SeanOMik
/
k3s-cluster
1
0
Fork 0
Code Issues 2 Pull Requests 7 Packages Projects Releases Wiki Activity

Compare commits

base: SeanOMik:4d0b63ca051872e1e882a5a6bcb6c7463a56c6f6
Branches Tags
SeanOMik:main
SeanOMik:renovate/pgadmin4-1.x
SeanOMik:renovate/mysql-12.x
SeanOMik:renovate/victoria-metrics-operator-0.x
SeanOMik:renovate/ghcr.io-onedr0p-tautulli-2.x
SeanOMik:renovate/app-template-3.x
SeanOMik:renovate/ghcr.io-onedr0p-qbittorrent-5.x
SeanOMik:renovate/postgresql-16.x
SeanOMik:feat/thin-cluster
SeanOMik:feat/separate-huginn-agents
SeanOMik:wip/deluge
SeanOMik:renovate/configure
SeanOMik:feature/add-guacamole-again
SeanOMik:feature/readd-guacamole
SeanOMik:feature/zfs-alerts
SeanOMik:feature/bitnami-gitea-chart
..
compare: SeanOMik:b8fef336fd30bb58b8abcea8a974d48b2e8c230b
Branches Tags
SeanOMik:renovate/pgadmin4-1.x
SeanOMik:renovate/mysql-12.x
SeanOMik:renovate/victoria-metrics-operator-0.x
SeanOMik:renovate/ghcr.io-onedr0p-tautulli-2.x
SeanOMik:main
SeanOMik:renovate/app-template-3.x
SeanOMik:renovate/ghcr.io-onedr0p-qbittorrent-5.x
SeanOMik:renovate/postgresql-16.x
SeanOMik:feat/thin-cluster
SeanOMik:feat/separate-huginn-agents
SeanOMik:wip/deluge
SeanOMik:renovate/configure
SeanOMik:feature/add-guacamole-again
SeanOMik:feature/readd-guacamole
SeanOMik:feature/zfs-alerts
SeanOMik:feature/bitnami-gitea-chart

No commits in common. "4d0b63ca051872e1e882a5a6bcb6c7463a56c6f6" and "b8fef336fd30bb58b8abcea8a974d48b2e8c230b" have entirely different histories.
4d0b63ca05 ... b8fef336fd

21 changed files with 91 additions and 480 deletions
Show Stats Expand all files Collapse all files

6
Taskfile.yaml
View File

@ -11,8 +11,4 @@ includes:
tasks: tasks:
execPostgres: execPostgres:
desc: Exec into the postgres pod as the postgres user desc: Exec into the postgres pod as the postgres user
cmd: kubectl -n database exec -it postgresql-0 -- psql -d postgres -U postgres cmd: kubectl -n database exec -it postgresql-0 -- psql -d postgres -U postgres
execMysql:
desc: Exec into the mysql pod as the mysql user
cmd: kubectl -n database exec -it mysql-0 -- mysql -u root -p

3
cluster/apps/database/kustomization.yaml
View File

@ -5,5 +5,4 @@ resources:
#- ./network_policy.yaml #- ./network_policy.yaml
- ./postgresql - ./postgresql
- ./redis - ./redis
- ./minio - ./minio
- ./mysql

30
cluster/apps/database/mysql/helm-release.yaml
View File

@ -1,30 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: mysql
namespace: database
spec:
interval: 5m
chart:
spec:
chart: mysql
version: 11.1.14
sourceRef:
kind: HelmRepository
name: bitnami-charts
namespace: flux-system
values:
global:
defaultStorageClass: mainpool-hostpath
auth:
existingSecret: mysql
metrics:
serviceMonitor:
enabled: true
labels:
release: kube-prometheus-stack
prometheusRule:
enabled: true

5
cluster/apps/database/mysql/kustomization.yaml
View File

@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./mysql.sops.yaml
- ./helm-release.yaml

