diff --git a/clusters/cl01tl/manifests/backrest/backrest.yaml b/clusters/cl01tl/manifests/backrest/backrest.yaml index 1e459f5b3..0fe876ec9 100644 --- a/clusters/cl01tl/manifests/backrest/backrest.yaml +++ b/clusters/cl01tl/manifests/backrest/backrest.yaml @@ -53,27 +53,6 @@ spec: --- kind: PersistentVolumeClaim apiVersion: v1 -metadata: - name: backrest-config - labels: - app.kubernetes.io/instance: backrest - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: backrest - helm.sh/chart: backrest-4.4.0 - annotations: - helm.sh/resource-policy: keep - namespace: backrest -spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "1Gi" - storageClassName: "ceph-block" ---- -# Source: backrest/charts/backrest/templates/common.yaml -kind: PersistentVolumeClaim -apiVersion: v1 metadata: name: backrest-data labels: @@ -92,6 +71,27 @@ spec: storage: "10Gi" storageClassName: "ceph-block" --- +# Source: backrest/charts/backrest/templates/common.yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: backrest-config + labels: + app.kubernetes.io/instance: backrest + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: backrest + helm.sh/chart: backrest-4.4.0 + annotations: + helm.sh/resource-policy: keep + namespace: backrest +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + storageClassName: "ceph-block" +--- # Source: backrest/templates/persistent-volume-claim.yaml apiVersion: v1 kind: PersistentVolumeClaim diff --git a/clusters/cl01tl/manifests/cilium/cilium.yaml b/clusters/cl01tl/manifests/cilium/cilium.yaml index 4b912c8db..5cc6557fa 100644 --- a/clusters/cl01tl/manifests/cilium/cilium.yaml +++ b/clusters/cl01tl/manifests/cilium/cilium.yaml @@ -13,28 +13,28 @@ apiVersion: v1 kind: ServiceAccount metadata: name: "cilium" - namespace: cilium + namespace: kube-system --- # Source: cilium/charts/cilium/templates/cilium-envoy/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: "cilium-envoy" - namespace: cilium + namespace: kube-system --- # Source: cilium/charts/cilium/templates/cilium-operator/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: "cilium-operator" - namespace: cilium + namespace: kube-system --- # Source: cilium/charts/cilium/templates/hubble-relay/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: "hubble-relay" - namespace: cilium + namespace: kube-system automountServiceAccountToken: false --- # Source: cilium/charts/cilium/templates/hubble-ui/serviceaccount.yaml @@ -42,48 +42,48 @@ apiVersion: v1 kind: ServiceAccount metadata: name: "hubble-ui" - namespace: cilium + namespace: kube-system --- # Source: cilium/charts/cilium/templates/cilium-ca-secret.yaml apiVersion: v1 kind: Secret metadata: name: cilium-ca - namespace: cilium + namespace: kube-system data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lRYWxsK3l3NjFVWXdPekxsYTBtTGFqREFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalV4TWpBek1ESXhNVE01V2hjTk1qZ3hNakF5TURJeApNVE01V2pBVU1SSXdFQVlEVlFRREV3bERhV3hwZFcwZ1EwRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRREdIVzZkNUR3ZHRKbThYTGdXVldoV3hRbFZ3c2l5RGY0d0o0ZUx6blRTWEhTYStGSHYKdkg1c1RlZFlGVjlBMnFTR2JWSHE2NlplZHBFUm83N21aN0hyb1BtcUZJeEJCeThXOUZQRWo3aUZqVlo1NUV6Vgo4d3NsbmVPRkREMEcrOXpWbjZxR3dDZEtud1k3SDdheHhqVlZRUXdsMjNTcjAzSUxQeGM0b0g2YmJmOWhUY0dZCmVpcTRhdTRDdGZhcDZQajNpZEsxbmFrZHo0MUFSWHQ0dndkQlZqY2c2UnJ1TGVITEdBQmtmY0kyUE9rMDFwYnkKbHg5cU5weWZuK3JRTHoyM3JBWmhBNlNWVEFpOVNnKzkxSlJkYnNkNE02dUtLNmV1YmZvK3VuWk5JR2JJYXFCYgpIWnJlazIyeWg5MVIxZnQ5ZzlkS2dvYjl2bm9ma3lJd0x5V1RBZ01CQUFHallUQmZNQTRHQTFVZER3RUIvd1FFCkF3SUNwREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QWRCZ05WSFE0RUZnUVVnTmtPQ3JiMm0rY0tacTJ1Znh1MkRFOTdQYUF3RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFLcmlZazdCeVBnaitFdjJpMlM0ejE1ZWIvQnM4YW1hb2RWTFlOWjZJd2lMQ3BwMk9zamZ5bUJHCjFpT3B4NkVyUjVZUXc3eVUxQWY2ZnQ4Nm9nbTczaFRNeldya3Y2ZlFIeDlnRy9iQ1h6L09SenY5T3BERFRPa00KL2ZZOTlnZi9RejZaVWtTcDFIcFhYRmF0T21HN1VtS3FmWVhvb296SDVKb2lpbzdiYWNQM1ljcEg1Z09TTDRrTgpPRjk5eWgwZjJTZnRYTktPbll0bjVlT0thOE5rMzR1OEdYMzl6dGFCVFdsOXViemtnczBjSDVmZ05lWTBUbnV6CjFUSFlwSGNHaU5Ybk4relhVQmhkZ0tGS2tyWitKbU02Qk40WXBtVXFMRTQ1eDZEWUVIV3JuNXNlNjl6Vk12eEEKOW9MWkd3YTB3a2ZteWs0RERySGh0MUkrcWpUcWVBOD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - ca.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeGgxdW5lUThIYlNadkZ5NEZsVm9Wc1VKVmNMSXNnMytNQ2VIaTg1MDBseDBtdmhSCjc3eCtiRTNuV0JWZlFOcWtobTFSNnV1bVhuYVJFYU8rNW1leDY2RDVxaFNNUVFjdkZ2UlR4SSs0aFkxV2VlUk0KMWZNTEpaM2poUXc5QnZ2YzFaK3Foc0FuU3A4R094KzJzY1kxVlVFTUpkdDBxOU55Q3o4WE9LQittMjMvWVUzQgptSG9xdUdydUFyWDJxZWo0OTRuU3RaMnBIYytOUUVWN2VMOEhRVlkzSU9rYTdpM2h5eGdBWkgzQ05qenBOTmFXCjhwY2ZhamFjbjUvcTBDODl0NndHWVFPa2xVd0l2VW9QdmRTVVhXN0hlRE9yaWl1bnJtMzZQcnAyVFNCbXlHcWcKV3gyYTNwTnRzb2ZkVWRYN2ZZUFhTb0tHL2I1Nkg1TWlNQzhsa3dJREFRQUJBb0lCQUFHcVo2NnVKNDg4WUhxRAo4UXhIQll5Tk5ZbmlERnZxNERNNWNkdE1EaEZpczV4RjhESnF6RWxPMGw0Y04rUE1zc3RxaWVER3dHeFU1TjFZCkdoZkgwV2dndjFpZHVad21XbEFBRitBME1TSDJVVDdQRzVKRTY5Z1NIc0tVbXNLL1JWa0tjWjJXYWY0bm5oN0wKSW5jV0tvYWYrR0V0R2lzRHFSYk5IZjNjNDVPYzhsVFhHa2h6UTNRNkgzRGhwYmx3bm1ndjZVNW5rQkhCSUZaTwpCSk5iMy9ISDFmN0NZMTFMcmlhcHI0Uk9adC9yUzdUUEo3cUlpZHhnakpaT2RIS3RRNUE3MG5FOWZ0OVFPVTZ5CmpqTkRwKzNXNy9zSVlpSTBLTk1KYklJUDlEbWtwUnZ4QkFHbTR1cnNYMnlSSHFZbzlKd2FCbnI5d2ZuWjJFa2wKWHRJd05DRUNnWUVBeXBPdEl0WDUwRkd4aUVVeFhqQ2Y5OHd2NEwyNUY0bGE3ekpzNDVjTFlqMFlvVjBsVmkzNgpwNHRUaENOMXkwRGova3V4RVlNc1pSZC83NWFJekx5ZmhVSkgvVUdDYVlkcGJ4N0VmaC8zaldxNGlhbndWSEtQClc2bmNlQ3FEMjhmci93Skk0ZjNPbG1iQStZOEZtMWMySUFLYXBiaXFvMHhIOFA2QTZFS1FIVU1DZ1lFQStseUcKaTNReGFmaFgrODZxNEhLZkIweW54VGdSNFZodUVnR1o3VEhldGw0REpmdFcvZ3R5TlBxZDF0dFJ3T29lRmhJWQp1aFN4b1VYNmhvbzdlSjA0UXlWTWZiWVJOUnBpaTBDNytjWGkraXhpc2ZqV2kxSUQ1RkdVQ3VtNEdKM2pyYWhXCnU3czFxZlVodlpNNkpKUWhJRGMvVnpJRjVxbWwzTU5oT2FzcnFYRUNnWUJxTUhOSG1ZYjBUbjZUZ2tIWXNBQ0sKOHJ2K1FUV3ZRczhxSi9Ld2N0TUMwaWdCSGtTZUlrZ01YNXFOMzlDMWxQUnVydHJJNVV2MlNoVkVVRkt4a0FiRwo0ZkcrcmdKZ3N4enZwTjgzaGlaTU9TODI2cUFTaEdMbGwrcjhDcjFJRGtxRlNIdFFDNjJwWlgrdTBld01lL0RoCllyd1NOdlVyMkthMWk1T2pMSkZDNVFLQmdRQ29GekVhTmhQckl4cm5iSFZicG5sUkxFMUQ0NFpWdHNxSCtsMC8KWElrOEJkaTFTbys0bHpUQmp6WWtDREpXaEpsWWxpUFY0NGp6VDRtSmhRdXl5bFA0K1BUblBqTkZaUWFlbWdMYgpDdHArdndnd2wzSnNMYytCSHFoM3Z6MmtBWFhZcFRvK1pzMzc0eUlaSnQwVnJBS2xuNUkrVjg2UWRIeHd3UmpvCjRCeTdjUUtCZ1FDWmwvQ09JUXczbG9nZVpOa0trTmhlR01xT1BlbHgzSnJCcEEwbU5HaDZwNEpSc092U1B4NzEKaDZHTDV2MllRelpETHVkR2ZsbDNvMkgzd042NWxiV1Z4MGUrZGllNVZoOFFsWWd0YnpXV0dMSWtDSkhwdVlTNQp5a1pWellTaVl5SC9KU1NpMEJPa3JQcFlGOGtFQmRQRGZ5MUF6VEV1cVA3TDZGQXp2OFdva0E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQUlDK0J4YUhQeG5mNDlQOGlTd3k5a2t3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEkxTVRJd016QTBNVFkwTUZvWERUSTRNVEl3TWpBMApNVFkwTUZvd0ZERVNNQkFHQTFVRUF4TUpRMmxzYVhWdElFTkJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUFzQ0Q4aHdFd2FXRHN4a01vUGN2aFE3VERsSzdBVVM0SDVLLzIvUEJwaWU4RkYxU00KRkgrSGtkc21hNXZxUXl6WDdwd0RmRHpBRHdUUmNJdkxickZqY1BoQTF4MTdmUGVKSXBtZ0xlVWVUT0FWRENaUgpOMUJXaCsrNkJWaElMUWJhUituRUQyT1lZTThKeFk5OExxVjVYTmkyTEs0SGxhQnRIWjdSVFpsZ3JVNDNGSTlICkNzN0tmT0JONjIyVDR3dDFVRTdCNU5qVEZsMnUxUk9WK0hRak51cHNWSlFSYzA3Y294WEhReTAxVE1lb2lnWTkKNnZES0NXM1ZUTnlsZE83NGV4VlhJbUovOW5NZlQyMGJ1c200S09ibGttOEhTQ3RBY1RjOUI2SWUva0YvSzZIdQpUdGx5YWEwa3hCVW5rZTlUVXhoVEVRR0U0UDRha3d5NEgwWWJEd0lEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGSVBVMFJjZUR0NFVleWYreEplN0JMcnY3TlYvTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQlBuQ3piK2N0WG04VkRjT3YzVE9oWDZGbzVLSERWUElUOWhrQnhkb1NCNWRmNmNrM0FBVnNjClRIQjEvTTFTRDY1VnpFeFhFdWdkUkxQSjZGTDFzZTM2UjJFSjk3RjhudTV5VTRreEtYb1pmYmZKaFh1WW5hT1AKaXcxbU50V3EwS0t6TGhidHJkY3loaXlUTUFpeWFXTGs4RzRERURTZERPS1paS3ZsMFlpakd2dllpNEVQTXJlVAo3WDEyQzdlcjdCL0hEVlRLbFZVTnRFKzRyR0ZjZTFnLzYwVm9XT0dKckg4S0ozYjVUSC85bWpYemMvbml0TVBGCnFyb3B4aUxXVXdlNWZMTkhkaFI3ZnNkRDd3NWpuV0pFOU9CWFR4TXY3OXlJNVIwd3JOcytSQjA5dXRheUd4b0UKQUFadFdkZkx5TzA4dXhQaWZKenk2OUJUUWw3V3ZkWGcKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + ca.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBc0NEOGh3RXdhV0RzeGtNb1BjdmhRN1REbEs3QVVTNEg1Sy8yL1BCcGllOEZGMVNNCkZIK0hrZHNtYTV2cVF5elg3cHdEZkR6QUR3VFJjSXZMYnJGamNQaEExeDE3ZlBlSklwbWdMZVVlVE9BVkRDWlIKTjFCV2grKzZCVmhJTFFiYVIrbkVEMk9ZWU04SnhZOThMcVY1WE5pMkxLNEhsYUJ0SFo3UlRabGdyVTQzRkk5SApDczdLZk9CTjYyMlQ0d3QxVUU3QjVOalRGbDJ1MVJPVitIUWpOdXBzVkpRUmMwN2NveFhIUXkwMVRNZW9pZ1k5CjZ2REtDVzNWVE55bGRPNzRleFZYSW1KLzluTWZUMjBidXNtNEtPYmxrbThIU0N0QWNUYzlCNkllL2tGL0s2SHUKVHRseWFhMGt4QlVua2U5VFV4aFRFUUdFNFA0YWt3eTRIMFliRHdJREFRQUJBb0lCQUhBUDdOeHhFejVaSHcxZQplV0lvTUdHRng5TDRCUUVoeW4va3ZiOWRyNmpGWFhYa28yUC9hR0NURVRUeWRQRGN2VjdpQVEyeEVYbjgxTTFKCkJOeWZIT2dwN0FkeWlMbVFQYjY0QkVSdlBRSW9xUHViL1p5MkR2aGF2UDdkbHI2ZlY0N2QyNUwzQ1dLL0dEYU0KL3JRbk1McTBYK1M1cmJXejV2a3JyWHcwRkdEdkRsaUhRdUJHQ1lmbjkvbXAwYUlWYXhsN1BScG1vdHFSdkxCYwpYTnlVbXdhVEIrekRqYStzOFd3VDVoWE9EYWc3YS9XWkxMOGZ0VmZzTE9mcW5HdXlaNVVBblBvL1FiY0x5TGpOCmJlWUg5OVV1a0diakgrZHhJUW94YTFOc2lKSUpoTlVyUVlrSHBIM1IyOXFZVXdUZ0kwaTQ5Z2Y5MFZYLzIzUXcKQVdaOUpIRUNnWUVBNEhQRVYydnorcVg3dXBzdUtpRWVnTkc0M2NTdlZCelh3OG5OSXVhT2ZLUndEdkU4b01NMAo5UlBZdkpLeFFZcEplT2ZPN29RSjBsQ04wSmZuTjEwdVBFOFVOckx2bHYzMmh4cllYYlpxUExTNmZKQUpkQ3g3Cis2RUd6OEV0aHhLZmhXYUJYNTZnSm4rQk1NQ1cwSjZOT3JDS0drc0xOc3BrR3A3aUdXaGY1TzBDZ1lFQXlPSnoKSHpkRDlNWTRyR2E0RjlpeVBqWHVFdGs2c05zZUJRL28vUUQzeWZDbjRRMzFUamEvREJVa2Z0a3MxK2prN3dFVwpUWDgySFJ6L3hDVUJZek1hMm5SNDlJN2JSSHVCRStYbytHVEdQbnVRRjM1MjN0MVo3YXpNaDU3S0xTMTRqZFhmCjkzeGpUaDJ0MEw4SnplTkVMeVlpSUkzQU9LQkp6NEJoaTZGVm5Hc0NnWUVBdytjbk9xcGxnNksxNlBTaXdYQ3cKdi96TW52dVprQSt3bnhtV3ExeVNodVc3VEw5dmpGMTA3bWVKSjJYZHduZWhreDY0ZFdQWGNyS09aTDhBdDBqawpIdzFpZGkrTmdMdGZIaUxuTUR3VDA3Sm1obXZ0WkhHak1VZ2x1dFZBR0lHL3E5NkJFdVZQb09wdTV3OWhVdXJnCkY1YVlvMFJXb0ZiY01vUDBrZnFRb0MwQ2dZQm5yOUtpQXlHVlh4YnpqWlZwNFpTbTNhbERtMUphNU02SzZGcG0KOUsveFVNRW1QZEVuRE1UeGxKd2d5VElIUTVPZTlaMndaSC9tNlFmdkV2YXpZRFoxR1hjeEsrZHJZcUFPU0RaRwp0NlZIclBtRDF1ZStRdHhlL0RrWnExRkpubFhDUitseFVZZmtVeGRiVHEvZDBIZHFLckdrd2VXOGxLZGtiaXhyCktOd0tmd0tCZ0E0Q3RiQVJiK01sNHNUYXNJbHlFOHVidGNXa294RVZoQlowMkpJQXg0dXhtTU5ZdENTdlFQY3kKd2ZtQTRRL1pYelJMaDhXWDVSYXorU003VUdISXcxUWV2ZEROSkp3TS9BRHRNRDJjeURUTDFTQnAxRHc4MFFZagpHMjR2b2pTSTNlTHVwTXZ2MkNBcXJnR21LWStCUWQzd3NKQzNjRE8zNnVOcmgyY3dnaGsrCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== --- # Source: cilium/charts/cilium/templates/hubble/tls-helm/relay-client-secret.yaml apiVersion: v1 kind: Secret metadata: name: hubble-relay-client-certs - namespace: cilium + namespace: kube-system type: kubernetes.io/tls