Housekeeping

2025-07-10 13:07:11 +10:00
parent a09b612b87
commit f4cf0d19b0
10 changed files with 4 additions and 223 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 *.sensitive.yml
+*.sensitive.yaml
--- a/system/ArgoCD/application-argo-cd.yaml
+++ b/system/ArgoCD/application-argo-cd.yaml
@ -11,13 +11,10 @@ spec:
  sources:
  - repoURL: https://argoproj.github.io/argo-helm
    chart: argo-cd
-    targetRevision: 7.8.13
+    targetRevision: 8.1.2
    helm:
      valueFiles:
      - $values/system/ArgoCD/values.yaml
  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
-    targetRevision: master
+    targetRevision: HEAD
    ref: values
-#  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
-#    targetRevision: master
-#    ref: values
--- a/system/ArgoCD/values.yaml
+++ b/system/ArgoCD/values.yaml
@ -2,10 +2,9 @@ configs:
  params:
    server.insecure: true
 global:
-  domain: gitops.spamasaurus.com
+  domain: gitops.lab.spamasaurus.com
 server:
  ingress:
    enabled: true
    annotations:
-#      traefik.ingress.kubernetes.io/router.middlewares: security-headers@file,compression@file
      traefik.ingress.kubernetes.io/router.middlewares: security-headers@file
--- a/system/InotifyLimits/daemonSet-InotifyLimits.yml
+++ b/system/InotifyLimits/daemonSet-InotifyLimits.yml
@ -1,29 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: inotify-limits
-  namespace: kube-system
-spec:
-  selector:
-    matchLabels:
-      app: inotify-limits
-  template:
-    metadata:
-      name: inotify-limits
-      labels:
-        app: inotify-limits
-    spec:
-      containers:
-        - name: inotify-limits
-          image: bv11-cr01.bessems.eu/proxy/library/alpine
-          imagePullPolicy: Always
-          securityContext:
-            privileged: true
-          command:
-            - "/bin/sh"
-            - "-c"
-          args:
-          - |
-            echo 'fs.inotify.max_user_watches=524288' | tee /etc/sysctl.conf;
-            echo 'fs.inotify.max_user_instances=512' | tee /etc/sysctl.conf;
-            sysctl -p && tail -f /dev/null
--- a/system/Kured/chart-values.yml
+++ b/system/Kured/chart-values.yml
@ -1,21 +0,0 @@
-configuration:
-  blockingPodSelector:
-    - io.drone=true
-
-  timeZone: Europe/Amsterdam
-  startTime: 02:00
-  endTime: 04:30
-
-extraEnvVars:
-  - name: KURED_NOTIFY_URL
-    valueFrom:
-      secretKeyRef:
-        name: kured-secret
-        key: notifyUrl
-
-hostNetwork: false
-
-#metrics:
-#  create: false
-#service:
-#  create: false
--- a/system/Kured/sealedSecret-Kured.yml
+++ b/system/Kured/sealedSecret-Kured.yml
@ -1,23 +0,0 @@
-{
-  "kind": "SealedSecret",
-  "apiVersion": "bitnami.com/v1alpha1",
-  "metadata": {
-    "name": "kured-secret",
-    "namespace": "kured",
-    "creationTimestamp": null
-  },
-  "spec": {
-    "template": {
-      "metadata": {
-        "name": "kured-secret",
-        "namespace": "kured",
-        "creationTimestamp": null
-      },
-      "type": "Opaque",
-      "data": null
-    },
-    "encryptedData": {
-      "notifyUrl": "AgAIIpIfkWK7JEkR0NrxvznV5a49UReEAvWJosNg+Lhe3rD+Z+TkpnRyuPkyfbwousSPHbwos5f02USUhsdxUjKP8BhEtvAzVlcFkktLhk7HHx+PUpr572oyDhrnHuwG6hhWVvnQph7hc+KUvqV6xKPF6zc+S7EtW0i0OapkenHvtItqw5/LZQ2C7FSEaXTxHS6TJkJd9505bcsq2vzRBaylHFytqsWA46OwgAVc1GB6wxDzBzM/uzWSUygJLAViyi+v4epHprf5siIsn7rjX71KFv9C/mNwlNS7feCSkaUOREzwdIOUaRxUSacauDPoE1adk+83ymAy87kn098Ctv4qgPgiu3k+nlqA3lLG0Vx/SlALNYgus53FCBrXXo50H3liZ7BOsRh8C3l7PWKQ4mMwNh3GN6yTBEdEEft3CEPl0l+EZ/WiLUKysetAezzWsLxjzII4igSR+t5j6PPW0iFGdKxFL+Q+K/WOrn9OIynKvlFy7EPZEqzm8lThBXO97r/O37ypGUCIK04Wj+vtfKhWTNhWycNVmsbt96g/ODHFzgJC0F7fwAfx+VBpDMg/BpNQeG9mm1Qc6fFMyQYHwoarXRXExqPn8fMxxPuU+EdxfioqSvcdLB31hAJcS+/39xEZT/YQtPWTZzQCkbwBweQWJdEuYudv7TnI4focpLu6/uaavoiGTCUcz4NHqGAGukrP2Lxk25sZwGSWNUEblcqfzx+4DyRllqAefLhRCI0OZmjiZ3Lwzb/xY0vypM3c+fxqnZhlPR4eGhPHSaQ="
-    }
-  }
-}
--- a/system/UpgradeController/plan-Agent.yml.REMOVED