73
cluster/apps/database/mysql/mysql.sops.yaml
View File

@ -1,73 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: mysql
namespace: database
stringData:
mysql-root-password: ENC[AES256_GCM,data:8wAhBPa9CQTEj87SorjQj2GmY3E4jxbR0JAzOk0u7r8=,iv:6hv8qftod56M3udqao1MxADcrSlDMsfz2YtFLWzrzVM=,tag:kEXOtDAQg2xRzZz/csSatg==,type:str]
mysql-replication-password: ENC[AES256_GCM,data:cHdCVcP7+Y48e3SFzZCf9Q4peVGxhIVFFVuUwwFrGDA=,iv:GBNAFzvQUHtidYgpNKiEPWABIwVk9muEFRLaYBZbFDM=,tag:3B35mjWJV1MQ0ASZuoyyPQ==,type:str]
mysql-password: ENC[AES256_GCM,data:D/fW2cAMiurBixcJRCTJUmlvr0kEmTnMsgVM8xKTu18=,iv:bc+7P0cGJy+6YR1I6mzSAq6gGiEH6uOKdmSjYkdoWxs=,tag:hEDAyGpDQCKbgA9XvGeL4Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-08-05T15:30:54Z"
mac: ENC[AES256_GCM,data:ni1zA28zwCp6Fvqv5FtET/ylqOV6L/IXl4KtVo73aIDunlI29qD0cpTbFMPh4bxHqqYUsa/EBF+we5kglLQzP/9qnVrNXCNZnWbkCIsVlghMOLGqVFi7CJFc42ghNGQD9BVj5115VGSX3D05x1a9JI070AoEYQ+/OgLuZf0XxDE=,iv:bi33L8MotNRkg5+WAsXE8a0RlPWfu2rCnA/WaOnHsV0=,tag:7rTzgiDKtPsfCF+e7T5ABQ==,type:str]
pgp:
- created_at: "2024-08-05T15:30:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAyqlIeyoxYovAQ/8DqfstkJgwoIrbTVbVBQheBfPoNl+6iV1IxctfXsr+2CF
rY9gV1qxOVh/E0hHyOws8F6EE+oCdbHtsGBa/1KiN0HBY55HFRm9LXF5s5EKOEWg
bXg0Gyoqvfny31+UAGAIW91yAGJ07jp4u3oj8RGKHF7sLcuCrk5NfajK7ALzG6hp
vpbXenT2D4xxsWqdhkY7azwrqqPC0XyWx2XkFscED2PzwTpT1gPALrtdhknVlCtE
azyPtVIg2swt3kWm5bsYJgOHhnnnDTEX412XXJTqQUmmZCTAeKRIo0xtG9Kicujy
gzIhxQd14i7jniYzj8uNkNWEaIBfehSqQM+IWRSB6AgV5AnalDudgSyN2R7yDi2a
vLt+H1UuESlfuYmqQgG9pDrJG1nigWxMhexm6Ykdz3LnSbzcrkJ9/sCXg0ZCwFok
RYMajxB2nHTvQBCSCSqFPzgViDYlv83Vck6vHGma3Lyhe2YDBIGC8bXNmRS92xl+
FkbssELrtFdxj8cbQ3WTBU33CdTs6EglSmBSJ+E8SkU7Bok09k4uXK+ZdSkq2pdI
I7ZSJufUmKjhvR9l6nSX0/dOOkkvtyDVdB0pPCz5WdwJBS5lInbbUMB7sU71pXor
swpHeQaED/BlDcxFIRKAneAfTpBgVzhoPnDnN1xYriLdsZ9kND3KzsXNaT9JeqWF
AgwDXjg0p2IN1X8BEACtnlSJlSqalmdhXWD4lKMiz+uQVGaHJty5Rw7CHiFLI7rU
