specified the
- Kubernetes preferred version will be used.
- type: string
- kind:
- description: Kind of the referent.
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, when not specified it
- acts as LocalObjectReference.
- type: string
- required:
- - kind
- - name
- type: object
- type: array
- images:
- description: Images is a list of (image name, new name, new tag or
- digest) for changing image names, tags or digests. This can also
- be achieved with a patch, but this operator is simpler to specify.
- items:
- description: Image contains an image name, a new name, a new tag
- or digest, which will replace the original name and tag.
- properties:
- digest:
- description: Digest is the value used to replace the original
- image tag. If digest is present NewTag value is ignored.
- type: string
- name:
- description: Name is a tag-less image name.
- type: string
- newName:
- description: NewName is the value used to replace the original
- name.
- type: string
- newTag:
- description: NewTag is the value used to replace the original
- tag.
- type: string
- required:
- - name
- type: object
- type: array
- interval:
- description: The interval at which to reconcile the Kustomization.
- type: string
- kubeConfig:
- description: The KubeConfig for reconciling the Kustomization on a
- remote cluster. When used in combination with KustomizationSpec.ServiceAccountName,
- forces the controller to act on behalf of that Service Account at
- the target cluster. If the --default-service-account flag is set,
- its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName
- is empty.
- properties:
- secretRef:
- description: SecretRef holds the name of a secret that contains
- a key with the kubeconfig file as the value. If no key is set,
- the key will default to 'value'. The secret must be in the same
- namespace as the Kustomization. It is recommended that the kubeconfig
- is self-contained, and the secret is regularly updated if credentials
- such as a cloud-access-token expire. Cloud specific `cmd-path`
- auth helpers will not function without adding binaries and credentials
- to the Pod that is responsible for reconciling the Kustomization.
- properties:
- key:
- description: Key in the Secret, when not specified an implementation-specific
- default key is used.
- type: string
- name:
- description: Name of the Secret.
- type: string
- required:
- - name
- type: object
- type: object
- patches:
- description: Strategic merge and JSON patches, defined as inline YAML
- objects, capable of targeting objects based on kind, label and annotation
- selectors.
- items:
- description: Patch contains an inline StrategicMerge or JSON6902
- patch, and the target the patch should be applied to.
- properties:
- patch:
- description: Patch contains an inline StrategicMerge patch or
- an inline JSON6902 patch with an array of operation objects.
- type: string
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- type: object
- type: array
- patchesJson6902:
- description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated:
- Use Patches instead.'
- items:
- description: JSON6902Patch contains a JSON6902 patch and the target
- the patch should be applied to.
- properties:
- patch:
- description: Patch contains the JSON6902 patch document with
- an array of operation objects.
- items:
- description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
- properties:
- from:
- description: From contains a JSON-pointer value that references
- a location within the target document where the operation
- is performed. The meaning of the value depends on the
- value of Op, and is NOT taken into account by all operations.
- type: string
- op:
- description: Op indicates the operation to perform. Its
- value MUST be one of "add", "remove", "replace", "move",
- "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4
- enum:
- - test
- - remove
- - add
- - replace
- - move
- - copy
- type: string
- path:
- description: Path contains the JSON-pointer value that
- references a location within the target document where
- the operation is performed. The meaning of the value
- depends on the value of Op.
- type: string
- value:
- description: Value contains a valid JSON structure. The
- meaning of the value depends on the value of Op, and
- is NOT taken into account by all operations.
- x-kubernetes-preserve-unknown-fields: true
- required:
- - op
- - path
- type: object
- type: array
- target:
- description: Target points to the resources that the patch document
- should be applied to.
- properties:
- annotationSelector:
- description: AnnotationSelector is a string that follows
- the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource annotations.
- type: string
- group:
- description: Group is the API group to select resources
- from. Together with Version and Kind it is capable of
- unambiguously identifying and/or selecting resources.
- https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- kind:
- description: Kind of the API Group to select resources from.
- Together with Group and Version it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- labelSelector:
- description: LabelSelector is a string that follows the
- label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
- It matches with the resource labels.
- type: string
- name:
- description: Name to match resources with.
- type: string
- namespace:
- description: Namespace to select resources from.
- type: string
- version:
- description: Version of the API Group to select resources
- from. Together with Group and Kind it is capable of unambiguously
- identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
- type: string
- type: object
- required:
- - patch
- - target
- type: object
- type: array
- patchesStrategicMerge:
- description: 'Strategic merge patches, defined as inline YAML objects.
- Deprecated: Use Patches instead.'
- items:
- x-kubernetes-preserve-unknown-fields: true
- type: array
- path:
- description: Path to the directory containing the kustomization.yaml
- file, or the set of plain YAMLs a kustomization.yaml should be generated
- for. Defaults to 'None', which translates to the root path of the
- SourceRef.
- type: string
- postBuild:
- description: PostBuild describes which actions to perform on the YAML
- manifest generated by building the kustomize overlay.
- properties:
- substitute:
- additionalProperties:
- type: string
- description: Substitute holds a map of key/value pairs. The variables
- defined in your YAML manifests that match any of the keys defined
- in the map will be substituted with the set value. Includes
- support for bash string replacement functions e.g. ${var:=default},
- ${var:position} and ${var/substring/replacement}.
- type: object
- substituteFrom:
- description: SubstituteFrom holds references to ConfigMaps and
- Secrets containing the variables and their values to be substituted
- in the YAML manifests. The ConfigMap and the Secret data keys
- represent the var names and they must match the vars declared
- in the manifests for the substitution to happen.
- items:
- description: SubstituteReference contains a reference to a resource
- containing the variables name and value.
- properties:
- kind:
- description: Kind of the values referent, valid values are
- ('Secret', 'ConfigMap').
- enum:
- - Secret
- - ConfigMap
- type: string
- name:
- description: Name of the values referent. Should reside
- in the same namespace as the referring resource.
- maxLength: 253
- minLength: 1
- type: string
- optional:
- default: false
- description: Optional indicates whether the referenced resource
- must exist, or whether to tolerate its absence. If true
- and the referenced resource is absent, proceed as if the
- resource was present but empty, without any variables
- defined.
- type: boolean
- required:
- - kind
- - name
- type: object
- type: array
- type: object
- prune:
- description: Prune enables garbage collection.
- type: boolean
- retryInterval:
- description: The interval at which to retry a previously failed reconciliation.
- When not specified, the controller uses the KustomizationSpec.Interval
- value to retry failures.
- type: string
- serviceAccountName:
- description: The name of the Kubernetes service account to impersonate
- when reconciling this Kustomization.
- type: string
- sourceRef:
- description: Reference of the source where the kustomization file
- is.
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- kind:
- description: Kind of the referent.
- enum:
- - GitRepository
- - Bucket
- type: string
- name:
- description: Name of the referent.
- type: string
- namespace:
- description: Namespace of the referent, defaults to the namespace
- of the Kubernetes resource object that contains the reference.
- type: string
- required:
- - kind
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- kustomize executions, it does not apply to already started executions.
- Defaults to false.
- type: boolean
- targetNamespace:
- description: TargetNamespace sets or overrides the namespace in the
- kustomization.yaml file.
- maxLength: 63
- minLength: 1
- type: string
- timeout:
- description: Timeout for validation, apply and health checking operations.
- Defaults to 'Interval' duration.
- type: string
- validation:
- description: 'Deprecated: Not used in v1beta2.'
- enum:
- - none
- - client
- - server
- type: string
- wait:
- description: Wait instructs the controller to check the health of
- all the reconciled resources. When enabled, the HealthChecks are
- ignored. Defaults to false.
- type: boolean
- required:
- - interval
- - prune
- - sourceRef
- type: object
- status:
- default:
- observedGeneration: -1
- description: KustomizationStatus defines the observed state of a kustomization.
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- inventory:
- description: Inventory contains the list of Kubernetes resource object
- references that have been successfully applied.
- properties:
- entries:
- description: Entries of Kubernetes resource object references.
- items:
- description: ResourceRef contains the information necessary
- to locate a resource within a cluster.
- properties:
- id:
- description: ID is the string representation of the Kubernetes
- resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
- type: string
- v:
- description: Version is the API version of the Kubernetes
- resource object's kind.
- type: string
- required:
- - id
- - v
- type: object
- type: array
- required:
- - entries
- type: object
- lastAppliedRevision:
- description: The last successfully applied revision. The revision
- format for Git sources is <branch|tag>/<commit-sha>.
- type: string
- lastAttemptedRevision:
- description: LastAttemptedRevision is the revision of the last reconciliation
- attempt.
- type: string
- lastHandledReconcileAt:
- description: LastHandledReconcileAt holds the value of the most recent
- reconcile request value, so a change of the annotation value can
- be detected.
- type: string
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: providers.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Provider
- listKind: ProviderList
- plural: providers
- singular: provider
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Provider is the Schema for the providers API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ProviderSpec defines the desired state of Provider
- properties:
- address:
- description: HTTP/S webhook address of this provider
- pattern: ^(http|https)://
- type: string
- certSecretRef:
- description: CertSecretRef can be given the name of a secret containing
- a PEM-encoded CA certificate (`caFile`)
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- channel:
- description: Alert channel for this provider
- type: string
- proxy:
- description: HTTP/S address of the proxy
- pattern: ^(http|https)://
- type: string
- secretRef:
- description: Secret reference containing the provider webhook URL
- using "address" as data key
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- events handling. Defaults to false.
- type: boolean
- type:
- description: Type of provider
- enum:
- - slack
- - discord
- - msteams
- - rocket
- - generic
- - github
- - gitlab
- - bitbucket
- - azuredevops
- - googlechat
- - webex
- - sentry
- - azureeventhub
- - telegram
- - lark
- - matrix
- - opsgenie
- - alertmanager
- - grafana
- - githubdispatch
- type: string
- username:
- description: Bot username for this provider
- type: string
- required:
- - type
- type: object
- status:
- default:
- observedGeneration: -1
- description: ProviderStatus defines the observed state of Provider
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last reconciled generation.
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.7.0
- creationTimestamp: null
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: receivers.notification.toolkit.fluxcd.io
-spec:
- group: notification.toolkit.fluxcd.io
- names:
- kind: Receiver
- listKind: ReceiverList
- plural: receivers
- singular: receiver
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=="Ready")].message
- name: Status
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: Receiver is the Schema for the receivers API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ReceiverSpec defines the desired state of Receiver
- properties:
- events:
- description: A list of events to handle, e.g. 'push' for GitHub or
- 'Push Hook' for GitLab.
- items:
- type: string
- type: array
- resources:
- description: A list of resources to be notified about changes.
- items:
- description: CrossNamespaceObjectReference contains enough information
- to let you locate the typed referenced object at cluster level
- properties:
- apiVersion:
- description: API version of the referent
- type: string
- kind:
- description: Kind of the referent
- enum:
- - Bucket
- - GitRepository
- - Kustomization
- - HelmRelease
- - HelmChart
- - HelmRepository
- - ImageRepository
- - ImagePolicy
- - ImageUpdateAutomation
- type: string
- matchLabels:
- additionalProperties:
- type: string
- description: MatchLabels is a map of {key,value} pairs. A single
- {key,value} in the matchLabels map is equivalent to an element
- of matchExpressions, whose key field is "key", the operator
- is "In", and the values array contains only "value". The requirements
- are ANDed.
- type: object
- name:
- description: Name of the referent
- maxLength: 53
- minLength: 1
- type: string
- namespace:
- description: Namespace of the referent
- maxLength: 53
- minLength: 1
- type: string
- required:
- - name
- type: object
- type: array
- secretRef:
- description: Secret reference containing the token used to validate
- the payload authenticity
- properties:
- name:
- description: Name of the referent.
- type: string
- required:
- - name
- type: object
- suspend:
- description: This flag tells the controller to suspend subsequent
- events handling. Defaults to false.
- type: boolean
- type:
- description: Type of webhook sender, used to determine the validation
- procedure and payload deserialization.
- enum:
- - generic
- - generic-hmac
- - github
- - gitlab
- - bitbucket
- - harbor
- - dockerhub
- - quay
- - gcr
- - nexus
- - acr
- type: string
- required:
- - resources
- - type
- type: object
- status:
- default:
- observedGeneration: -1
- description: ReceiverStatus defines the observed state of Receiver
- properties:
- conditions:
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: ObservedGeneration is the last observed generation.
- format: int64
- type: integer
- url:
- description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: helm-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: kustomize-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: notification-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: source-controller
- namespace: flux-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: crd-controller-flux-system
-rules:
-- apiGroups:
- - source.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - kustomize.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - helm.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - notification.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - image.toolkit.fluxcd.io
- resources:
- - '*'
- verbs:
- - '*'
-- apiGroups:
- - ""
- resources:
- - namespaces
- - secrets
- - configmaps
- - serviceaccounts
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
-- apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
-- apiGroups:
- - ""
- resources:
- - configmaps/status
- verbs:
- - get
- - update
- - patch
-- apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: cluster-reconciler-flux-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
-- kind: ServiceAccount
- name: kustomize-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: helm-controller
- namespace: flux-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: crd-controller-flux-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: crd-controller-flux-system
-subjects:
-- kind: ServiceAccount
- name: kustomize-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: helm-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: source-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: notification-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: image-reflector-controller
- namespace: flux-system
-- kind: ServiceAccount
- name: image-automation-controller
- namespace: flux-system
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: notification-controller
- namespace: flux-system
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: notification-controller
- type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: source-controller
- namespace: flux-system
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http
- selector:
- app: source-controller
- type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: webhook-receiver
- namespace: flux-system
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: http-webhook
- selector:
- app: notification-controller
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: helm-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: helm-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: helm-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/helm-controller:v0.22.2
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: helm-controller
- terminationGracePeriodSeconds: 600
- volumes:
- - emptyDir: {}
- name: temp
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: kustomize-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: kustomize-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: kustomize-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/kustomize-controller:v0.26.3
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: kustomize-controller
- terminationGracePeriodSeconds: 60
- volumes:
- - emptyDir: {}
- name: temp
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: notification-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: notification-controller
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: notification-controller
- spec:
- containers:
- - args:
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/notification-controller:v0.24.1
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9090
- name: http
- protocol: TCP
- - containerPort: 9292
- name: http-webhook
- protocol: TCP
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: healthz
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /tmp
- name: temp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: notification-controller
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: temp
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- control-plane: controller
- name: source-controller
- namespace: flux-system
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: source-controller
- strategy:
- type: Recreate
- template:
- metadata:
- annotations:
- prometheus.io/port: "8080"
- prometheus.io/scrape: "true"
- labels:
- app: source-controller
- spec:
- containers:
- - args:
- - --events-addr=http://notification-controller.flux-system.svc.cluster.local./
- - --watch-all-namespaces=true
- - --log-level=info
- - --log-encoding=json
- - --enable-leader-election
- - --storage-path=/data
- - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
- env:
- - name: RUNTIME_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: ghcr.io/fluxcd/source-controller:v0.25.11
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: healthz
- name: manager
- ports:
- - containerPort: 9090
- name: http
- protocol: TCP
- - containerPort: 8080
- name: http-prom
- protocol: TCP
- - containerPort: 9440
- name: healthz
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /
- port: http
- resources:
- limits:
- cpu: 1000m
- memory: 1Gi
- requests:
- cpu: 50m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- volumeMounts:
- - mountPath: /data
- name: data
- - mountPath: /tmp
- name: tmp
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- fsGroup: 1337
- serviceAccountName: source-controller
- terminationGracePeriodSeconds: 10
- volumes:
- - emptyDir: {}
- name: data
- - emptyDir: {}
- name: tmp
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: allow-egress
- namespace: flux-system
-spec:
- egress:
- - {}
- ingress:
- - from:
- - podSelector: {}
- podSelector: {}
- policyTypes:
- - Ingress
- - Egress
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: allow-scraping
- namespace: flux-system
-spec:
- ingress:
- - from:
- - namespaceSelector: {}
- ports:
- - port: 8080
- protocol: TCP
- podSelector: {}
- policyTypes:
- - Ingress
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- app.kubernetes.io/instance: flux-system
- app.kubernetes.io/part-of: flux
- app.kubernetes.io/version: v0.31.5
- name: allow-webhooks
- namespace: flux-system
-spec:
- ingress:
- - from:
- - namespaceSelector: {}
- podSelector:
- matchLabels:
- app: notification-controller
- policyTypes:
- - Ingress
diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-sync.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-sync.yaml
deleted file mode 100644
index e31b111..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-sync.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-# This manifest was generated by flux. DO NOT EDIT.
