Housekeeping

This commit is contained in:
2025-07-10 13:07:11 +10:00
parent a09b612b87
commit f4cf0d19b0
10 changed files with 4 additions and 223 deletions

1
.gitignore vendored
View File

@ -1 +1,2 @@
*.sensitive.yml *.sensitive.yml
*.sensitive.yaml

View File

@ -11,13 +11,10 @@ spec:
sources: sources:
- repoURL: https://argoproj.github.io/argo-helm - repoURL: https://argoproj.github.io/argo-helm
chart: argo-cd chart: argo-cd
targetRevision: 7.8.13 targetRevision: 8.1.2
helm: helm:
valueFiles: valueFiles:
- $values/system/ArgoCD/values.yaml - $values/system/ArgoCD/values.yaml
- repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
targetRevision: master targetRevision: HEAD
ref: values ref: values
# - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
# targetRevision: master
# ref: values

View File

@ -2,10 +2,9 @@ configs:
params: params:
server.insecure: true server.insecure: true
global: global:
domain: gitops.spamasaurus.com domain: gitops.lab.spamasaurus.com
server: server:
ingress: ingress:
enabled: true enabled: true
annotations: annotations:
# traefik.ingress.kubernetes.io/router.middlewares: security-headers@file,compression@file
traefik.ingress.kubernetes.io/router.middlewares: security-headers@file traefik.ingress.kubernetes.io/router.middlewares: security-headers@file

View File

@ -1,29 +0,0 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: inotify-limits
namespace: kube-system
spec:
selector:
matchLabels:
app: inotify-limits
template:
metadata:
name: inotify-limits
labels:
app: inotify-limits
spec:
containers:
- name: inotify-limits
image: bv11-cr01.bessems.eu/proxy/library/alpine
imagePullPolicy: Always
securityContext:
privileged: true
command:
- "/bin/sh"
- "-c"
args:
- |
echo 'fs.inotify.max_user_watches=524288' | tee /etc/sysctl.conf;
echo 'fs.inotify.max_user_instances=512' | tee /etc/sysctl.conf;
sysctl -p && tail -f /dev/null

View File

@ -1,21 +0,0 @@
configuration:
blockingPodSelector:
- io.drone=true
timeZone: Europe/Amsterdam
startTime: 02:00
endTime: 04:30
extraEnvVars:
- name: KURED_NOTIFY_URL
valueFrom:
secretKeyRef:
name: kured-secret
key: notifyUrl
hostNetwork: false
#metrics:
# create: false
#service:
# create: false

View File

@ -1,23 +0,0 @@
{
"kind": "SealedSecret",
"apiVersion": "bitnami.com/v1alpha1",
"metadata": {
"name": "kured-secret",
"namespace": "kured",
"creationTimestamp": null
},
"spec": {
"template": {
"metadata": {
"name": "kured-secret",
"namespace": "kured",
"creationTimestamp": null
},
"type": "Opaque",
"data": null
},
"encryptedData": {
"notifyUrl": "AgAIIpIfkWK7JEkR0NrxvznV5a49UReEAvWJosNg+Lhe3rD+Z+TkpnRyuPkyfbwousSPHbwos5f02USUhsdxUjKP8BhEtvAzVlcFkktLhk7HHx+PUpr572oyDhrnHuwG6hhWVvnQph7hc+KUvqV6xKPF6zc+S7EtW0i0OapkenHvtItqw5/LZQ2C7FSEaXTxHS6TJkJd9505bcsq2vzRBaylHFytqsWA46OwgAVc1GB6wxDzBzM/uzWSUygJLAViyi+v4epHprf5siIsn7rjX71KFv9C/mNwlNS7feCSkaUOREzwdIOUaRxUSacauDPoE1adk+83ymAy87kn098Ctv4qgPgiu3k+nlqA3lLG0Vx/SlALNYgus53FCBrXXo50H3liZ7BOsRh8C3l7PWKQ4mMwNh3GN6yTBEdEEft3CEPl0l+EZ/WiLUKysetAezzWsLxjzII4igSR+t5j6PPW0iFGdKxFL+Q+K/WOrn9OIynKvlFy7EPZEqzm8lThBXO97r/O37ypGUCIK04Wj+vtfKhWTNhWycNVmsbt96g/ODHFzgJC0F7fwAfx+VBpDMg/BpNQeG9mm1Qc6fFMyQYHwoarXRXExqPn8fMxxPuU+EdxfioqSvcdLB31hAJcS+/39xEZT/YQtPWTZzQCkbwBweQWJdEuYudv7TnI4focpLu6/uaavoiGTCUcz4NHqGAGukrP2Lxk25sZwGSWNUEblcqfzx+4DyRllqAefLhRCI0OZmjiZ3Lwzb/xY0vypM3c+fxqnZhlPR4eGhPHSaQ="
}
}
}

View File

@ -1,21 +0,0 @@
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
name: agent-plan
namespace: system-upgrade
spec:
concurrency: 1
cordon: true
nodeSelector:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: DoesNotExist
prepare:
args:
- prepare
- server-plan
image: rancher/k3s-upgrade
serviceAccountName: system-upgrade
upgrade:
image: rancher/k3s-upgrade
channel: https://update.k3s.io/v1-release/channels/stable

View File

@ -1,18 +0,0 @@
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
name: server-plan
namespace: system-upgrade
spec:
concurrency: 1
cordon: true
nodeSelector:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: In
values:
- "true"
serviceAccountName: system-upgrade
upgrade:
image: rancher/k3s-upgrade
channel: https://update.k3s.io/v1-release/channels/stable

View File

@ -1,17 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kube-vip
namespace: argo-cd
spec:
destination:
namespace: kube-system
server: https://kubernetes.default.svc
project: default
source:
path: system/kube-vip
repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog.git
targetRevision: HEAD
syncPolicy:
automated:
selfHeal: true

View File

@ -1,87 +0,0 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/name: kube-vip-ds
app.kubernetes.io/version: v0.9.1
name: kube-vip-ds
namespace: kube-system
spec:
selector:
matchLabels:
app.kubernetes.io/name: kube-vip-ds
template:
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/name: kube-vip-ds
app.kubernetes.io/version: v0.9.1
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/master
operator: Exists
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
containers:
- args:
- manager
env:
- name: vip_arp
value: "true"
- name: port
value: "6443"
- name: vip_nodename
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: vip_interface
value: eth0
- name: vip_cidr
value: "32"
- name: dns_mode
value: first
- name: cp_enable
value: "true"
- name: cp_namespace
value: kube-system
- name: svc_enable
value: "true"
- name: svc_leasename
value: plndr-svcs-lock
- name: vip_leaderelection
value: "true"
- name: vip_leasename
value: plndr-cp-lock
- name: vip_leaseduration
value: "5"
- name: vip_renewdeadline
value: "3"
- name: vip_retryperiod
value: "1"
- name: address
value: 192.168.154.240
- name: prometheus_server
value: :2112
image: ghcr.io/kube-vip/kube-vip:v0.9.1
imagePullPolicy: IfNotPresent
name: kube-vip
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
hostNetwork: true
serviceAccountName: kube-vip
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
updateStrategy: {}