+++ b/system/UpgradeController/plan-Agent.yml.REMOVED
@ -1,21 +0,0 @@
-apiVersion: upgrade.cattle.io/v1
-kind: Plan
-metadata:
-  name: agent-plan
-  namespace: system-upgrade
-spec:
-  concurrency: 1
-  cordon: true
-  nodeSelector:
-    matchExpressions:
-    - key: node-role.kubernetes.io/master
-      operator: DoesNotExist
-  prepare:
-    args:
-    - prepare
-    - server-plan
-    image: rancher/k3s-upgrade
-  serviceAccountName: system-upgrade
-  upgrade:
-    image: rancher/k3s-upgrade
-  channel: https://update.k3s.io/v1-release/channels/stable
--- a/system/UpgradeController/plan-Server.yml
+++ b/system/UpgradeController/plan-Server.yml
@ -1,18 +0,0 @@
-apiVersion: upgrade.cattle.io/v1
-kind: Plan
-metadata:
-  name: server-plan
-  namespace: system-upgrade
-spec:
-  concurrency: 1
-  cordon: true
-  nodeSelector:
-    matchExpressions:
-    - key: node-role.kubernetes.io/master
-      operator: In
-      values:
-      - "true"
-  serviceAccountName: system-upgrade
-  upgrade:
-    image: rancher/k3s-upgrade
-  channel: https://update.k3s.io/v1-release/channels/stable
--- a/system/kube-vip/application-kube-vip.yaml
+++ b/system/kube-vip/application-kube-vip.yaml
@ -1,17 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: kube-vip
-  namespace: argo-cd
-spec:
-  destination:
-    namespace: kube-system
-    server: https://kubernetes.default.svc
-  project: default
-  source:
-    path: system/kube-vip
-    repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog.git
-    targetRevision: HEAD
-  syncPolicy:
-    automated:
-      selfHeal: true
--- a/system/kube-vip/daemonset-kube-vip-ds.yaml
+++ b/system/kube-vip/daemonset-kube-vip-ds.yaml
@ -1,87 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  creationTimestamp: null
-  labels:
-    app.kubernetes.io/name: kube-vip-ds
-    app.kubernetes.io/version: v0.9.1
-  name: kube-vip-ds
-  namespace: kube-system
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: kube-vip-ds
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        app.kubernetes.io/name: kube-vip-ds
-        app.kubernetes.io/version: v0.9.1
-    spec:
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-            - matchExpressions:
-              - key: node-role.kubernetes.io/master
-                operator: Exists
-            - matchExpressions:
-              - key: node-role.kubernetes.io/control-plane
-                operator: Exists
-      containers:
-      - args:
-        - manager
-        env:
-        - name: vip_arp
-          value: "true"
-        - name: port
-          value: "6443"
-        - name: vip_nodename
-          valueFrom:
-            fieldRef:
-              fieldPath: spec.nodeName
-        - name: vip_interface
-          value: eth0
-        - name: vip_cidr
-          value: "32"
-        - name: dns_mode
-          value: first
-        - name: cp_enable
-          value: "true"
-        - name: cp_namespace
-          value: kube-system
-        - name: svc_enable
-          value: "true"
-        - name: svc_leasename
-          value: plndr-svcs-lock
-        - name: vip_leaderelection
-          value: "true"
-        - name: vip_leasename
-          value: plndr-cp-lock
-        - name: vip_leaseduration
-          value: "5"
-        - name: vip_renewdeadline
-          value: "3"
-        - name: vip_retryperiod
-          value: "1"
-        - name: address
-          value: 192.168.154.240
-        - name: prometheus_server
-          value: :2112
-        image: ghcr.io/kube-vip/kube-vip:v0.9.1
-        imagePullPolicy: IfNotPresent
-        name: kube-vip
-        resources: {}
-        securityContext:
-          capabilities:
-            add:
-            - NET_ADMIN
-            - NET_RAW
-      hostNetwork: true
-      serviceAccountName: kube-vip
-      tolerations:
-      - effect: NoSchedule
-        operator: Exists
-      - effect: NoExecute
-        operator: Exists
-  updateStrategy: {}