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: GitRepository
-metadata:
- name: flux-system
- namespace: flux-system
-spec:
- interval: 1m0s
- ref:
- branch: master
- secretRef:
- name: flux-system
- url: ssh://git@10.57.100.7/srv/git/tyilnet
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: flux-system
- namespace: flux-system
-spec:
- interval: 10m0s
- path: ./playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net
- prune: true
- sourceRef:
- kind: GitRepository
- name: flux-system
diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/kustomization.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/kustomization.yaml
deleted file mode 100644
index 3842229..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/kustomization.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- gotk-components.yaml
-- gotk-sync.yaml
diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-configuration.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-configuration.yaml
deleted file mode 100644
index 2b28e78..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-configuration.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: infrastructure-configurations
- namespace: flux-system
-spec:
- interval: 10m0s
- dependsOn:
- - name: infrastructure-releases
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/manifests/infrastructure/configuration
- prune: true
- wait: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-releases.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-releases.yaml
deleted file mode 100644
index 9006f0f..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-releases.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: infrastructure-releases
- namespace: flux-system
-spec:
- interval: 10m0s
- dependsOn:
- - name: infrastructure-sources
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/manifests/infrastructure/releases
- prune: true
- wait: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-sources.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-sources.yaml
deleted file mode 100644
index b07ca57..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-sources.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: infrastructure-sources
- namespace: flux-system
-spec:
- interval: 10m0s
- dependsOn:
- - name: namespaces
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/manifests/infrastructure/sources
- prune: true
- wait: true
-...
diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/namespaces.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/namespaces.yaml
deleted file mode 100644
index 6e0395e..0000000
--- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/namespaces.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
-kind: Kustomization
-metadata:
- name: namespaces
- namespace: flux-system
-spec:
- interval: 10m0s
- sourceRef:
- kind: GitRepository
- name: flux-system
- path: ./playbooks.d/k3s-master/manifests/namespaces
- prune: true
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/kustomization.yaml
deleted file mode 100644
index c9e511c..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- letsencrypt-staging.yaml
-- letsencrypt-production.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/configuration/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/configuration/kustomization.yaml
deleted file mode 100644
index b1b320b..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/configuration/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- cluster-issuers
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/kustomization.yaml
deleted file mode 100644
index 3c7eaaa..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- release.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/release.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/release.yaml
deleted file mode 100644
index 794d631..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/release.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: cert-manager
- namespace: base-system
-spec:
- interval: 5m
- chart:
- spec:
- chart: cert-manager
- version: 1.9.1
- sourceRef:
- kind: HelmRepository
- name: jetstack
- namespace: flux-system
- interval: 1m
- values:
- installCRDs: true
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/kustomization.yaml
deleted file mode 100644
index f542f00..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- values.yaml
-- release.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/release.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/release.yaml
deleted file mode 100644
index 96b652c..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/release.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: external-dns
- namespace: base-system
-spec:
- interval: 5m
- chart:
- spec:
- chart: external-dns
- version: 6.7.2
- sourceRef:
- kind: HelmRepository
- name: bitnami
- namespace: flux-system
- interval: 1m
- values:
- provider: transip
- valuesFrom:
- - kind: Secret
- name: valuefile-external-dns
- valuesKey: values.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/values.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/values.yaml
deleted file mode 100644
index 20d1d7a..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/values.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
- creationTimestamp: null
- name: valuefile-external-dns
- namespace: base-system
-spec:
- encryptedData:
- values.yaml: AgDBViaHigL6gDUQRnXRPkMZY1gu0Z3fIBCL4Z1c0kjxe7wIEqHcfPCubw6Kjn0gFF3iasHNbJxH+xIWu3j+lBcMlPCofPGxDfchRnA6BrgZQ++47vxlarQOlxgwgEL1Rojf9MgG+VfjHZ1Kotb0aJgiV4l81JlRJGzCa+DqBLEEjwUntWZQ2du5PElBm1MgfHHw8J7VHUngEkc9pF5lSwV94hGXZoLz7MUQ36klknRoBlQpMEVylyB/LoFXRscXMNaTHvItSZwZcaxFRUDuFtkbA0hC1Dj9li5AZcV1vhGqVcI/sAl/AN9lrCwVoQaRuhMruHRojU4KlLP1S+l5NjZ/+WMmmhhm6isQMDt0KJUnQsVjjwi1i2sm5wax4ZWPqbuzmzknr8reZBdc+9RAgA8UoGfWtO0lZWmiKO/TB5jiW/0BYSRlkhzwyFh76cFcPJA9TzeEJ5EgV+nHETeRvVuchJ5O0hEK46hscqO0au2+jXhQYmVDq5XB2yljbB3o9l9lipaZ/aVgf1jZpvvHzJcxwRqPuNZMffz2aKocZ9xZsQzNc0owfNDn6ZxTkFdMg7Za5KoQIxE8bMrRiub7LOVzbkm/+0fn4+uw/rkQQNomKcbQm8+OB+IAUOZHpyq3UUMUf1KeJ9ZpV4N0bFBiW0uq1rXJNaWPaDazqq923tlA8gk9xKftBMfJI9x/CcxBIeUtI0idaeD9mU4+mf6gJZi9LbIoMOtFNS02X8/on+xejo5mI9FLWKGFYosGZEsqjmv6a9OdHI8BWOVd3cdGvp9M5EacAku3yejfAEoW+lTdb3isCeOEjhhetNIvor7cIaJuYP7fgIgDU829lfufdgMM00hUieXRVU9SaT888mPtkhTJXBTqRYovB3QGGN6R35xxVlkTOJay/zrC7Xl90oHvAckYAfqcjOfSLsGOI0gbegqCmwJ+zXQZh7KJti1nUnP0Umcld4MQYIu3Vj3W0ChAKiGEoMD2mAH2ZMyCjla1FIHvZ8bJcdFJ56Y4ekqYP/kcG54+T8W3lOZew3iZA7/MUD5IyotN5WPr6Jz4NbOTC3oqB1KjqMvJPyh3OMHaWBZv6H5xmXEdGExWI9Sf4d+yxEfwIZdk6Xi3a76rLQxrbGhi4Ncpx3rKxt/6OrA/fEd8O1DW+p7qqhdVyB033odonhJm7cwvihmkCJl8NvysmrYgXf+t/Y8kAmCLozDzKHLMi0qEyhDVUMjmzp2TzH3xL2Ocs+4eFT3DhiYqkUMTMqZUgHUoYoLbswyZZQW/VgvonaJBYDhd97zMfQP3bJMHeupN/dO7Xn/snnFgsG43SQj7BcrEe2hXWfpDlZtiN45gtFZfjcn1LmL9q7nxj9dvR/otIHkWzkj9XzuURGNrQoYZBf533BomQTZaB7UyF0bkHZobs1WJUtKa+qLoYOUan5XCcS74wlotLjn9hd2kIhbceDGpSJcreXGjBvwcRqBJ3d3IV8p56Y8jNJsj9xZ+uysuykCEoHyywuYFJUNpcY9diydIJDFFnyoQg5fi96Ezzu7iDwH+yFTIGufwiLvbSmPi3uOPWOY9bDvSbHFsE45J7LWLMqwxXFrba0kZ0Nf3elJBl1gv03I6KABowsQ4q5eWxruYnGjsbJcjGR+p6oiHmGmd6D9Y5gBbwt3sZ7mCf9C5IUCOS083W4n/eB0iDBiwMg/3COOHzD2w3LM178Tz0ilpemSmp6T3OBzo/RbgKihNcpuVXn4Y9f3abfeKI2ubLlSJAQDykvzWFaBkmgX7QvMQA/LFzRpl1xphQ+9G55ndzm7ssLn97wrV3K5aisHj5V/AA0xE5VpmgWFbc6YH9tlLw9QVyPX93g9v7hFLuW+eV4pVVT9v2rgF/XvkP9SPheWXMhAIxLwEOxH2PkU/e/HDrfgBs3+/u5jLy7FcTxyc7JxXsK88bqU4+OhSAMVuVAGGMspqWlrkNa27a9Zuj1xSUnYlInOLgGjTi0WlzN1TH6V5xglHr4qAFgBQnx+KJpNY43ggi6en5gocTU9gsJ3qbm6xnWuKR1vu2daubdN0wM5yzz7Nzc0FjpK7OyR1qZTsmvKP+VrmnpxqtlsLYWjt8zX2mFJoRESLBwgAd5Iy7qvNE1kjIpLqGJ+Ped19qgyrFmdpoTZDiriEENUbGXRT6px5DmG3RJshMdZ0YNZAsuDYnIT/g+UrX/4jFnIgFAKqHUQpCaWeCR7DFDRRiihGwQGPvykQpbg4HSJD8FXpyMJnN0ruvlHGuIh3eyUvp73ivM+9zCoaWEMDvrked4g7BjXAtrve/enMitcA/clvn0bolme7Mx9P2CJ5kuu3/Rp3lxKU1xn7Hy0FusaVmcOcgYxG7w6mzMi3HHFniY/GZx4X8l0ig0brc0bFDu7qSKs8BKbRpNVukKwC+vkKzGcOAsZfdHalo/6orej7tj62goBl9iMDayZ10G2aOf19P1UrXPIhVIb7wW+gW4U89rRchD8pM/71WkCN4pTgTuqtaj0tyqjd9gOW+J6mZw02gfSJqCAliJstiQYbe9+kCJjZyhuRjr70RSqDZSo6sae1SYhddohRs5FZIOhy1vSTH3fcVdBRb7LM+L3XV+PkMX6IiURYyy/I/qOupzwur1vAKsaTTqaPqHxDRe53ACaY4XOACJ20fqaj8CdANY1ha711o5ZQT3mZJBtSaqbr3bRGKgiMSFSkp/dVBcnp49SCArLXFC6wC5gdgHn8c68i/B7U4FRQJHkSzHLStVKshuo9UZkfWnie9aFq/k8MYlcj6HBYo5p62L4xxCPv6hCrdtZHVA79xWCgDAMky7CubTSvOkXcQm4+wuPBoioMLXeXNaCh2tTWBHbdM8yRO9MgMwjoI+qaHsnze7f3cgSBRBMGPIMyUal+DhLbAqRsk6q//oaS98RH/SfIMULu9wsKEQSJAogxRIx4zXLU35+5I5DSqY5omReyJDHDL1paLuyjFo7V3Nbn/p3q2rtc6F3NuzAKmQZRSTnNlAW3sgX3RQ2CRCofPB0ai8k2dbpNF+1I+H79+r4xUy9Zhx1b4cyoA6Q1dzH7ey9hQ0S4vc8ps9LP/mULa/xz/MDDC+/T9CGtv1JXMCvpyYtx5nfDbuY7m5T5c7laSoF8WfjDU9v+OwZOfsIY2z2EA3eG0gDwHfMaCyHTjnT7JtcjAInR
- template:
- data: null
- metadata:
- creationTimestamp: null
- name: valuefile-external-dns
- namespace: base-system
- type: Opaque
-
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/kustomization.yaml
deleted file mode 100644
index 3c7eaaa..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- release.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/release.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/release.yaml
deleted file mode 100644
index dc5a3e8..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/release.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: ingress-nginx
- namespace: base-system
-spec:
- interval: 5m
- chart:
- spec:
- chart: ingress-nginx
- version: 4.2.0
- sourceRef:
- kind: HelmRepository
- name: ingress-nginx
- namespace: flux-system
- interval: 1m
- values:
- controller:
- replicaCount: 1
- service:
- ports:
- http: 8080
- https: 8443
- watchIngressWithoutClass: true
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/kustomization.yaml
deleted file mode 100644
index 51893a5..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/releases/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- sealed-secrets
-- ingress-nginx
-- cert-manager
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/kustomization.yaml
deleted file mode 100644
index 3c7eaaa..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- release.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/release.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/release.yaml
deleted file mode 100644
index fe9ef26..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/release.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: sealed-secrets-controller
- namespace: kube-system
-spec:
- interval: 5m
- chart:
- spec:
- chart: sealed-secrets
- version: 1.0.10
- sourceRef:
- kind: HelmRepository
- name: bitnami
- namespace: flux-system
- interval: 1m
- values: {}
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/kustomization.yaml
deleted file mode 100644
index 3c7eaaa..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- release.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/release.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/release.yaml
deleted file mode 100644
index 750e6fa..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/release.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: seaweedfs-csi-driver
- namespace: base-system
-spec:
- interval: 5m
- chart:
- spec:
- chart: ./deploy/helm/seaweedfs-csi-driver
- version: 0.1.1
- sourceRef:
- kind: GitRepository
- name: seaweedfs
- namespace: flux-system
- interval: 1m
- values:
- seaweedfsFiler: 10.57.21.1
- storageClassName: seaweedfs
- isDefaultStorageClass: false
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/sources/bitnami.yaml b/playbooks.d/k3s-master/manifests/infrastructure/sources/bitnami.yaml
deleted file mode 100644
index ef29afb..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/sources/bitnami.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: HelmRepository
-metadata:
- name: bitnami
- namespace: flux-system
-spec:
- interval: 1m
- url: https://charts.bitnami.com/bitnami
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/sources/ingress-nginx.yaml b/playbooks.d/k3s-master/manifests/infrastructure/sources/ingress-nginx.yaml
deleted file mode 100644
index cd006ac..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/sources/ingress-nginx.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: HelmRepository
-metadata:
- name: ingress-nginx
- namespace: flux-system
-spec:
- interval: 1m
- url: https://kubernetes.github.io/ingress-nginx
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/sources/jetstack.yaml b/playbooks.d/k3s-master/manifests/infrastructure/sources/jetstack.yaml
deleted file mode 100644
index 782ba14..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/sources/jetstack.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: HelmRepository
-metadata:
- name: jetstack
- namespace: flux-system
-spec:
- interval: 1m
- url: https://charts.jetstack.io
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/sources/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/sources/kustomization.yaml
deleted file mode 100644
index a87331d..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/sources/kustomization.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- bitnami.yaml
-- ingress-nginx.yaml
-- jetstack.yaml
-- nextcloud.yaml
-- seaweedfs.yaml
-- tyil-invidious.yaml
-- tyil-nitter.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/sources/nextcloud.yaml b/playbooks.d/k3s-master/manifests/infrastructure/sources/nextcloud.yaml
deleted file mode 100644
index 1594b3b..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/sources/nextcloud.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: HelmRepository
-metadata:
- name: nextcloud
- namespace: flux-system
-spec:
- interval: 1m
- url: https://nextcloud.github.io/helm/
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/sources/seaweedfs.yaml b/playbooks.d/k3s-master/manifests/infrastructure/sources/seaweedfs.yaml
deleted file mode 100644
index cba7a16..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/sources/seaweedfs.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: GitRepository
-metadata:
- name: seaweedfs
- namespace: flux-system
-spec:
- interval: 1m
- url: https://github.com/seaweedfs/seaweedfs-csi-driver
- ref:
- branch: master
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-invidious.yaml b/playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-invidious.yaml
deleted file mode 100644
index 1633026..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-invidious.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: GitRepository
-metadata:
- name: tyil-helm-invidious
- namespace: flux-system
-spec:
- interval: 1m
- url: https://git.sr.ht/~tyil/helm-invidious
- ref:
- branch: master
-...
diff --git a/playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-nitter.yaml b/playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-nitter.yaml
deleted file mode 100644
index d7cc48c..0000000
--- a/playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-nitter.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: GitRepository
-metadata:
- name: tyil-helm-nitter
- namespace: flux-system
-spec:
- interval: 1m
- url: https://git.sr.ht/~tyil/helm-nitter
- ref:
- branch: master
-...
diff --git a/playbooks.d/k3s-master/manifests/namespaces/kustomization.yaml b/playbooks.d/k3s-master/manifests/namespaces/kustomization.yaml
deleted file mode 100644
index b05f7e7..0000000
--- a/playbooks.d/k3s-master/manifests/namespaces/kustomization.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- base-system.yaml
-- media.yaml
-- personal-services.yaml
-- public-services.yaml
-- servarr.yaml
-...
diff --git a/playbooks.d/k3s-master/manifests/namespaces/media.yaml b/playbooks.d/k3s-master/manifests/namespaces/media.yaml
deleted file mode 100644
index 32f23de..0000000
--- a/playbooks.d/k3s-master/manifests/namespaces/media.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
- name: media
-...
diff --git a/playbooks.d/k3s-master/manifests/namespaces/public-services.yaml b/playbooks.d/k3s-master/manifests/namespaces/public-services.yaml
deleted file mode 100644
index 15a4f07..0000000
--- a/playbooks.d/k3s-master/manifests/namespaces/public-services.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
- name: public-services
-...
