diff --git a/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml b/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml index 9620c4fca..562e14082 100644 --- a/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml +++ b/clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml @@ -773,7 +773,7 @@ data: siteMonitor: http://yubal.yubal:80 statusStyle: dot - Music Grabber: - icon: sh-music-service.webp + icon: sh-music-grabber.webp description: Replicate Music playlists href: https://music-grabber.alexlebens.net siteMonitor: http://music-grabber.music-grabber:80 diff --git a/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml b/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml index de18ad7aa..467183352 100644 --- a/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml +++ b/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml @@ -24,7 +24,7 @@ spec: template: metadata: annotations: - checksum/configMaps: 50f931b34e6426dd49ee991e141af06691c31a739759f30cc262f461e4aa9e15 + checksum/configMaps: 25d95f4e20076f5e4f3eecd74cdc275731e8707fae04b371f1886a60b02335f3 checksum/secrets: d3ba83f111cd32f92c909268c55ad8bbd4f9e299b74b35b33c1a011180d8b378 labels: app.kubernetes.io/controller: main diff --git a/clusters/cl01tl/manifests/music-grabber/Deployment-music-grabber.yaml b/clusters/cl01tl/manifests/music-grabber/Deployment-music-grabber.yaml index 8930e8301..e817db3e1 100644 --- a/clusters/cl01tl/manifests/music-grabber/Deployment-music-grabber.yaml +++ b/clusters/cl01tl/manifests/music-grabber/Deployment-music-grabber.yaml @@ -29,6 +29,9 @@ spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch hostIPC: false hostNetwork: false hostPID: false @@ -67,24 +70,23 @@ spec: name: music-grabber-config-secret - name: SLSKD_DOWNLOADS_PATH value: /mnt/store/slskd/Downloads - image: g33kphr33k/musicgrabber:2.5.5 - imagePullPolicy: IfNotPresent + image: g33kphr33k/musicgrabber:2.5.5@sha256:756ce91653b2f5f17f8f47e5c91f07df5af82162608acdf507e6209a16725373 name: main resources: limits: cpu: 100m requests: cpu: 10m - memory: 512Mi + memory: 50Mi volumeMounts: - mountPath: /data - name: cache + name: data - mountPath: /mnt/store/ name: music volumes: - - name: cache + - name: data persistentVolumeClaim: - claimName: music-grabber + claimName: music-grabber-data - name: music persistentVolumeClaim: claimName: music-grabber-nfs-storage diff --git a/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-config-secret.yaml b/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-config-secret.yaml index e797c894b..170a8178c 100644 --- a/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-config-secret.yaml +++ b/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-config-secret.yaml @@ -14,29 +14,17 @@ spec: data: - secretKey: navidrome-user remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/navidrome/admin - metadataPolicy: None property: user - secretKey: navidrome-password remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/navidrome/admin - metadataPolicy: None property: password - secretKey: slskd-user remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/slskd/auth - metadataPolicy: None property: user - secretKey: slskd-password remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/slskd/auth - metadataPolicy: None property: password diff --git a/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-data-backup-secret-external.yaml b/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-data-backup-secret-external.yaml new file mode 100644 index 000000000..48457768a --- /dev/null +++ b/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-data-backup-secret-external.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: music-grabber-data-backup-secret-external + namespace: music-grabber + labels: + helm.sh/chart: volsync-target-data-0.8.0 + app.kubernetes.io/instance: music-grabber + app.kubernetes.io/part-of: music-grabber + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: music-grabber-data-backup-secret-external +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/music-grabber/music-grabber-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/digital-ocean + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/digital-ocean + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: AWS_ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-data-backup-secret-local.yaml b/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-data-backup-secret-local.yaml