wIMnZXQNCiQY+boTaQNe8VqeZ91ptsaIr+2VTrs2gGFbWccQQHwdPN582V7BSQiv
mdkxJhE69TTXyu4R/ycDuIgAtXpRA8pLcWsSRWkYtjzKC9Um8y7S+yqsMKCGyTjd
gU1mUPrPCJeh6/bThMiowfkIT1GPh4udBSQp6aFW2MOzFySOgphxXPC866lW42T6
aCN3n8/kpkc9SKUklUlxt0SKuoghC9NF5pIKANpKWNLrpHv3Y+UXqQt5FIjQLJe0
eUGZEkOpihaldG5ObOY9ddRvbnGhaJiK6UXDa5PSCVYG9Fxk9Tw85TKJNbBqd18W
A0cj8+CL5eJo+WM91oVbsr4MwE3lKGogVd/9nnylvy8hamoD08A9EN3uf4aqbsTE
S5HvHca80WjjMo6LrwcBz6N0RFwQggNT998Mlvb/JRN0Km8EfgDKBbjABBvCHPg7
SALnnZNgQbb3Cg3JS7Z9Fe4pKHyUxf6zJsGui0rmFa4r8xrwIkrHSUGk5I431Nkk
RS+ppU+Y/Pew0tE7rc2PkzM6lYexphFnViwQZqpHc9EHy2QffN/YkqaFuvIsSbs/
fbnJFNgYyW3l2u4Iiaf1UKKkpHRTF6W8UPTblsec9USJperDADkk5aKMV3W0WNRo
AQkCEEpvhrTP6NE+ay6COZGVai/ESvAF7ovx14AS2sMwaB9JPEcUG/S+cbMByDmo
sc4vHi3BpDxLgltUyUHC2gGkFbc6s9afM8Bd3Ut8jiLPMayhGGpe0natHoo5xz6p
Qktw4dL+mCQ=
=jZC7
-----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- created_at: "2024-08-05T15:30:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VARAAuoptUmFjfyG7uDw42T68nvuetOcF/Zr8hvfcNOtZXFM3
L4tgIBc9H5dg1S+XeFM1QweMiJdRhzXsUmLXhIFC9Bj+jaVcS5xHQ4RGcHRYBbeV
ssoG7hbgESBAvXW7+AUySp9vyn97dasFlb67uuBeLhTl2NImh5OY1sLsrjBPIJVv
SU+LPQqSn37kdrN/Ui3llGv2mVPioMovCEJG2EWykFrk7ameLmkznYYysiJ5WIx2
PIavyLm/E4KG3EuV/6mCDnLMocQwLkIyVkOR/GGesaZPpI9OkeN42EXyPUKeWyc5
52CbiR8XeRjMuQSF6zqYfat0npz+hO8mdAJLTVcoTzP2BaA78dxg7kpYxVLNTS5b
8hv/ndIWQr6P3fi9lzIpQOqHQ5HU7SoZm8oZeXmZWejyn5+j9omTkKmIpzZ91SHW
c6eDCeG5Aq5s9Vp6CuQQ+vHpEEEiX8SNdqkEoDtcIVYd1/LZLBdN2JxW9zFi1yGJ
HW2Dcef+sN3ide7tIgZ4fHogV9WUaaJBcvXsbDcXxAZk5Kw/ejFwCznZry/u9PQP
uaAVKuD9q4XdI4sMBdbr1yqXnkUBVDRVnqNLu5Upu2S2CnPJlOYUvqkR+nqcRdwz
W+cGMCyzL+s/8wfi3JRrcrbmnp8aVR9aZEthZnn5M9LPF/PfVOIka9H7QArC+UHU
aAEJAhB5SM7t19txEM97n6VHwEYZ4ya9i7ntC1mPx3ORTGAToSQFVvNXtXfsZOYc
WRxBcRKBsWj/p1TCh66mvrSDE33bthrvZgWBJunXFOVwXDmVNbWEi20lgu6/IFUJ
fMdLui4jsCVY
=uQ7o
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.8.1

