alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions 2 Activity

stage for rebuilt

Browse Source
This commit is contained in:
Alex Lebens
2025-02-14 22:05:52 -06:00
parent 91c1b3931d
commit 8b4eee804f
329 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
clusters/cl01tl/services/blocky/Chart.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: v2
name: blocky
version: 1.0.0
description: Blocky
keywords:
- blocky
- dns
home: https://wiki.alexlebens.dev/doc/blocky-ZDHt1ucetP
sources:
- https://github.com/0xERR0R/blocky
- https://hub.docker.com/r/spx01/blocky
- https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template/values.yaml
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: blocky
repository: https://bjw-s.github.io/helm-charts/
version: 3.6.1
- name: valkey
version: 2.2.3
repository: https://charts.bitnami.com/bitnami
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/blocky.png
appVersion: v0.24

21
clusters/cl01tl/services/blocky/templates/service-monitor.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: blocky
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: blocky
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: blocky
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 10s
path: /metrics

220
clusters/cl01tl/services/blocky/values.yaml
View File

@@ -1,220 +0,0 @@
blocky:
controllers:
main:
type: deployment
replicas: 3
strategy: RollingUpdate
revisionHistoryLimit: 3
containers:
main:
image:
repository: spx01/blocky
tag: v0.25@sha256:347f8c6addc1775ef74b83dfc609c28436a67f812ef0ee7e2602569dc0e56cd1
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccount:
create: true
configMaps:
config:
enabled: true
data:
config.yml: |
upstreams:
init:
strategy: fast
groups:
default:
- tcp-tls:1.1.1.1:853
- tcp-tls:1.0.0.1:853
strategy: parallel_best
timeout: 2s
connectIPVersion: v4
customDNS:
filterUnmappedTypes: false
zone: |
$ORIGIN alexlebens.net.
$TTL 86400
;; Name Server
IN NS patryk.ns.cloudflare.com.
IN NS veda.ns.cloudflare.com.
IN NS dns1.
IN NS dns2.
IN NS dns3.
dns1 IN A 192.168.1.15
dns2 IN A 192.168.1.134
dns3 IN A 192.168.1.147
;; Computer Names
nw01un IN A 192.168.1.1
ps08rp IN A 192.168.1.134
ps09rp IN A 192.168.1.147
ps02sn IN A 192.168.1.55 ; Synology Web
ps02sn-bond IN A 192.168.1.194 ; Synology Bond for Storage
pd05wd IN A 192.168.1.115 ; Desktop
pl02mc IN A 192.168.1.116 ; Laptop
dv01hr IN A 192.168.1.213 ; HD Homerun
dv02kv IN A 192.168.1.57 ; Pi KVM
it01ag IN A 192.168.1.100 ; Airgradient
it02ph IN A 192.168.1.145 ; Phillips Hue
it03tb IN A 192.168.1.193 ; TubesZB ZigBee
it04tb IN A 192.168.1.135 ; TubesZB Z-Wave
;; Common Names
synology IN CNAME ps02sn
synologybond IN CNAME ps02sn-bond
unifi IN CNAME nw01un
airgradient IN CNAME it01ag
hdhr IN CNAME dv01hr
pikvm IN CNAME dv02kv
;; Service Names
cl01tl IN A 192.168.1.35
cl01tl IN A 192.168.1.36
cl01tl IN A 192.168.1.37
cl01tl-endpoint IN A 192.168.1.15
cl01tl-endpoint IN A 192.168.1.16
cl01tl-endpoint IN A 192.168.1.17
traefik-cl01tl IN A 192.168.1.16
blocky IN A 192.168.1.15
;; Application Names
argocd IN CNAME cl01tl-endpoint
authentik IN CNAME cl01tl-endpoint
gitea IN CNAME cl01tl-endpoint
vault IN CNAME cl01tl-endpoint
blocking:
denylists:
sus:
- https://v.firebog.net/hosts/static/w3kbl.txt
ads:
- https://v.firebog.net/hosts/AdguardDNS.txt
- https://v.firebog.net/hosts/Admiral.txt
- https://v.firebog.net/hosts/Easylist.txt
- https://adaway.org/hosts.txt
priv:
- https://v.firebog.net/hosts/Easyprivacy.txt
- https://v.firebog.net/hosts/Prigent-Ads.txt
mal:
- https://v.firebog.net/hosts/Prigent-Crypto.txt
- https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
pro:
- https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.plus.txt
clientGroupsBlock:
default:
- sus
- ads
- priv
- mal
- pro
blockType: zeroIp
blockTTL: 1m
loading:
refreshPeriod: 24h
downloads:
timeout: 60s
attempts: 5
cooldown: 10s
concurrency: 16
strategy: fast
maxErrorsPerSource: 5
caching:
minTime: 5m
maxTime: 30m
maxItemsCount: 0
prefetching: true
prefetchExpires: 2h
prefetchThreshold: 5
prefetchMaxItemsCount: 0
cacheTimeNegative: 30m
redis:
address: blocky-valkey-headless.blocky:6379
required: true
prometheus:
enable: true
path: /metrics
queryLog:
type: console
logRetentionDays: 7
creationAttempts: 1
creationCooldown: 2s
flushInterval: 30s
minTlsServeVersion: 1.3
ports:
dns: 53
http: 4000
log:
level: info
format: text
timestamp: true
privacy: false
service:
dns-external:
controller: main
type: LoadBalancer
annotations:
tailscale.com/expose: "true"
ports:
tcp:
port: 53
targetPort: 53
protocol: TCP
udp:
port: 53
targetPort: 53
protocol: UDP
metrics:
controller: main
ports:
metrics:
port: 4000
targetPort: 4000
protocol: TCP
persistence:
config:
enabled: true
type: configMap
name: blocky-config
advancedMounts:
main:
main:
- path: /app/config.yml
readOnly: true
mountPropagation: None
subPath: config.yml
valkey:
architecture: standalone
auth:
enabled: false
primary:
persistence:
enabled: false
replica:
persistence:
enabled: false