data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lRYWxsK3l3NjFVWXdPekxsYTBtTGFqREFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalV4TWpBek1ESXhNVE01V2hjTk1qZ3hNakF5TURJeApNVE01V2pBVU1SSXdFQVlEVlFRREV3bERhV3hwZFcwZ1EwRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRREdIVzZkNUR3ZHRKbThYTGdXVldoV3hRbFZ3c2l5RGY0d0o0ZUx6blRTWEhTYStGSHYKdkg1c1RlZFlGVjlBMnFTR2JWSHE2NlplZHBFUm83N21aN0hyb1BtcUZJeEJCeThXOUZQRWo3aUZqVlo1NUV6Vgo4d3NsbmVPRkREMEcrOXpWbjZxR3dDZEtud1k3SDdheHhqVlZRUXdsMjNTcjAzSUxQeGM0b0g2YmJmOWhUY0dZCmVpcTRhdTRDdGZhcDZQajNpZEsxbmFrZHo0MUFSWHQ0dndkQlZqY2c2UnJ1TGVITEdBQmtmY0kyUE9rMDFwYnkKbHg5cU5weWZuK3JRTHoyM3JBWmhBNlNWVEFpOVNnKzkxSlJkYnNkNE02dUtLNmV1YmZvK3VuWk5JR2JJYXFCYgpIWnJlazIyeWg5MVIxZnQ5ZzlkS2dvYjl2bm9ma3lJd0x5V1RBZ01CQUFHallUQmZNQTRHQTFVZER3RUIvd1FFCkF3SUNwREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QWRCZ05WSFE0RUZnUVVnTmtPQ3JiMm0rY0tacTJ1Znh1MkRFOTdQYUF3RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFLcmlZazdCeVBnaitFdjJpMlM0ejE1ZWIvQnM4YW1hb2RWTFlOWjZJd2lMQ3BwMk9zamZ5bUJHCjFpT3B4NkVyUjVZUXc3eVUxQWY2ZnQ4Nm9nbTczaFRNeldya3Y2ZlFIeDlnRy9iQ1h6L09SenY5T3BERFRPa00KL2ZZOTlnZi9RejZaVWtTcDFIcFhYRmF0T21HN1VtS3FmWVhvb296SDVKb2lpbzdiYWNQM1ljcEg1Z09TTDRrTgpPRjk5eWgwZjJTZnRYTktPbll0bjVlT0thOE5rMzR1OEdYMzl6dGFCVFdsOXViemtnczBjSDVmZ05lWTBUbnV6CjFUSFlwSGNHaU5Ybk4relhVQmhkZ0tGS2tyWitKbU02Qk40WXBtVXFMRTQ1eDZEWUVIV3JuNXNlNjl6Vk12eEEKOW9MWkd3YTB3a2ZteWs0RERySGh0MUkrcWpUcWVBOD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTRENDQWpDZ0F3SUJBZ0lRZUJnRjVVYXJja3lkMFZadjNMblh4ekFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalV4TWpBek1ESXhNVE01V2hjTk1qWXhNakF6TURJeApNVE01V2pBak1TRXdId1lEVlFRRERCZ3FMbWgxWW1Kc1pTMXlaV3hoZVM1amFXeHBkVzB1YVc4d2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDcXZ3bXMveUxTell5VkEyRk1LWGZtUWFBUlVnZFQKMWN3OE5rZEhBY0dDUmtmZmUxYVpvSmlScG1HNEUxdnBQaWxGcDQ1MklOR0hrNVQ3VHlXZmtqZTVHUWtTdHpJNwpBUE50dEFkWkc4S3lGcU90M0NrYStRYmNmOVZKd2Qxb0pNbkFQVzgwRjEreHNxdjFPcVNteTBqZVB4NHA3anFICjEweUswL3BGMEdrcnh1QmEwL0Z3SCtxMWZ4Z1laQlFFOFdPZHRZVHQwdzQzSUZuMHNmRmt1bHFGQkR2V29YcmIKRytRN0tGekF3VGtyRW1SR3l1TEIzRGVZVldEdjNNQnhUNVNnTFRxN0w4NFRtaSt4a25jUVAwL2NrUHgzYmJwRwp6REpOM0hBN3BnamRvbTV2RWk4NkhnSDQvaHdTVjNKTEtLaHVGSDFVaDBlT3hLamVXNlJJZ0R3ZkFnTUJBQUdqCmdZWXdnWU13RGdZRFZSMFBBUUgvQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUYKQlFjREFqQU1CZ05WSFJNQkFmOEVBakFBTUI4R0ExVWRJd1FZTUJhQUZJRFpEZ3EyOXB2bkNtYXRybjhidGd4UAplejJnTUNNR0ExVWRFUVFjTUJxQ0dDb3VhSFZpWW14bExYSmxiR0Y1TG1OcGJHbDFiUzVwYnpBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFKdC9VblExTmlHTmZuQ2VsZEVPeGpES250S1hZN00wQkh3b2tZb0E4Z25UY3ltODQKSC9XRmpyM29ldVgzV01aRDl4d0JlS05mUUZhQ2pWcEsrc2w0YnB6a0pldlYrVENkS01WelNrM3NXSndmMjJYcQp6U3FhUCtYcVdSWUN2aW4vRTVnUk9hSFVhWmxER1RXTEYyVnFMc1RnV21DWjFUR21BYzgwanYxVDJhY0FXVk02Cno0MWhqWmJaZWU4Ym8xUTJGNEFJbEladWJWTnVxTGtDRlRzMGh4NWtJekJZczhOeUs2bWxLeEJlV0xkZkNERC8KczZyTklDalkrTkMwT2JPTk5wMEtjZjNuVk9oSnFaUEw2MUpaa3ZZbUIxWnU0aml4YWpycHp5Q3hsNWtJa09KRwoxY1ZWa0hmUGZzVkw3NEJzejNwblFObXJITXFDQi83ZStxSncrdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBcXI4SnJQOGkwczJNbFFOaFRDbDM1a0dnRVZJSFU5WE1QRFpIUndIQmdrWkgzM3RXCm1hQ1lrYVpodUJOYjZUNHBSYWVPZGlEUmg1T1UrMDhsbjVJM3VSa0pFcmN5T3dEemJiUUhXUnZDc2hhanJkd3AKR3ZrRzNIL1ZTY0hkYUNUSndEMXZOQmRmc2JLcjlUcWtwc3RJM2o4ZUtlNDZoOWRNaXRQNlJkQnBLOGJnV3RQeApjQi9xdFg4WUdHUVVCUEZqbmJXRTdkTU9OeUJaOUxIeFpMcGFoUVE3MXFGNjJ4dmtPeWhjd01FNUt4SmtSc3JpCndkdzNtRlZnNzl6QWNVK1VvQzA2dXkvT0U1b3ZzWkozRUQ5UDNKRDhkMjI2UnN3eVRkeHdPNllJM2FKdWJ4SXYKT2g0QitQNGNFbGR5U3lpb2JoUjlWSWRIanNTbzNsdWtTSUE4SHdJREFRQUJBb0lCQVFDUVdWTW53c1pBNnU4MwpweFRobTRrMnl6STBrbUdKZVl6aE5vNEp0SzFRb25QdXRrbmZOUXJtejM5N2JEcGV0R09WOUhLVzRXWGlOVjFWCkhITlZOUHNRNjk1a3lTV1pCbFBGNGRYNGVtU2R4RS82RXM5WmMwQmV0MStzckUydTFyTU5aNktVcWxJSFcyTE8KdmhZbXdHTkpLSmtxbjdFeDJFMW9iSTcvNkpLUkkzNVZrRDZ0bUJxMDd3VzFVK3IzRHhLRExHMUFiYk43V0xIQwpsZy9ObDJBTkZ4My8xYU8xNkhMZnVINHhiaUNLV21sYlVXdWdBR2RpMHhaWnlaeWNmQ3hpN2thNHdjSXNpWitvCnpITHYrdzdIa3lHNlNRbXg3KzB6bGtVT084V1c0SFM1Q284ZjZ0RnVwbmlLbjE3R2plT3pVQVloWGxUWndaZFIKWnpxZCt5MXBBb0dCQU5Ebm9udmppQ1E3VERJK05ubCtlc2lqNHBpOFhLeVJyS2JRUzEvSDFRSExvUnVMbXpqTApTdTNibEE3bDJyNEt3V2RPR2ozM05USUdCVDBIUWl4elFNclg1dFVBaEJqZ0o5MGRLaXRkSWhqK2JaQW9xTU8xCjhFRlpwUG9lN0FNTVZZZVVQNkc4a0Izd2FISm1FcmZKd05PeEZRSE1FKytpVEVHYm0wVjczcy96QW9HQkFORTkKTDVVR1lhK2pUeER6YS9tRXh0SFNBU213T3pUeWVIb1dNWUZETUFqS3AwQXQ5Q3U2Y0FHaC9qVDF4c0xmR1JFOQpBV1dYRlNqSzczTk82QzY2aG5Tb2NPOTlhTjRmb1UyWitZR013NGtscFY2RjB2QzRsREtmZ2FadWFlVDdMUXk4CmMxS3UwRndtcklVRnc0WG10UnVwajRzekN1NjVLRXJid2VzSC9Kb2xBb0dBWUszeW1wZFFtRVFCSFhlQlNuVG8KYWhhK2RhVW0xbzZNY3A4UFl3SmVaL2hQVlNvazZnSGJhWDBuWmtXbUdERnVGRnNtOWVxRWFlUXpaRzBKaVB6Rgp6WnBocjg0UFZGdlkxeEg2UkJ0VC9uRXhUM2doc29GdThTK0ZsR1BmSWdJQlN6K211emxERVRnRGZuNFN4NC9OCmQ2c0taOHlFcFhCZERqZnZnaGF6cFZVQ2dZRUFvUXVnOWVqRmd6UUZCUnoyZkVSdjZzcmlUajN3TkI1MEVEUEkKd3A3OTk2WlMrSmptR0VvVkw0eUpaaVhOWit2akZWdUpHYkloZlJaRkd0RWU3K2hzMkpsVTQxLzVPUTNMVHprMQp5enFXdlphV0k1eUk4UEtBVGo1cXdiaTJGS0ltMkdpcnNuWU90UDZuUm5OYlBGS0lEdFNCUVRoMkw2dWZrWTUzClFQa1N1V2tDZ1lBV05oKzBTc1BvZXl5SFU5Nmc1STN0RTdpVXlycVpmNVhCa1NTd09Kc0RSalEzczdKVHRzRWMKb2dHbk1yQ0NqdTFlenVKU2luMmg0K0lmWE1QUDNETzFVbUpCcFVGeXJjdEppNTdKUCt0NjV2YStnNG1LV2RTNgpBL2FMTlZpRm5vV1ZuTEJmUUJoRWQ5Mnkvdi92Y2lhY1U0cUtTNXhoZldoNGJvb0UxdUNZK3c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQUlDK0J4YUhQeG5mNDlQOGlTd3k5a2t3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEkxTVRJd016QTBNVFkwTUZvWERUSTRNVEl3TWpBMApNVFkwTUZvd0ZERVNNQkFHQTFVRUF4TUpRMmxzYVhWdElFTkJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUFzQ0Q4aHdFd2FXRHN4a01vUGN2aFE3VERsSzdBVVM0SDVLLzIvUEJwaWU4RkYxU00KRkgrSGtkc21hNXZxUXl6WDdwd0RmRHpBRHdUUmNJdkxickZqY1BoQTF4MTdmUGVKSXBtZ0xlVWVUT0FWRENaUgpOMUJXaCsrNkJWaElMUWJhUituRUQyT1lZTThKeFk5OExxVjVYTmkyTEs0SGxhQnRIWjdSVFpsZ3JVNDNGSTlICkNzN0tmT0JONjIyVDR3dDFVRTdCNU5qVEZsMnUxUk9WK0hRak51cHNWSlFSYzA3Y294WEhReTAxVE1lb2lnWTkKNnZES0NXM1ZUTnlsZE83NGV4VlhJbUovOW5NZlQyMGJ1c200S09ibGttOEhTQ3RBY1RjOUI2SWUva0YvSzZIdQpUdGx5YWEwa3hCVW5rZTlUVXhoVEVRR0U0UDRha3d5NEgwWWJEd0lEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGSVBVMFJjZUR0NFVleWYreEplN0JMcnY3TlYvTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQlBuQ3piK2N0WG04VkRjT3YzVE9oWDZGbzVLSERWUElUOWhrQnhkb1NCNWRmNmNrM0FBVnNjClRIQjEvTTFTRDY1VnpFeFhFdWdkUkxQSjZGTDFzZTM2UjJFSjk3RjhudTV5VTRreEtYb1pmYmZKaFh1WW5hT1AKaXcxbU50V3EwS0t6TGhidHJkY3loaXlUTUFpeWFXTGs4RzRERURTZERPS1paS3ZsMFlpakd2dllpNEVQTXJlVAo3WDEyQzdlcjdCL0hEVlRLbFZVTnRFKzRyR0ZjZTFnLzYwVm9XT0dKckg4S0ozYjVUSC85bWpYemMvbml0TVBGCnFyb3B4aUxXVXdlNWZMTkhkaFI3ZnNkRDd3NWpuV0pFOU9CWFR4TXY3OXlJNVIwd3JOcytSQjA5dXRheUd4b0UKQUFadFdkZkx5TzA4dXhQaWZKenk2OUJUUWw3V3ZkWGcKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTRENDQWpDZ0F3SUJBZ0lRVGRkUTE3bjJkNFVjWlgvK3JwZXJrVEFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalV4TWpBek1EUXhOalF3V2hjTk1qWXhNakF6TURReApOalF3V2pBak1TRXdId1lEVlFRRERCZ3FMbWgxWW1Kc1pTMXlaV3hoZVM1amFXeHBkVzB1YVc4d2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEQnZVQUswR29OSG5tZUFvbUx0eEFUaVljS21FNU8KYWhWOTBlM0JSSWRsbDN5cXg2c3FURDhHS2xTN3B2MFcwd09nMTh3S29uQzRJTXYzc2NqOFcxSFVRV1ByQ0NySwp2a2ZSTE1YV2xwVWtwQXFxWXdndDJ2RVUwSGdkNmNpOU5MUG04ZURwdUVEU2QrZ0UralRadUM5SkVYNk1LdmtFCk5pcjY5Zm9xbGZuZlNmakE0N2liZHR4ZDh3c1ZPeDUvcy91aHRHYTNWZlJxTStiYW5WQ1dKVnpGdCt1bDZWQ1cKcmRYWTRWK1FzK2VJS0pDQlltZnhFV3BpalFvZFdsRTl2SW5sTjk5dmsvejIzVzBEVkcvWGVkWk5sdndYbU11Qgp6dThjUHJCeWhnNlZtS1RxVUQvT2lRdUQ1MDhhaWxyTUFQejJ5L2xzMStxYmpBNDFwTHNnbU5JM0FnTUJBQUdqCmdZWXdnWU13RGdZRFZSMFBBUUgvQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUYKQlFjREFqQU1CZ05WSFJNQkFmOEVBakFBTUI4R0ExVWRJd1FZTUJhQUZJUFUwUmNlRHQ0VWV5Zit4SmU3Qkxydgo3TlYvTUNNR0ExVWRFUVFjTUJxQ0dDb3VhSFZpWW14bExYSmxiR0Y1TG1OcGJHbDFiUzVwYnpBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFBWmNxeEVWcER0aFovbEtjaXJSUlVBNVl3MGRic0FNM2pzTmxYWFJ3bXY4VmY2RGQKb1JGWElrMEoxQVRnZ3pxMG9NR1BqTCs1ZEQ5bURSR0U1bmcxOWZsWVVTeUZxMzQ0TW91ZFVPbzE3S3hIZklmbgo3dUUvN2VsbFRuaHhLUTJFbjhPUmhoT0d6NitOU1ZkS0FIMUtZY2NiYVBLUjZKNTFqN2JQMndocEgvd2pJdWRqCk9wSXNvcG04eGVSZVd5KzJnZ0JjUXg0MDlUN0kwbHp4KzZOc0ZrVTdGay9jZC8xRThCR0tWalc1NEx0Q0VJeUkKREFEWVIwOTNmeThBUWk0ZEhkSmFmNE1NYVpPZ0lFeVFlYmo5MlQ1b0lKTmpWQ09rNXZtZFRUbkZPdXhJejhicQpGTDJxTTg2TkoyQ3JrQ0JONUI3T1FROVFRaHdpbkU3ZU9MTEFaUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd2IxQUN0QnFEUjU1bmdLSmk3Y1FFNG1IQ3BoT1Rtb1ZmZEh0d1VTSFpaZDhxc2VyCktrdy9CaXBVdTZiOUZ0TURvTmZNQ3FKd3VDREw5N0hJL0Z0UjFFRmo2d2dxeXI1SDBTekYxcGFWSktRS3FtTUkKTGRyeEZOQjRIZW5JdlRTejV2SGc2YmhBMG5mb0JQbzAyYmd2U1JGK2pDcjVCRFlxK3ZYNktwWDUzMG40d09PNAptM2JjWGZNTEZUc2VmN1A3b2JSbXQxWDBhalBtMnAxUWxpVmN4YmZycGVsUWxxM1YyT0Zma0xQbmlDaVFnV0puCjhSRnFZbzBLSFZwUlBieUo1VGZmYjVQODl0MXRBMVJ2MTNuV1RaYjhGNWpMZ2M3dkhENndjb1lPbFppazZsQS8Kem9rTGcrZFBHb3BhekFEODlzdjViTmZxbTR3T05hUzdJSmpTTndJREFRQUJBb0lCQUdXS3VEOHl2dkxEVDBERwoyYXAxdHlKV1NZWC9EOE8vakNZVzJrTWFsTkJsVm56NEM3a3Vueld2Q0J3V1NMNG11TmNiWTZFTFJJTHRCWnA3Ci92aHRNSFZNRkgrQ0YxT042WHd6dURsaFVTZ1VKbGJwY3NiOTRxOWpHQ0d0ZjMzVFdwc25tUmRHY0FzZnQyYXMKY1BqUHRWRFpyM2J0cXZoUEg3WExLR1FibVF3ekFsdThJbXpNWWZlZktlQ2x6NnU1aThmZGlURS9sQnJ5UWJ6dQp6NGpucHZBNDRzOStOQUhrenFmRTNoS1pKM1F5Z2pSK2FXL1pkUU53ekJwdTlNdTlVTkpUSTluTU5FazZoOWowCmZSVEUyQy9pNUszaDIyY2JYaXNWYkZ1a05DTDBTL3FvUkxvbWxGWktwZnN5M3RXbVdEVEE2cXNpbm9JdUltZloKS0s5bGdXa0NnWUVBMVozZmxzb0dSSEtrYU0rdnZwUXkrdFEwYW1ia3Q2YXgrSkkrbjRFcGQzTjM3V3V5WmxzbwprcmZoSVNaR256SldlZkVBNHRVU201cWFjcGhhaUpvUkNpblJZbDJiNlJaNEFWK1BybmNGMGRqblNQak56WGxXClQ1dWtETWp3WERzZm93eTJ0bjVMWGpvOWlzN0pyQXArc2VYaEdvNEkyVGFNYlN3c2QzQUlrUlVDZ1lFQTZDM0EKaWx4UHNyS0xlY2dLTFJaTUFsbVJURnd1c0F5QmozemJUUWRkdVU0cXhqN3F6VmdrSDlYSVJDUy9lUTFpMTg5Ngo2WndpVHBXVkQ2NWEyMG50dUtqNE5zaENaYjVZWHE3VmFaQ09DU3p0MmsxSm96S0IzcnludXhRNWFMSHpvMUYvCmcvRzRpTlErSDFPdkJOenBkd1hLRXh0KzZpQnJaclh0Q0ZwYXNSc0NnWUFKelIrWUxKYlRCeXVSLzQyQndnMEEKdzBIUWEvNHNpd0o1ZEVSWlR6VFczVDV3YjFPVkxMT1UzOGo5bTJMOEpQUWd6alVMTTFtU09DckQvVWVTSXZlTApMdFlEbkdYdDhQRDZweWJSaTNhQjVXRGZVVU1vSFZ3ZmRQVzIvSFZDMWhlaWhJL1JtY1BkZy9DVThONEIvYzFJClhsTFF4Qm1WMWRIbHBIUTUyck1aN1FLQmdGTDJsa2hhZC9nSXFLSVpndGxka0VkK3JkYTFVZEdDaG9FNVFqdWkKR0RGdzV3UHowMzhRc2NmV1lqdEhUa3Y1Sm9xckR1YU83Z3RhaytzSWlGcTNiZ1NBREVHM0NWTEYwMW54Nnp4UApkUkYrUm5ldENsVVFaU3VzQ2R0bGZLWVdnRktwZW9FeFRKbElEZkt2dW1ob2I5d2g2M1VzYkF0SkRsZWpSbEduCng2UmxBb0dCQUtRSHpFSTdpMEJ5NXE3VFpkTlh5eXllVWZUaGRKRmgyckZuSjVJUFRLVmtIYVNHRnZzR2pyVnoKS1VQd3V0c2pHTlVkVGJSUGVKN29XSTM0VEtTTWxvcHliM3I3L0psMmh3MFRvd2RMSTJHZUJRRkh5LzltRUJoNQpkc3ZONFFKc0Y4ZU1YZEhxcGluVWtONjEvcU9EeWNZT0tEZ0lqUjlacHZORDFZOW1ueUNpCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== --- # Source: cilium/charts/cilium/templates/hubble/tls-helm/server-secret.yaml apiVersion: v1 kind: Secret metadata: name: hubble-server-certs - namespace: cilium + namespace: kube-system type: kubernetes.io/tls