7 files changed, 170 insertions, 0 deletions

diff --git a/data.d/k3s-master/manifests.d/base-system/amdgpu-device-plugin.yaml b/data.d/k3s-master/manifests.d/base-system/amdgpu-device-plugin.yaml
new file mode 100644
index 0000000..6051e18
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/amdgpu-device-plugin.yaml
@@ -0,0 +1,42 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: amdgpu-device-plugin-daemonset
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      name: amdgpu-dp-ds
+  template:
+    metadata:
+      labels:
+        name: amdgpu-dp-ds
+    spec:
+      nodeSelector:
+        kubernetes.io/arch: amd64
+        amdgpu: "true"
+      priorityClassName: system-node-critical
+      tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+      containers:
+      - image: rocm/k8s-device-plugin
+        name: amdgpu-dp-cntr
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: ["ALL"]
+        volumeMounts:
+          - name: dp
+            mountPath: /var/lib/kubelet/device-plugins
+          - name: sys
+            mountPath: /sys
+      volumes:
+        - name: dp
+          hostPath:
+            path: /var/lib/kubelet/device-plugins
+        - name: sys
+          hostPath:
+            path: /sys
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/cert-manager.yaml b/data.d/k3s-master/manifests.d/base-system/cert-manager.yaml
new file mode 100644
index 0000000..6f0c1a5
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/cert-manager.yaml
@@ -0,0 +1,28 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: cert-manager
+  namespace: base-system
+spec:
+  repo: https://charts.jetstack.io
+  chart: cert-manager
+  valuesContent: |
+    installCRDs: true
+...
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    email: root@tyil.net
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: clusterissuer-letsencrypt
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/fuse-device-plugin.yaml b/data.d/k3s-master/manifests.d/base-system/fuse-device-plugin.yaml
new file mode 100644
index 0000000..90ffad7
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/fuse-device-plugin.yaml
@@ -0,0 +1,36 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: fuse-device-plugin-daemonset
+  namespace: base-system
+spec:
+  selector:
+    matchLabels:
+      name: fuse-device-plugin-ds
+  template:
+    metadata:
+      labels:
+        name: fuse-device-plugin-ds
+    spec:
+      hostNetwork: true
+      containers:
+      - image: flavio/fuse-device-plugin
+        name: fuse-device-plugin-ctr
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: ["ALL"]
+        volumeMounts:
+          - name: device-plugin
+            mountPath: /var/lib/kubelet/device-plugins
+      volumes:
+        - name: device-plugin
+          hostPath:
+            path: /var/lib/kubelet/device-plugins
+      #imagePullSecrets:
+      #  - name: registry-secret
+      tolerations:
+      - key: tyil.net/role
+        operator: Exists
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/ingress-nginx.yaml b/data.d/k3s-master/manifests.d/base-system/ingress-nginx.yaml
new file mode 100644
index 0000000..7d9fc38
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/ingress-nginx.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: ingress-nginx
+  namespace: base-system
+spec:
+  repo: https://kubernetes.github.io/ingress-nginx
+  chart: ingress-nginx
+  valuesContent: |-
+    controller:
+      kind: DaemonSet
+      allowSnippetAnnotations: true
+      service:
+        ipFamilyPolicy: PreferDualStack
+      nodeSelector:
+        svccontroller.k3s.cattle.io/enablelb: "true"
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/sealed-secrets.yaml b/data.d/k3s-master/manifests.d/base-system/sealed-secrets.yaml
new file mode 100644
index 0000000..d8a38d8
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/sealed-secrets.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: sealed-secrets
+  namespace: base-system
+spec:
+  repo: https://bitnami-labs.github.io/sealed-secrets
+  chart: sealed-secrets
+  valuesContent: |-
+    keyrenewperiod: "672h"
+    #resources:
+    #  limits: ...
+    #  requests: ...
+    #metrics:
+    #  serviceMonitor:
+    #    enabled: false
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/seaweedfs-csi-driver.yaml b/data.d/k3s-master/manifests.d/base-system/seaweedfs-csi-driver.yaml
new file mode 100644
index 0000000..f5c1edf
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/seaweedfs-csi-driver.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: seaweedfs-csi-driver
+  namespace: base-system
+spec:
+  repo: https://seaweedfs.github.io/seaweedfs-csi-driver/helm
+  chart: seaweedfs-csi-driver
+  valuesContent: |-
+    seaweedfsFiler: "10.57.3.1:8888"
+    storageClassName: seaweedfs
+    isDefaultStorageClass: true
+...
diff --git a/data.d/k3s-master/manifests.d/base-system/vertical-pod-autoscaler.yaml b/data.d/k3s-master/manifests.d/base-system/vertical-pod-autoscaler.yaml
new file mode 100644
index 0000000..3b12d49
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/base-system/vertical-pod-autoscaler.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: vertical-pod-autoscaler
+  namespace: base-system
+spec:
+  chart: oci://ghcr.io/stevehipwell/helm-charts/vertical-pod-autoscaler
+  version: 1.5.0
+  valuesContent: |-
+    recommenderOnly: false
+    #serviceMonitor:
+    #  enabled: true
+...