diff --git a/playbooks.d/k3s-master/manifests/namespaces/servarr.yaml b/playbooks.d/k3s-master/manifests/namespaces/servarr.yaml
deleted file mode 100644
index 247de1e..0000000
--- a/playbooks.d/k3s-master/manifests/namespaces/servarr.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
- name: servarr
-...
diff --git a/playbooks.d/k3s-master/playbook.bash b/playbooks.d/k3s-master/playbook.bash
deleted file mode 100644
index 351064c..0000000
--- a/playbooks.d/k3s-master/playbook.bash
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/usr/bin/env bash
-
-playbook_add() {
- info "$BASHTARD_PLAYBOOK" "Writing config.yaml for k3s"
- mkdir -pv -- /etc/rancher/k3s
- cat <<-EOF > /etc/rancher/k3s/config.yaml
- node-name: ${BASHTARD_PLATFORM[fqdn]}
- node-ip: $(config "k3s.network.ip" "$(config "vpn.ipv4" "127.0.0.1")")
- bind-address: $(config "k3s.network.bind" "$(config "vpn.ipv4" "0.0.0.0")")
- cluster-cidr: $(config "k3s.network.cidr.pods")
- service-cidr: $(config "k3s.network.cidr.svcs")
- cluster-dns: $(config "k3s.network.service.dns")
- cluster-domain: $(config "k3s.domain")
- disable:
- - traefik
- EOF
-
- info "$BASHTARD_PLAYBOOK" "Installing k3s"
- curl -sfL https://get.k3s.io | sh - # I hate this
- curl -L https://github.com/fluxcd/flux2/releases/download/v0.31.5/flux_0.31.5_linux_amd64.tar.gz | tar xzf - -C /usr/local/bin
-
- notice "$BASHTARD_PLAYBOOK" "Waiting for node to become available"
- { grep -q -m 1 "${BASHTARD_PLATFORM[fqdn]}[[:space:]]\+Ready"; kill $!; } < <(k3s kubectl get node -w)
-
- info "$BASHTARD_PLAYBOOK" "Installing flux-system on k3s"
- flux bootstrap git \
- --branch="$(config "k3s.flux.repo.branch")" \
- --cluster-domain="$(config "k3s.domain")" \
- --kubeconfig=/etc/rancher/k3s/k3s.yaml \
- --path="$(config "k3s.flux.repo.path" "playbooks.d/$BASHTARD_PLAYBOOK/manifests/clusters/${BASHTARD_PLATFORM[fqdn]}")" \
- --private-key-file="$(config "k3s.flux.repo.privkey" "$HOME/.ssh/id.d/$USER@$(hostname -s)-ed25519")" \
- --silent \
- --url="$(config "k3s.flux.repo.url")"
-}
-
-playbook_sync() {
- :;
-}
-
-playbook_del() {
- /usr/local/bin/k3s-uninstall.sh
-}
diff --git a/playbooks.d/k3s-node/description.txt b/playbooks.d/k3s-node/description.txt
new file mode 100644
index 0000000..2a299e3
--- /dev/null
+++ b/playbooks.d/k3s-node/description.txt
@@ -0,0 +1 @@
+Playbook for a single k3s node to be part of an existing cluster.
diff --git a/playbooks.d/k3s-node/etc/defaults b/playbooks.d/k3s-node/etc/defaults
new file mode 100644
index 0000000..3e2c63b
--- /dev/null
+++ b/playbooks.d/k3s-node/etc/defaults
@@ -0,0 +1,3 @@
+pkg.curl=curl
+pkg.nfs-common=nfs-common
+pkg.open-iscsi=open-iscsi
diff --git a/playbooks.d/k3s-node/etc/os.d/linux-gentoo b/playbooks.d/k3s-node/etc/os.d/linux-gentoo
new file mode 100644
index 0000000..5e7bc08
--- /dev/null
+++ b/playbooks.d/k3s-node/etc/os.d/linux-gentoo
@@ -0,0 +1,2 @@
+pkg.nfs-common=net-fs/nfs-utils
+pkg.open-iscsi=sys-block/open-iscsi
diff --git a/playbooks.d/k3s-node/playbook.bash b/playbooks.d/k3s-node/playbook.bash
new file mode 100644
index 0000000..f2ae8d6
--- /dev/null
+++ b/playbooks.d/k3s-node/playbook.bash
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.entry.host]="required"
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.entry.token]="required"
+
+playbook_add() {
+ pkg install curl nfs-common open-iscsi
+
+ info "$BASHTARD_PLAYBOOK" "Writing config.yaml for k3s"
+ mkdir -pv -- /etc/rancher/k3s
+ cat <<-EOF > /etc/rancher/k3s/config.yaml
+ node-ip: "$(config "$BASHTARD_PLAYBOOK.node-ip" "$(config "bashtard.ssh.host")")"
+ node-name: "${BASHTARD_PLATFORM[fqdn]}"
+ server: "https://$(config "$BASHTARD_PLAYBOOK.entry.host"):$(config "$BASHTARD_PLAYBOOK.entry.port" "6443")"
+ token: "$(config "$BASHTARD_PLAYBOOK.entry.token")"
+ EOF
+
+ if [[ "$(config "$BASHTARD_PLAYBOOK.role")" == "server" ]]
+ then
+ cat <<-EOF >> /etc/rancher/k3s/config.yaml
+ cluster-cidr: "$(config "$BASHTARD_PLAYBOOK.cluster-cidr" "172.19.0.0/16")"
+ cluster-domain: "$(config "$BASHTARD_PLAYBOOK.cluster-domain" "cluster.local")"
+ service-cidr: "$(config "$BASHTARD_PLAYBOOK.service-cidr" "172.20.0.0/16")"
+ service-node-port-range: "$(config "$BASHTARD_PLAYBOOK.service-node-port-min" "30000")-$(config "$BASHTARD_PLAYBOOK.service-node-port-max" "32767")"
+ EOF
+ fi
+
+ info "$BASHTARD_PLAYBOOK" "Installing k3s"
+ curl -sfL https://get.k3s.io | sh -s - "$(config "$BASHTARD_PLAYBOOK.role" "agent")"
+
+ notice "$BASHTARD_PLAYBOOK" "Waiting for node to become available"
+ { grep -q -m 1 "${BASHTARD_PLATFORM[fqdn]}[[:space:]]\+Ready"; kill $!; } < <(k3s kubectl get node -w)
+}
+
+playbook_sync() {
+ :;
+}
+
+playbook_del() {
+ /usr/local/bin/k3s-uninstall.sh
+}
diff --git a/playbooks.d/k8s-master/description.txt b/playbooks.d/k8s-master/description.txt
new file mode 100644
index 0000000..60693ef
--- /dev/null
+++ b/playbooks.d/k8s-master/description.txt
@@ -0,0 +1 @@
+Playbook for a Kubernetes master node
diff --git a/playbooks.d/k8s-master/etc/defaults b/playbooks.d/k8s-master/etc/defaults
new file mode 100644
index 0000000..9506887
--- /dev/null
+++ b/playbooks.d/k8s-master/etc/defaults
@@ -0,0 +1,4 @@
+pkg.containerd=containerd
+pkg.kubeadm=kubeadm
+pkg.kubectl=kubectl
+pkg.kubelet=kubelet
diff --git a/playbooks.d/k8s-master/playbook.bash b/playbooks.d/k8s-master/playbook.bash
new file mode 100644
index 0000000..f423c00
--- /dev/null
+++ b/playbooks.d/k8s-master/playbook.bash
@@ -0,0 +1,115 @@
+#!/usr/bin/env bash
+
+playbook_add() {
+ local version
+
+ version="1.29"
+
+ case "${BASHTARD_PLATFORM[key]}" in
+ linux-debian_gnu_linux)
+ # Fetch the apt key
+ info "$BASHTARD_PLAYBOOK" "Adding apt repository"
+ mkdir -pv -m 755 -- /etc/apt/keyrings
+ curl -fsSL "https://pkgs.k8s.io/core:/stable:/v$version/deb/Release.key" \
+ | gpg --dearmor \
+ > /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+ printf "deb [signed-by=%s] %s /\n" \
+ "/etc/apt/keyrings/kubernetes-apt-keyring.gpg" \
+ "https://pkgs.k8s.io/core:/stable:/v$version/deb/" \
+ > /etc/apt/sources.list.d/kubernetes.list
+ apt update
+ ;;
+ esac
+
+ pkg install containerd
+ pkg install kubeadm
+ pkg install kubectl
+ pkg install kubelet
+
+ info "$BASHTARD_PLAYBOOK" "Enabling forwarding"
+ cat <<-EOF > "$(config "fs.etcdir")/sysctl.d/kubernetes.conf"
+ net.bridge.bridge-nf-call-iptables = 1
+ net.bridge.bridge-nf-call-ip6tables = 1
+ net.ipv4.ip_forward = 1
+ net.ipv6.conf.all.forwarding = 1
+ EOF
+
+ sysctl --system
+
+ info "$BASHTARD_PLAYBOOK" "Enabling kernel modules"
+ cat <<-EOF > "$(config "fs.etcdir")/modules-load.d/kubernetes.conf"
+ br_netfilter
+ overlay
+ EOF
+
+ modprobe overlay
+ modprobe br_netfilter
+
+ notice "$BASHTARD_PLAYBOOK" "Creating data directories"
+ mkdir -pv -- "$(playbook_path "data")/manifests.d"
+
+ if [[ "$(config "$BASHTARD_PLAYBOOK.flags.apiserver-advertise-address" "")" != "" ]]
+ then
+ notice "$BASHTARD_PLAYBOOK" "Setting node ip in $(config "fs.etcdir")/default/kubelet"
+ cat <<-EOF > "$(config "fs.etcdir")/default/kubelet"
+ KUBELET_EXTRA_ARGS="--node-ip=$(config "$BASHTARD_PLAYBOOK.flags.apiserver-advertise-address")"
+ EOF
+ fi
+
+ notice "$BASHTARD_PLAYBOOK" "Initialize kubeadm"
+ kubeadm init \
+ --apiserver-advertise-address="$(config "$BASHTARD_PLAYBOOK.flags.apiserver-advertise-address" "127.0.0.1")" \
+ --apiserver-bind-port="$(config "$BASHTARD_PLAYBOOK.flags.apiserver-bind-port" "6443")" \
+ --control-plane-endpoint="$(config "$BASHTARD_PLAYBOOK.flags.control-plane-endpoint" "localhost")" \
+ --node-name="${BASHTARD_PLATFORM[fqdn]}" \
+ --service-cidr="$(config "$BASHTARD_PLAYBOOK.flags.service-cidr" "10.96.0.0/12")" \
+ --service-dns-domain="$(config "$BASHTARD_PLAYBOOK.flags.service-dns-domain" "cluster.local")" \
+ --pod-network-cidr="$(config "$BASHTARD_PLAYBOOK.flags.pod-network-cidr" "10.0.0.0/12")" \
+ || return 1
+
+ playbook_sync
+
+ return 0
+}
+
+playbook_sync() {
+ local data
+ local kubeconfig
+ local manifest_prefix
+ local values
+
+ data="$(playbook_path "data")"
+ kubeconfig="$(config "fs.etcdir")/kubernetes/admin.conf"
+ manifest_prefix="$(config "$BASHTARD_PLAYBOOK.manifest-prefix" "")"
+
+ notice "$BASHTARD_PLAYBOOK/manifests" "Applying manifests.d"
+ kubectl --kubeconfig "$kubeconfig" apply --recursive --filename "$data/manifests.d/$manifest_prefix"
+}
+
+playbook_del() {
+ kubeadm reset --force
+ iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
+ ipvsadm -C
+ rm -fr -- \
+ "$(config "fs.etcdir")/modules-load.d/kubernetes.conf" \
+ "$(config "fs.etcdir")/sysctl.d/kubernetes.conf" \
+ "$(config "fs.etcdir")/cni/net.d" \
+ "$(config "fs.etcdir")/kubernetes" \
+ "/var/lib/etcd" \
+ "/var/lib/cni"
+
+ pkg uninstall kubectl
+ pkg uninstall kubeadm
+ pkg uninstall kubelet
+ pkg uninstall containerd
+
+ case "${BASHTARD_PLATFORM[key]}" in
+ linux-debian_gnu_linux)
+ # Fetch the apt key
+ info "$BASHTARD_PLAYBOOK" "Removing apt repository"
+ rm -fr -- \
+ /etc/apt/keyrings/kubernetes-apt-keyring.gpg \
+ /etc/apt/sources.list.d/kubernetes.list
+ ;;
+ esac
+}
diff --git a/playbooks.d/k8s-node/description.txt b/playbooks.d/k8s-node/description.txt
new file mode 100644
index 0000000..60693ef
--- /dev/null
+++ b/playbooks.d/k8s-node/description.txt
@@ -0,0 +1 @@
+Playbook for a Kubernetes master node
diff --git a/playbooks.d/k8s-node/etc/defaults b/playbooks.d/k8s-node/etc/defaults
new file mode 100644
index 0000000..9506887
--- /dev/null
+++ b/playbooks.d/k8s-node/etc/defaults
@@ -0,0 +1,4 @@
+pkg.containerd=containerd
+pkg.kubeadm=kubeadm
+pkg.kubectl=kubectl
+pkg.kubelet=kubelet
diff --git a/playbooks.d/k8s-node/playbook.bash b/playbooks.d/k8s-node/playbook.bash
new file mode 100644
index 0000000..fbf49e9
--- /dev/null
+++ b/playbooks.d/k8s-node/playbook.bash
@@ -0,0 +1,103 @@
+#!/usr/bin/env bash
+
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.cert-hash]="required"
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.master.address]="required"
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.token]="required"
+
+playbook_add() {
+ local version
+
+ version="1.29"
+
+ case "${BASHTARD_PLATFORM[key]}" in
+ linux-debian_gnu_linux)
+ # Fetch the apt key
+ info "$BASHTARD_PLAYBOOK" "Adding apt repository"
+ mkdir -pv -m 755 -- /etc/apt/keyrings
+ curl -fsSL "https://pkgs.k8s.io/core:/stable:/v$version/deb/Release.key" \
+ | gpg --dearmor \
+ > /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+ printf "deb [signed-by=%s] %s /\n" \
+ "/etc/apt/keyrings/kubernetes-apt-keyring.gpg" \
+ "https://pkgs.k8s.io/core:/stable:/v$version/deb/" \
+ > /etc/apt/sources.list.d/kubernetes.list
+ apt update
+ ;;
+ esac
+
+ pkg install containerd
+ pkg install kubeadm
+ pkg install kubectl
+ pkg install kubelet
+
+ info "$BASHTARD_PLAYBOOK" "Enabling forwarding"
+ cat <<-EOF > "$(config "fs.etcdir")/sysctl.d/kubernetes.conf"
+ net.bridge.bridge-nf-call-iptables = 1
+ net.bridge.bridge-nf-call-ip6tables = 1
+ net.ipv4.ip_forward = 1
+ net.ipv6.conf.all.forwarding = 1
+ EOF
+
+ sysctl --system
+
+ info "$BASHTARD_PLAYBOOK" "Enabling kernel modules"
+ cat <<-EOF > "$(config "fs.etcdir")/modules-load.d/kubernetes.conf"
+ br_netfilter
+ overlay
+ EOF
+
+ modprobe overlay
+ modprobe br_netfilter
+
+ if [[ "$(config "$BASHTARD_PLAYBOOK.node-ip" "")" != "" ]]
+ then
+ notice "$BASHTARD_PLAYBOOK" "Setting node ip in $(config "fs.etcdir")/default/kubelet"
+ cat <<-EOF > "$(config "fs.etcdir")/default/kubelet"
+ KUBELET_EXTRA_ARGS="--node-ip=$(config "$BASHTARD_PLAYBOOK.node-ip")"
+ EOF
+ fi
+
+ notice "$BASHTARD_PLAYBOOK" "Initialize kubeadm"
+ kubeadm join \
+ --discovery-token-ca-cert-hash "$(config "$BASHTARD_PLAYBOOK.cert-hash")" \
+ --node-name="${BASHTARD_PLATFORM[fqdn]}" \
+ --token "$(config "$BASHTARD_PLAYBOOK.token")" \
+ "$(config "$BASHTARD_PLAYBOOK.master.address"):$(config "$BASHTARD_PLAYBOOK.master.port" "6443")"
+}
+
+playbook_sync() {
+ :;
+}
+
+playbook_del() {
+ kubectl drain "${BASHTARD_PLATFORM[fqdn]}" \
+ --delete-emptydir-data \
+ --force \
+ --ignore-daemonsets
+
+ kubeadm reset --force
+ iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
+ ipvsadm -C
+ rm -fr -- \
+ "$(config "fs.etcdir")/modules-load.d/kubernetes.conf" \
+ "$(config "fs.etcdir")/sysctl.d/kubernetes.conf" \
+ "$(config "fs.etcdir")/cni/net.d" \
+ "$(config "fs.etcdir")/kubernetes" \
+ "/var/lib/etcd" \
+ "/var/lib/cni"
+
+ pkg uninstall kubectl
+ pkg uninstall kubeadm
+ pkg uninstall kubelet
+ pkg uninstall containerd
+
+ case "${BASHTARD_PLATFORM[key]}" in
+ linux-debian_gnu_linux)
+ # Fetch the apt key
+ info "$BASHTARD_PLAYBOOK" "Removing apt repository"
+ rm -fr -- \
+ /etc/apt/keyrings/kubernetes-apt-keyring.gpg \
+ /etc/apt/sources.list.d/kubernetes.list
+ ;;
+ esac
+}
diff --git a/playbooks.d/nfs-server/description.txt b/playbooks.d/nfs-server/description.txt
new file mode 100644
index 0000000..8e396fe
--- /dev/null
+++ b/playbooks.d/nfs-server/description.txt
@@ -0,0 +1 @@
+A Bashtard playbook to configure a machine as an NFS server
diff --git a/playbooks.d/nfs-server/etc/defaults b/playbooks.d/nfs-server/etc/defaults
new file mode 100644
index 0000000..f8af32e
--- /dev/null
+++ b/playbooks.d/nfs-server/etc/defaults
@@ -0,0 +1,3 @@
+pkg.nfs-utils=nfs-utils
+svc.nfs=nfs-server
+svc.rpcbind=rpcbind
diff --git a/playbooks.d/nfs-server/etc/os.d/linux-gentoo b/playbooks.d/nfs-server/etc/os.d/linux-gentoo
new file mode 100644
index 0000000..a76300d
--- /dev/null
+++ b/playbooks.d/nfs-server/etc/os.d/linux-gentoo
@@ -0,0 +1 @@
+pkg.nfs-utils=net-fs/nfs-utils
diff --git a/playbooks.d/nfs-server/playbook.bash b/playbooks.d/nfs-server/playbook.bash
new file mode 100644
index 0000000..6856c72
--- /dev/null
+++ b/playbooks.d/nfs-server/playbook.bash
@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+
+playbook_add() {
+ pkg install nfs-utils
+
+ touch /etc/exports
+
+ playbook_sync
+
+ svc enable nfs
+ svc enable rpcbind
+
+ svc start nfs
+ svc start rpcbind
+}
+
+playbook_sync() {
+ local buffer="$(tmpfile)"
+ local exports="/etc/exports.d/kubernetes.exports"
+ local hash="$(file_hash "$exports")"
+
+ local root_options="ro,no_subtree_check"
+ local export_options="rw,no_root_squash,no_subtree_check"
+ local root_export="/mnt/exports"
+ local allowed_cidr=("10.57.0.0/16" "172.19.0.0/16")
+ local fsid
+
+ {
+ printf "%s" "$root_export"
+ for host in "${allowed_cidr[@]}"
+ do
+ printf " %s(fsid=%s,%s)" "$host" "0" "$export_options"
+ done
+ printf "\n"
+
+ for path in "$root_export"/*
+ do
+ fsid="$(config "$BASHTARD_PLAYBOOK.exports.$path.fsid" "")"
+
+ if [[ "$fsid" == "" ]]
+ then
+ warn "$BASHTARD_PLAYBOOK" "Generating fsid for $path"
+ fsid="$(uuidgen)"
+ $BASHTARD_BIN var "$BASHTARD_PLAYBOOK.exports.$path.fsid" "$fsid"
+ fi
+
+ printf "%s" "$path"
+ for host in "${allowed_cidr[@]}"
+ do
+ printf " %s(fsid=%s,%s)" "$host" "$fsid" "$export_options"
+ done
+ printf "\n"
+
+ unset fsid
+ done
+ } > "$buffer"
+
+ [[ "$(file_hash "$buffer")" == "$hash" ]] && return
+
+ mv -- "$buffer" "$exports"
+
+ [[ "$BASHTARD_ACTION" == "add" ]] && return
+
+ exportfs -rv
+}
+
+playbook_del() {
+ svc stop rpcbind
+ svc stop nfs
+
+ svc disable rpcbind
+ svc disable nfs
+
+ pkg uninstall nfs-utils
+}
diff --git a/playbooks.d/nftables/description.txt b/playbooks.d/nftables/description.txt
new file mode 100644
index 0000000..38683d6
--- /dev/null
+++ b/playbooks.d/nftables/description.txt
@@ -0,0 +1 @@
+Firewall through nftables
diff --git a/playbooks.d/nftables/etc/defaults b/playbooks.d/nftables/etc/defaults
new file mode 100644
index 0000000..10cc38b
--- /dev/null
+++ b/playbooks.d/nftables/etc/defaults
@@ -0,0 +1,2 @@
+pkg.nftables=nftables
+svc.nftables=nftables
diff --git a/playbooks.d/nftables/playbook.bash b/playbooks.d/nftables/playbook.bash
new file mode 100644
index 0000000..c0b366c
--- /dev/null
+++ b/playbooks.d/nftables/playbook.bash
@@ -0,0 +1,99 @@
+#!/usr/bin/env bash
+
+playbook_add() {
+ pkg install nftables
+
+ playbook_sync
+
+ svc enable nftables
+ svc start nftables
+}
+
+playbook_sync() {
+ {
+ printf "#!%s -f\n\n" "$(config "$BASHTARD_PLAYBOOK.binpath" "/usr/sbin/nft")"
+ printf "flush ruleset\n\n"
+ printf "table inet filter {\n"
+ printf "\tchain input {\n"
+ printf "\t\ttype filter hook input priority filter;\n"
+
+ # Add conntrack state rules
+ info "$BASHTARD_PLAYBOOK/sync" "Adding input filter for conntrack state"
+ printf "\n"
+ printf "\t\tct state established %s;\n" \
+ "$(config "$BASHTARD_PLAYBOOK.input.state.established.policy" "accept")"
+ printf "\t\tct state related %s;\n" \
+ "$(config "$BASHTARD_PLAYBOOK.input.state.related.policy" "accept")"
+ printf "\t\tct state invalid %s;\n" \
+ "$(config "$BASHTARD_PLAYBOOK.input.state.invalid.policy" "drop")"
+
+ # Add interface rules
+ printf "\n"
+ while read -r interface
+ do
+ info "$BASHTARD_PLAYBOOK/sync" "Adding input filter for interface $interface"
+ printf "\t\tiifname %s %s;\n" "$interface" "$(config "$BASHTARD_PLAYBOOK.input.interfaces.$interface.policy")"
+ done < <(config_subkeys "$BASHTARD_PLAYBOOK.input.interfaces")
+
+ # Add ICMP rules
+ info "$BASHTARD_PLAYBOOK/sync" "Adding input filter for ICMP"
+ printf "\n"
+ printf "\t\tmeta l4proto icmp" \ # IPv4
+ if [[ "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv4.rate" "")" != "" ]]
+ then
+ printf " limit rate %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv4.rate" "2/second")"
+ fi
+ printf " %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv4.policy" "accept")"
+ printf ";\n"
+ printf "\t\tmeta l4proto ipv6-icmp" \ # IPv6
+ if [[ "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv6.rate" "")" != "" ]]
+ then
+ printf " limit rate %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv6.rate")"
+ fi
+ printf " %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv6.policy" "accept")"
+ printf ";\n"
+
+ # Add custom input rules
+ printf "\n"
+ while read -r rule
+ do
+ info "$BASHTARD_PLAYBOOK/sync" "Adding input filter for custom rule $rule"
+ printf "\t\tmeta l4proto { %s } th" "$(config "$BASHTARD_PLAYBOOK.input.rules.$rule.proto")"
+ printf " dport %s" "$(config "$BASHTARD_PLAYBOOK.input.rules.$rule.port")"
+ printf " %s" "$(config "$BASHTARD_PLAYBOOK.input.rules.$rule.policy" "accept")"
+ printf " comment \"%s\"" "$rule"
+ printf ";\n"
+ done < <(config_subkeys "$BASHTARD_PLAYBOOK.input.rules")
+
+ # Add fallback policy
+ printf "\n"
+ printf "\t\tlog prefix \"[nftables] \" counter drop;\n"
+ printf "\t\tpolicy %s;\n" "$(config "$BASHTARD_PLAYBOOK.input.policy" "drop")"
+
+ printf "\t}\n"
+ printf "\tchain forward {\n"
+ printf "\t\ttype filter hook forward priority filter;\n"
+
+ # TODO: Add forward rules
+
+ printf "\t}\n"
+ printf "\tchain output {\n"
+ printf "\t\ttype filter hook output priority filter;\n"
+
+ # TODO: Add output rules
+
+ printf "\t}\n"
+ printf "}\n"
+ } > "$(config "fs.etcdir")/nftables.conf"
+
+ [[ "$BASHTARD_COMMAND" == "add" ]] && return
+
+ svc restart nftables
+}
+
+playbook_del() {
+ svc stop nftables
+ svc disable nftables
+ pkg uninstall nftables
+ rm -fr -- "$(config "fs.etcdir")/nftables"
+}
diff --git a/playbooks.d/seaweedfs-filer/description.txt b/playbooks.d/seaweedfs-filer/description.txt
new file mode 100644
index 0000000..d14afca
--- /dev/null
+++ b/playbooks.d/seaweedfs-filer/description.txt
@@ -0,0 +1 @@
+Scalable object storage cluster
diff --git a/playbooks.d/seaweedfs-filer/etc/defaults b/playbooks.d/seaweedfs-filer/etc/defaults
new file mode 100644
index 0000000..206987a
--- /dev/null
+++ b/playbooks.d/seaweedfs-filer/etc/defaults
@@ -0,0 +1 @@
+svc.seaweedfs-filer=seaweedfs-filer
diff --git a/playbooks.d/seaweedfs-filer/playbook.bash b/playbooks.d/seaweedfs-filer/playbook.bash
new file mode 100644
index 0000000..1a71f07
--- /dev/null
+++ b/playbooks.d/seaweedfs-filer/playbook.bash
@@ -0,0 +1,94 @@
+#!/usr/bin/env bash
+
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ip]="required"
+
+playbook_add() {
+ local buffer
+
+ # Make sure seaweedfs is installed
+ "$BASHTARD_BIN" add seaweedfs || true
+
+ mkdir -pv "/var/lib/seaweedfs/filer"
+
+ # Generate systemd unit files
+ case "${BASHTARD_PLATFORM[init]}" in
+ systemd)
+ cat <<-EOF > "$(config "fs.etcdir")/systemd/system/seaweedfs-filer.service"
+ [Unit]
+ Description=SeaweedFS Filer
+ After=network.target
+
+ [Service]
+ Type=simple
+ User=root
+ Group=root
+
+ ExecStart=$(config "fs.bindir")/weed filer -options="$(config "fs.etcdir")/seaweedfs/filer.conf"
+ WorkingDirectory=/var/lib/seaweedfs/filer
+ SyslogIdentifier=seaweedfs
+
+ [Install]
+ WantedBy=multi-user.target
+ EOF
+ ;;
+ *) die "NYI"
+ esac
+
+ # Perform initial configuration
+ playbook_sync
+
+ # Start the service
+ svc enable seaweedfs-filer
+ svc start seaweedfs-filer
+}
+
+playbook_sync() {
+ local buffer
+ local conf
+ local peers=()
+ local hash
+
+ buffer="$(tmpfile)"
+ conf="$(config "fs.etcdir")/seaweedfs/filer.conf"
+ hash="$(file_hash "$conf")"
+
+ # Add all registered seaweedfs-master nodes as peers
+ while read -r host
+ do
+ peers+=("[$(config_for "$(basename "$host")" "seaweedfs-master.ip")]:$(config_for "$(basename "$host")" "seaweedfs-master.port" "9333")")
+ done < <(grep -FHl "$BASHTARD_PLAYBOOK" "$BASHTARD_ETCDIR/registry.d"/*)
+
+ # Generate config files
+ file_template "filer.conf" \
+ ip="$(config "$BASHTARD_PLAYBOOK.ip")" \
+ port="$(config "$BASHTARD_PLAYBOOK.port" "8888")" \
+ masters="$(join_args "${peers[@]}")" \
+ s3_port="$(config "$BASHTARD_PLAYBOOK.s3.port" "8333")" \
+ > "$buffer"
+
+ file_template "filer.toml" \
+ > "$(config "fs.etcdir")/seaweedfs/filer.toml"
+
+ [[ "$(file_hash "$buffer")" == "$hash" ]] && return
+
+ mv -- "$buffer" "$conf"
+
+ [[ "$BASHTARD_ACTION" == "add" ]] && return
+
+ # Reload service
+ svc restart seaweedfs-filer
+}
+
+playbook_del() {
+ # Stop service
+ svc stop seaweedfs-filer
+ svc disable seaweedfs-filer
+
+ # Remove systemd unit file
+ rm -fr -- "$(config "fs.etcdir")/systemd/system/seaweedfs-filer.service"
+
+ # Remove configuration files
+ rm -fr -- \
+ "$(config "fs.etcdir")/seaweedfs/filer.conf" \
+ "$(config "fs.etcdir")/seaweedfs/filer.toml"
+}
diff --git a/playbooks.d/seaweedfs-filer/share/filer.conf b/playbooks.d/seaweedfs-filer/share/filer.conf
new file mode 100644
index 0000000..e9ac6e8
--- /dev/null
+++ b/playbooks.d/seaweedfs-filer/share/filer.conf
@@ -0,0 +1,7 @@
+ip=[${ip}]
+port=${port}
+
+master=${masters}
+
+s3=true
+s3.port=${s3_port}
diff --git a/playbooks.d/seaweedfs-filer/share/filer.toml b/playbooks.d/seaweedfs-filer/share/filer.toml
new file mode 100644
index 0000000..8d40cb9
--- /dev/null
+++ b/playbooks.d/seaweedfs-filer/share/filer.toml
@@ -0,0 +1,3 @@
+[leveldb3]
+enabled = true
+dir = "./filerldb3"
diff --git a/playbooks.d/seaweedfs-master/description.txt b/playbooks.d/seaweedfs-master/description.txt
new file mode 100644
index 0000000..d14afca
--- /dev/null
+++ b/playbooks.d/seaweedfs-master/description.txt
@@ -0,0 +1 @@
+Scalable object storage cluster
diff --git a/playbooks.d/seaweedfs-master/etc/defaults b/playbooks.d/seaweedfs-master/etc/defaults
new file mode 100644
index 0000000..2578831
--- /dev/null
+++ b/playbooks.d/seaweedfs-master/etc/defaults
@@ -0,0 +1 @@
+svc.seaweedfs-master=seaweedfs-master
diff --git a/playbooks.d/seaweedfs-master/playbook.bash b/playbooks.d/seaweedfs-master/playbook.bash
new file mode 100644
index 0000000..34e46c1
--- /dev/null
+++ b/playbooks.d/seaweedfs-master/playbook.bash
@@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ip]="required"
+
+playbook_add() {
+ local buffer
+
+ # Make sure seaweedfs is installed
+ "$BASHTARD_BIN" add seaweedfs || true
+
+ # Create directories used by seaweedfs
+ mkdir -pv -- "/var/lib/seaweedfs/master"
+
+ # Generate systemd unit files
+ case "${BASHTARD_PLATFORM[init]}" in
+ systemd)
+ cat <<-EOF > "$(config "fs.etcdir")/systemd/system/seaweedfs-master.service"
+ [Unit]
+ Description=SeaweedFS Master
+ After=network.target
+
+ [Service]
+ Type=simple
+ User=root
+ Group=root
+
+ ExecStart=$(config "fs.bindir")/weed master -options="$(config "fs.etcdir")/seaweedfs/master.conf"
+ WorkingDirectory=/var/lib/seaweedfs
+ SyslogIdentifier=seaweedfs
+
+ [Install]
+ WantedBy=multi-user.target
+ EOF
+ ;;
+ *) die "NYI"
+ esac
+
+ # Perform initial configuration
+ playbook_sync
+
+ # Start the service
+ svc enable seaweedfs-master
+ svc start seaweedfs-master
+}
+
+playbook_sync() {
+ local buffer
+ local conf
+ local peers=()
+ local hash
+
+ buffer="$(tmpfile)"
+ conf="$(config "fs.etcdir")/seaweedfs/master.conf"
+ hash="$(file_hash "$conf")"
+
+ # Add all registered seaweedfs-master nodes as peers
+ while read -r host
+ do
+ # Except this node itself
+ [[ "$(basename "$host")" == "${BASHTARD_PLATFORM[fqdn]}" ]] && continue
+
+ peers+=("$(config_for "$(basename "$host")" "$BASHTARD_PLAYBOOK.ip")")
+ done < <(grep -FHl "$BASHTARD_PLAYBOOK" "$BASHTARD_ETCDIR/registry.d"/*)
+
+ # Generate config file
+ file_template "master.conf" \
+ ip="$(config "$BASHTARD_PLAYBOOK.ip")" \
+ port="$(config "$BASHTARD_PLAYBOOK.port" "9333")" \
+ peers="$(join_args "${peers[@]}")" \
+ mdir="$(config "$BASHTARD_PLAYBOOK.mdir" "/var/lib/seaweedfs/master/mdir")" \
+ replication="$(config "$BASHTARD_PLAYBOOK.replication" "000")" \
+ volume_size="$(config "$BASHTARD_PLAYBOOK.volume-size" "1024")" \
+ > "$buffer"
+
+ [[ "$(file_hash "$buffer")" == "$hash" ]] && return
+
+ mv -- "$buffer" "$conf"
+
+ [[ "$BASHTARD_ACTION" == "add" ]] && return
+
+ # Reload service
+ svc restart seaweedfs-master
+}
+
+playbook_del() {
+ # Stop service
+ svc stop seaweedfs-master
+ svc disable seaweedfs-master
+
+ # Remove systemd unit file
+ rm -fr -- "$(config "fs.etcdir")/systemd/system/seaweedfs-master.service"
+
+ # Remove configuration files
+ rm -fr -- "$(config "fs.etcdir")/seaweedfs/master.conf"
+}
diff --git a/playbooks.d/seaweedfs-master/share/master.conf b/playbooks.d/seaweedfs-master/share/master.conf
new file mode 100644
index 0000000..4126635
--- /dev/null
+++ b/playbooks.d/seaweedfs-master/share/master.conf
@@ -0,0 +1,8 @@
+ip=[${ip}]
+port=${port}
+
+peers=${peers}
+mdir=${mdir}
+
+defaultReplication=${replication}
+volumeSizeLimitMB=${volume_size}
diff --git a/playbooks.d/seaweedfs-volume/description.txt b/playbooks.d/seaweedfs-volume/description.txt
new file mode 100644
index 0000000..d14afca
--- /dev/null
+++ b/playbooks.d/seaweedfs-volume/description.txt
@@ -0,0 +1 @@
+Scalable object storage cluster
diff --git a/playbooks.d/seaweedfs-volume/etc/defaults b/playbooks.d/seaweedfs-volume/etc/defaults
new file mode 100644
index 0000000..2578831
--- /dev/null
+++ b/playbooks.d/seaweedfs-volume/etc/defaults
@@ -0,0 +1 @@
+svc.seaweedfs-master=seaweedfs-master