20
clusters/cl01tl/services/descheduler/Chart.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: v2
name: descheduler
version: 1.0.0
description: descheduler
keywords:
- descheduler
- kube-scheduler
- kubernetes
home: https://wiki.alexlebens.dev/doc/descheduler-satPWfv7Km
sources:
- https://github.com/kubernetes-sigs/descheduler
- https://github.com/kubernetes-sigs/descheduler/tree/master/charts/descheduler
maintainers:
- name: alexlebens
dependencies:
- name: descheduler
version: 0.32.2
repository: https://kubernetes-sigs.github.io/descheduler/
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: 0.31.0

70
clusters/cl01tl/services/descheduler/values.yaml
View File

@@ -1,70 +0,0 @@
descheduler:
kind: Deployment
resources:
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
deschedulingInterval: 5m
replicas: 1
leaderElection:
enabled: false
command:
- "/bin/descheduler"
cmdOptions:
v: 3
deschedulerPolicyAPIVersion: "descheduler/v1alpha2"
deschedulerPolicy:
profiles:
- name: default
pluginConfig:
- name: DefaultEvictor
args:
ignorePvcPods: true
evictLocalStoragePods: false
evictDaemonSetPods: false
- name: RemoveDuplicates
- name: RemovePodsViolatingNodeAffinity
args:
nodeAffinityType:
- requiredDuringSchedulingIgnoredDuringExecution
- name: RemovePodsViolatingNodeTaints
- name: RemovePodsViolatingInterPodAntiAffinity
- name: RemovePodsViolatingTopologySpreadConstraint
- name: LowNodeUtilization
args:
thresholds:
cpu: 20
memory: 20
pods: 20
targetThresholds:
cpu: 60
memory: 60
pods: 60
plugins:
balance:
enabled:
- RemoveDuplicates
- RemovePodsViolatingTopologySpreadConstraint
- LowNodeUtilization
deschedule:
enabled:
- RemovePodsViolatingNodeTaints
- RemovePodsViolatingNodeAffinity
- RemovePodsViolatingInterPodAntiAffinity
rbac:
create: true
serviceAccount:
create: true
service:
enabled: true
serviceMonitor:
enabled: true

20
clusters/cl01tl/services/eraser/Chart.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: v2
name: eraser
version: 1.0.0
description: Eraser
keywords:
- eraser
- images
- kubernetes
home: https://wiki.alexlebens.dev/doc/eraser-XPOB4BLlm7
sources:
- https://github.com/eraser-dev/eraser
- https://github.com/eraser-dev/eraser/tree/main/charts/eraser
maintainers:
- name: alexlebens
dependencies:
- name: eraser
version: v1.3.1
repository: https://eraser-dev.github.io/eraser/charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: v1.3.1