3
cluster/apps/default/kustomization.yaml
View File

@ -9,5 +9,4 @@ resources:
- ./exim - ./exim
- ./well-known-site - ./well-known-site
- ./dendrite - ./dendrite
- ./ganymede - ./ganymede
- ./piwigo

74
cluster/apps/default/piwigo/helm-release.yaml
View File

@ -1,74 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: piwigo
namespace: default
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 3.1.0
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
controllers:
main:
# pod:
# securityContext:
# runAsNonRoot: true
# runAsUser: 10000
# runAsGroup: 10000
# fsGroup: 10000
# fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: lscr.io/linuxserver/piwigo
tag: 14.5.0
env:
PUID: 9000
PGID: 9000
TZ: ${SERVER_TIMEZONE}
service:
app:
controller: main
ports:
http:
port: 80
ingress:
main:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
#traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
hosts:
- host: "gallery.${SECRET_NEW_DOMAIN}"
paths:
- path: /
service:
identifier: app
port: http
persistence:
config:
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/piwigo/config
globalMounts:
- path: /config
gallery:
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/piwigo/gallery
globalMounts:
- path: /gallery

4
cluster/apps/default/piwigo/kustomization.yaml
View File

@ -1,4 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helm-release.yaml

77
cluster/apps/media/jellyfin/helm-release.yaml
View File

@ -1,4 +1,3 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2 apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease kind: HelmRelease
metadata: metadata:
@ -9,69 +8,63 @@ spec:
chart: chart:
spec: spec:
chart: app-template chart: app-template
version: 3.3.2 version: 1.3.x
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: bjws-charts name: bjws-charts
namespace: flux-system namespace: flux-system
values: values:
controllers: image:
main: repository: linuxserver/jellyfin
containers: tag: "10.9.9"
app:
image: podLabels:
repository: linuxserver/jellyfin needsAuthentik: "yes"
tag: 10.9.9
env:
env: PUID: 10000
PUID: 10000 PGID: 10000
PGID: 10000 TZ: America/New_York
TZ: America/New_York
resources:
# requests:
# cpu: 100m
limits:
gpu.intel.com/i915: 1
memory: 16Gi
defaultPodOptions:
nodeSelector:
intel.feature.node.kubernetes.io/gpu: "true"
service: service:
app: main:
controller: main
ports: ports:
http: http:
port: 8096 port: 8096
ingress: ingress:
main: main:
enabled: true
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt-production cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts: hosts:
- host: "watch.${SECRET_NEW_DOMAIN}" - host: &host "watch.${SECRET_NEW_DOMAIN}"
paths: paths:
- path: / - path: /
service: pathType: Prefix
identifier: app tls:
port: http - hosts:
- *host
persistence: persistence:
config: config:
enabled: true
type: hostPath type: hostPath
hostPath: /mnt/MainPool/Kubernetes/jellyfin hostPath: /mnt/MainPool/Kubernetes/jellyfin
globalMounts: mountPath: /config
- path: /config
storage:
media: enabled: true
type: hostPath type: hostPath
hostPath: /mnt/MainPool/Media/Media hostPath: /mnt/MainPool/Media/Media
globalMounts: mountPath: /storage/Media
- path: /storage/Media
readOnly: true resources:
requests:
cpu: 3m
memory: 1500Mi
limits:
memory: 4000Mi

154
cluster/apps/media/plex/helm-release.yaml
View File

@ -8,129 +8,79 @@ spec:
chart: chart:
spec: spec:
chart: app-template chart: app-template
version: 3.3.2 version: 1.3.x
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: bjws-charts name: bjws-charts
namespace: flux-system namespace: flux-system
values: values:
controllers:
plex:
containers:
app:
image:
repository: ghcr.io/onedr0p/plex
tag: 1.40.4.8679-424562606
env:
TZ: America/New_York
PLEX_ADVERTISE_URL: https://kube-plex.${SECRET_NEW_DOMAIN}:443,http://192.168.10.71:32400
PLEX_NO_AUTH_NETWORKS: 192.168.10.0/24,192.168.20.0/24,10.0.0.0/16,10.43.0.0/16
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /identity
port: 32400
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
startup:
enabled: true
spec:
failureThreshold: 30
periodSeconds: 10
securityContext: image:
allowPrivilegeEscalation: false repository: lscr.io/linuxserver/plex
readOnlyRootFilesystem: true tag: "1.40.4"
capabilities: { drop: ["ALL"] }
env:
resources: TZ: "America/New_York"
# requests: PUID: "1000"
# cpu: 100m PGID: "1000"
limits: VERSION: "docker"
gpu.intel.com/i915: 1
memory: 16Gi
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
#supplementalGroups: [44, 10000]
#seccompProfile: { type: RuntimeDefault }
nodeSelector:
intel.feature.node.kubernetes.io/gpu: "true"
service: service:
app: main:
controller: plex type: LoadBalancer
# type: LoadBalancer
# annotations: annotations:
# io.cilium/lb-ipam-ips: 192.168.10.71 metallb.universe.tf/loadBalancerIPs: "192.168.10.70"
metallb.universe.tf/allow-shared-ip: "main-ip-192.168.10.70"
ports: ports:
http: http:
port: 32400 port: 32400
targetPort: 32400
probes:
liveness:
enabled: false
ingress: ingress:
app: main:
enabled: true
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt-production cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
className: external
hosts: hosts:
- host: "kube-plex.${SECRET_NEW_DOMAIN}" - host: &host "plex.${SECRET_NEW_DOMAIN}"
paths: paths:
- path: / - path: /
service: pathType: Prefix
identifier: app tls:
port: http - hosts:
- *host
persistence: persistence:
config: config:
#existingClaim: plex enabled: true
# TODO: If setting up Plex for the first time, you'll want to add the globalMounts section type: hostPath
type: persistentVolumeClaim hostPath: /mnt/MainPool/Kubernetes/plex
size: 15Gi mountPath: /config
retain: true
storageClass: mainpool-hostpath
accessMode: ReadWriteOnce
globalMounts:
- path: /config/Library/Application Support/Plex Media Server
# Separate PVC for cache to avoid backing up cache files
cache:
type: persistentVolumeClaim
size: 15Gi
retain: true
storageClass: mainpool-hostpath
accessMode: ReadWriteOnce
globalMounts:
- path: /config/Library/Application Support/Plex Media Server/Cache
logs: storage:
type: emptyDir enabled: true
globalMounts:
- path: /config/Library/Application Support/Plex Media Server/Logs
tmp:
type: emptyDir
transcode:
type: emptyDir
media:
type: hostPath type: hostPath
hostPath: /mnt/MainPool/Media/Media hostPath: /mnt/MainPool/Media/Media
globalMounts: mountPath: /storage/Media
- path: /media
readOnly: true # transcodes:
# enabled: true
# type: pvc
# accessMode: ReadWriteOnce
# size: 40Gi
# mountPath: /transcode
resources:
requests:
memory: 720Mi
limits:
memory: 5000Mi