diff --git a/playbooks.d/seaweedfs-volume/playbook.bash b/playbooks.d/seaweedfs-volume/playbook.bash
new file mode 100644
index 0000000..8485ba0
--- /dev/null
+++ b/playbooks.d/seaweedfs-volume/playbook.bash
@@ -0,0 +1,105 @@
+#!/usr/bin/env bash
+
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.dc]="required"
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ip]="required"
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.rack]="required"
+
+playbook_add() {
+ local buffer
+
+ # Make sure seaweedfs is installed
+ "$BASHTARD_BIN" add seaweedfs || true
+
+ # Generate systemd unit files
+ case "${BASHTARD_PLATFORM[init]}" in
+ systemd)
+ cat <<-EOF > "$(config "fs.etcdir")/systemd/system/seaweedfs-volume@.service"
+ [Unit]
+ Description=SeaweedFS Volume
+ After=network.target
+
+ [Service]
+ Type=simple
+ User=root
+ Group=root
+
+ ExecStart=$(config "fs.bindir")/weed volume -options="$(config "fs.etcdir")/seaweedfs/volume-%i.conf"
+ WorkingDirectory=/var/lib/seaweedfs/volume/%i
+ SyslogIdentifier=seaweedfs
+
+ [Install]
+ WantedBy=multi-user.target
+ EOF
+ ;;
+ *) die "NYI"
+ esac
+
+ # Perform initial configuration
+ playbook_sync
+
+ # Start services
+ while read -r volume
+ do
+ systemctl enable --now "seaweedfs-volume@$volume"
+ done < <(config_subkeys "$BASHTARD_PLAYBOOK.volumes")
+}
+
+playbook_sync() {
+ local buffer
+ local conf
+ local peers=()
+ local hash
+
+ buffer="$(tmpfile)"
+
+ # Add all registered seaweedfs-master nodes as peers
+ while read -r host
+ do
+ peers+=("[$(config_for "$(basename "$host")" "seaweedfs-master.ip")]:$(config_for "$(basename "$host")" "seaweedfs-master.port" "9333")")
+ done < <(grep -FHl "seaweedfs-master" "$BASHTARD_ETCDIR/registry.d"/*)
+
+ while read -r volume
+ do
+ conf="$(config "fs.etcdir")/seaweedfs/volume-$volume.conf"
+ hash="$(file_hash "$conf")"
+
+ info "$BASHTARD_PLAYBOOK/sync/$volume" "Updating $conf"
+
+ # Generate config file
+ file_template "volume.conf" \
+ dc="$(config "$BASHTARD_PLAYBOOK.dc")" \
+ dir="/var/lib/seaweedfs/volume/$volume" \
+ disk="$(config "$BASHTARD_PLAYBOOK.volume.$volume.disk" "hdd")" \
+ max="$(config "$BASHTARD_PLAYBOOK.volume.$volume.max" "0")" \
+ free_space="$(config "$BASHTARD_PLAYBOOK.free-space" "10GiB")" \
+ filesize_limit="$(config "$BASHTARD_PLAYBOOK.filesize-limit" "256")" \
+ ip="$(config "$BASHTARD_PLAYBOOK.ip")" \
+ mserver="$(join_args "${peers[@]}")" \
+ port="$(config "$BASHTARD_PLAYBOOK.volume.$volume.port" "8080")" \
+ rack="$(config "$BASHTARD_PLAYBOOK.rack")" \
+ > "$buffer"
+
+ # Write config file
+ [[ "$(file_hash "$buffer")" == "$hash" ]] && continue
+ info "$BASHTARD_PLAYBOOK/sync/$volume" "Configuration file changed"
+ mv -- "$buffer" "$conf"
+
+ # Restart volume server
+ info "$BASHTARD_PLAYBOOK/sync/$volume" "Restarting volume $volume"
+ [[ "$BASHTARD_ACTION" == "sync" ]] && systemctl restart "seaweedfs-volume@$volume"
+ done < <(config_subkeys "$BASHTARD_PLAYBOOK.volumes")
+}
+
+playbook_del() {
+ # Stop services
+ while read -r volume
+ do
+ systemctl disable --now "seaweedfs-volume@$volume"
+ done < <(config_subkeys "$BASHTARD_PLAYBOOK.volumes")
+
+ # Remove systemd unit file
+ rm -fr -- "$(config "fs.etcdir")/systemd/system/seaweedfs-volume@.service"
+
+ # Remove configuration files
+ rm -fr -- "$(config "fs.etcdir")/seaweedfs/volume.conf"
+}
diff --git a/playbooks.d/seaweedfs-volume/share/volume.conf b/playbooks.d/seaweedfs-volume/share/volume.conf
new file mode 100644
index 0000000..d659faa
--- /dev/null
+++ b/playbooks.d/seaweedfs-volume/share/volume.conf
@@ -0,0 +1,12 @@
+ip=[${ip}]
+port=${port}
+mserver=${mserver}
+
+dataCenter=${dc}
+rack=${rack}
+disk=${disk}
+
+dir=${dir}
+max=${max}
+minFreeSpace=${free_space}
+fileSizeLimitMB=${filesize_limit}
diff --git a/playbooks.d/seaweedfs/description.txt b/playbooks.d/seaweedfs/description.txt
new file mode 100644
index 0000000..d14afca
--- /dev/null
+++ b/playbooks.d/seaweedfs/description.txt
@@ -0,0 +1 @@
+Scalable object storage cluster
diff --git a/playbooks.d/seaweedfs/etc/defaults b/playbooks.d/seaweedfs/etc/defaults
new file mode 100644
index 0000000..ac67585
--- /dev/null
+++ b/playbooks.d/seaweedfs/etc/defaults
@@ -0,0 +1 @@
+svc.seaweedfs=seaweedfs
diff --git a/playbooks.d/seaweedfs/playbook.bash b/playbooks.d/seaweedfs/playbook.bash
new file mode 100644
index 0000000..7405cb5
--- /dev/null
+++ b/playbooks.d/seaweedfs/playbook.bash
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+playbook_add() {
+ local dl_arch
+ local dl_baseurl
+ local dl_binary
+ local dl_version
+
+ # Install seaweedfs
+ case "${BASHTARD_PLATFORM[arch]}" in
+ x86_64) dl_arch=amd64 ;;
+ *) die "NYI" ;;
+ esac
+
+ dl_baseurl="https://github.com/seaweedfs/seaweedfs/releases/download"
+ dl_binary="$(printf "%s_%s.tar.gz" "${BASHTARD_PLATFORM[os]}" "$dl_arch")"
+ dl_version="$(config "$BASHTARD_PLAYBOOK.version" "3.63")"
+
+ buffer="$(tmpdir)"
+
+ chgdir "$buffer"
+
+ info "$BASHTARD_PLAYBOOK/add" "Fetching $dl_baseurl/$dl_version/$dl_binary"
+ curl -L "$dl_baseurl/$dl_version/$dl_binary" > "$dl_binary"
+
+ tar xzf "$dl_binary"
+ mv -v -- "weed" "$(config "fs.bindir")/weed"
+
+ # Create mount.weed symlink
+ ln -fsv "$(config "fs.bindir")/weed" "$(config "fs.bindir")/mount.weed"
+
+ # Create directories used by seaweedfs
+ mkdir -pv -- "$(config "fs.etcdir")/seaweedfs"
+}
+
+playbook_sync() {
+ :;
+}
+
+playbook_del() {
+ # Remove configuration files
+ rm -fr -- "$(config "fs.etcdir")/seaweedfs"
+
+ # Remove downloaded binary and symlinks
+ rm -fr -- "$(config "fs.bindir")/weed"
+ rm -fr -- "$(config "fs.bindir")/mount.weed"
+}
diff --git a/playbooks.d/seaweedfs/share/master.conf b/playbooks.d/seaweedfs/share/master.conf
new file mode 100644
index 0000000..fb72a28
--- /dev/null
+++ b/playbooks.d/seaweedfs/share/master.conf
@@ -0,0 +1,8 @@
+ip=${ip}
+port=${port}
+
+peers=${peers}
+mdir=${mdir}
+
+defaultReplication=${replication}
+volumeSizeLimitMB=${volume_size}
diff --git a/playbooks.d/seaweedfs/share/server.conf b/playbooks.d/seaweedfs/share/server.conf
new file mode 100644
index 0000000..12be6fa
--- /dev/null
+++ b/playbooks.d/seaweedfs/share/server.conf
@@ -0,0 +1,14 @@
+dir=${datadir}
+ip=${ip}
+
+master=true
+master.volumeSizeLimitMB=${volume_size}
+
+filer=true
+
+s3=true
+
+volume=true
+volume.disk=hdd
+volume.max=0
+volume.minFreeSpace=${reserved_space}
diff --git a/playbooks.d/ssh/playbook.bash b/playbooks.d/ssh/playbook.bash
index 12f6bb6..66d5963 100644
--- a/playbooks.d/ssh/playbook.bash
+++ b/playbooks.d/ssh/playbook.bash
@@ -13,7 +13,7 @@ playbook_add() {
playbook_sync() {
info "$BASHTARD_PLAYBOOK" "Templating sshd_config"
- file_template "sshd_config" \
+ file_template "sshd_config.satpl" \
"sftp=$(config "ssh.sftp")" \
> /etc/ssh/sshd_config
@@ -26,7 +26,7 @@ playbook_sync() {
fi
info "$BASHTARD_PLAYBOOK" "Generating MotD"
- file_template "motd" \
+ file_template "motd.satpl" \
"fqdn=${BASHTARD_PLATFORM[fqdn]}" \
"time=$(date -u "+%FT%T")" \
> /etc/motd
diff --git a/playbooks.d/ssh/share/motd b/playbooks.d/ssh/share/motd.satpl
index 7fc4e34..7fc4e34 100644
--- a/playbooks.d/ssh/share/motd
+++ b/playbooks.d/ssh/share/motd.satpl
diff --git a/playbooks.d/ssh/share/sshd_config b/playbooks.d/ssh/share/sshd_config.satpl
index 900ed34..8a9f2db 100644
--- a/playbooks.d/ssh/share/sshd_config
+++ b/playbooks.d/ssh/share/sshd_config.satpl
@@ -28,6 +28,6 @@ Match User tyil
PubkeyAuthentication yes
# Allow public key authentication over VPN
-Match Address 10.57.0.0/16
+Match Address 10.57.0.0/16,10.58.0.0/16,fd68:1057:1992:3381::/64,fd68:1058:1992:3381::/64
PubkeyAuthentication yes
PermitRootLogin prohibit-password
diff --git a/playbooks.d/user-tyil/share/gittab.d/vim b/playbooks.d/user-tyil/share/gittab.d/vim
index 4e294f4..dca9751 100644
--- a/playbooks.d/user-tyil/share/gittab.d/vim
+++ b/playbooks.d/user-tyil/share/gittab.d/vim
@@ -1,7 +1,7 @@
# Local name Remote URL Branch
feature-camelcasemotion https://github.com/tyil/camelcasemotion.git master
feature-rainbow-parenthesis https://github.com/luochen1990/rainbow master
-syntax-todo https://github.com/freitass/todo.txt-vim.git master
+syntax-go https://github.com/fatih/vim-go master
syntax-hcl https://github.com/jvirtanen/vim-hcl.git main
syntax-helm https://github.com/towolf/vim-helm master
syntax-ledger https://github.com/ledger/vim-ledger master
@@ -9,8 +9,9 @@ syntax-markdown https://github.com/plasticboy/vim-markdown
syntax-mustache https://github.com/mustache/vim-mustache-handlebars master
syntax-raku https://github.com/raku/vim-raku.git master
syntax-terraform https://github.com/hashivim/vim-terraform master
+syntax-todo https://github.com/freitass/todo.txt-vim.git master
syntax-toml https://github.com/cespare/vim-toml.git main
+theme-codedark https://github.com/tomasiser/vim-code-dark master
theme-colorsbox https://github.com/mkarmona/colorsbox.git master
theme-jellybeans https://github.com/nanotech/jellybeans.vim.git master
theme-molokai https://github.com/tomasr/molokai.git master
-theme-codedark https://github.com/tomasiser/vim-code-dark master
diff --git a/playbooks.d/vpn-tinc/playbook.bash b/playbooks.d/vpn-tinc/playbook.bash
index 9cce9a6..6a6a957 100644
--- a/playbooks.d/vpn-tinc/playbook.bash
+++ b/playbooks.d/vpn-tinc/playbook.bash
@@ -1,69 +1,86 @@
#!/usr/bin/env bash
+# shellcheck disable=SC2034
+
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ipv4]="required"
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ipv6]="required"
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.name]="required"
+
playbook_add()
{
- local tinc="$(config "app.tinc")"
- local tincd="$(config "app.tincd")"
- local dir="$(config "fs.etcdir")/tinc/tyilnet"
- local name="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")"
- local ipv4="$(config "vpn.ipv4")"
-
- if [[ -z "$ipv4" ]]
- then
- emerg "$BASHTARD_PLAYBOOK" "No IPv4 address set for ${BASHTARD_PLATFORM[fqdn]}"
- return 2
- fi
+ local data
+ local etc
+ local host
+ local iptool
+ local ipv4
+ local ipv6
+ local name
+ local tinc
+ local tincd
+
+ data="$(playbook_path "data")"
+ etc="$(config "fs.etcdir")/tinc/tyilnet"
+ host="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")"
+ ipv4="$(config "$BASHTARD_PLAYBOOK.ipv4")"
+ ipv6="$(config "$BASHTARD_PLAYBOOK.ipv6")"
+ name="$(config "$BASHTARD_PLAYBOOK.name")"
+ tinc="$(config "app.tinc")"
+ tincd="$(config "app.tincd")"
case "${BASHTARD_PLATFORM[key]}" in
freebsd) iptool=ifconfig ;;
*) iptool=ip
esac
- info "$BASHTARD_PLAYBOOK" "Installing tinc"
+ info "$BASHTARD_PLAYBOOK/add" "Installing tinc"
pkg install "tinc"
- info "$BASHTARD_PLAYBOOK" "Creating tinc configuration at $dir"
+ info "$BASHTARD_PLAYBOOK/add" "Creating tinc configuration at $etc"
+
mkdir -pv -- \
- "$dir" \
- "$dir/hosts"
+ "$etc" \
+ "$etc/hosts"
file_template tinc.conf \
- "name=$name" \
- > "$dir/tinc.conf"
+ "name=$host" \
+ > "$etc/tinc.conf"
file_template "tinc-up-$iptool" \
- "ip4=$(config "vpn.ipv4")" \
- > "$dir/tinc-up"
+ "ip4=$ipv4" \
+ "ip6=$ipv6" \
+ > "$etc/tinc-up"
file_template "tinc-down-$iptool" \
- "ip4=$(config "vpn.ipv4")" \
- > "$dir/tinc-down"
+ "ip4=$ipv4" \
+ "ip6=$ipv6" \
+ > "$etc/tinc-down"
file_template "host" \
- "ip4=$(config "vpn.ipv4")" \
- > "$dir/hosts/$name"
+ "ip4=$ipv4" \
+ "ip6=$ipv6" \
+ > "$etc/hosts/$host"
chmod +x \
- "$dir/tinc-up" \
- "$dir/tinc-down"
+ "$etc/tinc-up" \
+ "$etc/tinc-down"
- info "$BASHTARD_PLAYBOOK" "Generating private keys"
+ info "$BASHTARD_PLAYBOOK/add" "Generating private keys"
case "$($tincd --version | awk '{ print $3 }' | head -n1)" in
1.0*)
- $tincd -n tyilnet -K4096
+ $tincd -n "$name" -K4096
;;
1.1*|*)
- $tinc -n tyilnet generate-rsa-keys 4096
- $tinc -n tyilnet generate-ed25519-keys
+ $tinc -n "$name" generate-rsa-keys 4096
+ $tinc -n "$name" generate-ed25519-keys
;;
esac
- info "$BASHTARD_PLAYBOOK" "Adding new host to Bashtard configs"
-
+ info "$BASHTARD_PLAYBOOK/add" "Adding new host to Bashtard configs"
+ mkdir -pv -- "$data/hosts"
cp -v -- \
- "$dir/hosts/$name" \
- "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/hosts/$name"
+ "$etc/hosts/$host" \
+ "$data/hosts/$host"
playbook_sync
@@ -71,22 +88,22 @@ playbook_add()
case "${BASHTARD_PLATFORM[key]}" in
freebsd)
- if ! grep -Fq 'tincd_cfg="tyilnet"' "/etc/rc.conf.d/tincd"
+ if ! grep -Fq 'tincd_cfg="'"$name"'"' "/etc/rc.conf.d/tincd"
then
- printf 'tincd_cfg="%s"\n' "tyilnet" >> "/etc/rc.conf.d/tincd"
+ printf 'tincd_cfg="%s"\n' "$name" >> "/etc/rc.conf.d/tincd"
fi
;;
linux-gentoo)
- if ! grep -Fq "NETWORK: tyilnet" /etc/conf.d/tinc.networks
+ if ! grep -Fq "NETWORK: $name" /etc/conf.d/tinc.networks
then
- printf "NETWORK: %s\n" "tyilnet" >> /etc/conf.d/tinc.networks
+ printf "NETWORK: %s\n" "$name" >> /etc/conf.d/tinc.networks
fi
;;
esac
case "${BASHTARD_PLATFORM[init]}" in
systemd)
- systemctl enable --now tinc@tyilnet.service
+ systemctl enable --now "tinc@$name.service"
;;
*)
svc enable "tinc"
@@ -97,28 +114,39 @@ playbook_add()
playbook_sync()
{
- local dir="$(config "fs.etcdir")/tinc/tyilnet"
- local name="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")"
+ local data
+ local etc
+ local hash
local host
+ local iptool
+ local name
+
+ data="$(playbook_path "data")"
+ etc="$(config "fs.etcdir")/tinc/$(config "$BASHTARD_PLAYBOOK.name")"
+ hash="$(dir_hash "$etc/hosts")"
+ host="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")"
+ name="$(config "$BASHTARD_PLAYBOOK.name")"
info "$BASHTARD_PLAYBOOK" "Regenerating tinc hosts"
- rm -fr -- "$dir/hosts"
- mkdir -p -- "$dir/hosts"
+ rm -fr -- "$etc/hosts"
+ mkdir -p -- "$etc/hosts"
- for path in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/hosts"/*
+ for path in "$data/hosts"/*
do
- host="$(basename "$path")"
+ file="$(basename "$path")"
- notice "$BASHTARD_PLAYBOOK" "Updating host $host"
- file_template "hosts/$host" \
- > "$dir/hosts/$host"
+ notice "$BASHTARD_PLAYBOOK" "Updating host $file"
+ cp -v -- "$data/hosts/$file" "$etc/hosts/$file"
done
[[ "$BASHTARD_COMMAND" == "add" ]] && return
+ [[ "$hash" == "$(dir_hash "$etc/hosts")" ]] && return
+
+ info "$BASHTARD_PLAYBOOK" "Reloading service"
case "${BASHTARD_PLATFORM[init]}" in
systemd)
- systemctl reload tinc@tyilnet.service
+ systemctl reload "tinc@$name.service"
;;
*)
svc reload "tinc"
@@ -128,9 +156,15 @@ playbook_sync()
playbook_del()
{
+ local etc
+ local name
+
+ etc="$(config "fs.etcdir")"
+ name="$(config "$BASHTARD_PLAYBOOK.name")"
+
case "${BASHTARD_PLATFORM[init]}" in
systemd)
- systemctl disable --now tinc@tyilnet.service
+ systemctl disable --now "tinc@$name.service"
;;
*)
svc stop "tinc"
@@ -140,5 +174,5 @@ playbook_del()
pkg uninstall "tinc"
- rm -frv -- "$(config "fs.etcdir")/tinc/tyilnet"
+ rm -frv -- "$etc/tinc/$name"
}
diff --git a/playbooks.d/vpn-tinc/share/host b/playbooks.d/vpn-tinc/share/host
index c24d4ad..627aab6 100644
--- a/playbooks.d/vpn-tinc/share/host
+++ b/playbooks.d/vpn-tinc/share/host
@@ -1,2 +1,3 @@
Subnet = ${ip4}/32
+Subnet = ${ip6}/128
diff --git a/playbooks.d/vpn-tinc/share/hosts/anoia_tyil_net b/playbooks.d/vpn-tinc/share/hosts/anoia_tyil_net
deleted file mode 100644
index 4856c95..0000000
--- a/playbooks.d/vpn-tinc/share/hosts/anoia_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Subnet = 10.57.100.3/32
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAvcW/20fxgdGdNelD/eMwEpLChI03rvDbPHAp9en3cwlYaND40udO
-VxjRXj0rE9IA4N0f+o8oJdmG+mzl5Dd3rKXVnBnRymKzpNJ2w+cILPm1sQa6IO85
-F+7Q5v7lb5yFuy3JVi+tg4nqL+xHSZL6w/oPX667bR90oBJEd7C+U7p7r8DXvyHq
-cg9U1maDmZ0IzZtl6BxsjyfUr0o6xBtw+pCSIvOXW5xd4mfBPgvp+3nIcux6nek3
-VR6SJ85aXlYZxER23N13Vi3dGUJSIaBPN5MuS3IHBbAP/Feeyo8p4SCzl0AMfo/K
-+ZGcheL/NX7EVGg4XcZNgFaTBpusScOfxiRlzAeImomiQwKIywXp1otCn6dKIDj0
-jj146Dodf2nHRbTQj7H/2zyiRDjY/tpis/xTVA5AJu+p5aaXBA/eSb4H1OKL5qYs
-38/bUiUJTSbpWvC9WiHq/xi5GSs+3ehDara89yXXhunWLsqvSZOZacqeZQw8k+ip
-pNcnXbbtS0zqNQie3OEKY9qqOGKzjUiYu8yWJ4eo370XzlQ9sUgGfKmwCcc2c2jX
-Rrhjck+4DGeRA10oJpoxKArPaWrGWezIHJ49Jrc+xiTJ5EMVqOpuGvL5lrKn7g6y
-qYk1u6x0We1nCkMNN2LxrmL6j3p6PKRbWg7bczqPO4uEyT/575Ih2ssCAwEAAQ==
------END RSA PUBLIC KEY-----
-Ed25519PublicKey = 7jy41lK2S4BzhUVSAmULDSiZ9NQM4eQ0Geg2+F9pTpG
diff --git a/playbooks.d/vpn-tinc/share/hosts/denahnu_tyil_net b/playbooks.d/vpn-tinc/share/hosts/denahnu_tyil_net
deleted file mode 100644
index acc2038..0000000
--- a/playbooks.d/vpn-tinc/share/hosts/denahnu_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Address = 81.2.254.110
-Subnet = 10.57.20.4/32
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEApFXqCta82BLknLg9jI4ZLmjROl9S9worvIo4hQeDFtZrKlelfx8f
-RwfT9xF4YwI688FAlmZcGc1iRUTuCt+Pfbc+Lws6Kw1U/QIqAnga80chLzOkwPxV
-idZyMPpZ0nWc/XCj63znozr6KGPVgibNKB3p/qGI7f00CVWJHlff7knAmCiShxyK
-z+d7WglolSv7H7QE0Qz5tyMq7zkeide2MINd8Es+UpM4RpJHNIjFZmXm+lmfk/mW
-fYYIi0z7dbOv+9fKdgljyAahL+sKIH1lfVTIaywY50eq7rAuG0UrA6/HXrNS9Hs2
-LNPfUcDVQLwqM+ZTCbVykQ29/EyU28RRwDM/L85NY6YFSvCv35lqaeo+PokTFMI4
-Dzro+IyEI4VvCQ4CeA8085HVTErnVMCRI4hwooyuBBmiKVB62KfHDD6D5J49dg8A
-NzSkjmx1tqF+B8bOpk+gHJsk2ZXc1oU44S+1ydG7SdbqF2KWufpr9DIVIkTL64Cl
-9ymrmdW86NYTpsvUJVdqw+RW+hE55vUPr+/0mMkNVFdWy56EICxKqhW+wN80CxNE
-raiNuFWqKPxw3yrAomsgPIuH/a3bmqsTzHb5Rmkw5nArWqSENagF5tVFSBUcZkWb
-6wwu/ourq6q1HXwP3Z9/03quelwKqmjPxwUCkl7CYeo8um1tjANeZvUCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/playbooks.d/vpn-tinc/share/hosts/gaeru_tyil_net b/playbooks.d/vpn-tinc/share/hosts/gaeru_tyil_net
deleted file mode 100644
index eba305b..0000000
--- a/playbooks.d/vpn-tinc/share/hosts/gaeru_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Address = 37.48.120.26
-Subnet = 10.57.20.6/32
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA9NUrWO0L8lqrfs4BgZsLdfJZPfKx+Fi8P4k79CIBuVfkQ4OzJmoV
-ahupoOo5edjYLJK09epa9zFRc1DuaotYC7Wm9DdIF82WNZXN9x/Mvuq06WaKXBdj
-iTJKbYfVN/yv8Xfjzfp4DH3txwsq+9AuICHJkHOmb0lsDinpfbmP8C8ozBnutrLM
-XGaIzXzkV2NbunyjaiR7dho5+4P6wedck+IV63KRzepbX36OW9xImmEEpBPeMPzd
-VOgWs35FIgnE5uumXXfIax9CA9wFahvMYUlQbxA6kCg9PTteM3C44udFx8DxzGcR
-giKEbfxjcZ4pK9JG+LTxNZC2BK1gsUNw8sX6mEEY496cs0T10RWzRZM/HvMIpj1W
-5i72yh6kc8ieSr9hGIkm/oM/gwrFeC11PZQKis1P/0O5j7Lv6S7u6Edrpy/+WziV
-Yk10eZXzHcFuVAh9+wQUeD3v4bMQA/mE8RPI9JX4Xkpbu1LOhtglEwFU1CWlG179
-B990cfr3cjJkTqS7qEfWuNh2lQd4iwpgqyPZB7Dd7tHT5EKEZSZ+4+w9Xo8xfy0v
-7pdfImVHZ1PGVEsRk6AZZqcVcCRrjbKfqqL0m9JmB8vV5L3oZL/mXhFkh52aRMeZ
-tzODNlBH0LW2TVVrBw3DJxFyRCRYjk4At8jagVe9fYM4ERkTQxqCFi0CAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/playbooks.d/vpn-tinc/share/hosts/hurzak_tyil_net b/playbooks.d/vpn-tinc/share/hosts/hurzak_tyil_net
deleted file mode 100644
index d55cf55..0000000
--- a/playbooks.d/vpn-tinc/share/hosts/hurzak_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Address = 178.162.131.11
-Subnet = 10.57.20.7/32
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAmL0UOj+pMAV7R1Lq0rj3D+oGRnp5fz1q+jtbK3janX7gz0lFcXA8
-k6nOAzwksihQ9QfPLa0NEFpZ8PbLZP1mTFCf4f+1RWy9S2o4hLEzi+Ka8h/X54oH
-jOcEZQd7hGpwDGvU/lTG+1Iofh4NAsuiKIS/pT58fZ8WIGDIbL5PHYGas44MEJX6
-BXn9CJx8kzktFGJ27isCrl93kueSqp9ajNCCsmoisJxxdyxG8L+iWktuusTOoi31
-IhmKqhA9wf87p5bYJ7Ae1079OXT7RxjExG+z2C9s6UouxDEmI2oXtmn5luRQkikw
-T/nV29NJoUETcgVgrW3LHKr25cbXoaeosIgRsD6bLs0plOzECNrpl+/7ZKhr86M0
-ZynJyfoAWFVKaCHSqD9Js5HH13U7oOpTPMIZgZO0CwtESeUE1z7j4xNPMF8x9Ajg
-E7zny0SVO5JJNPqy6WFa1s5fWjU4YlFZKPG2jpIBqgw/unOCywQlQlrJH26Oo8RF
-5l9ccLmdQY2HWIpeY/BCEBCAZnsEt1/dV82HvgDeULXDyUOmpPgaNzCH445lzsg6
-xKtAyWt32VWS9x/OdAflmeHvKk+GM7g0X7g7IxCzkLRMYSn3M87IBKQ/cjE7yg50
-CbaLBdiDc3tVmR90fRalt/7PCccPychrFRFzE7E1/RIJKzqh6JTHUVkCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/playbooks.d/vpn-tinc/share/hosts/ivdea_tyil_net b/playbooks.d/vpn-tinc/share/hosts/ivdea_tyil_net
deleted file mode 100644
index 17f8c89..0000000
--- a/playbooks.d/vpn-tinc/share/hosts/ivdea_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Subnet = 10.57.100.8/32
-
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA1cPD37/K8EHfro9L/qmEGcG7Ivu6Lvc9K9ry2f6YAjvLQHAwFrf3
-WXOHwg+x6aaE8Us7f2gHs8tU4NMNz4ggSIOesDOSUrVPOrrvZJnDaPzl8+bIOCrq
-WOlgmo3RJv4w9G0QGmE7QGK2nX/gA05zaAMDP7Jd+yh7ohtYosth3/j/hetRdLD4
-j6D9tuwGKoQND3rlc7P4QV9bMM1wvKw63hj08YowBzD5GkYN+J833ZN2wmRqAvLp
-cRnELg/UqSp0wu0l5VJImi8oz59zGzWPzxFBakemjCkM7xVe5LKK3ZkjwojWDTqG
-BQXnhInrFplDm6j+A+jM1iOLwhwg1LbWthhzvrvZd68Dl3oBAsmRM8YmY7RjDpNW
-nhqPWen5fum9kURwczY9GLj5GcRkBjEXVTU3KTpYKXeTZrRc3HT69WbbzdfXNKYj
-aKRdL/OJZG4hNZFRgPHJP1svNrf4DLZiWIoAjeAdgXcHih1cUi2rP530YvRaajwT
-FFDgcfRdWp00WQUkJ8Fcl//rynnZWjHSi4NXTsB7qVvdFClNqglxVewzBgBkriEO
-n7SIXz6iNTaKLD63YaUY4oiqg4yY12P6ggY6U2atcXmK1g9syaYTIVD6MAA7XDxY
-uI88cs2AZnjLsfpW4p7TD90r1qRZjbkguLhy71cEaIZMbH+H/8eAyD0CAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/playbooks.d/vpn-tinc/share/hosts/jaomox_tyil_net b/playbooks.d/vpn-tinc/share/hosts/jaomox_tyil_net
deleted file mode 100644
index c1b7faa..0000000
--- a/playbooks.d/vpn-tinc/share/hosts/jaomox_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Address = 163.172.218.246
-Subnet = 10.57.21.1/32
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA1hTIMQha2vUVy0c8Ci5jF06T62IDDj9FhBtDBKOsvlZ1Lzh9OsqH
-x7blL0WNBDoqmgyX0RdDwUIqnMOttMFK4y6ARY50Yw+s8m2uy3i9FgRUn2Y+Qjc8
-SmFh1fKt9yThKfBFDhUmTW0vjXlWR3jf77QB1PAJzk8wRmDx0GbBzcrsRMBrKc9a
-rUN5mXz96xjkzq4vsAQ8W8aa4OmTR+oZcSe5iGzksXoh5BxmV8WjHK5ZpjuNi6qt
-t1pWWanq3DG44/5pfvobULDh2Z1b8dV4oTGZW9CFFHmjOve5f+AQuy6nnFX9FH6R
-dQ41GRCt3FFGMiCmej1BErPW2dE53A618vmcdd0J5Tt41TXX3oJo+gw3F1R5pNV7
-rd6hg634Iyx5y3JIJh9gQXbygCAnq32vtI6/j60MyGHk2Iu6KjfhtN56X/PRnJxa
-G2swLdJtUi11WgEhEdBd2x3l3P46eVj4YS48d3J++9mFKZ+ejoKosc7u5Xaj055I
-q0fQudOZswD4i8JT5cn7VFYAZSM+Po9Yxq9tfaIm5jld4f/XJGYL39lXBrUTFBWh
-PFXDrb35MstSVgHWlKtsLJj+Por4K5NxHdUHRIsOaMGem5GgOYos0AvkLYiQngey
-noZ41YSSyJwitHefW46+PKmx5MVlcMcwDOSpvZImTphnlKEttg9/RwMCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/playbooks.d/vpn-tinc/share/hosts/krohxe_tyil_net b/playbooks.d/vpn-tinc/share/hosts/krohxe_tyil_net
deleted file mode 100644
index 0655f39..0000000
--- a/playbooks.d/vpn-tinc/share/hosts/krohxe_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Subnet = 10.57.20.8/32
-
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA0kL+MH9xOLAKrwUF17a642QLnU+72xbxiFtbWFXGIj17hlcqiOAv
-NqWFO1EzroRgaNzqdufMik7G7MFzrGG+7/fziC5Vj7A7UMi+8F8ig1tKLpqe0/+f
-DqQfbU0tPaPPPc95lEYOU4j50ALBNAZLNaP5a0BIN7N+Bj0JQNTah1u45mdIMQh2
-LpIkbe5MWaVcVvh61l5mxM/+rsU8lJE4+SmOuFJZ+7bzsbtQf5mPc4kF8aqPoMle
-XuizHguphe3CrZgOvvmAVvrV9O7FvpFHlJcmt4FkyEZ0e8l0h9/YKHx94py4STa2
-O3zFJFHf4zVAIzSx+1mVV08aulcIGjTpHLSIlAuQ1kqEI8lGfcCawyMCPdcRzWKJ
-eo7fo8/slzg9O/Id/uZwlDltnBXI4053bhjsglEfm/zZHog00IR/rSXuiqJLV+Th
-8uNRGXezB/frVn58w8dbOuPDzsVTLNeDeZJHrKRxTn/bwVFLrG25ow9qMgr/mqaP
-sA6PjBnw01SkBUJY6fmowip9YcQTOjlauUR6w/F70aOIqT65M1ralSVmWAUFCKRz
-KYOaOPHfpQQVxQaDnUKPiDyF8YoP9zoocyh5BnBEKP6ctYZkZd3i5naJ1SG16R5j
-U9iMnzo/uKG1CAP7jnM7IGZ6XhlHchst5LxVAm2cGT8apEWJOvFnqOMCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/playbooks.d/vpn-tinc/share/tinc-up-ifconfig b/playbooks.d/vpn-tinc/share/tinc-up-ifconfig
index 66c897e..6f040d1 100644
--- a/playbooks.d/vpn-tinc/share/tinc-up-ifconfig
+++ b/playbooks.d/vpn-tinc/share/tinc-up-ifconfig
@@ -1,3 +1,4 @@
#!/bin/sh
ifconfig "$INTERFACE" inet ${ip4} netmask 255.255.0.0
+ifconfig "$INTERFACE" inet ${ip6} netmask 255.255.0.0
diff --git a/playbooks.d/vpn-tinc/share/tinc-up-ip b/playbooks.d/vpn-tinc/share/tinc-up-ip
index 191d310..105d8a5 100644
--- a/playbooks.d/vpn-tinc/share/tinc-up-ip
+++ b/playbooks.d/vpn-tinc/share/tinc-up-ip
@@ -1,5 +1,6 @@
#!/bin/sh
ip -4 addr add "${ip4}/16" dev "$INTERFACE"
+ip -6 addr add "${ip6}/64" dev "$INTERFACE"
ip link set "$INTERFACE" up
diff --git a/playbooks.d/vpn-tinc/share/tinc.conf b/playbooks.d/vpn-tinc/share/tinc.conf
index 89ccdfd..11696a7 100644
--- a/playbooks.d/vpn-tinc/share/tinc.conf
+++ b/playbooks.d/vpn-tinc/share/tinc.conf
@@ -1,7 +1,10 @@
Name = ${name}
ConnectTo = caeghi_tyil_net
-ConnectTo = denahnu_tyil_net
+ConnectTo = faiwoo_tyil_net
ConnectTo = gaeru_tyil_net
-ConnectTo = hurzak_tyil_net
ConnectTo = jaomox_tyil_net
+ConnectTo = mieshu_tyil_net
+ConnectTo = nouki_tyil_net
+ConnectTo = oolah_tyil_net
+ConnectTo = qohrei_tyil_net
diff --git a/playbooks.d/vpn-wireguard/description.txt b/playbooks.d/vpn-wireguard/description.txt
new file mode 100644
index 0000000..da242c7
--- /dev/null
+++ b/playbooks.d/vpn-wireguard/description.txt
@@ -0,0 +1 @@
+A meshed VPN through Wireguard
diff --git a/playbooks.d/vpn-wireguard/etc/defaults b/playbooks.d/vpn-wireguard/etc/defaults
new file mode 100644
index 0000000..178e2fd
--- /dev/null
+++ b/playbooks.d/vpn-wireguard/etc/defaults
@@ -0,0 +1 @@
+pkg.wireguard=wireguard
diff --git a/playbooks.d/vpn-wireguard/etc/os.d/linux-gentoo b/playbooks.d/vpn-wireguard/etc/os.d/linux-gentoo
new file mode 100644
index 0000000..91a9c37
--- /dev/null
+++ b/playbooks.d/vpn-wireguard/etc/os.d/linux-gentoo
@@ -0,0 +1 @@
+pkg.wireguard=net-vpn/wireguard-tools
diff --git a/playbooks.d/vpn-wireguard/playbook.bash b/playbooks.d/vpn-wireguard/playbook.bash
new file mode 100644
index 0000000..734761d
--- /dev/null
+++ b/playbooks.d/vpn-wireguard/playbook.bash
@@ -0,0 +1,119 @@
+#!/usr/bin/env bash
+
+# shellcheck disable=SC2034
+
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.endpoint]="required"
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ipv4]="required"
+BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ipv6]="required"
+
+playbook_add() {
+ local data
+ local interface
+
+ data="$(playbook_path "data")"
+ interface="$(config "$BASHTARD_PLAYBOOK.interface" "wg0")"
+
+ pkg install wireguard
+
+ # If there's no data directory yet, make it with a proper gitignore to ensure
+ # the private key is not included
+ if [[ ! -d "$data" ]]
+ then
+ mkdir -pv -- "$data" "$data/hooks" "$data/peers"
+ cat <<-EOF >> "$data/.gitignore"
+ privkey
+ EOF
+ fi
+
+ # Generate the private key for this machine
+ ( umask 077 && wg genkey > "$data/privkey" )
+
+ # Generate the peerfile for this machine
+ file_template "peer" \
+ endpoint="$(config "$BASHTARD_PLAYBOOK.endpoint")" \
+ ipv4="$(config "$BASHTARD_PLAYBOOK.ipv4")" \
+ ipv6="$(config "$BASHTARD_PLAYBOOK.ipv6")" \
+ keepalive="$(config "$BASHTARD_PLAYBOOK.keepalive" "0")" \
+ port="$(config "$BASHTARD_PLAYBOOK.port" "51820")" \
+ pubkey="$(wg pubkey < "$data/privkey")" \
+ > "$data/peers/${BASHTARD_PLATFORM[fqdn]}"
+
+ # Run the sync stage to make sure all the configuration files are written as
+ # desired
+ playbook_sync
+
+ # Enable the wireguard interface
+ info "$BASHTARD_PLAYBOOK" "Enabling wireguard interface $interface"
+ systemctl enable --now "wg-quick@$interface.service"
+}
+
+playbook_sync() {
+ local data
+ local wgconf
+ local interface
+ local hash
+
+ data="$(playbook_path "data")"
+ interface="$(config "$BASHTARD_PLAYBOOK.interface" "wg0")"
+ wgconf="$(config "fs.etcdir")/wireguard/$interface.conf"
+ hash="$(file_hash "$wgconf")"
+
+ # Create the wireguard config directory
+ mkdir -pv "$(config "fs.etcdir")/wireguard"
+
+ info "$BASHTARD_PLAYBOOK" "Generating wireguard configuration at $wgconf"
+
+ # Write the Interface section
+ file_template "interface" \
+ ipv4="$(config "$BASHTARD_PLAYBOOK.ipv4")" \
+ ipv6="$(config "$BASHTARD_PLAYBOOK.ipv6")" \
+ port="$(config "$BASHTARD_PLAYBOOK.port" "51820")" \
+ privkey="$(cat "$data/privkey")" \
+ > "$wgconf"
+
+ if [[ -f "$data/hooks/post-up" ]]
+ then
+ printf "PostUp = %s\n" "$data/hooks/post-up" >> "$wgconf"
+ fi
+
+ if [[ -f "$data/hooks/pre-down" ]]
+ then
+ printf "PreDown = %s\n" "$data/hooks/pre-down" >> "$wgconf"
+ fi
+
+ # Include peerfiles for all other machines
+ for path in "$data/peers"/*
+ do
+ local peer="$(basename "$path")"
+
+ # Skip the machine itself, as it needs not peer with itself
+ [[ "$peer" == "${BASHTARD_PLATFORM[fqdn]}" ]] && continue
+
+ # Append peerfile, but add a newline in there to make the
+ # resulting configuration file a little nicer
+ printf "\n" >> "$wgconf"
+ cat "$path" >> "$wgconf"
+ done
+
+ # Don't continue here if this was just part of the add invocation
+ [[ "$BASHTARD_COMMAND" == "add" ]] && return
+
+ # Nothing left to do if the Wireguard configs are the same
+ [[ "$hash" == "$(file_hash "$wgconf")" ]] && return
+
+ # Refresh the wireguard interface
+ # A simple reload seems to not discover newly added peers
+ info "$BASHTARD_PLAYBOOK" "Reloading wireguard interface $interface"
+ systemctl restart "wg-quick@$interface.service"
+}
+
+playbook_del() {
+ local interface
+
+ interface="$(config "$BASHTARD_PLAYBOOK.interface" "wg0")"
+
+ info "$BASHTARD_PLAYBOOK" "Disabling wireguard interface $interface"
+ systemctl disable --now "wg-quick@$interface.service"
+ rm -fv -- "$(config "fs.etcdir")/wireguard/$interface.conf"
+ pkg uninstall wireguard
+}
diff --git a/playbooks.d/vpn-wireguard/share/interface b/playbooks.d/vpn-wireguard/share/interface
new file mode 100644
index 0000000..00f53e8
--- /dev/null
+++ b/playbooks.d/vpn-wireguard/share/interface
@@ -0,0 +1,4 @@
+[Interface]
+Address = ${ipv6}/128,${ipv4}/32
+ListenPort = ${port}
+PrivateKey = ${privkey}
diff --git a/playbooks.d/vpn-wireguard/share/peer b/playbooks.d/vpn-wireguard/share/peer
new file mode 100644
index 0000000..9a95e38
--- /dev/null
+++ b/playbooks.d/vpn-wireguard/share/peer
@@ -0,0 +1,5 @@
+[Peer]
+AllowedIPs = ${ipv6}/128,${ipv4}/32
+Endpoint = [${endpoint}]:${port}
+PublicKey = ${pubkey}
+PersistentKeepalive = ${keepalive}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/com.voidfire.mumble b/playbooks.d/webserver-nginx/share/sites.d/http/com.voidfire.mumble
new file mode 100644
index 0000000..a2922fc
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/com.voidfire.mumble
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name mumble.voidfire.com;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.bazarr b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.bazarr
new file mode 100644
index 0000000..f8c36f4
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.bazarr
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name bazarr.arr.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.jellyseerr b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.jellyseerr
new file mode 100644
index 0000000..12d3487
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.jellyseerr
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name jellyseerr.arr.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.lid b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.lidarr
index 2fad057..2fad057 100644
--- a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.lid
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.lidarr
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.prowl b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.prowlarr
index 1a1d70f..1a1d70f 100644
--- a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.prowl
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.prowlarr
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.rad b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.radarr
index 852147e..852147e 100644
--- a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.rad
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.radarr
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.read b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.readarr
index 82002bc..82002bc 100644
--- a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.read
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.readarr
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.son b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.sonarr
index 61904fd..61904fd 100644
--- a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.son
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.sonarr
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.tdarr b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.tdarr
new file mode 100644
index 0000000..2128cad
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.tdarr
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name tdarr.arr.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.ci b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.ci
new file mode 100644
index 0000000..7f2b35f
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.ci
@@ -0,0 +1,12 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name ci.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.myl b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.media
index 4a11124..92d387c 100644
--- a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.myl
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.media
@@ -2,7 +2,7 @@ server {
listen 80;
listen [::]:80;
- server_name myl.arr.tyil.nl;
+ server_name nl.tyil.media;
include /etc/nginx/snippets.d/certbot.conf;
include /etc/nginx/snippets.d/headers.conf;
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.baz b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.ntfy
index ea5ae18..d4b8d44 100644
--- a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.baz
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.ntfy
@@ -2,7 +2,7 @@ server {
listen 80;
listen [::]:80;
- server_name baz.arr.tyil.nl;
+ server_name ntfy.tyil.nl;
include /etc/nginx/snippets.d/certbot.conf;
include /etc/nginx/snippets.d/headers.conf;
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s3 b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s3
new file mode 100644
index 0000000..8b0d1d5
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s3
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name s3.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s3.misskey b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s3.misskey
new file mode 100644
index 0000000..e616f75
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s3.misskey
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name misskey.s3.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/com.voidfire.mumble b/playbooks.d/webserver-nginx/share/sites.d/https/com.voidfire.mumble
new file mode 100644
index 0000000..09daf3b
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/com.voidfire.mumble
@@ -0,0 +1,49 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name mumble.voidfire.com;
+
+ ssl_certificate /etc/letsencrypt/live/mumble.voidfire.com/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/mumble.voidfire.com/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ root /var/www/com.voidfire.mumble;
+
+ location / {
+ proxy_http_version 1.1;
+ proxy_set_header Connection $http_connection;
+ proxy_set_header Host $host;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header X-Forwarded-For $remote_addr;
+
+ proxy_pass http://127.0.0.1:8080;
+ }
+
+ location /proxy {
+ proxy_http_version 1.1;
+ proxy_set_header Connection $http_connection;
+ proxy_set_header Upgrade $http_upgrade;
+
+ proxy_pass http://127.0.0.1:64737;
+ }
+
+ location /botamusique {
+ port_in_redirect off;
+
+ proxy_http_version 1.1;
+
+ proxy_set_header Connection $http_connection;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $server_name;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Script-Name /botamusique;
+
+ proxy_pass http://127.0.0.1:13586;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.myl b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.bazarr
index 36735f8..96d0dec 100644
--- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.myl
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.bazarr
@@ -2,10 +2,10 @@ server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
- server_name myl.arr.tyil.nl;
+ server_name bazarr.arr.tyil.nl;
- ssl_certificate /etc/letsencrypt/live/myl.arr.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/myl.arr.tyil.nl/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/bazarr.arr.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/bazarr.arr.tyil.nl/privkey.pem;
include /etc/nginx/snippets.d/certbot.conf;
#include /etc/nginx/snippets.d/headers.conf;
@@ -18,6 +18,6 @@ server {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
- proxy_pass http://10.57.100.7:8080;
+ proxy_pass http://172.31.0.1:4002;
}
}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.jellyseerr b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.jellyseerr
new file mode 100644
index 0000000..27045a2
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.jellyseerr
@@ -0,0 +1,23 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name jellyseerr.arr.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/jellyseerr.arr.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/jellyseerr.arr.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ #include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ location / {
+ proxy_http_version 1.1;
+ proxy_set_header Connection $http_connection;
+ proxy_set_header Host $host;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header X-Forwarded-For $remote_addr;
+
+ proxy_pass http://172.31.0.1:2001;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.baz b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.lidarr
index 70ea3a8..26010a4 100644
--- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.baz
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.lidarr
@@ -2,10 +2,10 @@ server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
- server_name baz.arr.tyil.nl;
+ server_name lidarr.arr.tyil.nl;
- ssl_certificate /etc/letsencrypt/live/baz.arr.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/baz.arr.tyil.nl/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/lidarr.arr.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/lidarr.arr.tyil.nl/privkey.pem;
include /etc/nginx/snippets.d/certbot.conf;
#include /etc/nginx/snippets.d/headers.conf;
@@ -18,6 +18,6 @@ server {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
- proxy_pass http://10.57.100.7:8080;
+ proxy_pass http://172.31.0.1:3001;
}
}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.prowlarr b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.prowlarr
new file mode 100644
index 0000000..a798a15
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.prowlarr
@@ -0,0 +1,23 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name prowlarr.arr.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/prowlarr.arr.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/prowlarr.arr.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ #include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ location / {
+ proxy_http_version 1.1;
+ proxy_set_header Connection $http_connection;
+ proxy_set_header Host $host;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header X-Forwarded-For $remote_addr;
+
+ proxy_pass http://172.31.0.1:2002;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.rad b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.rad
deleted file mode 100644
index 83a4442..0000000
--- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.rad
+++ /dev/null
@@ -1,23 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name rad.arr.tyil.nl;
-
- ssl_certificate /etc/letsencrypt/live/rad.arr.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/rad.arr.tyil.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- #include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- location / {
- proxy_http_version 1.1;
- proxy_set_header Connection $http_connection;
- proxy_set_header Host $host;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header X-Forwarded-For $remote_addr;
-
- proxy_pass http://127.0.0.1:20832;
- }
-}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.lid b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.radarr
index 049dfd9..abca322 100644
--- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.lid
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.radarr
@@ -2,10 +2,10 @@ server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
- server_name lid.arr.tyil.nl;
+ server_name radarr.arr.tyil.nl;
- ssl_certificate /etc/letsencrypt/live/lid.arr.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/lid.arr.tyil.nl/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/radarr.arr.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/radarr.arr.tyil.nl/privkey.pem;
include /etc/nginx/snippets.d/certbot.conf;