70
clusters/cl01tl/services/eraser/values.yaml
View File

@@ -1,70 +0,0 @@
eraser:
runtimeConfig:
apiVersion: eraser.sh/v1alpha3
kind: EraserConfig
manager:
runtime:
name: containerd
address: unix:///run/containerd/containerd.sock
logLevel: info
scheduling:
repeatInterval: 24h
beginImmediately: true
profile:
enabled: false
port: 6060
imageJob:
successRatio: 1.0
cleanup:
delayOnSuccess: 0s
delayOnFailure: 24h
nodeFilter:
type: exclude
selectors:
- eraser.sh/cleanup.filter
- kubernetes.io/os=windows
components:
collector:
enabled: true
request:
cpu: 10m
memory: 128Mi
scanner:
enabled: false
request:
cpu: 100m
memory: 128Mi
config: "" # |
# cacheDir: /var/lib/trivy
# dbRepo: ghcr.io/aquasecurity/trivy-db
# deleteFailedImages: true
# deleteEOLImages: true
# vulnerabilities:
# ignoreUnfixed: true
# types:
# - os
# - library
# securityChecks:
# - vuln
# severities:
# - CRITICAL
# - HIGH
# - MEDIUM
# - LOW
# ignoredStatuses:
# timeout:
# total: 23h
# perImage: 1h
remover:
request:
cpu: 10m
memory: 128Mi
deploy:
securityContext:
allowPrivilegeEscalation: false
resources:
requests:
cpu: 10m
memory: 30Mi
nodeSelector:
kubernetes.io/os: linux

22
clusters/cl01tl/services/external-dns/Chart.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v2
name: external-dns
version: 1.0.0
description: External DNS
keywords:
- external-dns
- dns
- unifi
- kubernetes
home: https://wiki.alexlebens.dev/doc/external-dns-Zdhuh9NAT1
sources:
- https://github.com/kubernetes-sigs/external-dns
- https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns
maintainers:
- name: alexlebens
dependencies:
- name: external-dns
alias: external-dns-unifi
version: 1.15.1
repository: https://kubernetes-sigs.github.io/external-dns/
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: 1.15.0

160
clusters/cl01tl/services/external-dns/templates/dns-endpoint.yaml
View File

@@ -1,160 +0,0 @@
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: external-device-names
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: external-device-names
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: networking
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
endpoints:
# Unifi UDM
- dnsName: unifi.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.1
# Synology Web
- dnsName: synology.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.55
# Synology Storage
- dnsName: synologybond.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.194
# HD Homerun
- dnsName: hdhr.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.213
# Pi KVM
- dnsName: pikvm.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.57
---
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: iot-device-names
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: iot-device-names
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: networking
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
endpoints:
# Airgradient
- dnsName: it01ag.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.100
# Phillips Hue
- dnsName: it02ph.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.57
# TubesZB ZigBee
- dnsName: it03tb.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.193
# TubesZB Z-Wave
- dnsName: it04tb.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.135
---
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: host-names
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: host-names
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: networking
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
endpoints:
# Surface Book 3
- dnsName: pl01wd.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.86
# Synology
- dnsName: ps02sn.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.55
# Synology Storage
- dnsName: ps02sn-bond.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.194
# Desktop
- dnsName: pd05wd.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.115
---
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: cluster-names
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: cluster-names
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: networking
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
endpoints:
# Control
- dnsName: cl01tl.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.35
- 192.168.1.36
- 192.168.1.37
# Workers
- dnsName: cl01tl-endpoint.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.15
- 192.168.1.16
- 192.168.1.17
# Traefik ps08rp
- dnsName: traefik-cl01tl.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 192.168.1.15
- 192.168.1.16
- 192.168.1.17

30
clusters/cl01tl/services/external-dns/templates/external-secret.yaml
View File

@@ -1,30 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: external-dns-unifi-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: external-dns-unifi-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: username
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth
metadataPolicy: None
property: user
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth
metadataPolicy: None
property: password

51
clusters/cl01tl/services/external-dns/values.yaml
View File

@@ -1,51 +0,0 @@
external-dns-unifi:
fullnameOverride: external-dns-unifi
serviceMonitor:
enabled: true
interval: 1m
sources:
- ingress
- crd
- gateway-httproute
- gateway-tlsroute
policy: sync
registry: txt
txtOwnerId: default
txtPrefix: k8s.
domainFilters: ["alexlebens.net"]
excludeDomains: []
provider:
name: webhook
webhook:
image:
repository: ghcr.io/kashalls/external-dns-unifi-webhook
tag: v0.4.1
env:
- name: UNIFI_HOST
value: https://192.168.1.1
- name: UNIFI_USER
valueFrom:
secretKeyRef:
name: external-dns-unifi-secret
key: username
- name: UNIFI_PASS
valueFrom:
secretKeyRef:
name: external-dns-unifi-secret
key: password
- name: LOG_LEVEL
value: debug
livenessProbe:
httpGet:
path: /healthz
port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /readyz
port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
extraArgs:
- --ignore-ingress-tls-spec

20
clusters/cl01tl/services/generic-device-plugin/Chart.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: v2
name: generic-device-plugin
version: 1.0.0
description: Generic Device Plugin
keywords:
- generic-device-plugin
- device
- plugin
home: https://wiki.alexlebens.dev/doc/generic-device-plugin-PdquJy1lGu
sources:
- https://github.com/squat/generic-device-plugin
- https://github.com/alexlebens/helm-charts/tree/main/charts/generic-device-plugin
maintainers:
- name: alexlebens
dependencies:
- name: generic-device-plugin
repository: http://alexlebens.github.io/helm-charts
version: 0.1.6
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: 0.1.2

13
clusters/cl01tl/services/generic-device-plugin/values.yaml
View File

@@ -1,13 +0,0 @@
generic-device-plugin:
image:
repository: ghcr.io/squat/generic-device-plugin
tag: latest@sha256:ba6f0b4cf6c858d6ad29ba4d32e4da11638abbc7d96436bf04f582a97b2b8821
config:
enabled: true
data: |
devices:
- name: tun
groups:
- count: 1000
paths:
- path: /dev/net/tun

29
clusters/cl01tl/services/harbor/Chart.yaml
View File

@@ -1,29 +0,0 @@
apiVersion: v2
name: harbor
version: 1.0.0
description: Harbor
keywords:
- harbor
- images
- cache
- kubernetes
home: https://wiki.alexlebens.dev/doc/harbor-
sources:
- https://github.com/goharborv
- https://github.com/goharbor/harbor-helm
- https://github.com/valkey-io/valkey
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/bitnami/charts/tree/main/bitnami/valkey
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: harbor
version: 1.16.2
repository: https://helm.goharbor.io
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.1.4
repository: http://alexlebens.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: v2.12.1

97
clusters/cl01tl/services/harbor/templates/external-secret.yaml
View File

@@ -1,97 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: harbor-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: harbor-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: HARBOR_ADMIN_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: admin-password
- secretKey: secretKey
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: secretKey
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: secret
- secretKey: JOBSERVICE_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: jobservice-secret
- secretKey: REGISTRY_HTTP_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: registry-http-secret
- secretKey: REGISTRY_PASSWD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: registry-password
- secretKey: REGISTRY_HTPASSWD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: registry-ht-password
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: harbor-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: harbor-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

55
clusters/cl01tl/services/harbor/templates/ingress.yaml
View File

@@ -1,55 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: harbor-tailscale
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: harbor-tailscale
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
ingressClassName: tailscale
tls:
- hosts:
- harbor-cl01tl
rules:
- host: harbor-cl01tl
http:
paths:
- backend:
service:
name: harbor-core
port:
number: 80
path: /api/
pathType: Prefix
- backend:
service:
name: harbor-core
port:
number: 80
path: /service/
pathType: Prefix
- backend:
service:
name: harbor-core
port:
number: 80
path: /v2/
pathType: Prefix
- backend:
service:
name: harbor-core
port:
number: 80
path: /c/
pathType: Prefix
- backend:
service:
name: harbor-portal
port:
number: 80
path: /
pathType: Prefix

136
clusters/cl01tl/services/harbor/values.yaml
View File

@@ -1,136 +0,0 @@
harbor:
expose:
type: ingress
ingress:
hosts:
core: harbor.alexlebens.net
className: traefik
labels:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
externalURL: https://harbor-cl01tl.boreal-beaufort.ts.net
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
storageClass: ceph-block-delete
accessMode: ReadWriteOnce
size: 20Gi
jobservice:
jobLog:
storageClass: ceph-block-delete
accessMode: ReadWriteOnce
size: 5Gi
redis:
storageClass: ceph-block-delete
accessMode: ReadWriteOnce
size: 5Gi
trivy:
storageClass: ceph-block-delete
accessMode: ReadWriteOnce
size: 5Gi
imageChartStorage:
type: filesystem
filesystem:
rootdirectory: /storage
existingSecretAdminPassword: harbor-secret
existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
ipFamily:
ipv6:
enabled: false
ipv4:
enabled: true
updateStrategy:
type: Recreate
existingSecretSecretKey: harbor-secret
metrics:
enabled: true
core:
path: /metrics
port: 8001
registry:
path: /metrics
port: 8001
jobservice:
path: /metrics
port: 8001
exporter:
path: /metrics
port: 8001
serviceMonitor:
enabled: true
trace:
enabled: false
cache:
enabled: false
portal:
image:
repository: ghcr.io/goharbor/harbor-portal
tag: v2.12.2
core:
image:
repository: ghcr.io/goharbor/harbor-core
tag: v2.12.2
existingSecret: harbor-secret
jobservice:
image:
repository: ghcr.io/goharbor/harbor-jobservice
tag: v2.12.2
existingSecret: harbor-secret
existingSecretKey: JOBSERVICE_SECRET
registry:
registry:
image:
repository: ghcr.io/goharbor/registry-photon
tag: v2.12.2
controller:
image:
repository: ghcr.io/goharbor/harbor-registryctl
tag: v2.12.2
existingSecret: harbor-secret
existingSecretKey: REGISTRY_HTTP_SECRET
relativeurls: false
credentials:
existingSecret: harbor-secret
upload_purging:
enabled: true
age: 168h
interval: 24h
dryrun: false
trivy:
enabled: false
database:
type: external
external:
host: harbor-postgresql-17-cluster-rw
port: "5432"
username: app
coreDatabase: app
existingSecret: harbor-postgresql-17-cluster-app
redis:
type: internal
internal:
image:
repository: goharbor/redis-photon
tag: v2.12.2
exporter:
image:
repository: ghcr.io/goharbor/harbor-exporter
tag: v2.12.2
postgres-17-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/harbor/harbor-postgresql-17-cluster
endpointCredentials: harbor-postgresql-17-cluster-backup-secret
backupIndex: 1

