diff options
452 files changed, 7120 insertions, 20069 deletions
diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..ae999ae --- /dev/null +++ b/.gitmodules @@ -0,0 +1,9 @@ +[submodule "playbooks.d/www-blog"] + path = playbooks.d/www-blog + url = https://git.tyil.nl/bashtard/www-static +[submodule "playbooks.d/vpn-tinc"] + path = playbooks.d/vpn-tinc + url = https://git.tyil.nl/bashtard/vpn-tinc +[submodule "playbooks.d/k3s-hurzak"] + path = playbooks.d/k3s-master + url = https://git.tyil.nl/bashtard/k3s-master diff --git a/data.d/etc-nixos/.gitignore b/data.d/etc-nixos/.gitignore new file mode 100644 index 0000000..2ee4098 --- /dev/null +++ b/data.d/etc-nixos/.gitignore @@ -0,0 +1,2 @@ +configuration.nix +hardware-configuration.nix diff --git a/data.d/etc-nixos/README.md b/data.d/etc-nixos/README.md new file mode 100644 index 0000000..798fe0c --- /dev/null +++ b/data.d/etc-nixos/README.md @@ -0,0 +1,119 @@ +# Set variables + +```sh +disk=... +zfs_pool=... +swap_ratio=1.5 +``` + +# Partition disk + +```sh +parted -s "$disk" mklabel gpt +``` + +## boot + +### MBR + +We don't do MBR anymore! + +### EFI + +```sh +parted -a optimal "$disk" mkpart primary fat32 1MiB 1001MiB +parted "$disk" set 1 esp on + +mkfs.vfat -F32 "${disk}1" +``` + +## swap + +```sh +swap_end=$(awk '/MemTotal/ { print int($2 / 1000 * '"$swap_ratio"') + 1001 }' /proc/meminfo) +parted -a optimal "$disk" mkpart primary linux-swap 1001MiB "$swap_end" + +mkswap "${disk}2" +swapon "${disk}2" +``` + +## zpool + +```sh +parted -a optimal "$disk" mkpart primary "$swap_end" 100% + +zpool create \ + -O mountpoint=none \ + -O encryption=on \ + -O keyformat=passphrase \ + -O keylocation=prompt \ + -O acltype=posixacl \ + -O xattr=sa \ + -O compression=zstd \ + -O dnodesize=auto \ + -O normalization=formD \ + -o ashift=12 \ + -o autotrim=on \ + -R /mnt \ + "$zfs_pool" "${disk}3" +``` + +### zfs volumes + +```sh +zfs create -o mountpoint=none "$zfs_pool/rootfs" +zfs create -o mountpoint=legacy "$zfs_pool/rootfs/nixos" +zfs create -o mountpoint=legacy "$zfs_pool/homefs" +zfs create -o mountpoint=legacy "$zfs_pool/homefs/root" +zfs create -o mountpoint=legacy "$zfs_pool/homefs/tyil" +``` + +# Mount partitions/volumes + +```sh +mount -t zfs "$zfs_pool/rootfs/nixos" /mnt + +mkdir -pv -- /mnt/boot +mount -t vfat "${disk}1" /mnt/boot + +mkdir -pv -- /mnt/home +mount -t zfs "$zfs_pool/homefs" /mnt/home + +mkdir -pv -- /mnt/root +mkdir -pv -- /mnt/home/tyil +mount -t zfs "$zfs_pool/homefs/root" /mnt/root +mount -t zfs "$zfs_pool/homefs/tyil" /mnt/home/tyil +``` + +# Install NixOS + +## Configure + +```sh +nixos-generate-config --root /mnt +``` + +Apply configs in `/mnt/etc/nixos` + +```nix +{ + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.devNodes = ... + boot.zfs.forceImportRoot = false; + networking.hostId = $(head -c4 /dev/urandom | od -A none -t x4) + networking.hostName = ... +} +``` + +## Install + +```sh +cd /mnt && nixos-install +``` + +## Reboot + +```sh +umount -lR /mnt +zpool export "$zfs_pool" +``` diff --git a/data.d/etc-nixos/apps/vpn-tinc.nix b/data.d/etc-nixos/apps/vpn-tinc.nix new file mode 100644 index 0000000..0634ecc --- /dev/null +++ b/data.d/etc-nixos/apps/vpn-tinc.nix @@ -0,0 +1,283 @@ +{ config, pkgs, ... }: + +# To have this node join the network, generate keys, add the new host with its +# public keys to the list in this file, then rebuild. +# +# - mkdir -pv -- /etc/tinc/tyilnet +# - nix-shell -p tinc_pre --run "tinc -n tyilnet generate-keys 4096" +# - $EDITOR /etc/nixos/configuration.nix +# ? networking.interfaces."tinc.tyilnet".address +# - services.tinc.networks.tyilnet.name +# - imports += [ "./apps/vpn-tinc.nix" ] +# - cat /etc/tinc/tyilnet/*.pub +# - $EDITOR /etc/nixos/apps/vpn-tinc.nix + +{ + environment = { + etc = { + # This part should be written to configuration.nix while I try to learn + # how to do it cleanly with a simple variable + # + #"tinc/tyilnet/tinc-up".source = pkgs.writeScript "tinc-up" '' + # #!${pkgs.stdenv.shell} + # ${pkgs.nettools}/bin/ifconfig $INTERFACE 10.57.50.50 netmask 255.255.0.0 + #''; + "tinc/tyilnet/tinc-down".source = pkgs.writeScript "tinc-down" '' + #!${pkgs.stdenv.shell} + /run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down + ''; + }; + }; + + networking = { + firewall = { + allowedUDPPorts = [ 655 ]; + allowedTCPPorts = [ 655 ]; + }; + }; + + security.sudo.extraRules = [ + { + users = [ "tinc.tyilnet" ]; + commands = [ + { + command = "${pkgs.nettools}/bin/ifconfig"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + + services = { + tinc = { + networks = { + tyilnet = { + debugLevel = 3; + chroot = false; + interfaceType = "tap"; + + extraConfig = '' + ConnectTo = caeghi_tyil_net + ConnectTo = denahnu_tyil_net + ConnectTo = faiwoo_tyil_net + ConnectTo = gaeru_tyil_net + ConnectTo = hurzak_tyil_net + ConnectTo = jaomox_tyil_net + + Ed25519PrivateKeyFile = /etc/tinc/tyilnet/ed25519_key.priv + PrivateKeyFile = /etc/tinc/tyilnet/rsa_key.priv + ''; + + hosts = { + anoia_tyil_net = '' + Subnet = 10.57.100.3/32 + + Ed25519PublicKey = 04G6200IYDzDT3H0Yj6ZjQUIUc8tCIvzPaXmyk36e2M + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAt+7D3zRySAfd9cYnMSNhp/yRnBygmnfLdKm/dH9X7QbJ1BNcQpTP + I1RmC9lNlWABhB46DJUqQAQeGlZPUHxbCnmdDN6HyDaSA45m/yGUbVhN/ClK7iap + EXfNmxZbtE4eBHDz5DsFe7i2nla4gogyiUQsvRgIP2b2v9qzBhqf2kXwv0X+n7hv + HvQOdN60x/xm1+Vh6wsdX2HYatEh3dy1pfj+1RCQIWV1FDS1YVbFZFb1UJz917G/ + DIpM/Cb/3txH0ffVh2NVqFBW3kd60Cs42/6htpHucBQ1dRVZUCKKWz1sgi5H4nty + HdPDPwOphrvNE7kXjvhkPIif1KtCr2SLwOK0UXR9iZtWuDH/Uxn2v7ofa0a3zKGf + yPrVwzhciv2cdbXPiTFyAS8YbpQUQTcuqDVi1AxE8Z0KmuvgBtTtAzMDyoTLOfzS + yZ3a0qQhX3nvLkXWh7cA7cquuP4LgP5iY1vJSRO2EZA61/WdKs8asl0EN8Zn8EEz + opnvcM3M0ptBZy1Dz2X6Lz0QliQrzajmSRhfUMTOq3ARvnLsES14ZqehavH5Ntms + G1OVdVnd7fqibMhWz/dKiB3uG+1e39isTPW3+22MEm4R0ngfF6olZ8SdHrIWFPW8 + bvdzf7ebFrjuqi6qN/NdUwrzWdDGU83W2xEBsHHbHcoKaB2uwcCKvjcCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + + bast_tyil_net = '' + Subnet = 10.57.50.50/32 + + Ed25519PublicKey = De60ft6TStf9oJ060kxpSmX7xJ/ZVO9EFXgQdqWcWaO + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAwvOYvgciXHsrqMHIWKDUcJjCF1ARjAxqb3s/BzRlz0XcynzpYDV/ + EtiZWRkKmDveUILe8pk3gFlu2vwen9DGVydg+tW4G0z4NIejoC9FR8a/NpjTzMvw + gNCihTFpPqoqn7loy+OdHIWv34v26zUFY8r0W1XUX0O0vtUcWTHwkV6DggujFPxG + SM9yGyl7MxuDbr9EP520dsklWGQT93RlUizr1dm2QNLgQN6+FMTpVPJN/2uaHSMo + 9xx3vLltqweyvMrIWCPQQSu+vj9Dqq+4ToC2rXkEfMsjkDyVJViOzSarZfAHCdJL + S/aZh4PC9EMsc+DmoIQwN7fKG3CQkm3QZ2P1WKG0jNZ2jdC50G7G9QypKdPFh5Al + Oy6z/+VG05+ouRmfQTi12Kap7aakMOw9vjL1BSGgoTxToS7m+O5Q9ByodhVhRBMc + pp0ZHvPhZjM0jmtqrTtTkQDGonCiN/IxOdneTkiM0lW9UnROWqYJHL1B92sVyADw + S9ddyfUbUFLnOdJkF/JBFR3d5GxIcY1HVfYbugbIBGnal5koALFfhDkYJqQbbuAz + z1rSm4yYFWKKFThpZA1oRvEh9UJNbFOepreImCmUKZurgQZFMUjRMRtTcRXy07fR + /EctKPyzDKmQOHlnR4hNd3laefwL0vMO7Wra4NqoJx4MMmnPtl5s8okCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + + caeghi_tyil_net = '' + Address = 116.202.102.33 + Subnet = 10.57.20.2/32 + + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA2abFKFB1Dr1YMcAIWcy/2+jJn+suPyiQjz6vgt476P9a/I7SUCta + P5QUPxvS9pZxFVTFKzpmdKxG1pbCAkhArtNg2R1VFEiYCxS+iey+F11pMPEZFVpC + EIXeVDQeBm9UXjrOpcTRIwEO7Q2J2lzRrhGm6Rpb6XbdmtQ3S8XgVsXYwWoV7muf + TE/d5fgtz8Hghti8w86FP9q61iH6AHCREwbHEUyat5hwznmbiNJHyjx+otI63sQo + FS37EazhqCEvt9jyvVSmB7kVTOLnIVATWDaUlPCLLvps09eRsz6aAa7RHCGd3x/W + mRHxDCbeKL4ilpo/FPZhANdQImLmFovOtwZ6xawRWKPcRXhkaL24qQC0MLH9wmnY + oM6EMioWUa0F11iFM99DTK+NF2Pk8vHNzm0Ep5g0SHzqnAIDDzeNTC9ogwsETqL5 + t7VY1GXuKWgta9L2q03X7FMEgjIc3lPgVLc0Ccx11MTgVzcIaLxFQ58oo+xFuc9I + rBqjZgJwg5MTdZiyZesLJuV+YP+yRat3LifAwIZhloSBVPU6YKx/y30BHjDM8FP1 + OM2IzJLrafZDy034XyD4s62YsKrHMcQ3CeoQ80QjvSyWvSlvn2vEqrbWIZADi0d/ + 8vgl44gF9g9yN++G6S7BsTJ5PNgv0jrRFu/RpEN1hVOuo+nBqFsvxW8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + + denahnu_tyil_net = '' + Address = 81.2.254.110 + Subnet = 10.57.20.4/32 + + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEApFXqCta82BLknLg9jI4ZLmjROl9S9worvIo4hQeDFtZrKlelfx8f + RwfT9xF4YwI688FAlmZcGc1iRUTuCt+Pfbc+Lws6Kw1U/QIqAnga80chLzOkwPxV + idZyMPpZ0nWc/XCj63znozr6KGPVgibNKB3p/qGI7f00CVWJHlff7knAmCiShxyK + z+d7WglolSv7H7QE0Qz5tyMq7zkeide2MINd8Es+UpM4RpJHNIjFZmXm+lmfk/mW + fYYIi0z7dbOv+9fKdgljyAahL+sKIH1lfVTIaywY50eq7rAuG0UrA6/HXrNS9Hs2 + LNPfUcDVQLwqM+ZTCbVykQ29/EyU28RRwDM/L85NY6YFSvCv35lqaeo+PokTFMI4 + Dzro+IyEI4VvCQ4CeA8085HVTErnVMCRI4hwooyuBBmiKVB62KfHDD6D5J49dg8A + NzSkjmx1tqF+B8bOpk+gHJsk2ZXc1oU44S+1ydG7SdbqF2KWufpr9DIVIkTL64Cl + 9ymrmdW86NYTpsvUJVdqw+RW+hE55vUPr+/0mMkNVFdWy56EICxKqhW+wN80CxNE + raiNuFWqKPxw3yrAomsgPIuH/a3bmqsTzHb5Rmkw5nArWqSENagF5tVFSBUcZkWb + 6wwu/ourq6q1HXwP3Z9/03quelwKqmjPxwUCkl7CYeo8um1tjANeZvUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + + edephas_tyil_net = '' + Subnet = 10.57.100.7/32 + + Ed25519PublicKey = 4ABczlbBBLs5WMztIzafWw1ozwKZVkj4/of3Jc6awiO + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEApxmzAXv4Mch5FP5AxHmpvHjkJGxcegbFzdFzHjhdLDJ9MQQZdM1p + PomhyYXB9Gsq4oJIOcjqJJdbp4dchYGJ++eS3V1wwstLMTl/+kWZ4ojI9sb/J5rl + a3gknTjipdUuoOpdkAkXKCbq9AXyFsvLr4Q6WaFpeTuIjNb2QgPOLUmcD1eNCdnn + KcHQAGR3zRh3uu8zMkaJZwQDZAdRLV6b77OLe7PXCsYgQ68qw3uti3JENv8VC80T + UxUmv8He7xgAqRCJbD3FH3WT2O63mK9jpnFj/BKDTm5k4hUDtZRY1O92JUqQAruw + gq3I8mhSqFMkvt+S67u950hRzN4/ZGs7lzxRkDqDqLy+ZISN2cDpbX1i4WmZFfex + zj7ZbmfsVzwSF/+K31AOQrODt79bGGFwjZgAVn9Cny/bysBxrOJy39D2Awioynpc + mjICtRP7utpo959YmSNsEcjfamIHVfUOTsEoIYhYASmWRjrSF6v7j2bbC+aFOWsf + yIRZc0EtH803/Ks++ieIDWFmhB0ydtkqFm8HK2eyqOqnlHTepmrDflkxfao3JTXP + CbldDpUGKBcLZ5FNaJ5hlQHnJGzU+wbnc133cdYtg9vvhFVgameme8ElcOjZZxMJ + fPWXMAWc2Szx3Hs/jlaTSIH2GoX1Rr2HdrrNg0qOG/qhLPNrtmrxH/sCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + + faiwoo_tyil_net = '' + Address = 65.21.5.254 + Subnet = 10.57.20.5/32 + + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA3nBf2UWehfNWNrR6i4HJp64aPYI5SpV/7LplRwqXcmnJuHmQJ8Ht + Tozv5RHGGUNoSigbDxJSe16RQ0ESAzGNPSUEV6kntySXLvHSYb+SdjFm2wRpL8FI + 8t69ZnRF0x+4ZShfa0rgco8sDdkhuPMNrPu8U6bMs+o4Lh8sVTRhDThv2+VfQkxG + T4G9kgdsxP0yi8sq1uflSYY3mYlVl9OPZwSO+vcVO9JFPvkVYFrqDHtvFGFqziQ/ + KvKcjwDTjpNVkFfJD6SIheeVrhysGk8qQIVMYc8yW9I8HGD7uP1BccZ0C/+b310i + y3qkNz/qqtgy0AxrrzbmFsVDgVyiPlwsD2SL+C4m6uEvB0FvYeL2/7vL8fI4RqcJ + ORAcA5G4FgzZRgHdZoZ1W4OB6eUCV4g9l425qbP3VVngJjX9PjPA/puz0i1IB0ZW + 6ijGccgYtyj5+ibt3if0+inepT2BJba7pyQ4A92ogfsQKlSg1x27CfvsGKuMZjdo + y/akxYPEqKHQK37smpjcQTLVmLTTbGnf30ObTNW5LOJUmBue9B4fqBA/NV4fM1Gj + Omw/lazjwrJuenwEeGegRQhvjKlBLdjOnzsLoVrCCIe90KK/+RVSC0Mi2D0dzEPE + BNSbD4EJYs+6dJVT7+sneS8iwg9kG9wZ+UjeO4vraEjMrKj9BaKiJ1cCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + + gaeru_tyil_net = '' + Address = 37.48.120.26 + Subnet = 10.57.20.6/32 + + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA9NUrWO0L8lqrfs4BgZsLdfJZPfKx+Fi8P4k79CIBuVfkQ4OzJmoV + ahupoOo5edjYLJK09epa9zFRc1DuaotYC7Wm9DdIF82WNZXN9x/Mvuq06WaKXBdj + iTJKbYfVN/yv8Xfjzfp4DH3txwsq+9AuICHJkHOmb0lsDinpfbmP8C8ozBnutrLM + XGaIzXzkV2NbunyjaiR7dho5+4P6wedck+IV63KRzepbX36OW9xImmEEpBPeMPzd + VOgWs35FIgnE5uumXXfIax9CA9wFahvMYUlQbxA6kCg9PTteM3C44udFx8DxzGcR + giKEbfxjcZ4pK9JG+LTxNZC2BK1gsUNw8sX6mEEY496cs0T10RWzRZM/HvMIpj1W + 5i72yh6kc8ieSr9hGIkm/oM/gwrFeC11PZQKis1P/0O5j7Lv6S7u6Edrpy/+WziV + Yk10eZXzHcFuVAh9+wQUeD3v4bMQA/mE8RPI9JX4Xkpbu1LOhtglEwFU1CWlG179 + B990cfr3cjJkTqS7qEfWuNh2lQd4iwpgqyPZB7Dd7tHT5EKEZSZ+4+w9Xo8xfy0v + 7pdfImVHZ1PGVEsRk6AZZqcVcCRrjbKfqqL0m9JmB8vV5L3oZL/mXhFkh52aRMeZ + tzODNlBH0LW2TVVrBw3DJxFyRCRYjk4At8jagVe9fYM4ERkTQxqCFi0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + + hurzak_tyil_net = '' + Address = 178.162.131.11 + Subnet = 10.57.20.7/32 + + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAmL0UOj+pMAV7R1Lq0rj3D+oGRnp5fz1q+jtbK3janX7gz0lFcXA8 + k6nOAzwksihQ9QfPLa0NEFpZ8PbLZP1mTFCf4f+1RWy9S2o4hLEzi+Ka8h/X54oH + jOcEZQd7hGpwDGvU/lTG+1Iofh4NAsuiKIS/pT58fZ8WIGDIbL5PHYGas44MEJX6 + BXn9CJx8kzktFGJ27isCrl93kueSqp9ajNCCsmoisJxxdyxG8L+iWktuusTOoi31 + IhmKqhA9wf87p5bYJ7Ae1079OXT7RxjExG+z2C9s6UouxDEmI2oXtmn5luRQkikw + T/nV29NJoUETcgVgrW3LHKr25cbXoaeosIgRsD6bLs0plOzECNrpl+/7ZKhr86M0 + ZynJyfoAWFVKaCHSqD9Js5HH13U7oOpTPMIZgZO0CwtESeUE1z7j4xNPMF8x9Ajg + E7zny0SVO5JJNPqy6WFa1s5fWjU4YlFZKPG2jpIBqgw/unOCywQlQlrJH26Oo8RF + 5l9ccLmdQY2HWIpeY/BCEBCAZnsEt1/dV82HvgDeULXDyUOmpPgaNzCH445lzsg6 + xKtAyWt32VWS9x/OdAflmeHvKk+GM7g0X7g7IxCzkLRMYSn3M87IBKQ/cjE7yg50 + CbaLBdiDc3tVmR90fRalt/7PCccPychrFRFzE7E1/RIJKzqh6JTHUVkCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + + ivdea_tyil_net = '' + Subnet = 10.57.100.8/32 + + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA1cPD37/K8EHfro9L/qmEGcG7Ivu6Lvc9K9ry2f6YAjvLQHAwFrf3 + WXOHwg+x6aaE8Us7f2gHs8tU4NMNz4ggSIOesDOSUrVPOrrvZJnDaPzl8+bIOCrq + WOlgmo3RJv4w9G0QGmE7QGK2nX/gA05zaAMDP7Jd+yh7ohtYosth3/j/hetRdLD4 + j6D9tuwGKoQND3rlc7P4QV9bMM1wvKw63hj08YowBzD5GkYN+J833ZN2wmRqAvLp + cRnELg/UqSp0wu0l5VJImi8oz59zGzWPzxFBakemjCkM7xVe5LKK3ZkjwojWDTqG + BQXnhInrFplDm6j+A+jM1iOLwhwg1LbWthhzvrvZd68Dl3oBAsmRM8YmY7RjDpNW + nhqPWen5fum9kURwczY9GLj5GcRkBjEXVTU3KTpYKXeTZrRc3HT69WbbzdfXNKYj + aKRdL/OJZG4hNZFRgPHJP1svNrf4DLZiWIoAjeAdgXcHih1cUi2rP530YvRaajwT + FFDgcfRdWp00WQUkJ8Fcl//rynnZWjHSi4NXTsB7qVvdFClNqglxVewzBgBkriEO + n7SIXz6iNTaKLD63YaUY4oiqg4yY12P6ggY6U2atcXmK1g9syaYTIVD6MAA7XDxY + uI88cs2AZnjLsfpW4p7TD90r1qRZjbkguLhy71cEaIZMbH+H/8eAyD0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + + jaomox_tyil_net = '' + Address = 163.172.218.246 + Subnet = 10.57.21.1/32 + + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA1hTIMQha2vUVy0c8Ci5jF06T62IDDj9FhBtDBKOsvlZ1Lzh9OsqH + x7blL0WNBDoqmgyX0RdDwUIqnMOttMFK4y6ARY50Yw+s8m2uy3i9FgRUn2Y+Qjc8 + SmFh1fKt9yThKfBFDhUmTW0vjXlWR3jf77QB1PAJzk8wRmDx0GbBzcrsRMBrKc9a + rUN5mXz96xjkzq4vsAQ8W8aa4OmTR+oZcSe5iGzksXoh5BxmV8WjHK5ZpjuNi6qt + t1pWWanq3DG44/5pfvobULDh2Z1b8dV4oTGZW9CFFHmjOve5f+AQuy6nnFX9FH6R + dQ41GRCt3FFGMiCmej1BErPW2dE53A618vmcdd0J5Tt41TXX3oJo+gw3F1R5pNV7 + rd6hg634Iyx5y3JIJh9gQXbygCAnq32vtI6/j60MyGHk2Iu6KjfhtN56X/PRnJxa + G2swLdJtUi11WgEhEdBd2x3l3P46eVj4YS48d3J++9mFKZ+ejoKosc7u5Xaj055I + q0fQudOZswD4i8JT5cn7VFYAZSM+Po9Yxq9tfaIm5jld4f/XJGYL39lXBrUTFBWh + PFXDrb35MstSVgHWlKtsLJj+Por4K5NxHdUHRIsOaMGem5GgOYos0AvkLYiQngey + noZ41YSSyJwitHefW46+PKmx5MVlcMcwDOSpvZImTphnlKEttg9/RwMCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + + ludifah_tyil_net = '' + Subnet = 10.57.100.9/32 + + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA2pXuIIPoQhWLzTSsO0bvgkQ1+7RgqPVv8b6zNfmRUfj2uKy3OZEn + HS5TfmukDtHev/Z2p/UmBSHtaMT2/G+Nz7ogT0rMRBtjAk+DR9FYFz75zmsjQuFQ + U+deh/fQgrpsEDiNmapRtM6EwYYH/A/0MJ2eN9HPVUB864mN79ZfEhTWMbv6khbq + VwqAd+9GbjfRPLqifRpS9LuspXNpCBOl+r5l7+T1llN/BUgs71BVWbssaRUH7B2I + rS9qjhWfUN9RC3PX98yVbzTOeL/jxNn57eOr/KUDtRpqQwy2zFTAxT+d+X37abYK + OyHXBs3rLtpleoh6Hw9UNwLDUVfjpcrxwgFEogJosiA+CBG26b5H6mm+updkyKTE + 4r5y1+8dLQpmaLIaI7KFbPJTUaJvfGRwzulA/lDRdmZaetrHKrMqZyQ4M1Yq67Ba + 0cqDQEvnY/XoKTJTgNxn8cWMKm+biB7zs/92pKKPRmv6DQ+gjrDTepn5XzVbIFS9 + GM30AqQiqoNL0PbTYWMPQmznEJo8LyehWr621/GARLTMFa3Pp7eGm7Afwy4zA4hG + AZLNXdEE7YMVoQUHWfiTGUl9yxX7o6g3gdZloAwGjeGB7BHOmi4SJEg1hUJ8wOn8 + wtnjybxDTxdRkQ2RMdlsfSGZsu7jUxSjnPvwLWH/2cHXSmencQXOhTUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + }; + }; +} diff --git a/data.d/etc-nixos/env/global.nix b/data.d/etc-nixos/env/global.nix new file mode 100644 index 0000000..9bf9882 --- /dev/null +++ b/data.d/etc-nixos/env/global.nix @@ -0,0 +1,72 @@ +{ config, pkgs, ... }: + +{ + boot = { + supportedFilesystems = [ "zfs" ]; + zfs = { + forceImportRoot = false; + }; + }; + + environment = { + binsh = "${pkgs.dash}/bin/dash"; + shells = with pkgs; [ + bash + dash + zsh + ]; + systemPackages = with pkgs; [ + borgbackup + git + gnupg + jq + mosh + silver-searcher + tmux + vim + ]; + }; + + i18n = { + defaultLocale = "en_US.UTF-8"; + supportedLocales = [ + "C.UTF-8/UTF-8" + "en_US.UTF-8/UTF-8" + "nl_NL.UTF-8/UTF-8" + ]; + }; + + networking = { + domain = "tyil.net"; + }; + + programs = { + zsh = { + enable = true; + }; + }; + + services = { + openssh = { + enable = true; + }; + }; + + system = { + copySystemConfiguration = true; + }; + + time = { + timeZone = "Europe/Amsterdam"; + }; + + users = { + users = { + tyil = { + extraGroups = [ "wheel" ]; + isNormalUser = true; + shell = pkgs.zsh; + }; + }; + }; +} diff --git a/data.d/etc-nixos/env/laptop.nix b/data.d/etc-nixos/env/laptop.nix new file mode 100644 index 0000000..2681547 --- /dev/null +++ b/data.d/etc-nixos/env/laptop.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ./workstation.nix + ]; + + environment = { + systemPackages = with pkgs; [ + acpi + ]; + }; +} diff --git a/data.d/etc-nixos/env/server.nix b/data.d/etc-nixos/env/server.nix new file mode 100644 index 0000000..b04af8d --- /dev/null +++ b/data.d/etc-nixos/env/server.nix @@ -0,0 +1,7 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ./global.nix + ]; +} diff --git a/data.d/etc-nixos/env/workstation.nix b/data.d/etc-nixos/env/workstation.nix new file mode 100644 index 0000000..93cef52 --- /dev/null +++ b/data.d/etc-nixos/env/workstation.nix @@ -0,0 +1,74 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ./global.nix + ]; + + environment = { + systemPackages = with pkgs; [ + # CLI programs + kubectl + kubernetes-helm + neomutt + notmuch + ntfy-sh + pass + plantuml + shellcheck + tree + + # GUI utils + xclip + xdotool + xprintidle + + # GUI programs + alacritty + chromium + feh + mpv + nextcloud-client + pavucontrol + qutebrowser + scrot + yt-dlp + zathura + signal-desktop + ]; + }; + + fonts.fonts = with pkgs; [ + open-sans + liberation_ttf + ]; + + hardware = { + pulseaudio = { + enable = true; + }; + }; + + programs = { + gnupg = { + agent = { + enable = true; + enableSSHSupport = true; + }; + }; + }; + + services = { + pcscd = { + enable = true; + }; + }; + + users = { + users = { + tyil = { + extraGroups = [ "audio" "video" ]; + }; + }; + }; +} diff --git a/data.d/etc-nixos/wm/awesome.nix b/data.d/etc-nixos/wm/awesome.nix new file mode 100644 index 0000000..b427f4a --- /dev/null +++ b/data.d/etc-nixos/wm/awesome.nix @@ -0,0 +1,30 @@ +{ config, pkgs, ... }: + +{ + environment = { + systemPackages = with pkgs; [ + dunst + physlock + redshift + rofi + sxhkd + xcompmgr + ]; + }; + + services = { + xserver = { + enable = true; + displayManager = { + startx = { + enable = true; + }; + }; + windowManager = { + awesome = { + enable = true; + }; + }; + }; + }; +} diff --git a/data.d/etc-nixos/wm/herbstluftwm.nix b/data.d/etc-nixos/wm/herbstluftwm.nix new file mode 100644 index 0000000..5dd884b --- /dev/null +++ b/data.d/etc-nixos/wm/herbstluftwm.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + environment = { + systemPackages = with pkgs; [ + redshift + xcompmgr + rofi + ]; + }; + + services = { + xserver = { + enable = true; + windowManager = { + herbstluftwm = { + enable = true; + }; + }; + }; + }; +} diff --git a/data.d/etc-nixos/wm/kde.nix b/data.d/etc-nixos/wm/kde.nix new file mode 100644 index 0000000..6f60249 --- /dev/null +++ b/data.d/etc-nixos/wm/kde.nix @@ -0,0 +1,55 @@ +{ config, pkgs, ... }: + +{ + environment = { + systemPackages = with pkgs; [ + arc-kde-theme + kmymoney + plasma-pass + pinentry-qt + libsForQt5.kaccounts-integration + libsForQt5.kaccounts-providers + libsForQt5.kweather + libsForQt5.kalendar + libsForQt5.kmail + thunderbird + ]; + }; + + networking = { + firewall = { + allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; # kdeconnect + allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; # kdeconnect + }; + }; + + programs = { + dconf = { + enable = true; + }; + gnupg = { + agent = { + pinentryFlavor = "qt"; + }; + }; + kdeconnect = { + enable = true; + }; + }; + + services = { + xserver = { + enable = true; + displayManager = { + sddm = { + enable = true; + }; + }; + desktopManager = { + plasma5 = { + enable = true; + }; + }; + }; + }; +} diff --git a/data.d/etc-portage/.gitignore b/data.d/etc-portage/.gitignore new file mode 100644 index 0000000..72e8ffc --- /dev/null +++ b/data.d/etc-portage/.gitignore @@ -0,0 +1 @@ +* diff --git a/data.d/etc-portage/make.conf/00-defaults.conf b/data.d/etc-portage/make.conf/00-defaults.conf new file mode 100644 index 0000000..21c3c58 --- /dev/null +++ b/data.d/etc-portage/make.conf/00-defaults.conf @@ -0,0 +1,15 @@ +# These settings were set by the catalyst build script that automatically +# built this stage. +# Please consult /usr/share/portage/config/make.conf.example for a more +# detailed example. +COMMON_FLAGS="-O2 -pipe" +CFLAGS="${COMMON_FLAGS}" +CXXFLAGS="${COMMON_FLAGS}" +FCFLAGS="${COMMON_FLAGS}" +FFLAGS="${COMMON_FLAGS}" + +# NOTE: This stage was built with the bindist Use flag enabled + +# This sets the language of build output to English. +# Please keep this setting intact when reporting bugs. +LC_MESSAGES=C.utf8 diff --git a/data.d/etc-portage/make.conf/10-global.conf b/data.d/etc-portage/make.conf/10-global.conf new file mode 100644 index 0000000..deff7d8 --- /dev/null +++ b/data.d/etc-portage/make.conf/10-global.conf @@ -0,0 +1,54 @@ +USE=" + bash-completion + introspection + vim-syntax + zsh-completion +" + +FEATURES=" + $FEATURES + buildpkg + network-sandbox + parallel-fetch + parallel-install + sandbox + sign + userfetch + userpriv + usersandbox + usersync +" + +EMERGE_DEFAULT_OPTS=" + $EMERGE_DEFAULT_OPTS + --alert + --ask + --binpkg-changed-deps=y + --binpkg-respect-use=y + --buildpkg-exclude */*-bin + --buildpkg-exclude acct-*/* + --buildpkg-exclude sys-kernel/*-sources + --buildpkg-exclude virtual/* + --keep-going + --tree + --usepkg-exclude */*-bin + --usepkg-exclude acct-*/* + --usepkg-exclude sys-kernel/*-sources + --usepkg-exclude virtual/* + --verbose +" + +PKGDIR="/var/portage/packages" +DISTDIR="/var/portage/distfiles" + +ACCEPT_LICENSE=" + -* + @FREE +" + +LC_MESSAGES=C.UTF8 + +L10N=" + en + nl +" diff --git a/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords b/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords new file mode 100644 index 0000000..2376e42 --- /dev/null +++ b/data.d/etc-portage/package.accept_keywords/15-vpn.accept_keywords @@ -0,0 +1 @@ +net-vpn/tinc ~* diff --git a/data.d/etc-portage/package.license b/data.d/etc-portage/package.license new file mode 100644 index 0000000..348558e --- /dev/null +++ b/data.d/etc-portage/package.license @@ -0,0 +1 @@ +sys-kernel/linux-firmware linux-fw-redistributable diff --git a/data.d/etc-portage/package.use/15-apcupsd.use b/data.d/etc-portage/package.use/15-apcupsd.use new file mode 100644 index 0000000..91eeffb --- /dev/null +++ b/data.d/etc-portage/package.use/15-apcupsd.use @@ -0,0 +1 @@ +sys-apps/util-linux tty-helpers diff --git a/data.d/etc-portage/repos.conf/gentoo.conf b/data.d/etc-portage/repos.conf/gentoo.conf new file mode 100644 index 0000000..6cb6e3b --- /dev/null +++ b/data.d/etc-portage/repos.conf/gentoo.conf @@ -0,0 +1,19 @@ +[DEFAULT] +main-repo = gentoo + +[gentoo] +location = /var/db/repos/gentoo +sync-type = rsync +sync-uri = rsync://rsync.gentoo.org/gentoo-portage +auto-sync = yes +sync-rsync-verify-jobs = 1 +sync-rsync-verify-metamanifest = yes +sync-rsync-verify-max-age = 24 +sync-openpgp-key-path = /usr/share/openpgp-keys/gentoo-release.asc +sync-openpgp-keyserver = hkps://keys.gentoo.org +sync-openpgp-key-refresh-retry-count = 40 +sync-openpgp-key-refresh-retry-overall-timeout = 1200 +sync-openpgp-key-refresh-retry-delay-exp-base = 2 +sync-openpgp-key-refresh-retry-delay-max = 60 +sync-openpgp-key-refresh-retry-delay-mult = 4 +sync-webrsync-verify-signature = yes diff --git a/data.d/k3s-master/helm.d/certmanager.yaml b/data.d/k3s-master/helm.d/certmanager.yaml new file mode 100644 index 0000000..1b4551c --- /dev/null +++ b/data.d/k3s-master/helm.d/certmanager.yaml @@ -0,0 +1 @@ +installCRDs: true diff --git a/data.d/k3s-master/helm.d/mimir.yaml b/data.d/k3s-master/helm.d/mimir.yaml new file mode 100644 index 0000000..31a8b93 --- /dev/null +++ b/data.d/k3s-master/helm.d/mimir.yaml @@ -0,0 +1,6 @@ +minio: + enabled: false +ingester: + replicas: 1 + persistentVolume: + storageClass: "local-path" diff --git a/data.d/k3s-master/helm.d/minio.yaml b/data.d/k3s-master/helm.d/minio.yaml new file mode 100644 index 0000000..3a4731d --- /dev/null +++ b/data.d/k3s-master/helm.d/minio.yaml @@ -0,0 +1,29 @@ +mode: standalone +replicas: 1 +ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + hosts: + - s3.tyil.nl + tls: + - hosts: + - s3.tyil.nl + secretName: tls-nl.tyil.s3 +consoleIngress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + path: / + hosts: + - minio.tyil.nl + tls: + - hosts: + - minio.tyil.nl + secretName: tls-nl.tyil.minio +persistence: + enabled: true + existingClaim: minio-data +resources: + requests: + memory: 512Mi diff --git a/data.d/k3s-master/helm.d/redis.yaml b/data.d/k3s-master/helm.d/redis.yaml new file mode 100644 index 0000000..1163194 --- /dev/null +++ b/data.d/k3s-master/helm.d/redis.yaml @@ -0,0 +1,15 @@ +architecture: standalone +master: + resources: + requests: + memory: 16Mi + limits: + memory: 128Mi +replica: + replicaCount: 0 +auth: + enabled: false + sentinel: false +commonConfiguration: |- + maxmemory 100mb + maxmemory-policy allkeys-lfu diff --git a/data.d/k3s-master/helm.d/seaweedfs-csi-driver.yaml b/data.d/k3s-master/helm.d/seaweedfs-csi-driver.yaml new file mode 100644 index 0000000..77b6962 --- /dev/null +++ b/data.d/k3s-master/helm.d/seaweedfs-csi-driver.yaml @@ -0,0 +1 @@ +seaweedfsFiler: "10.57.101.10:8888" diff --git a/data.d/k3s-master/manifests.d/jaomox/cluster-issuers.yaml b/data.d/k3s-master/manifests.d/jaomox/cluster-issuers.yaml new file mode 100644 index 0000000..bb2758e --- /dev/null +++ b/data.d/k3s-master/manifests.d/jaomox/cluster-issuers.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + email: root@tyil.net + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: clusterissuer-letsencrypt-staging + solvers: + - http01: + ingress: + class: traefik + selector: {} +... +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-production +spec: + acme: + email: root@tyil.net + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: clusterissuer-letsencrypt-production + solvers: + - http01: + ingress: + class: traefik +... diff --git a/playbooks.d/k3s-master/manifests/namespaces/personal-services.yaml b/data.d/k3s-master/manifests.d/jaomox/namespaces.yaml index f9151e9..2211e87 100644 --- a/playbooks.d/k3s-master/manifests/namespaces/personal-services.yaml +++ b/data.d/k3s-master/manifests.d/jaomox/namespaces.yaml @@ -2,5 +2,11 @@ apiVersion: v1 kind: Namespace metadata: + name: base-system +... +--- +apiVersion: v1 +kind: Namespace +metadata: name: personal-services ... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/volume.yaml b/data.d/k3s-master/manifests.d/jaomox/persistent-volumes.yaml index ce857ab..5ee32dd 100644 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/volume.yaml +++ b/data.d/k3s-master/manifests.d/jaomox/persistent-volumes.yaml @@ -2,13 +2,13 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: nextcloud-data - namespace: personal-services + name: minio-data spec: - accessModes: - - ReadWriteOnce + storageClassName: local-path capacity: storage: 50Gi + accessModes: + - ReadWriteOnce hostPath: - path: "/var/www/nl.tyil.cloud/data" + path: /srv/personal-services/minio-data ... diff --git a/data.d/k3s-master/manifests.d/jaomox/personal-services/minio/persistent-volume-claim.yaml b/data.d/k3s-master/manifests.d/jaomox/personal-services/minio/persistent-volume-claim.yaml new file mode 100644 index 0000000..ca3ee2b --- /dev/null +++ b/data.d/k3s-master/manifests.d/jaomox/personal-services/minio/persistent-volume-claim.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: minio-data + namespace: personal-services +spec: + storageClassName: local-path + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 50Gi +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/helm-chart.yaml new file mode 100644 index 0000000..bfa00c1 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/helm-chart.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: keycloak + namespace: auth-system +spec: + chart: oci://registry-1.docker.io/bitnamicharts/keycloak + valuesContent: |- + global: + storageClass: longhorn + clusterDomain: k3s.tyil.nl + externalDatabase: + existingSecret: keycloak-database + existingSecretHostKey: host + existingSecretPortKey: port + existingSecretUserKey: user + existingSecretDatabaseKey: database + existingSecretPasswordKey: password + extraEnvVars: + - name: KC_HOSTNAME_URL + value: "https://keycloak.tyil.nl" + - name: KC_HOSTNAME_ADMIN_URL + value: "https://keycloak.tyil.nl" + - name: KC_PROXY + value: "edge" + resources: + requests: + cpu: 100m + memory: 512Mi + limits: + cpu: 200m + memory: 1024Mi + ingress: + enabled: true + certManager: true + tls: true + hostname: keycloak.tyil.nl + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd + ingressClassName: traefik + metrics: + enabled: true + serviceMonitor: + enabled: true + postgresql: + enabled: false +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml new file mode 100644 index 0000000..26f46ef --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + spec: + nodeName: oolah.tyil.net + containers: + - env: + - name: GID + value: "1001" + - name: TZ + value: Europe/Amsterdam + - name: UID + value: "1001" + image: nitnelave/lldap:stable + name: lldap + ports: + - containerPort: 3890 + - containerPort: 6360 + - containerPort: 17170 + volumeMounts: + - mountPath: /data + name: data + resources: + requests: + memory: 32Mi + limits: + memory: 128Mi + restartPolicy: Always + volumes: + - name: data + hostPath: + path: /etc/lldap +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml new file mode 100644 index 0000000..4e32f29 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - ldap.tyil.nl + secretName: tls-nl.tyil.ldap + rules: + - host: ldap.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: lldap + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml new file mode 100644 index 0000000..38479d4 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + storageClassName: longhorn + resources: + requests: + storage: "1Mi" + accessModes: + - ReadWriteMany +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml new file mode 100644 index 0000000..76aea0f --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml @@ -0,0 +1,51 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + ports: + - name: http + port: 80 + targetPort: 17170 +... +--- +apiVersion: v1 +kind: Service +metadata: + # This port may _not_ be named "lldap_ldap", as the application itself wants + # to use LLDAP_LDAP_PORT, which Kubernetes will override with a value the + # application can't handle. + name: ldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + type: LoadBalancer + ports: + - name: ldap + port: 389 + targetPort: 3890 + - name: ldaps + port: 636 + targetPort: 6360 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/helm-chart b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/helm-chart new file mode 100644 index 0000000..4350177 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/helm-chart @@ -0,0 +1,13 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: certmanager + namespace: kube-system +spec: + repo: https://charts.jetstack.io + chart: cert-manager + targetNamespace: base-system + valuesContent: | + installCRDs: true +... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/letsencrypt-production.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-production.yaml index 75aea5f..dbff2c2 100644 --- a/playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/letsencrypt-production.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-production.yaml @@ -12,5 +12,5 @@ spec: solvers: - http01: ingress: - class: nginx + class: traefik ... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/letsencrypt-staging.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-staging.yaml index 73a1f50..9b0a27d 100644 --- a/playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/letsencrypt-staging.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-staging.yaml @@ -12,6 +12,6 @@ spec: solvers: - http01: ingress: - class: nginx + class: traefik selector: {} ... diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/deployment.yaml new file mode 100644 index 0000000..68b920f --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/deployment.yaml @@ -0,0 +1,68 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: garage + namespace: base-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: garage + app.kubernetes.io/part-of: base-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: garage + app.kubernetes.io/part-of: base-system + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: garage + app.kubernetes.io/part-of: base-system + spec: + nodeName: mieshu.tyil.net + containers: + - image: dxflrs/garage:v0.8.0 + name: garage + ports: + - containerPort: 3900 + - containerPort: 3901 + - containerPort: 3902 + - containerPort: 3903 + - containerPort: 3904 + volumeMounts: + - mountPath: /var/lib/garage/meta + name: meta + - mountPath: /var/lib/garage/data + name: data + - mountPath: /etc/garage.toml + name: config + restartPolicy: Always + volumes: + - name: data + hostPath: + path: /mnt/pool/garage/data + - name: meta + hostPath: + path: /mnt/pool/garage/meta + - name: config + hostPath: + path: /etc/garage.toml + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - garage + topologyKey: "kubernetes.io/hostname" +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/ingress.yaml new file mode 100644 index 0000000..92458cc --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/ingress.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: garage + namespace: base-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: s3 + app.kubernetes.io/part-of: garage + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - misskey.s3.tyil.nl + secretName: tls-nl.tyil.s3.misskey + - hosts: + - dist.s3.tyil.nl + secretName: tls-nl-tyil.s3.dist + rules: + - host: "*.s3.tyil.nl" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: garage + port: + number: 3902 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/persistent-volume-claim.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/persistent-volume-claim.yaml new file mode 100644 index 0000000..8e54918 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/persistent-volume-claim.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: garage-data + namespace: base-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: garage-data + app.kubernetes.io/part-of: base-system +spec: + storageClassName: longhorn + resources: + requests: + storage: "10Gi" + accessModes: + - ReadWriteMany +... +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: garage-meta + namespace: base-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: garage-meta + app.kubernetes.io/part-of: base-system +spec: + storageClassName: longhorn + resources: + requests: + storage: "5Gi" + accessModes: + - ReadWriteMany +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/service.yaml new file mode 100644 index 0000000..fa48032 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/garage/service.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: garage + namespace: base-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: garage + app.kubernetes.io/part-of: base-system +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: garage + app.kubernetes.io/part-of: base-system + type: LoadBalancer + ports: + - name: s3 + port: 3900 + targetPort: 3900 + - name: s3-rpc + port: 3901 + targetPort: 3901 + - name: s3-web + port: 3902 + targetPort: 3902 + - name: s3-admin + port: 3903 + targetPort: 3903 + - name: s3-k2v + port: 3904 + targetPort: 3904 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/auth-proxy.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/auth-proxy.yaml new file mode 100644 index 0000000..d3823c1 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/auth-proxy.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: auth-proxy-longhorn + namespace: base-system +spec: + chart: https://git.tyil.nl/helm/oauth2-proxy/snapshot/oauth2-proxy-497a618778ead59ce985b81031a863dda9ff2126.tar.gz + valuesContent: |- + image: + tag: v7.4.0 + secret: + enabled: false + envFrom: + secretRef: + - name: auth-proxy-longhorn + ingress: + enabled: true + ingressClassName: traefik + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd + tls: + - secretName: tls-nl.tyil.longhorn + hosts: + - longhorn.tyil.nl + hosts: + - host: longhorn.tyil.nl + paths: + - path: / + pathType: Prefix diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/helm-chart.yaml new file mode 100644 index 0000000..e5cce42 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/helm-chart.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: longhorn + namespace: base-system +spec: + repo: https://charts.longhorn.io + chart: longhorn + valuesContent: |- + persistence: + defaultClass: true + defaultFsType: xfs + defaultClassReplicaCount: 1 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/service-monitor.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/service-monitor.yaml new file mode 100644 index 0000000..07981b6 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/longhorn/service-monitor.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: longhorn + namespace: base-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: longhorn + app.kubernetes.io/part-of: base-system +spec: + selector: + matchLabels: + app: longhorn-manager + namespaceSelector: + matchNames: + - base-system + endpoints: + - port: manager +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/chat-system/biboumi/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/chat-system/biboumi/deployment.yaml new file mode 100644 index 0000000..60f07d7 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/chat-system/biboumi/deployment.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: biboumi + namespace: chat-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: biboumi + app.kubernetes.io/part-of: chat-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: biboumi + app.kubernetes.io/part-of: chat-system + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: biboumi + app.kubernetes.io/part-of: chat-system + spec: + containers: + - image: louiz/biboumi:9.0 + name: biboumi + ports: + - containerPort: 5437 + env: + - name: BIBOUMI_ADMIN + value: tyil@chat.tyil.nl + - name: BIBOUMI_DB_NAME + valueFrom: + secretKeyRef: + name: biboumi-config + key: db-name + - name: BIBOUMI_HOSTNAME + value: biboumi.chat.tyil.nl + - name: BIBOUMI_PASSWORD + valueFrom: + secretKeyRef: + name: biboumi-config + key: password + - name: BIBOUMI_XMPP_SERVER_IP + value: prosody + - name: BIBOUMI_PERSISTENT_BY_DEFAULT + value: "true" + restartPolicy: Always +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/configmap.yaml b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/configmap.yaml new file mode 100644 index 0000000..64a6e5f --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/configmap.yaml @@ -0,0 +1,159 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: prosody-config + namespace: chat-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: chat-system +data: + prosody.cfg.lua: | + -- Information on configuring Prosody can be found on our + -- website at https://prosody.im/doc/configure + + daemonize = false; + + ---------- Server-wide settings ---------- + admins = { + "tyil@chat.tyil.nl", + } + + log = { + { levels = { min = "debug" }, to = "console" }; + } + + plugin_paths = { "/usr/local/lib/prosody/modules" } + + modules_enabled = { + -- Generally required + "disco"; -- Service discovery + "roster"; -- Allow users to have a roster. Recommended ;) + "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. + "tls"; -- Add support for secure TLS on c2s/s2s connections + + -- Not essential, but recommended + "adhoc"; -- XEP-0050 + "blocklist"; -- Allow users to block communications with other users + --"bookmarks"; -- Synchronise the list of open rooms between clients + "carbons"; -- Keep multiple online clients in sync + "dialback"; -- Support for verifying remote servers using DNS + "limits"; -- Enable bandwidth limiting for XMPP connections + "pep"; -- Allow users to store public and private data in their account + "private"; -- Legacy account storage mechanism (XEP-0049) + --"smacks"; -- Stream management and resumption (XEP-0198) + "vcard4"; -- User profiles (stored in PEP) + "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard + + -- Nice to have + "csi_simple"; -- Simple but effective traffic optimizations for mobile devices + --"invites"; -- Create and manage invites + --"invites_adhoc"; -- Allow admins/users to create invitations via their client + --"invites_register"; -- Allows invited users to create accounts + "ping"; -- Replies to XMPP pings with pongs + "register"; -- Allow users to register on this server using a client and change passwords + "time"; -- Let others know the time here on this server + "uptime"; -- Report how long server has been running + "version"; -- Replies to server version requests + "mam"; -- Store recent messages to allow multi-device synchronization + --"turn_external"; -- Provide external STUN/TURN service for e.g. audio/video calls + + -- Admin interfaces + "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands + --"admin_shell"; -- Allow secure administration via 'prosodyctl shell' + + -- HTTP modules + --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" + --"http_openmetrics"; -- for exposing metrics to stats collectors + --"websocket"; -- XMPP over WebSockets + + -- Other specific functionality + "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. + --"announce"; -- Send announcement to all online users + --"groups"; -- Shared roster support + --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. + --"mimicking"; -- Prevent address spoofing + --"motd"; -- Send a message to users when they log in + --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use + --"s2s_bidi"; -- Bi-directional server-to-server (XEP-0288) + --"server_contact_info"; -- Publish contact information for this service + --"tombstones"; -- Prevent registration of deleted accounts + --"watchregistrations"; -- Alert admins of registrations + --"welcome"; -- Welcome users who register accounts + } + + modules_disabled = { + -- "offline"; -- Store offline messages + -- "c2s"; -- Handle client connections + -- "s2s"; -- Handle server-to-server connections + } + + s2s_secure_auth = true + + limits = { + c2s = { + rate = "10kb/s"; + }; + s2sin = { + rate = "30kb/s"; + }; + } + + authentication = "internal_hashed" + archive_expires_after = "1w" -- Remove archived messages after 1 week + + -- Audio/video call relay (STUN/TURN) + -- To ensure clients connected to the server can establish connections for + -- low-latency media streaming (such as audio and video calls), it is + -- recommended to run a STUN/TURN server for clients to use. If you do this, + -- specify the details here so clients can discover it. + -- Find more information at https://prosody.im/doc/turn + + -- Specify the address of the TURN service (you may use the same domain as XMPP) + --turn_external_host = "turn.example.com" + + -- This secret must be set to the same value in both Prosody and the TURN server + --turn_external_secret = "your-secret-turn-access-token" + statistics = "internal" + + -- Load configuration from secrets + Include "secrets.d/*" + + -- Configure components + component_ports = { + 5347, + } + component_interfaces = { + "*", + "::", + } + + Include "components.d/*" + + -- Load configuration for additional hosts + Include "hosts.d/*" +... +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: prosody-vhosts + namespace: chat-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: chat-system +data: + chat.tyil.nl: | + VirtualHost "chat.tyil.nl" + ssl = { + certificate = "certs.d/chat.tyil.nl/tls.crt"; + key = "certs.d/chat.tyil.nl/tls.key"; + } + + Component "muc.chat.tyil.nl" "muc" + name = "Tyil's Chatrooms" +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/deployment.yaml new file mode 100644 index 0000000..ad91eea --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/deployment.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: prosody + namespace: chat-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: chat-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: chat-system + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: chat-system + spec: + containers: + - image: prosody/prosody:0.11 + name: prosody + ports: + - containerPort: 5222 + - containerPort: 5269 + - containerPort: 5347 + volumeMounts: + - mountPath: /etc/prosody + name: config + - mountPath: /etc/prosody/secrets.d + name: config-secret + - mountPath: /etc/prosody/components.d + name: config-components + - mountPath: /etc/prosody/hosts.d + name: config-hosts + - mountPath: /etc/prosody/certs.d/chat.tyil.nl + name: cert-nl-tyil-chat + readOnly: true + restartPolicy: Always + volumes: + - name: config + configMap: + name: prosody-config + - name: config-secret + secret: + secretName: prosody-config + - name: config-components + secret: + secretName: prosody-components + - name: config-hosts + configMap: + name: prosody-vhosts + - name: cert-nl-tyil-chat + secret: + secretName: tls-nl.tyil.chat +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/ingress.yaml new file mode 100644 index 0000000..64b47c8 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/ingress.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: prosody + namespace: chat-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: chat-system + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" +spec: + ingressClassName: traefik + tls: + - hosts: + - chat.tyil.nl + - muc.chat.tyil.nl + - share.chat.tyil.nl + secretName: tls-nl.tyil.chat + rules: + - host: chat.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: prosody + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/service.yaml new file mode 100644 index 0000000..8ecd4b8 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/chat-system/prosody/service.yaml @@ -0,0 +1,54 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: xmpp + namespace: chat-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: xmpp + app.kubernetes.io/part-of: chat-system +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: chat-system + type: NodePort + ports: + - name: xmpp-c2s + port: 5222 + nodePort: 5222 + - name: xmpp-s2s + port: 5269 + nodePort: 5269 +... +--- +apiVersion: v1 +kind: Service +metadata: + name: prosody + namespace: chat-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: chat-system +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prosody + app.kubernetes.io/part-of: chat-system + ports: + - name: xmpp-c2s + port: 5222 + targetPort: 5222 + - name: xmpp-s2s + port: 5269 + targetPort: 5269 + - name: components + port: 5347 + targetPort: 5347 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/chat-system/sleamdge/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/chat-system/sleamdge/deployment.yaml new file mode 100644 index 0000000..7816ab5 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/chat-system/sleamdge/deployment.yaml @@ -0,0 +1,51 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sleamdge + namespace: chat-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sleamdge + app.kubernetes.io/part-of: chat-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sleamdge + app.kubernetes.io/part-of: chat-system + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sleamdge + app.kubernetes.io/part-of: chat-system + spec: + nodeName: "oolah.tyil.net" + containers: + - image: nicocool84/sleamdge:master + name: sleamdge + args: + - "--secret=$(SECRET)" + - "--jid=$(JID)" + env: + - name: SECRET + value: "rl3iB4RTX8qgX30ECGNyhzQgfbnVpAgkGIlw6UGqNbWfnIuGyYzzuQPQh1CV" + - name: JID + value: "sleamdge.chat.tyil.nl" + volumeMounts: + - name: data + mountPath: /var/lib/slidge + restartPolicy: Always + volumes: + - name: data + hostPath: + path: /var/lib/slidge + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/event-bus.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/event-bus.yaml new file mode 100644 index 0000000..de5b67f --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/event-bus.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: EventBus +metadata: + name: default + namespace: cicd-system +spec: + nats: + native: + replicas: 3 + containerTemplate: + resources: + requests: + cpu: "10m" + memory: "64Mi" + persistence: + storageClassName: longhorn + accessMode: ReadWriteOnce + volumeSize: 1Gi +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/helm-chart.yaml new file mode 100644 index 0000000..3acd2cd --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-events/helm-chart.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: argo-events + namespace: cicd-system +spec: + repo: https://argoproj.github.io/argo-helm + chart: argo-events + valuesContent: |- + controller: + rbac: + namespaced: true + serviceAccount: + name: argo-events +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml new file mode 100644 index 0000000..7978820 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/argo-workflows/helm-chart.yaml @@ -0,0 +1,64 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: argo-workflows + namespace: cicd-system +spec: + repo: https://argoproj.github.io/argo-helm + chart: argo-workflows + valuesContent: |- + artifactRepository: + archiveLogs: true + s3: + bucket: argo + endpoint: 10.57.101.1:3900 + insecure: true + accessKeySecret: + name: credentials + key: garageAccessKey + secretKeySecret: + name: credentials + key: garageSecretKey + controller: + persistence: + archive: true + postgresql: + host: 10.57.101.20 + port: 5432 + database: argo + tableName: argo_workflows + userNameSecret: + name: credentials + key: postgresqlUsername + passwordSecret: + name: credentials + key: postgresqlPassword + workflowDefaults: + spec: + entrypoint: main + serviceAccountName: "argo-runner" + ttlStrategy: + secondsAfterCompletion: 300 + podGC: + strategy: null + singleNamespace: true + server: + extraArgs: + - "--auth-mode=server" + ingress: + enabled: false + ingressClassName: traefik + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd + tls: + - secretName: tls-nl.tyil.ci + hosts: + - ci.tyil.nl + hosts: + - ci.tyil.nl + workflow: + serviceAccount: + create: true +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/auth-proxy.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/auth-proxy.yaml new file mode 100644 index 0000000..3b96bf8 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/auth-proxy.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: auth-proxy-ci + namespace: cicd-system +spec: + chart: https://git.tyil.nl/helm/oauth2-proxy/snapshot/oauth2-proxy-497a618778ead59ce985b81031a863dda9ff2126.tar.gz + valuesContent: |- + image: + tag: v7.4.0 + secret: + enabled: false + envFrom: + secretRef: + - name: auth-proxy-ci + ingress: + enabled: true + ingressClassName: traefik + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd + traefik.ingress.kubernetes.io/router.middlewares: kube-system-headers-argo@kubernetescrd + tls: + - secretName: tls-nl.tyil.ci + hosts: + - ci.tyil.nl + hosts: + - host: ci.tyil.nl + paths: + - path: / + pathType: Prefix +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/ingress.yaml new file mode 100644 index 0000000..39da576 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/ingress.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ci + namespace: cicd-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: trigger-bashtard + app.kubernetes.io/part-of: cicd-system + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd + traefik.ingress.kubernetes.io/router.middlewares: kube-system-headers-argo@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - ci.tyil.nl + secretName: tls-nl.tyil.ci + rules: + - host: ci.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: auth-proxy-ci-oauth2-proxy + port: + number: 4180 + - path: /trigger + pathType: Prefix + backend: + service: + name: webhook-eventsource-svc + port: + number: 12000 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml new file mode 100644 index 0000000..ddca028 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo-runner + namespace: cicd-system +automountServiceAccountToken: true +... +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-runner + namespace: cicd-system +rules: +- apiGroups: + - "" + resources: + - secrets + - persistentvolumeclaims + - pods + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - get + - list +- apiGroups: + - argoproj.io + resources: + - eventbus + - eventsources + - sensors + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - workflows + - workflowtaskresults + verbs: + - get + - list + - create + - update + - patch + - watch +... +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-runner + namespace: cicd-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-runner +subjects: +- kind: ServiceAccount + name: argo-runner + namespace: cicd-system +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-bus/default.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-bus/default.yaml new file mode 100644 index 0000000..de5b67f --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-bus/default.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: EventBus +metadata: + name: default + namespace: cicd-system +spec: + nats: + native: + replicas: 3 + containerTemplate: + resources: + requests: + cpu: "10m" + memory: "64Mi" + persistence: + storageClassName: longhorn + accessMode: ReadWriteOnce + volumeSize: 1Gi +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-sources/webhook.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-sources/webhook.yaml new file mode 100644 index 0000000..1b901e0 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/event-sources/webhook.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: EventSource +metadata: + name: webhook + namespace: cicd-system +spec: + service: + ports: + - port: 12000 + targetPort: 12000 + webhook: + default: + endpoint: /trigger + method: POST + port: "12000" + url: https://ci.tyil.nl + generic-raku: + endpoint: /trigger/generic-raku + method: POST + port: "12000" + url: https://ci.tyil.nl + project-bashtard: + endpoint: /trigger/project-bashtard + method: POST + port: "12000" + url: https://ci.tyil.nl +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/default.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/default.yaml new file mode 100644 index 0000000..b97239c --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/default.yaml @@ -0,0 +1,61 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Sensor +metadata: + name: default + namespace: cicd-system +spec: + template: + serviceAccountName: argo-runner + dependencies: + - name: webhook + eventSourceName: webhook + eventName: generic + triggers: + - template: + name: webhook-workflow-trigger + k8s: + operation: create + source: + resource: + apiVersion: argoproj.io/v1alpha1 + kind: Workflow + metadata: + generateName: generic + spec: + entrypoint: main + arguments: + parameters: + - name: ref + value: "" + - name: repo + value: "" + templates: + - name: main + inputs: + parameters: + - name: ref + value: "{{workflows.parameters.ref}}" + steps: + - - name: main + templateRef: + name: generic + template: main + arguments: + parameters: + - name: ref + value: "{{inputs.parameters.ref}}" + - name: repo + value: "{{inputs.parameters.repo}}" + parameters: + - src: + dependencyName: webhook + dataKey: body.commit + value: "origin/master" + dest: spec.arguments.parameters.0.value + - src: + dependencyName: "webhook" + dataKey: body.repo + value: "" + dest: spec.arguments.parameters.1.value +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/generic-raku.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/generic-raku.yaml new file mode 100644 index 0000000..ca42ce9 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/generic-raku.yaml @@ -0,0 +1,61 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Sensor +metadata: + name: generic-raku + namespace: cicd-system +spec: + template: + serviceAccountName: argo-runner + dependencies: + - name: webhook + eventSourceName: webhook + eventName: project-raku-config-parser-toml + triggers: + - template: + name: webhook-workflow-trigger + k8s: + operation: create + source: + resource: + apiVersion: argoproj.io/v1alpha1 + kind: Workflow + metadata: + generateName: generic-raku- + spec: + entrypoint: main + arguments: + parameters: + - name: ref + value: "" + - name: repo + value: "" + templates: + - name: main + inputs: + parameters: + - name: ref + value: "{{workflows.parameters.ref}}" + steps: + - - name: main + templateRef: + name: generic-raku + template: main + arguments: + parameters: + - name: ref + value: "{{inputs.parameters.ref}}" + - name: repo + value: "{{inputs.parameters.repo}}" + parameters: + - src: + dependencyName: webhook + dataKey: body.commit + value: "origin/master" + dest: spec.arguments.parameters.0.value + - src: + dependencyName: "webhook" + dataKey: body.repo + value: "" + dest: spec.arguments.parameters.1.value +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml new file mode 100644 index 0000000..8e77b3a --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/sensors/project-bashtard.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Sensor +metadata: + name: project-bashtard + namespace: cicd-system +spec: + template: + serviceAccountName: argo-runner + dependencies: + - name: webhook + eventSourceName: webhook + eventName: project-bashtard + triggers: + - template: + name: webhook-workflow-trigger + k8s: + operation: create + source: + resource: + apiVersion: argoproj.io/v1alpha1 + kind: Workflow + metadata: + generateName: project-bashtard- + spec: + entrypoint: main + arguments: + parameters: + - name: ref + value: "" + templates: + - name: main + inputs: + parameters: + - name: ref + value: "{{workflows.parameters.ref}}" + steps: + - - name: main + templateRef: + name: project-bashtard + template: main + arguments: + parameters: + - name: ref + value: "{{inputs.parameters.ref}}" + parameters: + - src: + dependencyName: webhook + dataKey: body.commit + value: "master" + dest: spec.arguments.parameters.0.value +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/fetch-git.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/fetch-git.yaml new file mode 100644 index 0000000..0742e79 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/fetch-git.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: fetch-git + namespace: cicd-system +spec: + arguments: + parameters: + - name: repo + value: "" + - name: ref + value: master + - name: path + value: "/usr/src" + templates: + - name: main + inputs: + parameters: + - name: repo + value: "{{workflow.parameters.repo}}" + - name: ref + value: "{{workflow.parameters.ref}}" + - name: path + value: "{{workflow.parameters.path}}" + outputs: + artifacts: + - name: src + path: "{{inputs.parameters.path}}" + script: + image: debian + command: + - dash + source: | + export DEBIAN_FRONTEND=noninteractive + export GIT_WORK_TREE="{{inputs.parameters.path}}" + export GIT_DIR="$(mktemp -d)" + mkdir -pv -- "$GIT_WORK_TREE" + + apt update && apt install -y git + + git init + git remote add origin "{{inputs.parameters.repo}}" + git fetch origin -a + git reset --hard "{{inputs.parameters.ref}}" +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic-raku.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic-raku.yaml new file mode 100644 index 0000000..869c497 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic-raku.yaml @@ -0,0 +1,82 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: generic-raku + namespace: cicd-system +spec: + entrypoint: main + arguments: + parameters: + - name: dist + value: false + - name: ref + value: origin/master + - name: repo + value: "" + templates: + - name: main + dag: + tasks: + - name: workdir + templateRef: + name: util + template: pvc-create + - name: fetch + templateRef: + name: util + template: fetch-git + arguments: + parameters: + - name: ref + value: "{{workflow.parameters.ref}}" + - name: repo + value: "{{workflow.parameters.repo}}" + - name: workingPVC + value: "{{tasks.workdir.outputs.parameters.name}}" + dependencies: + - workdir + - name: qa-prove + templateRef: + name: util-raku + template: qa-prove + arguments: + parameters: + - name: workingPVC + value: "{{tasks.workdir.outputs.parameters.name}}" + dependencies: + - fetch + - name: qa-reuse + templateRef: + name: util + template: qa-reuse + arguments: + parameters: + - name: workingPVC + value: "{{tasks.workdir.outputs.parameters.name}}" + dependencies: + - fetch + - name: qa-fez + templateRef: + name: util-raku + template: qa-fez + arguments: + parameters: + - name: workingPVC + value: "{{tasks.workdir.outputs.parameters.name}}" + dependencies: + - fetch + - name: dist-fez + templateRef: + name: util-raku + template: dist-fez + arguments: + parameters: + - name: workingPVC + value: "{{tasks.workdir.outputs.parameters.name}}" + dependencies: + - qa-prove + - qa-reuse + - qa-fez + when: "{{workflow.parameters.dist}} == true" +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic.yaml new file mode 100644 index 0000000..5e541df --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/generic.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: generic + namespace: cicd-system +spec: + entrypoint: main + arguments: + parameters: + - name: ref + value: origin/master + - name: repo + value: "" + - name: vcs + value: "git" + templates: + - name: main + dag: + tasks: + - name: workdir + templateRef: + name: util + template: pvc-create + # TODO: Decide on fetch function + # TODO: Check for Makefile + # TODO: Run make install-deps + # TODO: Run make test + - name: fetch + templateRef: + name: util + template: fetch-git + arguments: + parameters: + - name: ref + value: "{{workflow.parameters.ref}}" + - name: repo + value: "{{workflow.parameters.repo}}" + - name: workingPVC + value: "{{tasks.workdir.outputs.parameters.name}}" + dependencies: + - workdir +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml new file mode 100644 index 0000000..0642028 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/project-bashtard.yaml @@ -0,0 +1,90 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: project-bashtard + namespace: cicd-system +spec: + arguments: + parameters: + - name: ref + value: origin/master + templates: + - name: main + steps: + - - name: fetch + templateRef: + name: fetch-git + template: main + arguments: + parameters: + - name: ref + value: "{{workflow.parameters.ref}}" + - name: repo + value: "https://git.tyil.nl/bashtard" + - - name: qa-reuse + templateRef: + name: qa-reuse + template: main + arguments: + artifacts: + - name: src + from: "{{steps.fetch.outputs.artifacts.src}}" + - name: qa-shellcheck + template: qa-shellcheck + arguments: + artifacts: + - name: src + from: "{{steps.fetch.outputs.artifacts.src}}" + - - name: dist-tar-gz + template: dist + arguments: + artifacts: + - name: src + from: "{{steps.fetch.outputs.artifacts.src}}" + parameters: + - name: format + value: targz + - name: dist-deb + template: dist + arguments: + artifacts: + - name: src + from: "{{steps.fetch.outputs.artifacts.src}}" + parameters: + - name: format + value: debian + + - name: qa-shellcheck + inputs: + artifacts: + - name: src + path: "/code" + script: + image: pipelinecomponents/shellcheck + command: + - bash + source: |- + shellcheck -s sh bin/bashtard + shellcheck -x -s bash **/*.bash + + - name: dist + inputs: + artifacts: + - name: src + path: "/usr/src/bashtard-{{workflow.parameters.ref}}" + parameters: + - name: format + value: "targz" + script: + image: debian + command: + - dash + source: |- + export DEBIAN_FRONTEND=noninteractive + + cd -- "/usr/src/bashtard-{{workflow.parameters.ref}}" + + apt update && apt install -y make + make pkg-{{inputs.parameters.format}} +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/qa-reuse.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/qa-reuse.yaml new file mode 100644 index 0000000..7c7d455 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/qa-reuse.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: qa-reuse + namespace: cicd-system +spec: + arguments: + parameters: + - name: path + value: "/usr/src" + artifacts: + - name: src + from: "" + templates: + - name: main + inputs: + parameters: + - name: path + value: "{{workflow.parameters.path}}" + artifacts: + - name: src + path: "{{workflow.artifacts.path}}" + container: + image: fsfe/reuse + workdir: "{{inputs.parameters.path}}" + command: + - reuse + args: + - lint +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util-raku.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util-raku.yaml new file mode 100644 index 0000000..2d0f606 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util-raku.yaml @@ -0,0 +1,216 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: util-raku + namespace: cicd-system +spec: + templates: + - name: dist-fez + inputs: + parameters: + - name: fezUsernameSecret + value: "credentials-fez" + - name: fezPasswordSecret + value: "credentials-fez" + - name: fezUsernameSecretKey + value: "username" + - name: fezPasswordSecretKey + value: "password" + - name: workingDir + value: "/work" + - name: workingPVC + value: "" + script: + image: rakudo-star + env: + - name: FEZ_USERNAME + valueFrom: + secretKeyRef: + name: "{{inputs.parameters.fezUsernameSecret}}" + key: "{{inputs.parameters.fezUsernameSecretKey}}" + - name: FEZ_PASSWORD + valueFrom: + secretKeyRef: + name: "{{inputs.parameters.fezPasswordSecret}}" + key: "{{inputs.parameters.fezPasswordSecretKey}}" + command: + - sh + source: | + cd -- "{{inputs.parameters.workingDir}}" + + set -x + + apt update && apt install -y expect + zef install fez --exclude="z" + + expect <<-EOF + set timeout 30 + + spawn fez login + + expect ">>= Username*" { + send -- "$FEZ_USERNAME\r" + } + + expect ">>= Password*" { + log_user 0 + send -- "$FEZ_PASSWORD\r" + log_user 1 + } + + expect { + eof { + exit 0 + } + + "*Failed to login*" { + exit 1 + } + } + + EOF + + printf "\n" + + expect <<-EOF + set timeout 60 + + spawn fez upload -f + + expect { + "Upload anyway*" { + send -- "n\r" + exit 1 + } + eof { + exit 0 + } + } + EOF + volumeMounts: + - name: workdir + mountPath: "{{inputs.parameters.workingDir}}" + volumes: + - name: workdir + persistentVolumeClaim: + claimName: "{{inputs.parameters.workingPVC}}" + + - name: qa-fez + inputs: + parameters: + - name: fezUsernameSecret + value: "credentials-fez" + - name: fezPasswordSecret + value: "credentials-fez" + - name: fezUsernameSecretKey + value: "username" + - name: fezPasswordSecretKey + value: "password" + - name: workingDir + value: "/work" + - name: workingPVC + value: "" + script: + image: rakudo-star + env: + - name: FEZ_USERNAME + valueFrom: + secretKeyRef: + name: "{{inputs.parameters.fezUsernameSecret}}" + key: "{{inputs.parameters.fezUsernameSecretKey}}" + - name: FEZ_PASSWORD + valueFrom: + secretKeyRef: + name: "{{inputs.parameters.fezPasswordSecret}}" + key: "{{inputs.parameters.fezPasswordSecretKey}}" + command: + - sh + source: | + cd -- "{{inputs.parameters.workingDir}}" + + set -x + + apt update && apt install -y expect + zef install fez --exclude="z" + + expect <<-EOF + set timeout 30 + log_user 0 + + spawn fez login + + expect ">>= Username*" { + send -- "$FEZ_USERNAME\r" + } + + expect ">>= Password*" { + send -- "$FEZ_PASSWORD\r" + } + + expect { + eof { + exit 0 + } + + "*Failed to login*" { + exit 1 + } + } + EOF + + printf "\n" + + expect <<-EOF + set timeout 60 + + spawn fez upload --dry-run + + expect { + "*ERROR*" { + exit 1 + } + + eof { + exit 0 + } + } + EOF + fez_exit=$? + + rm -fr -- sdist # Who in their right mind leaves trash on a dry-run + exit $fez_exit + volumeMounts: + - name: workdir + mountPath: "{{inputs.parameters.workingDir}}" + volumes: + - name: workdir + persistentVolumeClaim: + claimName: "{{inputs.parameters.workingPVC}}" + + - name: qa-prove + inputs: + parameters: + - name: workingDir + value: "/work" + - name: workingPVC + value: "" + script: + image: rakudo-star + command: + - sh + source: | + cd -- "{{inputs.parameters.workingDir}}" + + set -x + + zef install . --deps-only + prove6 -lv --timer + volumeMounts: + - name: workdir + mountPath: "{{inputs.parameters.workingDir}}" + volumes: + - name: workdir + persistentVolumeClaim: + claimName: "{{inputs.parameters.workingPVC}}" +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util.yaml new file mode 100644 index 0000000..465311b --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/resources/workflow-templates/util.yaml @@ -0,0 +1,107 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: WorkflowTemplate +metadata: + name: util + namespace: cicd-system +spec: + templates: + - name: fetch-git + inputs: + parameters: + - name: repo + value: "" + - name: ref + value: "origin/master" + - name: workingDir + value: "/work" + - name: workingPVC + value: "" + script: + image: debian + command: + - dash + source: | + export DEBIAN_FRONTEND=noninteractive + export GIT_WORK_TREE="{{inputs.parameters.workingDir}}" + export GIT_DIR="$GIT_WORK_TREE/.git" + + apt update && apt install -y git + + git init + git remote add origin "{{inputs.parameters.repo}}" + git fetch origin -a + git reset --hard "{{inputs.parameters.ref}}" + volumeMounts: + - name: workdir + mountPath: "{{inputs.parameters.workingDir}}" + volumes: + - name: workdir + persistentVolumeClaim: + claimName: "{{inputs.parameters.workingPVC}}" + + - name: pvc-create + inputs: + parameters: + - name: size + value: 1Gi + - name: storageClass + value: longhorn + - name: namePrefix + value: argo- + outputs: + parameters: + - name: name + valueFrom: + jsonPath: "{.metadata.name}" + resource: + action: create + setOwnerReference: true + manifest: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + generateName: "{{inputs.parameters.namePrefix}}" + spec: + storageClassName: "{{inputs.parameters.storageClass}}" + accessModes: + - ReadWriteMany + resources: + requests: + storage: "{{inputs.parameters.size}}" + + - name: pvc-delete + inputs: + parametes: + - name: name + value: "" + resource: + action: delete + manifest: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: "{{inputs.parameters.name}}" + + - name: qa-reuse + inputs: + parameters: + - name: workingDir + value: "/work" + - name: workingPVC + value: "" + script: + image: fsfe/reuse + command: + - sh + source: | + cd -- "{{inputs.parameters.workingDir}}" + reuse lint + volumeMounts: + - name: workdir + mountPath: "{{inputs.parameters.workingDir}}" + volumes: + - name: workdir + persistentVolumeClaim: + claimName: "{{inputs.parameters.workingPVC}}" +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/amdgpu-device-plugin/deamon-set.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/amdgpu-device-plugin/deamon-set.yaml new file mode 100644 index 0000000..9faf539 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/amdgpu-device-plugin/deamon-set.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: amdgpu-device-plugin-daemonset + namespace: kube-system +spec: + selector: + matchLabels: + name: amdgpu-dp-ds + template: + metadata: + labels: + name: amdgpu-dp-ds + spec: + nodeSelector: + kubernetes.io/arch: amd64 + amdgpu: "true" + priorityClassName: system-node-critical + tolerations: + - key: CriticalAddonsOnly + operator: Exists + containers: + - image: rocm/k8s-device-plugin + name: amdgpu-dp-cntr + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + volumeMounts: + - name: dp + mountPath: /var/lib/kubelet/device-plugins + - name: sys + mountPath: /sys + volumes: + - name: dp + hostPath: + path: /var/lib/kubelet/device-plugins + - name: sys + hostPath: + path: /sys diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/helm-chart-config.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/helm-chart-config.yaml new file mode 100644 index 0000000..a9ab6af --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/helm-chart-config.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: traefik + namespace: kube-system +spec: + valuesContent: |- + deployment: + kind: DaemonSet +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml new file mode 100644 index 0000000..f88167f --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: headers-argo + namespace: kube-system +spec: + headers: + stsPreload: true + forceSTSHeader: true + contentSecurityPolicy: >- + default-src + 'self' + 'unsafe-eval' + 'unsafe-inline' + ; + img-src + 'self' + data: + ; + worker-src + * + ; +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml new file mode 100644 index 0000000..8619e15 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: headers-keycloak + namespace: kube-system +spec: + headers: + stsPreload: true + forceSTSHeader: true + contentSecurityPolicy: >- + default-src + 'self' + ; + style-src + 'unsafe-inline' + ; +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml new file mode 100644 index 0000000..f013ab2 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: headers-nextcloud + namespace: kube-system +spec: + headers: + stsPreload: true + forceSTSHeader: true + contentSecurityPolicy: >- + default-src + 'self' + data: + 'unsafe-inline' + ; + img-src + 'self' + data: + *.tile.openstreetmap.org + nominatim.openstreetmap.org + ; +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-https.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-https.yaml new file mode 100644 index 0000000..0bfb82c --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-https.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: redirect-https + namespace: kube-system +spec: + redirectScheme: + scheme: https + permanent: true +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/monitoring/grafana/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/monitoring/grafana/helm-chart.yaml new file mode 100644 index 0000000..20fc702 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/monitoring/grafana/helm-chart.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: grafana + namespace: kube-system +spec: + repo: https://grafana.github.io/helm-charts + chart: grafana + targetNamespace: monitoring + valuesContent: |- + ingress: + enabled: true + ingressClassName: "traefik" + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + tls: + - hosts: + - grafana.tyil.nl + secretName: tls-nl.tyil.grafana + hosts: + - "grafana.tyil.nl" + envFromSecret: "grafana-env" + grafana.ini: + auth.ldap: + enabled: true + allow_sign_up: true + database: + type: "postgres" + ldap: + enabled: true + existingSecret: grafana-config +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus-exporter-postgresql/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus-exporter-postgresql/helm-chart.yaml new file mode 100644 index 0000000..88b237d --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus-exporter-postgresql/helm-chart.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: prometheus-exporter-postgresql + namespace: monitoring +spec: + repo: https://prometheus-community.github.io/helm-charts + chart: prometheus-postgres-exporter + valuesContent: |- + config: + datasourceSecret: + name: prometheus-exporter-postgresql + key: connection-string +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/auth-proxy.yaml b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/auth-proxy.yaml new file mode 100644 index 0000000..8388e3a --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/auth-proxy.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: auth-proxy-prometheus + namespace: monitoring +spec: + chart: https://git.tyil.nl/helm/oauth2-proxy/snapshot/oauth2-proxy-497a618778ead59ce985b81031a863dda9ff2126.tar.gz + valuesContent: |- + image: + tag: v7.4.0 + secret: + enabled: false + envFrom: + secretRef: + - name: auth-proxy-prometheus + ingress: + enabled: true + ingressClassName: traefik + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd + tls: + - secretName: tls-nl.tyil.prometheus + hosts: + - prometheus.tyil.nl + hosts: + - host: prometheus.tyil.nl + paths: + - path: / + pathType: Prefix diff --git a/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/helm-chart.yaml new file mode 100644 index 0000000..43d78b4 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/helm-chart.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: prometheus + namespace: monitoring +spec: + repo: https://prometheus-community.github.io/helm-charts + chart: kube-prometheus-stack + valuesContent: |- + alertmanager: + enabled: false + grafana: + enabled: false + prometheus: + enabled: true + prometheusSpec: + retention: 10d + serviceMonitorSelectorNilUsesHelmValues: false + storageSpec: + emptyDir: {} +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/namespaces.yaml b/data.d/k3s-master/manifests.d/tyilnet/namespaces.yaml new file mode 100644 index 0000000..768c5f4 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/namespaces.yaml @@ -0,0 +1,53 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: auth-system +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: chat-system +--- +apiVersion: v1 +kind: Namespace +metadata: + name: cicd-system +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: base-system +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: personal-services +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: public-services +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: ravenhosting +... +--- +apiVersion: v1 +kind: Namespace +metadata: + name: servarr +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/configmap.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/configmap.yaml new file mode 100644 index 0000000..bdbc8b2 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/configmap.yaml @@ -0,0 +1,68 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cgit + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services +data: + cgitrc: | + root-desc=All public repos from tyil + + source-filter=/usr/lib/cgit/filters/syntax-highlighting.sh + about-filter=/usr/lib/cgit/filters/about-formatting.sh + + readme=:INSTALL + readme=:INSTALL.htm + readme=:INSTALL.html + readme=:INSTALL.md + readme=:INSTALL.mkd + readme=:INSTALL.rst + readme=:INSTALL.txt + readme=:README + readme=:README.htm + readme=:README.html + readme=:README.md + readme=:README.mkd + readme=:README.pod6 + readme=:README.rakudoc + readme=:README.rst + readme=:README.txt + readme=:install + readme=:install.htm + readme=:install.html + readme=:install.md + readme=:install.mkd + readme=:install.rst + readme=:install.txt + readme=:readme + readme=:readme.htm + readme=:readme.html + readme=:readme.md + readme=:readme.mkd + readme=:readme.rst + readme=:readme.txt + + css=/cgit-css/cgit.css + logo=/cgit-css/cgit.png + + #cache-root=/var/cache/cgit + #cache-size=1000 + + clone-prefix=https://git.tyil.nl + enable-git-config=1 + enable-index-links=1 + enable-index-owner=0 + enable-log-filecount=1 + enable-log-linecount=1 + remove-suffix=1 + robots=index, follow + scan-path=/srv/git/ + section-from-path=1 + snapshots=tar.gz tar.bz2 + virtual-root=/ +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/deployment.yaml new file mode 100644 index 0000000..715a3f6 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/deployment.yaml @@ -0,0 +1,51 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cgit + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: emarcs/nginx-cgit + name: cgit + ports: + - containerPort: 80 + volumeMounts: + - mountPath: /srv/git + name: data + - mountPath: /etc/cgitrc + subPath: cgitrc + name: config + restartPolicy: Always + volumes: + - name: data + hostPath: + path: /mnt/pool/git + type: DirectoryOrCreate + - name: config + configMap: + name: cgit +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/ingress.yaml new file mode 100644 index 0000000..e8b30d3 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/ingress.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: cgit + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: >- + kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - git.tyil.nl + secretName: tls-nl.tyil.git + rules: + - host: git.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: cgit + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/service.yaml new file mode 100644 index 0000000..ac2ab26 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: cgit + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: cgit + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/configmap.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/configmap.yaml new file mode 100644 index 0000000..b78a822 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/configmap.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: grocy + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy + app.kubernetes.io/part-of: personal-services +data: + # A custom common.conf is required because the name of the backend service is + # not configurable through conventional means. Instead, I supply my own + # version with the correct backend name and overwrite the one supplied by the + # grocy docker container itself. + common.conf: | + charset utf-8; + + location / { + try_files $uri /index.php$is_args$query_string; + } + + location ~* .(jpg|jpeg|png|gif|ico|css|js)$ { + expires 365d; + } + + location ~ \.php$ { + fastcgi_pass grocy-backend:80; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location ~ /\.ht { + deny all; + } +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-backend.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-backend.yaml new file mode 100644 index 0000000..ef77883 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-backend.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: grocy-backend + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-backend + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-backend + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-backend + app.kubernetes.io/part-of: personal-services + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: grocy/backend:v3.3.2 + name: grocy + env: + - name: GROCY_CURRENCY + value: "EUR" + - name: GROCY_MODE + value: "production" + - name: GROCY_CULTURE + name: "en" + - name: MAX_UPLOAD + value: "50M" + - name: PHP_MAX_FILE_UPLOAD + value: "200" + - name: PHP_MAX_POST + value: "100M" + - name: PHP_MEMORY_LIMIT + value: "512M" + ports: + - containerPort: 9000 + volumeMounts: + - mountPath: /var/www/data + name: data + restartPolicy: Always + volumes: + - name: data + hostPath: + path: /etc/grocy + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-frontend.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-frontend.yaml new file mode 100644 index 0000000..07fbb68 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-frontend.yaml @@ -0,0 +1,59 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: grocy-frontend + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-frontend + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-frontend + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-frontend + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: grocy/frontend:v3.3.2 + name: grocy + env: + - name: GROCY_CURRENCY + value: "EUR" + - name: GROCY_MODE + value: "production" + - name: GROCY_CULTURE + name: "en" + - name: MAX_UPLOAD + value: "50M" + - name: PHP_MAX_FILE_UPLOAD + value: "200" + - name: PHP_MAX_POST + value: "100M" + - name: PHP_MEMORY_LIMIT + value: "512M" + ports: + - containerPort: 8080 + volumeMounts: + - mountPath: /etc/nginx/common.conf + subPath: common.conf + name: config + restartPolicy: Always + volumes: + - name: config + configMap: + name: grocy +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/ingress.yaml new file mode 100644 index 0000000..80d1089 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: grocy + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy + app.kubernetes.io/part-of: personal-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - erp.tyil.nl + secretName: tls-nl.tyil.erp + rules: + - host: erp.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: grocy-frontend + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-backend.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-backend.yaml new file mode 100644 index 0000000..e9a179d --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-backend.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: grocy-backend + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-backend + app.kubernetes.io/part-of: personal-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: grocy-backend + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 9000 +... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-frontend.yaml index 14e9c61..d9d1e93 100644 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/service.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-frontend.yaml @@ -2,21 +2,21 @@ apiVersion: v1 kind: Service metadata: - name: dirlist - namespace: media + name: grocy-frontend + namespace: personal-services labels: app.kubernetes.io/created-by: tyil app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: dirlist - app.kubernetes.io/part-of: media + app.kubernetes.io/name: grocy-frontend + app.kubernetes.io/part-of: personal-services spec: selector: app.kubernetes.io/created-by: tyil app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: dirlist - app.kubernetes.io/part-of: media + app.kubernetes.io/name: grocy-frontend + app.kubernetes.io/part-of: personal-services ports: - - protocol: TCP + - name: http port: 80 targetPort: 8080 ... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-blockdiag.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-blockdiag.yaml new file mode 100644 index 0000000..6eb7fea --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-blockdiag.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kroki-blockdiag + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-blockdiag + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-blockdiag + app.kubernetes.io/part-of: personal-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-blockdiag + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: yuzutech/kroki-blockdiag + name: blockdiag + ports: + - containerPort: 8001 + restartPolicy: Always +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-bpmn.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-bpmn.yaml new file mode 100644 index 0000000..26acd15 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-bpmn.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kroki-bpmn + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-bpmn + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-bpmn + app.kubernetes.io/part-of: personal-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-bpmn + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: yuzutech/kroki-bpmn + name: bpmn + ports: + - containerPort: 8003 + restartPolicy: Always +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-excalidraw.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-excalidraw.yaml new file mode 100644 index 0000000..d1c6699 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-excalidraw.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kroki-excalidraw + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-excalidraw + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-excalidraw + app.kubernetes.io/part-of: personal-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-excalidraw + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: yuzutech/kroki-excalidraw + name: excalidraw + ports: + - containerPort: 8004 + restartPolicy: Always +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-mermaid.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-mermaid.yaml new file mode 100644 index 0000000..ee6edaf --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-mermaid.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kroki-mermaid + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-mermaid + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-mermaid + app.kubernetes.io/part-of: personal-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-mermaid + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: yuzutech/kroki-mermaid + name: mermaid + ports: + - containerPort: 8002 + restartPolicy: Always diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki.yaml new file mode 100644 index 0000000..f192697 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki.yaml @@ -0,0 +1,53 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kroki + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: personal-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: personal-services + spec: + containers: + - image: yuzutech/kroki + name: kroki + env: + - name: KROKI_BLOCKDIAG_HOST + value: kroki-blockdiag + - name: KROKI_BLOCKDIAG_PORT + value: "80" + - name: KROKI_BPMN_HOST + value: kroki-bpmn + - name: KROKI_BPMN_PORT + value: "80" + - name: KROKI_EXCALIDRAW_HOST + value: kroki-excalidraw + - name: KROKI_EXCALIDRAW_PORT + value: "80" + - name: KROKI_MERMAID_HOST + value: kroki-mermaid + - name: KROKI_MERMAID_PORT + value: "80" + - name: KROKI_MAX_URI_LENGTH + value: "4096" + ports: + - containerPort: 8000 + restartPolicy: Always +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/ingress-kroki.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/ingress-kroki.yaml new file mode 100644 index 0000000..c33644e --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/ingress-kroki.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kroki + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: personal-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" +spec: + tls: + - hosts: + - kroki.tyil.nl + secretName: tls-nl.tyil.kroki + rules: + - host: kroki.tyil.nl + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: kroki + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-blockdiag.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-blockdiag.yaml new file mode 100644 index 0000000..7ac6c4e --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-blockdiag.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: kroki-blockdiag + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-blockdiag + app.kubernetes.io/part-of: personal-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-blockdiag + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 8001 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-bpmn.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-bpmn.yaml new file mode 100644 index 0000000..73e2c58 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-bpmn.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: kroki-bpmn + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-bpmn + app.kubernetes.io/part-of: personal-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-bpmn + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 8003 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-excalidraw.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-excalidraw.yaml new file mode 100644 index 0000000..a011428 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-excalidraw.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: kroki-excalidraw + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-excalidraw + app.kubernetes.io/part-of: personal-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-excalidraw + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 8004 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-mermaid.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-mermaid.yaml new file mode 100644 index 0000000..872433c --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-mermaid.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: kroki-mermaid + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-mermaid + app.kubernetes.io/part-of: personal-services +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: kroki-mermaid + app.kubernetes.io/part-of: personal-services + ports: + - name: http + port: 80 + targetPort: 8002 +... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki.yaml index b91c1d1..0c98dc8 100644 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/service.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki.yaml @@ -2,21 +2,21 @@ apiVersion: v1 kind: Service metadata: - name: teddit - namespace: public-services + name: kroki + namespace: personal-services labels: app.kubernetes.io/created-by: tyil app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: teddit - app.kubernetes.io/part-of: public-services + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: personal-services spec: selector: app.kubernetes.io/created-by: tyil app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: teddit - app.kubernetes.io/part-of: public-services + app.kubernetes.io/name: kroki + app.kubernetes.io/part-of: personal-services ports: - - protocol: TCP + - name: http port: 80 - targetPort: 8080 + targetPort: 8000 ... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/cron.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/cron.yaml new file mode 100644 index 0000000..1f0b3a1 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/cron.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: nextcloud + namespace: personal-services +spec: + schedule: "*/5 * * * *" + jobTemplate: + spec: + template: + spec: + securityContext: + runAsUser: 33 + runAsGroup: 33 + nodeName: "mieshu.tyil.net" + containers: + - name: nextcloud + image: nextcloud:27 + command: + - php + args: + - -f + - /var/www/html/cron.php + volumeMounts: + - mountPath: /var/www/html + name: data + restartPolicy: OnFailure + volumes: + - name: data + hostPath: + path: /mnt/pool/nextcloud + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/deployment.yaml new file mode 100644 index 0000000..250f670 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/deployment.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nextcloud + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: nextcloud:27 + name: nextcloud + ports: + - containerPort: 80 + volumeMounts: + - mountPath: /var/www/html + name: data + restartPolicy: Always + volumes: + - name: data + hostPath: + path: /mnt/pool/nextcloud + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/ingress.yaml new file mode 100644 index 0000000..fca1adc --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/ingress.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nextcloud + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: >- + kube-system-headers-nextcloud@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - cloud.tyil.nl + secretName: tls-nl.tyil.cloud + rules: + - host: cloud.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nextcloud + port: + number: 80 +... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/service.yaml index f848c14..fd9a7d6 100644 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/service.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/service.yaml @@ -2,21 +2,21 @@ apiVersion: v1 kind: Service metadata: - name: omgur - namespace: public-services + name: nextcloud + namespace: personal-services labels: app.kubernetes.io/created-by: tyil app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: omgur - app.kubernetes.io/part-of: public-services + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services spec: selector: app.kubernetes.io/created-by: tyil app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: omgur - app.kubernetes.io/part-of: public-services + app.kubernetes.io/name: nextcloud + app.kubernetes.io/part-of: personal-services ports: - - protocol: TCP + - name: http port: 80 - targetPort: 8080 + targetPort: 80 ... diff --git a/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/deployment.yaml new file mode 100644 index 0000000..d910c47 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/deployment.yaml @@ -0,0 +1,54 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: invidious + namespace: public-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: invidious + app.kubernetes.io/part-of: public-services +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: invidious + app.kubernetes.io/part-of: public-services + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: invidious + app.kubernetes.io/part-of: public-services + spec: + containers: + - name: invidious + image: quay.io/invidious/invidious:latest + ports: + - containerPort: 8080 + env: + - name: INVIDIOUS_CONFIG + valueFrom: + secretKeyRef: + name: invidious-config + key: config.yml + resources: + requests: + memory: 64Mi + limits: + memory: 128Mi + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - invidious + topologyKey: "kubernetes.io/hostname" +... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/ingress.yaml index ca92947..cb675a9 100644 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/ingress.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/ingress.yaml @@ -2,24 +2,30 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: omgur + name: invidious namespace: public-services + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" labels: app.kubernetes.io/created-by: tyil app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: omgur + app.kubernetes.io/name: invidious app.kubernetes.io/part-of: public-services spec: - ingressClassName: "nginx" + ingressClassName: "traefik" + tls: + - hosts: + - youtube.alt.tyil.nl + secretName: tls-nl.tyil.alt.youtube rules: - - host: imgur.alt.tyil.nl + - host: youtube.alt.tyil.nl http: paths: - path: / pathType: Prefix backend: service: - name: omgur + name: invidious-http port: number: 80 ... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/service.yaml index 80b802b..e4f95be 100644 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/service.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/service.yaml @@ -2,21 +2,23 @@ apiVersion: v1 kind: Service metadata: - name: searx + # Funfact: if this name is set to "invidious", things will break! + # https://github.com/iv-org/invidious/issues/2970 + name: invidious-http namespace: public-services labels: app.kubernetes.io/created-by: tyil app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: searx + app.kubernetes.io/name: invidious app.kubernetes.io/part-of: public-services spec: selector: app.kubernetes.io/created-by: tyil app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: searx + app.kubernetes.io/name: invidious app.kubernetes.io/part-of: public-services ports: - protocol: TCP port: 80 - targetPort: 8080 + targetPort: 3000 ... diff --git a/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/auth-proxy.yaml b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/auth-proxy.yaml new file mode 100644 index 0000000..0196271 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/auth-proxy.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: auth-proxy-gollum + namespace: ravenhosting +spec: + chart: https://git.tyil.nl/helm/oauth2-proxy/snapshot/oauth2-proxy-497a618778ead59ce985b81031a863dda9ff2126.tar.gz + valuesContent: |- + image: + tag: v7.4.0 + secret: + enabled: false + envFrom: + secretRef: + - name: auth-proxy-gollum + ingress: + enabled: true + ingressClassName: traefik + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd + tls: + - secretName: tls-eu.ravenhosting.wiki + hosts: + - wiki.ravenhosting.eu + hosts: + - host: wiki.ravenhosting.eu + paths: + - path: / + pathType: Prefix +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/deployment.yaml new file mode 100644 index 0000000..0a6c7c3 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/deployment.yaml @@ -0,0 +1,48 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gollum + namespace: ravenhosting + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: gollum + app.kubernetes.io/part-of: ravenhosting +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: gollum + app.kubernetes.io/part-of: ravenhosting + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: gollum + app.kubernetes.io/part-of: ravenhosting + spec: + nodeName: "oolah.tyil.net" + containers: + - name: gollum + image: gollumwiki/gollum:master + args: + - -c + - "/wiki/config.rb" + ports: + - containerPort: 80 + volumeMounts: + - mountPath: /wiki + name: data + restartPolicy: Always + volumes: + - name: data + hostPath: + path: /home/tyil/projects/ravenhosting/docs + type: DirectoryOrCreate +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/ingress.yaml new file mode 100644 index 0000000..efc8e24 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: gollum + namespace: ravenhosting + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: gollum + app.kubernetes.io/part-of: ravenhosting + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - wiki.ravenhosting.eu + secretName: tls-eu.ravenhosting.wiki + rules: + - host: wiki.ravenhosting.eu + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: gollum + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/service.yaml new file mode 100644 index 0000000..fa16a3f --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/gollum/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: gollum + namespace: ravenhosting + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: gollum + app.kubernetes.io/part-of: ravenhosting +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: gollum + app.kubernetes.io/part-of: ravenhosting + ports: + - name: http + port: 80 + targetPort: 4567 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/openproject/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/openproject/helm-chart.yaml new file mode 100644 index 0000000..9dbc8af --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/ravenhosting/openproject/helm-chart.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: openproject + namespace: ravenhosting +spec: + repo: https://charts.openproject.org + chart: openproject + valuesContent: { } #|- +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/deployment.yaml new file mode 100644 index 0000000..e967412 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/deployment.yaml @@ -0,0 +1,78 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bazarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: hotio/bazarr:testing + name: bazarr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 6767 + volumeMounts: + - mountPath: /mnt/pool/media/anime-series/exported + name: anime-series + - mountPath: /mnt/pool/media/anime-movies/exported + name: anime-movies + - mountPath: /mnt/pool/media/series/exported + name: series + - mountPath: /mnt/pool/media/movies/exported + name: movies + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: anime-series + hostPath: + path: /mnt/pool/media/anime-series/exported + type: Directory + - name: anime-movies + hostPath: + path: /mnt/pool/media/anime-movies/exported + type: Directory + - name: series + hostPath: + path: /mnt/pool/media/series/exported + type: Directory + - name: movies + hostPath: + path: /mnt/pool/media/movies/exported + type: Directory + - name: config + hostPath: + path: /etc/servarr/bazarr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/ingress.yaml new file mode 100644 index 0000000..ff20477 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: bazarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - bazarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.bazarr + rules: + - host: bazarr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: bazarr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/service.yaml new file mode 100644 index 0000000..1f3cc23 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: bazarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: bazarr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 6767 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/auth-proxy.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/auth-proxy.yaml new file mode 100644 index 0000000..57ab370 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/auth-proxy.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: auth-proxy-dirlist + namespace: kube-system +spec: + chart: https://git.tyil.nl/helm/oauth2-proxy/snapshot/oauth2-proxy-497a618778ead59ce985b81031a863dda9ff2126.tar.gz + targetNamespace: servarr + valuesContent: |- + image: + tag: v7.4.0 + secret: + enabled: false + envFrom: + secretRef: + - name: auth-proxy-dirlist + ingress: + enabled: true + ingressClassName: traefik + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd + tls: + - secretName: tls-nl.tyil.media + hosts: + - media.tyil.nl + hosts: + - host: media.tyil.nl + paths: + - path: / + pathType: Prefix diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/deployment.yaml new file mode 100644 index 0000000..e3a3e26 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/deployment.yaml @@ -0,0 +1,93 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dirlist + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dirlist + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dirlist + app.kubernetes.io/part-of: servarr + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: dirlist + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: docker.io/svenstaro/miniserve:latest + args: + - --enable-tar + - --enable-tar-gz + - --qrcode + - /var/www + name: miniserve + ports: + - containerPort: 8080 + volumeMounts: + - mountPath: /var/www/anime-movies + name: anime-movies + readOnly: true + - mountPath: /var/www/anime-series + name: anime-series + readOnly: true + - mountPath: /var/www/books + name: books + readOnly: true + - mountPath: /var/www/movies + name: movies + readOnly: true + - mountPath: /var/www/music + name: music + readOnly: true + - mountPath: /var/www/porn + name: porn + readOnly: true + - mountPath: /var/www/series + name: series + readOnly: true + restartPolicy: Always + volumes: + - name: anime-series + hostPath: + path: /mnt/pool/media/anime-series/exported + type: Directory + - name: anime-movies + hostPath: + path: /mnt/pool/media/anime-movies/exported + type: Directory + - name: books + hostPath: + path: /mnt/pool/media/books/exported + type: Directory + - name: movies + hostPath: + path: /mnt/pool/media/movies/exported + type: Directory + - name: music + hostPath: + path: /mnt/pool/media/music/exported + type: Directory + - name: porn + hostPath: + path: /mnt/pool/media/porn/exported + type: Directory + - name: series + hostPath: + path: /mnt/pool/media/series/exported + type: Directory +... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/service.yaml index 14e9c61..31f638f 100644 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/service.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/service.yaml @@ -3,20 +3,20 @@ apiVersion: v1 kind: Service metadata: name: dirlist - namespace: media + namespace: servarr labels: app.kubernetes.io/created-by: tyil app.kubernetes.io/managed-by: manual app.kubernetes.io/name: dirlist - app.kubernetes.io/part-of: media + app.kubernetes.io/part-of: servarr spec: selector: app.kubernetes.io/created-by: tyil app.kubernetes.io/managed-by: manual app.kubernetes.io/name: dirlist - app.kubernetes.io/part-of: media + app.kubernetes.io/part-of: servarr ports: - - protocol: TCP + - name: http port: 80 targetPort: 8080 ... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/deployment.yaml new file mode 100644 index 0000000..18205c4 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/deployment.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jellyfin + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: jellyfin/jellyfin + name: jellyfin + ports: + - containerPort: 8096 + volumeMounts: + - mountPath: /var/media/anime-movies + name: anime-movies + readOnly: true + - mountPath: /var/media/anime-series + name: anime-series + readOnly: true + - mountPath: /var/media/books + name: books + readOnly: true + - mountPath: /var/media/movies + name: movies + readOnly: true + - mountPath: /var/media/music + name: music + readOnly: true + - mountPath: /var/media/series + name: series + readOnly: true + - mountPath: /config + name: config + - mountPath: /cache + name: cache + resources: + limits: + amd.com/gpu: 1 + restartPolicy: Always + volumes: + - name: anime-movies + hostPath: + path: /mnt/pool/media/anime-movies/exported + type: Directory + - name: anime-series + hostPath: + path: /mnt/pool/media/anime-series/exported + type: Directory + - name: books + hostPath: + path: /mnt/pool/media/books/exported + type: Directory + - name: movies + hostPath: + path: /mnt/pool/media/movies/exported + type: Directory + - name: music + hostPath: + path: /mnt/pool/media/music/exported + type: Directory + - name: series + hostPath: + path: /mnt/pool/media/series/exported + type: Directory + - name: cache + hostPath: + path: /var/cache/jellyfin + type: Directory + - name: config + hostPath: + path: /etc/servarr/jellyfin + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/ingress.yaml new file mode 100644 index 0000000..b527143 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: jellyfin + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - tv.tyil.nl + secretName: tls-nl.tyil.tv + rules: + - host: tv.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: jellyfin + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/service.yaml new file mode 100644 index 0000000..cc0ae84 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: jellyfin + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyfin + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 8096 +... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/deployment.yaml index 7ab20fc..217f949 100644 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/deployment.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/deployment.yaml @@ -4,6 +4,11 @@ kind: Deployment metadata: name: jellyseerr namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: jellyseerr + app.kubernetes.io/part-of: servarr spec: replicas: 1 selector: @@ -12,6 +17,8 @@ spec: app.kubernetes.io/managed-by: manual app.kubernetes.io/name: jellyseerr app.kubernetes.io/part-of: servarr + strategy: + type: Recreate template: metadata: labels: @@ -20,39 +27,28 @@ spec: app.kubernetes.io/name: jellyseerr app.kubernetes.io/part-of: servarr spec: + nodeName: "mieshu.tyil.net" containers: - - name: jellyseerr - image: fallenbagel/jellyseerr:latest - ports: - - containerPort: 5055 - volumeMounts: - - name: config - subPath: config - mountPath: /app/config + - image: fallenbagel/jellyseerr:latest + name: jellyseerr env: - - name: GUID - valueFrom: - configMapKeyRef: - name: servarr - key: groupId - - name: PUID - valueFrom: - configMapKeyRef: - name: servarr - key: userId - name: TZ - valueFrom: - configMapKeyRef: - name: servarr - key: timezone + value: "Europe/Amsterdam" - name: UMASK - valueFrom: - configMapKeyRef: - name: servarr - key: umask + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 5055 + volumeMounts: + - mountPath: /app/config + name: config + restartPolicy: Always volumes: - name: config hostPath: + path: /etc/servarr/jellyseerr type: Directory - path: /srv/servarr/jellyseerr ... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/ingress.yaml index 41f4852..11671d7 100644 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/ingress.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/ingress.yaml @@ -9,10 +9,17 @@ metadata: app.kubernetes.io/managed-by: manual app.kubernetes.io/name: jellyseerr app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd spec: - ingressClassName: "nginx" + ingressClassName: traefik + tls: + - hosts: + - jellyseerr.arr.tyil.nl + secretName: tls-nl.tyil.arr.jellyseerr rules: - - host: arr.tyil.nl + - host: jellyseerr.arr.tyil.nl http: paths: - path: / diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/service.yaml index f093194..a8f3b18 100644 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/service.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/service.yaml @@ -16,7 +16,7 @@ spec: app.kubernetes.io/name: jellyseerr app.kubernetes.io/part-of: servarr ports: - - protocol: TCP + - name: http port: 80 targetPort: 5055 ... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/deployment.yaml index 274e277..baea1d9 100644 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/deployment.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/deployment.yaml @@ -4,6 +4,11 @@ kind: Deployment metadata: name: lidarr namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lidarr + app.kubernetes.io/part-of: servarr spec: replicas: 1 selector: @@ -12,6 +17,8 @@ spec: app.kubernetes.io/managed-by: manual app.kubernetes.io/name: lidarr app.kubernetes.io/part-of: servarr + strategy: + type: Recreate template: metadata: labels: @@ -20,44 +27,34 @@ spec: app.kubernetes.io/name: lidarr app.kubernetes.io/part-of: servarr spec: + nodeName: "mieshu.tyil.net" containers: - - name: lidarr - image: hotio/lidarr:release - ports: - - containerPort: 8686 - volumeMounts: - - name: config - mountPath: /config - - name: media - mountPath: /mnt/media + - image: hotio/lidarr:release + name: lidarr env: - - name: GUID - valueFrom: - configMapKeyRef: - name: servarr - key: groupId - - name: PUID - valueFrom: - configMapKeyRef: - name: servarr - key: userId - name: TZ - valueFrom: - configMapKeyRef: - name: servarr - key: timezone + value: "Europe/Amsterdam" - name: UMASK - valueFrom: - configMapKeyRef: - name: servarr - key: umask + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 8686 + volumeMounts: + - mountPath: /mnt/pool/media/music + name: music + - mountPath: /config + name: config + restartPolicy: Always volumes: + - name: music + hostPath: + path: /mnt/pool/media/music + type: Directory - name: config hostPath: - type: DirectoryOrCreate - path: /srv/servarr/lidarr/config - - name: media - nfs: - server: 10.57.100.7 - path: /mnt/media + path: /etc/servarr/lidarr + type: Directory ... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/ingress.yaml index fc56232..bff21d5 100644 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/ingress.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/ingress.yaml @@ -9,19 +9,16 @@ metadata: app.kubernetes.io/managed-by: manual app.kubernetes.io/name: lidarr app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd spec: - ingressClassName: "nginx" + ingressClassName: traefik + tls: + - hosts: + - lidarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.lidarr rules: - - host: lid.arr.tyil.nl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: lidarr - port: - number: 80 - host: lidarr.arr.tyil.nl http: paths: diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/service.yaml index e4b75ba..f154924 100644 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/service.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/service.yaml @@ -16,7 +16,7 @@ spec: app.kubernetes.io/name: lidarr app.kubernetes.io/part-of: servarr ports: - - protocol: TCP + - name: http port: 80 targetPort: 8686 ... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/deployment.yaml index 573a40a..4dcaf31 100644 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/deployment.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/deployment.yaml @@ -4,6 +4,11 @@ kind: Deployment metadata: name: prowlarr namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prowlarr + app.kubernetes.io/part-of: servarr spec: replicas: 1 selector: @@ -12,6 +17,8 @@ spec: app.kubernetes.io/managed-by: manual app.kubernetes.io/name: prowlarr app.kubernetes.io/part-of: servarr + strategy: + type: Recreate template: metadata: labels: @@ -20,39 +27,28 @@ spec: app.kubernetes.io/name: prowlarr app.kubernetes.io/part-of: servarr spec: + nodeName: "mieshu.tyil.net" containers: - - name: prowlarr - image: cr.hotio.dev/hotio/prowlarr:nightly - ports: - - containerPort: 9696 - volumeMounts: - - name: config - subPath: config - mountPath: /config + - image: cr.hotio.dev/hotio/prowlarr:nightly + name: prowlarr env: - - name: GUID - valueFrom: - configMapKeyRef: - name: servarr - key: groupId - - name: PUID - valueFrom: - configMapKeyRef: - name: servarr - key: userId - name: TZ - valueFrom: - configMapKeyRef: - name: servarr - key: timezone + value: "Europe/Amsterdam" - name: UMASK - valueFrom: - configMapKeyRef: - name: servarr - key: umask + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 9696 + volumeMounts: + - mountPath: /config + name: config + restartPolicy: Always volumes: - name: config hostPath: + path: /etc/servarr/prowlarr type: Directory - path: /srv/servarr/prowlarr ... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/ingress.yaml index dcffc36..1043a2d 100644 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/ingress.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/ingress.yaml @@ -9,19 +9,16 @@ metadata: app.kubernetes.io/managed-by: manual app.kubernetes.io/name: prowlarr app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd spec: - ingressClassName: "nginx" + ingressClassName: traefik + tls: + - hosts: + - prowlarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.prowlarr rules: - - host: prowl.arr.tyil.nl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: prowlarr - port: - number: 80 - host: prowlarr.arr.tyil.nl http: paths: diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/service.yaml new file mode 100644 index 0000000..ff16907 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: prowlarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prowlarr + app.kubernetes.io/part-of: servarr +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: prowlarr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 9696 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/deployment.yaml new file mode 100644 index 0000000..c49ccb0 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/deployment.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: radarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: radarr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: radarr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: radarr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: hotio/radarr:release + name: radarr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 8787 + volumeMounts: + - mountPath: /mnt/pool/media/anime-movies + name: anime-movies + - mountPath: /mnt/pool/media/movies + name: movies + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: anime-movies + hostPath: + path: /mnt/pool/media/anime-movies + type: Directory + - name: movies + hostPath: + path: /mnt/pool/media/movies + type: Directory + - name: config + hostPath: + path: /etc/servarr/radarr + type: Directory +... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/ingress.yaml index 3950a97..ace583f 100644 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/ingress.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/ingress.yaml @@ -9,19 +9,16 @@ metadata: app.kubernetes.io/managed-by: manual app.kubernetes.io/name: radarr app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd spec: - ingressClassName: "nginx" + ingressClassName: traefik + tls: + - hosts: + - radarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.radarr rules: - - host: rad.arr.tyil.nl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: radarr - port: - number: 80 - host: radarr.arr.tyil.nl http: paths: diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/service.yaml index 9b8107c..28df782 100644 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/service.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/service.yaml @@ -16,7 +16,7 @@ spec: app.kubernetes.io/name: radarr app.kubernetes.io/part-of: servarr ports: - - protocol: TCP + - name: http port: 80 targetPort: 7878 ... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/deployment.yaml index dc97919..a266b8d 100644 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/deployment.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/deployment.yaml @@ -4,6 +4,11 @@ kind: Deployment metadata: name: readarr namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: readarr + app.kubernetes.io/part-of: servarr spec: replicas: 1 selector: @@ -12,6 +17,8 @@ spec: app.kubernetes.io/managed-by: manual app.kubernetes.io/name: readarr app.kubernetes.io/part-of: servarr + strategy: + type: Recreate template: metadata: labels: @@ -20,44 +27,34 @@ spec: app.kubernetes.io/name: readarr app.kubernetes.io/part-of: servarr spec: + nodeName: "mieshu.tyil.net" containers: - - name: readarr - image: hotio/readarr:testing - ports: - - containerPort: 8787 - volumeMounts: - - name: config - mountPath: /config - - name: media - mountPath: /mnt/media + - image: hotio/readarr:testing + name: readarr env: - - name: GUID - valueFrom: - configMapKeyRef: - name: servarr - key: groupId - - name: PUID - valueFrom: - configMapKeyRef: - name: servarr - key: userId - name: TZ - valueFrom: - configMapKeyRef: - name: servarr - key: timezone + value: "Europe/Amsterdam" - name: UMASK - valueFrom: - configMapKeyRef: - name: servarr - key: umask + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 8787 + volumeMounts: + - mountPath: /mnt/pool/media/books + name: books + - mountPath: /config + name: config + restartPolicy: Always volumes: + - name: books + hostPath: + path: /mnt/pool/media/books + type: Directory - name: config hostPath: - type: DirectoryOrCreate - path: /srv/servarr/readarr/config - - name: media - nfs: - server: 10.57.100.7 - path: /mnt/media + path: /etc/servarr/readarr + type: Directory ... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/ingress.yaml index 17e0e7f..94aa05e 100644 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/ingress.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/ingress.yaml @@ -9,19 +9,16 @@ metadata: app.kubernetes.io/managed-by: manual app.kubernetes.io/name: readarr app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd spec: - ingressClassName: "nginx" + ingressClassName: traefik + tls: + - hosts: + - readarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.readarr rules: - - host: read.arr.tyil.nl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: readarr - port: - number: 80 - host: readarr.arr.tyil.nl http: paths: diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/service.yaml index 43e01c8..3d6cdc7 100644 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/service.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/service.yaml @@ -16,7 +16,7 @@ spec: app.kubernetes.io/name: readarr app.kubernetes.io/part-of: servarr ports: - - protocol: TCP + - name: http port: 80 targetPort: 8787 ... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/deployment.yaml new file mode 100644 index 0000000..126acfe --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/deployment.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sonarr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sonarr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sonarr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: sonarr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: hotio/sonarr:release + name: sonarr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 8787 + volumeMounts: + - mountPath: /mnt/pool/media/anime-series + name: anime-series + - mountPath: /mnt/pool/media/series + name: series + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: anime-series + hostPath: + path: /mnt/pool/media/anime-series + type: Directory + - name: series + hostPath: + path: /mnt/pool/media/series + type: Directory + - name: config + hostPath: + path: /etc/servarr/sonarr + type: Directory +... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/ingress.yaml index a053682..e53868a 100644 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/ingress.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/ingress.yaml @@ -9,19 +9,16 @@ metadata: app.kubernetes.io/managed-by: manual app.kubernetes.io/name: sonarr app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd spec: - ingressClassName: "nginx" + ingressClassName: traefik + tls: + - hosts: + - sonarr.arr.tyil.nl + secretName: tls-nl.tyil.arr.sonarr rules: - - host: son.arr.tyil.nl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: sonarr - port: - number: 80 - host: sonarr.arr.tyil.nl http: paths: diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/service.yaml index 9db5fb2..5251050 100644 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/service.yaml +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/service.yaml @@ -16,7 +16,7 @@ spec: app.kubernetes.io/name: sonarr app.kubernetes.io/part-of: servarr ports: - - protocol: TCP + - name: http port: 80 targetPort: 8989 ... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/unpackerr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/unpackerr/deployment.yaml new file mode 100644 index 0000000..d54c478 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/unpackerr/deployment.yaml @@ -0,0 +1,88 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: unpackerr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: unpackerr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: unpackerr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: unpackerr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: golift/unpackerr:latest + name: unpackerr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + volumeMounts: + - mountPath: /mnt/pool/media/anime-movies + name: anime-movies + - mountPath: /mnt/pool/media/anime-series + name: anime-series + - mountPath: /mnt/pool/media/books + name: books + - mountPath: /mnt/pool/media/movies + name: movies + - mountPath: /mnt/pool/media/music + name: music + - mountPath: /mnt/pool/media/series + name: series + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: anime-series + hostPath: + path: /mnt/pool/media/anime-series + type: Directory + - name: anime-movies + hostPath: + path: /mnt/pool/media/anime-movies + type: Directory + - name: books + hostPath: + path: /mnt/pool/media/books + type: Directory + - name: movies + hostPath: + path: /mnt/pool/media/movies + type: Directory + - name: music + hostPath: + path: /mnt/pool/media/music + type: Directory + - name: series + hostPath: + path: /mnt/pool/media/series + type: Directory + - name: config + hostPath: + path: /etc/servarr/unpackerr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/deployment.yaml new file mode 100644 index 0000000..f650a60 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/deployment.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: whisparr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr + spec: + nodeName: "mieshu.tyil.net" + containers: + - image: cr.hotio.dev/hotio/whisparr:nightly + name: whisparr + env: + - name: TZ + value: "Europe/Amsterdam" + - name: UMASK + value: "002" + - name: GUID + value: "169" + - name: PUID + value: "169" + ports: + - containerPort: 6969 + volumeMounts: + - mountPath: /mnt/pool/media/porn + name: porn + - mountPath: /config + name: config + restartPolicy: Always + volumes: + - name: porn + hostPath: + path: /mnt/pool/media/porn + type: Directory + - name: config + hostPath: + path: /etc/servarr/whisparr + type: Directory +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/ingress.yaml new file mode 100644 index 0000000..a71692c --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: whisparr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - whisparr.arr.tyil.nl + secretName: tls-nl.tyil.arr.whisparr + rules: + - host: whisparr.arr.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: whisparr + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/service.yaml new file mode 100644 index 0000000..abafcaf --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: whisparr + namespace: servarr + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: whisparr + app.kubernetes.io/part-of: servarr + ports: + - name: http + port: 80 + targetPort: 6969 +... diff --git a/data.d/k8s-master/manifests.d/base-system/helm-controller.yaml b/data.d/k8s-master/manifests.d/base-system/helm-controller.yaml new file mode 100644 index 0000000..cd5895b --- /dev/null +++ b/data.d/k8s-master/manifests.d/base-system/helm-controller.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: helm-controller + namespace: base-system + labels: + app: helm-controller +spec: + replicas: 1 + selector: + matchLabels: + app: helm-controller + template: + metadata: + labels: + app: helm-controller + spec: + containers: + - name: helm-controller + image: rancher/helm-controller:v0.12.1 + command: ["helm-controller"] +... diff --git a/playbooks.d/k3s-master/manifests/namespaces/base-system.yaml b/data.d/k8s-master/manifests.d/namespaces.yaml index 78d7ab7..78d7ab7 100644 --- a/playbooks.d/k3s-master/manifests/namespaces/base-system.yaml +++ b/data.d/k8s-master/manifests.d/namespaces.yaml diff --git a/data.d/vpn-tinc/hosts/anoia_tyil_net b/data.d/vpn-tinc/hosts/anoia_tyil_net new file mode 100644 index 0000000..ff46bf7 --- /dev/null +++ b/data.d/vpn-tinc/hosts/anoia_tyil_net @@ -0,0 +1,17 @@ +Subnet = 10.57.100.3/32 +Subnet = fd68:1057:1992:3381:0:3317:0:2/128 + +Ed25519PublicKey = 04G6200IYDzDT3H0Yj6ZjQUIUc8tCIvzPaXmyk36e2M +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAt+7D3zRySAfd9cYnMSNhp/yRnBygmnfLdKm/dH9X7QbJ1BNcQpTP +I1RmC9lNlWABhB46DJUqQAQeGlZPUHxbCnmdDN6HyDaSA45m/yGUbVhN/ClK7iap +EXfNmxZbtE4eBHDz5DsFe7i2nla4gogyiUQsvRgIP2b2v9qzBhqf2kXwv0X+n7hv +HvQOdN60x/xm1+Vh6wsdX2HYatEh3dy1pfj+1RCQIWV1FDS1YVbFZFb1UJz917G/ +DIpM/Cb/3txH0ffVh2NVqFBW3kd60Cs42/6htpHucBQ1dRVZUCKKWz1sgi5H4nty +HdPDPwOphrvNE7kXjvhkPIif1KtCr2SLwOK0UXR9iZtWuDH/Uxn2v7ofa0a3zKGf +yPrVwzhciv2cdbXPiTFyAS8YbpQUQTcuqDVi1AxE8Z0KmuvgBtTtAzMDyoTLOfzS +yZ3a0qQhX3nvLkXWh7cA7cquuP4LgP5iY1vJSRO2EZA61/WdKs8asl0EN8Zn8EEz +opnvcM3M0ptBZy1Dz2X6Lz0QliQrzajmSRhfUMTOq3ARvnLsES14ZqehavH5Ntms +G1OVdVnd7fqibMhWz/dKiB3uG+1e39isTPW3+22MEm4R0ngfF6olZ8SdHrIWFPW8 +bvdzf7ebFrjuqi6qN/NdUwrzWdDGU83W2xEBsHHbHcoKaB2uwcCKvjcCAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/playbooks.d/vpn-tinc/share/hosts/caeghi_tyil_net b/data.d/vpn-tinc/hosts/caeghi_tyil_net index c5d5b05..7816713 100644 --- a/playbooks.d/vpn-tinc/share/hosts/caeghi_tyil_net +++ b/data.d/vpn-tinc/hosts/caeghi_tyil_net @@ -1,5 +1,7 @@ Address = 116.202.102.33 +Address = 2a01:4f8:c010:ca5::1 Subnet = 10.57.20.2/32 +Subnet = fd68:1057:1992:3381:0:1:0:1 -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEA2abFKFB1Dr1YMcAIWcy/2+jJn+suPyiQjz6vgt476P9a/I7SUCta diff --git a/playbooks.d/vpn-tinc/share/hosts/edephas_tyil_net b/data.d/vpn-tinc/hosts/edephas_tyil_net index 6e095bb..e0e2f3b 100644 --- a/playbooks.d/vpn-tinc/share/hosts/edephas_tyil_net +++ b/data.d/vpn-tinc/hosts/edephas_tyil_net @@ -1,4 +1,5 @@ Subnet = 10.57.100.7/32 +Subnet = fd68:1057:1992:3381:0:3317:0:1/128 -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEApxmzAXv4Mch5FP5AxHmpvHjkJGxcegbFzdFzHjhdLDJ9MQQZdM1p diff --git a/playbooks.d/vpn-tinc/share/hosts/faiwoo_tyil_net b/data.d/vpn-tinc/hosts/faiwoo_tyil_net index f5eb8f3..1a7aeac 100644 --- a/playbooks.d/vpn-tinc/share/hosts/faiwoo_tyil_net +++ b/data.d/vpn-tinc/hosts/faiwoo_tyil_net @@ -1,5 +1,7 @@ Address = 65.21.5.254 +Address = 2a01:4f9:c010:e20c::1 Subnet = 10.57.20.5/32 +Subnet = fd68:1057:1992:3381:0:1:1:2 -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEA3nBf2UWehfNWNrR6i4HJp64aPYI5SpV/7LplRwqXcmnJuHmQJ8Ht diff --git a/data.d/vpn-tinc/hosts/gaeru_tyil_net b/data.d/vpn-tinc/hosts/gaeru_tyil_net new file mode 100644 index 0000000..d947b01 --- /dev/null +++ b/data.d/vpn-tinc/hosts/gaeru_tyil_net @@ -0,0 +1,17 @@ +Address = 37.48.120.26 +Subnet = 10.57.20.6/32 +Subnet = fd68:1057:1992:3381:0:2:0:1 + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAvoIVYdxmypwYxZh89WAQDjpNWs8TDhn/mQVRy+WPqT39HCkHhOab +6GN8Ktsi6WU6arxL3PKfRzyXJhFbVktfzgHv6fKuBZwWSZM/qQ5T7DmtUkHv4NPB +AaRCDD1vkK0oGjX/BYOVCo9oCfaGWheAg/usw2XLZE+nz3FSb4GBs6vRQV95D7Px +v8/vmBJSfd3dIRvf0C6fvSSLH2Caq2E2cnKB+CG6F/1qbvhbppVnMJTySR+xCbW/ +YQv1pqND5TYZ0KZ8YuPmjxsd23L6roZJBgBbsiUPWktnKyUP2MEjrpZLcpD7Hnj8 +Qs1bkIdpz9Lj1i8g+k02IfoeRsSi0sf+hbyXovjHLfmdDoEeCtwbrL+JMPCtmzuS +S+AMIpWW4x74o0YNKgXFbjj179+BCVBXzGJBjoJ1dS1r/xDi97m5UxVVK6hfocBc +5x42h0Oc/b20lzoQ1Ixk+qRa71gEAa4OQgwDAKgQZnLgnmqq8mSU/x+f7pcRNGf5 +M/Ae6+rnOghLihReYpw09UinZT7Wqcp1MgAnsYqDohsJe5lEMfJkUS9zdLXlzlpv +PnAEknM4Nb2I3xEeHIeAnD0ZfzY81Jp+sfxdArGv+Hu+s9nTChlC8HlpVIsdUOFo +mVD3iOVvNEjR8LqfWexkhlG3qr69bzUUiguRLJicPaKZRJ68IOsX5EsCAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/data.d/vpn-tinc/hosts/jaomox_tyil_net b/data.d/vpn-tinc/hosts/jaomox_tyil_net new file mode 100644 index 0000000..c440db1 --- /dev/null +++ b/data.d/vpn-tinc/hosts/jaomox_tyil_net @@ -0,0 +1,17 @@ +Address = 163.172.218.246 +Subnet = 10.57.21.1/32 +Subnet = fd68:1057:1992:3381:0:3:3:1 + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAuIBWktCuiEBGV0xDHqXXyUNXjfKf4WWKjCYmA3eFbVMEDinoZef3 +wHTtLuEieJ5kA7xjaYBLCSenaj1RSQQt+tUaLoB2/gARTLteuUCuBjkO4/+h7UOd ++GaqR7+w6mkHaB/03Bl07loEZhgHA6Acrufg2jV0n9krOqv3opk8zrLN3BdwSrXE ++ZWZIqgakDVmQzc57VZEb3O8wZzNHmAZXIiv4gkvKs59sVvSfcPEMywo2cSPPfK9 +UdaZiejjymDY9kbzcp26cwfsksvwxewZk0JKYK9kx96DC97amTZYeEKCkuy4cSZF +qSWcxSfoNkFXYas/UCy7kPegyim9ZMshfzV8dH5HHpvMsaIaMH5674U+LCoViN57 +AD1AabNXSAKuI3KGDJhSC2TDgMbXrj8dV9Sc+hLwwqwi14M6ld7MZBfEQ8Jma+Hz +14Ps2t3p3tZeoeEcySJCvU2nw4i5lkHjsObcgw7g5IaW2u/wYsPi3nprcz1HmUXW +PUHWaOLzLc79xGVq/xKcxyHS0yqrlfa26j6IMc8OaBwIdJW+cyNnlb/xjxwyMEsW +wdGNn2U7FYxatxGfnRWnSn68lJX5RUQsAX0Wnw4cJruyytt3Xq3fZfX0F0dLRiVo +tmfbogj+5ajBKw747CaZgczhMIxWpjzC/JwHXWa0kEuRhC7U90D5mqkCAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/data.d/vpn-tinc/hosts/ludifah_tyil_net b/data.d/vpn-tinc/hosts/ludifah_tyil_net new file mode 100644 index 0000000..c236163 --- /dev/null +++ b/data.d/vpn-tinc/hosts/ludifah_tyil_net @@ -0,0 +1,16 @@ +Subnet = 10.57.100.9/32 +Subnet = fd68:1057:1992:3381:0:3317:0:4/128 + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEA2pXuIIPoQhWLzTSsO0bvgkQ1+7RgqPVv8b6zNfmRUfj2uKy3OZEn +HS5TfmukDtHev/Z2p/UmBSHtaMT2/G+Nz7ogT0rMRBtjAk+DR9FYFz75zmsjQuFQ +U+deh/fQgrpsEDiNmapRtM6EwYYH/A/0MJ2eN9HPVUB864mN79ZfEhTWMbv6khbq +VwqAd+9GbjfRPLqifRpS9LuspXNpCBOl+r5l7+T1llN/BUgs71BVWbssaRUH7B2I +rS9qjhWfUN9RC3PX98yVbzTOeL/jxNn57eOr/KUDtRpqQwy2zFTAxT+d+X37abYK +OyHXBs3rLtpleoh6Hw9UNwLDUVfjpcrxwgFEogJosiA+CBG26b5H6mm+updkyKTE +4r5y1+8dLQpmaLIaI7KFbPJTUaJvfGRwzulA/lDRdmZaetrHKrMqZyQ4M1Yq67Ba +0cqDQEvnY/XoKTJTgNxn8cWMKm+biB7zs/92pKKPRmv6DQ+gjrDTepn5XzVbIFS9 +GM30AqQiqoNL0PbTYWMPQmznEJo8LyehWr621/GARLTMFa3Pp7eGm7Afwy4zA4hG +AZLNXdEE7YMVoQUHWfiTGUl9yxX7o6g3gdZloAwGjeGB7BHOmi4SJEg1hUJ8wOn8 +wtnjybxDTxdRkQ2RMdlsfSGZsu7jUxSjnPvwLWH/2cHXSmencQXOhTUCAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/data.d/vpn-tinc/hosts/mieshu_tyil_net b/data.d/vpn-tinc/hosts/mieshu_tyil_net new file mode 100644 index 0000000..7e3c050 --- /dev/null +++ b/data.d/vpn-tinc/hosts/mieshu_tyil_net @@ -0,0 +1,18 @@ +Address = 2a10:3781:2453:1:4950:47ce:f8db:1fed +Subnet = 10.57.101.10/32 +Subnet = fd68:1057:1992:3381:0:3317:3:1/128 + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAtanpLzqjn0nFSeGBxJvVlTsmkXLkXa5QZZkXg4P6xGcXkIq38DV5 +sxpRxHfnL7gWap7K/6VffMmKk/hryob6PRREGjzff2JX72JTskdZh8yXv/9CWD4p +HCaICKz7Rfq6XdrERuSdIDQ+nRTsvQrotbBky7O7BgpT6kHasVpIVRlhjppuZqIM +Vt3U3pTHFR5ltrZlTmHxkuXH2KFlpZuBkqCwfSdrKjkeJke/pJo+BKBPBVJZzE7p +lRxrLJmshdlixoW0A2x5O+kvy75Zd2Nche2si8VJytOaKbOD1frRXZEC0Njz6PtB +Egje+6b49d9v3/EO8va6Gqf83Ef2PDbYc7Ev2aFqCyB+mlkYNUGUM4NXsSUyyY7/ +JroKpchNAVOabFSwdZ05iHsCBG1+IUimT/u2OjQpfcA6jjG5EoY3udgyI0jt8LHj +LnhkKjS+bCxvrfZ7eVY8ZRSGUjKNNG9QuTiVDBqndWCMrZMykuJuLElpchQym7ib +KaMzsrcVpDVqKi6EpkI1lMMT8RuD2reLqp/few5+bnJ28q5EaxdO5HNGb5R/GUMu +20Zl05WAFdlsmyL2K1+1tEUOqphFb3PwfJwLmyZbiNcg4l3E8thz0dRoZtfozNQH +DlsCy8vIsUQrcc10Qe3PtI3zaJbNnFkrLEUv92CmsDRbC6cuTB9cNaUCAwEAAQ== +-----END RSA PUBLIC KEY----- +Ed25519PublicKey = uhJdCV4h/0W+1QWzOlne2BWDX6G/d27QPHdDwNZjUMB diff --git a/data.d/vpn-tinc/hosts/nouki_tyil_net b/data.d/vpn-tinc/hosts/nouki_tyil_net new file mode 100644 index 0000000..b31d087 --- /dev/null +++ b/data.d/vpn-tinc/hosts/nouki_tyil_net @@ -0,0 +1,18 @@ +Address = 2a10:3781:2453:1:b4e0:9393:3c64:7fd8 +Subnet = 10.57.101.20/32 +Subnet = fd68:1057:1992:3381:0:2:3317:1/128 + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAvBBrlZ9vU+LiW30AWQAMfJDMH4IJcr3CuQNWqnYs7xRKtAE3Rqnc +OjMFavgyCnMZd0SAguQYzFRY4jUlM7FtznmeMaf21/9/qfBQRRpCaKB/6frQfieY +NA1eDgE+nfLn5i2l8Of2LBM7YNjhkLGMqgTU1rZUOkD8wv1pn8Z5YpwGISmBAk5o +S4HfbFGq4QpLR4IW33qmmWUUHU5saBHde/MuJyxgff7BtLg6Z5kgaAyG/Oj0NM1W +96KC4u6QjIxeHLVHy4FI298JXMm7txuIGmb3D5hcpFb3Yh5hE9RXAV6aBN3p1s+c ++L8YANlQZTAAlzNveHLF8TKtQa0CVBM3Y4TIpwpFlRGrPpPqExnoAw8pCvjAsUbZ +XvJwNWH6ifo9Snf1Ww3d6zv8at0+ULxIlWAW0AGwDThMJx8qalqyiv1r8eNjANXw +qPXH9f49iZ4OwPgoWC91AQSjgrVKuZStRbjHzalbjDidpLTLceMvjg+MExLzbzpj +Jl4AIp0Oxn9GLEiiVMuvPvfViF0wf3EzQl0GVYdZrftwozJU9/I3hSETl8ISAVa2 +vxm0nzw1d5eZ3MPj36t7K4sNDbIasqJLMDbIHNFhA2GjsP3WlX2eHNY2lThbhScG +qqm4q3bdVo3VCgh0iiMJchw0m7PVntF0FMC6Ghxwcds7u2CsrsBK738CAwEAAQ== +-----END RSA PUBLIC KEY----- +Ed25519PublicKey = z6XeVexx6bPgOqM4LA3Jg0hZehhZZRo/KCM+sf0po/H diff --git a/data.d/vpn-tinc/hosts/oolah_tyil_net b/data.d/vpn-tinc/hosts/oolah_tyil_net new file mode 100644 index 0000000..e5d0e66 --- /dev/null +++ b/data.d/vpn-tinc/hosts/oolah_tyil_net @@ -0,0 +1,17 @@ +Address = 2a10:3781:2453:1:7aaf:8ff:fe7a:9ba8 +Subnet = 10.57.101.1/32 +Subnet = fd68:1057:1992:3381:0:3317:1:1/128 + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEA3uaxPI2q7VPAVOh4D9u8b6kSFXNMLtvJQozlhH/Hr3+5Cv/wfKlB +vMPnavGf2J4dlw4d0EoYCCD8k84NkvWCcaXnCpRy80zVQmge2OLaIU7zScCAAqpj +BvCF5q9AbeeI0hxdD8sJI0yYjWpdxsS3tN63kTm0JeYSfrMIwNOoajMUuYOApDB4 +JpZCR3SEgnbkTXsr0uWWUQs9IPnrn2BtwfaN3YDK0KQal36eDwNYiInFutfgWMMh +6WmBLJwNtU4OA68sifs9HGqAkJe+M+Ro43/n8BtUgkNH+RnAtwegZgAWLMMkEoPL +WAGumBsg1QwxLfmSZovUTe4QFFqEYSFhRzRVUTvvBYJI/GGRBBx7igKsc3rfTH6S +Pm483NYeXdNri90Wf77rpfJuEWXtNk9TVRniSHEcs7jxsCs0wxTDE5ozKw3xhlY8 +ezWdbZnY6YKXyvJnHE+Wbe4bO3yt2lPB5Xli7OyGm9TP9TeXnhM60Q12KOIYxhBw +NO7MnyrIAvV3rURaMNJQdDJEtTstgxnXsEjtTQHhduw6RqbDf3Pjz/8XNqium/ss +ifhXawQL6aTzU3N0z/MVh4yYE/svcV36Eh8whnRVGD/p41WwaqDOeAxpxlkB7/rZ +ROujwLLJG4hFHefPtU0cdrFi/oQVGjvywJRro2eqMjPRBwfBELDTTEUCAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/data.d/vpn-tinc/hosts/plarabe_tyil_net b/data.d/vpn-tinc/hosts/plarabe_tyil_net new file mode 100644 index 0000000..0d2a970 --- /dev/null +++ b/data.d/vpn-tinc/hosts/plarabe_tyil_net @@ -0,0 +1,16 @@ +Subnet = 10.57.100.10/32 +Subnet = fd68:1057:1992:3381:0:3317:0:3 + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAvply9cPmEi7zqZEqIEYpTisk+OJvIOXhEL1uwz3ntf8z/1CjG7bq +lGCtgwEx4ilQ4M4JUp5Y+7DSt2JQmpzfunQszhVNSNIBm57iLM7pkhfr6LEXglfW +eGe8nFv4Kph8D+N0kY9xdRIMDCDxvcsdaMcnjCBs+NoGXeF0Yl2Z1pXw0jU4bAe4 +JfXT/AvuvOrBTXVZ+vzqiKbOCxJRK6gWeyfs3gnHTgSQ2eOjyYFOLkTAxnYmFLkO +DPkhQ/s1QviqYFgvJ0of99Q9WnyK7Ki1w5Wx46qoh05ic9FwJ5/AV/1s83TDvUfD +YiVtsdLQxwZcsiXfLa1whisDRy0z93CrnzrVOTEncxo3tGu+Fmz43h5NgQLnIxKq +EWT7SOA0yvyynNRpWmav7XEfWMFJAw08Cz3hlCK+nYAL9w92PIMOVxGQ9QpWcQTb +bxkKNF9A08GKUb3OHjxM3Va+7f4/Ju8fQJ5Ce7UvGAaoWIVSIdO/bWtaKBLpSNou +kgvpyyuOCAMfBFD1c44m8pqtHBfkM6dH5Yp55dV4Q249/E5r/6nErwBYtAcUdRcu +9Tchbc5nLynfRwmG8xVG+sNS/Vmp3S0BFVzqrnmKvB3j5GqU2GZIP7TcWgzf+Y4t +E5mGIbAjTSw7DCqodMzl8MDQqSaauB5rSpy+TfFnw3dsImQyfXN7Lm8CAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/data.d/vpn-tinc/hosts/qohrei_tyil_net b/data.d/vpn-tinc/hosts/qohrei_tyil_net new file mode 100644 index 0000000..f38fc9c --- /dev/null +++ b/data.d/vpn-tinc/hosts/qohrei_tyil_net @@ -0,0 +1,18 @@ +Address = 37.27.37.131 +Address = 2a01:4f9:c012:6273::1 +Subnet = 10.57.250.250/32 +Subnet = fd68:1057:1992:3381:0:1:1:1 + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEA3xeAUoTfq/aF4/y9+O8gmYM733srXyqtXuA7HKfeDOsmGO1myVOo +YIOp0NnXLXB+IorfDe1yHxHOgZrIWib6Hh1fKNJ62to2+X5015ubiQfd3hC2+sCP +BJGTwfcWmZ44fo8Pnbxa7ZJkqcqNs/3NPtg5I+yQ8shRF7B/7Am4mwL15tnqsThG +07BxqvUcxvYJs6MZvDIcNMYbalOs5JQDBkcqi+ekkR92S3qjpKBGoBzjA5tIklNv +OC4FERxNVfxYHufrbpQv9Uh8L4Z6D9XDIf787LYCu721wNk30y4xQXojCniqPvRc +KQWMMyElw8E7h+EPPEbCWKF6dnWUOYcK5baPDlRosOLS1V/2WvP3bpcfrseMw+Zp +EKXf60T9iva4VMRgHmo5nI4m8fj4KzEYGXfm7iNVXvvX3pdZQSvDyenEo9oV9CaR +IFUhNuK1ATCiRcJif9jRG1iH0XQ83eT4EEIMXhot+e94K1dV+icYZQ8ig/F47B8c +C8absE5zgwMtbKTpUI9tIRLAazMkp2eHkrPGDRc6ccSzpE3NIJ/Ba7mMO7dC9ukw +XsE7S1kLEO6im8v823EIvtuHle098rqDjljtm+R3blTXyAUIdvqteKHY/b2LSqPZ +OSnpvQ9/qjlIscAMLqQLFUjmCesJV0Bn2C6xDvgBoI31Ye9KEEXmGQsCAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/data.d/vpn-tinc/hosts/ricui_tyil_net b/data.d/vpn-tinc/hosts/ricui_tyil_net new file mode 100644 index 0000000..02d4cb7 --- /dev/null +++ b/data.d/vpn-tinc/hosts/ricui_tyil_net @@ -0,0 +1,17 @@ +Subnet = 10.57.20.7/32 +Subnet = fd68:1057:1992:3381:0:1:1:3/128 + + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEA3d5Kb3dOU9qaDko7jbmSwQ8heCVdJtNYV5biGDoqz4KdxFafsDKD +Fd/kH2YnquqSDmtHwxX3fIovnV3PQExqXPTbDWUa5WjR5HOi9JZUIjlyY1YJol6G +KY0c3YHUB0D1qiZCo07vCO+E/RNxeS/GYtugVwEQD9DeIzI8uTOYx+cCEzn6XSbV +bEZ02cBjgjx0CctBEDKl9dVTzKc/ijSU/U4MtUbC5u5OnyL0+E7uzU05Yc1ucHuY +QcchyYZ/o9liNXQ3K680KHnnYiy4ywOD/9hLOTMC5fKtoSp2s+Q5e7Fjy3AXrVY2 +xgywp3id2VOdbvcOPDwxrzLIj0ndjNAlPG4P6y3XTloe3wkKawXIl1mtcolIsl8u +stfXSU5S+JQa3M2tFpJKPQUYdjq+jbc/O7epNQWbMzd5N/EyG42fcP0gV6MWGzoA +Ns+/JePxzToD/FlXAXqoS+1DFPBxM7O+CjEGjFc0wPCATR8jGzOyHBaMaYgjbkaZ +KI+uvtusAjDLR9NPHsaqLNURUcVs5ZLTYtUfHD2vyL6njbJlKVgnqcID34hbXF6k +FZ8k0CH3QWzmS5ZTBLD95i4uL48cYIf/4vuapYigzntaxUju1azejMN7ACMZm2iQ +hIA1TfNVsrMLTNjfiMqgvXSUfa3MtoBU7OrVEuyDQRJJuw+mwecwms8CAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/data.d/vpn-wireguard/.gitignore b/data.d/vpn-wireguard/.gitignore new file mode 100644 index 0000000..ae60a25 --- /dev/null +++ b/data.d/vpn-wireguard/.gitignore @@ -0,0 +1 @@ +privkey diff --git a/data.d/vpn-wireguard/hooks/post-up b/data.d/vpn-wireguard/hooks/post-up new file mode 100755 index 0000000..b200922 --- /dev/null +++ b/data.d/vpn-wireguard/hooks/post-up @@ -0,0 +1,44 @@ +#!/usr/bin/env bash + +readonly COLOR_RESET="\033[0m" +readonly COLOR_OK="\033[32;1m" +readonly COLOR_NOK="\033[31;1m" + +main() { + printf "Verifying connectability...\n" + + # Ping all known hosts, as it seems that the wireguard interface comes up when + # only after it gets used on the machine itself. + while read -r addr; + do + check "$addr" & + done < <(awk -F= '/vpn-wireguard.ipv(4|6)=/ { print $NF }' /etc/bashtard/hosts.d/*) + + wait +} + +check() { + local addr="$1" + + if ping -c 1 -q -w 1 "$addr" > /dev/null + then + log OK "$addr" + else + log NOK "$addr" + fi +} + +log() { + local state="$1" + local addr="$2" + local color="$COLOR_NOK" + + if [[ $state == "OK" ]] + then + color="$COLOR_OK" + fi + + printf "%b%3s%b: %s\n" "$color" "$state" "$COLOR_RESET" "$addr" >&2 +} + +main "$@" diff --git a/data.d/vpn-wireguard/peers/faiwoo.tyil.net b/data.d/vpn-wireguard/peers/faiwoo.tyil.net new file mode 100644 index 0000000..a0d9b00 --- /dev/null +++ b/data.d/vpn-wireguard/peers/faiwoo.tyil.net @@ -0,0 +1,5 @@ +[Peer] +AllowedIPs = fd68:1058:1992:3381:0:1:1:2/128,10.58.1.2/32 +Endpoint = [2a01:4f9:c010:e20c::1]:51820 +PublicKey = VFum7R3gltUKMhx8XHDYpPHJzVmgb9cuYSKyIEyOKkc= +PersistentKeepalive = 10 diff --git a/data.d/vpn-wireguard/peers/jaomox.tyil.net b/data.d/vpn-wireguard/peers/jaomox.tyil.net new file mode 100644 index 0000000..d5ca415 --- /dev/null +++ b/data.d/vpn-wireguard/peers/jaomox.tyil.net @@ -0,0 +1,5 @@ +[Peer] +AllowedIPs = fd68:1058:1992:3381:0:3:3:1/128,10.58.3.1/32 +Endpoint = [163.172.218.246]:51820 +PublicKey = gn9hMP+0mljBktybTlPDMI+/QIWNyk1lKO46o8cY82A= +PersistentKeepalive = 10 diff --git a/data.d/vpn-wireguard/peers/mieshu.tyil.net b/data.d/vpn-wireguard/peers/mieshu.tyil.net new file mode 100644 index 0000000..edd7dbc --- /dev/null +++ b/data.d/vpn-wireguard/peers/mieshu.tyil.net @@ -0,0 +1,5 @@ +[Peer] +AllowedIPs = fd68:1058:1992:3381:0:3:3317:2/128,10.58.3.2/32 +Endpoint = [2a10:3781:2453:1:7aaf:8ff:fe7a:9ba8]:51820 +PublicKey = gY8H+0sKzjr1hGLtsF+dTJsTM746k3Ufw6BczudRMmQ= +PersistentKeepalive = 10 diff --git a/data.d/vpn-wireguard/peers/nouki.tyil.net b/data.d/vpn-wireguard/peers/nouki.tyil.net new file mode 100644 index 0000000..d93f1ba --- /dev/null +++ b/data.d/vpn-wireguard/peers/nouki.tyil.net @@ -0,0 +1,5 @@ +[Peer] +AllowedIPs = fd68:1058:1992:3381:0:2:3317:1/128,10.58.2.1/32 +Endpoint = [2a10:3781:2453:1:c8cb:d1a:bc0:dc38]:51820 +PublicKey = geCOglWhIHapf8V/5GuQglEcSJhBqUAP6GKOkZqC9Rg= +PersistentKeepalive = 10 diff --git a/data.d/vpn-wireguard/peers/qohrei.tyil.net b/data.d/vpn-wireguard/peers/qohrei.tyil.net new file mode 100644 index 0000000..9ad882b --- /dev/null +++ b/data.d/vpn-wireguard/peers/qohrei.tyil.net @@ -0,0 +1,5 @@ +[Peer] +AllowedIPs = fd68:1058:1992:3381:0:1:1:1/128,10.58.1.1/32 +Endpoint = [2a01:4f9:c012:6273::1]:51820 +PublicKey = 944GFpkZnrVRziBBR1ST52PDwuFjW/XfXwggmLH46E8= +PersistentKeepalive = 10 diff --git a/data.d/vpn-wireguard/peers/ricui.tyil.net b/data.d/vpn-wireguard/peers/ricui.tyil.net new file mode 100644 index 0000000..41ad9f9 --- /dev/null +++ b/data.d/vpn-wireguard/peers/ricui.tyil.net @@ -0,0 +1,5 @@ +[Peer] +AllowedIPs = fd68:1058:1992:3381:0:1:1:3/128,10.58.1.3/32 +Endpoint = [2a01:4f8:1c1b:67d7::1]:51820 +PublicKey = sEMRuNGxTLUsUocC9Oq2WSpuBTFjHBdssaSNXCzmx0Y= +PersistentKeepalive = 10 @@ -1,13 +1,56 @@ bashtard.backup.elements.0=filesystem bashtard.backup.fs.paths.0=/etc bashtard.backup.repositories.edephas=backup@edephas:{fqdn} -k3s.network.cidr.pods=10.57.40.0/20 -k3s.network.cidr.svcs=10.57.48.0/20 -k3s.network.service.dns=10.57.48.53 -k3s.flux.repo.url=ssh://git@10.57.100.7/srv/git/tyilnet dns.domain=tyil.net dns.upstream.0=185.181.61.24 dns.upstream.1=188.68.231.82 dns.upstream.2=51.83.172.84 dns.upstream.3=2a03:94e0:1804::1 dns.upstream.4=2001:470:71:6dc::53 +etc-nixos.path=/etc/nixos +etc-portage.path=/etc/portage +k3s-master.cluster-domain=k3s.tyil.nl +k3s-master.helm.apps.certmanager.chart=jetstack/cert-manager +k3s-master.helm.apps.certmanager.namespace=base-system +k3s-master.helm.apps.certmanager.values=certmanager.yaml +k3s-master.helm.repos.jetstack.url=https://charts.jetstack.io +k3s-master.service-node-port-min=1025 +k3s-node.cluster-domain=k3s.tyil.nl +k3s-node.entry.host=10.57.101.1 +k3s-node.service-node-port-min=1025 +k8s-master.flags.control-plane-endpoint=k8s.tyil.nl +k8s-master.flags.pod-network-cidr=fd68:1058:1992:8888::0/64 +k8s-master.flags.service-cidr=fd68:1058:1992:3381::80:0/108 +k8s-master.flags.service-dns-domain=k8s.tyil.nl +k8s-node.master.address=k8s.tyil.nl +k8s-node.node-ip&=vpn-wireguard.ipv6 +nftables.input.icmp.ipv4.policy=accept +nftables.input.icmp.ipv4.rate=2/second +nftables.input.icmp.ipv6.policy=accept +nftables.input.icmp.ipv6.rate=2/second +nftables.input.interfaces.lo.policy=accept +nftables.input.interfaces.tyilnet.policy=accept +nftables.input.interfaces.tyilnet1058.policy=accept +nftables.input.policy=drop +nftables.input.rules.mosh.policy=accept +nftables.input.rules.mosh.port=60000-61000 +nftables.input.rules.mosh.proto=udp +nftables.input.rules.ssh.policy=accept +nftables.input.rules.ssh.port=22 +nftables.input.rules.ssh.proto=tcp +nftables.input.rules.tincd.policy=accept +nftables.input.rules.tincd.port=655 +nftables.input.rules.tincd.proto=tcp,udp +nftables.input.rules.wireguard.policy=accept +nftables.input.rules.wireguard.port=51820 +nftables.input.rules.wireguard.proto=udp +nftables.input.state.established.policy=accept +nftables.input.state.invalid.policy=drop +nftables.input.state.related.policy=accept +seaweedfs-master.replication=100 +vpn-tinc.name=tyilnet +vpn-wireguard.interface=tyilnet1058 +vpn-wireguard.keepalive=10 +www-blog.generator=hugo +www-blog.path=/var/www/nl.tyil.www +www-blog.repository=https://git.tyil.nl/blog diff --git a/hosts.d/anoia.tyil.net b/hosts.d/anoia.tyil.net index e76c81b..40e23e4 100644 --- a/hosts.d/anoia.tyil.net +++ b/hosts.d/anoia.tyil.net @@ -1,4 +1,7 @@ -bashtard.backup.fs.paths.1=/home/tyil +bashtard.backup.fs.paths.1=/etc +bashtard.backup.fs.paths.2=/home/tyil +bashtard.backup.repositories.1=rsync.net:{fqdn} bashtard.ssh.host=10.57.100.3 meta.provider=self -vpn.ipv4=10.57.100.3 +vpn-tinc.ipv4=10.57.100.3 +vpn-tinc.ipv6=fd68:1057:1992:3381:0:3317:0:2 diff --git a/hosts.d/caeghi.tyil.net b/hosts.d/caeghi.tyil.net index 652652e..35c70c3 100644 --- a/hosts.d/caeghi.tyil.net +++ b/hosts.d/caeghi.tyil.net @@ -5,4 +5,5 @@ bashtard.backup.fs.paths.3=/var/lib/mumble-server bashtard.backup.repositories.1=rsync.net:{fqdn} bashtard.ssh.host=10.57.20.2 meta.provider=hetzner -vpn.ipv4=10.57.20.2 +vpn-tinc.ipv4=10.57.20.2 +vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:0:1 diff --git a/hosts.d/denahnu.tyil.net b/hosts.d/denahnu.tyil.net deleted file mode 100644 index c9312f3..0000000 --- a/hosts.d/denahnu.tyil.net +++ /dev/null @@ -1,7 +0,0 @@ -bashtard.backup.borg.remote_paths.1=borg1 -bashtard.backup.fs.paths.1=/usr/home -bashtard.backup.fs.paths.2=/usr/local/etc -bashtard.backup.repositories.1=rsync.net:{fqdn} -bashtard.ssh.host=10.57.20.4 -meta.provider=arubacloud -vpn.ipv4=10.57.20.4 diff --git a/hosts.d/edephas.tyil.net b/hosts.d/edephas.tyil.net index 9654d2b..75197a4 100644 --- a/hosts.d/edephas.tyil.net +++ b/hosts.d/edephas.tyil.net @@ -1,31 +1,12 @@ bashtard.backup.borg.remote_paths.rsync=borg1 bashtard.backup.db.postgresql.user=postgres -bashtard.backup.elements.1=database_postgres +bashtard.backup.elements.1=database_postgresql bashtard.backup.fs.paths.1=/home/tyil bashtard.backup.fs.paths.2=/home/tyil/.local/git bashtard.backup.fs.paths.3=/var/www/* bashtard.backup.repositories.edephas=/var/media/backups/{fqdn} bashtard.backup.repositories.rsync=rsync.net:{fqdn} bashtard.ssh.host=10.57.100.7 -git.repos.bashtard.description=Configuration Management System in Bash -git.repos.blog.description=The source files to my blog, www.tyil.nl -git.repos.dotfiles.description=My user-level configuration files, use with caution! -git.repos.helm/invidious.description=Helm chart to deploy Invidious -git.repos.helm/nitter.description=Helm chart to deploy Nitter -git.repos.raku/config-parser-toml.description=TOML parser for Config -git.repos.raku/config-parser-yaml.description=YAML parser for Config -git.repos.raku/config.description=Extensible library for reading and writing configuration files in the Raku programming language -git.repos.raku/hash-merge.description=Raku module for deep merging of Hashes -git.repos.raku/io-path-xdg.description=Convenience functions for working with the XDG Base Directory Specification in the Raku programming language -git.repos.raku/irc-client.description=Sources for the IRC::Client module for the Raku programming language -git.repos.raku/irc-grammar.description=Grammar to parse IRC messages -git.repos.raku/log-colored.description=A Log implementation with colored output -git.repos.raku/log-json.description=A Log implementation with JSON formatted output -git.repos.raku/log-simple.description=A simple implementation of the Log library for the Raku programming language -git.repos.raku/log.description=An interface for logging mechanisms in the Raku programming language -git.repos.raku/string-fold.description=Fold strings to a certain length -git.repos.raku/url.description=A Raku library to handle URLs -git.repos.rakudo-star.description=User-friendly distribution of the Raku programming language -git.repos.tyilnet.description=Configuration for machines in my personal network meta.provider=self -vpn.ipv4=10.57.100.7 +vpn-tinc.ipv4=10.57.100.7 +vpn-tinc.ipv6=fd68:1057:1992:3381:0:3317:0:1 diff --git a/hosts.d/faiwoo.tyil.net b/hosts.d/faiwoo.tyil.net index e825963..27a007f 100644 --- a/hosts.d/faiwoo.tyil.net +++ b/hosts.d/faiwoo.tyil.net @@ -1,7 +1,12 @@ bashtard.backup.borg.remote_paths.1=borg1 bashtard.backup.fs.paths.1=/home bashtard.backup.fs.paths.2=/var/www +bashtard.backup.fs.paths.3=/etc bashtard.backup.repositories.1=rsync.net:{fqdn} bashtard.ssh.host=10.57.20.5 meta.provider=hetzner -vpn.ipv4=10.57.20.5 +vpn-tinc.ipv4=10.57.20.5 +vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:1:2 +vpn-wireguard.endpoint=2a01:4f9:c010:e20c::1 +vpn-wireguard.ipv4=10.58.1.2 +vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:1:2 diff --git a/hosts.d/gaeru.tyil.net b/hosts.d/gaeru.tyil.net index b895fa0..e3fc506 100644 --- a/hosts.d/gaeru.tyil.net +++ b/hosts.d/gaeru.tyil.net @@ -1,3 +1,8 @@ +bashtard.backup.borg.remote_paths.1=borg1 +bashtard.backup.fs.paths.1=/etc +bashtard.backup.fs.paths.2=/home +bashtard.backup.repositories.1=rsync.net:{fqdn} bashtard.ssh.host=10.57.20.6 -meta.provider=hetzner -vpn.ipv4=10.57.20.6 +meta.provider=leaseweb +vpn-tinc.ipv4=10.57.20.6 +vpn-tinc.ipv6=fd68:1057:1992:3381:0:2:0:1 diff --git a/hosts.d/hurzak.tyil.net b/hosts.d/hurzak.tyil.net deleted file mode 100644 index 2731515..0000000 --- a/hosts.d/hurzak.tyil.net +++ /dev/null @@ -1,7 +0,0 @@ -bashtard.backup.borg.remote_paths.1=borg1 -bashtard.backup.fs.paths.1=/etc -bashtard.backup.fs.paths.2=/home -bashtard.backup.repositories.1=rsync.net:{fqdn} -bashtard.ssh.host=10.57.20.7 -meta.provider=leaseweb -vpn.ipv4=10.57.20.7 diff --git a/hosts.d/ivdea.tyil.net b/hosts.d/ivdea.tyil.net deleted file mode 100644 index 826ab5a..0000000 --- a/hosts.d/ivdea.tyil.net +++ /dev/null @@ -1,6 +0,0 @@ -bashtard.backup.borg.remote_paths.1=borg1 -bashtard.backup.fs.paths.1=/etc -bashtard.backup.fs.paths.2=/home/tyil -bashtard.ssh.host=10.57.100.8 -meta.provider=self -vpn.ipv4=10.57.100.8 diff --git a/hosts.d/jaomox.tyil.net b/hosts.d/jaomox.tyil.net index e7901ef..3aed991 100644 --- a/hosts.d/jaomox.tyil.net +++ b/hosts.d/jaomox.tyil.net @@ -1,6 +1,29 @@ bashtard.backup.borg.remote_paths.1=borg1 bashtard.backup.fs.paths.1=/etc bashtard.backup.fs.paths.2=/home/tyil +bashtard.backup.repositories.1=rsync.net:{fqdn} bashtard.ssh.host=10.57.21.1 -meta.provider=self -vpn.ipv4=10.57.21.1 +meta.provider=oneprovider +nftables.input.rules.seaweedfs-filer.policy=accept +nftables.input.rules.seaweedfs-filer.port=8888 +nftables.input.rules.seaweedfs-filer.proto=tcp +nftables.input.rules.seaweedfs-master.policy=accept +nftables.input.rules.seaweedfs-master.port=9333 +nftables.input.rules.seaweedfs-master.proto=tcp +nftables.input.rules.seaweedfs-s3.policy=accept +nftables.input.rules.seaweedfs-s3.port=8333 +nftables.input.rules.seaweedfs-s3.proto=tcp +nftables.input.rules.seaweedfs-volume-0.policy=accept +nftables.input.rules.seaweedfs-volume-0.port=8080 +nftables.input.rules.seaweedfs-volume-0.proto=tcp +seaweedfs-filer.ip&=vpn-wireguard.ipv6 +seaweedfs-master.ip&=vpn-wireguard.ipv6 +seaweedfs-volume.ip&=vpn-wireguard.ipv6 +seaweedfs-volume.dc&=meta.provider +seaweedfs-volume.rack=amsterdam +seaweedfs-volume.volumes.0.port=8080 +vpn-tinc.ipv4=10.57.21.1 +vpn-tinc.ipv6=fd68:1057:1992:3381:0:3:3:1 +vpn-wireguard.endpoint=163.172.218.246 +vpn-wireguard.ipv4=10.58.3.1 +vpn-wireguard.ipv6=fd68:1058:1992:3381:0:3:3:1 diff --git a/hosts.d/krohxe.tyil.net b/hosts.d/krohxe.tyil.net deleted file mode 100644 index e705492..0000000 --- a/hosts.d/krohxe.tyil.net +++ /dev/null @@ -1,2 +0,0 @@ -meta.provider=self -vpn.ipv4=10.57.20.8 diff --git a/hosts.d/ludifah.tyil.net b/hosts.d/ludifah.tyil.net new file mode 100644 index 0000000..810bf8d --- /dev/null +++ b/hosts.d/ludifah.tyil.net @@ -0,0 +1,8 @@ +bashtard.backup.borg.remote_paths.1=borg1 +bashtard.backup.fs.paths.1=/etc +bashtard.backup.fs.paths.2=/home/tyil +bashtard.backup.repositories.1=rsync.net:{fqdn} +bashtard.ssh.host=10.57.100.9 +meta.provider=self +vpn-tinc.ipv4=10.57.100.9 +vpn-tinc.ipv6=fd68:1057:1992:3381:0:3317:0:4 diff --git a/hosts.d/mieshu.tyil.net b/hosts.d/mieshu.tyil.net new file mode 100644 index 0000000..701dc57 --- /dev/null +++ b/hosts.d/mieshu.tyil.net @@ -0,0 +1,36 @@ +bashtard.ssh.host=10.57.101.10 +git.repodir=/mnt/pool/git +git.repos.bashtard.description=Configuration Management System in Bash +git.repos.bashtard/k3s-master.description=A Bashtard playbook to set up k3s on a single-node +git.repos.bashtard/vpn-tinc.description=A Bashtard playbook for configuring tinc +git.repos.bashtard/www-static.description=A Bashtard playbook for generating static websites +git.repos.blog.description=The source files to my blog, www.tyil.nl +git.repos.dotfiles.description=My user-level configuration files, use with caution! +git.repos.helm/invidious.description=Helm chart to deploy Invidious +git.repos.helm/nitter.description=Helm chart to deploy Nitter +git.repos.kubernetes/nfs-operator.description=An operator for Kubernetes to provision NFS mounts for PVC resources +git.repos.raku/config.description=Extensible library for reading and writing configuration files in the Raku programming language +git.repos.raku/config-parser-toml.description=TOML parser for Config +git.repos.raku/config-parser-yaml.description=YAML parser for Config +git.repos.rakudo-star.description=User-friendly distribution of the Raku programming language +git.repos.raku/hash-merge.description=Raku module for deep merging of Hashes +git.repos.raku/io-path-xdg.description=Convenience functions for working with the XDG Base Directory Specification in the Raku programming language +git.repos.raku/irc-client.description=Sources for the IRC::Client module for the Raku programming language +git.repos.raku/irc-grammar.description=Grammar to parse IRC messages +git.repos.raku/log-colored.description=A Log implementation with colored output +git.repos.raku/log.description=An interface for logging mechanisms in the Raku programming language +git.repos.raku/log-json.description=A Log implementation with JSON formatted output +git.repos.raku/log-simple.description=A simple implementation of the Log library for the Raku programming language +git.repos.raku/string-fold.description=Fold strings to a certain length +git.repos.raku/url.description=A Raku library to handle URLs +git.repos.tyilnet.description=Configuration for machines in my personal network +git.repos.vim/camelcasemotion.description=A plugin for vim to make motions stop at camelCase or snake_case boundaries +k3s-node.role=server +meta.provider=self +nfs-server.exports./mnt/exports/invidious.fsid=97d3493c-1397-479f-bb8a-5c71833b9e17 +nfs-server.exports./mnt/exports/prometheus.fsid=052f42b5-33c0-40b9-aa69-d05dc03a9fa1 +vpn-tinc.ipv4=10.57.101.10 +vpn-tinc.ipv6=fd68:1057:1992:3381:0:3317:3:1 +vpn-wireguard.endpoint=2a10:3781:2453:1:7aaf:8ff:fe7a:9ba8 +vpn-wireguard.ipv4=10.58.3.2 +vpn-wireguard.ipv6=fd68:1058:1992:3381:0:3:3317:2 diff --git a/hosts.d/nouki.tyil.net b/hosts.d/nouki.tyil.net new file mode 100644 index 0000000..d931892 --- /dev/null +++ b/hosts.d/nouki.tyil.net @@ -0,0 +1,8 @@ +bashtard.ssh.host=10.57.101.20 +k3s-node.role=server +meta.provider=self +vpn-tinc.ipv4=10.57.101.20 +vpn-tinc.ipv6=fd68:1057:1992:3381:0:3317:2:1 +vpn-wireguard.endpoint=2a10:3781:2453:1:c8cb:d1a:bc0:dc38 +vpn-wireguard.ipv4=10.58.2.1 +vpn-wireguard.ipv6=fd68:1058:1992:3381:0:2:3317:1 diff --git a/hosts.d/oolah.tyil.net b/hosts.d/oolah.tyil.net new file mode 100644 index 0000000..d9800bf --- /dev/null +++ b/hosts.d/oolah.tyil.net @@ -0,0 +1,7 @@ +bashtard.ssh.host=10.57.101.1 +k3s-master.manifest-prefix=tyilnet +k3s-node.role=server +k3s-node.entry.host=10.57.101.20 +meta.provider=self +vpn-tinc.ipv4=10.57.101.1 +vpn-tinc.ipv6=fd68:1057:1992:3381:0:3317:1:1 diff --git a/hosts.d/plarabe.tyil.net b/hosts.d/plarabe.tyil.net new file mode 100644 index 0000000..8a8ef11 --- /dev/null +++ b/hosts.d/plarabe.tyil.net @@ -0,0 +1,4 @@ +bashtard.ssh.host=10.57.100.10 +meta.provider=self +vpn-tinc.ipv4=10.57.100.10 +vpn-tinc.ipv6=fd68:1057:1992:3381:0:3317:0:3 diff --git a/hosts.d/qohrei.tyil.net b/hosts.d/qohrei.tyil.net new file mode 100644 index 0000000..536b51f --- /dev/null +++ b/hosts.d/qohrei.tyil.net @@ -0,0 +1,18 @@ +k8s-master.flags.apiserver-advertise-address&=vpn-wireguard.ipv6 +meta.provider=hetzner +nftables.input.interfaces.cilium*.policy=accept +nftables.input.interfaces.lxc*.policy=accept +nftables.input.rules.etcd.policy=accept +nftables.input.rules.etcd.port=2379-2381 +nftables.input.rules.etcd.proto=tcp +nftables.input.rules.kubeapi.policy=accept +nftables.input.rules.kubeapi.port=6443 +nftables.input.rules.kubeapi.proto=tcp +nftables.input.rules.kubelet.policy=accept +nftables.input.rules.kubelet.port=10250 +nftables.input.rules.kubelet.proto=tcp +vpn-tinc.ipv4=10.57.250.250 +vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:1:1 +vpn-wireguard.endpoint=2a01:4f9:c012:6273::1 +vpn-wireguard.ipv4=10.58.1.1 +vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:1:1 diff --git a/hosts.d/ricui.tyil.net b/hosts.d/ricui.tyil.net new file mode 100644 index 0000000..3100c45 --- /dev/null +++ b/hosts.d/ricui.tyil.net @@ -0,0 +1,11 @@ +meta.provider=hetzner +nftables.input.interfaces.cilium*.policy=accept +nftables.input.interfaces.lxc*.policy=accept +nftables.input.rules.kubelet.policy=accept +nftables.input.rules.kubelet.port=10250 +nftables.input.rules.kubelet.proto=tcp +vpn-tinc.ipv4=10.57.20.7 +vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:1:3 +vpn-wireguard.endpoint=2a01:4f8:1c1b:67d7::1 +vpn-wireguard.ipv4=10.58.1.3 +vpn-wireguard.ipv6=fd68:1058:1992:3381:0:1:1:3 diff --git a/playbooks.d/remotes b/os.d/linux-alpine_linux index e69de29..e69de29 100644 --- a/playbooks.d/remotes +++ b/os.d/linux-alpine_linux diff --git a/os.d/linux-debian_gnu_linux b/os.d/linux-debian_gnu_linux index e69de29..b0d8bb7 100644 --- a/os.d/linux-debian_gnu_linux +++ b/os.d/linux-debian_gnu_linux @@ -0,0 +1 @@ +pkg.borg=borgbackup diff --git a/playbooks.d/dns-dnsmasq/description.txt b/playbooks.d/dns-dnsmasq/description.txt deleted file mode 100644 index 0c12e3a..0000000 --- a/playbooks.d/dns-dnsmasq/description.txt +++ /dev/null @@ -1 +0,0 @@ -Local DNS resolver with dnsmasq diff --git a/playbooks.d/dns-dnsmasq/etc/defaults b/playbooks.d/dns-dnsmasq/etc/defaults deleted file mode 100644 index 4d3305a..0000000 --- a/playbooks.d/dns-dnsmasq/etc/defaults +++ /dev/null @@ -1,6 +0,0 @@ -pkg.dnsmasq=dnsmasq -svc.dnsmasq=dnsmasq - -dns.port=53 -dns.host=127.0.0.1 -dns.domain=localhost diff --git a/playbooks.d/dns-dnsmasq/etc/os.d/linux-gentoo b/playbooks.d/dns-dnsmasq/etc/os.d/linux-gentoo deleted file mode 100644 index 2aec434..0000000 --- a/playbooks.d/dns-dnsmasq/etc/os.d/linux-gentoo +++ /dev/null @@ -1 +0,0 @@ -pkg.dnsmasq=net-dns/dnsmasq diff --git a/playbooks.d/dns-dnsmasq/playbook.bash b/playbooks.d/dns-dnsmasq/playbook.bash deleted file mode 100644 index f4be8cd..0000000 --- a/playbooks.d/dns-dnsmasq/playbook.bash +++ /dev/null @@ -1,48 +0,0 @@ -#!/usr/bin/env bash - -playbook_add() { - info "$BASHTARD_PLAYBOOK" "Installing packages" - pkg install dnsmasq - - playbook_sync - - info "$BASHTARD_PLAYBOOK" "Enabling services" - svc enable dnsmasq - svc start dnsmasq -} - -playbook_sync() { - mkdir -pv -- "$(config "fs.etcdir")/dnsmasq.d" - - info "$BASHTARD_PLAYBOOK" "Writing config" - file_template "dnsmasq.conf" \ - "host=$(config "dns.host")" \ - "port=$(config "dns.port")" \ - "domain=$(config "dns.domain")" \ - "confd=$(config "fs.etcdir")/dnsmasq.d" \ - > "$(config "fs.etcdir")/dnsmasq.conf" - - while read -r key - do - printf "server=%s\n" "$(config "dns.upstream.$key")" - done < <(config_subkeys "dns.upstream") > "$(config "fs.etcdir")/dnsmasq.d/servers.conf" - - while read -r key - do - printf "address=/$(config "dns.address.$key" | sed s@:@/@)\n" - done < <(config_subkeys "dns.address") > "$(config "fs.etcdir")/dnsmasq.d/addresses.conf" - - [[ "$BASHTARD_COMMAND" == "add" ]] && return - - info "$BASHTARD_PLAYBOOK" "Restarting services" - svc restart dnsmasq -} - -playbook_del() { - info "$BASHTARD_PLAYBOOK" "Disabling services" - svc stop dnsmasq - svc disable dnsmasq - - info "$BASHTARD_PLAYBOOK" "Uninstalling packages" - pkg uninstall dnsmasq -} diff --git a/playbooks.d/dns-dnsmasq/share/dnsmasq.conf b/playbooks.d/dns-dnsmasq/share/dnsmasq.conf deleted file mode 100644 index 4fe090c..0000000 --- a/playbooks.d/dns-dnsmasq/share/dnsmasq.conf +++ /dev/null @@ -1,14 +0,0 @@ -# Binding -listen-address=${host} -port=${port} -bind-interfaces - -# Local domain -domain=${domain} - -# Upstream DNS Servers -no-resolv -conf-file=${confd}/servers.conf - -# Addresses -conf-file=${confd}/addresses.conf diff --git a/playbooks.d/etc-nixos/description.txt b/playbooks.d/etc-nixos/description.txt new file mode 100644 index 0000000..8d90523 --- /dev/null +++ b/playbooks.d/etc-nixos/description.txt @@ -0,0 +1 @@ +A symlinked directory to keep its content synced through Bashtard diff --git a/playbooks.d/etc-nixos/playbook.bash b/playbooks.d/etc-nixos/playbook.bash new file mode 100644 index 0000000..3140bb3 --- /dev/null +++ b/playbooks.d/etc-nixos/playbook.bash @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +# shellcheck disable=SC2034 + +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.path]="required" + +playbook_add() { + mkdir -pv -- "$(dirname "$(config "$BASHTARD_PLAYBOOK.path")")" + ln -sv -- "$(playbook_path "data")" "$(config "$BASHTARD_PLAYBOOK.path")" +} + +playbook_sync() { + :; +} + +playbook_del() { + rm -- "$(config "$BASHTARD_PLAYBOOK.path")" +} diff --git a/playbooks.d/etc-portage/description.txt b/playbooks.d/etc-portage/description.txt new file mode 100644 index 0000000..8d90523 --- /dev/null +++ b/playbooks.d/etc-portage/description.txt @@ -0,0 +1 @@ +A symlinked directory to keep its content synced through Bashtard diff --git a/playbooks.d/etc-portage/playbook.bash b/playbooks.d/etc-portage/playbook.bash new file mode 100644 index 0000000..3140bb3 --- /dev/null +++ b/playbooks.d/etc-portage/playbook.bash @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +# shellcheck disable=SC2034 + +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.path]="required" + +playbook_add() { + mkdir -pv -- "$(dirname "$(config "$BASHTARD_PLAYBOOK.path")")" + ln -sv -- "$(playbook_path "data")" "$(config "$BASHTARD_PLAYBOOK.path")" +} + +playbook_sync() { + :; +} + +playbook_del() { + rm -- "$(config "$BASHTARD_PLAYBOOK.path")" +} diff --git a/playbooks.d/git-server/playbook.bash b/playbooks.d/git-server/playbook.bash index f1b8287..74eda61 100644 --- a/playbooks.d/git-server/playbook.bash +++ b/playbooks.d/git-server/playbook.bash @@ -32,7 +32,7 @@ playbook_sync() { while read -r repo do local name="$(config "git.repos.$repo.name" "$repo")" - local path="$(config "git.repodir")/$(config "git.repos.$repo.path" "$name")" + local path="$(config "git.repodir")/$(config "git.repos.$repo.path" "$name").git" info "$BASHTARD_PLAYBOOK" "Ensuring $name exists ($repo)" diff --git a/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub deleted file mode 100644 index e1d7ab3..0000000 --- a/playbooks.d/git-server/share/pubkeys.d/root@bast-ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICk/6jLojpp5Jaum8C1trxqtZuLd/GJH8sh0SB/Z/y9J root@bast diff --git a/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub index 3056a3d..fe3c6a7 100644 --- a/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub +++ b/playbooks.d/git-server/share/pubkeys.d/root@gaeru-ed25519.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICj0hW49y+AGuMN2D672I5K6ZVLPVZLCsd+2MIat54nP root@gaeru.tyil.net +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmqoy/OXsmmNpxEN/xISbHwDFt2u8f3HmGIvS2CASHm root@gaeru.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub new file mode 100644 index 0000000..0faf439 --- /dev/null +++ b/playbooks.d/git-server/share/pubkeys.d/root@mieshu-ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJLcXzcOPEYQWEARFgPpZCq2NZhTBWTsIezd4Mrkt0PY root@mieshu.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub new file mode 100644 index 0000000..a19b34e --- /dev/null +++ b/playbooks.d/git-server/share/pubkeys.d/root@nouki-ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh9xYBxb5n2N20Dj03lsij32UkPJ27EMQ/6VdKhjWVJ root@nouki.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub new file mode 100644 index 0000000..d4c3c0d --- /dev/null +++ b/playbooks.d/git-server/share/pubkeys.d/root@oolah-ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII6oh68n5HXeK45YaNnQC0mHufB/bUgsEyE500OW40B1 root@oolah.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub index aea0daa..f1b7158 100644 --- a/playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub +++ b/playbooks.d/git-server/share/pubkeys.d/tyil@anoia-ed25519.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLpn3Tny1LSWaLeIDmdAkZZoAajSJN9CQvfFdgLFfsK tyil@anoia.tyil.net +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtUkeSiwk+1UnMfy8Z53cQkKTlBBFZXUuDiXfPcalHj tyil@anoia diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub deleted file mode 100644 index 00e492d..0000000 --- a/playbooks.d/git-server/share/pubkeys.d/tyil@bast-ed25519.pub +++ /dev/null @@ -1,5 +0,0 @@ -<<<<<<< HEAD -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAXhPa+EGS4NySl0YqG38xGEab6uqdimseqq4tlLWyV4 tyil@bast.tyil.net -======= -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILE1+6HjG3XvLQDHLwnFzq78SEsPTNa8Wu6+inmTMqu7 tyil@bast ->>>>>>> d8b0063 (Update pubkey for tyil@bast) diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub new file mode 100644 index 0000000..d5632d9 --- /dev/null +++ b/playbooks.d/git-server/share/pubkeys.d/tyil@gaeru-ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ94ffGPvEb/Hi2B2XSaYjKpMiV93fzGLe0QUlXRJb1L tyil@gaeru.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub deleted file mode 100644 index 834bcd2..0000000 --- a/playbooks.d/git-server/share/pubkeys.d/tyil@ivdea-ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+Ki28DBM3A8QUpxbAlZx2x111+rhn8JPcec67y9xi/ tyil@ivdea.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub new file mode 100644 index 0000000..e3503e7 --- /dev/null +++ b/playbooks.d/git-server/share/pubkeys.d/tyil@ludifah-ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIVPGs2LkDvdkMzwR1Crk8OblMQD2snClUuIcYgUYcu4 tyil@ludifah.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub new file mode 100644 index 0000000..a70b37c --- /dev/null +++ b/playbooks.d/git-server/share/pubkeys.d/tyil@mieshu-ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFqLhjoIYRZmkD9sv1l1c03x6EpkadjfrGJ+4gqgkmp5 tyil@mieshu.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub new file mode 100644 index 0000000..52f292a --- /dev/null +++ b/playbooks.d/git-server/share/pubkeys.d/tyil@nouki-ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNztf75LVF+UvoIDyduHfynZupdC+9g7RaIs6cGgmCa tyil@nouki.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub new file mode 100644 index 0000000..dabadac --- /dev/null +++ b/playbooks.d/git-server/share/pubkeys.d/tyil@oolah-ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkjrJ6agLK5Bdg2Y5B+88XDbP5UsQyvdUbd3LrOVmjI tyil@oolah.tyil.net diff --git a/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub b/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub deleted file mode 100644 index 1b8d9e6..0000000 --- a/playbooks.d/git-server/share/pubkeys.d/tyil@sessifet-rsa.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqntlHQ/3HHPUoNl7bpQ6pZIxZHnUAAIXTB5eBjDE0auJZE0Qz5HjUkqZNSb0SzoK9GgLLMH7yNMaYMSTRJguRARRTY3MpdQbrsMu5/8HbKZwxhy7jVRAODnIDO2b3A67ZOHQAazNZYlX873fVhDJHP3RPpYWJS1L2jyk6Z3euvg0duo4JolBEHzmuDi8mEhdNhjW54VM9CRofRrD2VBrnxbmH6LCQwVfuEiz7jVlyugKIiPtaX/9fSnwUVjpNVn0TA93FL0M6xypZFywORrAGLV9kuoQ/G0iVfXqH1A04OFzH1RGNq+oHfHWYZdE098SS+ur9E8+wXcIDBkkI37kF tyil@sessifet.tyil.net diff --git a/playbooks.d/k3s-master b/playbooks.d/k3s-master new file mode 160000 +Subproject 27d48e4dec3e2eee30d6000f16dc7eb8f67b85e diff --git a/playbooks.d/k3s-master/description.txt b/playbooks.d/k3s-master/description.txt deleted file mode 100644 index bf1fbab..0000000 --- a/playbooks.d/k3s-master/description.txt +++ /dev/null @@ -1 +0,0 @@ -Playbook for a k3s node diff --git a/playbooks.d/k3s-master/etc/defaults b/playbooks.d/k3s-master/etc/defaults deleted file mode 100644 index eab4aee..0000000 --- a/playbooks.d/k3s-master/etc/defaults +++ /dev/null @@ -1,8 +0,0 @@ -pkg.k3s=k3s -pkg.helm=helm - -k3s.domain=cluster.local -k3s.network.cidr.pods=172.19.0.0/16 -k3s.network.cidr.svcs=172.20.0.0/16 -k3s.network.service.dns=172.20.0.53 -k3s.flux.repo.branch=master diff --git a/playbooks.d/k3s-master/etc/os.d/linux-gentoo b/playbooks.d/k3s-master/etc/os.d/linux-gentoo deleted file mode 100644 index 4aaaabf..0000000 --- a/playbooks.d/k3s-master/etc/os.d/linux-gentoo +++ /dev/null @@ -1,2 +0,0 @@ -pkg.k3s=sys-cluster/k3s -pkg.helm=app-admin/helm diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/kustomization.yaml deleted file mode 100644 index c5b9583..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- media -- personal-services -- public-services -- servarr -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/deployment.yaml deleted file mode 100644 index 9e5acd9..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/deployment.yaml +++ /dev/null @@ -1,77 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dirlist - namespace: media -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: dirlist - app.kubernetes.io/part-of: media - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: dirlist - app.kubernetes.io/part-of: media - spec: - containers: - - name: miniserve - image: docker.io/svenstaro/miniserve:latest - args: - - "--enable-tar-gz" - - "--qrcode" - - "--enable-tar" - - "/var/www" - ports: - - containerPort: 8080 - volumeMounts: - - name: anime-movies - mountPath: /var/www/anime-movies - readOnly: true - - name: anime-series - mountPath: /var/www/anime-series - readOnly: true - - name: books - mountPath: /var/www/books - readOnly: true - - name: movies - mountPath: /var/www/movies - readOnly: true - - name: music - mountPath: /var/www/music - readOnly: true - - name: series - mountPath: /var/www/series - readOnly: true - volumes: - - name: anime-movies - hostPath: - type: Directory - path: /mnt/media/anime-movies/exported - - name: anime-series - hostPath: - type: Directory - path: /mnt/media/anime-series/exported - - name: books - hostPath: - type: Directory - path: /mnt/media/books/exported - - name: movies - hostPath: - type: Directory - path: /mnt/media/movies/exported - - name: music - hostPath: - type: Directory - path: /mnt/media/music/exported - - name: series - hostPath: - type: Directory - path: /mnt/media/series/exported -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/ingress.yaml deleted file mode 100644 index 4a87af7..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/ingress.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: dirlist - namespace: media - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: dirlist - app.kubernetes.io/part-of: media -spec: - ingressClassName: "nginx" - rules: - - host: media.tyil.nl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: dirlist - port: - number: 80 -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/kustomization.yaml deleted file mode 100644 index 5ee3790..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/dirlist/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- ingress.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/kustomization.yaml deleted file mode 100644 index 8059d7b..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/media/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- dirlist -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/kustomization.yaml deleted file mode 100644 index 5674eec..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- nextcloud -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/kustomization.yaml deleted file mode 100644 index 9708886..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- release.yaml -- secret.yaml -- volume.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/release.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/release.yaml deleted file mode 100644 index daef587..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/release.yaml +++ /dev/null @@ -1,48 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: nextcloud - namespace: personal-services -spec: - interval: 5m - chart: - spec: - chart: nextcloud - version: 3.1.2 - sourceRef: - kind: HelmRepository - name: nextcloud - namespace: flux-system - interval: 1m - valuesFrom: - - kind: Secret - name: nextcloud-values - values: - ingress: - enabled: true - nextcloud: - host: cloud.tyil.nl - mail: - enabled: true - fromAddress: cloud - domain: tyil.nl - smtp: - host: tyil.email - secure: ssl - port: 456 - authtype: LOGIN - externalDatabase: - enabled: true - type: postgresql - host: 10.57.100.7 - database: nextcloud - cronjob: - enabled: true - metrics: - enabled: true - persistence: - nextcloudData: - enabled: true - existingClaim: nextcloud-data -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/secret.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/secret.yaml deleted file mode 100644 index c2f4953..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/personal-services/nextcloud/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: nextcloud-values - namespace: personal-services -spec: - encryptedData: - values.yaml: AgCdGVEMcUN0W5n2SRTsptx6vvPjf1kf2NBz0MMg4KAYLWikWJRfLqLHyy8axwuMWfMf+OyIllXVkdu3QisM51Z6Y4r2pBW+hpfMIk0Zo0l/0XhipOv3erVhrKBAOR2qPsp/bHBGIe76UNG0QYzGjrLjVDfG9Xk42tNQ+bMIn0uSvXF3Q0mNeL6GZehTijS7y/VG3kXd8HccoMTAcsPKXy442CrFwtv2i9FToJ6Rpz7vLu510/8odM1SARnA4mGRUm3dm1e9P/uUvX/MEML3pEkRgzBGnQEtJppDQ92zt9HOAJmsF96vy5KCtF0mbU7xDzoRsoVmHljLMrChQJTyis7d4meA364s61BmG2VMBSEFargqPeWu95/Ts6GM2fe4vyt57x+lW8vGq51pDnSIUl9aF0wi4inEmvYybYf9njCLjqMCG/hRdqBtnUJWlXUxzDfN9iQU5k+49DYWJf9x47ShOOQjO4p6idBuBPe62Ct33fYVEvxTF/yN3a3nB0ntndNzs2wcl+xCJ5iNCAjtZ3cTEPBGa45b5PYffJJcPCSpI+xx7Lxule+qVR1VUn8Q0ieRQ/PjwFA68DHEqDqKd/RvzKAEvvwYzd1ONd5pwGYn5XaczrQcR4wjRZRrcM2Rsr+hcdur+zPNhflrcvRACipNk3Jye2kqwZGgltq7/ftGyPBP+MH68MjWM7GtQWnzhyEjmHNYBQB3DFwPRE3jdN9MlfpXgc/MCUc5tKLfuqo9Skiajefx1pC6U7bS0vPPSm8vWBf+wekgdI3zW0hWdN0DDuatuGYrcbZYmezebz8zr/Pa6IOtJ73pzdK9K/obUt0Vkuy4/uLsC7WqyRwYRHT6ZU4rggeae8RNyMmhuUjZOFezwNL71AZrilh/I05xF8jvdRqLZXlRmZFDBj9/7qm30cHBU436FTbxmbB2YIl3NjXa9x47IgmDKjaNL9Als4fEZ6dfE5j6W7EkcgPLdMXK+G1S/F6aK08IA5n1QecPISDwpaIO44FK2yJz5+K/i6cb - template: - data: null - metadata: - creationTimestamp: null - name: nextcloud-values - namespace: personal-services - type: Opaque - diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/kustomization.yaml deleted file mode 100644 index ab637fe..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- release.yaml -- values.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/release.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/release.yaml deleted file mode 100644 index 3664202..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/release.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: invidious - namespace: public-services -spec: - interval: 5m - chart: - spec: - chart: . - version: 2.0.2 - sourceRef: - kind: GitRepository - name: tyil-helm-invidious - namespace: flux-system - interval: 1m - valuesFrom: - - name: invidious-config - kind: Secret - values: - replicaCount: 1 - ingress: - enabled: true - className: nginx - hosts: - - host: youtube.alt.tyil.nl - paths: - - path: / - config: - channel_threads: 1 - db: - user: invidious - host: 10.57.100.7 - port: 5432 - dbname: invidious - domain: youtube.alt.tyil.nl - feed_threads: 1 - full_refresh: false - https_only: true -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/values.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/values.yaml deleted file mode 100644 index 78c730f..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/invidious/values.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: invidious-config - namespace: public-services -spec: - encryptedData: - values.yaml: AgCuc3T5kWhkGE1FWFLcuq3psNmphDVhAV/20KVnCVyvdmE6doLsPB77LU9y4hmGBRBsrVaN7jk7ZyeYgHE6oO56eX+9f60iz0Brx8LQQNIhGjuXDsjMWY3k6pWecgaWqcMSN05RNJ5C1c2g2zjUjr1TSuuvxibaVBWC34WRlIpO3xjzxJkW9XbJ6b/HyfCa+qu9pKT050Shx4CfHNGLUSzeOHktllGrdiizbjzU08DJFz5MVwZT2u4oEDYVKyAjF3at/61f/5u5ge7BmR0fR0vgM3Nd41oOX1frbHEjqwZmWT1Pbzm7MlYWmzMx7VC+lh7xepSKvmK2Xv6xMwOgXZErgE5v/VO0bVBzbpT/i623Av4ttmpmJNBRHV5Zhsi+fW/Cm0r2Y/e4ZRxd5XP4NqAkYrfwbSXsVFpN//ioZbeDdAK7u4ItfMWXUhOvg2ioxPBUwpUyFQpJ3r5zHCHKIdSQzramnTuA71R9s/z4O7AQGiv+xtUESFJPxiAn6q264yntI+NXM4dc7rw2gaTzan3uKKIdP6sXNTsH0VoYuPX4nNAkJXAk6vsnbJUUhDX4ZFcYwKtfCwbRMO2fXsRtrlvWEZhxnzYQVaV0T8gynzqRBvgy4AafIt4CRHXyQ7NnwlXxU3E3IwcuQ4YUjGqo0eiWzpYCxSEBLXavdqe74v/X/Gb/mrdaSPfKwzPO1YK9cQeaoGbQIN5THFo5rVxl3U3lfIMi4q7zcwaDBIPIaom4lkO8UWn4DWY/g5Lsz0bHLJXkT1wKBMr1m7Gbk+M1kgkVZy/7AeYiTVCuM47mAo09cauEn8T9XxwhQQ== - template: - data: null - metadata: - creationTimestamp: null - name: invidious-config - namespace: public-services - type: Opaque - diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/kustomization.yaml deleted file mode 100644 index 3ce6c98..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- invidious -- nitter -- omgur -- searx -- teddit -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/nitter/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/nitter/kustomization.yaml deleted file mode 100644 index 3c7eaaa..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/nitter/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- release.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/nitter/release.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/nitter/release.yaml deleted file mode 100644 index 80a11ca..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/nitter/release.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: nitter - namespace: public-services -spec: - interval: 5m - chart: - spec: - chart: . - version: 0.1.0 - sourceRef: - kind: GitRepository - name: tyil-helm-nitter - namespace: flux-system - interval: 1m - values: - replicaCount: 1 - ingress: - enabled: true - className: nginx - hosts: - - host: twitter.alt.tyil.nl - paths: - - path: / - redis: - host: 10.57.100.7 - urlReplacements: - twitter: twitter.alt.tyil.nl - youtube: yewtu.be - reddit: reddit.alt.tyil.nl -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/deployment.yaml deleted file mode 100644 index a4647dd..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/deployment.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: omgur - namespace: public-services -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: omgur - app.kubernetes.io/part-of: public-services - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: omgur - app.kubernetes.io/part-of: public-services - spec: - containers: - - name: omgur - image: registry.gitlab.com/geraldwuhoo/omgur:latest - ports: - - containerPort: 8080 - env: - - name: REDIS_HOST - value: "10.57.100.7" -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/ingress.yaml deleted file mode 100644 index ca92947..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/ingress.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: omgur - namespace: public-services - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: omgur - app.kubernetes.io/part-of: public-services -spec: - ingressClassName: "nginx" - rules: - - host: imgur.alt.tyil.nl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: omgur - port: - number: 80 -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/kustomization.yaml deleted file mode 100644 index 5ee3790..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/omgur/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- ingress.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/deployment.yaml deleted file mode 100644 index 7bfb6cc..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/deployment.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: searx - namespace: public-services -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: searx - app.kubernetes.io/part-of: public-services - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: searx - app.kubernetes.io/part-of: public-services - spec: - containers: - - name: searx - image: searx/searx:latest - ports: - - containerPort: 8080 - env: - - name: BIND_ADDRESS - value: "0.0.0.0:8080" - - name: BASE_URL - value: "https://searx.tyil.nl" - volumeMounts: - - name: srv - subPath: config - mountPath: /etc/searx - - name: filtron - image: dalf/filtron - args: [ - "-listen", "0.0.0.0:4040", - "-target", "searx:8080", - ] - ports: - - containerPort: 4040 - volumeMounts: - - name: srv - subPath: rules.json - mountPath: /etc/filtron/rules.json - volumes: - - name: srv - hostPath: - type: Directory - path: /srv/searx -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/ingress.yaml deleted file mode 100644 index fdbc6bf..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/ingress.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: searx - namespace: public-services - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: searx - app.kubernetes.io/part-of: public-services -spec: - ingressClassName: "nginx" - rules: - - host: searx.tyil.nl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: searx - port: - number: 80 -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/kustomization.yaml deleted file mode 100644 index 5ee3790..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/searx/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- ingress.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/deployment.yaml deleted file mode 100644 index 9542cde..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/deployment.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: teddit - namespace: public-services -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: teddit - app.kubernetes.io/part-of: public-services - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: teddit - app.kubernetes.io/part-of: public-services - spec: - containers: - - name: teddit - image: teddit/teddit:latest - ports: - - containerPort: 8080 - env: - - name: DOMAIN - value: "reddit.alt.tyil.nl" - - name: REDIS_DB - value: "1" - - name: REDIS_HOST - value: "10.57.100.7" - - name: TRUST_PROXY - value: "true" - - name: USE_HELMET - value: "true" - - name: USE_HELMET_HSTS - value: "true" -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/ingress.yaml deleted file mode 100644 index 55fc30a..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/ingress.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: teddit - namespace: public-services - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: teddit - app.kubernetes.io/part-of: public-services -spec: - ingressClassName: "nginx" - rules: - - host: reddit.alt.tyil.nl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: teddit - port: - number: 80 -... diff --git a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/kustomization.yaml deleted file mode 100644 index 5ee3790..0000000 --- a/playbooks.d/k3s-master/manifests/applications/edephas.tyil.net/public-services/teddit/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- ingress.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/kustomization.yaml deleted file mode 100644 index 8020a53..0000000 --- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- public-services -... diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/kustomization.yaml deleted file mode 100644 index 168bb15..0000000 --- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- searxng -... diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/deployment.yaml deleted file mode 100644 index f5f6064..0000000 --- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/deployment.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: searxng - namespace: public-services -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: searxng - app.kubernetes.io/part-of: searxng - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: searxng - app.kubernetes.io/part-of: searxng - spec: - containers: - - name: searxng - image: searxng/searxng:2022.08.01-7c9c1124 - ports: - - containerPort: 8080 - env: - - name: BASE_URL - value: https://searxng.tyil.nl -... diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/ingress.yaml deleted file mode 100644 index 8bd3d94..0000000 --- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/ingress.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: searxng - namespace: public-services - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-production" -spec: - ingressClassName: "nginx" - tls: - - hosts: - - searxng.tyil.nl - secretName: tls-nl.tyil.searxng - rules: - - host: searxng.tyil.nl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: searxng - port: - number: 80 -... diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/kustomization.yaml deleted file mode 100644 index e0ff25d..0000000 --- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- service.yaml -- ingress.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/service.yaml b/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/service.yaml deleted file mode 100644 index 23fb8ac..0000000 --- a/playbooks.d/k3s-master/manifests/applications/hurzak.tyil.net/public-services/searxng/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: searxng - namespace: public-services -spec: - selector: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: searxng - app.kubernetes.io/part-of: searxng - ports: - - protocol: TCP - port: 80 - targetPort: 8080 -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/deployment.yaml deleted file mode 100644 index 920b1f5..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/deployment.yaml +++ /dev/null @@ -1,77 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dirlist - namespace: media -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: dirlist - app.kubernetes.io/part-of: media - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: dirlist - app.kubernetes.io/part-of: media - spec: - containers: - - name: miniserve - image: docker.io/svenstaro/miniserve:latest - args: - - "--enable-tar-gz" - - "--qrcode" - - "--enable-tar" - - "/var/www" - ports: - - containerPort: 8080 - volumeMounts: - - name: anime-movies - mountPath: /var/www/anime-movies - readOnly: true - - name: anime-series - mountPath: /var/www/anime-series - readOnly: true - - name: books - mountPath: /var/www/books - readOnly: true - - name: movies - mountPath: /var/www/movies - readOnly: true - - name: music - mountPath: /var/www/music - readOnly: true - - name: series - mountPath: /var/www/series - readOnly: true - volumes: - - name: anime-movies - nfs: - server: 10.57.100.7 - path: /mnt/media/anime-movies/exported - - name: anime-series - nfs: - server: 10.57.100.7 - path: /mnt/media/anime-series/exported - - name: books - nfs: - server: 10.57.100.7 - path: /mnt/media/books/exported - - name: movies - nfs: - server: 10.57.100.7 - path: /mnt/media/movies/exported - - name: music - nfs: - server: 10.57.100.7 - path: /mnt/media/music/exported - - name: series - nfs: - server: 10.57.100.7 - path: /mnt/media/series/exported -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/ingress.yaml deleted file mode 100644 index 4a87af7..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/ingress.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: dirlist - namespace: media - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: dirlist - app.kubernetes.io/part-of: media -spec: - ingressClassName: "nginx" - rules: - - host: media.tyil.nl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: dirlist - port: - number: 80 -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/kustomization.yaml deleted file mode 100644 index 5ee3790..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/dirlist/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- ingress.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/kustomization.yaml deleted file mode 100644 index 8059d7b..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/media/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- dirlist -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/kustomization.yaml deleted file mode 100644 index ab637fe..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- release.yaml -- values.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/release.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/release.yaml deleted file mode 100644 index 3664202..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/release.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: invidious - namespace: public-services -spec: - interval: 5m - chart: - spec: - chart: . - version: 2.0.2 - sourceRef: - kind: GitRepository - name: tyil-helm-invidious - namespace: flux-system - interval: 1m - valuesFrom: - - name: invidious-config - kind: Secret - values: - replicaCount: 1 - ingress: - enabled: true - className: nginx - hosts: - - host: youtube.alt.tyil.nl - paths: - - path: / - config: - channel_threads: 1 - db: - user: invidious - host: 10.57.100.7 - port: 5432 - dbname: invidious - domain: youtube.alt.tyil.nl - feed_threads: 1 - full_refresh: false - https_only: true -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/values.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/values.yaml deleted file mode 100644 index 1db538b..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/invidious/values.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: invidious-config - namespace: public-services -spec: - encryptedData: - values.yaml: AgAPilCc/Cr7+x+lpKGQxINSPwCMyn6UomHo5GSszksUtU3GcUagAbtQCi8s8uOuk3lTdhQ7poGc0bQiPxoN1cWLyhe4yo5iQ2Ad+uNUDxp7crlWUVQb9fQr/wvveBsm2RV1JmhhIHSVEAVtGAqwjTG44qyRsvlAI9umFuuQio1P4CxNxJGsI3BRbDA/Y3PDSxJ2PufYxkYxMDVPuWR/wB7s4qpgz8VSAvIfQvqs9KGOZ0oVwEGMj/zBHPXkn978hHSebB2rZWn5Gli91Yec0EP1jyDA0nVynanZDabOcnk+KQFCx17pJklZqRG3GEEHVVCDE1L1O96UfLz9tL+a8Y8/26pWbBuvIvuLq7w4j1pg/K3NKtA7ZfM316WOBUvLc8iNnr0hqagA9YF0w4VZMNjxxTPjOmpo+NP71fAc95i+qK5VBPat2LpiPES/+HV0Gr0k7g6ejIuy94/IQH0jFvg5Cmv7Tuo+uGuOhkOC78DZG2igdDRAk7eS6i+LfooTegKgWxCyfWct60ulBUZ+RRa987kmihAZ5XOxAy2J5+CU+HCZc8KeU7Km2bJooKBauWTUDVMraeAfVFA00oiczS1y5DfrwJIQeozDaknxmqQq1bN9ouKAuA+BIaZ/cZ80LYcJmw40dc5wI6UtgBMVZaV0iwhd00Hio6iVvB8ABynpwYdQVCRFARl4GcuwK6Or/uFRkQPaosFk807VjKOZsA0YJU1rc0El8UR7TmYIFK75FU8iecuGZbc1HlzWjrWjFa+ayIRng5EOW59x02GT8n/wDb/m6HapRG5DtkGk95iBoEupexmVXYO28w== - template: - data: null - metadata: - creationTimestamp: null - name: invidious-config - namespace: public-services - type: Opaque - diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/kustomization.yaml deleted file mode 100644 index 3ce6c98..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- invidious -- nitter -- omgur -- searx -- teddit -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/kustomization.yaml deleted file mode 100644 index 3c7eaaa..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- release.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/release.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/release.yaml deleted file mode 100644 index 80a11ca..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/nitter/release.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: nitter - namespace: public-services -spec: - interval: 5m - chart: - spec: - chart: . - version: 0.1.0 - sourceRef: - kind: GitRepository - name: tyil-helm-nitter - namespace: flux-system - interval: 1m - values: - replicaCount: 1 - ingress: - enabled: true - className: nginx - hosts: - - host: twitter.alt.tyil.nl - paths: - - path: / - redis: - host: 10.57.100.7 - urlReplacements: - twitter: twitter.alt.tyil.nl - youtube: yewtu.be - reddit: reddit.alt.tyil.nl -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/deployment.yaml deleted file mode 100644 index a4647dd..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/deployment.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: omgur - namespace: public-services -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: omgur - app.kubernetes.io/part-of: public-services - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: omgur - app.kubernetes.io/part-of: public-services - spec: - containers: - - name: omgur - image: registry.gitlab.com/geraldwuhoo/omgur:latest - ports: - - containerPort: 8080 - env: - - name: REDIS_HOST - value: "10.57.100.7" -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/kustomization.yaml deleted file mode 100644 index 5ee3790..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- ingress.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/service.yaml deleted file mode 100644 index f848c14..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/omgur/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: omgur - namespace: public-services - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: omgur - app.kubernetes.io/part-of: public-services -spec: - selector: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: omgur - app.kubernetes.io/part-of: public-services - ports: - - protocol: TCP - port: 80 - targetPort: 8080 -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/deployment.yaml deleted file mode 100644 index ff93f12..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/deployment.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: searx - namespace: public-services -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: searx - app.kubernetes.io/part-of: public-services - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: searx - app.kubernetes.io/part-of: public-services - spec: - containers: - - name: searx - image: searx/searx:latest - ports: - - containerPort: 8080 - env: - - name: BIND_ADDRESS - value: "0.0.0.0:8080" - - name: BASE_URL - value: "https://searx.tyil.nl" - volumeMounts: - - name: srv - subPath: config - mountPath: /etc/searx - - name: filtron - image: dalf/filtron - args: [ - "-listen", "0.0.0.0:4040", - "-target", "searx:8080", - ] - ports: - - containerPort: 4040 - volumeMounts: - - name: srv - subPath: rules.json - mountPath: /etc/filtron/rules.json - volumes: - - name: srv - nfs: - server: 10.57.100.7 - path: /srv/searx -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/ingress.yaml deleted file mode 100644 index fdbc6bf..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/ingress.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: searx - namespace: public-services - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: searx - app.kubernetes.io/part-of: public-services -spec: - ingressClassName: "nginx" - rules: - - host: searx.tyil.nl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: searx - port: - number: 80 -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/kustomization.yaml deleted file mode 100644 index 5ee3790..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- ingress.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/service.yaml deleted file mode 100644 index 80b802b..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/searx/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: searx - namespace: public-services - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: searx - app.kubernetes.io/part-of: public-services -spec: - selector: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: searx - app.kubernetes.io/part-of: public-services - ports: - - protocol: TCP - port: 80 - targetPort: 8080 -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/deployment.yaml deleted file mode 100644 index 9542cde..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/deployment.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: teddit - namespace: public-services -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: teddit - app.kubernetes.io/part-of: public-services - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: teddit - app.kubernetes.io/part-of: public-services - spec: - containers: - - name: teddit - image: teddit/teddit:latest - ports: - - containerPort: 8080 - env: - - name: DOMAIN - value: "reddit.alt.tyil.nl" - - name: REDIS_DB - value: "1" - - name: REDIS_HOST - value: "10.57.100.7" - - name: TRUST_PROXY - value: "true" - - name: USE_HELMET - value: "true" - - name: USE_HELMET_HSTS - value: "true" -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/ingress.yaml deleted file mode 100644 index 55fc30a..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/ingress.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: teddit - namespace: public-services - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: teddit - app.kubernetes.io/part-of: public-services -spec: - ingressClassName: "nginx" - rules: - - host: reddit.alt.tyil.nl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: teddit - port: - number: 80 -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/kustomization.yaml deleted file mode 100644 index 5ee3790..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- ingress.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/service.yaml deleted file mode 100644 index b91c1d1..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/public-services/teddit/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: teddit - namespace: public-services - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: teddit - app.kubernetes.io/part-of: public-services -spec: - selector: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: teddit - app.kubernetes.io/part-of: public-services - ports: - - protocol: TCP - port: 80 - targetPort: 8080 -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/deployment.yaml deleted file mode 100644 index b923688..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: bazarr - namespace: servarr -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: bazarr - app.kubernetes.io/part-of: servarr - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: bazarr - app.kubernetes.io/part-of: servarr - spec: - containers: - - name: bazar - image: cr.hotio.dev/hotio/bazarr:nightly - ports: - - containerPort: 8090 - volumeMounts: - - name: config - subPath: config - mountPath: /config - env: - - name: GUID - valueFrom: - configMapKeyRef: - name: servarr - key: groupId - - name: PUID - valueFrom: - configMapKeyRef: - name: servarr - key: userId - - name: TZ - valueFrom: - configMapKeyRef: - name: servarr - key: timezone - - name: UMASK - valueFrom: - configMapKeyRef: - name: servarr - key: umask - volumes: - - name: config - hostPath: - type: Directory - path: /srv/servarr/bazarr -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/ingress.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/ingress.yaml deleted file mode 100644 index c8a6938..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/ingress.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: bazarr - namespace: servarr -spec: - ingressClassName: "nginx" - rules: - - host: baz.arr.tyil.nl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: bazarr - port: - number: 80 -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/kustomization.yaml deleted file mode 100644 index 5ee3790..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- ingress.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/service.yaml deleted file mode 100644 index 157ac0a..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/bazarr/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: bazarr - namespace: servarr -spec: - selector: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: bazarr - app.kubernetes.io/part-of: servarr - ports: - - protocol: TCP - port: 80 - targetPort: 6767 -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/configmap.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/configmap.yaml deleted file mode 100644 index 8d0b56d..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: servarr - namespace: servarr -data: - groupId: "1001" # media - timezone: "Europe/Amsterdam" - umask: "002" - userId: "169" # transmission -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/kustomization.yaml deleted file mode 100644 index 5ee3790..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/jellyseerr/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- ingress.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/kustomization.yaml deleted file mode 100644 index 5b9baeb..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/kustomization.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -# Shared configuration -- configmap.yaml - -# Main deployments -- lidarr -- radarr -- readarr -- sonarr - -# Download clients -- transmission-lidarr -- transmission-radarr -- transmission-readarr -- transmission-sonarr - -# Management -- prowlarr -- jellyseerr - -# Additional helper services -- bazarr -- unpackerr -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/kustomization.yaml deleted file mode 100644 index 5ee3790..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/lidarr/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- ingress.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/kustomization.yaml deleted file mode 100644 index 5ee3790..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- ingress.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/service.yaml deleted file mode 100644 index fd8a7b2..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/prowlarr/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: prowlarr - namespace: servarr -spec: - selector: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: prowlarr - app.kubernetes.io/part-of: servarr - ports: - - protocol: TCP - port: 80 - targetPort: 9696 -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/deployment.yaml deleted file mode 100644 index c9ccfe8..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/deployment.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: radarr - namespace: servarr -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: radarr - app.kubernetes.io/part-of: servarr - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: radarr - app.kubernetes.io/part-of: servarr - spec: - containers: - - name: radarr - image: hotio/radarr:release - ports: - - containerPort: 7878 - volumeMounts: - - name: config - mountPath: /config - - name: media - mountPath: /mnt/media - env: - - name: GUID - valueFrom: - configMapKeyRef: - name: servarr - key: groupId - - name: PUID - valueFrom: - configMapKeyRef: - name: servarr - key: userId - - name: TZ - valueFrom: - configMapKeyRef: - name: servarr - key: timezone - - name: UMASK - valueFrom: - configMapKeyRef: - name: servarr - key: umask - volumes: - - name: config - hostPath: - type: DirectoryOrCreate - path: /srv/servarr/radarr/config - - name: media - nfs: - server: 10.57.100.7 - path: /mnt/media -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/kustomization.yaml deleted file mode 100644 index 5ee3790..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/radarr/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- ingress.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/kustomization.yaml deleted file mode 100644 index 5ee3790..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/readarr/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- ingress.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/deployment.yaml deleted file mode 100644 index 97261ba..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/deployment.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: sonarr - namespace: servarr -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: sonarr - app.kubernetes.io/part-of: servarr - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: sonarr - app.kubernetes.io/part-of: servarr - spec: - containers: - - name: sonarr - image: hotio/sonarr:release - ports: - - containerPort: 8989 - volumeMounts: - - name: config - mountPath: /config - - name: media - mountPath: /mnt/media - env: - - name: GUID - valueFrom: - configMapKeyRef: - name: servarr - key: groupId - - name: PUID - valueFrom: - configMapKeyRef: - name: servarr - key: userId - - name: TZ - valueFrom: - configMapKeyRef: - name: servarr - key: timezone - - name: UMASK - valueFrom: - configMapKeyRef: - name: servarr - key: umask - volumes: - - name: config - hostPath: - type: DirectoryOrCreate - path: /srv/servarr/sonarr/config - - name: media - nfs: - server: 10.57.100.7 - path: /mnt/media -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/kustomization.yaml deleted file mode 100644 index 5ee3790..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/sonarr/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- ingress.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/deployment.yaml deleted file mode 100644 index a7fbf26..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/deployment.yaml +++ /dev/null @@ -1,76 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: transmission-lidarr - namespace: servarr -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: transmission-lidarr - app.kubernetes.io/part-of: servarr - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: transmission-lidarr - app.kubernetes.io/part-of: servarr - spec: - containers: - - name: transmission - image: lscr.io/linuxserver/transmission:latest - ports: - - containerPort: 9091 - protocol: TCP - - containerPort: 30012 - protocol: TCP - - containerPort: 30012 - protocol: UDP - volumeMounts: - - name: config - subPath: transmission-config - mountPath: /config - - name: downloads - subPath: source-transmission - mountPath: /mnt/media/music/source-transmission - env: - - name: GUID - valueFrom: - configMapKeyRef: - name: servarr - key: groupId - - name: PUID - valueFrom: - configMapKeyRef: - name: servarr - key: userId - - name: TZ - valueFrom: - configMapKeyRef: - name: servarr - key: timezone - - name: UMASK - valueFrom: - configMapKeyRef: - name: servarr - key: umask - - name: TRANSMISSION_WEB_HOME - value: "/flood-for-transmission/" - - name: PEERPORT - value: "30012" - volumes: - - name: downloads - nfs: - server: 10.57.100.7 - path: /mnt/media/music - - name: config - nfs: - server: 10.57.100.7 - path: /srv/servarr/lidarr -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/kustomization.yaml deleted file mode 100644 index 3f8c40c..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/service.yaml deleted file mode 100644 index 4081ca9..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-lidarr/service.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: transmission-lidarr - namespace: servarr - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: transmission-lidarr - app.kubernetes.io/part-of: servarr -spec: - type: NodePort - selector: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: transmission-lidarr - app.kubernetes.io/part-of: servarr - ports: - - protocol: TCP - port: 9091 - targetPort: 9091 - nodePort: 30013 - name: xmlrpc - - protocol: TCP - port: 30012 - targetPort: 30012 - nodePort: 30012 - name: peer-tcp - - protocol: UDP - port: 30012 - targetPort: 30012 - nodePort: 30012 - name: peer-udp -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/deployment.yaml deleted file mode 100644 index 9e497d6..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/deployment.yaml +++ /dev/null @@ -1,76 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: transmission-radarr - namespace: servarr -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: transmission-radarr - app.kubernetes.io/part-of: servarr - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: transmission-radarr - app.kubernetes.io/part-of: servarr - spec: - containers: - - name: transmission - image: lscr.io/linuxserver/transmission:latest - ports: - - containerPort: 9091 - protocol: TCP - - containerPort: 30014 - protocol: TCP - - containerPort: 30014 - protocol: UDP - volumeMounts: - - name: config - subPath: transmission-config - mountPath: /config - - name: downloads - subPath: source-transmission - mountPath: /mnt/media/movies/source-transmission - env: - - name: GUID - valueFrom: - configMapKeyRef: - name: servarr - key: groupId - - name: PUID - valueFrom: - configMapKeyRef: - name: servarr - key: userId - - name: TZ - valueFrom: - configMapKeyRef: - name: servarr - key: timezone - - name: UMASK - valueFrom: - configMapKeyRef: - name: servarr - key: umask - - name: TRANSMISSION_WEB_HOME - value: "/flood-for-transmission/" - - name: PEERPORT - value: "30014" - volumes: - - name: downloads - nfs: - server: 10.57.100.7 - path: /mnt/media/movies - - name: config - nfs: - server: 10.57.100.7 - path: /srv/servarr/radarr -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/kustomization.yaml deleted file mode 100644 index 3f8c40c..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/service.yaml deleted file mode 100644 index 5789330..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-radarr/service.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: transmission-radarr - namespace: servarr - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: transmission-radarr - app.kubernetes.io/part-of: servarr -spec: - type: NodePort - selector: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: transmission-radarr - app.kubernetes.io/part-of: servarr - ports: - - protocol: TCP - port: 9091 - targetPort: 9091 - nodePort: 30015 - name: xmlrpc - - protocol: TCP - port: 30014 - targetPort: 30014 - nodePort: 30014 - name: peer-tcp - - protocol: UDP - port: 30014 - targetPort: 30014 - nodePort: 30014 - name: peer-udp -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/deployment.yaml deleted file mode 100644 index db2e429..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/deployment.yaml +++ /dev/null @@ -1,76 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: transmission-readarr - namespace: servarr -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: transmission-readarr - app.kubernetes.io/part-of: servarr - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: transmission-readarr - app.kubernetes.io/part-of: servarr - spec: - containers: - - name: transmission - image: lscr.io/linuxserver/transmission:latest - ports: - - containerPort: 9091 - protocol: TCP - - containerPort: 30014 - protocol: TCP - - containerPort: 30014 - protocol: UDP - volumeMounts: - - name: config - subPath: transmission-config - mountPath: /config - - name: downloads - subPath: source-transmission - mountPath: /mnt/media/books/source-transmission - env: - - name: GUID - valueFrom: - configMapKeyRef: - name: servarr - key: groupId - - name: PUID - valueFrom: - configMapKeyRef: - name: servarr - key: userId - - name: TZ - valueFrom: - configMapKeyRef: - name: servarr - key: timezone - - name: UMASK - valueFrom: - configMapKeyRef: - name: servarr - key: umask - - name: TRANSMISSION_WEB_HOME - value: "/flood-for-transmission/" - - name: PEERPORT - value: "30014" - volumes: - - name: downloads - nfs: - server: 10.57.100.7 - path: /mnt/media/books - - name: config - nfs: - server: 10.57.100.7 - path: /srv/servarr/readarr -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/kustomization.yaml deleted file mode 100644 index 3f8c40c..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/service.yaml deleted file mode 100644 index a2dfb2f..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-readarr/service.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: transmission-readarr - namespace: servarr - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: transmission-readarr - app.kubernetes.io/part-of: servarr -spec: - type: NodePort - selector: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: transmission-readarr - app.kubernetes.io/part-of: servarr - ports: - - protocol: TCP - port: 9091 - targetPort: 9091 - nodePort: 30017 - name: xmlrpc - - protocol: TCP - port: 30016 - targetPort: 30016 - nodePort: 30016 - name: peer-tcp - - protocol: UDP - port: 30016 - targetPort: 30016 - nodePort: 30016 - name: peer-udp -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/deployment.yaml deleted file mode 100644 index 64a2d8f..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/deployment.yaml +++ /dev/null @@ -1,76 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: transmission-sonarr - namespace: servarr -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: transmission-sonarr - app.kubernetes.io/part-of: servarr - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: transmission-sonarr - app.kubernetes.io/part-of: servarr - spec: - containers: - - name: transmission - image: lscr.io/linuxserver/transmission:latest - ports: - - containerPort: 9091 - protocol: TCP - - containerPort: 30010 - protocol: TCP - - containerPort: 30010 - protocol: UDP - volumeMounts: - - name: config - subPath: transmission-config - mountPath: /config - - name: downloads - subPath: source-transmission - mountPath: /mnt/media/series/source-transmission - env: - - name: GUID - valueFrom: - configMapKeyRef: - name: servarr - key: groupId - - name: PUID - valueFrom: - configMapKeyRef: - name: servarr - key: userId - - name: TZ - valueFrom: - configMapKeyRef: - name: servarr - key: timezone - - name: UMASK - valueFrom: - configMapKeyRef: - name: servarr - key: umask - - name: TRANSMISSION_WEB_HOME - value: "/flood-for-transmission/" - - name: PEERPORT - value: "30010" - volumes: - - name: downloads - nfs: - server: 10.57.100.7 - path: /mnt/media/series - - name: config - nfs: - server: 10.57.100.7 - path: /srv/servarr/sonarr -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/kustomization.yaml deleted file mode 100644 index 3f8c40c..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -- service.yaml -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/service.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/service.yaml deleted file mode 100644 index de91b67..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/transmission-sonarr/service.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: transmission-sonarr - namespace: servarr - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: transmission-sonarr - app.kubernetes.io/part-of: servarr -spec: - type: NodePort - selector: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: transmission-sonarr - app.kubernetes.io/part-of: servarr - ports: - - protocol: TCP - port: 9091 - targetPort: 9091 - nodePort: 30011 - name: xmlrpc - - protocol: TCP - port: 30010 - targetPort: 30010 - nodePort: 30010 - name: peer-tcp - - protocol: UDP - port: 30010 - targetPort: 30010 - nodePort: 30010 - name: peer-udp -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/unpackerr/deployment.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/unpackerr/deployment.yaml deleted file mode 100644 index 7b72040..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/unpackerr/deployment.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: unpackerr - namespace: servarr -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: unpackerr - app.kubernetes.io/part-of: servarr - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: unpackerr - app.kubernetes.io/part-of: servarr - spec: - containers: - - name: unpackerr - image: golift/unpackerr:latest - volumeMounts: - - name: config - subPath: config - mountPath: /etc/unpackerr - - name: media - mountPath: /mnt/media - volumes: - - name: config - nfs: - server: 10.57.100.7 - path: /srv/servarr/unpackerr - - name: media - nfs: - server: 10.57.100.7 - path: /mnt/media -... diff --git a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/unpackerr/kustomization.yaml b/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/unpackerr/kustomization.yaml deleted file mode 100644 index 83c68dc..0000000 --- a/playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net/servarr/unpackerr/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yaml -... diff --git a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/applications.yaml b/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/applications.yaml deleted file mode 100644 index ffbd980..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/applications.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: applications - namespace: flux-system -spec: - interval: 10m0s - sourceRef: - kind: GitRepository - name: flux-system - path: ./playbooks.d/k3s-master/manifests/applications/edephas.tyil.net - prune: true -... diff --git a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/gotk-components.yaml b/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/gotk-components.yaml deleted file mode 100644 index 4c7ce9b..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/gotk-components.yaml +++ /dev/null @@ -1,5583 +0,0 @@ ---- -# This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v0.31.5 -# Components: source-controller,kustomize-controller,helm-controller,notification-controller -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - pod-security.kubernetes.io/warn: restricted - pod-security.kubernetes.io/warn-version: latest - name: flux-system ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: alerts.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Alert - listKind: AlertList - plural: alerts - singular: alert - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Alert is the Schema for the alerts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AlertSpec defines an alerting rule for events involving a - list of objects - properties: - eventSeverity: - default: info - description: Filter events based on severity, defaults to ('info'). - If set to 'info' no events will be filtered. - enum: - - info - - error - type: string - eventSources: - description: Filter events based on the involved objects. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - name: - description: Name of the referent - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - name - type: object - type: array - exclusionList: - description: A list of Golang regular expressions to be used for excluding - messages. - items: - type: string - type: array - providerRef: - description: Send events using this provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - summary: - description: Short description of the impact and affected cluster. - type: string - suspend: - description: This flag tells the controller to suspend subsequent - events dispatching. Defaults to false. - type: boolean - required: - - eventSources - - providerRef - type: object - status: - default: - observedGeneration: -1 - description: AlertStatus defines the observed state of Alert - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: buckets.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: Bucket - listKind: BucketList - plural: buckets - singular: bucket - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.endpoint - name: Endpoint - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BucketSpec defines the desired state of an S3 compatible - bucket - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - bucketName: - description: The bucket name. - type: string - endpoint: - description: The bucket endpoint address. - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. - type: boolean - interval: - description: The interval at which to check for bucket updates. - type: string - provider: - default: generic - description: The S3 compatible storage provider name, default ('generic'). - enum: - - generic - - aws - - gcp - type: string - region: - description: The bucket region. - type: string - secretRef: - description: The name of the secret containing authentication credentials - for the Bucket. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for download operations, defaults to 60s. - type: string - required: - - bucketName - - endpoint - - interval - type: object - status: - default: - observedGeneration: -1 - description: BucketStatus defines the observed state of a bucket - properties: - artifact: - description: Artifact represents the output of the last successful - Bucket sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the - last Bucket sync. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.endpoint - name: Endpoint - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BucketSpec specifies the required configuration to produce - an Artifact for an object storage bucket. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - bucketName: - description: BucketName is the name of the object storage bucket. - type: string - endpoint: - description: Endpoint is the object storage address the BucketName - is located at. - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP Endpoint. - type: boolean - interval: - description: Interval at which to check the Endpoint for updates. - type: string - provider: - default: generic - description: Provider of the object storage bucket. Defaults to 'generic', - which expects an S3 (API) compatible object storage. - enum: - - generic - - aws - - gcp - - azure - type: string - region: - description: Region of the Endpoint where the BucketName is located - in. - type: string - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the Bucket. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this Bucket. - type: boolean - timeout: - default: 60s - description: Timeout for fetch operations, defaults to 60s. - type: string - required: - - bucketName - - endpoint - - interval - type: object - status: - default: - observedGeneration: -1 - description: BucketStatus records the observed state of a Bucket. - properties: - artifact: - description: Artifact represents the last successful Bucket reconciliation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the Artifact file. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Bucket object. - format: int64 - type: integer - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: gitrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: GitRepository - listKind: GitRepositoryList - plural: gitrepositories - shortNames: - - gitrepo - singular: gitrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec defines the desired state of a Git repository. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - gitImplementation: - default: go-git - description: Determines which git client library to use. Defaults - to go-git, valid values are ('go-git', 'libgit2'). - enum: - - go-git - - libgit2 - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Extra git repositories to map into the repository - items: - description: GitRepositoryInclude defines a source with a from and - to path. - properties: - fromPath: - description: The path to copy contents from, defaults to the - root directory. - type: string - repository: - description: Reference to a GitRepository to include. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: The path to copy contents to, defaults to the name - of the source ref. - type: string - required: - - repository - type: object - type: array - interval: - description: The interval at which to check for repository updates. - type: string - recurseSubmodules: - description: When enabled, after the clone is created, initializes - all submodules within, using their default settings. This option - is available only when using the 'go-git' GitImplementation. - type: boolean - ref: - description: The Git reference to checkout and monitor for changes, - defaults to master branch. - properties: - branch: - description: The Git branch to checkout, defaults to master. - type: string - commit: - description: The Git commit SHA to checkout, if specified Tag - filters will be ignored. - type: string - semver: - description: The Git tag semver expression, takes precedence over - Tag. - type: string - tag: - description: The Git tag to checkout, takes precedence over Branch. - type: string - type: object - secretRef: - description: The secret name containing the Git credentials. For HTTPS - repositories the secret must contain username and password fields. - For SSH repositories the secret must contain identity and known_hosts - fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for remote Git operations like cloning, defaults - to 60s. - type: string - url: - description: The repository URL, can be a HTTP/S or SSH address. - pattern: ^(http|https|ssh):// - type: string - verify: - description: Verify OpenPGP signature for the Git commit HEAD points - to. - properties: - mode: - description: Mode describes what git object should be verified, - currently ('head'). - enum: - - head - type: string - secretRef: - description: The secret name containing the public keys of all - trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - mode - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus defines the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the output of the last successful - repository sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - includedArtifacts: - description: IncludedArtifacts represents the included artifacts from - the last successful repository sync. - items: - description: Artifact represents the output of a source synchronisation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the - last repository sync. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec specifies the required configuration to - produce an Artifact for a Git repository. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - gitImplementation: - default: go-git - description: GitImplementation specifies which Git client library - implementation to use. Defaults to 'go-git', valid values are ('go-git', - 'libgit2'). - enum: - - go-git - - libgit2 - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Include specifies a list of GitRepository resources which - Artifacts should be included in the Artifact produced for this GitRepository. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - interval: - description: Interval at which to check the GitRepository for updates. - type: string - recurseSubmodules: - description: RecurseSubmodules enables the initialization of all submodules - within the GitRepository as cloned from the URL, using their default - settings. This option is available only when using the 'go-git' - GitImplementation. - type: boolean - ref: - description: Reference specifies the Git reference to resolve and - monitor for changes, defaults to the 'master' branch. - properties: - branch: - description: "Branch to check out, defaults to 'master' if no - other field is defined. \n When GitRepositorySpec.GitImplementation - is set to 'go-git', a shallow clone of the specified branch - is performed." - type: string - commit: - description: "Commit SHA to check out, takes precedence over all - reference fields. \n When GitRepositorySpec.GitImplementation - is set to 'go-git', this can be combined with Branch to shallow - clone the branch, in which the commit is expected to exist." - type: string - semver: - description: SemVer tag expression to check out, takes precedence - over Tag. - type: string - tag: - description: Tag to check out, takes precedence over Branch. - type: string - type: object - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the GitRepository. For HTTPS repositories the Secret - must contain 'username' and 'password' fields. For SSH repositories - the Secret must contain 'identity' and 'known_hosts' fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this GitRepository. - type: boolean - timeout: - default: 60s - description: Timeout for Git operations like cloning, defaults to - 60s. - type: string - url: - description: URL specifies the Git repository URL, it can be an HTTP/S - or SSH address. - pattern: ^(http|https|ssh):// - type: string - verify: - description: Verification specifies the configuration to verify the - Git commit signature(s). - properties: - mode: - description: Mode specifies what Git object should be verified, - currently ('head'). - enum: - - head - type: string - secretRef: - description: SecretRef specifies the Secret containing the public - keys of trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - mode - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus records the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the last successful GitRepository - reconciliation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the Artifact file. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - contentConfigChecksum: - description: 'ContentConfigChecksum is a checksum of all the configurations - related to the content of the source artifact: - .spec.ignore - - .spec.recurseSubmodules - .spec.included and the checksum of the - included artifacts observed in .status.observedGeneration version - of the object. This can be used to determine if the content of the - included repository has changed. It has the format of `<algo>:<checksum>`, - for example: `sha256:<checksum>`.' - type: string - includedArtifacts: - description: IncludedArtifacts contains a list of the last successfully - included Artifacts as instructed by GitRepositorySpec.Include. - items: - description: Artifact represents the output of a Source reconciliation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the Artifact - file. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - path: - description: Path is the relative file path of the Artifact. - It can be used to locate the file in the root of the Artifact - storage on the local file system of the controller managing - the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - path - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the GitRepository object. - format: int64 - type: integer - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: helmcharts.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmChart - listKind: HelmChartList - plural: helmcharts - shortNames: - - hc - singular: helmchart - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmChartSpec defines the desired state of a Helm chart. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - chart: - description: The name or path the Helm chart is available at in the - SourceRef. - type: string - interval: - description: The interval at which to check the Source for updates. - type: string - reconcileStrategy: - default: ChartVersion - description: Determines what enables the creation of a new artifact. - Valid values are ('ChartVersion', 'Revision'). See the documentation - of the values for an explanation on their behavior. Defaults to - ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: The reference to the Source the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent, valid values are ('HelmRepository', - 'GitRepository', 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - valuesFile: - description: Alternative values file to use as the default chart values, - expected to be a relative path in the SourceRef. Deprecated in favor - of ValuesFiles, for backwards compatibility the file defined here - is merged before the ValuesFiles items. Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the chart - values (values.yaml is not included by default), expected to be - a relative path in the SourceRef. Values files are merged in the - order of this list with the last file overriding the first. Ignored - when omitted. - items: - type: string - type: array - version: - default: '*' - description: The chart version semver expression, ignored for charts - from GitRepository and Bucket sources. Defaults to latest when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: HelmChartStatus defines the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful - chart sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last chart pulled. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmChartSpec specifies the desired state of a Helm chart. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - chart: - description: Chart is the name or path the Helm chart is available - at in the SourceRef. - type: string - interval: - description: Interval is the interval at which to check the Source - for updates. - type: string - reconcileStrategy: - default: ChartVersion - description: ReconcileStrategy determines what enables the creation - of a new artifact. Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on their - behavior. Defaults to ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: SourceRef is the reference to the Source the chart is - available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent, valid values are ('HelmRepository', - 'GitRepository', 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this source. - type: boolean - valuesFile: - description: ValuesFile is an alternative values file to use as the - default chart values, expected to be a relative path in the SourceRef. - Deprecated in favor of ValuesFiles, for backwards compatibility - the file specified here is merged before the ValuesFiles items. - Ignored when omitted. - type: string - valuesFiles: - description: ValuesFiles is an alternative list of values files to - use as the chart values (values.yaml is not included by default), - expected to be a relative path in the SourceRef. Values files are - merged in the order of this list with the last file overriding the - first. Ignored when omitted. - items: - type: string - type: array - version: - default: '*' - description: Version is the chart version semver expression, ignored - for charts from GitRepository and Bucket sources. Defaults to latest - when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: HelmChartStatus records the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful - reconciliation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the Artifact file. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedChartName: - description: ObservedChartName is the last observed chart name as - specified by the resolved chart reference. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the HelmChart object. - format: int64 - type: integer - observedSourceArtifactRevision: - description: ObservedSourceArtifactRevision is the last observed Artifact.Revision - of the HelmChartSpec.SourceRef. - type: string - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: helmreleases.helm.toolkit.fluxcd.io -spec: - group: helm.toolkit.fluxcd.io - names: - kind: HelmRelease - listKind: HelmReleaseList - plural: helmreleases - shortNames: - - hr - singular: helmrelease - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v2beta1 - schema: - openAPIV3Schema: - description: HelmRelease is the Schema for the helmreleases API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmReleaseSpec defines the desired state of a Helm release. - properties: - chart: - description: Chart defines the template of the v1beta2.HelmChart that - should be created for this HelmRelease. - properties: - spec: - description: Spec holds the template for the v1beta2.HelmChartSpec - for this HelmRelease. - properties: - chart: - description: The name or path the Helm chart is available - at in the SourceRef. - type: string - interval: - description: Interval at which to check the v1beta2.Source - for updates. Defaults to 'HelmReleaseSpec.Interval'. - type: string - reconcileStrategy: - default: ChartVersion - description: Determines what enables the creation of a new - artifact. Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on - their behavior. Defaults to ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: The name and namespace of the v1beta2.Source - the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent. - maxLength: 63 - minLength: 1 - type: string - required: - - name - type: object - valuesFile: - description: Alternative values file to use as the default - chart values, expected to be a relative path in the SourceRef. - Deprecated in favor of ValuesFiles, for backwards compatibility - the file defined here is merged before the ValuesFiles items. - Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the - chart values (values.yaml is not included by default), expected - to be a relative path in the SourceRef. Values files are - merged in the order of this list with the last file overriding - the first. Ignored when omitted. - items: - type: string - type: array - version: - default: '*' - description: Version semver expression, ignored for charts - from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults - to latest when omitted. - type: string - required: - - chart - - sourceRef - type: object - required: - - spec - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to HelmRelease resources that must be ready - before this HelmRelease can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - install: - description: Install holds the configuration for Helm install actions - for this HelmRelease. - properties: - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Create` - and if omitted CRDs are installed but not updated. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are applied (installed) during Helm install action. With this - option users can opt-in to CRD replace existing CRDs on Helm - install actions, which is not (yet) natively supported by Helm. - https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - createNamespace: - description: CreateNamespace tells the Helm install action to - create the HelmReleaseSpec.TargetNamespace if it does not exist - yet. On uninstall, the namespace will not be garbage collected. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm install action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm install - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm install has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm install has been performed. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm install action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an install - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false'. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - an uninstall, is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - type: object - replace: - description: Replace tells the Helm install action to re-use the - 'ReleaseName', but only if that name is a deleted release which - remains in the history. - type: boolean - skipCRDs: - description: "SkipCRDs tells the Helm install action to not install - any CRDs. By default, CRDs are installed if not already present. - \n Deprecated use CRD policy (`crds`) attribute with value `Skip` - instead." - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - interval: - description: Interval at which to reconcile the Helm release. - type: string - kubeConfig: - description: KubeConfig for reconciling the HelmRelease on a remote - cluster. When used in combination with HelmReleaseSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name to a secret that contains - a key with the kubeconfig file as the value. If no key is specified - the key will default to 'value'. The secret must be in the same - namespace as the HelmRelease. It is recommended that the kubeconfig - is self-contained, and the secret is regularly updated if credentials - such as a cloud-access-token expire. Cloud specific `cmd-path` - auth helpers will not function without adding binaries and credentials - to the Pod that is responsible for reconciling the HelmRelease. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - type: object - maxHistory: - description: MaxHistory is the number of revisions saved by Helm for - this HelmRelease. Use '0' for an unlimited number of revisions; - defaults to '10'. - type: integer - postRenderers: - description: PostRenderers holds an array of Helm PostRenderers, which - will be applied in order of their definition. - items: - description: PostRenderer contains a Helm PostRenderer specification. - properties: - kustomize: - description: Kustomization to apply as PostRenderer. - properties: - images: - description: Images is a list of (image name, new name, - new tag or digest) for changing image names, tags or digests. - This can also be achieved with a patch, but this operator - is simpler to specify. - items: - description: Image contains an image name, a new name, - a new tag or digest, which will replace the original - name and tag. - properties: - digest: - description: Digest is the value used to replace the - original image tag. If digest is present NewTag - value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace - the original name. - type: string - newTag: - description: NewTag is the value used to replace the - original tag. - type: string - required: - - name - type: object - type: array - patches: - description: Strategic merge and JSON patches, defined as - inline YAML objects, capable of targeting objects based - on kind, label and annotation selectors. - items: - description: Patch contains an inline StrategicMerge or - JSON6902 patch, and the target the patch should be applied - to. - properties: - patch: - description: Patch contains an inline StrategicMerge - patch or an inline JSON6902 patch with an array - of operation objects. - type: string - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - type: object - type: array - patchesJson6902: - description: JSON 6902 patches, defined as inline YAML objects. - items: - description: JSON6902Patch contains a JSON6902 patch and - the target the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document - with an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. - https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value - that references a location within the target - document where the operation is performed. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - type: string - op: - description: Op indicates the operation to perform. - Its value MUST be one of "add", "remove", - "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer - value that references a location within the - target document where the operation is performed. - The meaning of the value depends on the value - of Op. - type: string - value: - description: Value contains a valid JSON structure. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as inline - YAML objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - type: object - type: object - type: array - releaseName: - description: ReleaseName used for the Helm release. Defaults to a - composition of '[TargetNamespace-]Name'. - maxLength: 53 - minLength: 1 - type: string - rollback: - description: Rollback holds the configuration for Helm rollback actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm rollback action when it fails. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm rollback has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm rollback has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - recreate: - description: Recreate performs pod restarts for the resource if - applicable. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this HelmRelease. - type: string - storageNamespace: - description: StorageNamespace used for the Helm storage. Defaults - to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - suspend: - description: Suspend tells the controller to suspend reconciliation - for this HelmRelease, it does not apply to already started reconciliations. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace to target when performing operations - for the HelmRelease. Defaults to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - test: - description: Test holds the configuration for Helm test actions for - this HelmRelease. - properties: - enable: - description: Enable enables Helm test actions for this HelmRelease - after an Helm install or upgrade action has been performed. - type: boolean - ignoreFailures: - description: IgnoreFailures tells the controller to skip remediation - when the Helm tests are run but fail. Can be overwritten for - tests run after install or upgrade actions in 'Install.IgnoreTestFailures' - and 'Upgrade.IgnoreTestFailures'. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation during the performance of a Helm test action. Defaults - to 'HelmReleaseSpec.Timeout'. - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a Helm - action. Defaults to '5m0s'. - type: string - uninstall: - description: Uninstall holds the configuration for Helm uninstall - actions for this HelmRelease. - properties: - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables waiting for all the resources - to be deleted after a Helm uninstall is performed. - type: boolean - keepHistory: - description: KeepHistory tells Helm to remove all associated resources - and mark the release as deleted, but retain the release history. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - upgrade: - description: Upgrade holds the configuration for Helm upgrade actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm upgrade action when it fails. - type: boolean - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and - if omitted CRDs are neither installed nor upgraded. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are not applied during Helm upgrade action. With this option - users can opt-in to CRD upgrade, which is not (yet) natively - supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm upgrade action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm upgrade - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm upgrade has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm upgrade has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - preserveValues: - description: PreserveValues will make Helm reuse the last release's - values and merge in overrides from 'Values'. Setting this flag - makes the HelmRelease non-declarative. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm upgrade action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an upgrade - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false' unless 'Retries' is greater than 0. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - 'Strategy', is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - strategy: - description: Strategy to use for failure remediation. Defaults - to 'rollback'. - enum: - - rollback - - uninstall - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - values: - description: Values holds the values for this Helm release. - x-kubernetes-preserve-unknown-fields: true - valuesFrom: - description: ValuesFrom holds references to resources containing Helm - values for this HelmRelease, and information about how they should - be merged. - items: - description: ValuesReference contains a reference to a resource - containing Helm values, and optionally the key they can be found - at. - properties: - kind: - description: Kind of the values referent, valid values are ('Secret', - 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside in the - same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - description: Optional marks this ValuesReference as optional. - When set, a not found error for the values reference is ignored, - but any ValuesKey, TargetPath or transient error will still - result in a reconciliation failure. - type: boolean - targetPath: - description: TargetPath is the YAML dot notation path the value - should be merged at. When set, the ValuesKey is expected to - be a single flat value. Defaults to 'None', which results - in the values getting merged at the root. - type: string - valuesKey: - description: ValuesKey is the data key where the values.yaml - or a specific value can be found at. Defaults to 'values.yaml'. - type: string - required: - - kind - - name - type: object - type: array - required: - - chart - - interval - type: object - status: - default: - observedGeneration: -1 - description: HelmReleaseStatus defines the observed state of a HelmRelease. - properties: - conditions: - description: Conditions holds the conditions for the HelmRelease. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - failures: - description: Failures is the reconciliation failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - helmChart: - description: HelmChart is the namespaced name of the HelmChart resource - created by the controller for the HelmRelease. - type: string - installFailures: - description: InstallFailures is the install failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - lastAppliedRevision: - description: LastAppliedRevision is the revision of the last successfully - applied source. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastAttemptedValuesChecksum: - description: LastAttemptedValuesChecksum is the SHA1 checksum of the - values of the last reconciliation attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastReleaseRevision: - description: LastReleaseRevision is the revision of the last successful - Helm release. - type: integer - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - upgradeFailures: - description: UpgradeFailures is the upgrade failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: helmrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmRepository - listKind: HelmRepositoryList - plural: helmrepositories - shortNames: - - helmrepo - singular: helmrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmRepositorySpec defines the reference to a Helm repository. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - interval: - description: The interval at which to check the upstream for updates. - type: string - passCredentials: - description: PassCredentials allows the credentials from the SecretRef - to be passed on to a host that does not match the host as defined - in URL. This may be required if the host of the advertised chart - URLs in the index differ from the defined URL. Enabling this should - be done with caution, as it can potentially result in credentials - getting stolen in a MITM-attack. - type: boolean - secretRef: - description: The name of the secret containing authentication credentials - for the Helm repository. For HTTP/S basic auth the secret must contain - username and password fields. For TLS the secret must contain a - certFile and keyFile, and/or caCert fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout of index downloading, defaults to 60s. - type: string - url: - description: The Helm repository URL, a valid URL contains at least - a protocol and host. - type: string - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: HelmRepositoryStatus defines the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the output of the last successful - repository sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last index fetched. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmRepositorySpec specifies the required configuration to - produce an Artifact for a Helm repository index YAML. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - interval: - description: Interval at which to check the URL for updates. - type: string - passCredentials: - description: PassCredentials allows the credentials from the SecretRef - to be passed on to a host that does not match the host as defined - in URL. This may be required if the host of the advertised chart - URLs in the index differ from the defined URL. Enabling this should - be done with caution, as it can potentially result in credentials - getting stolen in a MITM-attack. - type: boolean - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the HelmRepository. For HTTP/S basic auth the secret - must contain 'username' and 'password' fields. For TLS the secret - must contain a 'certFile' and 'keyFile', and/or 'caCert' fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this HelmRepository. - type: boolean - timeout: - default: 60s - description: Timeout of the index fetch operation, defaults to 60s. - type: string - type: - description: Type of the HelmRepository. When this field is set to "oci", - the URL field value must be prefixed with "oci://". - enum: - - default - - oci - type: string - url: - description: URL of the Helm repository, a valid URL contains at least - a protocol and host. - type: string - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: HelmRepositoryStatus records the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the last successful HelmRepository - reconciliation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the Artifact file. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the HelmRepository object. - format: int64 - type: integer - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: kustomizations.kustomize.toolkit.fluxcd.io -spec: - group: kustomize.toolkit.fluxcd.io - names: - kind: Kustomization - listKind: KustomizationList - plural: kustomizations - shortNames: - - ks - singular: kustomization - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the desired state of a kustomization. - properties: - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When specified, KubeConfig takes precedence over - ServiceAccountName. - properties: - secretRef: - description: SecretRef holds the name to a secret that contains - a 'value' key with the kubeconfig file as the value. It must - be in the same namespace as the Kustomization. It is recommended - that the kubeconfig is self-contained, and the secret is regularly - updated if credentials such as a cloud-access-token expire. - Cloud specific `cmd-path` auth helpers will not function without - adding binaries and credentials to the Pod that is responsible - for reconciling the Kustomization. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - type: object - type: array - patchesJson6902: - description: JSON 6902 patches, defined as inline YAML objects. - items: - description: JSON6902Patch contains a JSON6902 patch and the target - the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document with - an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value that references - a location within the target document where the operation - is performed. The meaning of the value depends on the - value of Op, and is NOT taken into account by all operations. - type: string - op: - description: Op indicates the operation to perform. Its - value MUST be one of "add", "remove", "replace", "move", - "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer value that - references a location within the target document where - the operation is performed. The meaning of the value - depends on the value of Op. - type: string - value: - description: Value contains a valid JSON structure. The - meaning of the value depends on the value of Op, and - is NOT taken into account by all operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as inline YAML objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - GitRepository - - Bucket - type: string - name: - description: Name of the referent - type: string - namespace: - description: Namespace of the referent, defaults to the Kustomization - namespace - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - type: string - validation: - description: Validate the Kubernetes objects before applying them - on the cluster. The validation strategy can be 'client' (local dry-run), - 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true', - validation will fallback to 'client' if set to 'server' because - server-side validation is not supported in this scenario. - enum: - - none - - client - - server - type: string - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastAppliedRevision: - description: The last successfully applied revision. The revision - format for Git sources is <branch|tag>/<commit-sha>. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - snapshot: - description: The last successfully applied revision metadata. - properties: - checksum: - description: The manifests sha1 checksum. - type: string - entries: - description: A list of Kubernetes kinds grouped by namespace. - items: - description: Snapshot holds the metadata of namespaced Kubernetes - objects - properties: - kinds: - additionalProperties: - type: string - description: The list of Kubernetes kinds. - type: object - namespace: - description: The namespace of this entry. - type: string - required: - - kinds - type: object - type: array - required: - - checksum - - entries - type: object - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the configuration to calculate - the desired state from a Source using Kustomize. - properties: - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name of a secret that contains - a key with the kubeconfig file as the value. If no key is set, - the key will default to 'value'. The secret must be in the same - namespace as the Kustomization. It is recommended that the kubeconfig - is self-contained, and the secret is regularly updated if credentials - such as a cloud-access-token expire. Cloud specific `cmd-path` - auth helpers will not function without adding binaries and credentials - to the Pod that is responsible for reconciling the Kustomization. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - type: object - type: array - patchesJson6902: - description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated: - Use Patches instead.' - items: - description: JSON6902Patch contains a JSON6902 patch and the target - the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document with - an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value that references - a location within the target document where the operation - is performed. The meaning of the value depends on the - value of Op, and is NOT taken into account by all operations. - type: string - op: - description: Op indicates the operation to perform. Its - value MUST be one of "add", "remove", "replace", "move", - "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer value that - references a location within the target document where - the operation is performed. The meaning of the value - depends on the value of Op. - type: string - value: - description: Value contains a valid JSON structure. The - meaning of the value depends on the value of Op, and - is NOT taken into account by all operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: 'Strategic merge patches, defined as inline YAML objects. - Deprecated: Use Patches instead.' - items: - x-kubernetes-preserve-unknown-fields: true - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - default: false - description: Optional indicates whether the referenced resource - must exist, or whether to tolerate its absence. If true - and the referenced resource is absent, proceed as if the - resource was present but empty, without any variables - defined. - type: boolean - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, defaults to the namespace - of the Kubernetes resource object that contains the reference. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - type: string - validation: - description: 'Deprecated: Not used in v1beta2.' - enum: - - none - - client - - server - type: string - wait: - description: Wait instructs the controller to check the health of - all the reconciled resources. When enabled, the HealthChecks are - ignored. Defaults to false. - type: boolean - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - inventory: - description: Inventory contains the list of Kubernetes resource object - references that have been successfully applied. - properties: - entries: - description: Entries of Kubernetes resource object references. - items: - description: ResourceRef contains the information necessary - to locate a resource within a cluster. - properties: - id: - description: ID is the string representation of the Kubernetes - resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'. - type: string - v: - description: Version is the API version of the Kubernetes - resource object's kind. - type: string - required: - - id - - v - type: object - type: array - required: - - entries - type: object - lastAppliedRevision: - description: The last successfully applied revision. The revision - format for Git sources is <branch|tag>/<commit-sha>. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: providers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Provider - listKind: ProviderList - plural: providers - singular: provider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of Provider - properties: - address: - description: HTTP/S webhook address of this provider - pattern: ^(http|https):// - type: string - certSecretRef: - description: CertSecretRef can be given the name of a secret containing - a PEM-encoded CA certificate (`caFile`) - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - channel: - description: Alert channel for this provider - type: string - proxy: - description: HTTP/S address of the proxy - pattern: ^(http|https):// - type: string - secretRef: - description: Secret reference containing the provider webhook URL - using "address" as data key - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - events handling. Defaults to false. - type: boolean - type: - description: Type of provider - enum: - - slack - - discord - - msteams - - rocket - - generic - - github - - gitlab - - bitbucket - - azuredevops - - googlechat - - webex - - sentry - - azureeventhub - - telegram - - lark - - matrix - - opsgenie - - alertmanager - - grafana - - githubdispatch - type: string - username: - description: Bot username for this provider - type: string - required: - - type - type: object - status: - default: - observedGeneration: -1 - description: ProviderStatus defines the observed state of Provider - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: receivers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Receiver - listKind: ReceiverList - plural: receivers - singular: receiver - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of Receiver - properties: - events: - description: A list of events to handle, e.g. 'push' for GitHub or - 'Push Hook' for GitLab. - items: - type: string - type: array - resources: - description: A list of resources to be notified about changes. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - name: - description: Name of the referent - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - name - type: object - type: array - secretRef: - description: Secret reference containing the token used to validate - the payload authenticity - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - events handling. Defaults to false. - type: boolean - type: - description: Type of webhook sender, used to determine the validation - procedure and payload deserialization. - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of Receiver - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: helm-controller - namespace: flux-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: kustomize-controller - namespace: flux-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: notification-controller - namespace: flux-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: source-controller - namespace: flux-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: crd-controller-flux-system -rules: -- apiGroups: - - source.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - kustomize.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - helm.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - notification.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - image.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - "" - resources: - - namespaces - - secrets - - configmaps - - serviceaccounts - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: cluster-reconciler-flux-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: flux-system -- kind: ServiceAccount - name: helm-controller - namespace: flux-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: crd-controller-flux-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: crd-controller-flux-system -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: flux-system -- kind: ServiceAccount - name: helm-controller - namespace: flux-system -- kind: ServiceAccount - name: source-controller - namespace: flux-system -- kind: ServiceAccount - name: notification-controller - namespace: flux-system -- kind: ServiceAccount - name: image-reflector-controller - namespace: flux-system -- kind: ServiceAccount - name: image-automation-controller - namespace: flux-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: notification-controller - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: notification-controller - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: source-controller - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: source-controller - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: webhook-receiver - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http-webhook - selector: - app: notification-controller - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: helm-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: helm-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: helm-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/helm-controller:v0.22.2 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: helm-controller - terminationGracePeriodSeconds: 600 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: kustomize-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: kustomize-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: kustomize-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/kustomize-controller:v0.26.3 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: kustomize-controller - terminationGracePeriodSeconds: 60 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: notification-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: notification-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: notification-controller - spec: - containers: - - args: - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/notification-controller:v0.24.1 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - protocol: TCP - - containerPort: 9292 - name: http-webhook - protocol: TCP - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: notification-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: source-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: source-controller - strategy: - type: Recreate - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: source-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - - --storage-path=/data - - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/source-controller:v0.25.11 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - protocol: TCP - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: / - port: http - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 50m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /data - name: data - - mountPath: /tmp - name: tmp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: source-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: data - - emptyDir: {} - name: tmp ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: allow-egress - namespace: flux-system -spec: - egress: - - {} - ingress: - - from: - - podSelector: {} - podSelector: {} - policyTypes: - - Ingress - - Egress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: allow-scraping - namespace: flux-system -spec: - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP - podSelector: {} - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: allow-webhooks - namespace: flux-system -spec: - ingress: - - from: - - namespaceSelector: {} - podSelector: - matchLabels: - app: notification-controller - policyTypes: - - Ingress diff --git a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/gotk-sync.yaml b/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/gotk-sync.yaml deleted file mode 100644 index 7d0d7aa..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/gotk-sync.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# This manifest was generated by flux. DO NOT EDIT. ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: GitRepository -metadata: - name: flux-system - namespace: flux-system -spec: - interval: 1m0s - ref: - branch: master - secretRef: - name: flux-system - url: ssh://git@10.57.100.7/srv/git/tyilnet ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: flux-system - namespace: flux-system -spec: - interval: 10m0s - path: ./playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net - prune: true - sourceRef: - kind: GitRepository - name: flux-system diff --git a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/kustomization.yaml b/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/kustomization.yaml deleted file mode 100644 index 3842229..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/flux-system/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- gotk-components.yaml -- gotk-sync.yaml diff --git a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-configuration.yaml b/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-configuration.yaml deleted file mode 100644 index 2b28e78..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-configuration.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: infrastructure-configurations - namespace: flux-system -spec: - interval: 10m0s - dependsOn: - - name: infrastructure-releases - sourceRef: - kind: GitRepository - name: flux-system - path: ./playbooks.d/k3s-master/manifests/infrastructure/configuration - prune: true - wait: true -... diff --git a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-releases.yaml b/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-releases.yaml deleted file mode 100644 index 9006f0f..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-releases.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: infrastructure-releases - namespace: flux-system -spec: - interval: 10m0s - dependsOn: - - name: infrastructure-sources - sourceRef: - kind: GitRepository - name: flux-system - path: ./playbooks.d/k3s-master/manifests/infrastructure/releases - prune: true - wait: true -... diff --git a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-sources.yaml b/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-sources.yaml deleted file mode 100644 index b07ca57..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/infrastructure-sources.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: infrastructure-sources - namespace: flux-system -spec: - interval: 10m0s - dependsOn: - - name: namespaces - sourceRef: - kind: GitRepository - name: flux-system - path: ./playbooks.d/k3s-master/manifests/infrastructure/sources - prune: true - wait: true -... diff --git a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/namespaces.yaml b/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/namespaces.yaml deleted file mode 100644 index 6e0395e..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/edephas.tyil.net/namespaces.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: namespaces - namespace: flux-system -spec: - interval: 10m0s - sourceRef: - kind: GitRepository - name: flux-system - path: ./playbooks.d/k3s-master/manifests/namespaces - prune: true -... diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/applications.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/applications.yaml deleted file mode 100644 index 8e8d43c..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/applications.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: applications - namespace: flux-system -spec: - interval: 10m0s - sourceRef: - kind: GitRepository - name: flux-system - path: ./playbooks.d/k3s-master/share/manifests/applications/hurzak.tyil.net - prune: true -... diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-components.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-components.yaml deleted file mode 100644 index 4c7ce9b..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-components.yaml +++ /dev/null @@ -1,5583 +0,0 @@ ---- -# This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v0.31.5 -# Components: source-controller,kustomize-controller,helm-controller,notification-controller -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - pod-security.kubernetes.io/warn: restricted - pod-security.kubernetes.io/warn-version: latest - name: flux-system ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: alerts.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Alert - listKind: AlertList - plural: alerts - singular: alert - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Alert is the Schema for the alerts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AlertSpec defines an alerting rule for events involving a - list of objects - properties: - eventSeverity: - default: info - description: Filter events based on severity, defaults to ('info'). - If set to 'info' no events will be filtered. - enum: - - info - - error - type: string - eventSources: - description: Filter events based on the involved objects. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - name: - description: Name of the referent - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - name - type: object - type: array - exclusionList: - description: A list of Golang regular expressions to be used for excluding - messages. - items: - type: string - type: array - providerRef: - description: Send events using this provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - summary: - description: Short description of the impact and affected cluster. - type: string - suspend: - description: This flag tells the controller to suspend subsequent - events dispatching. Defaults to false. - type: boolean - required: - - eventSources - - providerRef - type: object - status: - default: - observedGeneration: -1 - description: AlertStatus defines the observed state of Alert - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: buckets.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: Bucket - listKind: BucketList - plural: buckets - singular: bucket - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.endpoint - name: Endpoint - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BucketSpec defines the desired state of an S3 compatible - bucket - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - bucketName: - description: The bucket name. - type: string - endpoint: - description: The bucket endpoint address. - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. - type: boolean - interval: - description: The interval at which to check for bucket updates. - type: string - provider: - default: generic - description: The S3 compatible storage provider name, default ('generic'). - enum: - - generic - - aws - - gcp - type: string - region: - description: The bucket region. - type: string - secretRef: - description: The name of the secret containing authentication credentials - for the Bucket. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for download operations, defaults to 60s. - type: string - required: - - bucketName - - endpoint - - interval - type: object - status: - default: - observedGeneration: -1 - description: BucketStatus defines the observed state of a bucket - properties: - artifact: - description: Artifact represents the output of the last successful - Bucket sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the - last Bucket sync. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.endpoint - name: Endpoint - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BucketSpec specifies the required configuration to produce - an Artifact for an object storage bucket. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - bucketName: - description: BucketName is the name of the object storage bucket. - type: string - endpoint: - description: Endpoint is the object storage address the BucketName - is located at. - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP Endpoint. - type: boolean - interval: - description: Interval at which to check the Endpoint for updates. - type: string - provider: - default: generic - description: Provider of the object storage bucket. Defaults to 'generic', - which expects an S3 (API) compatible object storage. - enum: - - generic - - aws - - gcp - - azure - type: string - region: - description: Region of the Endpoint where the BucketName is located - in. - type: string - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the Bucket. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this Bucket. - type: boolean - timeout: - default: 60s - description: Timeout for fetch operations, defaults to 60s. - type: string - required: - - bucketName - - endpoint - - interval - type: object - status: - default: - observedGeneration: -1 - description: BucketStatus records the observed state of a Bucket. - properties: - artifact: - description: Artifact represents the last successful Bucket reconciliation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the Artifact file. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Bucket object. - format: int64 - type: integer - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: gitrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: GitRepository - listKind: GitRepositoryList - plural: gitrepositories - shortNames: - - gitrepo - singular: gitrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec defines the desired state of a Git repository. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - gitImplementation: - default: go-git - description: Determines which git client library to use. Defaults - to go-git, valid values are ('go-git', 'libgit2'). - enum: - - go-git - - libgit2 - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Extra git repositories to map into the repository - items: - description: GitRepositoryInclude defines a source with a from and - to path. - properties: - fromPath: - description: The path to copy contents from, defaults to the - root directory. - type: string - repository: - description: Reference to a GitRepository to include. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: The path to copy contents to, defaults to the name - of the source ref. - type: string - required: - - repository - type: object - type: array - interval: - description: The interval at which to check for repository updates. - type: string - recurseSubmodules: - description: When enabled, after the clone is created, initializes - all submodules within, using their default settings. This option - is available only when using the 'go-git' GitImplementation. - type: boolean - ref: - description: The Git reference to checkout and monitor for changes, - defaults to master branch. - properties: - branch: - description: The Git branch to checkout, defaults to master. - type: string - commit: - description: The Git commit SHA to checkout, if specified Tag - filters will be ignored. - type: string - semver: - description: The Git tag semver expression, takes precedence over - Tag. - type: string - tag: - description: The Git tag to checkout, takes precedence over Branch. - type: string - type: object - secretRef: - description: The secret name containing the Git credentials. For HTTPS - repositories the secret must contain username and password fields. - For SSH repositories the secret must contain identity and known_hosts - fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for remote Git operations like cloning, defaults - to 60s. - type: string - url: - description: The repository URL, can be a HTTP/S or SSH address. - pattern: ^(http|https|ssh):// - type: string - verify: - description: Verify OpenPGP signature for the Git commit HEAD points - to. - properties: - mode: - description: Mode describes what git object should be verified, - currently ('head'). - enum: - - head - type: string - secretRef: - description: The secret name containing the public keys of all - trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - mode - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus defines the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the output of the last successful - repository sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - includedArtifacts: - description: IncludedArtifacts represents the included artifacts from - the last successful repository sync. - items: - description: Artifact represents the output of a source synchronisation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the - last repository sync. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec specifies the required configuration to - produce an Artifact for a Git repository. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - gitImplementation: - default: go-git - description: GitImplementation specifies which Git client library - implementation to use. Defaults to 'go-git', valid values are ('go-git', - 'libgit2'). - enum: - - go-git - - libgit2 - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Include specifies a list of GitRepository resources which - Artifacts should be included in the Artifact produced for this GitRepository. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - interval: - description: Interval at which to check the GitRepository for updates. - type: string - recurseSubmodules: - description: RecurseSubmodules enables the initialization of all submodules - within the GitRepository as cloned from the URL, using their default - settings. This option is available only when using the 'go-git' - GitImplementation. - type: boolean - ref: - description: Reference specifies the Git reference to resolve and - monitor for changes, defaults to the 'master' branch. - properties: - branch: - description: "Branch to check out, defaults to 'master' if no - other field is defined. \n When GitRepositorySpec.GitImplementation - is set to 'go-git', a shallow clone of the specified branch - is performed." - type: string - commit: - description: "Commit SHA to check out, takes precedence over all - reference fields. \n When GitRepositorySpec.GitImplementation - is set to 'go-git', this can be combined with Branch to shallow - clone the branch, in which the commit is expected to exist." - type: string - semver: - description: SemVer tag expression to check out, takes precedence - over Tag. - type: string - tag: - description: Tag to check out, takes precedence over Branch. - type: string - type: object - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the GitRepository. For HTTPS repositories the Secret - must contain 'username' and 'password' fields. For SSH repositories - the Secret must contain 'identity' and 'known_hosts' fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this GitRepository. - type: boolean - timeout: - default: 60s - description: Timeout for Git operations like cloning, defaults to - 60s. - type: string - url: - description: URL specifies the Git repository URL, it can be an HTTP/S - or SSH address. - pattern: ^(http|https|ssh):// - type: string - verify: - description: Verification specifies the configuration to verify the - Git commit signature(s). - properties: - mode: - description: Mode specifies what Git object should be verified, - currently ('head'). - enum: - - head - type: string - secretRef: - description: SecretRef specifies the Secret containing the public - keys of trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - mode - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus records the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the last successful GitRepository - reconciliation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the Artifact file. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - contentConfigChecksum: - description: 'ContentConfigChecksum is a checksum of all the configurations - related to the content of the source artifact: - .spec.ignore - - .spec.recurseSubmodules - .spec.included and the checksum of the - included artifacts observed in .status.observedGeneration version - of the object. This can be used to determine if the content of the - included repository has changed. It has the format of `<algo>:<checksum>`, - for example: `sha256:<checksum>`.' - type: string - includedArtifacts: - description: IncludedArtifacts contains a list of the last successfully - included Artifacts as instructed by GitRepositorySpec.Include. - items: - description: Artifact represents the output of a Source reconciliation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the Artifact - file. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - path: - description: Path is the relative file path of the Artifact. - It can be used to locate the file in the root of the Artifact - storage on the local file system of the controller managing - the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - path - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the GitRepository object. - format: int64 - type: integer - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: helmcharts.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmChart - listKind: HelmChartList - plural: helmcharts - shortNames: - - hc - singular: helmchart - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmChartSpec defines the desired state of a Helm chart. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - chart: - description: The name or path the Helm chart is available at in the - SourceRef. - type: string - interval: - description: The interval at which to check the Source for updates. - type: string - reconcileStrategy: - default: ChartVersion - description: Determines what enables the creation of a new artifact. - Valid values are ('ChartVersion', 'Revision'). See the documentation - of the values for an explanation on their behavior. Defaults to - ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: The reference to the Source the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent, valid values are ('HelmRepository', - 'GitRepository', 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - valuesFile: - description: Alternative values file to use as the default chart values, - expected to be a relative path in the SourceRef. Deprecated in favor - of ValuesFiles, for backwards compatibility the file defined here - is merged before the ValuesFiles items. Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the chart - values (values.yaml is not included by default), expected to be - a relative path in the SourceRef. Values files are merged in the - order of this list with the last file overriding the first. Ignored - when omitted. - items: - type: string - type: array - version: - default: '*' - description: The chart version semver expression, ignored for charts - from GitRepository and Bucket sources. Defaults to latest when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: HelmChartStatus defines the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful - chart sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last chart pulled. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmChartSpec specifies the desired state of a Helm chart. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - chart: - description: Chart is the name or path the Helm chart is available - at in the SourceRef. - type: string - interval: - description: Interval is the interval at which to check the Source - for updates. - type: string - reconcileStrategy: - default: ChartVersion - description: ReconcileStrategy determines what enables the creation - of a new artifact. Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on their - behavior. Defaults to ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: SourceRef is the reference to the Source the chart is - available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent, valid values are ('HelmRepository', - 'GitRepository', 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this source. - type: boolean - valuesFile: - description: ValuesFile is an alternative values file to use as the - default chart values, expected to be a relative path in the SourceRef. - Deprecated in favor of ValuesFiles, for backwards compatibility - the file specified here is merged before the ValuesFiles items. - Ignored when omitted. - type: string - valuesFiles: - description: ValuesFiles is an alternative list of values files to - use as the chart values (values.yaml is not included by default), - expected to be a relative path in the SourceRef. Values files are - merged in the order of this list with the last file overriding the - first. Ignored when omitted. - items: - type: string - type: array - version: - default: '*' - description: Version is the chart version semver expression, ignored - for charts from GitRepository and Bucket sources. Defaults to latest - when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: HelmChartStatus records the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful - reconciliation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the Artifact file. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedChartName: - description: ObservedChartName is the last observed chart name as - specified by the resolved chart reference. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the HelmChart object. - format: int64 - type: integer - observedSourceArtifactRevision: - description: ObservedSourceArtifactRevision is the last observed Artifact.Revision - of the HelmChartSpec.SourceRef. - type: string - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: helmreleases.helm.toolkit.fluxcd.io -spec: - group: helm.toolkit.fluxcd.io - names: - kind: HelmRelease - listKind: HelmReleaseList - plural: helmreleases - shortNames: - - hr - singular: helmrelease - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v2beta1 - schema: - openAPIV3Schema: - description: HelmRelease is the Schema for the helmreleases API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmReleaseSpec defines the desired state of a Helm release. - properties: - chart: - description: Chart defines the template of the v1beta2.HelmChart that - should be created for this HelmRelease. - properties: - spec: - description: Spec holds the template for the v1beta2.HelmChartSpec - for this HelmRelease. - properties: - chart: - description: The name or path the Helm chart is available - at in the SourceRef. - type: string - interval: - description: Interval at which to check the v1beta2.Source - for updates. Defaults to 'HelmReleaseSpec.Interval'. - type: string - reconcileStrategy: - default: ChartVersion - description: Determines what enables the creation of a new - artifact. Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on - their behavior. Defaults to ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: The name and namespace of the v1beta2.Source - the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent. - maxLength: 63 - minLength: 1 - type: string - required: - - name - type: object - valuesFile: - description: Alternative values file to use as the default - chart values, expected to be a relative path in the SourceRef. - Deprecated in favor of ValuesFiles, for backwards compatibility - the file defined here is merged before the ValuesFiles items. - Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the - chart values (values.yaml is not included by default), expected - to be a relative path in the SourceRef. Values files are - merged in the order of this list with the last file overriding - the first. Ignored when omitted. - items: - type: string - type: array - version: - default: '*' - description: Version semver expression, ignored for charts - from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults - to latest when omitted. - type: string - required: - - chart - - sourceRef - type: object - required: - - spec - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to HelmRelease resources that must be ready - before this HelmRelease can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - install: - description: Install holds the configuration for Helm install actions - for this HelmRelease. - properties: - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Create` - and if omitted CRDs are installed but not updated. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are applied (installed) during Helm install action. With this - option users can opt-in to CRD replace existing CRDs on Helm - install actions, which is not (yet) natively supported by Helm. - https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - createNamespace: - description: CreateNamespace tells the Helm install action to - create the HelmReleaseSpec.TargetNamespace if it does not exist - yet. On uninstall, the namespace will not be garbage collected. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm install action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm install - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm install has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm install has been performed. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm install action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an install - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false'. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - an uninstall, is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - type: object - replace: - description: Replace tells the Helm install action to re-use the - 'ReleaseName', but only if that name is a deleted release which - remains in the history. - type: boolean - skipCRDs: - description: "SkipCRDs tells the Helm install action to not install - any CRDs. By default, CRDs are installed if not already present. - \n Deprecated use CRD policy (`crds`) attribute with value `Skip` - instead." - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - interval: - description: Interval at which to reconcile the Helm release. - type: string - kubeConfig: - description: KubeConfig for reconciling the HelmRelease on a remote - cluster. When used in combination with HelmReleaseSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name to a secret that contains - a key with the kubeconfig file as the value. If no key is specified - the key will default to 'value'. The secret must be in the same - namespace as the HelmRelease. It is recommended that the kubeconfig - is self-contained, and the secret is regularly updated if credentials - such as a cloud-access-token expire. Cloud specific `cmd-path` - auth helpers will not function without adding binaries and credentials - to the Pod that is responsible for reconciling the HelmRelease. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - type: object - maxHistory: - description: MaxHistory is the number of revisions saved by Helm for - this HelmRelease. Use '0' for an unlimited number of revisions; - defaults to '10'. - type: integer - postRenderers: - description: PostRenderers holds an array of Helm PostRenderers, which - will be applied in order of their definition. - items: - description: PostRenderer contains a Helm PostRenderer specification. - properties: - kustomize: - description: Kustomization to apply as PostRenderer. - properties: - images: - description: Images is a list of (image name, new name, - new tag or digest) for changing image names, tags or digests. - This can also be achieved with a patch, but this operator - is simpler to specify. - items: - description: Image contains an image name, a new name, - a new tag or digest, which will replace the original - name and tag. - properties: - digest: - description: Digest is the value used to replace the - original image tag. If digest is present NewTag - value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace - the original name. - type: string - newTag: - description: NewTag is the value used to replace the - original tag. - type: string - required: - - name - type: object - type: array - patches: - description: Strategic merge and JSON patches, defined as - inline YAML objects, capable of targeting objects based - on kind, label and annotation selectors. - items: - description: Patch contains an inline StrategicMerge or - JSON6902 patch, and the target the patch should be applied - to. - properties: - patch: - description: Patch contains an inline StrategicMerge - patch or an inline JSON6902 patch with an array - of operation objects. - type: string - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - type: object - type: array - patchesJson6902: - description: JSON 6902 patches, defined as inline YAML objects. - items: - description: JSON6902Patch contains a JSON6902 patch and - the target the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document - with an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. - https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value - that references a location within the target - document where the operation is performed. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - type: string - op: - description: Op indicates the operation to perform. - Its value MUST be one of "add", "remove", - "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer - value that references a location within the - target document where the operation is performed. - The meaning of the value depends on the value - of Op. - type: string - value: - description: Value contains a valid JSON structure. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as inline - YAML objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - type: object - type: object - type: array - releaseName: - description: ReleaseName used for the Helm release. Defaults to a - composition of '[TargetNamespace-]Name'. - maxLength: 53 - minLength: 1 - type: string - rollback: - description: Rollback holds the configuration for Helm rollback actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm rollback action when it fails. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm rollback has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm rollback has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - recreate: - description: Recreate performs pod restarts for the resource if - applicable. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this HelmRelease. - type: string - storageNamespace: - description: StorageNamespace used for the Helm storage. Defaults - to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - suspend: - description: Suspend tells the controller to suspend reconciliation - for this HelmRelease, it does not apply to already started reconciliations. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace to target when performing operations - for the HelmRelease. Defaults to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - test: - description: Test holds the configuration for Helm test actions for - this HelmRelease. - properties: - enable: - description: Enable enables Helm test actions for this HelmRelease - after an Helm install or upgrade action has been performed. - type: boolean - ignoreFailures: - description: IgnoreFailures tells the controller to skip remediation - when the Helm tests are run but fail. Can be overwritten for - tests run after install or upgrade actions in 'Install.IgnoreTestFailures' - and 'Upgrade.IgnoreTestFailures'. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation during the performance of a Helm test action. Defaults - to 'HelmReleaseSpec.Timeout'. - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a Helm - action. Defaults to '5m0s'. - type: string - uninstall: - description: Uninstall holds the configuration for Helm uninstall - actions for this HelmRelease. - properties: - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables waiting for all the resources - to be deleted after a Helm uninstall is performed. - type: boolean - keepHistory: - description: KeepHistory tells Helm to remove all associated resources - and mark the release as deleted, but retain the release history. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - upgrade: - description: Upgrade holds the configuration for Helm upgrade actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm upgrade action when it fails. - type: boolean - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and - if omitted CRDs are neither installed nor upgraded. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are not applied during Helm upgrade action. With this option - users can opt-in to CRD upgrade, which is not (yet) natively - supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm upgrade action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm upgrade - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm upgrade has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm upgrade has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - preserveValues: - description: PreserveValues will make Helm reuse the last release's - values and merge in overrides from 'Values'. Setting this flag - makes the HelmRelease non-declarative. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm upgrade action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an upgrade - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false' unless 'Retries' is greater than 0. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - 'Strategy', is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - strategy: - description: Strategy to use for failure remediation. Defaults - to 'rollback'. - enum: - - rollback - - uninstall - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - values: - description: Values holds the values for this Helm release. - x-kubernetes-preserve-unknown-fields: true - valuesFrom: - description: ValuesFrom holds references to resources containing Helm - values for this HelmRelease, and information about how they should - be merged. - items: - description: ValuesReference contains a reference to a resource - containing Helm values, and optionally the key they can be found - at. - properties: - kind: - description: Kind of the values referent, valid values are ('Secret', - 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside in the - same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - description: Optional marks this ValuesReference as optional. - When set, a not found error for the values reference is ignored, - but any ValuesKey, TargetPath or transient error will still - result in a reconciliation failure. - type: boolean - targetPath: - description: TargetPath is the YAML dot notation path the value - should be merged at. When set, the ValuesKey is expected to - be a single flat value. Defaults to 'None', which results - in the values getting merged at the root. - type: string - valuesKey: - description: ValuesKey is the data key where the values.yaml - or a specific value can be found at. Defaults to 'values.yaml'. - type: string - required: - - kind - - name - type: object - type: array - required: - - chart - - interval - type: object - status: - default: - observedGeneration: -1 - description: HelmReleaseStatus defines the observed state of a HelmRelease. - properties: - conditions: - description: Conditions holds the conditions for the HelmRelease. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - failures: - description: Failures is the reconciliation failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - helmChart: - description: HelmChart is the namespaced name of the HelmChart resource - created by the controller for the HelmRelease. - type: string - installFailures: - description: InstallFailures is the install failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - lastAppliedRevision: - description: LastAppliedRevision is the revision of the last successfully - applied source. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastAttemptedValuesChecksum: - description: LastAttemptedValuesChecksum is the SHA1 checksum of the - values of the last reconciliation attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastReleaseRevision: - description: LastReleaseRevision is the revision of the last successful - Helm release. - type: integer - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - upgradeFailures: - description: UpgradeFailures is the upgrade failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: helmrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmRepository - listKind: HelmRepositoryList - plural: helmrepositories - shortNames: - - helmrepo - singular: helmrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmRepositorySpec defines the reference to a Helm repository. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - interval: - description: The interval at which to check the upstream for updates. - type: string - passCredentials: - description: PassCredentials allows the credentials from the SecretRef - to be passed on to a host that does not match the host as defined - in URL. This may be required if the host of the advertised chart - URLs in the index differ from the defined URL. Enabling this should - be done with caution, as it can potentially result in credentials - getting stolen in a MITM-attack. - type: boolean - secretRef: - description: The name of the secret containing authentication credentials - for the Helm repository. For HTTP/S basic auth the secret must contain - username and password fields. For TLS the secret must contain a - certFile and keyFile, and/or caCert fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout of index downloading, defaults to 60s. - type: string - url: - description: The Helm repository URL, a valid URL contains at least - a protocol and host. - type: string - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: HelmRepositoryStatus defines the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the output of the last successful - repository sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last index fetched. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmRepositorySpec specifies the required configuration to - produce an Artifact for a Helm repository index YAML. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - interval: - description: Interval at which to check the URL for updates. - type: string - passCredentials: - description: PassCredentials allows the credentials from the SecretRef - to be passed on to a host that does not match the host as defined - in URL. This may be required if the host of the advertised chart - URLs in the index differ from the defined URL. Enabling this should - be done with caution, as it can potentially result in credentials - getting stolen in a MITM-attack. - type: boolean - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the HelmRepository. For HTTP/S basic auth the secret - must contain 'username' and 'password' fields. For TLS the secret - must contain a 'certFile' and 'keyFile', and/or 'caCert' fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this HelmRepository. - type: boolean - timeout: - default: 60s - description: Timeout of the index fetch operation, defaults to 60s. - type: string - type: - description: Type of the HelmRepository. When this field is set to "oci", - the URL field value must be prefixed with "oci://". - enum: - - default - - oci - type: string - url: - description: URL of the Helm repository, a valid URL contains at least - a protocol and host. - type: string - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: HelmRepositoryStatus records the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the last successful HelmRepository - reconciliation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the Artifact file. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the HelmRepository object. - format: int64 - type: integer - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: kustomizations.kustomize.toolkit.fluxcd.io -spec: - group: kustomize.toolkit.fluxcd.io - names: - kind: Kustomization - listKind: KustomizationList - plural: kustomizations - shortNames: - - ks - singular: kustomization - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the desired state of a kustomization. - properties: - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When specified, KubeConfig takes precedence over - ServiceAccountName. - properties: - secretRef: - description: SecretRef holds the name to a secret that contains - a 'value' key with the kubeconfig file as the value. It must - be in the same namespace as the Kustomization. It is recommended - that the kubeconfig is self-contained, and the secret is regularly - updated if credentials such as a cloud-access-token expire. - Cloud specific `cmd-path` auth helpers will not function without - adding binaries and credentials to the Pod that is responsible - for reconciling the Kustomization. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - type: object - type: array - patchesJson6902: - description: JSON 6902 patches, defined as inline YAML objects. - items: - description: JSON6902Patch contains a JSON6902 patch and the target - the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document with - an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value that references - a location within the target document where the operation - is performed. The meaning of the value depends on the - value of Op, and is NOT taken into account by all operations. - type: string - op: - description: Op indicates the operation to perform. Its - value MUST be one of "add", "remove", "replace", "move", - "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer value that - references a location within the target document where - the operation is performed. The meaning of the value - depends on the value of Op. - type: string - value: - description: Value contains a valid JSON structure. The - meaning of the value depends on the value of Op, and - is NOT taken into account by all operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as inline YAML objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - GitRepository - - Bucket - type: string - name: - description: Name of the referent - type: string - namespace: - description: Namespace of the referent, defaults to the Kustomization - namespace - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - type: string - validation: - description: Validate the Kubernetes objects before applying them - on the cluster. The validation strategy can be 'client' (local dry-run), - 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true', - validation will fallback to 'client' if set to 'server' because - server-side validation is not supported in this scenario. - enum: - - none - - client - - server - type: string - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastAppliedRevision: - description: The last successfully applied revision. The revision - format for Git sources is <branch|tag>/<commit-sha>. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - snapshot: - description: The last successfully applied revision metadata. - properties: - checksum: - description: The manifests sha1 checksum. - type: string - entries: - description: A list of Kubernetes kinds grouped by namespace. - items: - description: Snapshot holds the metadata of namespaced Kubernetes - objects - properties: - kinds: - additionalProperties: - type: string - description: The list of Kubernetes kinds. - type: object - namespace: - description: The namespace of this entry. - type: string - required: - - kinds - type: object - type: array - required: - - checksum - - entries - type: object - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the configuration to calculate - the desired state from a Source using Kustomize. - properties: - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name of a secret that contains - a key with the kubeconfig file as the value. If no key is set, - the key will default to 'value'. The secret must be in the same - namespace as the Kustomization. It is recommended that the kubeconfig - is self-contained, and the secret is regularly updated if credentials - such as a cloud-access-token expire. Cloud specific `cmd-path` - auth helpers will not function without adding binaries and credentials - to the Pod that is responsible for reconciling the Kustomization. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - type: object - type: array - patchesJson6902: - description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated: - Use Patches instead.' - items: - description: JSON6902Patch contains a JSON6902 patch and the target - the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document with - an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value that references - a location within the target document where the operation - is performed. The meaning of the value depends on the - value of Op, and is NOT taken into account by all operations. - type: string - op: - description: Op indicates the operation to perform. Its - value MUST be one of "add", "remove", "replace", "move", - "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer value that - references a location within the target document where - the operation is performed. The meaning of the value - depends on the value of Op. - type: string - value: - description: Value contains a valid JSON structure. The - meaning of the value depends on the value of Op, and - is NOT taken into account by all operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: 'Strategic merge patches, defined as inline YAML objects. - Deprecated: Use Patches instead.' - items: - x-kubernetes-preserve-unknown-fields: true - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - default: false - description: Optional indicates whether the referenced resource - must exist, or whether to tolerate its absence. If true - and the referenced resource is absent, proceed as if the - resource was present but empty, without any variables - defined. - type: boolean - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, defaults to the namespace - of the Kubernetes resource object that contains the reference. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - type: string - validation: - description: 'Deprecated: Not used in v1beta2.' - enum: - - none - - client - - server - type: string - wait: - description: Wait instructs the controller to check the health of - all the reconciled resources. When enabled, the HealthChecks are - ignored. Defaults to false. - type: boolean - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - inventory: - description: Inventory contains the list of Kubernetes resource object - references that have been successfully applied. - properties: - entries: - description: Entries of Kubernetes resource object references. - items: - description: ResourceRef contains the information necessary - to locate a resource within a cluster. - properties: - id: - description: ID is the string representation of the Kubernetes - resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'. - type: string - v: - description: Version is the API version of the Kubernetes - resource object's kind. - type: string - required: - - id - - v - type: object - type: array - required: - - entries - type: object - lastAppliedRevision: - description: The last successfully applied revision. The revision - format for Git sources is <branch|tag>/<commit-sha>. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: providers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Provider - listKind: ProviderList - plural: providers - singular: provider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of Provider - properties: - address: - description: HTTP/S webhook address of this provider - pattern: ^(http|https):// - type: string - certSecretRef: - description: CertSecretRef can be given the name of a secret containing - a PEM-encoded CA certificate (`caFile`) - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - channel: - description: Alert channel for this provider - type: string - proxy: - description: HTTP/S address of the proxy - pattern: ^(http|https):// - type: string - secretRef: - description: Secret reference containing the provider webhook URL - using "address" as data key - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - events handling. Defaults to false. - type: boolean - type: - description: Type of provider - enum: - - slack - - discord - - msteams - - rocket - - generic - - github - - gitlab - - bitbucket - - azuredevops - - googlechat - - webex - - sentry - - azureeventhub - - telegram - - lark - - matrix - - opsgenie - - alertmanager - - grafana - - githubdispatch - type: string - username: - description: Bot username for this provider - type: string - required: - - type - type: object - status: - default: - observedGeneration: -1 - description: ProviderStatus defines the observed state of Provider - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: receivers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Receiver - listKind: ReceiverList - plural: receivers - singular: receiver - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of Receiver - properties: - events: - description: A list of events to handle, e.g. 'push' for GitHub or - 'Push Hook' for GitLab. - items: - type: string - type: array - resources: - description: A list of resources to be notified about changes. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - name: - description: Name of the referent - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - name - type: object - type: array - secretRef: - description: Secret reference containing the token used to validate - the payload authenticity - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - events handling. Defaults to false. - type: boolean - type: - description: Type of webhook sender, used to determine the validation - procedure and payload deserialization. - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of Receiver - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: helm-controller - namespace: flux-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: kustomize-controller - namespace: flux-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: notification-controller - namespace: flux-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: source-controller - namespace: flux-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: crd-controller-flux-system -rules: -- apiGroups: - - source.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - kustomize.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - helm.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - notification.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - image.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - "" - resources: - - namespaces - - secrets - - configmaps - - serviceaccounts - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: cluster-reconciler-flux-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: flux-system -- kind: ServiceAccount - name: helm-controller - namespace: flux-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: crd-controller-flux-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: crd-controller-flux-system -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: flux-system -- kind: ServiceAccount - name: helm-controller - namespace: flux-system -- kind: ServiceAccount - name: source-controller - namespace: flux-system -- kind: ServiceAccount - name: notification-controller - namespace: flux-system -- kind: ServiceAccount - name: image-reflector-controller - namespace: flux-system -- kind: ServiceAccount - name: image-automation-controller - namespace: flux-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: notification-controller - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: notification-controller - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: source-controller - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: source-controller - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: webhook-receiver - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http-webhook - selector: - app: notification-controller - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: helm-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: helm-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: helm-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/helm-controller:v0.22.2 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: helm-controller - terminationGracePeriodSeconds: 600 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: kustomize-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: kustomize-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: kustomize-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/kustomize-controller:v0.26.3 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: kustomize-controller - terminationGracePeriodSeconds: 60 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: notification-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: notification-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: notification-controller - spec: - containers: - - args: - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/notification-controller:v0.24.1 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - protocol: TCP - - containerPort: 9292 - name: http-webhook - protocol: TCP - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: notification-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: source-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: source-controller - strategy: - type: Recreate - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: source-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - - --storage-path=/data - - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/source-controller:v0.25.11 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - protocol: TCP - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: / - port: http - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 50m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /data - name: data - - mountPath: /tmp - name: tmp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: source-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: data - - emptyDir: {} - name: tmp ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: allow-egress - namespace: flux-system -spec: - egress: - - {} - ingress: - - from: - - podSelector: {} - podSelector: {} - policyTypes: - - Ingress - - Egress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: allow-scraping - namespace: flux-system -spec: - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP - podSelector: {} - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: allow-webhooks - namespace: flux-system -spec: - ingress: - - from: - - namespaceSelector: {} - podSelector: - matchLabels: - app: notification-controller - policyTypes: - - Ingress diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-sync.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-sync.yaml deleted file mode 100644 index a14dbf3..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/gotk-sync.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# This manifest was generated by flux. DO NOT EDIT. ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: GitRepository -metadata: - name: flux-system - namespace: flux-system -spec: - interval: 1m0s - ref: - branch: master - secretRef: - name: flux-system - url: ssh://tyil@10.57.100.7/home/tyil/.local/git/tyilnet ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: flux-system - namespace: flux-system -spec: - interval: 10m0s - path: ./playbooks.d/k3s-master/share/manifests/clusters/hurzak.tyil.net - prune: true - sourceRef: - kind: GitRepository - name: flux-system diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/kustomization.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/kustomization.yaml deleted file mode 100644 index 3842229..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/flux-system/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- gotk-components.yaml -- gotk-sync.yaml diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-configuration.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-configuration.yaml deleted file mode 100644 index 9df248a..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-configuration.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: infrastructure-configurations - namespace: flux-system -spec: - interval: 10m0s - dependsOn: - - name: infrastructure-releases - sourceRef: - kind: GitRepository - name: flux-system - path: ./playbooks.d/k3s-master/share/manifests/infrastructure/configuration - prune: true - wait: true -... diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-releases.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-releases.yaml deleted file mode 100644 index cc449ac..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-releases.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: infrastructure-releases - namespace: flux-system -spec: - interval: 10m0s - dependsOn: - - name: infrastructure-sources - sourceRef: - kind: GitRepository - name: flux-system - path: ./playbooks.d/k3s-master/share/manifests/infrastructure/releases - prune: true - wait: true -... diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-sources.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-sources.yaml deleted file mode 100644 index eda76f3..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/infrastructure-sources.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: infrastructure-sources - namespace: flux-system -spec: - interval: 10m0s - dependsOn: - - name: namespaces - sourceRef: - kind: GitRepository - name: flux-system - path: ./playbooks.d/k3s-master/share/manifests/infrastructure/sources - prune: true - wait: true -... diff --git a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/namespaces.yaml b/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/namespaces.yaml deleted file mode 100644 index 4fc4292..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/hurzak.tyil.net/namespaces.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: namespaces - namespace: flux-system -spec: - interval: 10m0s - sourceRef: - kind: GitRepository - name: flux-system - path: ./playbooks.d/k3s-master/share/manifests/namespaces - prune: true -... diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/applications.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/applications.yaml deleted file mode 100644 index 809cdb4..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/applications.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: applications - namespace: flux-system -spec: - interval: 10m0s - sourceRef: - kind: GitRepository - name: flux-system - path: ./playbooks.d/k3s-master/manifests/applications/krohxe.tyil.net - prune: true -... diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-components.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-components.yaml deleted file mode 100644 index 4c7ce9b..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-components.yaml +++ /dev/null @@ -1,5583 +0,0 @@ ---- -# This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v0.31.5 -# Components: source-controller,kustomize-controller,helm-controller,notification-controller -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - pod-security.kubernetes.io/warn: restricted - pod-security.kubernetes.io/warn-version: latest - name: flux-system ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: alerts.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Alert - listKind: AlertList - plural: alerts - singular: alert - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Alert is the Schema for the alerts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AlertSpec defines an alerting rule for events involving a - list of objects - properties: - eventSeverity: - default: info - description: Filter events based on severity, defaults to ('info'). - If set to 'info' no events will be filtered. - enum: - - info - - error - type: string - eventSources: - description: Filter events based on the involved objects. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - name: - description: Name of the referent - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - name - type: object - type: array - exclusionList: - description: A list of Golang regular expressions to be used for excluding - messages. - items: - type: string - type: array - providerRef: - description: Send events using this provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - summary: - description: Short description of the impact and affected cluster. - type: string - suspend: - description: This flag tells the controller to suspend subsequent - events dispatching. Defaults to false. - type: boolean - required: - - eventSources - - providerRef - type: object - status: - default: - observedGeneration: -1 - description: AlertStatus defines the observed state of Alert - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: buckets.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: Bucket - listKind: BucketList - plural: buckets - singular: bucket - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.endpoint - name: Endpoint - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BucketSpec defines the desired state of an S3 compatible - bucket - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - bucketName: - description: The bucket name. - type: string - endpoint: - description: The bucket endpoint address. - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. - type: boolean - interval: - description: The interval at which to check for bucket updates. - type: string - provider: - default: generic - description: The S3 compatible storage provider name, default ('generic'). - enum: - - generic - - aws - - gcp - type: string - region: - description: The bucket region. - type: string - secretRef: - description: The name of the secret containing authentication credentials - for the Bucket. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for download operations, defaults to 60s. - type: string - required: - - bucketName - - endpoint - - interval - type: object - status: - default: - observedGeneration: -1 - description: BucketStatus defines the observed state of a bucket - properties: - artifact: - description: Artifact represents the output of the last successful - Bucket sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the - last Bucket sync. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.endpoint - name: Endpoint - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BucketSpec specifies the required configuration to produce - an Artifact for an object storage bucket. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - bucketName: - description: BucketName is the name of the object storage bucket. - type: string - endpoint: - description: Endpoint is the object storage address the BucketName - is located at. - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP Endpoint. - type: boolean - interval: - description: Interval at which to check the Endpoint for updates. - type: string - provider: - default: generic - description: Provider of the object storage bucket. Defaults to 'generic', - which expects an S3 (API) compatible object storage. - enum: - - generic - - aws - - gcp - - azure - type: string - region: - description: Region of the Endpoint where the BucketName is located - in. - type: string - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the Bucket. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this Bucket. - type: boolean - timeout: - default: 60s - description: Timeout for fetch operations, defaults to 60s. - type: string - required: - - bucketName - - endpoint - - interval - type: object - status: - default: - observedGeneration: -1 - description: BucketStatus records the observed state of a Bucket. - properties: - artifact: - description: Artifact represents the last successful Bucket reconciliation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the Artifact file. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Bucket object. - format: int64 - type: integer - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: gitrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: GitRepository - listKind: GitRepositoryList - plural: gitrepositories - shortNames: - - gitrepo - singular: gitrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec defines the desired state of a Git repository. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - gitImplementation: - default: go-git - description: Determines which git client library to use. Defaults - to go-git, valid values are ('go-git', 'libgit2'). - enum: - - go-git - - libgit2 - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Extra git repositories to map into the repository - items: - description: GitRepositoryInclude defines a source with a from and - to path. - properties: - fromPath: - description: The path to copy contents from, defaults to the - root directory. - type: string - repository: - description: Reference to a GitRepository to include. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: The path to copy contents to, defaults to the name - of the source ref. - type: string - required: - - repository - type: object - type: array - interval: - description: The interval at which to check for repository updates. - type: string - recurseSubmodules: - description: When enabled, after the clone is created, initializes - all submodules within, using their default settings. This option - is available only when using the 'go-git' GitImplementation. - type: boolean - ref: - description: The Git reference to checkout and monitor for changes, - defaults to master branch. - properties: - branch: - description: The Git branch to checkout, defaults to master. - type: string - commit: - description: The Git commit SHA to checkout, if specified Tag - filters will be ignored. - type: string - semver: - description: The Git tag semver expression, takes precedence over - Tag. - type: string - tag: - description: The Git tag to checkout, takes precedence over Branch. - type: string - type: object - secretRef: - description: The secret name containing the Git credentials. For HTTPS - repositories the secret must contain username and password fields. - For SSH repositories the secret must contain identity and known_hosts - fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for remote Git operations like cloning, defaults - to 60s. - type: string - url: - description: The repository URL, can be a HTTP/S or SSH address. - pattern: ^(http|https|ssh):// - type: string - verify: - description: Verify OpenPGP signature for the Git commit HEAD points - to. - properties: - mode: - description: Mode describes what git object should be verified, - currently ('head'). - enum: - - head - type: string - secretRef: - description: The secret name containing the public keys of all - trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - mode - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus defines the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the output of the last successful - repository sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - includedArtifacts: - description: IncludedArtifacts represents the included artifacts from - the last successful repository sync. - items: - description: Artifact represents the output of a source synchronisation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the - last repository sync. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec specifies the required configuration to - produce an Artifact for a Git repository. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - gitImplementation: - default: go-git - description: GitImplementation specifies which Git client library - implementation to use. Defaults to 'go-git', valid values are ('go-git', - 'libgit2'). - enum: - - go-git - - libgit2 - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Include specifies a list of GitRepository resources which - Artifacts should be included in the Artifact produced for this GitRepository. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - interval: - description: Interval at which to check the GitRepository for updates. - type: string - recurseSubmodules: - description: RecurseSubmodules enables the initialization of all submodules - within the GitRepository as cloned from the URL, using their default - settings. This option is available only when using the 'go-git' - GitImplementation. - type: boolean - ref: - description: Reference specifies the Git reference to resolve and - monitor for changes, defaults to the 'master' branch. - properties: - branch: - description: "Branch to check out, defaults to 'master' if no - other field is defined. \n When GitRepositorySpec.GitImplementation - is set to 'go-git', a shallow clone of the specified branch - is performed." - type: string - commit: - description: "Commit SHA to check out, takes precedence over all - reference fields. \n When GitRepositorySpec.GitImplementation - is set to 'go-git', this can be combined with Branch to shallow - clone the branch, in which the commit is expected to exist." - type: string - semver: - description: SemVer tag expression to check out, takes precedence - over Tag. - type: string - tag: - description: Tag to check out, takes precedence over Branch. - type: string - type: object - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the GitRepository. For HTTPS repositories the Secret - must contain 'username' and 'password' fields. For SSH repositories - the Secret must contain 'identity' and 'known_hosts' fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this GitRepository. - type: boolean - timeout: - default: 60s - description: Timeout for Git operations like cloning, defaults to - 60s. - type: string - url: - description: URL specifies the Git repository URL, it can be an HTTP/S - or SSH address. - pattern: ^(http|https|ssh):// - type: string - verify: - description: Verification specifies the configuration to verify the - Git commit signature(s). - properties: - mode: - description: Mode specifies what Git object should be verified, - currently ('head'). - enum: - - head - type: string - secretRef: - description: SecretRef specifies the Secret containing the public - keys of trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - mode - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus records the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the last successful GitRepository - reconciliation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the Artifact file. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - contentConfigChecksum: - description: 'ContentConfigChecksum is a checksum of all the configurations - related to the content of the source artifact: - .spec.ignore - - .spec.recurseSubmodules - .spec.included and the checksum of the - included artifacts observed in .status.observedGeneration version - of the object. This can be used to determine if the content of the - included repository has changed. It has the format of `<algo>:<checksum>`, - for example: `sha256:<checksum>`.' - type: string - includedArtifacts: - description: IncludedArtifacts contains a list of the last successfully - included Artifacts as instructed by GitRepositorySpec.Include. - items: - description: Artifact represents the output of a Source reconciliation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the Artifact - file. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - path: - description: Path is the relative file path of the Artifact. - It can be used to locate the file in the root of the Artifact - storage on the local file system of the controller managing - the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - path - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the GitRepository object. - format: int64 - type: integer - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: helmcharts.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmChart - listKind: HelmChartList - plural: helmcharts - shortNames: - - hc - singular: helmchart - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmChartSpec defines the desired state of a Helm chart. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - chart: - description: The name or path the Helm chart is available at in the - SourceRef. - type: string - interval: - description: The interval at which to check the Source for updates. - type: string - reconcileStrategy: - default: ChartVersion - description: Determines what enables the creation of a new artifact. - Valid values are ('ChartVersion', 'Revision'). See the documentation - of the values for an explanation on their behavior. Defaults to - ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: The reference to the Source the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent, valid values are ('HelmRepository', - 'GitRepository', 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - valuesFile: - description: Alternative values file to use as the default chart values, - expected to be a relative path in the SourceRef. Deprecated in favor - of ValuesFiles, for backwards compatibility the file defined here - is merged before the ValuesFiles items. Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the chart - values (values.yaml is not included by default), expected to be - a relative path in the SourceRef. Values files are merged in the - order of this list with the last file overriding the first. Ignored - when omitted. - items: - type: string - type: array - version: - default: '*' - description: The chart version semver expression, ignored for charts - from GitRepository and Bucket sources. Defaults to latest when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: HelmChartStatus defines the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful - chart sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last chart pulled. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmChartSpec specifies the desired state of a Helm chart. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - chart: - description: Chart is the name or path the Helm chart is available - at in the SourceRef. - type: string - interval: - description: Interval is the interval at which to check the Source - for updates. - type: string - reconcileStrategy: - default: ChartVersion - description: ReconcileStrategy determines what enables the creation - of a new artifact. Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on their - behavior. Defaults to ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: SourceRef is the reference to the Source the chart is - available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent, valid values are ('HelmRepository', - 'GitRepository', 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this source. - type: boolean - valuesFile: - description: ValuesFile is an alternative values file to use as the - default chart values, expected to be a relative path in the SourceRef. - Deprecated in favor of ValuesFiles, for backwards compatibility - the file specified here is merged before the ValuesFiles items. - Ignored when omitted. - type: string - valuesFiles: - description: ValuesFiles is an alternative list of values files to - use as the chart values (values.yaml is not included by default), - expected to be a relative path in the SourceRef. Values files are - merged in the order of this list with the last file overriding the - first. Ignored when omitted. - items: - type: string - type: array - version: - default: '*' - description: Version is the chart version semver expression, ignored - for charts from GitRepository and Bucket sources. Defaults to latest - when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: HelmChartStatus records the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful - reconciliation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the Artifact file. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedChartName: - description: ObservedChartName is the last observed chart name as - specified by the resolved chart reference. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the HelmChart object. - format: int64 - type: integer - observedSourceArtifactRevision: - description: ObservedSourceArtifactRevision is the last observed Artifact.Revision - of the HelmChartSpec.SourceRef. - type: string - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: helmreleases.helm.toolkit.fluxcd.io -spec: - group: helm.toolkit.fluxcd.io - names: - kind: HelmRelease - listKind: HelmReleaseList - plural: helmreleases - shortNames: - - hr - singular: helmrelease - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v2beta1 - schema: - openAPIV3Schema: - description: HelmRelease is the Schema for the helmreleases API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmReleaseSpec defines the desired state of a Helm release. - properties: - chart: - description: Chart defines the template of the v1beta2.HelmChart that - should be created for this HelmRelease. - properties: - spec: - description: Spec holds the template for the v1beta2.HelmChartSpec - for this HelmRelease. - properties: - chart: - description: The name or path the Helm chart is available - at in the SourceRef. - type: string - interval: - description: Interval at which to check the v1beta2.Source - for updates. Defaults to 'HelmReleaseSpec.Interval'. - type: string - reconcileStrategy: - default: ChartVersion - description: Determines what enables the creation of a new - artifact. Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on - their behavior. Defaults to ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: The name and namespace of the v1beta2.Source - the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent. - maxLength: 63 - minLength: 1 - type: string - required: - - name - type: object - valuesFile: - description: Alternative values file to use as the default - chart values, expected to be a relative path in the SourceRef. - Deprecated in favor of ValuesFiles, for backwards compatibility - the file defined here is merged before the ValuesFiles items. - Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the - chart values (values.yaml is not included by default), expected - to be a relative path in the SourceRef. Values files are - merged in the order of this list with the last file overriding - the first. Ignored when omitted. - items: - type: string - type: array - version: - default: '*' - description: Version semver expression, ignored for charts - from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults - to latest when omitted. - type: string - required: - - chart - - sourceRef - type: object - required: - - spec - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to HelmRelease resources that must be ready - before this HelmRelease can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - install: - description: Install holds the configuration for Helm install actions - for this HelmRelease. - properties: - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Create` - and if omitted CRDs are installed but not updated. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are applied (installed) during Helm install action. With this - option users can opt-in to CRD replace existing CRDs on Helm - install actions, which is not (yet) natively supported by Helm. - https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - createNamespace: - description: CreateNamespace tells the Helm install action to - create the HelmReleaseSpec.TargetNamespace if it does not exist - yet. On uninstall, the namespace will not be garbage collected. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm install action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm install - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm install has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm install has been performed. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm install action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an install - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false'. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - an uninstall, is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - type: object - replace: - description: Replace tells the Helm install action to re-use the - 'ReleaseName', but only if that name is a deleted release which - remains in the history. - type: boolean - skipCRDs: - description: "SkipCRDs tells the Helm install action to not install - any CRDs. By default, CRDs are installed if not already present. - \n Deprecated use CRD policy (`crds`) attribute with value `Skip` - instead." - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - interval: - description: Interval at which to reconcile the Helm release. - type: string - kubeConfig: - description: KubeConfig for reconciling the HelmRelease on a remote - cluster. When used in combination with HelmReleaseSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name to a secret that contains - a key with the kubeconfig file as the value. If no key is specified - the key will default to 'value'. The secret must be in the same - namespace as the HelmRelease. It is recommended that the kubeconfig - is self-contained, and the secret is regularly updated if credentials - such as a cloud-access-token expire. Cloud specific `cmd-path` - auth helpers will not function without adding binaries and credentials - to the Pod that is responsible for reconciling the HelmRelease. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - type: object - maxHistory: - description: MaxHistory is the number of revisions saved by Helm for - this HelmRelease. Use '0' for an unlimited number of revisions; - defaults to '10'. - type: integer - postRenderers: - description: PostRenderers holds an array of Helm PostRenderers, which - will be applied in order of their definition. - items: - description: PostRenderer contains a Helm PostRenderer specification. - properties: - kustomize: - description: Kustomization to apply as PostRenderer. - properties: - images: - description: Images is a list of (image name, new name, - new tag or digest) for changing image names, tags or digests. - This can also be achieved with a patch, but this operator - is simpler to specify. - items: - description: Image contains an image name, a new name, - a new tag or digest, which will replace the original - name and tag. - properties: - digest: - description: Digest is the value used to replace the - original image tag. If digest is present NewTag - value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace - the original name. - type: string - newTag: - description: NewTag is the value used to replace the - original tag. - type: string - required: - - name - type: object - type: array - patches: - description: Strategic merge and JSON patches, defined as - inline YAML objects, capable of targeting objects based - on kind, label and annotation selectors. - items: - description: Patch contains an inline StrategicMerge or - JSON6902 patch, and the target the patch should be applied - to. - properties: - patch: - description: Patch contains an inline StrategicMerge - patch or an inline JSON6902 patch with an array - of operation objects. - type: string - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - type: object - type: array - patchesJson6902: - description: JSON 6902 patches, defined as inline YAML objects. - items: - description: JSON6902Patch contains a JSON6902 patch and - the target the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document - with an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. - https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value - that references a location within the target - document where the operation is performed. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - type: string - op: - description: Op indicates the operation to perform. - Its value MUST be one of "add", "remove", - "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer - value that references a location within the - target document where the operation is performed. - The meaning of the value depends on the value - of Op. - type: string - value: - description: Value contains a valid JSON structure. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as inline - YAML objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - type: object - type: object - type: array - releaseName: - description: ReleaseName used for the Helm release. Defaults to a - composition of '[TargetNamespace-]Name'. - maxLength: 53 - minLength: 1 - type: string - rollback: - description: Rollback holds the configuration for Helm rollback actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm rollback action when it fails. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm rollback has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm rollback has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - recreate: - description: Recreate performs pod restarts for the resource if - applicable. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this HelmRelease. - type: string - storageNamespace: - description: StorageNamespace used for the Helm storage. Defaults - to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - suspend: - description: Suspend tells the controller to suspend reconciliation - for this HelmRelease, it does not apply to already started reconciliations. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace to target when performing operations - for the HelmRelease. Defaults to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - test: - description: Test holds the configuration for Helm test actions for - this HelmRelease. - properties: - enable: - description: Enable enables Helm test actions for this HelmRelease - after an Helm install or upgrade action has been performed. - type: boolean - ignoreFailures: - description: IgnoreFailures tells the controller to skip remediation - when the Helm tests are run but fail. Can be overwritten for - tests run after install or upgrade actions in 'Install.IgnoreTestFailures' - and 'Upgrade.IgnoreTestFailures'. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation during the performance of a Helm test action. Defaults - to 'HelmReleaseSpec.Timeout'. - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a Helm - action. Defaults to '5m0s'. - type: string - uninstall: - description: Uninstall holds the configuration for Helm uninstall - actions for this HelmRelease. - properties: - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables waiting for all the resources - to be deleted after a Helm uninstall is performed. - type: boolean - keepHistory: - description: KeepHistory tells Helm to remove all associated resources - and mark the release as deleted, but retain the release history. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - upgrade: - description: Upgrade holds the configuration for Helm upgrade actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm upgrade action when it fails. - type: boolean - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and - if omitted CRDs are neither installed nor upgraded. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are not applied during Helm upgrade action. With this option - users can opt-in to CRD upgrade, which is not (yet) natively - supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm upgrade action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm upgrade - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm upgrade has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm upgrade has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - preserveValues: - description: PreserveValues will make Helm reuse the last release's - values and merge in overrides from 'Values'. Setting this flag - makes the HelmRelease non-declarative. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm upgrade action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an upgrade - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false' unless 'Retries' is greater than 0. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - 'Strategy', is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - strategy: - description: Strategy to use for failure remediation. Defaults - to 'rollback'. - enum: - - rollback - - uninstall - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - values: - description: Values holds the values for this Helm release. - x-kubernetes-preserve-unknown-fields: true - valuesFrom: - description: ValuesFrom holds references to resources containing Helm - values for this HelmRelease, and information about how they should - be merged. - items: - description: ValuesReference contains a reference to a resource - containing Helm values, and optionally the key they can be found - at. - properties: - kind: - description: Kind of the values referent, valid values are ('Secret', - 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside in the - same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - description: Optional marks this ValuesReference as optional. - When set, a not found error for the values reference is ignored, - but any ValuesKey, TargetPath or transient error will still - result in a reconciliation failure. - type: boolean - targetPath: - description: TargetPath is the YAML dot notation path the value - should be merged at. When set, the ValuesKey is expected to - be a single flat value. Defaults to 'None', which results - in the values getting merged at the root. - type: string - valuesKey: - description: ValuesKey is the data key where the values.yaml - or a specific value can be found at. Defaults to 'values.yaml'. - type: string - required: - - kind - - name - type: object - type: array - required: - - chart - - interval - type: object - status: - default: - observedGeneration: -1 - description: HelmReleaseStatus defines the observed state of a HelmRelease. - properties: - conditions: - description: Conditions holds the conditions for the HelmRelease. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - failures: - description: Failures is the reconciliation failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - helmChart: - description: HelmChart is the namespaced name of the HelmChart resource - created by the controller for the HelmRelease. - type: string - installFailures: - description: InstallFailures is the install failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - lastAppliedRevision: - description: LastAppliedRevision is the revision of the last successfully - applied source. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastAttemptedValuesChecksum: - description: LastAttemptedValuesChecksum is the SHA1 checksum of the - values of the last reconciliation attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastReleaseRevision: - description: LastReleaseRevision is the revision of the last successful - Helm release. - type: integer - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - upgradeFailures: - description: UpgradeFailures is the upgrade failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: helmrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmRepository - listKind: HelmRepositoryList - plural: helmrepositories - shortNames: - - helmrepo - singular: helmrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmRepositorySpec defines the reference to a Helm repository. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - interval: - description: The interval at which to check the upstream for updates. - type: string - passCredentials: - description: PassCredentials allows the credentials from the SecretRef - to be passed on to a host that does not match the host as defined - in URL. This may be required if the host of the advertised chart - URLs in the index differ from the defined URL. Enabling this should - be done with caution, as it can potentially result in credentials - getting stolen in a MITM-attack. - type: boolean - secretRef: - description: The name of the secret containing authentication credentials - for the Helm repository. For HTTP/S basic auth the secret must contain - username and password fields. For TLS the secret must contain a - certFile and keyFile, and/or caCert fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout of index downloading, defaults to 60s. - type: string - url: - description: The Helm repository URL, a valid URL contains at least - a protocol and host. - type: string - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: HelmRepositoryStatus defines the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the output of the last successful - repository sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last index fetched. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmRepositorySpec specifies the required configuration to - produce an Artifact for a Helm repository index YAML. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - interval: - description: Interval at which to check the URL for updates. - type: string - passCredentials: - description: PassCredentials allows the credentials from the SecretRef - to be passed on to a host that does not match the host as defined - in URL. This may be required if the host of the advertised chart - URLs in the index differ from the defined URL. Enabling this should - be done with caution, as it can potentially result in credentials - getting stolen in a MITM-attack. - type: boolean - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the HelmRepository. For HTTP/S basic auth the secret - must contain 'username' and 'password' fields. For TLS the secret - must contain a 'certFile' and 'keyFile', and/or 'caCert' fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this HelmRepository. - type: boolean - timeout: - default: 60s - description: Timeout of the index fetch operation, defaults to 60s. - type: string - type: - description: Type of the HelmRepository. When this field is set to "oci", - the URL field value must be prefixed with "oci://". - enum: - - default - - oci - type: string - url: - description: URL of the Helm repository, a valid URL contains at least - a protocol and host. - type: string - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: HelmRepositoryStatus records the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the last successful HelmRepository - reconciliation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the Artifact file. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the HelmRepository object. - format: int64 - type: integer - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: kustomizations.kustomize.toolkit.fluxcd.io -spec: - group: kustomize.toolkit.fluxcd.io - names: - kind: Kustomization - listKind: KustomizationList - plural: kustomizations - shortNames: - - ks - singular: kustomization - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the desired state of a kustomization. - properties: - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When specified, KubeConfig takes precedence over - ServiceAccountName. - properties: - secretRef: - description: SecretRef holds the name to a secret that contains - a 'value' key with the kubeconfig file as the value. It must - be in the same namespace as the Kustomization. It is recommended - that the kubeconfig is self-contained, and the secret is regularly - updated if credentials such as a cloud-access-token expire. - Cloud specific `cmd-path` auth helpers will not function without - adding binaries and credentials to the Pod that is responsible - for reconciling the Kustomization. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - type: object - type: array - patchesJson6902: - description: JSON 6902 patches, defined as inline YAML objects. - items: - description: JSON6902Patch contains a JSON6902 patch and the target - the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document with - an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value that references - a location within the target document where the operation - is performed. The meaning of the value depends on the - value of Op, and is NOT taken into account by all operations. - type: string - op: - description: Op indicates the operation to perform. Its - value MUST be one of "add", "remove", "replace", "move", - "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer value that - references a location within the target document where - the operation is performed. The meaning of the value - depends on the value of Op. - type: string - value: - description: Value contains a valid JSON structure. The - meaning of the value depends on the value of Op, and - is NOT taken into account by all operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as inline YAML objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - GitRepository - - Bucket - type: string - name: - description: Name of the referent - type: string - namespace: - description: Namespace of the referent, defaults to the Kustomization - namespace - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - type: string - validation: - description: Validate the Kubernetes objects before applying them - on the cluster. The validation strategy can be 'client' (local dry-run), - 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true', - validation will fallback to 'client' if set to 'server' because - server-side validation is not supported in this scenario. - enum: - - none - - client - - server - type: string - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastAppliedRevision: - description: The last successfully applied revision. The revision - format for Git sources is <branch|tag>/<commit-sha>. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - snapshot: - description: The last successfully applied revision metadata. - properties: - checksum: - description: The manifests sha1 checksum. - type: string - entries: - description: A list of Kubernetes kinds grouped by namespace. - items: - description: Snapshot holds the metadata of namespaced Kubernetes - objects - properties: - kinds: - additionalProperties: - type: string - description: The list of Kubernetes kinds. - type: object - namespace: - description: The namespace of this entry. - type: string - required: - - kinds - type: object - type: array - required: - - checksum - - entries - type: object - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the configuration to calculate - the desired state from a Source using Kustomize. - properties: - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name of a secret that contains - a key with the kubeconfig file as the value. If no key is set, - the key will default to 'value'. The secret must be in the same - namespace as the Kustomization. It is recommended that the kubeconfig - is self-contained, and the secret is regularly updated if credentials - such as a cloud-access-token expire. Cloud specific `cmd-path` - auth helpers will not function without adding binaries and credentials - to the Pod that is responsible for reconciling the Kustomization. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - type: object - type: array - patchesJson6902: - description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated: - Use Patches instead.' - items: - description: JSON6902Patch contains a JSON6902 patch and the target - the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document with - an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value that references - a location within the target document where the operation - is performed. The meaning of the value depends on the - value of Op, and is NOT taken into account by all operations. - type: string - op: - description: Op indicates the operation to perform. Its - value MUST be one of "add", "remove", "replace", "move", - "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer value that - references a location within the target document where - the operation is performed. The meaning of the value - depends on the value of Op. - type: string - value: - description: Value contains a valid JSON structure. The - meaning of the value depends on the value of Op, and - is NOT taken into account by all operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: 'Strategic merge patches, defined as inline YAML objects. - Deprecated: Use Patches instead.' - items: - x-kubernetes-preserve-unknown-fields: true - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - default: false - description: Optional indicates whether the referenced resource - must exist, or whether to tolerate its absence. If true - and the referenced resource is absent, proceed as if the - resource was present but empty, without any variables - defined. - type: boolean - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, defaults to the namespace - of the Kubernetes resource object that contains the reference. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - type: string - validation: - description: 'Deprecated: Not used in v1beta2.' - enum: - - none - - client - - server - type: string - wait: - description: Wait instructs the controller to check the health of - all the reconciled resources. When enabled, the HealthChecks are - ignored. Defaults to false. - type: boolean - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - inventory: - description: Inventory contains the list of Kubernetes resource object - references that have been successfully applied. - properties: - entries: - description: Entries of Kubernetes resource object references. - items: - description: ResourceRef contains the information necessary - to locate a resource within a cluster. - properties: - id: - description: ID is the string representation of the Kubernetes - resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'. - type: string - v: - description: Version is the API version of the Kubernetes - resource object's kind. - type: string - required: - - id - - v - type: object - type: array - required: - - entries - type: object - lastAppliedRevision: - description: The last successfully applied revision. The revision - format for Git sources is <branch|tag>/<commit-sha>. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: providers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Provider - listKind: ProviderList - plural: providers - singular: provider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of Provider - properties: - address: - description: HTTP/S webhook address of this provider - pattern: ^(http|https):// - type: string - certSecretRef: - description: CertSecretRef can be given the name of a secret containing - a PEM-encoded CA certificate (`caFile`) - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - channel: - description: Alert channel for this provider - type: string - proxy: - description: HTTP/S address of the proxy - pattern: ^(http|https):// - type: string - secretRef: - description: Secret reference containing the provider webhook URL - using "address" as data key - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - events handling. Defaults to false. - type: boolean - type: - description: Type of provider - enum: - - slack - - discord - - msteams - - rocket - - generic - - github - - gitlab - - bitbucket - - azuredevops - - googlechat - - webex - - sentry - - azureeventhub - - telegram - - lark - - matrix - - opsgenie - - alertmanager - - grafana - - githubdispatch - type: string - username: - description: Bot username for this provider - type: string - required: - - type - type: object - status: - default: - observedGeneration: -1 - description: ProviderStatus defines the observed state of Provider - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: receivers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Receiver - listKind: ReceiverList - plural: receivers - singular: receiver - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of Receiver - properties: - events: - description: A list of events to handle, e.g. 'push' for GitHub or - 'Push Hook' for GitLab. - items: - type: string - type: array - resources: - description: A list of resources to be notified about changes. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - name: - description: Name of the referent - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - name - type: object - type: array - secretRef: - description: Secret reference containing the token used to validate - the payload authenticity - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - events handling. Defaults to false. - type: boolean - type: - description: Type of webhook sender, used to determine the validation - procedure and payload deserialization. - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of Receiver - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: helm-controller - namespace: flux-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: kustomize-controller - namespace: flux-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: notification-controller - namespace: flux-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: source-controller - namespace: flux-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: crd-controller-flux-system -rules: -- apiGroups: - - source.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - kustomize.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - helm.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - notification.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - image.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - "" - resources: - - namespaces - - secrets - - configmaps - - serviceaccounts - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: cluster-reconciler-flux-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: flux-system -- kind: ServiceAccount - name: helm-controller - namespace: flux-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: crd-controller-flux-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: crd-controller-flux-system -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: flux-system -- kind: ServiceAccount - name: helm-controller - namespace: flux-system -- kind: ServiceAccount - name: source-controller - namespace: flux-system -- kind: ServiceAccount - name: notification-controller - namespace: flux-system -- kind: ServiceAccount - name: image-reflector-controller - namespace: flux-system -- kind: ServiceAccount - name: image-automation-controller - namespace: flux-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: notification-controller - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: notification-controller - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: source-controller - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: source-controller - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: webhook-receiver - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http-webhook - selector: - app: notification-controller - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: helm-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: helm-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: helm-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/helm-controller:v0.22.2 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: helm-controller - terminationGracePeriodSeconds: 600 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: kustomize-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: kustomize-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: kustomize-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/kustomize-controller:v0.26.3 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: kustomize-controller - terminationGracePeriodSeconds: 60 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: notification-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: notification-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: notification-controller - spec: - containers: - - args: - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/notification-controller:v0.24.1 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - protocol: TCP - - containerPort: 9292 - name: http-webhook - protocol: TCP - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: notification-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - control-plane: controller - name: source-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: source-controller - strategy: - type: Recreate - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: source-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - - --storage-path=/data - - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/source-controller:v0.25.11 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - protocol: TCP - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: / - port: http - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 50m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /data - name: data - - mountPath: /tmp - name: tmp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: source-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: data - - emptyDir: {} - name: tmp ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: allow-egress - namespace: flux-system -spec: - egress: - - {} - ingress: - - from: - - podSelector: {} - podSelector: {} - policyTypes: - - Ingress - - Egress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: allow-scraping - namespace: flux-system -spec: - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP - podSelector: {} - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.31.5 - name: allow-webhooks - namespace: flux-system -spec: - ingress: - - from: - - namespaceSelector: {} - podSelector: - matchLabels: - app: notification-controller - policyTypes: - - Ingress diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-sync.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-sync.yaml deleted file mode 100644 index e31b111..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/gotk-sync.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# This manifest was generated by flux. DO NOT EDIT. ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: GitRepository -metadata: - name: flux-system - namespace: flux-system -spec: - interval: 1m0s - ref: - branch: master - secretRef: - name: flux-system - url: ssh://git@10.57.100.7/srv/git/tyilnet ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: flux-system - namespace: flux-system -spec: - interval: 10m0s - path: ./playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net - prune: true - sourceRef: - kind: GitRepository - name: flux-system diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/kustomization.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/kustomization.yaml deleted file mode 100644 index 3842229..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/flux-system/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- gotk-components.yaml -- gotk-sync.yaml diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-configuration.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-configuration.yaml deleted file mode 100644 index 2b28e78..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-configuration.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: infrastructure-configurations - namespace: flux-system -spec: - interval: 10m0s - dependsOn: - - name: infrastructure-releases - sourceRef: - kind: GitRepository - name: flux-system - path: ./playbooks.d/k3s-master/manifests/infrastructure/configuration - prune: true - wait: true -... diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-releases.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-releases.yaml deleted file mode 100644 index 9006f0f..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-releases.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: infrastructure-releases - namespace: flux-system -spec: - interval: 10m0s - dependsOn: - - name: infrastructure-sources - sourceRef: - kind: GitRepository - name: flux-system - path: ./playbooks.d/k3s-master/manifests/infrastructure/releases - prune: true - wait: true -... diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-sources.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-sources.yaml deleted file mode 100644 index b07ca57..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/infrastructure-sources.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: infrastructure-sources - namespace: flux-system -spec: - interval: 10m0s - dependsOn: - - name: namespaces - sourceRef: - kind: GitRepository - name: flux-system - path: ./playbooks.d/k3s-master/manifests/infrastructure/sources - prune: true - wait: true -... diff --git a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/namespaces.yaml b/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/namespaces.yaml deleted file mode 100644 index 6e0395e..0000000 --- a/playbooks.d/k3s-master/manifests/clusters/krohxe.tyil.net/namespaces.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: namespaces - namespace: flux-system -spec: - interval: 10m0s - sourceRef: - kind: GitRepository - name: flux-system - path: ./playbooks.d/k3s-master/manifests/namespaces - prune: true -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/kustomization.yaml deleted file mode 100644 index c9e511c..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/configuration/cluster-issuers/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- letsencrypt-staging.yaml -- letsencrypt-production.yaml -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/configuration/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/configuration/kustomization.yaml deleted file mode 100644 index b1b320b..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/configuration/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- cluster-issuers -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/kustomization.yaml deleted file mode 100644 index 3c7eaaa..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- release.yaml -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/release.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/release.yaml deleted file mode 100644 index 794d631..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/releases/cert-manager/release.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: cert-manager - namespace: base-system -spec: - interval: 5m - chart: - spec: - chart: cert-manager - version: 1.9.1 - sourceRef: - kind: HelmRepository - name: jetstack - namespace: flux-system - interval: 1m - values: - installCRDs: true -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/kustomization.yaml deleted file mode 100644 index f542f00..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- values.yaml -- release.yaml -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/release.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/release.yaml deleted file mode 100644 index 96b652c..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/release.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: external-dns - namespace: base-system -spec: - interval: 5m - chart: - spec: - chart: external-dns - version: 6.7.2 - sourceRef: - kind: HelmRepository - name: bitnami - namespace: flux-system - interval: 1m - values: - provider: transip - valuesFrom: - - kind: Secret - name: valuefile-external-dns - valuesKey: values.yaml -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/values.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/values.yaml deleted file mode 100644 index 20d1d7a..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/releases/external-dns/values.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: valuefile-external-dns - namespace: base-system -spec: - encryptedData: - values.yaml: AgDBViaHigL6gDUQRnXRPkMZY1gu0Z3fIBCL4Z1c0kjxe7wIEqHcfPCubw6Kjn0gFF3iasHNbJxH+xIWu3j+lBcMlPCofPGxDfchRnA6BrgZQ++47vxlarQOlxgwgEL1Rojf9MgG+VfjHZ1Kotb0aJgiV4l81JlRJGzCa+DqBLEEjwUntWZQ2du5PElBm1MgfHHw8J7VHUngEkc9pF5lSwV94hGXZoLz7MUQ36klknRoBlQpMEVylyB/LoFXRscXMNaTHvItSZwZcaxFRUDuFtkbA0hC1Dj9li5AZcV1vhGqVcI/sAl/AN9lrCwVoQaRuhMruHRojU4KlLP1S+l5NjZ/+WMmmhhm6isQMDt0KJUnQsVjjwi1i2sm5wax4ZWPqbuzmzknr8reZBdc+9RAgA8UoGfWtO0lZWmiKO/TB5jiW/0BYSRlkhzwyFh76cFcPJA9TzeEJ5EgV+nHETeRvVuchJ5O0hEK46hscqO0au2+jXhQYmVDq5XB2yljbB3o9l9lipaZ/aVgf1jZpvvHzJcxwRqPuNZMffz2aKocZ9xZsQzNc0owfNDn6ZxTkFdMg7Za5KoQIxE8bMrRiub7LOVzbkm/+0fn4+uw/rkQQNomKcbQm8+OB+IAUOZHpyq3UUMUf1KeJ9ZpV4N0bFBiW0uq1rXJNaWPaDazqq923tlA8gk9xKftBMfJI9x/CcxBIeUtI0idaeD9mU4+mf6gJZi9LbIoMOtFNS02X8/on+xejo5mI9FLWKGFYosGZEsqjmv6a9OdHI8BWOVd3cdGvp9M5EacAku3yejfAEoW+lTdb3isCeOEjhhetNIvor7cIaJuYP7fgIgDU829lfufdgMM00hUieXRVU9SaT888mPtkhTJXBTqRYovB3QGGN6R35xxVlkTOJay/zrC7Xl90oHvAckYAfqcjOfSLsGOI0gbegqCmwJ+zXQZh7KJti1nUnP0Umcld4MQYIu3Vj3W0ChAKiGEoMD2mAH2ZMyCjla1FIHvZ8bJcdFJ56Y4ekqYP/kcG54+T8W3lOZew3iZA7/MUD5IyotN5WPr6Jz4NbOTC3oqB1KjqMvJPyh3OMHaWBZv6H5xmXEdGExWI9Sf4d+yxEfwIZdk6Xi3a76rLQxrbGhi4Ncpx3rKxt/6OrA/fEd8O1DW+p7qqhdVyB033odonhJm7cwvihmkCJl8NvysmrYgXf+t/Y8kAmCLozDzKHLMi0qEyhDVUMjmzp2TzH3xL2Ocs+4eFT3DhiYqkUMTMqZUgHUoYoLbswyZZQW/VgvonaJBYDhd97zMfQP3bJMHeupN/dO7Xn/snnFgsG43SQj7BcrEe2hXWfpDlZtiN45gtFZfjcn1LmL9q7nxj9dvR/otIHkWzkj9XzuURGNrQoYZBf533BomQTZaB7UyF0bkHZobs1WJUtKa+qLoYOUan5XCcS74wlotLjn9hd2kIhbceDGpSJcreXGjBvwcRqBJ3d3IV8p56Y8jNJsj9xZ+uysuykCEoHyywuYFJUNpcY9diydIJDFFnyoQg5fi96Ezzu7iDwH+yFTIGufwiLvbSmPi3uOPWOY9bDvSbHFsE45J7LWLMqwxXFrba0kZ0Nf3elJBl1gv03I6KABowsQ4q5eWxruYnGjsbJcjGR+p6oiHmGmd6D9Y5gBbwt3sZ7mCf9C5IUCOS083W4n/eB0iDBiwMg/3COOHzD2w3LM178Tz0ilpemSmp6T3OBzo/RbgKihNcpuVXn4Y9f3abfeKI2ubLlSJAQDykvzWFaBkmgX7QvMQA/LFzRpl1xphQ+9G55ndzm7ssLn97wrV3K5aisHj5V/AA0xE5VpmgWFbc6YH9tlLw9QVyPX93g9v7hFLuW+eV4pVVT9v2rgF/XvkP9SPheWXMhAIxLwEOxH2PkU/e/HDrfgBs3+/u5jLy7FcTxyc7JxXsK88bqU4+OhSAMVuVAGGMspqWlrkNa27a9Zuj1xSUnYlInOLgGjTi0WlzN1TH6V5xglHr4qAFgBQnx+KJpNY43ggi6en5gocTU9gsJ3qbm6xnWuKR1vu2daubdN0wM5yzz7Nzc0FjpK7OyR1qZTsmvKP+VrmnpxqtlsLYWjt8zX2mFJoRESLBwgAd5Iy7qvNE1kjIpLqGJ+Ped19qgyrFmdpoTZDiriEENUbGXRT6px5DmG3RJshMdZ0YNZAsuDYnIT/g+UrX/4jFnIgFAKqHUQpCaWeCR7DFDRRiihGwQGPvykQpbg4HSJD8FXpyMJnN0ruvlHGuIh3eyUvp73ivM+9zCoaWEMDvrked4g7BjXAtrve/enMitcA/clvn0bolme7Mx9P2CJ5kuu3/Rp3lxKU1xn7Hy0FusaVmcOcgYxG7w6mzMi3HHFniY/GZx4X8l0ig0brc0bFDu7qSKs8BKbRpNVukKwC+vkKzGcOAsZfdHalo/6orej7tj62goBl9iMDayZ10G2aOf19P1UrXPIhVIb7wW+gW4U89rRchD8pM/71WkCN4pTgTuqtaj0tyqjd9gOW+J6mZw02gfSJqCAliJstiQYbe9+kCJjZyhuRjr70RSqDZSo6sae1SYhddohRs5FZIOhy1vSTH3fcVdBRb7LM+L3XV+PkMX6IiURYyy/I/qOupzwur1vAKsaTTqaPqHxDRe53ACaY4XOACJ20fqaj8CdANY1ha711o5ZQT3mZJBtSaqbr3bRGKgiMSFSkp/dVBcnp49SCArLXFC6wC5gdgHn8c68i/B7U4FRQJHkSzHLStVKshuo9UZkfWnie9aFq/k8MYlcj6HBYo5p62L4xxCPv6hCrdtZHVA79xWCgDAMky7CubTSvOkXcQm4+wuPBoioMLXeXNaCh2tTWBHbdM8yRO9MgMwjoI+qaHsnze7f3cgSBRBMGPIMyUal+DhLbAqRsk6q//oaS98RH/SfIMULu9wsKEQSJAogxRIx4zXLU35+5I5DSqY5omReyJDHDL1paLuyjFo7V3Nbn/p3q2rtc6F3NuzAKmQZRSTnNlAW3sgX3RQ2CRCofPB0ai8k2dbpNF+1I+H79+r4xUy9Zhx1b4cyoA6Q1dzH7ey9hQ0S4vc8ps9LP/mULa/xz/MDDC+/T9CGtv1JXMCvpyYtx5nfDbuY7m5T5c7laSoF8WfjDU9v+OwZOfsIY2z2EA3eG0gDwHfMaCyHTjnT7JtcjAInR - template: - data: null - metadata: - creationTimestamp: null - name: valuefile-external-dns - namespace: base-system - type: Opaque - diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/kustomization.yaml deleted file mode 100644 index 3c7eaaa..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- release.yaml -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/release.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/release.yaml deleted file mode 100644 index dc5a3e8..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/releases/ingress-nginx/release.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: ingress-nginx - namespace: base-system -spec: - interval: 5m - chart: - spec: - chart: ingress-nginx - version: 4.2.0 - sourceRef: - kind: HelmRepository - name: ingress-nginx - namespace: flux-system - interval: 1m - values: - controller: - replicaCount: 1 - service: - ports: - http: 8080 - https: 8443 - watchIngressWithoutClass: true -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/kustomization.yaml deleted file mode 100644 index 51893a5..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/releases/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- sealed-secrets -- ingress-nginx -- cert-manager -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/kustomization.yaml deleted file mode 100644 index 3c7eaaa..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- release.yaml -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/release.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/release.yaml deleted file mode 100644 index fe9ef26..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/releases/sealed-secrets/release.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: sealed-secrets-controller - namespace: kube-system -spec: - interval: 5m - chart: - spec: - chart: sealed-secrets - version: 1.0.10 - sourceRef: - kind: HelmRepository - name: bitnami - namespace: flux-system - interval: 1m - values: {} -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/kustomization.yaml deleted file mode 100644 index 3c7eaaa..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- release.yaml -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/release.yaml b/playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/release.yaml deleted file mode 100644 index 750e6fa..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/releases/seaweedfs-csi-driver/release.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: seaweedfs-csi-driver - namespace: base-system -spec: - interval: 5m - chart: - spec: - chart: ./deploy/helm/seaweedfs-csi-driver - version: 0.1.1 - sourceRef: - kind: GitRepository - name: seaweedfs - namespace: flux-system - interval: 1m - values: - seaweedfsFiler: 10.57.21.1 - storageClassName: seaweedfs - isDefaultStorageClass: false -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/sources/bitnami.yaml b/playbooks.d/k3s-master/manifests/infrastructure/sources/bitnami.yaml deleted file mode 100644 index ef29afb..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/sources/bitnami.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: bitnami - namespace: flux-system -spec: - interval: 1m - url: https://charts.bitnami.com/bitnami -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/sources/ingress-nginx.yaml b/playbooks.d/k3s-master/manifests/infrastructure/sources/ingress-nginx.yaml deleted file mode 100644 index cd006ac..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/sources/ingress-nginx.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: ingress-nginx - namespace: flux-system -spec: - interval: 1m - url: https://kubernetes.github.io/ingress-nginx -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/sources/jetstack.yaml b/playbooks.d/k3s-master/manifests/infrastructure/sources/jetstack.yaml deleted file mode 100644 index 782ba14..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/sources/jetstack.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: jetstack - namespace: flux-system -spec: - interval: 1m - url: https://charts.jetstack.io -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/sources/kustomization.yaml b/playbooks.d/k3s-master/manifests/infrastructure/sources/kustomization.yaml deleted file mode 100644 index a87331d..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/sources/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- bitnami.yaml -- ingress-nginx.yaml -- jetstack.yaml -- nextcloud.yaml -- seaweedfs.yaml -- tyil-invidious.yaml -- tyil-nitter.yaml -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/sources/nextcloud.yaml b/playbooks.d/k3s-master/manifests/infrastructure/sources/nextcloud.yaml deleted file mode 100644 index 1594b3b..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/sources/nextcloud.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: nextcloud - namespace: flux-system -spec: - interval: 1m - url: https://nextcloud.github.io/helm/ -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/sources/seaweedfs.yaml b/playbooks.d/k3s-master/manifests/infrastructure/sources/seaweedfs.yaml deleted file mode 100644 index cba7a16..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/sources/seaweedfs.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: GitRepository -metadata: - name: seaweedfs - namespace: flux-system -spec: - interval: 1m - url: https://github.com/seaweedfs/seaweedfs-csi-driver - ref: - branch: master -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-invidious.yaml b/playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-invidious.yaml deleted file mode 100644 index 1633026..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-invidious.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: GitRepository -metadata: - name: tyil-helm-invidious - namespace: flux-system -spec: - interval: 1m - url: https://git.sr.ht/~tyil/helm-invidious - ref: - branch: master -... diff --git a/playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-nitter.yaml b/playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-nitter.yaml deleted file mode 100644 index d7cc48c..0000000 --- a/playbooks.d/k3s-master/manifests/infrastructure/sources/tyil-nitter.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: GitRepository -metadata: - name: tyil-helm-nitter - namespace: flux-system -spec: - interval: 1m - url: https://git.sr.ht/~tyil/helm-nitter - ref: - branch: master -... diff --git a/playbooks.d/k3s-master/manifests/namespaces/kustomization.yaml b/playbooks.d/k3s-master/manifests/namespaces/kustomization.yaml deleted file mode 100644 index b05f7e7..0000000 --- a/playbooks.d/k3s-master/manifests/namespaces/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- base-system.yaml -- media.yaml -- personal-services.yaml -- public-services.yaml -- servarr.yaml -... diff --git a/playbooks.d/k3s-master/manifests/namespaces/media.yaml b/playbooks.d/k3s-master/manifests/namespaces/media.yaml deleted file mode 100644 index 32f23de..0000000 --- a/playbooks.d/k3s-master/manifests/namespaces/media.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: media -... diff --git a/playbooks.d/k3s-master/manifests/namespaces/public-services.yaml b/playbooks.d/k3s-master/manifests/namespaces/public-services.yaml deleted file mode 100644 index 15a4f07..0000000 --- a/playbooks.d/k3s-master/manifests/namespaces/public-services.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: public-services -... diff --git a/playbooks.d/k3s-master/manifests/namespaces/servarr.yaml b/playbooks.d/k3s-master/manifests/namespaces/servarr.yaml deleted file mode 100644 index 247de1e..0000000 --- a/playbooks.d/k3s-master/manifests/namespaces/servarr.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: servarr -... diff --git a/playbooks.d/k3s-master/playbook.bash b/playbooks.d/k3s-master/playbook.bash deleted file mode 100644 index 351064c..0000000 --- a/playbooks.d/k3s-master/playbook.bash +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/env bash - -playbook_add() { - info "$BASHTARD_PLAYBOOK" "Writing config.yaml for k3s" - mkdir -pv -- /etc/rancher/k3s - cat <<-EOF > /etc/rancher/k3s/config.yaml - node-name: ${BASHTARD_PLATFORM[fqdn]} - node-ip: $(config "k3s.network.ip" "$(config "vpn.ipv4" "127.0.0.1")") - bind-address: $(config "k3s.network.bind" "$(config "vpn.ipv4" "0.0.0.0")") - cluster-cidr: $(config "k3s.network.cidr.pods") - service-cidr: $(config "k3s.network.cidr.svcs") - cluster-dns: $(config "k3s.network.service.dns") - cluster-domain: $(config "k3s.domain") - disable: - - traefik - EOF - - info "$BASHTARD_PLAYBOOK" "Installing k3s" - curl -sfL https://get.k3s.io | sh - # I hate this - curl -L https://github.com/fluxcd/flux2/releases/download/v0.31.5/flux_0.31.5_linux_amd64.tar.gz | tar xzf - -C /usr/local/bin - - notice "$BASHTARD_PLAYBOOK" "Waiting for node to become available" - { grep -q -m 1 "${BASHTARD_PLATFORM[fqdn]}[[:space:]]\+Ready"; kill $!; } < <(k3s kubectl get node -w) - - info "$BASHTARD_PLAYBOOK" "Installing flux-system on k3s" - flux bootstrap git \ - --branch="$(config "k3s.flux.repo.branch")" \ - --cluster-domain="$(config "k3s.domain")" \ - --kubeconfig=/etc/rancher/k3s/k3s.yaml \ - --path="$(config "k3s.flux.repo.path" "playbooks.d/$BASHTARD_PLAYBOOK/manifests/clusters/${BASHTARD_PLATFORM[fqdn]}")" \ - --private-key-file="$(config "k3s.flux.repo.privkey" "$HOME/.ssh/id.d/$USER@$(hostname -s)-ed25519")" \ - --silent \ - --url="$(config "k3s.flux.repo.url")" -} - -playbook_sync() { - :; -} - -playbook_del() { - /usr/local/bin/k3s-uninstall.sh -} diff --git a/playbooks.d/k3s-node/description.txt b/playbooks.d/k3s-node/description.txt new file mode 100644 index 0000000..2a299e3 --- /dev/null +++ b/playbooks.d/k3s-node/description.txt @@ -0,0 +1 @@ +Playbook for a single k3s node to be part of an existing cluster. diff --git a/playbooks.d/k3s-node/etc/defaults b/playbooks.d/k3s-node/etc/defaults new file mode 100644 index 0000000..3e2c63b --- /dev/null +++ b/playbooks.d/k3s-node/etc/defaults @@ -0,0 +1,3 @@ +pkg.curl=curl +pkg.nfs-common=nfs-common +pkg.open-iscsi=open-iscsi diff --git a/playbooks.d/k3s-node/etc/os.d/linux-gentoo b/playbooks.d/k3s-node/etc/os.d/linux-gentoo new file mode 100644 index 0000000..5e7bc08 --- /dev/null +++ b/playbooks.d/k3s-node/etc/os.d/linux-gentoo @@ -0,0 +1,2 @@ +pkg.nfs-common=net-fs/nfs-utils +pkg.open-iscsi=sys-block/open-iscsi diff --git a/playbooks.d/k3s-node/playbook.bash b/playbooks.d/k3s-node/playbook.bash new file mode 100644 index 0000000..f2ae8d6 --- /dev/null +++ b/playbooks.d/k3s-node/playbook.bash @@ -0,0 +1,41 @@ +#!/usr/bin/env bash + +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.entry.host]="required" +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.entry.token]="required" + +playbook_add() { + pkg install curl nfs-common open-iscsi + + info "$BASHTARD_PLAYBOOK" "Writing config.yaml for k3s" + mkdir -pv -- /etc/rancher/k3s + cat <<-EOF > /etc/rancher/k3s/config.yaml + node-ip: "$(config "$BASHTARD_PLAYBOOK.node-ip" "$(config "bashtard.ssh.host")")" + node-name: "${BASHTARD_PLATFORM[fqdn]}" + server: "https://$(config "$BASHTARD_PLAYBOOK.entry.host"):$(config "$BASHTARD_PLAYBOOK.entry.port" "6443")" + token: "$(config "$BASHTARD_PLAYBOOK.entry.token")" + EOF + + if [[ "$(config "$BASHTARD_PLAYBOOK.role")" == "server" ]] + then + cat <<-EOF >> /etc/rancher/k3s/config.yaml + cluster-cidr: "$(config "$BASHTARD_PLAYBOOK.cluster-cidr" "172.19.0.0/16")" + cluster-domain: "$(config "$BASHTARD_PLAYBOOK.cluster-domain" "cluster.local")" + service-cidr: "$(config "$BASHTARD_PLAYBOOK.service-cidr" "172.20.0.0/16")" + service-node-port-range: "$(config "$BASHTARD_PLAYBOOK.service-node-port-min" "30000")-$(config "$BASHTARD_PLAYBOOK.service-node-port-max" "32767")" + EOF + fi + + info "$BASHTARD_PLAYBOOK" "Installing k3s" + curl -sfL https://get.k3s.io | sh -s - "$(config "$BASHTARD_PLAYBOOK.role" "agent")" + + notice "$BASHTARD_PLAYBOOK" "Waiting for node to become available" + { grep -q -m 1 "${BASHTARD_PLATFORM[fqdn]}[[:space:]]\+Ready"; kill $!; } < <(k3s kubectl get node -w) +} + +playbook_sync() { + :; +} + +playbook_del() { + /usr/local/bin/k3s-uninstall.sh +} diff --git a/playbooks.d/k8s-master/description.txt b/playbooks.d/k8s-master/description.txt new file mode 100644 index 0000000..60693ef --- /dev/null +++ b/playbooks.d/k8s-master/description.txt @@ -0,0 +1 @@ +Playbook for a Kubernetes master node diff --git a/playbooks.d/k8s-master/etc/defaults b/playbooks.d/k8s-master/etc/defaults new file mode 100644 index 0000000..9506887 --- /dev/null +++ b/playbooks.d/k8s-master/etc/defaults @@ -0,0 +1,4 @@ +pkg.containerd=containerd +pkg.kubeadm=kubeadm +pkg.kubectl=kubectl +pkg.kubelet=kubelet diff --git a/playbooks.d/k8s-master/playbook.bash b/playbooks.d/k8s-master/playbook.bash new file mode 100644 index 0000000..f423c00 --- /dev/null +++ b/playbooks.d/k8s-master/playbook.bash @@ -0,0 +1,115 @@ +#!/usr/bin/env bash + +playbook_add() { + local version + + version="1.29" + + case "${BASHTARD_PLATFORM[key]}" in + linux-debian_gnu_linux) + # Fetch the apt key + info "$BASHTARD_PLAYBOOK" "Adding apt repository" + mkdir -pv -m 755 -- /etc/apt/keyrings + curl -fsSL "https://pkgs.k8s.io/core:/stable:/v$version/deb/Release.key" \ + | gpg --dearmor \ + > /etc/apt/keyrings/kubernetes-apt-keyring.gpg + printf "deb [signed-by=%s] %s /\n" \ + "/etc/apt/keyrings/kubernetes-apt-keyring.gpg" \ + "https://pkgs.k8s.io/core:/stable:/v$version/deb/" \ + > /etc/apt/sources.list.d/kubernetes.list + apt update + ;; + esac + + pkg install containerd + pkg install kubeadm + pkg install kubectl + pkg install kubelet + + info "$BASHTARD_PLAYBOOK" "Enabling forwarding" + cat <<-EOF > "$(config "fs.etcdir")/sysctl.d/kubernetes.conf" + net.bridge.bridge-nf-call-iptables = 1 + net.bridge.bridge-nf-call-ip6tables = 1 + net.ipv4.ip_forward = 1 + net.ipv6.conf.all.forwarding = 1 + EOF + + sysctl --system + + info "$BASHTARD_PLAYBOOK" "Enabling kernel modules" + cat <<-EOF > "$(config "fs.etcdir")/modules-load.d/kubernetes.conf" + br_netfilter + overlay + EOF + + modprobe overlay + modprobe br_netfilter + + notice "$BASHTARD_PLAYBOOK" "Creating data directories" + mkdir -pv -- "$(playbook_path "data")/manifests.d" + + if [[ "$(config "$BASHTARD_PLAYBOOK.flags.apiserver-advertise-address" "")" != "" ]] + then + notice "$BASHTARD_PLAYBOOK" "Setting node ip in $(config "fs.etcdir")/default/kubelet" + cat <<-EOF > "$(config "fs.etcdir")/default/kubelet" + KUBELET_EXTRA_ARGS="--node-ip=$(config "$BASHTARD_PLAYBOOK.flags.apiserver-advertise-address")" + EOF + fi + + notice "$BASHTARD_PLAYBOOK" "Initialize kubeadm" + kubeadm init \ + --apiserver-advertise-address="$(config "$BASHTARD_PLAYBOOK.flags.apiserver-advertise-address" "127.0.0.1")" \ + --apiserver-bind-port="$(config "$BASHTARD_PLAYBOOK.flags.apiserver-bind-port" "6443")" \ + --control-plane-endpoint="$(config "$BASHTARD_PLAYBOOK.flags.control-plane-endpoint" "localhost")" \ + --node-name="${BASHTARD_PLATFORM[fqdn]}" \ + --service-cidr="$(config "$BASHTARD_PLAYBOOK.flags.service-cidr" "10.96.0.0/12")" \ + --service-dns-domain="$(config "$BASHTARD_PLAYBOOK.flags.service-dns-domain" "cluster.local")" \ + --pod-network-cidr="$(config "$BASHTARD_PLAYBOOK.flags.pod-network-cidr" "10.0.0.0/12")" \ + || return 1 + + playbook_sync + + return 0 +} + +playbook_sync() { + local data + local kubeconfig + local manifest_prefix + local values + + data="$(playbook_path "data")" + kubeconfig="$(config "fs.etcdir")/kubernetes/admin.conf" + manifest_prefix="$(config "$BASHTARD_PLAYBOOK.manifest-prefix" "")" + + notice "$BASHTARD_PLAYBOOK/manifests" "Applying manifests.d" + kubectl --kubeconfig "$kubeconfig" apply --recursive --filename "$data/manifests.d/$manifest_prefix" +} + +playbook_del() { + kubeadm reset --force + iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X + ipvsadm -C + rm -fr -- \ + "$(config "fs.etcdir")/modules-load.d/kubernetes.conf" \ + "$(config "fs.etcdir")/sysctl.d/kubernetes.conf" \ + "$(config "fs.etcdir")/cni/net.d" \ + "$(config "fs.etcdir")/kubernetes" \ + "/var/lib/etcd" \ + "/var/lib/cni" + + pkg uninstall kubectl + pkg uninstall kubeadm + pkg uninstall kubelet + pkg uninstall containerd + + case "${BASHTARD_PLATFORM[key]}" in + linux-debian_gnu_linux) + # Fetch the apt key + info "$BASHTARD_PLAYBOOK" "Removing apt repository" + rm -fr -- \ + /etc/apt/keyrings/kubernetes-apt-keyring.gpg \ + /etc/apt/sources.list.d/kubernetes.list + ;; + esac +} diff --git a/playbooks.d/k8s-node/description.txt b/playbooks.d/k8s-node/description.txt new file mode 100644 index 0000000..60693ef --- /dev/null +++ b/playbooks.d/k8s-node/description.txt @@ -0,0 +1 @@ +Playbook for a Kubernetes master node diff --git a/playbooks.d/k8s-node/etc/defaults b/playbooks.d/k8s-node/etc/defaults new file mode 100644 index 0000000..9506887 --- /dev/null +++ b/playbooks.d/k8s-node/etc/defaults @@ -0,0 +1,4 @@ +pkg.containerd=containerd +pkg.kubeadm=kubeadm +pkg.kubectl=kubectl +pkg.kubelet=kubelet diff --git a/playbooks.d/k8s-node/playbook.bash b/playbooks.d/k8s-node/playbook.bash new file mode 100644 index 0000000..fbf49e9 --- /dev/null +++ b/playbooks.d/k8s-node/playbook.bash @@ -0,0 +1,103 @@ +#!/usr/bin/env bash + +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.cert-hash]="required" +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.master.address]="required" +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.token]="required" + +playbook_add() { + local version + + version="1.29" + + case "${BASHTARD_PLATFORM[key]}" in + linux-debian_gnu_linux) + # Fetch the apt key + info "$BASHTARD_PLAYBOOK" "Adding apt repository" + mkdir -pv -m 755 -- /etc/apt/keyrings + curl -fsSL "https://pkgs.k8s.io/core:/stable:/v$version/deb/Release.key" \ + | gpg --dearmor \ + > /etc/apt/keyrings/kubernetes-apt-keyring.gpg + printf "deb [signed-by=%s] %s /\n" \ + "/etc/apt/keyrings/kubernetes-apt-keyring.gpg" \ + "https://pkgs.k8s.io/core:/stable:/v$version/deb/" \ + > /etc/apt/sources.list.d/kubernetes.list + apt update + ;; + esac + + pkg install containerd + pkg install kubeadm + pkg install kubectl + pkg install kubelet + + info "$BASHTARD_PLAYBOOK" "Enabling forwarding" + cat <<-EOF > "$(config "fs.etcdir")/sysctl.d/kubernetes.conf" + net.bridge.bridge-nf-call-iptables = 1 + net.bridge.bridge-nf-call-ip6tables = 1 + net.ipv4.ip_forward = 1 + net.ipv6.conf.all.forwarding = 1 + EOF + + sysctl --system + + info "$BASHTARD_PLAYBOOK" "Enabling kernel modules" + cat <<-EOF > "$(config "fs.etcdir")/modules-load.d/kubernetes.conf" + br_netfilter + overlay + EOF + + modprobe overlay + modprobe br_netfilter + + if [[ "$(config "$BASHTARD_PLAYBOOK.node-ip" "")" != "" ]] + then + notice "$BASHTARD_PLAYBOOK" "Setting node ip in $(config "fs.etcdir")/default/kubelet" + cat <<-EOF > "$(config "fs.etcdir")/default/kubelet" + KUBELET_EXTRA_ARGS="--node-ip=$(config "$BASHTARD_PLAYBOOK.node-ip")" + EOF + fi + + notice "$BASHTARD_PLAYBOOK" "Initialize kubeadm" + kubeadm join \ + --discovery-token-ca-cert-hash "$(config "$BASHTARD_PLAYBOOK.cert-hash")" \ + --node-name="${BASHTARD_PLATFORM[fqdn]}" \ + --token "$(config "$BASHTARD_PLAYBOOK.token")" \ + "$(config "$BASHTARD_PLAYBOOK.master.address"):$(config "$BASHTARD_PLAYBOOK.master.port" "6443")" +} + +playbook_sync() { + :; +} + +playbook_del() { + kubectl drain "${BASHTARD_PLATFORM[fqdn]}" \ + --delete-emptydir-data \ + --force \ + --ignore-daemonsets + + kubeadm reset --force + iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X + ipvsadm -C + rm -fr -- \ + "$(config "fs.etcdir")/modules-load.d/kubernetes.conf" \ + "$(config "fs.etcdir")/sysctl.d/kubernetes.conf" \ + "$(config "fs.etcdir")/cni/net.d" \ + "$(config "fs.etcdir")/kubernetes" \ + "/var/lib/etcd" \ + "/var/lib/cni" + + pkg uninstall kubectl + pkg uninstall kubeadm + pkg uninstall kubelet + pkg uninstall containerd + + case "${BASHTARD_PLATFORM[key]}" in + linux-debian_gnu_linux) + # Fetch the apt key + info "$BASHTARD_PLAYBOOK" "Removing apt repository" + rm -fr -- \ + /etc/apt/keyrings/kubernetes-apt-keyring.gpg \ + /etc/apt/sources.list.d/kubernetes.list + ;; + esac +} diff --git a/playbooks.d/nfs-server/description.txt b/playbooks.d/nfs-server/description.txt new file mode 100644 index 0000000..8e396fe --- /dev/null +++ b/playbooks.d/nfs-server/description.txt @@ -0,0 +1 @@ +A Bashtard playbook to configure a machine as an NFS server diff --git a/playbooks.d/nfs-server/etc/defaults b/playbooks.d/nfs-server/etc/defaults new file mode 100644 index 0000000..f8af32e --- /dev/null +++ b/playbooks.d/nfs-server/etc/defaults @@ -0,0 +1,3 @@ +pkg.nfs-utils=nfs-utils +svc.nfs=nfs-server +svc.rpcbind=rpcbind diff --git a/playbooks.d/nfs-server/etc/os.d/linux-gentoo b/playbooks.d/nfs-server/etc/os.d/linux-gentoo new file mode 100644 index 0000000..a76300d --- /dev/null +++ b/playbooks.d/nfs-server/etc/os.d/linux-gentoo @@ -0,0 +1 @@ +pkg.nfs-utils=net-fs/nfs-utils diff --git a/playbooks.d/nfs-server/playbook.bash b/playbooks.d/nfs-server/playbook.bash new file mode 100644 index 0000000..6856c72 --- /dev/null +++ b/playbooks.d/nfs-server/playbook.bash @@ -0,0 +1,75 @@ +#!/usr/bin/env bash + +playbook_add() { + pkg install nfs-utils + + touch /etc/exports + + playbook_sync + + svc enable nfs + svc enable rpcbind + + svc start nfs + svc start rpcbind +} + +playbook_sync() { + local buffer="$(tmpfile)" + local exports="/etc/exports.d/kubernetes.exports" + local hash="$(file_hash "$exports")" + + local root_options="ro,no_subtree_check" + local export_options="rw,no_root_squash,no_subtree_check" + local root_export="/mnt/exports" + local allowed_cidr=("10.57.0.0/16" "172.19.0.0/16") + local fsid + + { + printf "%s" "$root_export" + for host in "${allowed_cidr[@]}" + do + printf " %s(fsid=%s,%s)" "$host" "0" "$export_options" + done + printf "\n" + + for path in "$root_export"/* + do + fsid="$(config "$BASHTARD_PLAYBOOK.exports.$path.fsid" "")" + + if [[ "$fsid" == "" ]] + then + warn "$BASHTARD_PLAYBOOK" "Generating fsid for $path" + fsid="$(uuidgen)" + $BASHTARD_BIN var "$BASHTARD_PLAYBOOK.exports.$path.fsid" "$fsid" + fi + + printf "%s" "$path" + for host in "${allowed_cidr[@]}" + do + printf " %s(fsid=%s,%s)" "$host" "$fsid" "$export_options" + done + printf "\n" + + unset fsid + done + } > "$buffer" + + [[ "$(file_hash "$buffer")" == "$hash" ]] && return + + mv -- "$buffer" "$exports" + + [[ "$BASHTARD_ACTION" == "add" ]] && return + + exportfs -rv +} + +playbook_del() { + svc stop rpcbind + svc stop nfs + + svc disable rpcbind + svc disable nfs + + pkg uninstall nfs-utils +} diff --git a/playbooks.d/nftables/description.txt b/playbooks.d/nftables/description.txt new file mode 100644 index 0000000..38683d6 --- /dev/null +++ b/playbooks.d/nftables/description.txt @@ -0,0 +1 @@ +Firewall through nftables diff --git a/playbooks.d/nftables/etc/defaults b/playbooks.d/nftables/etc/defaults new file mode 100644 index 0000000..10cc38b --- /dev/null +++ b/playbooks.d/nftables/etc/defaults @@ -0,0 +1,2 @@ +pkg.nftables=nftables +svc.nftables=nftables diff --git a/playbooks.d/nftables/playbook.bash b/playbooks.d/nftables/playbook.bash new file mode 100644 index 0000000..c0b366c --- /dev/null +++ b/playbooks.d/nftables/playbook.bash @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +playbook_add() { + pkg install nftables + + playbook_sync + + svc enable nftables + svc start nftables +} + +playbook_sync() { + { + printf "#!%s -f\n\n" "$(config "$BASHTARD_PLAYBOOK.binpath" "/usr/sbin/nft")" + printf "flush ruleset\n\n" + printf "table inet filter {\n" + printf "\tchain input {\n" + printf "\t\ttype filter hook input priority filter;\n" + + # Add conntrack state rules + info "$BASHTARD_PLAYBOOK/sync" "Adding input filter for conntrack state" + printf "\n" + printf "\t\tct state established %s;\n" \ + "$(config "$BASHTARD_PLAYBOOK.input.state.established.policy" "accept")" + printf "\t\tct state related %s;\n" \ + "$(config "$BASHTARD_PLAYBOOK.input.state.related.policy" "accept")" + printf "\t\tct state invalid %s;\n" \ + "$(config "$BASHTARD_PLAYBOOK.input.state.invalid.policy" "drop")" + + # Add interface rules + printf "\n" + while read -r interface + do + info "$BASHTARD_PLAYBOOK/sync" "Adding input filter for interface $interface" + printf "\t\tiifname %s %s;\n" "$interface" "$(config "$BASHTARD_PLAYBOOK.input.interfaces.$interface.policy")" + done < <(config_subkeys "$BASHTARD_PLAYBOOK.input.interfaces") + + # Add ICMP rules + info "$BASHTARD_PLAYBOOK/sync" "Adding input filter for ICMP" + printf "\n" + printf "\t\tmeta l4proto icmp" \ # IPv4 + if [[ "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv4.rate" "")" != "" ]] + then + printf " limit rate %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv4.rate" "2/second")" + fi + printf " %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv4.policy" "accept")" + printf ";\n" + printf "\t\tmeta l4proto ipv6-icmp" \ # IPv6 + if [[ "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv6.rate" "")" != "" ]] + then + printf " limit rate %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv6.rate")" + fi + printf " %s" "$(config "$BASHTARD_PLAYBOOK.input.icmp.ipv6.policy" "accept")" + printf ";\n" + + # Add custom input rules + printf "\n" + while read -r rule + do + info "$BASHTARD_PLAYBOOK/sync" "Adding input filter for custom rule $rule" + printf "\t\tmeta l4proto { %s } th" "$(config "$BASHTARD_PLAYBOOK.input.rules.$rule.proto")" + printf " dport %s" "$(config "$BASHTARD_PLAYBOOK.input.rules.$rule.port")" + printf " %s" "$(config "$BASHTARD_PLAYBOOK.input.rules.$rule.policy" "accept")" + printf " comment \"%s\"" "$rule" + printf ";\n" + done < <(config_subkeys "$BASHTARD_PLAYBOOK.input.rules") + + # Add fallback policy + printf "\n" + printf "\t\tlog prefix \"[nftables] \" counter drop;\n" + printf "\t\tpolicy %s;\n" "$(config "$BASHTARD_PLAYBOOK.input.policy" "drop")" + + printf "\t}\n" + printf "\tchain forward {\n" + printf "\t\ttype filter hook forward priority filter;\n" + + # TODO: Add forward rules + + printf "\t}\n" + printf "\tchain output {\n" + printf "\t\ttype filter hook output priority filter;\n" + + # TODO: Add output rules + + printf "\t}\n" + printf "}\n" + } > "$(config "fs.etcdir")/nftables.conf" + + [[ "$BASHTARD_COMMAND" == "add" ]] && return + + svc restart nftables +} + +playbook_del() { + svc stop nftables + svc disable nftables + pkg uninstall nftables + rm -fr -- "$(config "fs.etcdir")/nftables" +} diff --git a/playbooks.d/seaweedfs-filer/description.txt b/playbooks.d/seaweedfs-filer/description.txt new file mode 100644 index 0000000..d14afca --- /dev/null +++ b/playbooks.d/seaweedfs-filer/description.txt @@ -0,0 +1 @@ +Scalable object storage cluster diff --git a/playbooks.d/seaweedfs-filer/etc/defaults b/playbooks.d/seaweedfs-filer/etc/defaults new file mode 100644 index 0000000..206987a --- /dev/null +++ b/playbooks.d/seaweedfs-filer/etc/defaults @@ -0,0 +1 @@ +svc.seaweedfs-filer=seaweedfs-filer diff --git a/playbooks.d/seaweedfs-filer/playbook.bash b/playbooks.d/seaweedfs-filer/playbook.bash new file mode 100644 index 0000000..1a71f07 --- /dev/null +++ b/playbooks.d/seaweedfs-filer/playbook.bash @@ -0,0 +1,94 @@ +#!/usr/bin/env bash + +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ip]="required" + +playbook_add() { + local buffer + + # Make sure seaweedfs is installed + "$BASHTARD_BIN" add seaweedfs || true + + mkdir -pv "/var/lib/seaweedfs/filer" + + # Generate systemd unit files + case "${BASHTARD_PLATFORM[init]}" in + systemd) + cat <<-EOF > "$(config "fs.etcdir")/systemd/system/seaweedfs-filer.service" + [Unit] + Description=SeaweedFS Filer + After=network.target + + [Service] + Type=simple + User=root + Group=root + + ExecStart=$(config "fs.bindir")/weed filer -options="$(config "fs.etcdir")/seaweedfs/filer.conf" + WorkingDirectory=/var/lib/seaweedfs/filer + SyslogIdentifier=seaweedfs + + [Install] + WantedBy=multi-user.target + EOF + ;; + *) die "NYI" + esac + + # Perform initial configuration + playbook_sync + + # Start the service + svc enable seaweedfs-filer + svc start seaweedfs-filer +} + +playbook_sync() { + local buffer + local conf + local peers=() + local hash + + buffer="$(tmpfile)" + conf="$(config "fs.etcdir")/seaweedfs/filer.conf" + hash="$(file_hash "$conf")" + + # Add all registered seaweedfs-master nodes as peers + while read -r host + do + peers+=("[$(config_for "$(basename "$host")" "seaweedfs-master.ip")]:$(config_for "$(basename "$host")" "seaweedfs-master.port" "9333")") + done < <(grep -FHl "$BASHTARD_PLAYBOOK" "$BASHTARD_ETCDIR/registry.d"/*) + + # Generate config files + file_template "filer.conf" \ + ip="$(config "$BASHTARD_PLAYBOOK.ip")" \ + port="$(config "$BASHTARD_PLAYBOOK.port" "8888")" \ + masters="$(join_args "${peers[@]}")" \ + s3_port="$(config "$BASHTARD_PLAYBOOK.s3.port" "8333")" \ + > "$buffer" + + file_template "filer.toml" \ + > "$(config "fs.etcdir")/seaweedfs/filer.toml" + + [[ "$(file_hash "$buffer")" == "$hash" ]] && return + + mv -- "$buffer" "$conf" + + [[ "$BASHTARD_ACTION" == "add" ]] && return + + # Reload service + svc restart seaweedfs-filer +} + +playbook_del() { + # Stop service + svc stop seaweedfs-filer + svc disable seaweedfs-filer + + # Remove systemd unit file + rm -fr -- "$(config "fs.etcdir")/systemd/system/seaweedfs-filer.service" + + # Remove configuration files + rm -fr -- \ + "$(config "fs.etcdir")/seaweedfs/filer.conf" \ + "$(config "fs.etcdir")/seaweedfs/filer.toml" +} diff --git a/playbooks.d/seaweedfs-filer/share/filer.conf b/playbooks.d/seaweedfs-filer/share/filer.conf new file mode 100644 index 0000000..e9ac6e8 --- /dev/null +++ b/playbooks.d/seaweedfs-filer/share/filer.conf @@ -0,0 +1,7 @@ +ip=[${ip}] +port=${port} + +master=${masters} + +s3=true +s3.port=${s3_port} diff --git a/playbooks.d/seaweedfs-filer/share/filer.toml b/playbooks.d/seaweedfs-filer/share/filer.toml new file mode 100644 index 0000000..8d40cb9 --- /dev/null +++ b/playbooks.d/seaweedfs-filer/share/filer.toml @@ -0,0 +1,3 @@ +[leveldb3] +enabled = true +dir = "./filerldb3" diff --git a/playbooks.d/seaweedfs-master/description.txt b/playbooks.d/seaweedfs-master/description.txt new file mode 100644 index 0000000..d14afca --- /dev/null +++ b/playbooks.d/seaweedfs-master/description.txt @@ -0,0 +1 @@ +Scalable object storage cluster diff --git a/playbooks.d/seaweedfs-master/etc/defaults b/playbooks.d/seaweedfs-master/etc/defaults new file mode 100644 index 0000000..2578831 --- /dev/null +++ b/playbooks.d/seaweedfs-master/etc/defaults @@ -0,0 +1 @@ +svc.seaweedfs-master=seaweedfs-master diff --git a/playbooks.d/seaweedfs-master/playbook.bash b/playbooks.d/seaweedfs-master/playbook.bash new file mode 100644 index 0000000..34e46c1 --- /dev/null +++ b/playbooks.d/seaweedfs-master/playbook.bash @@ -0,0 +1,95 @@ +#!/usr/bin/env bash + +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ip]="required" + +playbook_add() { + local buffer + + # Make sure seaweedfs is installed + "$BASHTARD_BIN" add seaweedfs || true + + # Create directories used by seaweedfs + mkdir -pv -- "/var/lib/seaweedfs/master" + + # Generate systemd unit files + case "${BASHTARD_PLATFORM[init]}" in + systemd) + cat <<-EOF > "$(config "fs.etcdir")/systemd/system/seaweedfs-master.service" + [Unit] + Description=SeaweedFS Master + After=network.target + + [Service] + Type=simple + User=root + Group=root + + ExecStart=$(config "fs.bindir")/weed master -options="$(config "fs.etcdir")/seaweedfs/master.conf" + WorkingDirectory=/var/lib/seaweedfs + SyslogIdentifier=seaweedfs + + [Install] + WantedBy=multi-user.target + EOF + ;; + *) die "NYI" + esac + + # Perform initial configuration + playbook_sync + + # Start the service + svc enable seaweedfs-master + svc start seaweedfs-master +} + +playbook_sync() { + local buffer + local conf + local peers=() + local hash + + buffer="$(tmpfile)" + conf="$(config "fs.etcdir")/seaweedfs/master.conf" + hash="$(file_hash "$conf")" + + # Add all registered seaweedfs-master nodes as peers + while read -r host + do + # Except this node itself + [[ "$(basename "$host")" == "${BASHTARD_PLATFORM[fqdn]}" ]] && continue + + peers+=("$(config_for "$(basename "$host")" "$BASHTARD_PLAYBOOK.ip")") + done < <(grep -FHl "$BASHTARD_PLAYBOOK" "$BASHTARD_ETCDIR/registry.d"/*) + + # Generate config file + file_template "master.conf" \ + ip="$(config "$BASHTARD_PLAYBOOK.ip")" \ + port="$(config "$BASHTARD_PLAYBOOK.port" "9333")" \ + peers="$(join_args "${peers[@]}")" \ + mdir="$(config "$BASHTARD_PLAYBOOK.mdir" "/var/lib/seaweedfs/master/mdir")" \ + replication="$(config "$BASHTARD_PLAYBOOK.replication" "000")" \ + volume_size="$(config "$BASHTARD_PLAYBOOK.volume-size" "1024")" \ + > "$buffer" + + [[ "$(file_hash "$buffer")" == "$hash" ]] && return + + mv -- "$buffer" "$conf" + + [[ "$BASHTARD_ACTION" == "add" ]] && return + + # Reload service + svc restart seaweedfs-master +} + +playbook_del() { + # Stop service + svc stop seaweedfs-master + svc disable seaweedfs-master + + # Remove systemd unit file + rm -fr -- "$(config "fs.etcdir")/systemd/system/seaweedfs-master.service" + + # Remove configuration files + rm -fr -- "$(config "fs.etcdir")/seaweedfs/master.conf" +} diff --git a/playbooks.d/seaweedfs-master/share/master.conf b/playbooks.d/seaweedfs-master/share/master.conf new file mode 100644 index 0000000..4126635 --- /dev/null +++ b/playbooks.d/seaweedfs-master/share/master.conf @@ -0,0 +1,8 @@ +ip=[${ip}] +port=${port} + +peers=${peers} +mdir=${mdir} + +defaultReplication=${replication} +volumeSizeLimitMB=${volume_size} diff --git a/playbooks.d/seaweedfs-volume/description.txt b/playbooks.d/seaweedfs-volume/description.txt new file mode 100644 index 0000000..d14afca --- /dev/null +++ b/playbooks.d/seaweedfs-volume/description.txt @@ -0,0 +1 @@ +Scalable object storage cluster diff --git a/playbooks.d/seaweedfs-volume/etc/defaults b/playbooks.d/seaweedfs-volume/etc/defaults new file mode 100644 index 0000000..2578831 --- /dev/null +++ b/playbooks.d/seaweedfs-volume/etc/defaults @@ -0,0 +1 @@ +svc.seaweedfs-master=seaweedfs-master diff --git a/playbooks.d/seaweedfs-volume/playbook.bash b/playbooks.d/seaweedfs-volume/playbook.bash new file mode 100644 index 0000000..8485ba0 --- /dev/null +++ b/playbooks.d/seaweedfs-volume/playbook.bash @@ -0,0 +1,105 @@ +#!/usr/bin/env bash + +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.dc]="required" +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ip]="required" +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.rack]="required" + +playbook_add() { + local buffer + + # Make sure seaweedfs is installed + "$BASHTARD_BIN" add seaweedfs || true + + # Generate systemd unit files + case "${BASHTARD_PLATFORM[init]}" in + systemd) + cat <<-EOF > "$(config "fs.etcdir")/systemd/system/seaweedfs-volume@.service" + [Unit] + Description=SeaweedFS Volume + After=network.target + + [Service] + Type=simple + User=root + Group=root + + ExecStart=$(config "fs.bindir")/weed volume -options="$(config "fs.etcdir")/seaweedfs/volume-%i.conf" + WorkingDirectory=/var/lib/seaweedfs/volume/%i + SyslogIdentifier=seaweedfs + + [Install] + WantedBy=multi-user.target + EOF + ;; + *) die "NYI" + esac + + # Perform initial configuration + playbook_sync + + # Start services + while read -r volume + do + systemctl enable --now "seaweedfs-volume@$volume" + done < <(config_subkeys "$BASHTARD_PLAYBOOK.volumes") +} + +playbook_sync() { + local buffer + local conf + local peers=() + local hash + + buffer="$(tmpfile)" + + # Add all registered seaweedfs-master nodes as peers + while read -r host + do + peers+=("[$(config_for "$(basename "$host")" "seaweedfs-master.ip")]:$(config_for "$(basename "$host")" "seaweedfs-master.port" "9333")") + done < <(grep -FHl "seaweedfs-master" "$BASHTARD_ETCDIR/registry.d"/*) + + while read -r volume + do + conf="$(config "fs.etcdir")/seaweedfs/volume-$volume.conf" + hash="$(file_hash "$conf")" + + info "$BASHTARD_PLAYBOOK/sync/$volume" "Updating $conf" + + # Generate config file + file_template "volume.conf" \ + dc="$(config "$BASHTARD_PLAYBOOK.dc")" \ + dir="/var/lib/seaweedfs/volume/$volume" \ + disk="$(config "$BASHTARD_PLAYBOOK.volume.$volume.disk" "hdd")" \ + max="$(config "$BASHTARD_PLAYBOOK.volume.$volume.max" "0")" \ + free_space="$(config "$BASHTARD_PLAYBOOK.free-space" "10GiB")" \ + filesize_limit="$(config "$BASHTARD_PLAYBOOK.filesize-limit" "256")" \ + ip="$(config "$BASHTARD_PLAYBOOK.ip")" \ + mserver="$(join_args "${peers[@]}")" \ + port="$(config "$BASHTARD_PLAYBOOK.volume.$volume.port" "8080")" \ + rack="$(config "$BASHTARD_PLAYBOOK.rack")" \ + > "$buffer" + + # Write config file + [[ "$(file_hash "$buffer")" == "$hash" ]] && continue + info "$BASHTARD_PLAYBOOK/sync/$volume" "Configuration file changed" + mv -- "$buffer" "$conf" + + # Restart volume server + info "$BASHTARD_PLAYBOOK/sync/$volume" "Restarting volume $volume" + [[ "$BASHTARD_ACTION" == "sync" ]] && systemctl restart "seaweedfs-volume@$volume" + done < <(config_subkeys "$BASHTARD_PLAYBOOK.volumes") +} + +playbook_del() { + # Stop services + while read -r volume + do + systemctl disable --now "seaweedfs-volume@$volume" + done < <(config_subkeys "$BASHTARD_PLAYBOOK.volumes") + + # Remove systemd unit file + rm -fr -- "$(config "fs.etcdir")/systemd/system/seaweedfs-volume@.service" + + # Remove configuration files + rm -fr -- "$(config "fs.etcdir")/seaweedfs/volume.conf" +} diff --git a/playbooks.d/seaweedfs-volume/share/volume.conf b/playbooks.d/seaweedfs-volume/share/volume.conf new file mode 100644 index 0000000..d659faa --- /dev/null +++ b/playbooks.d/seaweedfs-volume/share/volume.conf @@ -0,0 +1,12 @@ +ip=[${ip}] +port=${port} +mserver=${mserver} + +dataCenter=${dc} +rack=${rack} +disk=${disk} + +dir=${dir} +max=${max} +minFreeSpace=${free_space} +fileSizeLimitMB=${filesize_limit} diff --git a/playbooks.d/seaweedfs/description.txt b/playbooks.d/seaweedfs/description.txt new file mode 100644 index 0000000..d14afca --- /dev/null +++ b/playbooks.d/seaweedfs/description.txt @@ -0,0 +1 @@ +Scalable object storage cluster diff --git a/playbooks.d/seaweedfs/etc/defaults b/playbooks.d/seaweedfs/etc/defaults new file mode 100644 index 0000000..ac67585 --- /dev/null +++ b/playbooks.d/seaweedfs/etc/defaults @@ -0,0 +1 @@ +svc.seaweedfs=seaweedfs diff --git a/playbooks.d/seaweedfs/playbook.bash b/playbooks.d/seaweedfs/playbook.bash new file mode 100644 index 0000000..7405cb5 --- /dev/null +++ b/playbooks.d/seaweedfs/playbook.bash @@ -0,0 +1,47 @@ +#!/usr/bin/env bash + +playbook_add() { + local dl_arch + local dl_baseurl + local dl_binary + local dl_version + + # Install seaweedfs + case "${BASHTARD_PLATFORM[arch]}" in + x86_64) dl_arch=amd64 ;; + *) die "NYI" ;; + esac + + dl_baseurl="https://github.com/seaweedfs/seaweedfs/releases/download" + dl_binary="$(printf "%s_%s.tar.gz" "${BASHTARD_PLATFORM[os]}" "$dl_arch")" + dl_version="$(config "$BASHTARD_PLAYBOOK.version" "3.63")" + + buffer="$(tmpdir)" + + chgdir "$buffer" + + info "$BASHTARD_PLAYBOOK/add" "Fetching $dl_baseurl/$dl_version/$dl_binary" + curl -L "$dl_baseurl/$dl_version/$dl_binary" > "$dl_binary" + + tar xzf "$dl_binary" + mv -v -- "weed" "$(config "fs.bindir")/weed" + + # Create mount.weed symlink + ln -fsv "$(config "fs.bindir")/weed" "$(config "fs.bindir")/mount.weed" + + # Create directories used by seaweedfs + mkdir -pv -- "$(config "fs.etcdir")/seaweedfs" +} + +playbook_sync() { + :; +} + +playbook_del() { + # Remove configuration files + rm -fr -- "$(config "fs.etcdir")/seaweedfs" + + # Remove downloaded binary and symlinks + rm -fr -- "$(config "fs.bindir")/weed" + rm -fr -- "$(config "fs.bindir")/mount.weed" +} diff --git a/playbooks.d/seaweedfs/share/master.conf b/playbooks.d/seaweedfs/share/master.conf new file mode 100644 index 0000000..fb72a28 --- /dev/null +++ b/playbooks.d/seaweedfs/share/master.conf @@ -0,0 +1,8 @@ +ip=${ip} +port=${port} + +peers=${peers} +mdir=${mdir} + +defaultReplication=${replication} +volumeSizeLimitMB=${volume_size} diff --git a/playbooks.d/seaweedfs/share/server.conf b/playbooks.d/seaweedfs/share/server.conf new file mode 100644 index 0000000..12be6fa --- /dev/null +++ b/playbooks.d/seaweedfs/share/server.conf @@ -0,0 +1,14 @@ +dir=${datadir} +ip=${ip} + +master=true +master.volumeSizeLimitMB=${volume_size} + +filer=true + +s3=true + +volume=true +volume.disk=hdd +volume.max=0 +volume.minFreeSpace=${reserved_space} diff --git a/playbooks.d/ssh/playbook.bash b/playbooks.d/ssh/playbook.bash index 12f6bb6..66d5963 100644 --- a/playbooks.d/ssh/playbook.bash +++ b/playbooks.d/ssh/playbook.bash @@ -13,7 +13,7 @@ playbook_add() { playbook_sync() { info "$BASHTARD_PLAYBOOK" "Templating sshd_config" - file_template "sshd_config" \ + file_template "sshd_config.satpl" \ "sftp=$(config "ssh.sftp")" \ > /etc/ssh/sshd_config @@ -26,7 +26,7 @@ playbook_sync() { fi info "$BASHTARD_PLAYBOOK" "Generating MotD" - file_template "motd" \ + file_template "motd.satpl" \ "fqdn=${BASHTARD_PLATFORM[fqdn]}" \ "time=$(date -u "+%FT%T")" \ > /etc/motd diff --git a/playbooks.d/ssh/share/motd b/playbooks.d/ssh/share/motd.satpl index 7fc4e34..7fc4e34 100644 --- a/playbooks.d/ssh/share/motd +++ b/playbooks.d/ssh/share/motd.satpl diff --git a/playbooks.d/ssh/share/sshd_config b/playbooks.d/ssh/share/sshd_config.satpl index 900ed34..8a9f2db 100644 --- a/playbooks.d/ssh/share/sshd_config +++ b/playbooks.d/ssh/share/sshd_config.satpl @@ -28,6 +28,6 @@ Match User tyil PubkeyAuthentication yes # Allow public key authentication over VPN -Match Address 10.57.0.0/16 +Match Address 10.57.0.0/16,10.58.0.0/16,fd68:1057:1992:3381::/64,fd68:1058:1992:3381::/64 PubkeyAuthentication yes PermitRootLogin prohibit-password diff --git a/playbooks.d/user-tyil/share/gittab.d/vim b/playbooks.d/user-tyil/share/gittab.d/vim index 4e294f4..dca9751 100644 --- a/playbooks.d/user-tyil/share/gittab.d/vim +++ b/playbooks.d/user-tyil/share/gittab.d/vim @@ -1,7 +1,7 @@ # Local name Remote URL Branch feature-camelcasemotion https://github.com/tyil/camelcasemotion.git master feature-rainbow-parenthesis https://github.com/luochen1990/rainbow master -syntax-todo https://github.com/freitass/todo.txt-vim.git master +syntax-go https://github.com/fatih/vim-go master syntax-hcl https://github.com/jvirtanen/vim-hcl.git main syntax-helm https://github.com/towolf/vim-helm master syntax-ledger https://github.com/ledger/vim-ledger master @@ -9,8 +9,9 @@ syntax-markdown https://github.com/plasticboy/vim-markdown syntax-mustache https://github.com/mustache/vim-mustache-handlebars master syntax-raku https://github.com/raku/vim-raku.git master syntax-terraform https://github.com/hashivim/vim-terraform master +syntax-todo https://github.com/freitass/todo.txt-vim.git master syntax-toml https://github.com/cespare/vim-toml.git main +theme-codedark https://github.com/tomasiser/vim-code-dark master theme-colorsbox https://github.com/mkarmona/colorsbox.git master theme-jellybeans https://github.com/nanotech/jellybeans.vim.git master theme-molokai https://github.com/tomasr/molokai.git master -theme-codedark https://github.com/tomasiser/vim-code-dark master diff --git a/playbooks.d/vpn-tinc/playbook.bash b/playbooks.d/vpn-tinc/playbook.bash index 9cce9a6..6a6a957 100644 --- a/playbooks.d/vpn-tinc/playbook.bash +++ b/playbooks.d/vpn-tinc/playbook.bash @@ -1,69 +1,86 @@ #!/usr/bin/env bash +# shellcheck disable=SC2034 + +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ipv4]="required" +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ipv6]="required" +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.name]="required" + playbook_add() { - local tinc="$(config "app.tinc")" - local tincd="$(config "app.tincd")" - local dir="$(config "fs.etcdir")/tinc/tyilnet" - local name="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")" - local ipv4="$(config "vpn.ipv4")" - - if [[ -z "$ipv4" ]] - then - emerg "$BASHTARD_PLAYBOOK" "No IPv4 address set for ${BASHTARD_PLATFORM[fqdn]}" - return 2 - fi + local data + local etc + local host + local iptool + local ipv4 + local ipv6 + local name + local tinc + local tincd + + data="$(playbook_path "data")" + etc="$(config "fs.etcdir")/tinc/tyilnet" + host="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")" + ipv4="$(config "$BASHTARD_PLAYBOOK.ipv4")" + ipv6="$(config "$BASHTARD_PLAYBOOK.ipv6")" + name="$(config "$BASHTARD_PLAYBOOK.name")" + tinc="$(config "app.tinc")" + tincd="$(config "app.tincd")" case "${BASHTARD_PLATFORM[key]}" in freebsd) iptool=ifconfig ;; *) iptool=ip esac - info "$BASHTARD_PLAYBOOK" "Installing tinc" + info "$BASHTARD_PLAYBOOK/add" "Installing tinc" pkg install "tinc" - info "$BASHTARD_PLAYBOOK" "Creating tinc configuration at $dir" + info "$BASHTARD_PLAYBOOK/add" "Creating tinc configuration at $etc" + mkdir -pv -- \ - "$dir" \ - "$dir/hosts" + "$etc" \ + "$etc/hosts" file_template tinc.conf \ - "name=$name" \ - > "$dir/tinc.conf" + "name=$host" \ + > "$etc/tinc.conf" file_template "tinc-up-$iptool" \ - "ip4=$(config "vpn.ipv4")" \ - > "$dir/tinc-up" + "ip4=$ipv4" \ + "ip6=$ipv6" \ + > "$etc/tinc-up" file_template "tinc-down-$iptool" \ - "ip4=$(config "vpn.ipv4")" \ - > "$dir/tinc-down" + "ip4=$ipv4" \ + "ip6=$ipv6" \ + > "$etc/tinc-down" file_template "host" \ - "ip4=$(config "vpn.ipv4")" \ - > "$dir/hosts/$name" + "ip4=$ipv4" \ + "ip6=$ipv6" \ + > "$etc/hosts/$host" chmod +x \ - "$dir/tinc-up" \ - "$dir/tinc-down" + "$etc/tinc-up" \ + "$etc/tinc-down" - info "$BASHTARD_PLAYBOOK" "Generating private keys" + info "$BASHTARD_PLAYBOOK/add" "Generating private keys" case "$($tincd --version | awk '{ print $3 }' | head -n1)" in 1.0*) - $tincd -n tyilnet -K4096 + $tincd -n "$name" -K4096 ;; 1.1*|*) - $tinc -n tyilnet generate-rsa-keys 4096 - $tinc -n tyilnet generate-ed25519-keys + $tinc -n "$name" generate-rsa-keys 4096 + $tinc -n "$name" generate-ed25519-keys ;; esac - info "$BASHTARD_PLAYBOOK" "Adding new host to Bashtard configs" - + info "$BASHTARD_PLAYBOOK/add" "Adding new host to Bashtard configs" + mkdir -pv -- "$data/hosts" cp -v -- \ - "$dir/hosts/$name" \ - "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/hosts/$name" + "$etc/hosts/$host" \ + "$data/hosts/$host" playbook_sync @@ -71,22 +88,22 @@ playbook_add() case "${BASHTARD_PLATFORM[key]}" in freebsd) - if ! grep -Fq 'tincd_cfg="tyilnet"' "/etc/rc.conf.d/tincd" + if ! grep -Fq 'tincd_cfg="'"$name"'"' "/etc/rc.conf.d/tincd" then - printf 'tincd_cfg="%s"\n' "tyilnet" >> "/etc/rc.conf.d/tincd" + printf 'tincd_cfg="%s"\n' "$name" >> "/etc/rc.conf.d/tincd" fi ;; linux-gentoo) - if ! grep -Fq "NETWORK: tyilnet" /etc/conf.d/tinc.networks + if ! grep -Fq "NETWORK: $name" /etc/conf.d/tinc.networks then - printf "NETWORK: %s\n" "tyilnet" >> /etc/conf.d/tinc.networks + printf "NETWORK: %s\n" "$name" >> /etc/conf.d/tinc.networks fi ;; esac case "${BASHTARD_PLATFORM[init]}" in systemd) - systemctl enable --now tinc@tyilnet.service + systemctl enable --now "tinc@$name.service" ;; *) svc enable "tinc" @@ -97,28 +114,39 @@ playbook_add() playbook_sync() { - local dir="$(config "fs.etcdir")/tinc/tyilnet" - local name="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")" + local data + local etc + local hash local host + local iptool + local name + + data="$(playbook_path "data")" + etc="$(config "fs.etcdir")/tinc/$(config "$BASHTARD_PLAYBOOK.name")" + hash="$(dir_hash "$etc/hosts")" + host="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")" + name="$(config "$BASHTARD_PLAYBOOK.name")" info "$BASHTARD_PLAYBOOK" "Regenerating tinc hosts" - rm -fr -- "$dir/hosts" - mkdir -p -- "$dir/hosts" + rm -fr -- "$etc/hosts" + mkdir -p -- "$etc/hosts" - for path in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/hosts"/* + for path in "$data/hosts"/* do - host="$(basename "$path")" + file="$(basename "$path")" - notice "$BASHTARD_PLAYBOOK" "Updating host $host" - file_template "hosts/$host" \ - > "$dir/hosts/$host" + notice "$BASHTARD_PLAYBOOK" "Updating host $file" + cp -v -- "$data/hosts/$file" "$etc/hosts/$file" done [[ "$BASHTARD_COMMAND" == "add" ]] && return + [[ "$hash" == "$(dir_hash "$etc/hosts")" ]] && return + + info "$BASHTARD_PLAYBOOK" "Reloading service" case "${BASHTARD_PLATFORM[init]}" in systemd) - systemctl reload tinc@tyilnet.service + systemctl reload "tinc@$name.service" ;; *) svc reload "tinc" @@ -128,9 +156,15 @@ playbook_sync() playbook_del() { + local etc + local name + + etc="$(config "fs.etcdir")" + name="$(config "$BASHTARD_PLAYBOOK.name")" + case "${BASHTARD_PLATFORM[init]}" in systemd) - systemctl disable --now tinc@tyilnet.service + systemctl disable --now "tinc@$name.service" ;; *) svc stop "tinc" @@ -140,5 +174,5 @@ playbook_del() pkg uninstall "tinc" - rm -frv -- "$(config "fs.etcdir")/tinc/tyilnet" + rm -frv -- "$etc/tinc/$name" } diff --git a/playbooks.d/vpn-tinc/share/host b/playbooks.d/vpn-tinc/share/host index c24d4ad..627aab6 100644 --- a/playbooks.d/vpn-tinc/share/host +++ b/playbooks.d/vpn-tinc/share/host @@ -1,2 +1,3 @@ Subnet = ${ip4}/32 +Subnet = ${ip6}/128 diff --git a/playbooks.d/vpn-tinc/share/hosts/anoia_tyil_net b/playbooks.d/vpn-tinc/share/hosts/anoia_tyil_net deleted file mode 100644 index 4856c95..0000000 --- a/playbooks.d/vpn-tinc/share/hosts/anoia_tyil_net +++ /dev/null @@ -1,16 +0,0 @@ -Subnet = 10.57.100.3/32 - ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEAvcW/20fxgdGdNelD/eMwEpLChI03rvDbPHAp9en3cwlYaND40udO -VxjRXj0rE9IA4N0f+o8oJdmG+mzl5Dd3rKXVnBnRymKzpNJ2w+cILPm1sQa6IO85 -F+7Q5v7lb5yFuy3JVi+tg4nqL+xHSZL6w/oPX667bR90oBJEd7C+U7p7r8DXvyHq -cg9U1maDmZ0IzZtl6BxsjyfUr0o6xBtw+pCSIvOXW5xd4mfBPgvp+3nIcux6nek3 -VR6SJ85aXlYZxER23N13Vi3dGUJSIaBPN5MuS3IHBbAP/Feeyo8p4SCzl0AMfo/K -+ZGcheL/NX7EVGg4XcZNgFaTBpusScOfxiRlzAeImomiQwKIywXp1otCn6dKIDj0 -jj146Dodf2nHRbTQj7H/2zyiRDjY/tpis/xTVA5AJu+p5aaXBA/eSb4H1OKL5qYs -38/bUiUJTSbpWvC9WiHq/xi5GSs+3ehDara89yXXhunWLsqvSZOZacqeZQw8k+ip -pNcnXbbtS0zqNQie3OEKY9qqOGKzjUiYu8yWJ4eo370XzlQ9sUgGfKmwCcc2c2jX -Rrhjck+4DGeRA10oJpoxKArPaWrGWezIHJ49Jrc+xiTJ5EMVqOpuGvL5lrKn7g6y -qYk1u6x0We1nCkMNN2LxrmL6j3p6PKRbWg7bczqPO4uEyT/575Ih2ssCAwEAAQ== ------END RSA PUBLIC KEY----- -Ed25519PublicKey = 7jy41lK2S4BzhUVSAmULDSiZ9NQM4eQ0Geg2+F9pTpG diff --git a/playbooks.d/vpn-tinc/share/hosts/denahnu_tyil_net b/playbooks.d/vpn-tinc/share/hosts/denahnu_tyil_net deleted file mode 100644 index acc2038..0000000 --- a/playbooks.d/vpn-tinc/share/hosts/denahnu_tyil_net +++ /dev/null @@ -1,16 +0,0 @@ -Address = 81.2.254.110 -Subnet = 10.57.20.4/32 - ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEApFXqCta82BLknLg9jI4ZLmjROl9S9worvIo4hQeDFtZrKlelfx8f -RwfT9xF4YwI688FAlmZcGc1iRUTuCt+Pfbc+Lws6Kw1U/QIqAnga80chLzOkwPxV -idZyMPpZ0nWc/XCj63znozr6KGPVgibNKB3p/qGI7f00CVWJHlff7knAmCiShxyK -z+d7WglolSv7H7QE0Qz5tyMq7zkeide2MINd8Es+UpM4RpJHNIjFZmXm+lmfk/mW -fYYIi0z7dbOv+9fKdgljyAahL+sKIH1lfVTIaywY50eq7rAuG0UrA6/HXrNS9Hs2 -LNPfUcDVQLwqM+ZTCbVykQ29/EyU28RRwDM/L85NY6YFSvCv35lqaeo+PokTFMI4 -Dzro+IyEI4VvCQ4CeA8085HVTErnVMCRI4hwooyuBBmiKVB62KfHDD6D5J49dg8A -NzSkjmx1tqF+B8bOpk+gHJsk2ZXc1oU44S+1ydG7SdbqF2KWufpr9DIVIkTL64Cl -9ymrmdW86NYTpsvUJVdqw+RW+hE55vUPr+/0mMkNVFdWy56EICxKqhW+wN80CxNE -raiNuFWqKPxw3yrAomsgPIuH/a3bmqsTzHb5Rmkw5nArWqSENagF5tVFSBUcZkWb -6wwu/ourq6q1HXwP3Z9/03quelwKqmjPxwUCkl7CYeo8um1tjANeZvUCAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/playbooks.d/vpn-tinc/share/hosts/gaeru_tyil_net b/playbooks.d/vpn-tinc/share/hosts/gaeru_tyil_net deleted file mode 100644 index eba305b..0000000 --- a/playbooks.d/vpn-tinc/share/hosts/gaeru_tyil_net +++ /dev/null @@ -1,16 +0,0 @@ -Address = 37.48.120.26 -Subnet = 10.57.20.6/32 - ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA9NUrWO0L8lqrfs4BgZsLdfJZPfKx+Fi8P4k79CIBuVfkQ4OzJmoV -ahupoOo5edjYLJK09epa9zFRc1DuaotYC7Wm9DdIF82WNZXN9x/Mvuq06WaKXBdj -iTJKbYfVN/yv8Xfjzfp4DH3txwsq+9AuICHJkHOmb0lsDinpfbmP8C8ozBnutrLM -XGaIzXzkV2NbunyjaiR7dho5+4P6wedck+IV63KRzepbX36OW9xImmEEpBPeMPzd -VOgWs35FIgnE5uumXXfIax9CA9wFahvMYUlQbxA6kCg9PTteM3C44udFx8DxzGcR -giKEbfxjcZ4pK9JG+LTxNZC2BK1gsUNw8sX6mEEY496cs0T10RWzRZM/HvMIpj1W -5i72yh6kc8ieSr9hGIkm/oM/gwrFeC11PZQKis1P/0O5j7Lv6S7u6Edrpy/+WziV -Yk10eZXzHcFuVAh9+wQUeD3v4bMQA/mE8RPI9JX4Xkpbu1LOhtglEwFU1CWlG179 -B990cfr3cjJkTqS7qEfWuNh2lQd4iwpgqyPZB7Dd7tHT5EKEZSZ+4+w9Xo8xfy0v -7pdfImVHZ1PGVEsRk6AZZqcVcCRrjbKfqqL0m9JmB8vV5L3oZL/mXhFkh52aRMeZ -tzODNlBH0LW2TVVrBw3DJxFyRCRYjk4At8jagVe9fYM4ERkTQxqCFi0CAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/playbooks.d/vpn-tinc/share/hosts/hurzak_tyil_net b/playbooks.d/vpn-tinc/share/hosts/hurzak_tyil_net deleted file mode 100644 index d55cf55..0000000 --- a/playbooks.d/vpn-tinc/share/hosts/hurzak_tyil_net +++ /dev/null @@ -1,16 +0,0 @@ -Address = 178.162.131.11 -Subnet = 10.57.20.7/32 - ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEAmL0UOj+pMAV7R1Lq0rj3D+oGRnp5fz1q+jtbK3janX7gz0lFcXA8 -k6nOAzwksihQ9QfPLa0NEFpZ8PbLZP1mTFCf4f+1RWy9S2o4hLEzi+Ka8h/X54oH -jOcEZQd7hGpwDGvU/lTG+1Iofh4NAsuiKIS/pT58fZ8WIGDIbL5PHYGas44MEJX6 -BXn9CJx8kzktFGJ27isCrl93kueSqp9ajNCCsmoisJxxdyxG8L+iWktuusTOoi31 -IhmKqhA9wf87p5bYJ7Ae1079OXT7RxjExG+z2C9s6UouxDEmI2oXtmn5luRQkikw -T/nV29NJoUETcgVgrW3LHKr25cbXoaeosIgRsD6bLs0plOzECNrpl+/7ZKhr86M0 -ZynJyfoAWFVKaCHSqD9Js5HH13U7oOpTPMIZgZO0CwtESeUE1z7j4xNPMF8x9Ajg -E7zny0SVO5JJNPqy6WFa1s5fWjU4YlFZKPG2jpIBqgw/unOCywQlQlrJH26Oo8RF -5l9ccLmdQY2HWIpeY/BCEBCAZnsEt1/dV82HvgDeULXDyUOmpPgaNzCH445lzsg6 -xKtAyWt32VWS9x/OdAflmeHvKk+GM7g0X7g7IxCzkLRMYSn3M87IBKQ/cjE7yg50 -CbaLBdiDc3tVmR90fRalt/7PCccPychrFRFzE7E1/RIJKzqh6JTHUVkCAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/playbooks.d/vpn-tinc/share/hosts/ivdea_tyil_net b/playbooks.d/vpn-tinc/share/hosts/ivdea_tyil_net deleted file mode 100644 index 17f8c89..0000000 --- a/playbooks.d/vpn-tinc/share/hosts/ivdea_tyil_net +++ /dev/null @@ -1,16 +0,0 @@ -Subnet = 10.57.100.8/32 - - ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA1cPD37/K8EHfro9L/qmEGcG7Ivu6Lvc9K9ry2f6YAjvLQHAwFrf3 -WXOHwg+x6aaE8Us7f2gHs8tU4NMNz4ggSIOesDOSUrVPOrrvZJnDaPzl8+bIOCrq -WOlgmo3RJv4w9G0QGmE7QGK2nX/gA05zaAMDP7Jd+yh7ohtYosth3/j/hetRdLD4 -j6D9tuwGKoQND3rlc7P4QV9bMM1wvKw63hj08YowBzD5GkYN+J833ZN2wmRqAvLp -cRnELg/UqSp0wu0l5VJImi8oz59zGzWPzxFBakemjCkM7xVe5LKK3ZkjwojWDTqG -BQXnhInrFplDm6j+A+jM1iOLwhwg1LbWthhzvrvZd68Dl3oBAsmRM8YmY7RjDpNW -nhqPWen5fum9kURwczY9GLj5GcRkBjEXVTU3KTpYKXeTZrRc3HT69WbbzdfXNKYj -aKRdL/OJZG4hNZFRgPHJP1svNrf4DLZiWIoAjeAdgXcHih1cUi2rP530YvRaajwT -FFDgcfRdWp00WQUkJ8Fcl//rynnZWjHSi4NXTsB7qVvdFClNqglxVewzBgBkriEO -n7SIXz6iNTaKLD63YaUY4oiqg4yY12P6ggY6U2atcXmK1g9syaYTIVD6MAA7XDxY -uI88cs2AZnjLsfpW4p7TD90r1qRZjbkguLhy71cEaIZMbH+H/8eAyD0CAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/playbooks.d/vpn-tinc/share/hosts/jaomox_tyil_net b/playbooks.d/vpn-tinc/share/hosts/jaomox_tyil_net deleted file mode 100644 index c1b7faa..0000000 --- a/playbooks.d/vpn-tinc/share/hosts/jaomox_tyil_net +++ /dev/null @@ -1,16 +0,0 @@ -Address = 163.172.218.246 -Subnet = 10.57.21.1/32 - ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA1hTIMQha2vUVy0c8Ci5jF06T62IDDj9FhBtDBKOsvlZ1Lzh9OsqH -x7blL0WNBDoqmgyX0RdDwUIqnMOttMFK4y6ARY50Yw+s8m2uy3i9FgRUn2Y+Qjc8 -SmFh1fKt9yThKfBFDhUmTW0vjXlWR3jf77QB1PAJzk8wRmDx0GbBzcrsRMBrKc9a -rUN5mXz96xjkzq4vsAQ8W8aa4OmTR+oZcSe5iGzksXoh5BxmV8WjHK5ZpjuNi6qt -t1pWWanq3DG44/5pfvobULDh2Z1b8dV4oTGZW9CFFHmjOve5f+AQuy6nnFX9FH6R -dQ41GRCt3FFGMiCmej1BErPW2dE53A618vmcdd0J5Tt41TXX3oJo+gw3F1R5pNV7 -rd6hg634Iyx5y3JIJh9gQXbygCAnq32vtI6/j60MyGHk2Iu6KjfhtN56X/PRnJxa -G2swLdJtUi11WgEhEdBd2x3l3P46eVj4YS48d3J++9mFKZ+ejoKosc7u5Xaj055I -q0fQudOZswD4i8JT5cn7VFYAZSM+Po9Yxq9tfaIm5jld4f/XJGYL39lXBrUTFBWh -PFXDrb35MstSVgHWlKtsLJj+Por4K5NxHdUHRIsOaMGem5GgOYos0AvkLYiQngey -noZ41YSSyJwitHefW46+PKmx5MVlcMcwDOSpvZImTphnlKEttg9/RwMCAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/playbooks.d/vpn-tinc/share/hosts/krohxe_tyil_net b/playbooks.d/vpn-tinc/share/hosts/krohxe_tyil_net deleted file mode 100644 index 0655f39..0000000 --- a/playbooks.d/vpn-tinc/share/hosts/krohxe_tyil_net +++ /dev/null @@ -1,16 +0,0 @@ -Subnet = 10.57.20.8/32 - - ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA0kL+MH9xOLAKrwUF17a642QLnU+72xbxiFtbWFXGIj17hlcqiOAv -NqWFO1EzroRgaNzqdufMik7G7MFzrGG+7/fziC5Vj7A7UMi+8F8ig1tKLpqe0/+f -DqQfbU0tPaPPPc95lEYOU4j50ALBNAZLNaP5a0BIN7N+Bj0JQNTah1u45mdIMQh2 -LpIkbe5MWaVcVvh61l5mxM/+rsU8lJE4+SmOuFJZ+7bzsbtQf5mPc4kF8aqPoMle -XuizHguphe3CrZgOvvmAVvrV9O7FvpFHlJcmt4FkyEZ0e8l0h9/YKHx94py4STa2 -O3zFJFHf4zVAIzSx+1mVV08aulcIGjTpHLSIlAuQ1kqEI8lGfcCawyMCPdcRzWKJ -eo7fo8/slzg9O/Id/uZwlDltnBXI4053bhjsglEfm/zZHog00IR/rSXuiqJLV+Th -8uNRGXezB/frVn58w8dbOuPDzsVTLNeDeZJHrKRxTn/bwVFLrG25ow9qMgr/mqaP -sA6PjBnw01SkBUJY6fmowip9YcQTOjlauUR6w/F70aOIqT65M1ralSVmWAUFCKRz -KYOaOPHfpQQVxQaDnUKPiDyF8YoP9zoocyh5BnBEKP6ctYZkZd3i5naJ1SG16R5j -U9iMnzo/uKG1CAP7jnM7IGZ6XhlHchst5LxVAm2cGT8apEWJOvFnqOMCAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/playbooks.d/vpn-tinc/share/tinc-up-ifconfig b/playbooks.d/vpn-tinc/share/tinc-up-ifconfig index 66c897e..6f040d1 100644 --- a/playbooks.d/vpn-tinc/share/tinc-up-ifconfig +++ b/playbooks.d/vpn-tinc/share/tinc-up-ifconfig @@ -1,3 +1,4 @@ #!/bin/sh ifconfig "$INTERFACE" inet ${ip4} netmask 255.255.0.0 +ifconfig "$INTERFACE" inet ${ip6} netmask 255.255.0.0 diff --git a/playbooks.d/vpn-tinc/share/tinc-up-ip b/playbooks.d/vpn-tinc/share/tinc-up-ip index 191d310..105d8a5 100644 --- a/playbooks.d/vpn-tinc/share/tinc-up-ip +++ b/playbooks.d/vpn-tinc/share/tinc-up-ip @@ -1,5 +1,6 @@ #!/bin/sh ip -4 addr add "${ip4}/16" dev "$INTERFACE" +ip -6 addr add "${ip6}/64" dev "$INTERFACE" ip link set "$INTERFACE" up diff --git a/playbooks.d/vpn-tinc/share/tinc.conf b/playbooks.d/vpn-tinc/share/tinc.conf index 89ccdfd..11696a7 100644 --- a/playbooks.d/vpn-tinc/share/tinc.conf +++ b/playbooks.d/vpn-tinc/share/tinc.conf @@ -1,7 +1,10 @@ Name = ${name} ConnectTo = caeghi_tyil_net -ConnectTo = denahnu_tyil_net +ConnectTo = faiwoo_tyil_net ConnectTo = gaeru_tyil_net -ConnectTo = hurzak_tyil_net ConnectTo = jaomox_tyil_net +ConnectTo = mieshu_tyil_net +ConnectTo = nouki_tyil_net +ConnectTo = oolah_tyil_net +ConnectTo = qohrei_tyil_net diff --git a/playbooks.d/vpn-wireguard/description.txt b/playbooks.d/vpn-wireguard/description.txt new file mode 100644 index 0000000..da242c7 --- /dev/null +++ b/playbooks.d/vpn-wireguard/description.txt @@ -0,0 +1 @@ +A meshed VPN through Wireguard diff --git a/playbooks.d/vpn-wireguard/etc/defaults b/playbooks.d/vpn-wireguard/etc/defaults new file mode 100644 index 0000000..178e2fd --- /dev/null +++ b/playbooks.d/vpn-wireguard/etc/defaults @@ -0,0 +1 @@ +pkg.wireguard=wireguard diff --git a/playbooks.d/vpn-wireguard/etc/os.d/linux-gentoo b/playbooks.d/vpn-wireguard/etc/os.d/linux-gentoo new file mode 100644 index 0000000..91a9c37 --- /dev/null +++ b/playbooks.d/vpn-wireguard/etc/os.d/linux-gentoo @@ -0,0 +1 @@ +pkg.wireguard=net-vpn/wireguard-tools diff --git a/playbooks.d/vpn-wireguard/playbook.bash b/playbooks.d/vpn-wireguard/playbook.bash new file mode 100644 index 0000000..734761d --- /dev/null +++ b/playbooks.d/vpn-wireguard/playbook.bash @@ -0,0 +1,119 @@ +#!/usr/bin/env bash + +# shellcheck disable=SC2034 + +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.endpoint]="required" +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ipv4]="required" +BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ipv6]="required" + +playbook_add() { + local data + local interface + + data="$(playbook_path "data")" + interface="$(config "$BASHTARD_PLAYBOOK.interface" "wg0")" + + pkg install wireguard + + # If there's no data directory yet, make it with a proper gitignore to ensure + # the private key is not included + if [[ ! -d "$data" ]] + then + mkdir -pv -- "$data" "$data/hooks" "$data/peers" + cat <<-EOF >> "$data/.gitignore" + privkey + EOF + fi + + # Generate the private key for this machine + ( umask 077 && wg genkey > "$data/privkey" ) + + # Generate the peerfile for this machine + file_template "peer" \ + endpoint="$(config "$BASHTARD_PLAYBOOK.endpoint")" \ + ipv4="$(config "$BASHTARD_PLAYBOOK.ipv4")" \ + ipv6="$(config "$BASHTARD_PLAYBOOK.ipv6")" \ + keepalive="$(config "$BASHTARD_PLAYBOOK.keepalive" "0")" \ + port="$(config "$BASHTARD_PLAYBOOK.port" "51820")" \ + pubkey="$(wg pubkey < "$data/privkey")" \ + > "$data/peers/${BASHTARD_PLATFORM[fqdn]}" + + # Run the sync stage to make sure all the configuration files are written as + # desired + playbook_sync + + # Enable the wireguard interface + info "$BASHTARD_PLAYBOOK" "Enabling wireguard interface $interface" + systemctl enable --now "wg-quick@$interface.service" +} + +playbook_sync() { + local data + local wgconf + local interface + local hash + + data="$(playbook_path "data")" + interface="$(config "$BASHTARD_PLAYBOOK.interface" "wg0")" + wgconf="$(config "fs.etcdir")/wireguard/$interface.conf" + hash="$(file_hash "$wgconf")" + + # Create the wireguard config directory + mkdir -pv "$(config "fs.etcdir")/wireguard" + + info "$BASHTARD_PLAYBOOK" "Generating wireguard configuration at $wgconf" + + # Write the Interface section + file_template "interface" \ + ipv4="$(config "$BASHTARD_PLAYBOOK.ipv4")" \ + ipv6="$(config "$BASHTARD_PLAYBOOK.ipv6")" \ + port="$(config "$BASHTARD_PLAYBOOK.port" "51820")" \ + privkey="$(cat "$data/privkey")" \ + > "$wgconf" + + if [[ -f "$data/hooks/post-up" ]] + then + printf "PostUp = %s\n" "$data/hooks/post-up" >> "$wgconf" + fi + + if [[ -f "$data/hooks/pre-down" ]] + then + printf "PreDown = %s\n" "$data/hooks/pre-down" >> "$wgconf" + fi + + # Include peerfiles for all other machines + for path in "$data/peers"/* + do + local peer="$(basename "$path")" + + # Skip the machine itself, as it needs not peer with itself + [[ "$peer" == "${BASHTARD_PLATFORM[fqdn]}" ]] && continue + + # Append peerfile, but add a newline in there to make the + # resulting configuration file a little nicer + printf "\n" >> "$wgconf" + cat "$path" >> "$wgconf" + done + + # Don't continue here if this was just part of the add invocation + [[ "$BASHTARD_COMMAND" == "add" ]] && return + + # Nothing left to do if the Wireguard configs are the same + [[ "$hash" == "$(file_hash "$wgconf")" ]] && return + + # Refresh the wireguard interface + # A simple reload seems to not discover newly added peers + info "$BASHTARD_PLAYBOOK" "Reloading wireguard interface $interface" + systemctl restart "wg-quick@$interface.service" +} + +playbook_del() { + local interface + + interface="$(config "$BASHTARD_PLAYBOOK.interface" "wg0")" + + info "$BASHTARD_PLAYBOOK" "Disabling wireguard interface $interface" + systemctl disable --now "wg-quick@$interface.service" + rm -fv -- "$(config "fs.etcdir")/wireguard/$interface.conf" + pkg uninstall wireguard +} diff --git a/playbooks.d/vpn-wireguard/share/interface b/playbooks.d/vpn-wireguard/share/interface new file mode 100644 index 0000000..00f53e8 --- /dev/null +++ b/playbooks.d/vpn-wireguard/share/interface @@ -0,0 +1,4 @@ +[Interface] +Address = ${ipv6}/128,${ipv4}/32 +ListenPort = ${port} +PrivateKey = ${privkey} diff --git a/playbooks.d/vpn-wireguard/share/peer b/playbooks.d/vpn-wireguard/share/peer new file mode 100644 index 0000000..9a95e38 --- /dev/null +++ b/playbooks.d/vpn-wireguard/share/peer @@ -0,0 +1,5 @@ +[Peer] +AllowedIPs = ${ipv6}/128,${ipv4}/32 +Endpoint = [${endpoint}]:${port} +PublicKey = ${pubkey} +PersistentKeepalive = ${keepalive} diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/com.voidfire.mumble b/playbooks.d/webserver-nginx/share/sites.d/http/com.voidfire.mumble new file mode 100644 index 0000000..a2922fc --- /dev/null +++ b/playbooks.d/webserver-nginx/share/sites.d/http/com.voidfire.mumble @@ -0,0 +1,13 @@ +server { + listen 80; + listen [::]:80; + + server_name mumble.voidfire.com; + + include /etc/nginx/snippets.d/certbot.conf; + include /etc/nginx/snippets.d/headers.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.bazarr b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.bazarr new file mode 100644 index 0000000..f8c36f4 --- /dev/null +++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.bazarr @@ -0,0 +1,13 @@ +server { + listen 80; + listen [::]:80; + + server_name bazarr.arr.tyil.nl; + + include /etc/nginx/snippets.d/certbot.conf; + include /etc/nginx/snippets.d/headers.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.jellyseerr b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.jellyseerr new file mode 100644 index 0000000..12d3487 --- /dev/null +++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.jellyseerr @@ -0,0 +1,13 @@ +server { + listen 80; + listen [::]:80; + + server_name jellyseerr.arr.tyil.nl; + + include /etc/nginx/snippets.d/certbot.conf; + include /etc/nginx/snippets.d/headers.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.lid b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.lidarr index 2fad057..2fad057 100644 --- a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.lid +++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.lidarr diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.prowl b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.prowlarr index 1a1d70f..1a1d70f 100644 --- a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.prowl +++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.prowlarr diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.rad b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.radarr index 852147e..852147e 100644 --- a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.rad +++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.radarr diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.read b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.readarr index 82002bc..82002bc 100644 --- a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.read +++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.readarr diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.son b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.sonarr index 61904fd..61904fd 100644 --- a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.son +++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.sonarr diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.tdarr b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.tdarr new file mode 100644 index 0000000..2128cad --- /dev/null +++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.tdarr @@ -0,0 +1,13 @@ +server { + listen 80; + listen [::]:80; + + server_name tdarr.arr.tyil.nl; + + include /etc/nginx/snippets.d/certbot.conf; + include /etc/nginx/snippets.d/headers.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.ci b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.ci new file mode 100644 index 0000000..7f2b35f --- /dev/null +++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.ci @@ -0,0 +1,12 @@ +server { + listen 80; + listen [::]:80; + + server_name ci.tyil.nl; + + include /etc/nginx/snippets.d/certbot.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.myl b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.media index 4a11124..92d387c 100644 --- a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.myl +++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.media @@ -2,7 +2,7 @@ server { listen 80; listen [::]:80; - server_name myl.arr.tyil.nl; + server_name nl.tyil.media; include /etc/nginx/snippets.d/certbot.conf; include /etc/nginx/snippets.d/headers.conf; diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.baz b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.ntfy index ea5ae18..d4b8d44 100644 --- a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.arr.baz +++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.ntfy @@ -2,7 +2,7 @@ server { listen 80; listen [::]:80; - server_name baz.arr.tyil.nl; + server_name ntfy.tyil.nl; include /etc/nginx/snippets.d/certbot.conf; include /etc/nginx/snippets.d/headers.conf; diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s3 b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s3 new file mode 100644 index 0000000..8b0d1d5 --- /dev/null +++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s3 @@ -0,0 +1,13 @@ +server { + listen 80; + listen [::]:80; + + server_name s3.tyil.nl; + + include /etc/nginx/snippets.d/certbot.conf; + include /etc/nginx/snippets.d/headers.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s3.misskey b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s3.misskey new file mode 100644 index 0000000..e616f75 --- /dev/null +++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.s3.misskey @@ -0,0 +1,13 @@ +server { + listen 80; + listen [::]:80; + + server_name misskey.s3.tyil.nl; + + include /etc/nginx/snippets.d/certbot.conf; + include /etc/nginx/snippets.d/headers.conf; + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/com.voidfire.mumble b/playbooks.d/webserver-nginx/share/sites.d/https/com.voidfire.mumble new file mode 100644 index 0000000..09daf3b --- /dev/null +++ b/playbooks.d/webserver-nginx/share/sites.d/https/com.voidfire.mumble @@ -0,0 +1,49 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name mumble.voidfire.com; + + ssl_certificate /etc/letsencrypt/live/mumble.voidfire.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/mumble.voidfire.com/privkey.pem; + + include /etc/nginx/snippets.d/certbot.conf; + include /etc/nginx/snippets.d/ssl.conf; + + root /var/www/com.voidfire.mumble; + + location / { + proxy_http_version 1.1; + proxy_set_header Connection $http_connection; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://127.0.0.1:8080; + } + + location /proxy { + proxy_http_version 1.1; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + + proxy_pass http://127.0.0.1:64737; + } + + location /botamusique { + port_in_redirect off; + + proxy_http_version 1.1; + + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Script-Name /botamusique; + + proxy_pass http://127.0.0.1:13586; + } +} diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.myl b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.bazarr index 36735f8..96d0dec 100644 --- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.myl +++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.bazarr @@ -2,10 +2,10 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name myl.arr.tyil.nl; + server_name bazarr.arr.tyil.nl; - ssl_certificate /etc/letsencrypt/live/myl.arr.tyil.nl/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/myl.arr.tyil.nl/privkey.pem; + ssl_certificate /etc/letsencrypt/live/bazarr.arr.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/bazarr.arr.tyil.nl/privkey.pem; include /etc/nginx/snippets.d/certbot.conf; #include /etc/nginx/snippets.d/headers.conf; @@ -18,6 +18,6 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Forwarded-For $remote_addr; - proxy_pass http://10.57.100.7:8080; + proxy_pass http://172.31.0.1:4002; } } diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.jellyseerr b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.jellyseerr new file mode 100644 index 0000000..27045a2 --- /dev/null +++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.jellyseerr @@ -0,0 +1,23 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name jellyseerr.arr.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/jellyseerr.arr.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/jellyseerr.arr.tyil.nl/privkey.pem; + + include /etc/nginx/snippets.d/certbot.conf; + #include /etc/nginx/snippets.d/headers.conf; + include /etc/nginx/snippets.d/ssl.conf; + + location / { + proxy_http_version 1.1; + proxy_set_header Connection $http_connection; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://172.31.0.1:2001; + } +} diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.baz b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.lidarr index 70ea3a8..26010a4 100644 --- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.baz +++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.lidarr @@ -2,10 +2,10 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name baz.arr.tyil.nl; + server_name lidarr.arr.tyil.nl; - ssl_certificate /etc/letsencrypt/live/baz.arr.tyil.nl/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/baz.arr.tyil.nl/privkey.pem; + ssl_certificate /etc/letsencrypt/live/lidarr.arr.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/lidarr.arr.tyil.nl/privkey.pem; include /etc/nginx/snippets.d/certbot.conf; #include /etc/nginx/snippets.d/headers.conf; @@ -18,6 +18,6 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Forwarded-For $remote_addr; - proxy_pass http://10.57.100.7:8080; + proxy_pass http://172.31.0.1:3001; } } diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.prowlarr b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.prowlarr new file mode 100644 index 0000000..a798a15 --- /dev/null +++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.prowlarr @@ -0,0 +1,23 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name prowlarr.arr.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/prowlarr.arr.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/prowlarr.arr.tyil.nl/privkey.pem; + + include /etc/nginx/snippets.d/certbot.conf; + #include /etc/nginx/snippets.d/headers.conf; + include /etc/nginx/snippets.d/ssl.conf; + + location / { + proxy_http_version 1.1; + proxy_set_header Connection $http_connection; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://172.31.0.1:2002; + } +} diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.rad b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.rad deleted file mode 100644 index 83a4442..0000000 --- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.rad +++ /dev/null @@ -1,23 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name rad.arr.tyil.nl; - - ssl_certificate /etc/letsencrypt/live/rad.arr.tyil.nl/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/rad.arr.tyil.nl/privkey.pem; - - include /etc/nginx/snippets.d/certbot.conf; - #include /etc/nginx/snippets.d/headers.conf; - include /etc/nginx/snippets.d/ssl.conf; - - location / { - proxy_http_version 1.1; - proxy_set_header Connection $http_connection; - proxy_set_header Host $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Forwarded-For $remote_addr; - - proxy_pass http://127.0.0.1:20832; - } -} diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.lid b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.radarr index 049dfd9..abca322 100644 --- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.lid +++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.radarr @@ -2,10 +2,10 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name lid.arr.tyil.nl; + server_name radarr.arr.tyil.nl; - ssl_certificate /etc/letsencrypt/live/lid.arr.tyil.nl/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/lid.arr.tyil.nl/privkey.pem; + ssl_certificate /etc/letsencrypt/live/radarr.arr.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/radarr.arr.tyil.nl/privkey.pem; include /etc/nginx/snippets.d/certbot.conf; #include /etc/nginx/snippets.d/headers.conf; @@ -18,6 +18,6 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Forwarded-For $remote_addr; - proxy_pass http://127.0.0.1:20831; + proxy_pass http://172.31.0.1:3003; } } diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.read b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.read deleted file mode 100644 index 3af4341..0000000 --- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.read +++ /dev/null @@ -1,23 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name read.arr.tyil.nl; - - ssl_certificate /etc/letsencrypt/live/read.arr.tyil.nl/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/read.arr.tyil.nl/privkey.pem; - - include /etc/nginx/snippets.d/certbot.conf; - #include /etc/nginx/snippets.d/headers.conf; - include /etc/nginx/snippets.d/ssl.conf; - - location / { - proxy_http_version 1.1; - proxy_set_header Connection $http_connection; - proxy_set_header Host $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Forwarded-For $remote_addr; - - proxy_pass http://127.0.0.1:20834; - } -} diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.readarr b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.readarr new file mode 100644 index 0000000..47e455e --- /dev/null +++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.readarr @@ -0,0 +1,23 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name readarr.arr.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/readarr.arr.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/readarr.arr.tyil.nl/privkey.pem; + + include /etc/nginx/snippets.d/certbot.conf; + #include /etc/nginx/snippets.d/headers.conf; + include /etc/nginx/snippets.d/ssl.conf; + + location / { + proxy_http_version 1.1; + proxy_set_header Connection $http_connection; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://172.31.0.1:3004; + } +} diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.sonarr b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.sonarr new file mode 100644 index 0000000..eb08997 --- /dev/null +++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.sonarr @@ -0,0 +1,23 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name sonarr.arr.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/sonarr.arr.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/sonarr.arr.tyil.nl/privkey.pem; + + include /etc/nginx/snippets.d/certbot.conf; + #include /etc/nginx/snippets.d/headers.conf; + include /etc/nginx/snippets.d/ssl.conf; + + location / { + proxy_http_version 1.1; + proxy_set_header Connection $http_connection; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://172.31.0.1:3002; + } +} diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.prowl b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.tdarr index 894b604..f3a8afe 100644 --- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.prowl +++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.tdarr @@ -2,10 +2,10 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name prowl.arr.tyil.nl; + server_name tdarr.arr.tyil.nl; - ssl_certificate /etc/letsencrypt/live/prowl.arr.tyil.nl/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/prowl.arr.tyil.nl/privkey.pem; + ssl_certificate /etc/letsencrypt/live/tdarr.arr.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tdarr.arr.tyil.nl/privkey.pem; include /etc/nginx/snippets.d/certbot.conf; #include /etc/nginx/snippets.d/headers.conf; @@ -18,6 +18,6 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Forwarded-For $remote_addr; - proxy_pass http://127.0.0.1:20828; + proxy_pass http://172.31.0.1:4001; } } diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.ci b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.ci new file mode 100644 index 0000000..ca9421c --- /dev/null +++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.ci @@ -0,0 +1,19 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name ci.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/ci.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ci.tyil.nl/privkey.pem; + + include /etc/nginx/snippets.d/certbot.conf; + include /etc/nginx/snippets.d/ssl.conf; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + + proxy_pass http://127.0.0.1:61007; + } +} diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git index 650b55c..63e349c 100644 --- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git +++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git @@ -15,7 +15,7 @@ server { add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; - root /usr/share/webapps/cgit/1.2.3-r100/htdocs; + root /usr/share/webapps/cgit/1.2.3-r201/htdocs; location / { try_files $uri @cgit; diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.son b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.media index 7873d2d..9d811dc 100644 --- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.arr.son +++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.media @@ -2,14 +2,13 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name son.arr.tyil.nl; + server_name media.tyil.nl; - ssl_certificate /etc/letsencrypt/live/son.arr.tyil.nl/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/son.arr.tyil.nl/privkey.pem; + ssl_certificate /etc/letsencrypt/live/media.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/media.tyil.nl/privkey.pem; - include /etc/nginx/snippets.d/certbot.conf; - #include /etc/nginx/snippets.d/headers.conf; include /etc/nginx/snippets.d/ssl.conf; + include /etc/nginx/snippets.d/certbot.conf; location / { proxy_http_version 1.1; @@ -18,6 +17,6 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Forwarded-For $remote_addr; - proxy_pass http://127.0.0.1:20833; + proxy_pass http://172.31.0.1:2003; } } diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.ntfy b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.ntfy new file mode 100644 index 0000000..dfee8e3 --- /dev/null +++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.ntfy @@ -0,0 +1,31 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name ntfy.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/ntfy.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ntfy.tyil.nl/privkey.pem; + + include /etc/nginx/snippets.d/certbot.conf; + include /etc/nginx/snippets.d/ssl.conf; + + location / { + proxy_buffering off; + proxy_connect_timeout 3m; + proxy_http_version 1.1; + proxy_read_timeout 3m; + proxy_redirect off; + proxy_request_buffering off; + proxy_send_timeout 3m; + + proxy_set_header Connection $http_connection; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-For $remote_addr; + + client_max_body_size 20m; + + proxy_pass http://127.0.0.1:42349; + } +} diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s3 b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s3 new file mode 100644 index 0000000..5efcd2e --- /dev/null +++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s3 @@ -0,0 +1,20 @@ +upstream s3_backend { + server 10.57.21.1:3900; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name s3.tyil.nl *.s3.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/s3.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/s3.tyil.nl/privkey.pem; + + location / { + proxy_pass http://s3_backend; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_max_temp_file_size 0; + } +} diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s3.misskey b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s3.misskey new file mode 100644 index 0000000..ae3204b --- /dev/null +++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.s3.misskey @@ -0,0 +1,21 @@ +upstream s3_backend { + server 10.57.21.1:3900; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name misskey.s3.tyil.nl; + + ssl_certificate /etc/letsencrypt/live/misskey.s3.tyil.nl/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/misskey.s3.tyil.nl/privkey.pem; + + include /etc/nginx/snippets.d/certbot.conf; + include /etc/nginx/snippets.d/headers.conf; + include /etc/nginx/snippets.d/ssl.conf; + + location / { + root /var/www/nl.tyil.s3.misskey; + } +} diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv index e91a392..3107d07 100644 --- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv +++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv @@ -27,7 +27,7 @@ server { proxy_buffering off; - proxy_pass http://127.0.0.1:8096; + proxy_pass http://172.31.0.1:1025; } location = /web/ { @@ -38,7 +38,7 @@ server { proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; - proxy_pass http://127.0.0.1:8096/web/index.html; + proxy_pass http://172.31.0.1:1025/web/index.html; } location /socket { @@ -53,6 +53,6 @@ server { proxy_http_version 1.1; - proxy_pass http://127.0.0.1:8096; + proxy_pass http://172.31.0.1:1025; } } diff --git a/playbooks.d/www-blog b/playbooks.d/www-blog new file mode 160000 +Subproject 573cc709a25f6276c97e3911b684f67479f89b3 diff --git a/playbooks.d/www-blog/description.txt b/playbooks.d/www-blog/description.txt deleted file mode 100644 index c43df4c..0000000 --- a/playbooks.d/www-blog/description.txt +++ /dev/null @@ -1 +0,0 @@ -Sources for my personal blog diff --git a/playbooks.d/www-blog/etc/defaults b/playbooks.d/www-blog/etc/defaults deleted file mode 100644 index 5135281..0000000 --- a/playbooks.d/www-blog/etc/defaults +++ /dev/null @@ -1,2 +0,0 @@ -www.blog.branch=master -www.blog.path=/var/www/nl.tyil.www diff --git a/playbooks.d/www-blog/playbook.bash b/playbooks.d/www-blog/playbook.bash deleted file mode 100644 index e217e73..0000000 --- a/playbooks.d/www-blog/playbook.bash +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/env bash - -playbook_add() { - git clone https://git.tyil.nl/blog "$(config www.blog.path)" - - playbook_sync -} - -playbook_sync() { - if [[ $BASHTARD_COMMAND != "add" ]] - then - git -C "$(config www.blog.path)" pull origin "$(config www.blog.branch)" - fi - - chgdir "$(config www.blog.path)" - hugo -D # This will generate all the draft content - hugo # And this will generate the actual live blog, but won't remove the draft content -} - -playbook_del() { - rm -fr -- "$(config www.blog.path)" - - pkg uninstall hugo -} diff --git a/registry.d/anoia.tyil.net b/registry.d/anoia.tyil.net index 059d70d..e69de29 100644 --- a/registry.d/anoia.tyil.net +++ b/registry.d/anoia.tyil.net @@ -1,5 +0,0 @@ -backup-borg -dns-dnsmasq -ssh -user-tyil -vpn-tinc diff --git a/registry.d/caeghi.tyil.net b/registry.d/caeghi.tyil.net index 8cb0a70..18a4bf8 100644 --- a/registry.d/caeghi.tyil.net +++ b/registry.d/caeghi.tyil.net @@ -2,3 +2,5 @@ backup-borg ssh user-tyil vpn-tinc +vpn-wireguard +webserver-nginx diff --git a/registry.d/denahnu.tyil.net b/registry.d/denahnu.tyil.net deleted file mode 100644 index 8cb0a70..0000000 --- a/registry.d/denahnu.tyil.net +++ /dev/null @@ -1,4 +0,0 @@ -backup-borg -ssh -user-tyil -vpn-tinc diff --git a/registry.d/edephas.tyil.net b/registry.d/edephas.tyil.net index 608fd58..106a74a 100644 --- a/registry.d/edephas.tyil.net +++ b/registry.d/edephas.tyil.net @@ -1,6 +1,5 @@ backup-borg git-server -k3s-master ssh user-tyil vpn-tinc diff --git a/registry.d/faiwoo.tyil.net b/registry.d/faiwoo.tyil.net index 9f8119f..8571020 100644 --- a/registry.d/faiwoo.tyil.net +++ b/registry.d/faiwoo.tyil.net @@ -2,5 +2,6 @@ backup-borg ssh user-tyil vpn-tinc +vpn-wireguard webserver-nginx www-blog diff --git a/registry.d/hurzak.tyil.net b/registry.d/hurzak.tyil.net deleted file mode 100644 index 2e7ea04..0000000 --- a/registry.d/hurzak.tyil.net +++ /dev/null @@ -1,4 +0,0 @@ -k3s-master -ssh -user-tyil -vpn-tinc diff --git a/registry.d/ivdea.tyil.net b/registry.d/ivdea.tyil.net deleted file mode 100644 index 8cb0a70..0000000 --- a/registry.d/ivdea.tyil.net +++ /dev/null @@ -1,4 +0,0 @@ -backup-borg -ssh -user-tyil -vpn-tinc diff --git a/registry.d/jaomox.tyil.net b/registry.d/jaomox.tyil.net index c3910de..cec0024 100644 --- a/registry.d/jaomox.tyil.net +++ b/registry.d/jaomox.tyil.net @@ -1,3 +1,9 @@ +nftables +seaweedfs +seaweedfs-filer +seaweedfs-master +seaweedfs-volume ssh user-tyil vpn-tinc +vpn-wireguard diff --git a/registry.d/krohxe.tyil.net b/registry.d/krohxe.tyil.net deleted file mode 100644 index 3e808f8..0000000 --- a/registry.d/krohxe.tyil.net +++ /dev/null @@ -1,3 +0,0 @@ -k3s-master -ssh -vpn-tinc diff --git a/registry.d/ludifah.tyil.net b/registry.d/ludifah.tyil.net new file mode 100644 index 0000000..98cfbf8 --- /dev/null +++ b/registry.d/ludifah.tyil.net @@ -0,0 +1 @@ +vpn-tinc diff --git a/registry.d/mieshu.tyil.net b/registry.d/mieshu.tyil.net new file mode 100644 index 0000000..b1f38d8 --- /dev/null +++ b/registry.d/mieshu.tyil.net @@ -0,0 +1,8 @@ +etc-portage +git-server +k3s-node +nfs-server +ssh +user-tyil +vpn-tinc +vpn-wireguard diff --git a/registry.d/nouki.tyil.net b/registry.d/nouki.tyil.net new file mode 100644 index 0000000..36677af --- /dev/null +++ b/registry.d/nouki.tyil.net @@ -0,0 +1,6 @@ +etc-portage +k3s-node +ssh +user-tyil +vpn-tinc +vpn-wireguard diff --git a/registry.d/oolah.tyil.net b/registry.d/oolah.tyil.net new file mode 100644 index 0000000..07624a3 --- /dev/null +++ b/registry.d/oolah.tyil.net @@ -0,0 +1,5 @@ +proxy-privoxy +ssh +user-tyil +vpn-tinc +vpn-wireguard diff --git a/registry.d/plarabe.tyil.net b/registry.d/plarabe.tyil.net new file mode 100644 index 0000000..f93a766 --- /dev/null +++ b/registry.d/plarabe.tyil.net @@ -0,0 +1,2 @@ +nftables +vpn-tinc diff --git a/registry.d/qohrei.tyil.net b/registry.d/qohrei.tyil.net new file mode 100644 index 0000000..31a595e --- /dev/null +++ b/registry.d/qohrei.tyil.net @@ -0,0 +1,4 @@ +k8s-master +nftables +vpn-tinc +vpn-wireguard diff --git a/registry.d/ricui.tyil.net b/registry.d/ricui.tyil.net new file mode 100644 index 0000000..6f38e85 --- /dev/null +++ b/registry.d/ricui.tyil.net @@ -0,0 +1,4 @@ +nftables +ssh +vpn-tinc +vpn-wireguard |