diff options
Diffstat (limited to 'data.d/k3s-master/manifests.d/base-system')
7 files changed, 170 insertions, 0 deletions
diff --git a/data.d/k3s-master/manifests.d/base-system/amdgpu-device-plugin.yaml b/data.d/k3s-master/manifests.d/base-system/amdgpu-device-plugin.yaml new file mode 100644 index 0000000..6051e18 --- /dev/null +++ b/data.d/k3s-master/manifests.d/base-system/amdgpu-device-plugin.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: amdgpu-device-plugin-daemonset + namespace: kube-system +spec: + selector: + matchLabels: + name: amdgpu-dp-ds + template: + metadata: + labels: + name: amdgpu-dp-ds + spec: + nodeSelector: + kubernetes.io/arch: amd64 + amdgpu: "true" + priorityClassName: system-node-critical + tolerations: + - key: CriticalAddonsOnly + operator: Exists + containers: + - image: rocm/k8s-device-plugin + name: amdgpu-dp-cntr + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + volumeMounts: + - name: dp + mountPath: /var/lib/kubelet/device-plugins + - name: sys + mountPath: /sys + volumes: + - name: dp + hostPath: + path: /var/lib/kubelet/device-plugins + - name: sys + hostPath: + path: /sys +... diff --git a/data.d/k3s-master/manifests.d/base-system/cert-manager.yaml b/data.d/k3s-master/manifests.d/base-system/cert-manager.yaml new file mode 100644 index 0000000..6f0c1a5 --- /dev/null +++ b/data.d/k3s-master/manifests.d/base-system/cert-manager.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: cert-manager + namespace: base-system +spec: + repo: https://charts.jetstack.io + chart: cert-manager + valuesContent: | + installCRDs: true +... +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt +spec: + acme: + email: root@tyil.net + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: clusterissuer-letsencrypt + solvers: + - http01: + ingress: + class: nginx +... diff --git a/data.d/k3s-master/manifests.d/base-system/fuse-device-plugin.yaml b/data.d/k3s-master/manifests.d/base-system/fuse-device-plugin.yaml new file mode 100644 index 0000000..90ffad7 --- /dev/null +++ b/data.d/k3s-master/manifests.d/base-system/fuse-device-plugin.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: fuse-device-plugin-daemonset + namespace: base-system +spec: + selector: + matchLabels: + name: fuse-device-plugin-ds + template: + metadata: + labels: + name: fuse-device-plugin-ds + spec: + hostNetwork: true + containers: + - image: flavio/fuse-device-plugin + name: fuse-device-plugin-ctr + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + volumeMounts: + - name: device-plugin + mountPath: /var/lib/kubelet/device-plugins + volumes: + - name: device-plugin + hostPath: + path: /var/lib/kubelet/device-plugins + #imagePullSecrets: + # - name: registry-secret + tolerations: + - key: tyil.net/role + operator: Exists +... diff --git a/data.d/k3s-master/manifests.d/base-system/ingress-nginx.yaml b/data.d/k3s-master/manifests.d/base-system/ingress-nginx.yaml new file mode 100644 index 0000000..7d9fc38 --- /dev/null +++ b/data.d/k3s-master/manifests.d/base-system/ingress-nginx.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: ingress-nginx + namespace: base-system +spec: + repo: https://kubernetes.github.io/ingress-nginx + chart: ingress-nginx + valuesContent: |- + controller: + kind: DaemonSet + allowSnippetAnnotations: true + service: + ipFamilyPolicy: PreferDualStack + nodeSelector: + svccontroller.k3s.cattle.io/enablelb: "true" +... diff --git a/data.d/k3s-master/manifests.d/base-system/sealed-secrets.yaml b/data.d/k3s-master/manifests.d/base-system/sealed-secrets.yaml new file mode 100644 index 0000000..d8a38d8 --- /dev/null +++ b/data.d/k3s-master/manifests.d/base-system/sealed-secrets.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: sealed-secrets + namespace: base-system +spec: + repo: https://bitnami-labs.github.io/sealed-secrets + chart: sealed-secrets + valuesContent: |- + keyrenewperiod: "672h" + #resources: + # limits: ... + # requests: ... + #metrics: + # serviceMonitor: + # enabled: false +... diff --git a/data.d/k3s-master/manifests.d/base-system/seaweedfs-csi-driver.yaml b/data.d/k3s-master/manifests.d/base-system/seaweedfs-csi-driver.yaml new file mode 100644 index 0000000..f5c1edf --- /dev/null +++ b/data.d/k3s-master/manifests.d/base-system/seaweedfs-csi-driver.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: seaweedfs-csi-driver + namespace: base-system +spec: + repo: https://seaweedfs.github.io/seaweedfs-csi-driver/helm + chart: seaweedfs-csi-driver + valuesContent: |- + seaweedfsFiler: "10.57.3.1:8888" + storageClassName: seaweedfs + isDefaultStorageClass: true +... diff --git a/data.d/k3s-master/manifests.d/base-system/vertical-pod-autoscaler.yaml b/data.d/k3s-master/manifests.d/base-system/vertical-pod-autoscaler.yaml new file mode 100644 index 0000000..3b12d49 --- /dev/null +++ b/data.d/k3s-master/manifests.d/base-system/vertical-pod-autoscaler.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: vertical-pod-autoscaler + namespace: base-system +spec: + chart: oci://ghcr.io/stevehipwell/helm-charts/vertical-pod-autoscaler + version: 1.5.0 + valuesContent: |- + recommenderOnly: false + #serviceMonitor: + # enabled: true +... |