25
clusters/cl01tl/services/intel-device-plugin/Chart.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v2
name: intel-device-plugin
version: 1.0.0
description: Intel Device Plugin
keywords:
- intel-device-plugin
- operator
- gpu
- kubernetes
home: https://wiki.alexlebens.dev/doc/intel-device-plugin-WGuYx3UYE3
sources:
- https://github.com/intel/intel-device-plugins-for-kubernetes
- https://github.com/intel/helm-charts/tree/main/charts/device-plugin-operator
- https://github.com/intel/helm-charts/tree/main/charts/gpu-device-plugin
maintainers:
- name: alexlebens
dependencies:
- name: intel-device-plugins-operator
version: 0.32.0
repository: https://intel.github.io/helm-charts/
- name: intel-device-plugins-gpu
version: 0.32.0
repository: https://intel.github.io/helm-charts/
icon: https://avatars.githubusercontent.com/u/17888862?s=48&v=4
appVersion: 0.31.1

10
clusters/cl01tl/services/intel-device-plugin/values.yaml
View File

@@ -1,10 +0,0 @@
intel-device-plugins-gpu:
name: gpudeviceplugin
resourceManager: false
sharedDevNum: 5
logLevel: 2
enableMonitoring: true
allocationPolicy: "none"
nodeSelector:
intel.feature.node.kubernetes.io/gpu: 'true'
nodeFeatureRule: false

23
clusters/cl01tl/services/kubernetes-cloudflare-ddns/Chart.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v2
name: kubernetes-cloudflare-ddns
version: 1.0.0
description: Kubernetes Cloudflare DDNS
keywords:
- kubernetes-cloudflare-ddns
- cloudflare
- ddns
- kubernetes
home: https://wiki.alexlebens.dev/doc/kubernetes-ddns-STOtBY6W6q
sources:
- https://github.com/kubitodev/kubernetes-cloudflare-ddns
- https://hub.docker.com/r/kubitodev/kubernetes-cloudflare-ddns
- https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template/values.yaml
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: kubernetes-cloudflare-ddns
repository: https://bjw-s.github.io/helm-charts/
version: 3.6.1
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cloudflare.png
appVersion: "2.0.0"

44
clusters/cl01tl/services/kubernetes-cloudflare-ddns/templates/external-secret.yaml
View File

@@ -1,44 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: kubernetes-cloudflare-ddns-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kubernetes-cloudflare-ddns-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: AUTH_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens-net
metadataPolicy: None
property: auth-key
- secretKey: NAME
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens-net
metadataPolicy: None
property: name
- secretKey: RECORD_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens-net
metadataPolicy: None
property: record-id
- secretKey: ZONE_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens-net
metadataPolicy: None
property: zone-id

29
clusters/cl01tl/services/kubernetes-cloudflare-ddns/values.yaml
View File

@@ -1,29 +0,0 @@
kubernetes-cloudflare-ddns:
controllers:
main:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "0 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 3
failedJobsHistory: 3
backoffLimit: 3
parallelism: 1
containers:
main:
image:
repository: kubitodev/kubernetes-cloudflare-ddns
tag: 2.0.0
pullPolicy: IfNotPresent
envFrom:
- secretRef:
name: kubernetes-cloudflare-ddns-secret
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccount:
create: true

19
clusters/cl01tl/services/node-feature-discovery/Chart.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: v2
name: node-feature-discovery
version: 1.0.0
description: Node Feature Discovery
keywords:
- node-feature-discovery
- labels
- kubernetes
home: https://wiki.alexlebens.dev/doc/node-feature-discovery-ie3OiqJrjc
sources:
- https://github.com/kubernetes-sigs/node-feature-discovery
maintainers:
- name: alexlebens
dependencies:
- name: node-feature-discovery
version: 0.17.1
repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: 0.16.6

244
clusters/cl01tl/services/node-feature-discovery/values.yaml
View File

@@ -1,244 +0,0 @@
node-feature-discovery:
enableNodeFeatureApi: true
master:
enable: true
config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE>
# noPublish: false
# autoDefaultNs: true
# extraLabelNs: ["added.ns.io","added.kubernets.io","intel.com","devicetree.org"]
# denyLabelNs: ["denied.ns.io","denied.kubernetes.io"]
# resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
# enableTaints: false
# labelWhiteList: "foo"
# resyncPeriod: "2h"
# klog:
# addDirHeader: false
# alsologtostderr: false
# logBacktraceAt:
# logtostderr: true
# skipHeaders: false
# stderrthreshold: 2
# v: 0
# vmodule:
## NOTE: the following options are not dynamically run-time configurable
## and require a nfd-master restart to take effect after being changed
# logDir:
# logFile:
# logFileMaxSize: 1800
# skipLogHeaders: false
# leaderElection:
# leaseDuration: 15s
# # this value has to be lower than leaseDuration and greater than retryPeriod*1.2
# renewDeadline: 10s
# # this value has to be greater than 0
# retryPeriod: 2s
# nfdApiParallelism: 10
### <NFD-MASTER-CONF-END-DO-NOT-REMOVE>
port: 8080
metricsPort: 8081
instance:
featureApi:
resyncPeriod:
denyLabelNs: []
extraLabelNs: []
resourceLabels: []
enableTaints: false
crdController: null
featureRulesController: null
nfdApiParallelism: null
deploymentAnnotations: {}
replicaCount: 1
podSecurityContext: {}
# fsGroup: 2000
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
readOnlyRootFilesystem: true
runAsNonRoot: true
# runAsUser: 1000
serviceAccount:
create: true
name:
rbac:
create: true
service:
type: ClusterIP
port: 8080
resources:
requests:
cpu: 20m
memory: 60Mi
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Equal"
value: ""
effect: "NoSchedule"
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: "node-role.kubernetes.io/control-plane"
operator: In
values: [""]
worker:
enable: true
config: ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE>
#core:
# labelWhiteList:
# noPublish: false
# sleepInterval: 60s
# featureSources: [all]
# labelSources: [all]
# klog:
# addDirHeader: false
# alsologtostderr: false
# logBacktraceAt:
# logtostderr: true
# skipHeaders: false
# stderrthreshold: 2
# v: 0
# vmodule:
## NOTE: the following options are not dynamically run-time configurable
## and require a nfd-worker restart to take effect after being changed
# logDir:
# logFile:
# logFileMaxSize: 1800
# skipLogHeaders: false
sources:
cpu:
cpuid:
attributeWhitelist:
- "AVX512BW"
- "AVX512CD"
- "AVX512DQ"
- "AVX512F"
- "AVX512VL"
kernel:
configOpts:
- "NO_HZ"
- "X86"
- "DMI"
usb:
deviceClassWhitelist:
- "02"
- "03"
- "0e"
- "ef"
- "fe"
- "ff"
deviceLabelFields:
- "vendor"
- "device"
- "class"
pci:
deviceClassWhitelist:
- "0200"
- "01"
- "08"
- "0300"
- "0302"
deviceLabelFields:
- "vendor"
- "device"
- "class"
custom:
- # Intel integrated GPU
name: "intel-gpu"
labels:
intel.feature.node.kubernetes.io/gpu: 'true'
matchOn:
- pciId:
class: ["0300"]
vendor: ["8086"]
- # Google Coral USB Accelerator
name: google.coral
labels:
google.feature.node.kubernetes.io/coral: "true"
matchFeatures:
- feature: usb.device
matchExpressions:
vendor: { op: In, value: ["1a6e", "18d1"] }
- # Aeotec Z-Stick Gen5+
name: aeotec.zwave
labels:
aeotec.feature.node.kubernetes.io/zwave: "true"
matchFeatures:
- feature: usb.device
matchExpressions:
class: { op: In, value: ["02"] }
vendor: { op: In, value: ["0658"] }
device: { op: In, value: ["0200"] }
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
metricsPort: 8081
podSecurityContext: {}
# fsGroup: 2000
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
readOnlyRootFilesystem: true
runAsNonRoot: true
# runAsUser: 1000
serviceAccount:
create: true
name:
rbac:
create: true
mountUsrSrc: false
resources:
requests:
cpu: 20m
memory: 60Mi
topologyUpdater:
config: ### <NFD-TOPOLOGY-UPDATER-CONF-START-DO-NOT-REMOVE>
## key = node name, value = list of resources to be excluded.
## use * to exclude from all nodes.
## an example for how the exclude list should looks like
#excludeList:
# node1: [cpu]
# node2: [memory, example/deviceA]
# *: [hugepages-2Mi]
### <NFD-TOPOLOGY-UPDATER-CONF-END-DO-NOT-REMOVE>
enable: true
createCRDs: true
serviceAccount:
create: true
name:
rbac:
create: true
metricsPort: 8081
updateInterval: 60s
watchNamespace: "*"
kubeletStateDir: /var/lib/kubelet
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
readOnlyRootFilesystem: true
runAsUser: 0
resources:
requests:
cpu: 20m
memory: 60Mi
gc:
enable: true
replicaCount: 1
serviceAccount:
create: true
name:
rbac:
create: true
interval: 1h
resources:
requests:
cpu: 20m
memory: 60Mi
metricsPort: 8081
tls:
enable: false
certManager: false
prometheus:
enable: false

20
clusters/cl01tl/services/reloader/Chart.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: v2
name: reloader
version: 1.0.0
description: Reloader
keywords:
- reloader
- config-map
- kubernetes
home: https://wiki.alexlebens.dev/doc/reloader-4L6pr8JdPl
sources:
- https://github.com/stakater/Reloader
- https://github.com/stakater/Reloader/blob/master/deployments/kubernetes/chart/reloader/Chart.yaml
maintainers:
- name: alexlebens
dependencies:
- name: reloader
version: 1.2.1
repository: https://stakater.github.io/stakater-charts
icon: https://avatars.githubusercontent.com/u/15930712?s=48&v=4
appVersion: 1.2.0

5
clusters/cl01tl/services/reloader/values.yaml
View File

@@ -1,5 +0,0 @@
reloader:
reloader:
serviceMonitor:
enabled: true
namespace: reloader

21
clusters/cl01tl/services/spegel/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: spegel
version: 1.0.0
description: Spegel
keywords:
- spegel
- image
- cache
- kubernetes
home: https://wiki.alexlebens.dev/doc/spegel-sGOCkqO5Gu
sources:
- https://github.com/spegel-org/spegel
- https://github.com/spegel-org/spegel/tree/main/charts/spegel
maintainers:
- name: alexlebens
dependencies:
- name: spegel
version: v0.0.30
repository: oci://ghcr.io/spegel-org/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: v0.0.27

6
clusters/cl01tl/services/spegel/templates/namespace.yaml
View File

@@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: spegel
labels:
pod-security.kubernetes.io/enforce: privileged

41
clusters/cl01tl/services/spegel/values.yaml
View File

@@ -1,41 +0,0 @@
spegel:
service:
registry:
port: 5000
nodePort: 30021
hostPort: 30020
topologyAwareHintsEnabled: true
router:
port: 5001
metrics:
port: 9090
resources:
requests:
cpu: 10m
memory: 64Mi
nodeSelector:
kubernetes.io/os: linux
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists
serviceMonitor:
enabled: true
priorityClassName: system-node-critical
spegel:
logLevel: "INFO"
registries:
- https://cgr.dev
- https://docker.io
- https://ghcr.io
- https://quay.io
- https://mcr.microsoft.com
- https://public.ecr.aws
- https://gcr.io
- https://registry.k8s.io
- https://k8s.gcr.io
- https://lscr.io
containerdRegistryConfigPath: /etc/cri/conf.d/hosts

23
clusters/cl01tl/services/tailscale-operator/Chart.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v2
name: tailscale-operator
version: 1.0.0
description: Tailscale Operator
keywords:
- tailscale-operator
- tailscale
- wireguard
- vpn
- kubernetes
home: https://wiki.alexlebens.dev/doc/tailscale-operator-u9TCoCqP12
sources:
- https://github.com/tailscale/tailscale/tree/main/cmd/k8s-operator/deploy
- https://hub.docker.com/r/tailscale/k8s-operator
- https://github.com/tailscale/tailscale/tree/main/cmd/k8s-operator/deploy/chart
maintainers:
- name: alexlebens
dependencies:
- name: tailscale-operator
version: 1.80.0
repository: https://pkgs.tailscale.com/helmcharts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/tailscale.png
appVersion: v1.78.3