new file mode 100644 index 000000000..797e02c6e --- /dev/null +++ b/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-data-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: music-grabber-data-backup-secret-local + namespace: music-grabber + labels: + helm.sh/chart: volsync-target-data-0.8.0 + app.kubernetes.io/instance: music-grabber + app.kubernetes.io/part-of: music-grabber + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: music-grabber-data-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/music-grabber/music-grabber-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-data-backup-secret-remote.yaml b/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-data-backup-secret-remote.yaml new file mode 100644 index 000000000..d2fc83b5f --- /dev/null +++ b/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-data-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: music-grabber-data-backup-secret-remote + namespace: music-grabber + labels: + helm.sh/chart: volsync-target-data-0.8.0 + app.kubernetes.io/instance: music-grabber + app.kubernetes.io/part-of: music-grabber + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: music-grabber-data-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/music-grabber/music-grabber-data" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-wireguard-conf.yaml b/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-wireguard-conf.yaml index dea36b241..35de4f14d 100644 --- a/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-wireguard-conf.yaml +++ b/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-wireguard-conf.yaml @@ -14,29 +14,17 @@ spec: data: - secretKey: private-key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /airvpn/conf/cl01tl - metadataPolicy: None property: private-key - secretKey: preshared-key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /airvpn/conf/cl01tl - metadataPolicy: None property: preshared-key - secretKey: addresses remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /airvpn/conf/cl01tl - metadataPolicy: None property: addresses - secretKey: input-ports remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /airvpn/conf/cl01tl - metadataPolicy: None property: input-ports diff --git a/clusters/cl01tl/manifests/music-grabber/HTTPRoute-music-grabber.yaml b/clusters/cl01tl/manifests/music-grabber/HTTPRoute-music-grabber.yaml index 2caa8ecc4..a18a72973 100644 --- a/clusters/cl01tl/manifests/music-grabber/HTTPRoute-music-grabber.yaml +++ b/clusters/cl01tl/manifests/music-grabber/HTTPRoute-music-grabber.yaml @@ -23,7 +23,7 @@ spec: name: music-grabber namespace: music-grabber port: 80 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/music-grabber/Namespace-music-grabber.yaml b/clusters/cl01tl/manifests/music-grabber/Namespace-music-grabber.yaml deleted file mode 100644 index 9f78a02c5..000000000 --- a/clusters/cl01tl/manifests/music-grabber/Namespace-music-grabber.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: music-grabber - labels: - app.kubernetes.io/name: music-grabber - app.kubernetes.io/instance: music-grabber - app.kubernetes.io/part-of: music-grabber - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber.yaml b/clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber-data.yaml similarity index 84% rename from clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber.yaml rename to clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber-data.yaml index f3ca0a4dd..069c68ed5 100644 --- a/clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber.yaml +++ b/clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber-data.yaml @@ -1,14 +1,12 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: music-grabber + name: music-grabber-data labels: app.kubernetes.io/instance: music-grabber app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: music-grabber helm.sh/chart: music-grabber-4.6.2 - annotations: - helm.sh/resource-policy: keep namespace: music-grabber spec: accessModes: diff --git a/clusters/cl01tl/manifests/music-grabber/ReplicationSource-music-grabber-data-backup-source-external.yaml b/clusters/cl01tl/manifests/music-grabber/ReplicationSource-music-grabber-data-backup-source-external.yaml new file mode 100644 index 000000000..974383b41 --- /dev/null +++ b/clusters/cl01tl/manifests/music-grabber/ReplicationSource-music-grabber-data-backup-source-external.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: music-grabber-data-backup-source-external + namespace: music-grabber + labels: + helm.sh/chart: volsync-target-data-0.8.0 + app.kubernetes.io/instance: music-grabber + app.kubernetes.io/part-of: music-grabber + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: music-grabber-data-backup +spec: + sourcePVC: music-grabber-data + trigger: + schedule: 46 10 * * * + restic: + pruneIntervalDays: 7 + repository: music-grabber-data-backup-secret-external + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/music-grabber/ReplicationSource-music-grabber-data-backup-source-local.yaml b/clusters/cl01tl/manifests/music-grabber/ReplicationSource-music-grabber-data-backup-source-local.yaml new file mode 100644 index 000000000..77f9d76e8 --- /dev/null +++ b/clusters/cl01tl/manifests/music-grabber/ReplicationSource-music-grabber-data-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: music-grabber-data-backup-source-local + namespace: music-grabber + labels: + helm.sh/chart: volsync-target-data-0.8.0 + app.kubernetes.io/instance: music-grabber + app.kubernetes.io/part-of: music-grabber + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: music-grabber-data-backup +spec: + sourcePVC: music-grabber-data + trigger: + schedule: 46 8 * * * + restic: + pruneIntervalDays: 7 + repository: music-grabber-data-backup-secret-local + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/music-grabber/ReplicationSource-music-grabber-data-backup-source-remote.yaml b/clusters/cl01tl/manifests/music-grabber/ReplicationSource-music-grabber-data-backup-source-remote.yaml new file mode 100644 index 000000000..483af14c2 --- /dev/null +++ b/clusters/cl01tl/manifests/music-grabber/ReplicationSource-music-grabber-data-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: music-grabber-data-backup-source-remote + namespace: music-grabber + labels: + helm.sh/chart: volsync-target-data-0.8.0 + app.kubernetes.io/instance: music-grabber + app.kubernetes.io/part-of: music-grabber + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: music-grabber-data-backup +spec: + sourcePVC: music-grabber-data + trigger: + schedule: 46 9 * * * + restic: + pruneIntervalDays: 7 + repository: music-grabber-data-backup-secret-remote + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/navidrome/Deployment-navidrome-feishin.yaml b/clusters/cl01tl/manifests/navidrome/Deployment-navidrome-feishin.yaml index 12de1d6cc..27a126b70 100644 --- a/clusters/cl01tl/manifests/navidrome/Deployment-navidrome-feishin.yaml +++ b/clusters/cl01tl/manifests/navidrome/Deployment-navidrome-feishin.yaml @@ -43,6 +43,9 @@ spec: value: navidrome - name: SERVER_URL value: https://navidrome.alexlebens.net - image: ghcr.io/jeffvli/feishin:1.0.1-beta.1@sha256:61239641f23a33f99c2858419b14afb66683f3cd82010363fba92be3993fd894 - imagePullPolicy: IfNotPresent + image: ghcr.io/jeffvli/feishin:1.9.0@sha256:5e6959afd27dabadd8f68fed8b0485d851593c61ca558194295bf8950262cc07 name: main + resources: + requests: + cpu: 1m + memory: 20Mi diff --git a/clusters/cl01tl/manifests/navidrome/Deployment-navidrome-main.yaml b/clusters/cl01tl/manifests/navidrome/Deployment-navidrome-main.yaml index 4945af45c..7634405d0 100644 --- a/clusters/cl01tl/manifests/navidrome/Deployment-navidrome-main.yaml +++ b/clusters/cl01tl/manifests/navidrome/Deployment-navidrome-main.yaml @@ -29,6 +29,9 @@ spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch hostIPC: false hostNetwork: false hostPID: false @@ -49,8 +52,7 @@ spec: value: "true" - name: ND_AUTOIMPORTPLAYLISTS value: "true" - image: deluan/navidrome:0.61.0@sha256:b14a6acb5cd5ee73f3a13d63d8d68ede82dedb796aa522fbada94769d990cf0b - imagePullPolicy: IfNotPresent + image: ghcr.io/navidrome/navidrome:0.61.0@sha256:b14a6acb5cd5ee73f3a13d63d8d68ede82dedb796aa522fbada94769d990cf0b name: main resources: limits: @@ -58,7 +60,7 @@ spec: requests: cpu: 10m gpu.intel.com/i915: 1 - memory: 128Mi + memory: 50Mi volumeMounts: - mountPath: /cache name: cache diff --git a/clusters/cl01tl/manifests/navidrome/HTTPRoute-navidrome-feishin.yaml b/clusters/cl01tl/manifests/navidrome/HTTPRoute-navidrome-feishin.yaml index 5db9f0fc3..5ba9ce82d 100644 --- a/clusters/cl01tl/manifests/navidrome/HTTPRoute-navidrome-feishin.yaml +++ b/clusters/cl01tl/manifests/navidrome/HTTPRoute-navidrome-feishin.yaml @@ -23,7 +23,7 @@ spec: name: navidrome-feishin namespace: navidrome port: 80 