25
cluster/core/intel-gpu/files/gpu-plugin.yaml
View File

@ -1,25 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: intel-gpu-plugin
namespace: intel-gpu
spec:
interval: 5m
chart:
spec:
chart: intel-device-plugins-gpu
version: 0.30.0
sourceRef:
kind: HelmRepository
name: intel
namespace: flux-system
dependsOn:
- name: intel-device-operator
namespace: intel-gpu
values:
name: intel-gpu-plugin
sharedDevNum: 3
nodeFeatureRule: true

8
cluster/core/intel-gpu/files/helm-repos.yaml
View File

@ -1,8 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: intel
namespace: flux-system
spec:
interval: 1m
url: https://intel.github.io/helm-charts

23
cluster/core/intel-gpu/files/intel-device-plugins-operator.yaml
View File

@ -1,23 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: intel-device-operator
namespace: intel-gpu
spec:
interval: 5m
chart:
spec:
chart: intel-device-plugins-operator
version: 0.30.0
sourceRef:
kind: HelmRepository
name: intel
namespace: flux-system
dependsOn:
- name: nfd
namespace: kube-system
values:

7
cluster/core/intel-gpu/files/kustomization.yaml
View File

@ -1,7 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-repos.yaml
- namespace.yaml
- intel-device-plugins-operator.yaml
- gpu-plugin.yaml

4
cluster/core/intel-gpu/files/namespace.yaml
View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: intel-gpu

21
cluster/core/intel-gpu/ks.yaml
View File

@ -1,21 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-secrets
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./cluster/core/intel-gpu
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: nfd
namespace: flux-system

4
cluster/core/kustomization.yaml
View File

@ -6,6 +6,4 @@ resources:
- ./cert-manager - ./cert-manager
- ./networking - ./networking
- ./storage - ./storage
- ./kube-replicator - ./kube-replicator
- ./nfd
- ./intel-gpu

8
cluster/core/nfd/files/helm-repos.yaml
View File

@ -1,8 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: nfd-charts
namespace: flux-system
spec:
interval: 1m
url: https://kubernetes-sigs.github.io/node-feature-discovery/charts

5
cluster/core/nfd/files/kustomization.yaml
View File

@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-repos.yaml
- nfd.yaml

19
cluster/core/nfd/files/nfd.yaml
View File

@ -1,19 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: nfd
namespace: kube-system
spec:
interval: 5m
chart:
spec:
chart: node-feature-discovery
version: v0.16.3
sourceRef:
kind: HelmRepository
name: nfd-charts
namespace: flux-system
values:

18
cluster/core/nfd/ks.yaml
View File

@ -1,18 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: nfd
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./cluster/nfd/files
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg