alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
Alex Lebens
2024-05-22 12:49:28 -05:00
commit 35b77bb0df
219 changed files with 9997 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
clusters/cl01tl/deployment/argo-rollouts/Chart.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v2
name: argo-rollouts
version: 1.0.0
sources:
- https://github.com/argoproj/argo-rollouts
- https://github.com/argoproj/argo-helm/tree/main/charts
dependencies:
- name: argo-rollouts
version: 2.35.2
repository: https://argoproj.github.io/argo-helm
appVersion: v1.6.6

45
clusters/cl01tl/deployment/argo-rollouts/values.yaml Normal file
View File

@@ -0,0 +1,45 @@
argo-rollouts:
controller:
metrics:
enabled: true
serviceMonitor:
enabled: true
namespace: argocd
dashboard:
enabled: true
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
ingressClassName: traefik
hosts:
- argo-rollouts.alexlebens.net
tls:
- secretName: argo-rollouts-secret-tls
hosts:
- argo-rollouts.alexlebens.net
notifications:
notifiers: {}
# service.slack: |
# token: $slack-token
# -- Notification templates
templates: {}
# template.my-purple-template: |
# message: |
# Rollout {{.rollout.metadata.name}} has purple image
# slack:
# attachments: |
# [{
# "title": "{{ .rollout.metadata.name}}",
# "color": "#800080"
# }]
# -- The trigger defines the condition when the notification should be sent
triggers: {}
# trigger.on-purple: |
# - send: [my-purple-template]
# when: rollout.spec.template.spec.containers[0].image == 'argoproj/rollouts-demo:purple'

20
clusters/cl01tl/deployment/argo-workflows/Chart.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v2
name: argo-workflows
version: 1.0.0
sources:
- https://github.com/argoproj/argo-workflows
- https://github.com/argoproj/argo-events
- https://github.com/argoproj/argo-helm/tree/main/charts
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
dependencies:
- name: argo-workflows
version: 0.41.4
repository: https://argoproj.github.io/argo-helm
- name: argo-events
version: 2.4.4
repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster
alias: postgres-16-cluster
version: 3.0.0
repository: http://alexlebens.github.io/helm-charts
appVersion: v3.5.6

62
clusters/cl01tl/deployment/argo-workflows/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,62 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: argo-workflows-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argo-workflows-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argo-workflows
metadataPolicy: None
property: secret
- secretKey: client
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argo-workflows
metadataPolicy: None
property: client
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: argo-workflows-postgresql-16-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argo-workflows-postgresql-16-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /aws/keys/cl01tl-argo-workflows-postgresql
metadataPolicy: None
property: access_key
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /aws/keys/cl01tl-argo-workflows-postgresql
metadataPolicy: None
property: secret_key

121
clusters/cl01tl/deployment/argo-workflows/values.yaml Normal file
View File

@@ -0,0 +1,121 @@
argo-workflows:
controller:
metricsConfig:
enabled: true
persistence:
connectionPool:
maxIdleConns: 100
maxOpenConns: 0
nodeStatusOffLoad: true
archive: true
postgresql:
host: argo-workflows-postgresql-16-cluster-rw
port: 5432
database: app
tableName: app
userNameSecret:
name: argo-workflows-postgresql-16-cluster-app
key: username
passwordSecret:
name: argo-workflows-postgresql-16-cluster-app
key: password
ssl: false
sslMode: disable
workflowWorkers: 2
workflowTTLWorkers: 1
podCleanupWorkers: 1
cronWorkflowWorkers: 1
telemetryConfig:
enabled: true
serviceMonitor:
enabled: true
name: workflow-controller
workflowNamespaces:
- argocd
server:
authModes:
- sso
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
ingressClassName: traefik
hosts:
- argo-workflows.alexlebens.net
tls:
- secretName: argoworkflows-example-tls
hosts:
- argo-workflows.alexlebens.net
sso:
enabled: true
issuer: https://authentik.alexlebens.net/application/o/argo-workflows/
clientId:
name: argo-workflows-oidc-secret
key: client
clientSecret:
name: argo-workflows-oidc-secret
key: secret
redirectUrl: https://argo-workflows.alexlebens.net/oauth2/callback
rbac:
enabled: false
scopes:
- openid
- email
- profile
useStaticCredentials: true
artifactRepository:
archiveLogs: false
s3: {}
# accessKeySecret:
# name: "{{ .Release.Name }}-minio"
# key: accesskey
# secretKeySecret:
# name: "{{ .Release.Name }}-minio"
# key: secretkey
# insecure: true
# bucket:
# endpoint:
# region:
# encryptionOptions:
# enableEncryption: true
argo-events:
global:
image:
repository: quay.io/argoproj/argo-events
tag: v1.9.1
controller:
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
namespace: argocd
webhook:
enabled: true
postgres-16-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
prometheusRule:
enabled: true
backup:
enabled: true
endpointURL: https://s3.us-east-2.amazonaws.com
destinationPath: s3://cl01tl-postgresql-backups/argo-workflows
endpointCredentials: argo-workflows-postgresql-16-cluster-backup-secret
backupIndex: 1
retentionPolicy: 14d

12
clusters/cl01tl/deployment/argocd/Chart.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v2
name: argocd
version: 0.1.0
home: https://outline.alexlebens.net/doc/argo-cd-qLEdrgdwOD
sources:
- https://github.com/argoproj/argo-cd
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
dependencies:
- name: argo-cd
version: 6.9.3
repository: https://argoproj.github.io/argo-helm
appVersion: v2.10.8

110
clusters/cl01tl/deployment/argocd/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,110 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: argocd-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: "{{ .Release.Name }}-server"
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: server
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argocd
metadataPolicy: None
property: secret
- secretKey: client
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argocd
metadataPolicy: None
property: client
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: argocd-cluster-cl02do-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: "{{ .Release.Name }}-server"
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: server
app.kubernetes.io/part-of: {{ .Release.Name }}
argocd.argoproj.io/secret-type: cluster
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: name
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /argocd/credentials/cluster/cl02do
metadataPolicy: None
property: name
- secretKey: server
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /argocd/credentials/cluster/cl02do
metadataPolicy: None
property: server
- secretKey: config
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /argocd/credentials/cluster/cl02do
metadataPolicy: None
property: config
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: argocd-repo-alexlebens-dev-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: "{{ .Release.Name }}-server"
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: server
app.kubernetes.io/part-of: {{ .Release.Name }}
argocd.argoproj.io/secret-type: repository
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: type
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /argocd/credentials/repo/alexlebens-dev
metadataPolicy: None
property: type
- secretKey: url
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /argocd/credentials/repo/alexlebens-dev
metadataPolicy: None
property: url
- secretKey: sshPrivateKey
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /argocd/credentials/repo/alexlebens-dev
metadataPolicy: None
property: sshPrivateKey

66
clusters/cl01tl/deployment/argocd/values.yaml Normal file
View File

@@ -0,0 +1,66 @@
argo-cd:
crds:
install: true
configs:
cm:
admin.enabled: true
url: https://argocd.alexlebens.net
statusbadge.enabled: true
dex.config: |
connectors:
- config:
issuer: https://authentik.alexlebens.net/application/o/argocd/
clientID: $argocd-oidc-secret:client
clientSecret: $argocd-oidc-secret:secret
insecureEnableGroups: true
scopes:
- openid
- profile
- email
- groups
name: authentik
type: oidc
id: authentik
rbac:
policy.csv: |
g, ArgoCD Admins, role:admin
params:
server.insecure: true
server:
replicas: 2
ingress:
enabled: true
controller: generic
ingressClassName: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
hostname: argocd.alexlebens.net
tls: true
metrics:
enabled: true
serviceMonitor:
enabled: true
dex:
enabled: true
redis-ha:
enabled: true
controller:
replicas: 1
metrics:
enabled: true
serviceMonitor:
enabled: true
repoServer:
replicas: 2
metrics:
enabled: true
serviceMonitor:
enabled: true
applicationSet:
replicas: 2
metrics:
enabled: true
serviceMonitor:
enabled: true

11
clusters/cl01tl/deployment/kargo/Chart.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v2
name: kargo
version: 1.0.0
sources:
- https://github.com/akuity/kargo
- https://github.com/akuity/kargo/blob/main/charts/kargo/Chart.yaml
dependencies:
- name: kargo
version: 0.6.0
repository: oci://ghcr.io/akuity/kargo-charts
appVersion: v0.5.1

56
clusters/cl01tl/deployment/kargo/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,56 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: kargo-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kargo-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/kargo
metadataPolicy: None
property: secret
- secretKey: CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/kargo
metadataPolicy: None
property: client
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: kargo-cluster-cl02do-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kargo-cluster-cl02do-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
argocd.argoproj.io/secret-type: cluster
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: kubeconfig
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /argocd/credentials/cluster/cl02do
metadataPolicy: None
property: kubeconfig

120
clusters/cl01tl/deployment/kargo/values.yaml Normal file
View File

@@ -0,0 +1,120 @@
kargo:
api:
host: kargo.alexlebens.net
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
tls:
enabled: false
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
ingressClassName: traefik
tls:
enabled: true
selfSignedCert: false
adminAccount:
enabled: false
oidc:
enabled: true
admins:
groups: ["ArgoCD Admins"]
dex:
enabled: true
image:
repository: ghcr.io/dexidp/dex
tag: v2.39.1
env:
- name: CLIENT_ID
valueFrom:
secretKeyRef:
name: kargo-oidc-secret
key: CLIENT_ID
- name: CLIENT_SECRET
valueFrom:
secretKeyRef:
name: kargo-oidc-secret
key: CLIENT_SECRET
tls:
selfSignedCert: false
skipApprovalScreen: true
connectors:
- type: oidc
id: authentik
name: Authentik
config:
issuer: https://authentik.alexlebens.net/application/o/kargo/
clientID: "$CLIENT_ID"
clientSecret: "$CLIENT_SECRET"
redirectURI: https://kargo.alexlebens.net/dex/callback
insecureEnableGroups: true
scopes:
- openid
- profile
- email
- groups
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
argocd:
urls:
"": https://argocd.alexlebens.net
rollouts:
integrationEnabled: true
controller:
enabled: true
gitClient:
name: "Kargo cl01tl"
email: "alexanderlebens@gmail.com"
argocd:
integrationEnabled: true
rollouts:
integrationEnabled: true
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
managementController:
enabled: true
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
webhooks:
register: true
webhooksServer:
tls:
selfSignedCert: true
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
garbageCollector:
schedule: "0 * * * *"
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi

6
clusters/cl01tl/deployment/stack/Chart.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v2
name: stack
version: 1.0.0
sources:
- https://github.com/alexlebens/alexlebens-net.git
appVersion: 1.0.0

55
clusters/cl01tl/deployment/stack/templates/application-set.yaml Normal file
View File

@@ -0,0 +1,55 @@
{{- range $index, $stack := .Values.applicationSet }}
---
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: {{ $stack.name }}
namespace: {{ $.Release.Namespace }}
labels:
app.kubernetes.io/name: {{ $stack.name }}
app.kubernetes.io/instance: {{ $stack.name }}
app.kubernetes.io/version: {{ $.Chart.AppVersion }}
app.kubernetes.io/component: {{ $stack.name }}
app.kubernetes.io/part-of: {{ $.Release.Name }}
spec:
syncPolicy:
applicationsSync: create-only
preserveResourcesOnDeletion: true
generators:
- git:
repoURL: {{ $.Values.git.repo }}
revision: {{ $.Values.git.revision }}
directories:
- path: "{{ $.Values.git.path }}/{{ $stack.name }}/*"
template:
metadata:
name: '{{ `{{path.basename}}` }}'
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
name: in-cluster
namespace: '{{ $stack.namespace | default `{{path.basename}}` }}'
project: default
revisionHistoryLimit: 3
source:
repoURL: {{ $.Values.git.repo }}
targetRevision: {{ $.Values.git.revision }}
path: '{{ `{{path}}` }}'
ignoreDifferences:
{{- toYaml $stack.ignoreDifferences | nindent 8 }}
syncPolicy:
{{- if $stack.syncPolicy.automated.enabled }}
automated:
prune: {{ $stack.syncPolicy.automated.prune | default false }}
selfHeal: {{ $stack.syncPolicy.automated.selfHeal | default false }}
{{- end }}
retry:
limit: 3
backoff:
duration: 1m
factor: 2
maxDuration: 15m
syncOptions:
{{- toYaml $stack.syncPolicy.syncOptions | nindent 10 }}
{{- end }}

82
clusters/cl01tl/deployment/stack/templates/application.yaml Normal file
View File

@@ -0,0 +1,82 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cilium
namespace: {{ .Release.Namespace }}
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: {{ .Values.application.cilium.source.repo }}
targetRevision: {{ .Values.application.cilium.source.revision }}
path: "{{ .Values.git.path }}/{{ .Values.application.cilium.source.path }}"
destination:
name: in-cluster
namespace: {{ .Values.application.cilium.namespace }}
revisionHistoryLimit: 3
syncPolicy:
{{- toYaml .Values.application.cilium.syncPolicy | nindent 4 }}
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: metrics-server
namespace: {{ .Release.Namespace }}
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: {{ .Values.application.metricsServer.source.repo }}
targetRevision: {{ .Values.application.metricsServer.source.revision }}
path: "{{ .Values.git.path }}/{{ .Values.application.metricsServer.source.path }}"
destination:
name: in-cluster
namespace: {{ .Values.application.metricsServer.namespace }}
revisionHistoryLimit: 3
syncPolicy:
{{- toYaml .Values.application.metricsServer.syncPolicy | nindent 4 }}
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kubelet-serving-cert-approver
namespace: {{ .Release.Namespace }}
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: {{ .Values.application.kubeletServingCertApprover.source.repo }}
targetRevision: {{ .Values.application.kubeletServingCertApprover.source.revision }}
path: "{{ .Values.git.path }}/{{ .Values.application.kubeletServingCertApprover.source.path }}"
destination:
name: in-cluster
namespace: {{ .Values.application.kubeletServingCertApprover.namespace }}
revisionHistoryLimit: 3
syncPolicy:
{{- toYaml .Values.application.kubeletServingCertApprover.syncPolicy | nindent 4 }}
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: prometheus-operator-crds
namespace: {{ .Release.Namespace }}
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: {{ .Values.application.prometheusOperatorCrds.source.repo }}
targetRevision: {{ .Values.application.prometheusOperatorCrds.source.revision }}
path: "{{ .Values.git.path }}/{{ .Values.application.prometheusOperatorCrds.source.path }}"
destination:
name: in-cluster
namespace: {{ .Values.application.prometheusOperatorCrds.namespace }}
revisionHistoryLimit: 3
syncPolicy:
{{- toYaml .Values.application.prometheusOperatorCrds.syncPolicy | nindent 4 }}

148
clusters/cl01tl/deployment/stack/values.yaml Normal file
View File

@@ -0,0 +1,148 @@
git:
repo: git@github.com:alexlebens/alexlebens-net.git
revision: HEAD
path: clusters/cl01tl
applicationSet:
- name: applications
syncPolicy:
automated:
enabled: true
prune: true
selfheal: false
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
- ServerSideApply=false
- PruneLast=true
- name: deployment
namespace: argocd
syncPolicy:
automated:
enabled: true
prune: true
selfheal: false
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
- ServerSideApply=false
- PruneLast=true
- name: platform
syncPolicy:
automated:
enabled: true
prune: true
selfheal: false
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
- ServerSideApply=true
- PruneLast=true
- name: services
ignoreDifferences:
- group: ""
kind: Service
jqPathExpressions:
- .status.loadBalancer.ingress[].ipMode
syncPolicy:
automated:
enabled: true
prune: true
selfheal: false
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
- ServerSideApply=true
- PruneLast=true
- name: storage
syncPolicy:
automated:
enabled: true
prune: true
selfheal: false
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
- ServerSideApply=false
- PruneLast=true
application:
cilium:
namespace: kube-system
source:
repo: git@github.com:alexlebens/alexlebens-net.git
revision: HEAD
path: standalone/cilium
syncPolicy:
retry:
limit: 10
backoff:
duration: 1m
factor: 2
maxDuration: 16m
syncOptions:
- CreateNamespace=false
- ApplyOutOfSyncOnly=true
- ServerSideApply=true
- PruneLast=true
metricsServer:
namespace: kube-system
source:
repo: git@github.com:alexlebens/alexlebens-net.git
revision: HEAD
path: standalone/metrics-server
syncPolicy:
automated:
prune: true
selfHeal: true
retry:
limit: 10
backoff:
duration: 1m
factor: 2
maxDuration: 16m
syncOptions:
- CreateNamespace=false
- ApplyOutOfSyncOnly=false
- ServerSideApply=true
- PruneLast=true
kubeletServingCertApprover:
namespace: kubelet-serving-cert-approver
source:
repo: git@github.com:alexlebens/alexlebens-net.git
revision: HEAD
path: standalone/kubelet-serving-cert-approver
syncPolicy:
automated:
prune: true
selfHeal: true
retry:
limit: 10
backoff:
duration: 1m
factor: 2
maxDuration: 16m
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=false
- ServerSideApply=true
- PruneLast=true
prometheusOperatorCrds:
namespace: kube-system
source:
repo: git@github.com:alexlebens/alexlebens-net.git
revision: HEAD
path: standalone/prometheus-operator-crds
syncPolicy:
automated:
prune: true
selfHeal: true
retry:
limit: 10
backoff:
duration: 1m
factor: 2
maxDuration: 16m
syncOptions:
- CreateNamespace=false
- ApplyOutOfSyncOnly=false
- ServerSideApply=true
- PruneLast=true