17
clusters/cl01tl/services/tailscale-operator/templates/connector.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: tailscale.com/v1alpha1
kind: Connector
metadata:
name: subnet-router-local
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: subnet-router-local
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: tailscale
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
hostname: subnet-router-local-cl01tl
proxyClass: default
subnetRouter:
advertiseRoutes:
- 192.168.1.0/24

16
clusters/cl01tl/services/tailscale-operator/templates/dns-config.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: tailscale.com/v1alpha1
kind: DNSConfig
metadata:
name: ts-dns
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ts-dns
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: tailscale
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
nameserver:
image:
repo: tailscale/k8s-nameserver
tag: unstable-v1.79.213

30
clusters/cl01tl/services/tailscale-operator/templates/external-secrets.yaml
View File

@@ -1,30 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: operator-oauth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: operator-oauth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: client_id
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tailscale/operator/oauth
metadataPolicy: None
property: clientId
- secretKey: client_secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/tailscale/operator/oauth
metadataPolicy: None
property: clientSecret

26
clusters/cl01tl/services/tailscale-operator/templates/proxy-class.yaml
View File

@@ -1,26 +0,0 @@
apiVersion: tailscale.com/v1alpha1
kind: ProxyClass
metadata:
name: default
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: default
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: proxy
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
metrics:
enable: true
serviceMonitor:
enable: true
statefulSet:
pod:
tailscaleContainer:
resources:
limits:
squat.ai/tun: "1"
tailscaleInitContainer:
resources:
limits:
squat.ai/tun: "1"

21
clusters/cl01tl/services/tailscale-operator/values.yaml
View File

@@ -1,21 +0,0 @@
tailscale-operator:
oauth: {}
installCRDs: true
operatorConfig:
defaultTags:
- "tag:k8s-operator"
logging: info
hostname: tailscale-operator-cl01tl
nodeSelector:
kubernetes.io/os: linux
operatorConfig:
securityContext:
capabilities:
add:
- NET_ADMIN
proxyConfig:
defaultTags: "tag:k8s"
firewallMode: auto
defaultProxyClass: "default"
apiServerProxyConfig:
mode: "false"

21
clusters/cl01tl/services/traefik/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: traefik
version: 1.0.0
description: Traefik
keywords:
- traefik
- reverse-proxy
- tls
- kubernetes
home: https://wiki.alexlebens.dev/doc/traefik-nMRQxYCVUF
sources:
- https://github.com/traefik/traefik
- https://github.com/traefik/traefik-helm-chart
maintainers:
- name: alexlebens
dependencies:
- name: traefik
version: 34.2.0
repository: https://traefik.github.io/charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/traefik.png
appVersion: v3.2.3

19
clusters/cl01tl/services/traefik/templates/certificate.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: traefik-certificate
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretName: traefik-secret-tls
dnsNames:
- "alexlebens.net"
- "*.alexlebens.net"
issuerRef:
name: letsencrypt-issuer
kind: ClusterIssuer

88
clusters/cl01tl/services/traefik/values.yaml
View File

@@ -1,88 +0,0 @@
traefik:
deployment:
kind: DaemonSet
ingressClass:
enabled: true
isDefaultClass: true
ingressRoute:
dashboard:
enabled: true
matchRule: (Host(`traefik-cl01tl.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`)))
entryPoints: ["websecure"]
providers:
kubernetesCRD:
allowCrossNamespace: true
allowEmptyServices: true
kubernetesIngress:
allowEmptyServices: true
publishedService:
enabled: true
metrics:
prometheus:
service:
enabled: true
disableAPICheck:
serviceMonitor:
enabled: true
prometheusRule:
enabled: false
globalArguments: []
ports:
web:
expose:
default: true
exposedPort: 80
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
forwardedHeaders:
trustedIPs:
- 10.0.0.0/8
- 172.16.0.0/16
- 192.168.0.0/16
- fc00::/7
insecure: false
proxyProtocol:
trustedIPs:
- 10.0.0.0/8
- 172.16.0.0/16
- 192.168.0.0/16
- fc00::/7
insecure: false
websecure:
port: 8443
expose:
default: true
exposedPort: 443
forwardedHeaders:
trustedIPs:
- 10.0.0.0/8
- 172.16.0.0/16
- 192.168.0.0/16
- fc00::/7
insecure: false
proxyProtocol:
trustedIPs:
- 10.0.0.0/8
- 172.16.0.0/16
- 192.168.0.0/16
- fc00::/7
insecure: false
tls:
enabled: true
metrics:
expose:
default: false
tlsStore:
default:
defaultCertificate:
secretName: traefik-secret-tls
service:
enabled: true
type: LoadBalancer
externalIPs:
- 192.168.1.17
- 192.168.1.16
- 192.168.1.15