#include /etc/nginx/snippets.d/headers.conf;
@@ -18,6 +18,6 @@ server {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
- proxy_pass http://127.0.0.1:20831;
+ proxy_pass http://172.31.0.1:3003;
}
}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.read b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.read
deleted file mode 100644
index 3af4341..0000000
--- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.read
+++ /dev/null
@@ -1,23 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name read.arr.tyil.nl;
-
- ssl_certificate /etc/letsencrypt/live/read.arr.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/read.arr.tyil.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- #include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- location / {
- proxy_http_version 1.1;
- proxy_set_header Connection $http_connection;
- proxy_set_header Host $host;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header X-Forwarded-For $remote_addr;
-
- proxy_pass http://127.0.0.1:20834;
- }
-}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.readarr b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.readarr
new file mode 100644
index 0000000..47e455e
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.readarr
@@ -0,0 +1,23 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name readarr.arr.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/readarr.arr.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/readarr.arr.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ #include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ location / {
+ proxy_http_version 1.1;
+ proxy_set_header Connection $http_connection;
+ proxy_set_header Host $host;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header X-Forwarded-For $remote_addr;
+
+ proxy_pass http://172.31.0.1:3004;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.sonarr b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.sonarr
new file mode 100644
index 0000000..eb08997
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.sonarr
@@ -0,0 +1,23 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name sonarr.arr.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/sonarr.arr.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/sonarr.arr.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ #include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ location / {
+ proxy_http_version 1.1;
+ proxy_set_header Connection $http_connection;
+ proxy_set_header Host $host;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header X-Forwarded-For $remote_addr;
+
+ proxy_pass http://172.31.0.1:3002;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.prowl b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.tdarr
index 894b604..f3a8afe 100644
--- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.prowl
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.tdarr
@@ -2,10 +2,10 @@ server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
- server_name prowl.arr.tyil.nl;
+ server_name tdarr.arr.tyil.nl;
- ssl_certificate /etc/letsencrypt/live/prowl.arr.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/prowl.arr.tyil.nl/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/tdarr.arr.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/tdarr.arr.tyil.nl/privkey.pem;
include /etc/nginx/snippets.d/certbot.conf;
#include /etc/nginx/snippets.d/headers.conf;
@@ -18,6 +18,6 @@ server {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
- proxy_pass http://127.0.0.1:20828;
+ proxy_pass http://172.31.0.1:4001;
}
}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.ci b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.ci
new file mode 100644
index 0000000..ca9421c
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.ci
@@ -0,0 +1,19 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name ci.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/ci.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/ci.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $remote_addr;
+
+ proxy_pass http://127.0.0.1:61007;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git
index 650b55c..63e349c 100644
--- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git
@@ -15,7 +15,7 @@ server {
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
- root /usr/share/webapps/cgit/1.2.3-r100/htdocs;
+ root /usr/share/webapps/cgit/1.2.3-r201/htdocs;
location / {
try_files $uri @cgit;
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.son b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.media
index 7873d2d..9d811dc 100644
--- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.son
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.media
@@ -2,14 +2,13 @@ server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
- server_name son.arr.tyil.nl;
+ server_name media.tyil.nl;
- ssl_certificate /etc/letsencrypt/live/son.arr.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/son.arr.tyil.nl/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/media.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/media.tyil.nl/privkey.pem;
- include /etc/nginx/snippets.d/certbot.conf;
- #include /etc/nginx/snippets.d/headers.conf;
include /etc/nginx/snippets.d/ssl.conf;
+ include /etc/nginx/snippets.d/certbot.conf;
location / {
proxy_http_version 1.1;
@@ -18,6 +17,6 @@ server {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
- proxy_pass http://127.0.0.1:20833;
+ proxy_pass http://172.31.0.1:2003;
}
}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.ntfy b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.ntfy
new file mode 100644
index 0000000..dfee8e3
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.ntfy
@@ -0,0 +1,31 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name ntfy.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/ntfy.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/ntfy.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ location / {
+ proxy_buffering off;
+ proxy_connect_timeout 3m;
+ proxy_http_version 1.1;
+ proxy_read_timeout 3m;
+ proxy_redirect off;
+ proxy_request_buffering off;
+ proxy_send_timeout 3m;
+
+ proxy_set_header Connection $http_connection;
+ proxy_set_header Host $host;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header X-Forwarded-For $remote_addr;
+
+ client_max_body_size 20m;
+
+ proxy_pass http://127.0.0.1:42349;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s3 b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s3
new file mode 100644
index 0000000..5efcd2e
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s3
@@ -0,0 +1,20 @@
+upstream s3_backend {
+ server 10.57.21.1:3900;
+}
+
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name s3.tyil.nl *.s3.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/s3.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/s3.tyil.nl/privkey.pem;
+
+ location / {
+ proxy_pass http://s3_backend;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $host;
+ proxy_max_temp_file_size 0;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s3.misskey b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s3.misskey
new file mode 100644
index 0000000..ae3204b
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s3.misskey
@@ -0,0 +1,21 @@
+upstream s3_backend {
+ server 10.57.21.1:3900;
+}
+
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name misskey.s3.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/misskey.s3.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/misskey.s3.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ location / {
+ root /var/www/nl.tyil.s3.misskey;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv
index e91a392..3107d07 100644
--- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv
@@ -27,7 +27,7 @@ server {
proxy_buffering off;
- proxy_pass http://127.0.0.1:8096;
+ proxy_pass http://172.31.0.1:1025;
}
location = /web/ {
@@ -38,7 +38,7 @@ server {
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
- proxy_pass http://127.0.0.1:8096/web/index.html;
+ proxy_pass http://172.31.0.1:1025/web/index.html;
}
location /socket {
@@ -53,6 +53,6 @@ server {
proxy_http_version 1.1;
- proxy_pass http://127.0.0.1:8096;
+ proxy_pass http://172.31.0.1:1025;
}
}
diff --git a/playbooks.d/www-blog b/playbooks.d/www-blog
new file mode 160000
+Subproject 573cc709a25f6276c97e3911b684f67479f89b3
diff --git a/playbooks.d/www-blog/description.txt b/playbooks.d/www-blog/description.txt
deleted file mode 100644
index c43df4c..0000000
--- a/playbooks.d/www-blog/description.txt
+++ /dev/null
@@ -1 +0,0 @@
-Sources for my personal blog
diff --git a/playbooks.d/www-blog/etc/defaults b/playbooks.d/www-blog/etc/defaults
deleted file mode 100644
index 5135281..0000000
--- a/playbooks.d/www-blog/etc/defaults
+++ /dev/null
@@ -1,2 +0,0 @@
-www.blog.branch=master
-www.blog.path=/var/www/nl.tyil.www
diff --git a/playbooks.d/www-blog/playbook.bash b/playbooks.d/www-blog/playbook.bash
deleted file mode 100644
index e217e73..0000000
--- a/playbooks.d/www-blog/playbook.bash
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-
-playbook_add() {
- git clone https://git.tyil.nl/blog "$(config www.blog.path)"
-
- playbook_sync
-}
-
-playbook_sync() {
- if [[ $BASHTARD_COMMAND != "add" ]]
- then
- git -C "$(config www.blog.path)" pull origin "$(config www.blog.branch)"
- fi
-
- chgdir "$(config www.blog.path)"
- hugo -D # This will generate all the draft content
- hugo # And this will generate the actual live blog, but won't remove the draft content
-}
-
-playbook_del() {
- rm -fr -- "$(config www.blog.path)"
-
- pkg uninstall hugo
-}
diff --git a/registry.d/anoia.tyil.net b/registry.d/anoia.tyil.net
index 059d70d..e69de29 100644
--- a/registry.d/anoia.tyil.net
+++ b/registry.d/anoia.tyil.net
@@ -1,5 +0,0 @@
-backup-borg
-dns-dnsmasq
-ssh
-user-tyil
-vpn-tinc
diff --git a/registry.d/caeghi.tyil.net b/registry.d/caeghi.tyil.net
index 8cb0a70..18a4bf8 100644
--- a/registry.d/caeghi.tyil.net
+++ b/registry.d/caeghi.tyil.net
@@ -2,3 +2,5 @@ backup-borg
ssh
user-tyil
vpn-tinc
+vpn-wireguard
+webserver-nginx
diff --git a/registry.d/denahnu.tyil.net b/registry.d/denahnu.tyil.net
deleted file mode 100644
index 8cb0a70..0000000
--- a/registry.d/denahnu.tyil.net
+++ /dev/null
@@ -1,4 +0,0 @@
-backup-borg
-ssh
-user-tyil
-vpn-tinc
diff --git a/registry.d/edephas.tyil.net b/registry.d/edephas.tyil.net
index 608fd58..106a74a 100644
--- a/registry.d/edephas.tyil.net
+++ b/registry.d/edephas.tyil.net
@@ -1,6 +1,5 @@
backup-borg
git-server
-k3s-master
ssh
user-tyil
vpn-tinc
diff --git a/registry.d/faiwoo.tyil.net b/registry.d/faiwoo.tyil.net
index 9f8119f..8571020 100644
--- a/registry.d/faiwoo.tyil.net
+++ b/registry.d/faiwoo.tyil.net
@@ -2,5 +2,6 @@ backup-borg
ssh
user-tyil
vpn-tinc
+vpn-wireguard
webserver-nginx
www-blog
diff --git a/registry.d/hurzak.tyil.net b/registry.d/hurzak.tyil.net
deleted file mode 100644
index 2e7ea04..0000000
--- a/registry.d/hurzak.tyil.net
+++ /dev/null
@@ -1,4 +0,0 @@
-k3s-master
-ssh
-user-tyil
-vpn-tinc
diff --git a/registry.d/ivdea.tyil.net b/registry.d/ivdea.tyil.net
deleted file mode 100644
index 8cb0a70..0000000
--- a/registry.d/ivdea.tyil.net
+++ /dev/null
@@ -1,4 +0,0 @@
-backup-borg
-ssh
-user-tyil
-vpn-tinc
diff --git a/registry.d/jaomox.tyil.net b/registry.d/jaomox.tyil.net
index c3910de..cec0024 100644
--- a/registry.d/jaomox.tyil.net
+++ b/registry.d/jaomox.tyil.net
@@ -1,3 +1,9 @@
+nftables
+seaweedfs
+seaweedfs-filer
+seaweedfs-master
+seaweedfs-volume
ssh
user-tyil
vpn-tinc
+vpn-wireguard
diff --git a/registry.d/krohxe.tyil.net b/registry.d/krohxe.tyil.net
deleted file mode 100644
index 3e808f8..0000000
--- a/registry.d/krohxe.tyil.net
+++ /dev/null
@@ -1,3 +0,0 @@
-k3s-master
-ssh
-vpn-tinc
diff --git a/registry.d/ludifah.tyil.net b/registry.d/ludifah.tyil.net
new file mode 100644
index 0000000..98cfbf8
--- /dev/null
+++ b/registry.d/ludifah.tyil.net
@@ -0,0 +1 @@
+vpn-tinc
diff --git a/registry.d/mieshu.tyil.net b/registry.d/mieshu.tyil.net
new file mode 100644
index 0000000..b1f38d8
--- /dev/null
+++ b/registry.d/mieshu.tyil.net
@@ -0,0 +1,8 @@
+etc-portage
+git-server
+k3s-node
+nfs-server
+ssh
+user-tyil
+vpn-tinc
+vpn-wireguard
diff --git a/registry.d/nouki.tyil.net b/registry.d/nouki.tyil.net
new file mode 100644
index 0000000..36677af
--- /dev/null
+++ b/registry.d/nouki.tyil.net
@@ -0,0 +1,6 @@
+etc-portage
+k3s-node
+ssh
+user-tyil
+vpn-tinc
+vpn-wireguard
diff --git a/registry.d/oolah.tyil.net b/registry.d/oolah.tyil.net
new file mode 100644
index 0000000..07624a3
--- /dev/null
+++ b/registry.d/oolah.tyil.net
@@ -0,0 +1,5 @@
+proxy-privoxy
+ssh
+user-tyil
+vpn-tinc
+vpn-wireguard
diff --git a/registry.d/plarabe.tyil.net b/registry.d/plarabe.tyil.net
new file mode 100644
index 0000000..f93a766
--- /dev/null
+++ b/registry.d/plarabe.tyil.net
@@ -0,0 +1,2 @@
+nftables
+vpn-tinc
diff --git a/registry.d/qohrei.tyil.net b/registry.d/qohrei.tyil.net
new file mode 100644
index 0000000..31a595e
--- /dev/null
+++ b/registry.d/qohrei.tyil.net
@@ -0,0 +1,4 @@
+k8s-master
+nftables
+vpn-tinc
+vpn-wireguard
diff --git a/registry.d/ricui.tyil.net b/registry.d/ricui.tyil.net
new file mode 100644
index 0000000..6f38e85
--- /dev/null
+++ b/registry.d/ricui.tyil.net
@@ -0,0 +1,4 @@
+nftables
+ssh
+vpn-tinc
+vpn-wireguard