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/navidrome/HTTPRoute-navidrome-main.yaml b/clusters/cl01tl/manifests/navidrome/HTTPRoute-navidrome-main.yaml index 24b9629ae..4393df43f 100644 --- a/clusters/cl01tl/manifests/navidrome/HTTPRoute-navidrome-main.yaml +++ b/clusters/cl01tl/manifests/navidrome/HTTPRoute-navidrome-main.yaml @@ -23,7 +23,7 @@ spec: name: navidrome-main namespace: navidrome port: 80 - weight: 100 + weight: 1 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/manifests/node-feature-discovery/DaemonSet-node-feature-discovery-worker.yaml b/clusters/cl01tl/manifests/node-feature-discovery/DaemonSet-node-feature-discovery-worker.yaml index 600c58c96..d384e142f 100644 --- a/clusters/cl01tl/manifests/node-feature-discovery/DaemonSet-node-feature-discovery-worker.yaml +++ b/clusters/cl01tl/manifests/node-feature-discovery/DaemonSet-node-feature-discovery-worker.yaml @@ -40,7 +40,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "registry.k8s.io/nfd/node-feature-discovery:v0.18.3" + image: "gcr.io/k8s-staging-nfd/node-feature-discovery:v0.18.3@sha256:f9ef2ebee55141a1758d3c0a87bb701f5db2adf6856f7218b11bc2bac7b63862" imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -67,11 +67,10 @@ spec: fieldRef: fieldPath: metadata.uid resources: - limits: - memory: 512Mi + limits: {} requests: - cpu: 20m - memory: 60Mi + cpu: 1m + memory: 20Mi command: - "nfd-worker" args: diff --git a/clusters/cl01tl/manifests/node-feature-discovery/Deployment-node-feature-discovery-gc.yaml b/clusters/cl01tl/manifests/node-feature-discovery/Deployment-node-feature-discovery-gc.yaml index e123734f1..860abbb48 100644 --- a/clusters/cl01tl/manifests/node-feature-discovery/Deployment-node-feature-discovery-gc.yaml +++ b/clusters/cl01tl/manifests/node-feature-discovery/Deployment-node-feature-discovery-gc.yaml @@ -32,7 +32,7 @@ spec: hostNetwork: false containers: - name: gc - image: "registry.k8s.io/nfd/node-feature-discovery:v0.18.3" + image: "gcr.io/k8s-staging-nfd/node-feature-discovery:v0.18.3@sha256:f9ef2ebee55141a1758d3c0a87bb701f5db2adf6856f7218b11bc2bac7b63862" imagePullPolicy: "IfNotPresent" livenessProbe: httpGet: @@ -54,11 +54,10 @@ spec: args: - "-gc-interval=1h" resources: - limits: - memory: 1Gi + limits: {} requests: - cpu: 20m - memory: 60Mi + cpu: 1m + memory: 20Mi securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/clusters/cl01tl/manifests/node-feature-discovery/Deployment-node-feature-discovery-master.yaml b/clusters/cl01tl/manifests/node-feature-discovery/Deployment-node-feature-discovery-master.yaml index f93dac5f6..6ab5ebd21 100644 --- a/clusters/cl01tl/manifests/node-feature-discovery/Deployment-node-feature-discovery-master.yaml +++ b/clusters/cl01tl/manifests/node-feature-discovery/Deployment-node-feature-discovery-master.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: Helm role: master spec: - replicas: 2 + replicas: 1 revisionHistoryLimit: selector: matchLabels: @@ -42,7 +42,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "registry.k8s.io/nfd/node-feature-discovery:v0.18.3" + image: "gcr.io/k8s-staging-nfd/node-feature-discovery:v0.18.3@sha256:f9ef2ebee55141a1758d3c0a87bb701f5db2adf6856f7218b11bc2bac7b63862" imagePullPolicy: IfNotPresent startupProbe: httpGet: @@ -69,11 +69,10 @@ spec: command: - "nfd-master" resources: - limits: - memory: 4Gi + limits: {} requests: - cpu: 20m - memory: 60Mi + cpu: 10m + memory: 20Mi args: - "-enable-leader-election" - "-feature-gates=NodeFeatureGroupAPI=true" diff --git a/clusters/cl01tl/manifests/node-feature-discovery/Job-node-feature-discovery-prune.yaml b/clusters/cl01tl/manifests/node-feature-discovery/Job-node-feature-discovery-prune.yaml index 508a045ea..8074e5a1b 100644 --- a/clusters/cl01tl/manifests/node-feature-discovery/Job-node-feature-discovery-prune.yaml +++ b/clusters/cl01tl/manifests/node-feature-discovery/Job-node-feature-discovery-prune.yaml @@ -34,7 +34,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true - image: "registry.k8s.io/nfd/node-feature-discovery:v0.18.3" + image: "gcr.io/k8s-staging-nfd/node-feature-discovery:v0.18.3@sha256:f9ef2ebee55141a1758d3c0a87bb701f5db2adf6856f7218b11bc2bac7b63862" imagePullPolicy: IfNotPresent command: - "nfd-master" @@ -56,8 +56,7 @@ spec: key: node-role.kubernetes.io/control-plane operator: Exists resources: - limits: - memory: 4Gi + limits: {} requests: - cpu: 20m - memory: 60Mi + cpu: 10m + memory: 20Mi