data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lRYWxsK3l3NjFVWXdPekxsYTBtTGFqREFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalV4TWpBek1ESXhNVE01V2hjTk1qZ3hNakF5TURJeApNVE01V2pBVU1SSXdFQVlEVlFRREV3bERhV3hwZFcwZ1EwRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRREdIVzZkNUR3ZHRKbThYTGdXVldoV3hRbFZ3c2l5RGY0d0o0ZUx6blRTWEhTYStGSHYKdkg1c1RlZFlGVjlBMnFTR2JWSHE2NlplZHBFUm83N21aN0hyb1BtcUZJeEJCeThXOUZQRWo3aUZqVlo1NUV6Vgo4d3NsbmVPRkREMEcrOXpWbjZxR3dDZEtud1k3SDdheHhqVlZRUXdsMjNTcjAzSUxQeGM0b0g2YmJmOWhUY0dZCmVpcTRhdTRDdGZhcDZQajNpZEsxbmFrZHo0MUFSWHQ0dndkQlZqY2c2UnJ1TGVITEdBQmtmY0kyUE9rMDFwYnkKbHg5cU5weWZuK3JRTHoyM3JBWmhBNlNWVEFpOVNnKzkxSlJkYnNkNE02dUtLNmV1YmZvK3VuWk5JR2JJYXFCYgpIWnJlazIyeWg5MVIxZnQ5ZzlkS2dvYjl2bm9ma3lJd0x5V1RBZ01CQUFHallUQmZNQTRHQTFVZER3RUIvd1FFCkF3SUNwREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QWRCZ05WSFE0RUZnUVVnTmtPQ3JiMm0rY0tacTJ1Znh1MkRFOTdQYUF3RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFLcmlZazdCeVBnaitFdjJpMlM0ejE1ZWIvQnM4YW1hb2RWTFlOWjZJd2lMQ3BwMk9zamZ5bUJHCjFpT3B4NkVyUjVZUXc3eVUxQWY2ZnQ4Nm9nbTczaFRNeldya3Y2ZlFIeDlnRy9iQ1h6L09SenY5T3BERFRPa00KL2ZZOTlnZi9RejZaVWtTcDFIcFhYRmF0T21HN1VtS3FmWVhvb296SDVKb2lpbzdiYWNQM1ljcEg1Z09TTDRrTgpPRjk5eWgwZjJTZnRYTktPbll0bjVlT0thOE5rMzR1OEdYMzl6dGFCVFdsOXViemtnczBjSDVmZ05lWTBUbnV6CjFUSFlwSGNHaU5Ybk4relhVQmhkZ0tGS2tyWitKbU02Qk40WXBtVXFMRTQ1eDZEWUVIV3JuNXNlNjl6Vk12eEEKOW9MWkd3YTB3a2ZteWs0RERySGh0MUkrcWpUcWVBOD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWakNDQWo2Z0F3SUJBZ0lRVVY2RU1iaTZlNitISkdGQkRwNEFlVEFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalV4TWpBek1ESXhNVE01V2hjTk1qWXhNakF6TURJeApNVE01V2pBcU1TZ3dKZ1lEVlFRRERCOHFMbVJsWm1GMWJIUXVhSFZpWW14bExXZHljR011WTJsc2FYVnRMbWx2Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBelB1SDJyVHBkVmZtU0tDNitGbTQKb3BrN0NqVXlwaTdFUHYwZnovaWxJVTY3TDZvYm9hN1hpbXNYcG10YnZpa2QvTTFoQUdTYmVNa0ZRRFVOUzBrYgpIaytNZzNXQzBBTWVTSlhCYTJVRWhsUHREZGcrcDBaNHY5Vm5qaHJhcG0yMTlWMGV1d1BERkNmUkM0bjM3dnBkCjJsWFIyMHMvUUdidmhMZXowbTJUOWNBUzRvbXZ4aHRFVVVEczZRRUt0elcydXVidmNNTWRjK3VocGpLeE9Xa0YKUHpGenU5c0hYVklqdjhSYThxaDNIQXEybmozYU12TjVTOStNVGZDSDBmR1RpTHdCaW5MMkZPWEoyRnVMaWFYWQpIMVovV0IvY2VaR3F0WUtmZ0FUbExZMEpMVkpwa3dEZnB6dDdPK2graldObFFRSTlHbEFFQmp1cGlGSVhNcEtYCkJRSURBUUFCbzRHTk1JR0tNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0QKQVFZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JTQTJRNEt0dmFiNXdwbQpyYTUvRzdZTVQzczlvREFxQmdOVkhSRUVJekFoZ2g4cUxtUmxabUYxYkhRdWFIVmlZbXhsTFdkeWNHTXVZMmxzCmFYVnRMbWx2TUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBbVZmbGlJU3JvNHFIV09pM0EvNzNiZXQrcVhiV2EKN3VPMnlSSjE5dWFUMVdRRDhzRVF4SXAzOVBrOTgxL3doRnNaazJjTHJ1VVRZNElJdTlHQkZRMFpBTFRnRjl3Lwpuc0pKKzNsaGI3Nml6WUFDZlVpaGdrM3lqcjhMbTZsWGtjcEhvcmtlYWNXZDltV1FWZGtXNHVyVEFFa09VcXBkCnc0Q1FCZUJCZWVRbDBHZzFnOGNMODh5V2ZvU0FaVXNhY3lJZ09FM3d2YXYzUmlEWlM2eFF6VWNwOFZwOUhvaWUKNytmNFgvS3FwWFczYmdROU5TWFZFV3IxbG5QaXZGejA4VkxrS2d0dE5EVjhFYVI1UEpET2dtQ0RGeUIzblprOApRRTIxRkdyRHdCMGpRNHpDZEZ1WnliVnNScTNvOEVEZTQ4d0ZjNy9ZSmtCamdkbnJKSjhiUG5uawotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBelB1SDJyVHBkVmZtU0tDNitGbTRvcGs3Q2pVeXBpN0VQdjBmei9pbElVNjdMNm9iCm9hN1hpbXNYcG10YnZpa2QvTTFoQUdTYmVNa0ZRRFVOUzBrYkhrK01nM1dDMEFNZVNKWEJhMlVFaGxQdERkZysKcDBaNHY5Vm5qaHJhcG0yMTlWMGV1d1BERkNmUkM0bjM3dnBkMmxYUjIwcy9RR2J2aExlejBtMlQ5Y0FTNG9tdgp4aHRFVVVEczZRRUt0elcydXVidmNNTWRjK3VocGpLeE9Xa0ZQekZ6dTlzSFhWSWp2OFJhOHFoM0hBcTJuajNhCk12TjVTOStNVGZDSDBmR1RpTHdCaW5MMkZPWEoyRnVMaWFYWUgxWi9XQi9jZVpHcXRZS2ZnQVRsTFkwSkxWSnAKa3dEZnB6dDdPK2graldObFFRSTlHbEFFQmp1cGlGSVhNcEtYQlFJREFRQUJBb0lCQVFDelZwV2ptWWh2cTduRQpiU3Rud1VleXFwRm0rdWdYVU85TmxMUlNobDRpNS9rSldMRFlJbHBkdGhoNDk1REtyTHFaeFM1SzQ3cktVRVdSCnlWaWFONW5NU1JqTW92RVNBTWhzQk9tMmhpa1JSVGd2VnJScU1WUFBzbXZwZmtFeVB1WmxoMVV0bGJzRlZWaWwKMmMzYmZaekRPelpod0ZIVWpMcWR5UU5BNWJILzNMeVlLVlQvQk11MHE4dHFLSGloREFQRXlUSEpYR3hreUlRcQpOQWtPVndycG5PVEZxQmVSTWZaZGJ1QkwremNYMkw4VGMyVW1iejVJZXIxcSs4Nlp3a3NiTzYrNnB3K2tDQ1Q3CjE0UlpkNnhNdjVnTnhwTkNDT0gzbUg4Wk1xLzAybWUzbUxsK1BncDlGZUNtRGsxRTVsS3RIbDFqSmVoODVZdWQKZjBKZEpkVEJBb0dCQVBOSWlodnVJWUQva2tPWG16dXRXcDRLc0Q4OXhzZHJuWmFDSkIrMXl2ZDlCUk00MFBicApFeVo4Ynp2Wms1aytQUnM4UHpXUndsZEUwRlEzTi9ESGc4Mk90dFN2UnFFT05oQjZIVEc2aTd1L3hoWmtFdURrCnBJQ3UzVWxHQk4rYmlQREZ6ZjNkVUVYai9xTGszOWk1ZzdMSkFUclRnbTAyZS9zdnlkMFVnMUZKQW9HQkFOZXkKZVhYSkRpd3VQa2grMjdwd3RrSXlzam0yQ0wvSndpOTBOUTdSK1M3RW1CZUhVQXhienQ5VmdlZDJuSUJGZ3RxYwpteHByWmhsN3VBZ29DZkNOVW9zZGpsMGxPTmRQeU1qZzlkbnZINE9rSWw0N1YxRDJoREJhMXcvb2R6bTZ5NkdyCk1TZzc2NVh2aitaTURoL2pmQUtScFJQT3I3K1NOTm9LekFDcHhSUGRBb0dCQUlYNXJhMEI3OHQxY3h2c0VwM0QKc3NLVUNrbFpnTzF6Y3o1ZWZ2eERoZm5URElkd1k0dUdBWGpSVUFSNnBwRGV1SklXRkkwd3J3Q1dNZEFlOUp5UgpreUVSZGRnY2lsM0pVTGEwT1AyWXlMamxQSFk2T0RkSFV0eFc4Q0FaQWpnT0ZGVGI2YnZqTkFDNU5SS0p6a2d3CnFiazhmb1BoMU5MR0RYTGY5MS9ibXhHWkFvR0FOVVpzdjQzZ1JVTkt1T2MwYUZGTWd2ODRqQTZOREtuTm42RHAKTmZiZ3dBOW9yVzhMYzNIOW42WGtCd0tCMXlEVUdDRFVJbXRpZFdyY1lvOVpIU1FhdmllWHNTUHZiU2JVcGVFQwplRWlhbFE0bU92WVhNL1VmWXo0Y25sNUJqRzI1dS8ybmo1TjFOYnhNNDRubmR6TGR2MWl2MkR1VnB4QjZvMXhGClZPaVp0N1VDZ1lFQXVBNDdvZy9XazQ2Zmd0Y0owbTFIWUFJcGdlMEJSMnpzS1NpNmNrZmpncUZFelhRNFhEbEYKQmVyY3VYbjBhUHBRYWtEaUt5S0VWUFNXVUJpaVh4dVY0SjBqOU44aGxDREFMVDJRUEFaRDFaVnl0YnIzajRteApRWHFEMkVKREV6MW05VTkyR0EremcwN0RqK1VvMVJvc0hLdlh1T1NWemdQaHRjVGdYTHRDdFpNPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQUlDK0J4YUhQeG5mNDlQOGlTd3k5a2t3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEkxTVRJd016QTBNVFkwTUZvWERUSTRNVEl3TWpBMApNVFkwTUZvd0ZERVNNQkFHQTFVRUF4TUpRMmxzYVhWdElFTkJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUFzQ0Q4aHdFd2FXRHN4a01vUGN2aFE3VERsSzdBVVM0SDVLLzIvUEJwaWU4RkYxU00KRkgrSGtkc21hNXZxUXl6WDdwd0RmRHpBRHdUUmNJdkxickZqY1BoQTF4MTdmUGVKSXBtZ0xlVWVUT0FWRENaUgpOMUJXaCsrNkJWaElMUWJhUituRUQyT1lZTThKeFk5OExxVjVYTmkyTEs0SGxhQnRIWjdSVFpsZ3JVNDNGSTlICkNzN0tmT0JONjIyVDR3dDFVRTdCNU5qVEZsMnUxUk9WK0hRak51cHNWSlFSYzA3Y294WEhReTAxVE1lb2lnWTkKNnZES0NXM1ZUTnlsZE83NGV4VlhJbUovOW5NZlQyMGJ1c200S09ibGttOEhTQ3RBY1RjOUI2SWUva0YvSzZIdQpUdGx5YWEwa3hCVW5rZTlUVXhoVEVRR0U0UDRha3d5NEgwWWJEd0lEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGSVBVMFJjZUR0NFVleWYreEplN0JMcnY3TlYvTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQlBuQ3piK2N0WG04VkRjT3YzVE9oWDZGbzVLSERWUElUOWhrQnhkb1NCNWRmNmNrM0FBVnNjClRIQjEvTTFTRDY1VnpFeFhFdWdkUkxQSjZGTDFzZTM2UjJFSjk3RjhudTV5VTRreEtYb1pmYmZKaFh1WW5hT1AKaXcxbU50V3EwS0t6TGhidHJkY3loaXlUTUFpeWFXTGs4RzRERURTZERPS1paS3ZsMFlpakd2dllpNEVQTXJlVAo3WDEyQzdlcjdCL0hEVlRLbFZVTnRFKzRyR0ZjZTFnLzYwVm9XT0dKckg4S0ozYjVUSC85bWpYemMvbml0TVBGCnFyb3B4aUxXVXdlNWZMTkhkaFI3ZnNkRDd3NWpuV0pFOU9CWFR4TXY3OXlJNVIwd3JOcytSQjA5dXRheUd4b0UKQUFadFdkZkx5TzA4dXhQaWZKenk2OUJUUWw3V3ZkWGcKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWekNDQWorZ0F3SUJBZ0lSQUxLcUtsWHVEVDBJUlRPYXY2TmtjQ293RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEkxTVRJd016QTBNVFkwTUZvWERUSTJNVEl3TXpBMApNVFkwTUZvd0tqRW9NQ1lHQTFVRUF3d2ZLaTVrWldaaGRXeDBMbWgxWW1Kc1pTMW5jbkJqTG1OcGJHbDFiUzVwCmJ6Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQVBtVk4rUDBVamgxUnFkcHlqdnAKTEt0b3Z3SXBXQk95T0dJMFJNKytyVzZWU3dLTzEvdUNzTFlTU1NWUHYwamcydkNnMXl5YmcxeVVCUVl3MExjNQo1bzdEeVhsQ2RJbzFSMU92bjc5VUNNdCtvdlhQVStMSlBVd2F0Z1duQUc2K281eE5weDZzVk5uM24rb1RYRHVlCjljZkJ3U3F4a0JMRWVCZ3VsaWJRZU55L1MxWUdtcFVoMmI5QWVvdGV2bHhNOFM2bEM0d3QrTUE1QkhyMGRtOU8KaExMdEttMnVQRkxFV2xYdlY1dTk2bTZicG9WWkl6Z2lQbkdTYnhwRE5KU3h0bjNRQmVHTklWcWNwRll0am1CUQpUb1JTMTFSdTIxYXAzZERwUTMvSlh3dlJUNy8rZ2J4Z3lCRnU5djYwRzRyQUpybE4vdi9XWUJtRm5zUjNueXVsCnVHc0NBd0VBQWFPQmpUQ0JpakFPQmdOVkhROEJBZjhFQkFNQ0JhQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUgKQXdFR0NDc0dBUVVGQndNQ01Bd0dBMVVkRXdFQi93UUNNQUF3SHdZRFZSMGpCQmd3Rm9BVWc5VFJGeDRPM2hSNwpKLzdFbDdzRXV1L3MxWDh3S2dZRFZSMFJCQ013SVlJZktpNWtaV1poZFd4MExtaDFZbUpzWlMxbmNuQmpMbU5wCmJHbDFiUzVwYnpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQVNaU3QwcjVXQW43ZGdsK1p5WkNscStZS2RqdkMKeXR6WmpocHpaRXE2cytlN2dtdyszM082RDdGNnphU2RMV0hrMmNCNzc3VUU5YkNkOXN2WXIrRnZqMmFIYWx5MwpTK3RYOXNDUmM4cGhYY1BSMEJLNkhkazRYZW8vdkR6ODdBM090TnhtUzBUMkJIYjAzcEFCeHI5UHpNWmhoOXBxCmVNZnZpWkhvSkhlY01HRG1sVWRhQzFTdHYzeUllN25mbUsxejhlV2pxV0F4V3BPVnRiaHZQUGpER2hUREc4M0QKUjZqQ2ZTbGdxeExIUmQrSmhBUnpJQTNmUTRUZFh2VmtrRWY5Tmt6QjV2VjNTVlpHbkx6Nm11NEkyWmtyNGhEMgpIOTBydUhLbjJyRldZUjBHYWFFVUsyWmpTMGc5anpsMSs4dmRBWkZMY3NBdm1wQ3JvTTlTQXBEVWt3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBK1pVMzQvUlNPSFZHcDJuS08ra3NxMmkvQWlsWUU3STRZalJFejc2dGJwVkxBbzdYCis0S3d0aEpKSlUrL1NPRGE4S0RYTEp1RFhKUUZCakRRdHpubWpzUEplVUowaWpWSFU2K2Z2MVFJeTM2aTljOVQKNHNrOVRCcTJCYWNBYnI2am5FMm5IcXhVMmZlZjZoTmNPNTcxeDhIQktyR1FFc1I0R0M2V0p0QjQzTDlMVmdhYQpsU0hadjBCNmkxNitYRXp4THFVTGpDMzR3RGtFZXZSMmIwNkVzdTBxYmE0OFVzUmFWZTlYbTczcWJwdW1oVmtqCk9DSStjWkp2R2tNMGxMRzJmZEFGNFkwaFdweWtWaTJPWUZCT2hGTFhWRzdiVnFuZDBPbERmOGxmQzlGUHYvNkIKdkdESUVXNzIvclFiaXNBbXVVMysvOVpnR1lXZXhIZWZLNlc0YXdJREFRQUJBb0lCQUJHTGNzMWNmSGNwajFqdgpiOTc4U2o2V2MyNzBkeE9UWUxGT21WTzlSTFhVV3R5SUxCaXJIRDhBVkJJQ1pDRDhaWWVxMXRWMDdTd1IzN1NLCnMvRmRhWjY1bHEwbWhjaTliQkV1OUZ6ZnpHcDVzWHowSVNKOUlRajdpN1lrQWp6R3UvdWQzZFNqS3FmVDUzTHQKLzNyVmR0T2ZCRFE3SFRTa2lRaXlKYTMrMDdBNHdzbzA0ejM5SXovVEFjN0FhNUViS3V3d2ZMNVltczZkU2wxNgpFOVNtZ3lnVWdqVXJBRXJLbWd1eXE1NExRUVNubXE5eDVjVGkyT05uL1M5MFF5SHI5NERkRzZuaDhkQ21HcHBjCmdocmxEaFJPd0hZNEFKTzlhWEtSUWR5eGJxc2xBaWM5Y1paTUNEOE1CU2xzZTM5K0YyOXdsNFBtQ1RCZVlramUKUWJpUUsya0NnWUVBL1BpbGMrRzA0WTlRWEhuM2FZOE1HTzlQcFhGWVErVXh2Wnk1MG1CVU9QaGhpR0V2QWpJdApWUVhBTzVxbUkrSzdGQkdlRW9YVUtaUGF6RmhDOXFuRjMyK1grcUVGSVJuVi9MNlkzRWJLazVmekVIODFpU01jClJJdlN1MmNpSDlQWXFMc0t3dnVDTllEWnBMSEdaZHU4Zk95QUNTazNzV2Vpd0pmMGNFeFg4RjhDZ1lFQS9KSXYKeUQ0b0tkM242ZlYrL0VEWlE5eXRwTm1VUFVNTHF2VlNFc09xSDFwU0tQd21BL1hkUkd2ZldqTkhEMmFPaVE3MApTYmlNeGpsTXNOanM3V1BVczBlSDNZVThEbzUyeWoyT0hPRFZvMGwxa204dERVL1diL3Y2T1UzZTU5V1VPYVlDCmJMSEd0QzNFN211N2w1RkF2SER6SXpXNGtuR3NmSWNPdkhmMFEzVUNnWUJqQ1JEMUNnTGZYMVR0cjA0ZUJFT1AKSzNrNTR1TFVTZEVzVTBRb1NWQVBzYVcxVjU2b3RHNHM0QUIvRlM4LzAwNjhMNTE3ME9yYmtDZlRZaVp0SE0vNwpobHV3WWdONUR2MUlZbkhEb3U5QjB2WDBtbWlpRkozSGRCbi9CZ1JGQTVISmxOaEV0MlFsZ0JrMHNlaGpEaUIvCm83TUlZeHVMbDNBUENDNUpISW84N3dLQmdRQzI5bU04eUtJcHFnR2RQdVROY1dDeVEwTmEzdTcrN2ZtZXozV3oKK0IvZDlIeitDYUswVGNBTEY2WEYzczJFUDRQVGo0eXhkc29yc2toMjk3MnlQaFpRQk9wTU0zOE5BSERYRW41SApOeXdyekVRcVh2VWc1b3Z0dFhoUFdMUzM5c1VZZWNUWjNuS1dCVzNhVlJxZ3NtMVYxUENjdWdiSnR5VC9WSXI5ClJsd2hIUUtCZ1FDenoxUUZaR3RFSGI2blNUVTQ1aTJING9LREsrNjJTUEx3SDhUbEN5S0pUY3UvYm5sazFuRmoKYVJDSHluNHRMVFVHNFVZdmFFRlBINkpsTllLeTYrTmVsMndnNUJQN2UxRXBNS1llajBrY0JTN01PdllSbmxmZQpxbDdJejIrT0dDS2s1eEpTZi9RNnROcXhJYWFjUUVPNytMQ0V3QkZXUkQycDZycUtrVytOYXc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= --- # Source: cilium/charts/cilium/templates/cilium-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: cilium-config - namespace: cilium + namespace: kube-system data: # Identity allocation mode selects how identities are shared between cilium @@ -369,7 +369,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: cilium-envoy-config - namespace: cilium + namespace: kube-system data: # Keep the key name as bootstrap-config.json to avoid breaking changes bootstrap-config.json: | @@ -380,11 +380,11 @@ apiVersion: v1 kind: ConfigMap metadata: name: hubble-relay-config - namespace: cilium + namespace: kube-system data: config.yaml: | cluster-name: default - peer-service: "hubble-peer.cilium.svc.cluster.local.:443" + peer-service: "hubble-peer.kube-system.svc.cluster.local.:443" listen-address: :4245 gops: true gops-port: "9893" @@ -402,7 +402,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: hubble-ui-nginx - namespace: cilium + namespace: kube-system data: nginx.conf: "server {\n listen 8081;\n listen [::]:8081;\n server_name localhost;\n root /app;\n index index.html;\n client_max_body_size 1G;\n\n location / {\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n\n location /api {\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_pass http://127.0.0.1:8090;\n }\n location / {\n if ($http_user_agent ~* \"kube-probe\") { access_log off; }\n # double `/index.html` is required here\n try_files $uri $uri/ /index.html /index.html;\n }\n\n # Liveness probe\n location /healthz {\n access_log off;\n add_header Content-Type text/plain;\n return 200 'ok';\n }\n }\n}" --- @@ -877,7 +877,7 @@ roleRef: subjects: - kind: ServiceAccount name: "cilium" - namespace: cilium + namespace: kube-system --- # Source: cilium/charts/cilium/templates/cilium-operator/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -893,7 +893,7 @@ roleRef: subjects: - kind: ServiceAccount name: "cilium-operator" - namespace: cilium + namespace: kube-system --- # Source: cilium/charts/cilium/templates/hubble-ui/clusterrolebinding.yaml kind: ClusterRoleBinding @@ -910,14 +910,14 @@ roleRef: subjects: - kind: ServiceAccount name: "hubble-ui" - namespace: cilium + namespace: kube-system --- # Source: cilium/charts/cilium/templates/cilium-agent/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: cilium-config-agent - namespace: cilium + namespace: kube-system labels: app.kubernetes.io/part-of: cilium rules: @@ -1009,7 +1009,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: cilium-config-agent - namespace: cilium + namespace: kube-system labels: app.kubernetes.io/part-of: cilium roleRef: @@ -1019,7 +1019,7 @@ roleRef: subjects: - kind: ServiceAccount name: "cilium" - namespace: cilium + namespace: kube-system --- # Source: cilium/charts/cilium/templates/cilium-agent/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -1036,7 +1036,7 @@ roleRef: subjects: - kind: ServiceAccount name: "cilium" - namespace: cilium + namespace: kube-system --- # Source: cilium/charts/cilium/templates/cilium-agent/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -1053,7 +1053,7 @@ roleRef: subjects: - kind: ServiceAccount name: "cilium" - namespace: cilium + namespace: kube-system --- # Source: cilium/charts/cilium/templates/cilium-operator/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -1070,7 +1070,7 @@ roleRef: subjects: - kind: ServiceAccount name: "cilium-operator" - namespace: cilium + namespace: kube-system --- # Source: cilium/charts/cilium/templates/cilium-operator/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -1087,14 +1087,14 @@ roleRef: subjects: - kind: ServiceAccount name: "cilium-operator" - namespace: cilium + namespace: kube-system --- # Source: cilium/charts/cilium/templates/cilium-agent/service.yaml apiVersion: v1 kind: Service metadata: name: cilium-agent - namespace: cilium + namespace: kube-system labels: k8s-app: cilium app.kubernetes.io/name: cilium-agent @@ -1115,7 +1115,7 @@ apiVersion: v1 kind: Service metadata: name: cilium-envoy - namespace: cilium + namespace: kube-system labels: k8s-app: cilium-envoy app.kubernetes.io/name: cilium-envoy @@ -1137,7 +1137,7 @@ kind: Service apiVersion: v1 metadata: name: cilium-operator - namespace: cilium + namespace: kube-system labels: io.cilium/app: operator name: cilium-operator @@ -1160,7 +1160,7 @@ kind: Service apiVersion: v1 metadata: name: hubble-relay - namespace: cilium + namespace: kube-system annotations: labels: k8s-app: hubble-relay @@ -1181,7 +1181,7 @@ kind: Service apiVersion: v1 metadata: name: hubble-ui - namespace: cilium + namespace: kube-system labels: k8s-app: hubble-ui app.kubernetes.io/name: hubble-ui @@ -1201,7 +1201,7 @@ apiVersion: v1 kind: Service metadata: name: hubble-peer - namespace: cilium + namespace: kube-system labels: k8s-app: cilium app.kubernetes.io/part-of: cilium @@ -1222,7 +1222,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: cilium - namespace: cilium + namespace: kube-system labels: k8s-app: cilium app.kubernetes.io/part-of: cilium @@ -1239,7 +1239,7 @@ spec: metadata: annotations: # ensure pods roll when configmap updates - cilium.io/cilium-configmap-checksum: "2c513c2b08d6d042ed717511f322eeb0c1a97da5f857b1214b772615f87a52da" + cilium.io/cilium-configmap-checksum: "31ad7748e0aefe75b6436d96c8c85754e0b44e68e6012fa188bc5bcd66085828" kubectl.kubernetes.io/default-container: cilium-agent labels: k8s-app: cilium @@ -1719,7 +1719,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: cilium-envoy - namespace: cilium + namespace: kube-system labels: k8s-app: cilium-envoy app.kubernetes.io/part-of: cilium @@ -1893,7 +1893,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: cilium-operator - namespace: cilium + namespace: kube-system labels: io.cilium/app: operator name: cilium-operator @@ -1920,7 +1920,7 @@ spec: metadata: annotations: # ensure pods roll when configmap updates - cilium.io/cilium-configmap-checksum: "2c513c2b08d6d042ed717511f322eeb0c1a97da5f857b1214b772615f87a52da" + cilium.io/cilium-configmap-checksum: "31ad7748e0aefe75b6436d96c8c85754e0b44e68e6012fa188bc5bcd66085828" labels: io.cilium/app: operator name: cilium-operator @@ -2033,7 +2033,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: hubble-relay - namespace: cilium + namespace: kube-system labels: k8s-app: hubble-relay app.kubernetes.io/name: hubble-relay @@ -2163,7 +2163,7 @@ kind: Deployment apiVersion: apps/v1 metadata: name: hubble-ui - namespace: cilium + namespace: kube-system labels: k8s-app: hubble-ui app.kubernetes.io/name: hubble-ui @@ -2246,7 +2246,7 @@ spec: # kind: CiliumBGPAdvertisement # metadata: # name: cilium-bgp-advertisements -# namespace: cilium +# namespace: kube-system # labels: # app.kubernetes.io/name: cilium-bgp-advertisements # app.kubernetes.io/instance: cilium @@ -2267,7 +2267,7 @@ spec: # kind: CiliumBGPClusterConfig # metadata: # name: cilium-bgp -# namespace: cilium +# namespace: kube-system # labels: # app.kubernetes.io/name: cilium-bgp # app.kubernetes.io/instance: cilium @@ -2291,7 +2291,7 @@ spec: # kind: CiliumBGPPeerConfig # metadata: # name: cilium-peer -# namespace: cilium +# namespace: kube-system # labels: # app.kubernetes.io/name: cilium-peer # app.kubernetes.io/instance: cilium @@ -2316,7 +2316,7 @@ spec: # kind: Gateway # metadata: # name: tls-gateway -# namespace: cilium +# namespace: kube-system # labels: # app.kubernetes.io/name: tls-gateway # app.kubernetes.io/instance: cilium @@ -2353,7 +2353,7 @@ apiVersion: "cilium.io/v2alpha1" kind: CiliumLoadBalancerIPPool metadata: name: default-ip-pool - namespace: cilium + namespace: kube-system labels: app.kubernetes.io/name: default-ip-pool app.kubernetes.io/instance: cilium @@ -2370,7 +2370,7 @@ apiVersion: "cilium.io/v2alpha1" kind: CiliumLoadBalancerIPPool metadata: name: bgp-ip-pool - namespace: cilium + namespace: kube-system labels: app.kubernetes.io/name: bgp-ip-pool app.kubernetes.io/instance: cilium @@ -2386,7 +2386,7 @@ apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: http-route-hubble - namespace: cilium + namespace: kube-system labels: app.kubernetes.io/name: http-route-hubble app.kubernetes.io/instance: cilium @@ -2416,7 +2416,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: cilium-agent - namespace: cilium + namespace: kube-system labels: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-agent @@ -2426,7 +2426,7 @@ spec: app.kubernetes.io/name: cilium-agent namespaceSelector: matchNames: - - cilium + - kube-system endpoints: - port: metrics interval: "10s" @@ -2448,7 +2448,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: cilium-envoy - namespace: cilium + namespace: kube-system labels: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-envoy @@ -2458,7 +2458,7 @@ spec: k8s-app: cilium-envoy namespaceSelector: matchNames: - - cilium + - kube-system endpoints: - port: envoy-metrics interval: "10s" @@ -2478,7 +2478,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: cilium-operator - namespace: cilium + namespace: kube-system labels: app.kubernetes.io/part-of: cilium app.kubernetes.io/name: cilium-operator @@ -2489,7 +2489,7 @@ spec: name: cilium-operator namespaceSelector: matchNames: - - cilium + - kube-system endpoints: - port: metrics interval: "10s" diff --git a/clusters/cl01tl/manifests/coredns/coredns.yaml b/clusters/cl01tl/manifests/coredns/coredns.yaml index 0da151b66..74cf3f594 100644 --- a/clusters/cl01tl/manifests/coredns/coredns.yaml +++ b/clusters/cl01tl/manifests/coredns/coredns.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: coredns - namespace: coredns + namespace: kube-system labels: app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/instance: "coredns" @@ -19,7 +19,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: coredns - namespace: coredns + namespace: kube-system labels: app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/instance: "coredns" @@ -111,14 +111,14 @@ roleRef: subjects: - kind: ServiceAccount name: coredns - namespace: coredns + namespace: kube-system --- # Source: coredns/charts/coredns/templates/service-metrics.yaml apiVersion: v1 kind: Service metadata: name: coredns-metrics - namespace: coredns + namespace: kube-system labels: app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/instance: "coredns" @@ -146,7 +146,7 @@ apiVersion: v1 kind: Service metadata: name: kube-dns - namespace: coredns + namespace: kube-system labels: app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/instance: "coredns" @@ -174,7 +174,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: coredns - namespace: coredns + namespace: kube-system labels: app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/instance: "coredns" @@ -203,7 +203,7 @@ spec: app.kubernetes.io/name: coredns app.kubernetes.io/instance: "coredns" annotations: - checksum/config: c88338e27f92b25d827831c17939bcc66b53e4896251fe02edb9a06a05de4fc8 + checksum/config: 6f07144a3d5dc8ad880e010546e8deee6bb3a150eb089529d925c21f2a78a7d0 scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' spec: terminationGracePeriodSeconds: 30 @@ -290,9 +290,6 @@ metadata: kubernetes.io/name: "CoreDNS" app.kubernetes.io/name: coredns spec: - namespaceSelector: - matchNames: - - coredns selector: matchLabels: app.kubernetes.io/instance: "coredns" diff --git a/clusters/cl01tl/manifests/garage/garage.yaml b/clusters/cl01tl/manifests/garage/garage.yaml index 5047c7dcb..2d0726004 100644 --- a/clusters/cl01tl/manifests/garage/garage.yaml +++ b/clusters/cl01tl/manifests/garage/garage.yaml @@ -46,6 +46,27 @@ data: --- kind: PersistentVolumeClaim apiVersion: v1 +metadata: + name: garage-data + labels: + app.kubernetes.io/instance: garage + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: garage + helm.sh/chart: garage-4.4.0 + annotations: + helm.sh/resource-policy: keep + namespace: garage +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "800Gi" + storageClassName: "synology-iscsi-delete" +--- +# Source: garage/charts/garage/templates/common.yaml +kind: PersistentVolumeClaim +apiVersion: v1 metadata: name: garage-db labels: @@ -86,51 +107,6 @@ spec: storageClassName: "synology-iscsi-delete" --- # Source: garage/charts/garage/templates/common.yaml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: garage-data - labels: - app.kubernetes.io/instance: garage - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: garage - helm.sh/chart: garage-4.4.0 - annotations: - helm.sh/resource-policy: keep - namespace: garage -spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "800Gi" - storageClassName: "synology-iscsi-delete" ---- -# Source: garage/charts/garage/templates/common.yaml -apiVersion: v1 -kind: Service -metadata: - name: garage-webui - labels: - app.kubernetes.io/instance: garage - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: garage - app.kubernetes.io/service: garage-webui - helm.sh/chart: garage-4.4.0 - namespace: garage -spec: - type: ClusterIP - ports: - - port: 3909 - targetPort: 3909 - protocol: TCP - name: webui - selector: - app.kubernetes.io/controller: webui - app.kubernetes.io/instance: garage - app.kubernetes.io/name: garage ---- -# Source: garage/charts/garage/templates/common.yaml apiVersion: v1 kind: Service metadata: @@ -167,6 +143,30 @@ spec: app.kubernetes.io/name: garage --- # Source: garage/charts/garage/templates/common.yaml +apiVersion: v1 +kind: Service +metadata: + name: garage-webui + labels: + app.kubernetes.io/instance: garage + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: garage + app.kubernetes.io/service: garage-webui + helm.sh/chart: garage-4.4.0 + namespace: garage +spec: + type: ClusterIP + ports: + - port: 3909 + targetPort: 3909 + protocol: TCP + name: webui + selector: + app.kubernetes.io/controller: webui + app.kubernetes.io/instance: garage + app.kubernetes.io/name: garage +--- +# Source: garage/charts/garage/templates/common.yaml apiVersion: apps/v1 kind: Deployment metadata: diff --git a/clusters/cl01tl/manifests/gitea/gitea.yaml b/clusters/cl01tl/manifests/gitea/gitea.yaml index 50ab6777a..0d77692d0 100644 --- a/clusters/cl01tl/manifests/gitea/gitea.yaml +++ b/clusters/cl01tl/manifests/gitea/gitea.yaml @@ -1289,7 +1289,7 @@ spec: secretKeyRef: key: BUCKET name: gitea-s3cmd-config - image: d3fk/s3cmd:latest@sha256:7bdbd33bb3d044884598898b9e9b383385759fbd6ebf52888700bd9b0e0fab91 + image: d3fk/s3cmd:latest@sha256:590c42746db1252be8aad33e287c7910698c32b58b4fc34f67592a5bd0841551 imagePullPolicy: IfNotPresent name: s3-backup resources: @@ -1329,7 +1329,7 @@ spec: secretKeyRef: key: BUCKET name: gitea-s3cmd-config - image: d3fk/s3cmd:latest@sha256:7bdbd33bb3d044884598898b9e9b383385759fbd6ebf52888700bd9b0e0fab91 + image: d3fk/s3cmd:latest@sha256:590c42746db1252be8aad33e287c7910698c32b58b4fc34f67592a5bd0841551 imagePullPolicy: IfNotPresent name: s3-prune resources: diff --git a/clusters/cl01tl/manifests/harbor/harbor.yaml b/clusters/cl01tl/manifests/harbor/harbor.yaml index 0c28e03cd..0a38d15ac 100644 --- a/clusters/cl01tl/manifests/harbor/harbor.yaml +++ b/clusters/cl01tl/manifests/harbor/harbor.yaml @@ -74,9 +74,9 @@ metadata: app.kubernetes.io/version: "2.14.0" type: Opaque data: - tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRekNDQWl1Z0F3SUJBZ0lSQVA5MjQ4Ry9hYlZhYVFnZ0RHZjgvRkF3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSmFHRnlZbTl5TFdOaE1CNFhEVEkxTVRJd016QXlNVE15TWxvWERUSTJNVEl3TXpBeQpNVE15TWxvd0lERWVNQndHQTFVRUF4TVZhR0Z5WW05eUxtRnNaWGhzWldKbGJuTXVibVYwTUlJQklqQU5CZ2txCmhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBeHpaNEdHSEExZkxLWVR5amFmNkt5MUN0ZHlKNXk4aEEKVmgzRlhVTWR5cExMWWhpTERGZDhuNlJNdHphenAyOWNKSDREODNoWERnR0ppNEcxWW5zdzRkcTMwS1JxY202WQp3MG5aZEtJbmJhSEhuZ2NwY1ZycDJGVTdLQVBsM1lONUowQ1lqeTNWZmFaaHMwc0RKb3l1L3R1V2FndVJFMFR6ClhaOG1rL1I0cVB6bE1qS05tNFc5eUpLTzEydlNEWHlhTEI4SmRkLzlNWDE4Z0U5OXNMSnhPOTZuRnJoaXBHbGEKQWxZNXZ5WitHc3R5KytaUTd3VnczeTBnZFl3Y2xZaVNaNElNL3JPdkl1dVBnczVxSWFJTnRrMGVNK3lYL2VINgpRVW8vdEVCWkNOR2lTdTVDc3U4SmZuS1RYK05GLzYreG1yOWczVjBQQSs2ZXJxYlZSK296OHdJREFRQUJvNEdECk1JR0FNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JSV0ZkWm8rU0hiV0txaDJMd0NFdjRya3BCZQpkREFnQmdOVkhSRUVHVEFYZ2hWb1lYSmliM0l1WVd4bGVHeGxZbVZ1Y3k1dVpYUXdEUVlKS29aSWh2Y05BUUVMCkJRQURnZ0VCQUlyaEJkTXJUcDB2ZENxUW5RdSs4MTZZWlo5SndaaG52ZGZFa013by9Qd0Q0Q3AzLzEyZjVYY00KRmJ1QmxGWWpvYlJmMzcxRTZ5RWkzeXhiL3QwbFVCaUNLYldUM3RSOXBUTVY3dDVXYVhzY1ZJcTg2eWhFcDI5WgpMTWFUUXhBRTN2a0UvL2dXTXp3RVo2aFhUNHVpTU94ZHhKNllwcXdCUXBXMm14cFRSN2JUSnVnNFpXUGhoQTFpCkpMZDlIY0JXeS9Bc2RsYjl6N0dzelFPRnQ0SkEvdERZazdRNFgxaExCV2lvakovcnZSOElkVzR3elZXQkVDejUKVGo0UHQvTnNNZkhhT2VtR1dyWGZFV0FkWWM0RlQ3TnVNSzBwelIvRlJQM3lZRzI4OTFoNG4rckovdUVITmZ3agp2c1FnUzFzTC9McmhlL1M2V1l3WjdGVDQzWVZRSXA0PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" - tls.key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBeHpaNEdHSEExZkxLWVR5amFmNkt5MUN0ZHlKNXk4aEFWaDNGWFVNZHlwTExZaGlMCkRGZDhuNlJNdHphenAyOWNKSDREODNoWERnR0ppNEcxWW5zdzRkcTMwS1JxY202WXcwblpkS0luYmFISG5nY3AKY1ZycDJGVTdLQVBsM1lONUowQ1lqeTNWZmFaaHMwc0RKb3l1L3R1V2FndVJFMFR6WFo4bWsvUjRxUHpsTWpLTgptNFc5eUpLTzEydlNEWHlhTEI4SmRkLzlNWDE4Z0U5OXNMSnhPOTZuRnJoaXBHbGFBbFk1dnlaK0dzdHkrK1pRCjd3VnczeTBnZFl3Y2xZaVNaNElNL3JPdkl1dVBnczVxSWFJTnRrMGVNK3lYL2VINlFVby90RUJaQ05HaVN1NUMKc3U4SmZuS1RYK05GLzYreG1yOWczVjBQQSs2ZXJxYlZSK296OHdJREFRQUJBb0lCQVFDTENmUkdLQ3Y3NTJuaQo5ZnlrSlBsZ01CM3g4WWtLZHVpWWNrem02OG9tTWRCcjFlOXVuTDBwZXZYa1JmU2Izdmh6cTlROElQaTVtTThVCkpHS2hxcE9TZnlJZUtETDNUVU9ud2FwWllqZWNwL1ozMEUzWGhQbURlUEZCMjM2YTNZRTRxVGdSYm83OEZKMUsKRXdmTzV3L1laeENUVVNGZlRwZUE5MnhvaFkrVmVUZ25YRk9lQWtrL2U5YW1FUSt2QTd6ZklOV1Z0TlVsOFQ2UAozTXVuSmF6WDJTTXpFZ0NRc1JVR1hjRE1ZWFhZVVc4cjEweUJkeVZkamtMRzYyL29mdW14d1JMWWRpUEhvUXViClQ5ejdWY1ZDZnZReHpaaGw1N3cySXdVMUVyYmJ1YW8rU1I4Rnp0dW1JUU1HN2Npcm8vQXd0dVZmUTNIbkwyTWMKRlZ0SWZJWnhBb0dCQU0yQmtZMEpTclU0ZDhSTlFwYzlaMVRkYmNaeGZleWRKREVSNVdEUjVEb3dIczlGTllmbwo0Y1lQdG5rckdBQ2Q2NlprQk5Kb1pMc0ltcVlxK2lDNnVTV1lvei8yN3o0OGkyeUY0ZE9US0hWZ0xRdGIxTnBQCmYyMU9MWCtDMFZPR3NYdnVRZzFIR0piZFFxN0hHK255ekFCd1hPWWhKRzE1a21xSFBzbCtpMkdMQW9HQkFQZ3AKQzZNSC9IL3YxS1FhRlNPTmFaam9ENjRpcitCODhPc2QyUHNwVzVQSDRNSFQ0MzFXQmhES25xNnZVb29nWHJKYQpzZHZKRjBSTEcvK3BEQ1VEY1ludzRKbUZTUWdpMGptRXR3bDJQaFpaMUVHbW9yZkJ6Z3ZiTU1wc1k5cyt0RmNaClBjTFcvTngxVVBPejQrN2d6OUE4SmZIWmUyQnVJTzdHTkpadzIvUTVBb0dBQnFITzA3RmdFdGNlcmx3YjhRdVAKUVNMZ1B3NDhsUjFCSk1CQ0djek1ROEIzemhLYXRxY2lXaVQ1cTVGamRlbWl5RHprRnZJOWhmZXlIZmkzRjhWTwo0bEs1dWYrN0d0UVRYODQyU29DdVJwTnpBTEhXL2JDaEdTTHp2dkMyMXE0N0hoZkRVL0JlYjhmMk5mUEJCOXpKCkRwNlJzTytTNEdHVEF4TVlTS0puMXg4Q2dZQlMvWDhMeFpiMnZpRHh4RnMvYVlKZ0JYT0ErODZ2bDNrR1dCUUIKWXNKaWVKeThsWHpscElnZ3czSXYzeWdPVTJiMzVJYkloc2FHSzB3d3dycnlBZVhOaU1YRDhhUUwyWUZPaFFpbApYR3JGRk1OOE5Sc0Rzd2VTUlhwYXA4YjVRazRUTnJqRjJSbjFMREtuWFlpamtZRk9GVjluTXlFa2pZL3I2bE1aCjRLSmVXUUtCZ0RmT0xMeTdjME1KalhRZmdKQWFUMjYrdTVQajNybVdSU2FYT3hMdnN5NzdNTENsVFFhVGk5cFkKYTlQWEF2Q0QxUW1BWnl0bTlmbUdYUllWVU1PdVZ0d0tPbzd6NmpGdGVabWlvRzVDcmJxaUkxdmVla3VnNEp5UwpibnFhYktvdnYzdngzUUVYamc5Rm0ybm9lUWh5TjU3NHNGendjbTUyZWR0OWphbERMUVp4Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==" - ca.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQUtWd2p1eVA1amFGMjdFSDNYYlM4NFF3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSmFHRnlZbTl5TFdOaE1CNFhEVEkxTVRJd016QXlNVE15TWxvWERUSTJNVEl3TXpBeQpNVE15TWxvd0ZERVNNQkFHQTFVRUF4TUphR0Z5WW05eUxXTmhNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUFxMnMzSEQ2WnQ4ZkQ3K0xHbDhhalJhbEZnb2doQXFKb3VjWlMxMGFhemczZVFhbHkKWWlaQjAvVC9qamoyZGtnRlNmMkxLTC9VRXlrRDVXOExWWEpwcDB6dWRIMlZTMGVncENIK3FLbTFXcUs4VCtDawovSDFkd3d2QmNIWGNZckJqakJpZXQzUmNkVUpaaWZSVHhjZVRCMnR5THhvVTJPbllZOFhmK241VmdvZEw4M0VCCkZoRmUzNkluMDFFbG8rSUcvSFNBclNJU1MzcGJLUDg1WmpkVGZ4NyttbFlUUWxvUWU3dFN5OGlCYWNTK0VhMGUKYVVUUVZwR3BzZURuT2g5djlhcVF1TCt4NmhuWlRuL3RLTSsxRnkrOUFneG9aSURJOUprZGRKaVlqMU1Lc2M3Mgo3TkpWeUF4V3VobVd5dG1Va25reXhPWUtsdXRrMThNRVlodnVwUUlEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGRllWMW1qNUlkdFlxcUhZdkFJUy9pdVNrRjUwTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQnRmdnp6K3VxRFo4Z3FDYWhBY3NvNDEwSHlRZmd1NjUvUkU5dmd1UjJsc0libU5MNnBsKysvCjRnMHBEOGRvLzdNYWNGRVRZTTFVT0ZlaEp3Qkx5R1BaRXZmVnYyYlBZYVllSDRyT3RlNnpVWjJkNmMwSlRpbGEKVWpaODI2TWk1L1pCRkhjWmllVUZlK2Z0elpKMWJMOFRFYTh6dldZL0dmSU14Z1haUGJlc0lPNE9XaUxiMlpEbQpOYTZGZlpZTVFhczduaXFXT0ZHV2RoRHFoelB4Y2JYUENOMkN1ZjN0aDZsbkhMZHFUMi9FNmx6Qy9hWmszWWJDCkhLbnRTSXNwc1Bvbm5Ba2lFTUFlbkowaEwvVFI2NEI4U0h6SlF4c1QycGQ4SVJ2SGZLTUtmTnBOQTRWODdoZ0oKOStBK2ZaNnBJZTljaHhGYnF3ZkhFbi9aR0djUEd2dFQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" + tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRekNDQWl1Z0F3SUJBZ0lSQUtqRVhvTm1MOTYrUE1rbEhGMkdBQXd3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSmFHRnlZbTl5TFdOaE1CNFhEVEkxTVRJd016QTBNVGt6TlZvWERUSTJNVEl3TXpBMApNVGt6TlZvd0lERWVNQndHQTFVRUF4TVZhR0Z5WW05eUxtRnNaWGhzWldKbGJuTXVibVYwTUlJQklqQU5CZ2txCmhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBeWw2VnlwQllxTGFONFZza2xtWnpnS2o3LzJ6OHE5R1gKNmFJQU9Yd3BERk1DWmpYcHUranBMYjhvYUpydndxNi9Wc2xvRDBzM0dXa2JGckh0ZVZvYUlodFIxSG81eUxOSQpsZkxFWmpDam1SRndPMnFiYnI0cnhxR2lhMFkvSEpXK3Q0NnRyeXF4UWJqbUFCc0dqQkN3dlljQnplMXI3bkF4ClRud0ViL1RYMm1XSlZ6MXN2SXlRN1I2M0ZkSEh2cGtXQ0FVTU1WT3hac1RHdkpSS29rWXBaZEd2bmttMzczQTcKNFZicUd5NkRPc2lpaE9Pc2lFMjNmNkJSellzYjIweEEvSEp1YWFkUCszTjYxeXdEVW9RLzRkaHM2M2owY0Y4ZgpxdW91YnFtZHg4eHhVaTlVSFdNMHAveVpMYk9zb1hPeWJ4a29wUDhlRlJyU1ZyWFVWQUx3T1FJREFRQUJvNEdECk1JR0FNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JRTUxmOUYvZ3B2OXJaelBKREJ5QXhHY2JaawpVakFnQmdOVkhSRUVHVEFYZ2hWb1lYSmliM0l1WVd4bGVHeGxZbVZ1Y3k1dVpYUXdEUVlKS29aSWh2Y05BUUVMCkJRQURnZ0VCQUhaa2VRTzRuZUZvTitlRkRycHo1WWZmUXRvam91Y294bGlQTHBvNXhtSEU5bWI4OVBDUWc5TUwKbWNXOURYU0JiaER2UDhCQTZzQVpDdUpuRUw4dzVEOXFvS3pMeS95ZzNlNUYxeHFuaXhsdTkwcDYwRFRTRDdJYQpCZWxjVExmNFl5cnVTYXVKZW5TM2RoczAveWRnZkRPSmhaWHViQW9GTDI5Tmc3MTRpblUvcUd0OEFDNlVKNzhsCkZBbTRGUnhSUm5BV2pSMWNXK3hUMDltRFkwekFSNlJYTndOY2JGMjBkZytWeVpiUWo2QkVSQVpaSmRTSEwrcGcKRnBxL2JtMkl4RC9IdlFnYWJ6aE9qRWlMRk5Oc2N4ZHpZMFF0dzcyVWpQRnIzYzFYQ3dOZFVLNW1WczlPeEEwcAozdjc5ZldEekR6cDVDLzRNZSt0NnlBN1lzMzYwTTVnPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + tls.key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeWw2VnlwQllxTGFONFZza2xtWnpnS2o3LzJ6OHE5R1g2YUlBT1h3cERGTUNaalhwCnUranBMYjhvYUpydndxNi9Wc2xvRDBzM0dXa2JGckh0ZVZvYUlodFIxSG81eUxOSWxmTEVaakNqbVJGd08ycWIKYnI0cnhxR2lhMFkvSEpXK3Q0NnRyeXF4UWJqbUFCc0dqQkN3dlljQnplMXI3bkF4VG53RWIvVFgybVdKVnoxcwp2SXlRN1I2M0ZkSEh2cGtXQ0FVTU1WT3hac1RHdkpSS29rWXBaZEd2bmttMzczQTc0VmJxR3k2RE9zaWloT09zCmlFMjNmNkJSellzYjIweEEvSEp1YWFkUCszTjYxeXdEVW9RLzRkaHM2M2owY0Y4ZnF1b3VicW1keDh4eFVpOVUKSFdNMHAveVpMYk9zb1hPeWJ4a29wUDhlRlJyU1ZyWFVWQUx3T1FJREFRQUJBb0lCQVFDeU9DSkt4bHlPR0ZkVApBK1Z3M3NFUnFjQmo3aU9IWFlvZm94LzNnRFRXT2JSL056T2szVFdkcUI5NklCak9wdjZ5KzZTODgweVBBRlZ1CjR6dDBCN25FRjdNMUlIOExGWGp6TlYxcGNhUmlCVTJGeGhra3FpMzdQQlhCeTVlQklROVlzRHFkYlVlMXpaUWcKdTZ4RVpkNkF5d2ozeGdPcmRQcTNWOWpBa0N3WWxJaVI5NkZkVFpuaGtvczM4MVJqdXNSRmZCUmdhMkVHK3FkUgpqUmx1bUFTU01Fd1RQbkt3U3dvMmYvWWE3NHo3cUwzRDlpd2U2b2EyRld0eC9mWGNTVGZ5eHJacG8wNnMrbEdOCmNGTTZ4Y3FiMURRRm9CV213cFZjQmxlREtpdmJxWWtnbmI3bWltbXdYZXlkbUNmblpKY2lOSDIzdlFqT2JWcU8KMTIxTkRsYVJBb0dCQVBsVExEMXd0ZEJYVGljTk8rKzc2TlI1M21oRUtDUDI4WXhBNDVvcXZsd2g0aDR0d3BObApvZ3d2MDhGMDg2a3ZrbDZmM09nR0RTTXBZMW9ZNVlJeU1KK0ZxeXBaVUlkMndaN2x6WVdnLzFsUy9RK2VuZXFPClgrRG95cmo2Z2NzZnB6K0dsUCsycENzWXRpTnZsUzdka1FyWDZpSlZQYW5uajBIdjRoWXFwdXB2QW9HQkFNL0oKbHFTMWYxSzJYcFdPMklqZURnN3JHWmQ0SlFqa3JQZG1TcHNvK3VGa2owRVdmbG9TVnkzbEJvMi9sL3JuMDZGLwpvWU50RjQxM3pqY0hsYSt2clRRRGFHVFU4dUJjeFUrYXRXZ0VRM1k1MTU4ZGQxVGRwaktCTk1CV0UwZ3NDSksxCjZNbUQ3Uk95SDFFTjRra3VCQjlvYjJBYVlCbk5aRFUwNlBHbGwwUFhBb0dBVVBMZUpEeVo2MEROVVFTTTl6TU4KVHg4YVJNUU1QRkVLNzd5SnFSNURtK29zWGh3QlZwWGkzUTRTTkhkaVBRWURBZEhwaVRPZHhGTEZ2UlRrUHpkSQpiaUthQmkvbFkzWDlPemZsV0lPREpGODdabnpiVExKWkVzN0NNdml5ZDE2WmtKaURlOXF5eG9OSmI0dms1Y2h1Ck5SVVJJWUNIZXNpQnpLaXp3UHFzSXVVQ2dZRUFnU3JydnBBbENpSGNRbFIrUHZicS9sTWZvWTFLV0hEdkpRd3QKcks2WTVxeEFjVkd1VWdlOHNnY0JQL1N1WVliamhDMTNGZUFuR0FZMTV2ZU1FWjYvcU9uRlo0a0pRbmZwSUVjbwpKZlVnaXNvQ1JDTnBIeFI2VUVNSnE5YldQYk5CMFJITUdCa3VzMk96SEF2cGMxeHJxNnFjTWIyenA5YUtTSmtQCmhjaE9kQmtDZ1lBcWI5bG5rdmNzMEVSTzFCb01PbWxxVzhpYlZzZ1NnYzdYNU9PazlZbVBPdHZQc1ZTVmRvb20KUWtxdFRFTGZwVXA5NUVpNnlIbDRST1l5czVIS1FMQUdnTDJGWFN2RmNKblpiWE1yVFVtVWxvdUhWdUZBVzdHUgpXVWNOelU4bGM0QzNTbUxrdzRUbzJuNzc3UExtZWgxdXAxNHBYTTUyYitpcUl0K2JueFMxRmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=" + ca.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lRWWpoZ0NabTYzMjc3ZnQxZ2dYWG1xREFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsb1lYSmliM0l0WTJFd0hoY05NalV4TWpBek1EUXhPVE0wV2hjTk1qWXhNakF6TURReApPVE0wV2pBVU1SSXdFQVlEVlFRREV3bG9ZWEppYjNJdFkyRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRRGVPdjV3UmcwVlVrUHNwbTI3RFRqV0RkYmV1NEpxcjFVUVg1ZW1FMVMvUWoyQkpLT2gKUXczM3cySThLRXlXNnlYd0hUem0vOEVIRlIvaTdBQmJLSk1nODBFTXhrUmRWMVFxemRBVzBRdG8wNDVxWVZ0QQpUamNWZnNiNVp6bFR1RmY5djNMZHlmNS9zM2N0Ujl0c29rRldDS1IzMkRBVm5kbU1aV0dYWjVnQ2Z1eU9leG5YCkV1MWVoVmV2a0hVZ1R2Zk5weFp6QUFIbDFkbEtlc0RwODVUNzlqTUN5SXZpWTNOZ3N6MUUwdlJyZmJNZUFiZTMKMnNrSS9neEdRaGdmelBlMnQ2OHJiZGk0c2d0QjlNUWhjY0NMLzRHRk54RStaVXJYOXl5RjAxVlVoazh1SUhKNwp6SldhVEc1M0JoWmdyTnZmUU9xbWNROFRsb2FkL1VVOFY0Wk5BZ01CQUFHallUQmZNQTRHQTFVZER3RUIvd1FFCkF3SUNwREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QWRCZ05WSFE0RUZnUVVEQzMvUmY0S2IvYTJjenlRd2NnTVJuRzJaRkl3RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFMUHQ3b2ZBQStLc3ZKd29lbUNIVnIwek1hVEd2d2pGY3g0WlJucm8vVTFWbUovNTVseEwwQVlxCndvTzB4cHg1c1FrcXFpTEJXbWZjMGZyZTNOQ1VNUDR0U1JVcThadkV4eklXZ0JJYlNpeGJYQ1VSaXpMb1BXeE8KZ2ptbU5Wa29BMndRLzRlVWVJenVTU09iL3JYNDJPTitrQVVDQngxUnBZU3ZiRGF4T2lqTFZvZUh5UmVoUHBIMQp4K0pDdzVlZHlaWkRQZm4zRDJ4b3dDTVJ3VmRwYlVHMHFVaWNFNUlrcjhEQlV0SVBmckNJSXNGNWpESFJOeXVmCkp3VEMxR3NqdDNSVW5xbWROaUYvazFQQUVBVU81Z2ExcGlIVit5LyszekpiQXZYK3RneDFLSkJVYmJIMTVpS2YKVTUyMk9ZUlh4eDQrQWo0SEl0TlZuc1Bib1dMS0NXMD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" --- # Source: harbor/charts/harbor/templates/registry/registry-secret.yaml apiVersion: v1 @@ -1268,7 +1268,7 @@ spec: app.kubernetes.io/component: nginx annotations: checksum/configmap: 55921b41f4478ded4d60da7edb83b828382ba722214816271ce3ffd2a77aed35 - checksum/secret: 1917ed1f7dd89e9c1996cbb3dbe20a46cfc18579b5f7f3f547e430e875e3f7ef + checksum/secret: 8567ed7b0e04c9535c71cacd4b23a5ff4b7008574092ec4cf65e33bfd9e0b17a spec: securityContext: runAsUser: 10000 diff --git a/clusters/cl01tl/manifests/matrix-synapse/matrix-synapse.yaml b/clusters/cl01tl/manifests/matrix-synapse/matrix-synapse.yaml index 676cd32eb..1a9274a33 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/matrix-synapse.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/matrix-synapse.yaml @@ -14,7 +14,7 @@ stringData: config.yaml: | ## Registration ## - registration_shared_secret: "6fAFKKt3SEB7izipqAi3NuAi" + registration_shared_secret: "o61stwMR2ytdK3w9CtrjQJos" ## API Configuration ## @@ -552,7 +552,7 @@ spec: metadata: annotations: checksum/config: e77b3b25301ed2f4b5eac2f16ed5d058374ed1ffcd7e9ca4d8eef44867647feb - checksum/secrets: 436898f25e6954bf4f044ddd56f93cc4ed6982a1a4e018fee77823a9a637be45 + checksum/secrets: 1379c893132491c2215656107a91e3edd3059f6e46bf6d81fc706e81ff9f7454 labels: app.kubernetes.io/name: matrix-synapse app.kubernetes.io/instance: matrix-synapse diff --git a/clusters/cl01tl/manifests/metrics-server/metrics-server.yaml b/clusters/cl01tl/manifests/metrics-server/metrics-server.yaml index 80b90db20..b02412872 100644 --- a/clusters/cl01tl/manifests/metrics-server/metrics-server.yaml +++ b/clusters/cl01tl/manifests/metrics-server/metrics-server.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: metrics-server - namespace: metrics-server + namespace: kube-system labels: helm.sh/chart: metrics-server-3.13.0 app.kubernetes.io/name: metrics-server @@ -85,7 +85,7 @@ roleRef: subjects: - kind: ServiceAccount name: metrics-server - namespace: metrics-server + namespace: kube-system --- # Source: metrics-server/charts/metrics-server/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -105,7 +105,7 @@ roleRef: subjects: - kind: ServiceAccount name: metrics-server - namespace: metrics-server + namespace: kube-system --- # Source: metrics-server/charts/metrics-server/templates/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -126,14 +126,14 @@ roleRef: subjects: - kind: ServiceAccount name: metrics-server - namespace: metrics-server + namespace: kube-system --- # Source: metrics-server/charts/metrics-server/templates/service.yaml apiVersion: v1 kind: Service metadata: name: metrics-server - namespace: metrics-server + namespace: kube-system labels: helm.sh/chart: metrics-server-3.13.0 app.kubernetes.io/name: metrics-server @@ -157,7 +157,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: metrics-server - namespace: metrics-server + namespace: kube-system labels: helm.sh/chart: metrics-server-3.13.0 app.kubernetes.io/name: metrics-server @@ -249,7 +249,7 @@ spec: insecureSkipTLSVerify: true service: name: metrics-server - namespace: metrics-server + namespace: kube-system port: 443 version: v1beta1 versionPriority: 100 @@ -259,7 +259,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: metrics-server - namespace: metrics-server + namespace: kube-system labels: helm.sh/chart: metrics-server-3.13.0 app.kubernetes.io/name: metrics-server @@ -270,7 +270,7 @@ spec: jobLabel: app.kubernetes.io/instance namespaceSelector: matchNames: - - metrics-server + - kube-system selector: matchLabels: app.kubernetes.io/name: metrics-server diff --git a/clusters/cl01tl/manifests/ollama/ollama.yaml b/clusters/cl01tl/manifests/ollama/ollama.yaml index 49cb11231..fb68e1241 100644 --- a/clusters/cl01tl/manifests/ollama/ollama.yaml +++ b/clusters/cl01tl/manifests/ollama/ollama.yaml @@ -3,48 +3,6 @@ --- kind: PersistentVolumeClaim apiVersion: v1 -metadata: - name: ollama-server-3 - labels: - app.kubernetes.io/instance: ollama - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ollama - helm.sh/chart: ollama-4.4.0 - annotations: - helm.sh/resource-policy: keep - namespace: ollama -spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "40Gi" - storageClassName: "ceph-block" ---- -# Source: ollama/charts/ollama/templates/common.yaml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: ollama-web-data - labels: - app.kubernetes.io/instance: ollama - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ollama - helm.sh/chart: ollama-4.4.0 - annotations: - helm.sh/resource-policy: keep - namespace: ollama -spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "5Gi" - storageClassName: "ceph-block" ---- -# Source: ollama/charts/ollama/templates/common.yaml -kind: PersistentVolumeClaim -apiVersion: v1 metadata: name: ollama-server-1 labels: @@ -85,6 +43,48 @@ spec: storageClassName: "ceph-block" --- # Source: ollama/charts/ollama/templates/common.yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: ollama-server-3 + labels: + app.kubernetes.io/instance: ollama + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ollama + helm.sh/chart: ollama-4.4.0 + annotations: + helm.sh/resource-policy: keep + namespace: ollama +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "40Gi" + storageClassName: "ceph-block" +--- +# Source: ollama/charts/ollama/templates/common.yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: ollama-web-data + labels: + app.kubernetes.io/instance: ollama + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ollama + helm.sh/chart: ollama-4.4.0 + annotations: + helm.sh/resource-policy: keep + namespace: ollama +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "5Gi" + storageClassName: "ceph-block" +--- +# Source: ollama/charts/ollama/templates/common.yaml apiVersion: v1 kind: Service metadata: diff --git a/clusters/cl01tl/manifests/qbittorrent/qbittorrent.yaml b/clusters/cl01tl/manifests/qbittorrent/qbittorrent.yaml index 13e948036..7ff990a3e 100644 --- a/clusters/cl01tl/manifests/qbittorrent/qbittorrent.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/qbittorrent.yaml @@ -254,6 +254,27 @@ spec: --- kind: PersistentVolumeClaim apiVersion: v1 +metadata: + name: qbittorrent-theme-data + labels: + app.kubernetes.io/instance: qbittorrent + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: qbittorrent + helm.sh/chart: qbittorrent-4.4.0 + annotations: + helm.sh/resource-policy: keep + namespace: qbittorrent +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + storageClassName: "ceph-block" +--- +# Source: qbittorrent/charts/qbittorrent/templates/common.yaml +kind: PersistentVolumeClaim +apiVersion: v1 metadata: name: qbittorrent-qbit-manage-config-data labels: @@ -293,27 +314,6 @@ spec: storage: "1Gi" storageClassName: "ceph-block" --- -# Source: qbittorrent/charts/qbittorrent/templates/common.yaml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: qbittorrent-theme-data - labels: - app.kubernetes.io/instance: qbittorrent - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: qbittorrent - helm.sh/chart: qbittorrent-4.4.0 - annotations: - helm.sh/resource-policy: keep - namespace: qbittorrent -spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "1Gi" - storageClassName: "ceph-block" ---- # Source: qbittorrent/templates/persistent-volume-claim.yaml apiVersion: v1 kind: PersistentVolumeClaim @@ -355,38 +355,6 @@ spec: # Source: qbittorrent/charts/qbittorrent/templates/common.yaml apiVersion: v1 kind: Service -metadata: - name: qbittorrent - labels: - app.kubernetes.io/instance: qbittorrent - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: qbittorrent - app.kubernetes.io/service: qbittorrent - helm.sh/chart: qbittorrent-4.4.0 - namespace: qbittorrent -spec: - type: ClusterIP - ports: - - port: 9999 - targetPort: 9999 - protocol: TCP - name: health - - port: 8080 - targetPort: 8080 - protocol: TCP - name: http - - port: 9022 - targetPort: 9022 - protocol: TCP - name: metrics - selector: - app.kubernetes.io/controller: main - app.kubernetes.io/instance: qbittorrent - app.kubernetes.io/name: qbittorrent ---- -# Source: qbittorrent/charts/qbittorrent/templates/common.yaml -apiVersion: v1 -kind: Service metadata: name: qbittorrent-qbit-manage labels: @@ -437,139 +405,36 @@ spec: app.kubernetes.io/name: qbittorrent --- # Source: qbittorrent/charts/qbittorrent/templates/common.yaml -apiVersion: apps/v1 -kind: Deployment +apiVersion: v1 +kind: Service metadata: - name: qbittorrent-qbit-manage + name: qbittorrent labels: - app.kubernetes.io/controller: qbit-manage app.kubernetes.io/instance: qbittorrent app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: qbittorrent + app.kubernetes.io/service: qbittorrent helm.sh/chart: qbittorrent-4.4.0 - annotations: - reloader.stakater.com/auto: "true" namespace: qbittorrent spec: - revisionHistoryLimit: 3 - replicas: 1 - strategy: - type: Recreate + type: ClusterIP + ports: + - port: 9999 + targetPort: 9999 + protocol: TCP + name: health + - port: 8080 + targetPort: 8080 + protocol: TCP + name: http + - port: 9022 + targetPort: 9022 + protocol: TCP + name: metrics selector: - matchLabels: - app.kubernetes.io/controller: qbit-manage - app.kubernetes.io/name: qbittorrent - app.kubernetes.io/instance: qbittorrent - template: - metadata: - labels: - app.kubernetes.io/controller: qbit-manage - app.kubernetes.io/instance: qbittorrent - app.kubernetes.io/name: qbittorrent - spec: - enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true - hostIPC: false - hostNetwork: false - hostPID: false - dnsPolicy: ClusterFirst - initContainers: - - command: - - /bin/sh - - -ec - - | - cp /config/config.yml /app/config/config.yml - image: busybox:1.37.0 - imagePullPolicy: IfNotPresent - name: init-copy-config - resources: - requests: - cpu: 10m - memory: 128Mi - volumeMounts: - - mountPath: /config/config.yml - mountPropagation: None - name: qbit-manage-config - readOnly: true - subPath: config.yml - - mountPath: /app/config - name: qbit-manage-config-data - containers: - - env: - - name: TZ - value: US/Central - - name: PGID - value: "1000" - - name: PUID - value: "1000" - - name: APPRISE_STORAGE_MODE - value: memory - - name: APPRISE_STATEFUL_MODE - value: disabled - - name: APPRISE_WORKER_COUNT - value: "1" - - name: APPRISE_STATELESS_URLS - valueFrom: - secretKeyRef: - key: ntfy-url - name: qbittorrent-qbit-manage-config - image: caronc/apprise:1.2.6 - imagePullPolicy: IfNotPresent - name: apprise-api - resources: - requests: - cpu: 10m - memory: 128Mi - - env: - - name: TZ - value: US/Central - - name: QBT_SCHEDULE - value: 0 * * * * - - name: QBT_STARTUP_DELAY - value: "360" - - name: QBT_CONFIG_DIR - value: /app/config/ - - name: QBT_LOGFILE - value: /app/var/activity.log - - name: QBT_LOG_LEVEL - value: INFO - image: ghcr.io/stuffanthings/qbit_manage:v4.6.4 - imagePullPolicy: IfNotPresent - name: qbit-manage - resources: - requests: - cpu: 10m - memory: 64Mi - volumeMounts: - - mountPath: /qbittorrent - name: config - - mountPath: /config/config.yml - mountPropagation: None - name: qbit-manage-config - readOnly: true - subPath: config.yml - - mountPath: /app/config - name: qbit-manage-config-data - - mountPath: /app/var - name: qbit-manage-config-var - - mountPath: /mnt/store - name: storage - volumes: - - name: config - persistentVolumeClaim: - claimName: qbittorrent-config - - configMap: - name: qbit-manage-config - name: qbit-manage-config - - name: qbit-manage-config-data - persistentVolumeClaim: - claimName: qbittorrent-qbit-manage-config-data - - emptyDir: {} - name: qbit-manage-config-var - - name: storage - persistentVolumeClaim: - claimName: qbittorrent-nfs-storage + app.kubernetes.io/controller: main + app.kubernetes.io/instance: qbittorrent + app.kubernetes.io/name: qbittorrent --- # Source: qbittorrent/charts/qbittorrent/templates/common.yaml apiVersion: apps/v1 @@ -806,6 +671,141 @@ spec: name: glutun-update-script name: update-script --- +# Source: qbittorrent/charts/qbittorrent/templates/common.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: qbittorrent-qbit-manage + labels: + app.kubernetes.io/controller: qbit-manage + app.kubernetes.io/instance: qbittorrent + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: qbittorrent + helm.sh/chart: qbittorrent-4.4.0 + annotations: + reloader.stakater.com/auto: "true" + namespace: qbittorrent +spec: + revisionHistoryLimit: 3 + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/controller: qbit-manage + app.kubernetes.io/name: qbittorrent + app.kubernetes.io/instance: qbittorrent + template: + metadata: + labels: + app.kubernetes.io/controller: qbit-manage + app.kubernetes.io/instance: qbittorrent + app.kubernetes.io/name: qbittorrent + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + initContainers: + - command: + - /bin/sh + - -ec + - | + cp /config/config.yml /app/config/config.yml + image: busybox:1.37.0 + imagePullPolicy: IfNotPresent + name: init-copy-config + resources: + requests: + cpu: 10m + memory: 128Mi + volumeMounts: + - mountPath: /config/config.yml + mountPropagation: None + name: qbit-manage-config + readOnly: true + subPath: config.yml + - mountPath: /app/config + name: qbit-manage-config-data + containers: + - env: + - name: TZ + value: US/Central + - name: PGID + value: "1000" + - name: PUID + value: "1000" + - name: APPRISE_STORAGE_MODE + value: memory + - name: APPRISE_STATEFUL_MODE + value: disabled + - name: APPRISE_WORKER_COUNT + value: "1" + - name: APPRISE_STATELESS_URLS + valueFrom: + secretKeyRef: + key: ntfy-url + name: qbittorrent-qbit-manage-config + image: caronc/apprise:1.2.6 + imagePullPolicy: IfNotPresent + name: apprise-api + resources: + requests: + cpu: 10m + memory: 128Mi + - env: + - name: TZ + value: US/Central + - name: QBT_SCHEDULE + value: 0 * * * * + - name: QBT_STARTUP_DELAY + value: "360" + - name: QBT_CONFIG_DIR + value: /app/config/ + - name: QBT_LOGFILE + value: /app/var/activity.log + - name: QBT_LOG_LEVEL + value: INFO + image: ghcr.io/stuffanthings/qbit_manage:v4.6.4 + imagePullPolicy: IfNotPresent + name: qbit-manage + resources: + requests: + cpu: 10m + memory: 64Mi + volumeMounts: + - mountPath: /qbittorrent + name: config + - mountPath: /config/config.yml + mountPropagation: None + name: qbit-manage-config + readOnly: true + subPath: config.yml + - mountPath: /app/config + name: qbit-manage-config-data + - mountPath: /app/var + name: qbit-manage-config-var + - mountPath: /mnt/store + name: storage + volumes: + - name: config + persistentVolumeClaim: + claimName: qbittorrent-config + - configMap: + name: qbit-manage-config + name: qbit-manage-config + - name: qbit-manage-config-data + persistentVolumeClaim: + claimName: qbittorrent-qbit-manage-config-data + - emptyDir: {} + name: qbit-manage-config-var + - name: storage + persistentVolumeClaim: + claimName: qbittorrent-nfs-storage +--- # Source: qbittorrent/templates/external-secret.yaml apiVersion: external-secrets.io/v1 kind: ExternalSecret diff --git a/clusters/cl01tl/manifests/s3-exporter/s3-exporter.yaml b/clusters/cl01tl/manifests/s3-exporter/s3-exporter.yaml index c3e86fb39..32704ebec 100644 --- a/clusters/cl01tl/manifests/s3-exporter/s3-exporter.yaml +++ b/clusters/cl01tl/manifests/s3-exporter/s3-exporter.yaml @@ -2,6 +2,30 @@ # Source: s3-exporter/charts/s3-exporter/templates/common.yaml apiVersion: v1 kind: Service +metadata: + name: s3-exporter-ceph-directus + labels: + app.kubernetes.io/instance: s3-exporter + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: s3-exporter + app.kubernetes.io/service: s3-exporter-ceph-directus + helm.sh/chart: s3-exporter-4.4.0 + namespace: s3-exporter +spec: + type: ClusterIP + ports: + - port: 9655 + targetPort: 9655 + protocol: TCP + name: metrics + selector: + app.kubernetes.io/controller: ceph-directus + app.kubernetes.io/instance: s3-exporter + app.kubernetes.io/name: s3-exporter +--- +# Source: s3-exporter/charts/s3-exporter/templates/common.yaml +apiVersion: v1 +kind: Service metadata: name: s3-exporter-digital-ocean labels: @@ -72,31 +96,139 @@ spec: app.kubernetes.io/name: s3-exporter --- # Source: s3-exporter/charts/s3-exporter/templates/common.yaml -apiVersion: v1 -kind: Service +--- +apiVersion: apps/v1 +kind: Deployment metadata: - name: s3-exporter-ceph-directus + name: s3-exporter-garage-local labels: + app.kubernetes.io/controller: garage-local app.kubernetes.io/instance: s3-exporter app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: s3-exporter - app.kubernetes.io/service: s3-exporter-ceph-directus helm.sh/chart: s3-exporter-4.4.0 namespace: s3-exporter spec: - type: ClusterIP - ports: - - port: 9655 - targetPort: 9655 - protocol: TCP - name: metrics + revisionHistoryLimit: 3 + replicas: 1 + strategy: + type: Recreate selector: - app.kubernetes.io/controller: ceph-directus - app.kubernetes.io/instance: s3-exporter - app.kubernetes.io/name: s3-exporter + matchLabels: + app.kubernetes.io/controller: garage-local + app.kubernetes.io/name: s3-exporter + app.kubernetes.io/instance: s3-exporter + template: + metadata: + labels: + app.kubernetes.io/controller: garage-local + app.kubernetes.io/instance: s3-exporter + app.kubernetes.io/name: s3-exporter + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + containers: + - env: + - name: S3_NAME + value: garage-local + - name: S3_ENDPOINT + value: http://garage-main.garage:3900 + - name: S3_ACCESS_KEY + valueFrom: + secretKeyRef: + key: AWS_ACCESS_KEY_ID + name: s3-garage-secret + - name: S3_SECRET_KEY + valueFrom: + secretKeyRef: + key: AWS_SECRET_ACCESS_KEY + name: s3-garage-secret + - name: S3_REGION + value: us-east-1 + - name: LOG_LEVEL + value: debug + - name: S3_FORCE_PATH_STYLE + value: "true" + image: molu8bits/s3bucket_exporter:1.0.2 + imagePullPolicy: IfNotPresent + name: main + resources: + requests: + cpu: 10m + memory: 64Mi --- # Source: s3-exporter/charts/s3-exporter/templates/common.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: s3-exporter-garage-remote + labels: + app.kubernetes.io/controller: garage-remote + app.kubernetes.io/instance: s3-exporter + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: s3-exporter + helm.sh/chart: s3-exporter-4.4.0 + namespace: s3-exporter +spec: + revisionHistoryLimit: 3 + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/controller: garage-remote + app.kubernetes.io/name: s3-exporter + app.kubernetes.io/instance: s3-exporter + template: + metadata: + labels: + app.kubernetes.io/controller: garage-remote + app.kubernetes.io/instance: s3-exporter + app.kubernetes.io/name: s3-exporter + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + containers: + - env: + - name: S3_NAME + value: garage-remote + - name: S3_ENDPOINT + value: https://garage-ps10rp.boreal-beaufort.ts.net:3900 + - name: S3_ACCESS_KEY + valueFrom: + secretKeyRef: + key: AWS_ACCESS_KEY_ID + name: s3-garage-secret + - name: S3_SECRET_KEY + valueFrom: + secretKeyRef: + key: AWS_SECRET_ACCESS_KEY + name: s3-garage-secret + - name: S3_REGION + value: us-east-1 + - name: LOG_LEVEL + value: debug + - name: S3_FORCE_PATH_STYLE + value: "true" + image: molu8bits/s3bucket_exporter:1.0.2 + imagePullPolicy: IfNotPresent + name: main + resources: + requests: + cpu: 10m + memory: 64Mi --- +# Source: s3-exporter/charts/s3-exporter/templates/common.yaml apiVersion: apps/v1 kind: Deployment metadata: @@ -234,138 +366,6 @@ spec: cpu: 10m memory: 64Mi --- -# Source: s3-exporter/charts/s3-exporter/templates/common.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: s3-exporter-garage-local - labels: - app.kubernetes.io/controller: garage-local - app.kubernetes.io/instance: s3-exporter - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: s3-exporter - helm.sh/chart: s3-exporter-4.4.0 - namespace: s3-exporter -spec: - revisionHistoryLimit: 3 - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app.kubernetes.io/controller: garage-local - app.kubernetes.io/name: s3-exporter - app.kubernetes.io/instance: s3-exporter - template: - metadata: - labels: - app.kubernetes.io/controller: garage-local - app.kubernetes.io/instance: s3-exporter - app.kubernetes.io/name: s3-exporter - spec: - enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true - hostIPC: false - hostNetwork: false - hostPID: false - dnsPolicy: ClusterFirst - containers: - - env: - - name: S3_NAME - value: garage-local - - name: S3_ENDPOINT - value: http://garage-main.garage:3900 - - name: S3_ACCESS_KEY - valueFrom: - secretKeyRef: - key: AWS_ACCESS_KEY_ID - name: s3-garage-secret - - name: S3_SECRET_KEY - valueFrom: - secretKeyRef: - key: AWS_SECRET_ACCESS_KEY - name: s3-garage-secret - - name: S3_REGION - value: us-east-1 - - name: LOG_LEVEL - value: debug - - name: S3_FORCE_PATH_STYLE - value: "true" - image: molu8bits/s3bucket_exporter:1.0.2 - imagePullPolicy: IfNotPresent - name: main - resources: - requests: - cpu: 10m - memory: 64Mi ---- -# Source: s3-exporter/charts/s3-exporter/templates/common.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: s3-exporter-garage-remote - labels: - app.kubernetes.io/controller: garage-remote - app.kubernetes.io/instance: s3-exporter - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: s3-exporter - helm.sh/chart: s3-exporter-4.4.0 - namespace: s3-exporter -spec: - revisionHistoryLimit: 3 - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app.kubernetes.io/controller: garage-remote - app.kubernetes.io/name: s3-exporter - app.kubernetes.io/instance: s3-exporter - template: - metadata: - labels: - app.kubernetes.io/controller: garage-remote - app.kubernetes.io/instance: s3-exporter - app.kubernetes.io/name: s3-exporter - spec: - enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true - hostIPC: false - hostNetwork: false - hostPID: false - dnsPolicy: ClusterFirst - containers: - - env: - - name: S3_NAME - value: garage-remote - - name: S3_ENDPOINT - value: https://garage-ps10rp.boreal-beaufort.ts.net:3900 - - name: S3_ACCESS_KEY - valueFrom: - secretKeyRef: - key: AWS_ACCESS_KEY_ID - name: s3-garage-secret - - name: S3_SECRET_KEY - valueFrom: - secretKeyRef: - key: AWS_SECRET_ACCESS_KEY - name: s3-garage-secret - - name: S3_REGION - value: us-east-1 - - name: LOG_LEVEL - value: debug - - name: S3_FORCE_PATH_STYLE - value: "true" - image: molu8bits/s3bucket_exporter:1.0.2 - imagePullPolicy: IfNotPresent - name: main - resources: - requests: - cpu: 10m - memory: 64Mi ---- # Source: s3-exporter/templates/external-secret.yaml apiVersion: external-secrets.io/v1 kind: ExternalSecret diff --git a/clusters/cl01tl/manifests/slskd/slskd.yaml b/clusters/cl01tl/manifests/slskd/slskd.yaml index ed75a0450..b2f89fdfc 100644 --- a/clusters/cl01tl/manifests/slskd/slskd.yaml +++ b/clusters/cl01tl/manifests/slskd/slskd.yaml @@ -84,6 +84,78 @@ spec: --- apiVersion: apps/v1 kind: Deployment +metadata: + name: slskd-soularr + labels: + app.kubernetes.io/controller: soularr + app.kubernetes.io/instance: slskd + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: slskd + helm.sh/chart: slskd-4.4.0 + namespace: slskd +spec: + revisionHistoryLimit: 3 + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/controller: soularr + app.kubernetes.io/name: slskd + app.kubernetes.io/instance: slskd + template: + metadata: + labels: + app.kubernetes.io/controller: soularr + app.kubernetes.io/instance: slskd + app.kubernetes.io/name: slskd + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + containers: + - env: + - name: TZ + value: US/Central + - name: PUID + value: "1000" + - name: PGID + value: "1000" + - name: SCRIPT_INTERVAL + value: "300" + image: mrusse08/soularr:latest@sha256:71a0b9e5a522d76bb0ffdb6d720d681fde22417b3a5acc9ecae61c89d05d8afc + imagePullPolicy: IfNotPresent + name: main + resources: + requests: + cpu: 10m + memory: 256Mi + volumeMounts: + - mountPath: /mnt/store + name: data + - mountPath: /data/config.ini + mountPropagation: None + name: soularr-config + readOnly: true + subPath: config.ini + volumes: + - name: data + persistentVolumeClaim: + claimName: slskd-nfs-storage + - name: soularr-config + secret: + secretName: soularr-config-secret +--- +# Source: slskd/charts/slskd/templates/common.yaml +apiVersion: apps/v1 +kind: Deployment metadata: name: slskd-main labels: @@ -203,78 +275,6 @@ spec: secret: secretName: slskd-config-secret --- -# Source: slskd/charts/slskd/templates/common.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: slskd-soularr - labels: - app.kubernetes.io/controller: soularr - app.kubernetes.io/instance: slskd - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: slskd - helm.sh/chart: slskd-4.4.0 - namespace: slskd -spec: - revisionHistoryLimit: 3 - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app.kubernetes.io/controller: soularr - app.kubernetes.io/name: slskd - app.kubernetes.io/instance: slskd - template: - metadata: - labels: - app.kubernetes.io/controller: soularr - app.kubernetes.io/instance: slskd - app.kubernetes.io/name: slskd - spec: - enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true - securityContext: - fsGroup: 1000 - fsGroupChangePolicy: OnRootMismatch - hostIPC: false - hostNetwork: false - hostPID: false - dnsPolicy: ClusterFirst - containers: - - env: - - name: TZ - value: US/Central - - name: PUID - value: "1000" - - name: PGID - value: "1000" - - name: SCRIPT_INTERVAL - value: "300" - image: mrusse08/soularr:latest@sha256:71a0b9e5a522d76bb0ffdb6d720d681fde22417b3a5acc9ecae61c89d05d8afc - imagePullPolicy: IfNotPresent - name: main - resources: - requests: - cpu: 10m - memory: 256Mi - volumeMounts: - - mountPath: /mnt/store - name: data - - mountPath: /data/config.ini - mountPropagation: None - name: soularr-config - readOnly: true - subPath: config.ini - volumes: - - name: data - persistentVolumeClaim: - claimName: slskd-nfs-storage - - name: soularr-config - secret: - secretName: soularr-config-secret ---- # Source: slskd/templates/external-secret.yaml apiVersion: external-secrets.io/v1 kind: ExternalSecret diff --git a/clusters/cl01tl/manifests/talos/talos.yaml b/clusters/cl01tl/manifests/talos/talos.yaml index 1770f5186..ff5a55dcb 100644 --- a/clusters/cl01tl/manifests/talos/talos.yaml +++ b/clusters/cl01tl/manifests/talos/talos.yaml @@ -155,7 +155,7 @@ spec: secretKeyRef: key: BUCKET name: talos-etcd-backup-secret - image: d3fk/s3cmd:latest@sha256:7bdbd33bb3d044884598898b9e9b383385759fbd6ebf52888700bd9b0e0fab91 + image: d3fk/s3cmd:latest@sha256:590c42746db1252be8aad33e287c7910698c32b58b4fc34f67592a5bd0841551 imagePullPolicy: IfNotPresent name: s3-prune resources: diff --git a/clusters/cl01tl/manifests/vault/vault.yaml b/clusters/cl01tl/manifests/vault/vault.yaml index ebfa9692c..7b52d5324 100644 --- a/clusters/cl01tl/manifests/vault/vault.yaml +++ b/clusters/cl01tl/manifests/vault/vault.yaml @@ -251,54 +251,6 @@ spec: --- apiVersion: apps/v1 kind: Deployment -metadata: - name: vault-unseal-unseal-1 - labels: - app.kubernetes.io/controller: unseal-1 - app.kubernetes.io/instance: vault - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: vault - helm.sh/chart: unseal-4.4.0 - namespace: vault -spec: - revisionHistoryLimit: 3 - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app.kubernetes.io/controller: unseal-1 - app.kubernetes.io/name: vault - app.kubernetes.io/instance: vault - template: - metadata: - labels: - app.kubernetes.io/controller: unseal-1 - app.kubernetes.io/instance: vault - app.kubernetes.io/name: vault - spec: - enableServiceLinks: false - serviceAccountName: default - automountServiceAccountToken: true - hostIPC: false - hostNetwork: false - hostPID: false - dnsPolicy: ClusterFirst - containers: - - envFrom: - - secretRef: - name: vault-unseal-config-1 - image: ghcr.io/lrstanley/vault-unseal:0.7.2 - imagePullPolicy: IfNotPresent - name: main - resources: - requests: - cpu: 10m - memory: 24Mi ---- -# Source: vault/charts/unseal/templates/common.yaml -apiVersion: apps/v1 -kind: Deployment metadata: name: vault-unseal-unseal-2 labels: @@ -392,6 +344,54 @@ spec: cpu: 10m memory: 24Mi --- +# Source: vault/charts/unseal/templates/common.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vault-unseal-unseal-1 + labels: + app.kubernetes.io/controller: unseal-1 + app.kubernetes.io/instance: vault + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vault + helm.sh/chart: unseal-4.4.0 + namespace: vault +spec: + revisionHistoryLimit: 3 + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/controller: unseal-1 + app.kubernetes.io/name: vault + app.kubernetes.io/instance: vault + template: + metadata: + labels: + app.kubernetes.io/controller: unseal-1 + app.kubernetes.io/instance: vault + app.kubernetes.io/name: vault + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + containers: + - envFrom: + - secretRef: + name: vault-unseal-config-1 + image: ghcr.io/lrstanley/vault-unseal:0.7.2 + imagePullPolicy: IfNotPresent + name: main + resources: + requests: + cpu: 10m + memory: 24Mi +--- # Source: vault/charts/vault/templates/server-statefulset.yaml # StatefulSet to run the actual vault server cluster. apiVersion: apps/v1 @@ -672,7 +672,7 @@ spec: secretKeyRef: key: BUCKET name: vault-s3cmd-config - image: d3fk/s3cmd:latest@sha256:7bdbd33bb3d044884598898b9e9b383385759fbd6ebf52888700bd9b0e0fab91 + image: d3fk/s3cmd:latest@sha256:590c42746db1252be8aad33e287c7910698c32b58b4fc34f67592a5bd0841551 imagePullPolicy: IfNotPresent name: s3-backup resources: