alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Activity

add base services

Browse Source
This commit is contained in:
Alex Lebens
2025-03-02 21:53:47 -06:00
parent fbed193184
commit b9148056f1
21 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
clusters/cl01tl/services/blocky/Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v2
name: blocky
version: 1.0.0
description: Blocky
keywords:
- blocky
- dns
home: https://wiki.alexlebens.dev/doc/blocky-ZDHt1ucetP
sources:
- https://github.com/0xERR0R/blocky
- https://hub.docker.com/r/spx01/blocky
- https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template/values.yaml
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: blocky
repository: https://bjw-s.github.io/helm-charts/
version: 3.7.1
- name: valkey
version: 2.4.0
repository: https://charts.bitnami.com/bitnami
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/blocky.png
appVersion: v0.24

21
clusters/cl01tl/services/blocky/templates/service-monitor.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: blocky
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: blocky
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: blocky
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 10s
path: /metrics

256
clusters/cl01tl/services/blocky/values.yaml Normal file
View File

@@ -0,0 +1,256 @@
blocky:
controllers:
main:
type: deployment
replicas: 3
strategy: RollingUpdate
revisionHistoryLimit: 3
containers:
main:
image:
repository: spx01/blocky
tag: v0.25@sha256:347f8c6addc1775ef74b83dfc609c28436a67f812ef0ee7e2602569dc0e56cd1
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
resources:
requests:
cpu: 10m
memory: 128Mi
serviceAccount:
create: true
configMaps:
config:
enabled: true
data:
config.yml: |
upstreams:
init:
strategy: fast
groups:
default:
- tcp-tls:1.1.1.1:853
- tcp-tls:1.0.0.1:853
strategy: parallel_best
timeout: 2s
connectIPVersion: v4
customDNS:
filterUnmappedTypes: false
zone: |
$ORIGIN alexlebens.net.
$TTL 86400
;; Name Server
IN NS patryk.ns.cloudflare.com.
IN NS veda.ns.cloudflare.com.
IN NS dns1.
IN NS dns2.
IN NS dns3.
dns1 IN A 10.232.1.22
dns2 IN A 10.232.1.51
dns3 IN A 10.232.1.52
;; Computer Names
nw01un IN A 192.168.1.1 ; Unifi Gateway
ps08rp IN A 10.232.1.51 ; DNS
ps09rp IN A 10.232.1.52 ; DNS
ps02sn IN A 10.232.1.61 ; Synology Web
ps02sn-bond IN A 10.232.1.64 ; Synology Bond for Storage
pd05wd IN A 10.230.0.115 ; Desktop
pl02mc IN A 10.230.0.105 ; Laptop
dv01hr IN A 10.232.1.72 ; HD Homerun
dv02kv IN A 10.232.1.71 ; Pi KVM
it01ag IN A 10.232.1.83 ; Airgradient
it02ph IN A 10.232.1.85 ; Phillips Hue
it03tb IN A 10.232.1.81 ; TubesZB ZigBee
it04tb IN A 10.232.1.82 ; TubesZB Z-Wave
;; Common Names
synology IN CNAME ps02sn
synologybond IN CNAME ps02sn-bond
unifi IN CNAME nw01un
airgradient IN CNAME it01ag
hdhr IN CNAME dv01hr
pikvm IN CNAME dv02kv
;; Service Names
cl01tl IN A 10.232.1.11
cl01tl IN A 10.232.1.12
cl01tl IN A 10.232.1.13
cl01tl-api IN A 10.232.1.11
cl01tl-api IN A 10.232.1.12
cl01tl-api IN A 10.232.1.13
cl01tl-endpoint IN A 10.232.1.21
cl01tl-endpoint IN A 10.232.1.22
cl01tl-endpoint IN A 10.232.1.23
traefik-cl01tl IN A 10.232.1.21
blocky IN A 10.232.1.22
https-gateway IN A 10.232.1.23
;; Application Names
argocd IN CNAME traefik-cl01tl
authentik IN CNAME traefik-cl01tl
gitea IN CNAME traefik-cl01tl
harbor IN CNAME traefik-cl01tl
headlamp IN CNAME https-gateway
jellyfin IN CNAME traefik-cl01tl
vault IN CNAME traefik-cl01tl
blocking:
denylists:
sus:
- https://v.firebog.net/hosts/static/w3kbl.txt
ads:
- https://v.firebog.net/hosts/AdguardDNS.txt
- https://v.firebog.net/hosts/Admiral.txt
- https://v.firebog.net/hosts/Easylist.txt
- https://adaway.org/hosts.txt
priv:
- https://v.firebog.net/hosts/Easyprivacy.txt
- https://v.firebog.net/hosts/Prigent-Ads.txt
mal:
- https://v.firebog.net/hosts/Prigent-Crypto.txt
- https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
pro:
- https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.plus.txt
allowlists:
sus:
- |
*.alexlebens.net
*.alexlebens.dev
*.boreal-beaufort.ts.net
ads:
- |
*.alexlebens.net
*.alexlebens.dev
*.boreal-beaufort.ts.net
priv:
- |
*.alexlebens.net
*.alexlebens.dev
*.boreal-beaufort.ts.net
mal:
- |
*.alexlebens.net
*.alexlebens.dev
*.boreal-beaufort.ts.net
pro:
- |
*.alexlebens.net
*.alexlebens.dev
*.boreal-beaufort.ts.net
clientGroupsBlock:
default:
- sus
- ads
- priv
- mal
- pro
blockType: zeroIp
blockTTL: 1m
loading:
refreshPeriod: 24h
downloads:
timeout: 60s
attempts: 5
cooldown: 10s
concurrency: 16
strategy: fast
maxErrorsPerSource: 5
caching:
minTime: 5m
maxTime: 30m
maxItemsCount: 0
prefetching: true
prefetchExpires: 2h
prefetchThreshold: 5
prefetchMaxItemsCount: 0
cacheTimeNegative: 30m
redis:
address: blocky-valkey-headless.blocky:6379
required: true
prometheus:
enable: true
path: /metrics
queryLog:
type: console
logRetentionDays: 7
creationAttempts: 1
creationCooldown: 2s
flushInterval: 30s
minTlsServeVersion: 1.3
ports:
dns: 53
http: 4000
log:
level: info
format: text
timestamp: true
privacy: false
service:
dns-external:
controller: main
type: LoadBalancer
annotations:
tailscale.com/expose: "true"
ports:
tcp:
port: 53
targetPort: 53
protocol: TCP
udp:
port: 53
targetPort: 53
protocol: UDP
metrics:
controller: main
ports:
metrics:
port: 4000
targetPort: 4000
protocol: TCP
persistence:
config:
enabled: true
type: configMap
name: blocky-config
advancedMounts:
main:
main:
- path: /app/config.yml
readOnly: true
mountPropagation: None
subPath: config.yml
valkey:
architecture: standalone
auth:
enabled: false
usePasswordFiles: false
primary:
persistence:
enabled: false
replica:
persistence:
enabled: false

20
clusters/cl01tl/services/descheduler/Chart.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v2
name: descheduler
version: 1.0.0
description: descheduler
keywords:
- descheduler
- kube-scheduler
- kubernetes
home: https://wiki.alexlebens.dev/doc/descheduler-satPWfv7Km
sources:
- https://github.com/kubernetes-sigs/descheduler
- https://github.com/kubernetes-sigs/descheduler/tree/master/charts/descheduler
maintainers:
- name: alexlebens
dependencies:
- name: descheduler
version: 0.32.2
repository: https://kubernetes-sigs.github.io/descheduler/
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: 0.31.0

70
clusters/cl01tl/services/descheduler/values.yaml Normal file
View File

@@ -0,0 +1,70 @@
descheduler:
kind: Deployment
resources:
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
deschedulingInterval: 5m
replicas: 1
leaderElection:
enabled: false
command:
- "/bin/descheduler"
cmdOptions:
v: 3
deschedulerPolicyAPIVersion: "descheduler/v1alpha2"
deschedulerPolicy:
profiles:
- name: default
pluginConfig:
- name: DefaultEvictor
args:
ignorePvcPods: true
evictLocalStoragePods: false
evictDaemonSetPods: false
- name: RemoveDuplicates
- name: RemovePodsViolatingNodeAffinity
args:
nodeAffinityType:
- requiredDuringSchedulingIgnoredDuringExecution
- name: RemovePodsViolatingNodeTaints
- name: RemovePodsViolatingInterPodAntiAffinity
- name: RemovePodsViolatingTopologySpreadConstraint
- name: LowNodeUtilization
args:
thresholds:
cpu: 20
memory: 20
pods: 20
targetThresholds:
cpu: 60
memory: 60
pods: 60
plugins:
balance:
enabled:
- RemoveDuplicates
- RemovePodsViolatingTopologySpreadConstraint
- LowNodeUtilization
deschedule:
enabled:
- RemovePodsViolatingNodeTaints
- RemovePodsViolatingNodeAffinity
- RemovePodsViolatingInterPodAntiAffinity
rbac:
create: true
serviceAccount:
create: true
service:
enabled: true
serviceMonitor:
enabled: true

20
clusters/cl01tl/services/eraser/Chart.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v2
name: eraser
version: 1.0.0
description: Eraser
keywords:
- eraser
- images
- kubernetes
home: https://wiki.alexlebens.dev/doc/eraser-XPOB4BLlm7
sources:
- https://github.com/eraser-dev/eraser
- https://github.com/eraser-dev/eraser/tree/main/charts/eraser
maintainers:
- name: alexlebens
dependencies:
- name: eraser
version: v1.3.1
repository: https://eraser-dev.github.io/eraser/charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: v1.3.1

70
clusters/cl01tl/services/eraser/values.yaml Normal file
View File

@@ -0,0 +1,70 @@
eraser:
runtimeConfig:
apiVersion: eraser.sh/v1alpha3
kind: EraserConfig
manager:
runtime:
name: containerd
address: unix:///run/containerd/containerd.sock
logLevel: info
scheduling:
repeatInterval: 24h
beginImmediately: true
profile:
enabled: false
port: 6060
imageJob:
successRatio: 1.0
cleanup:
delayOnSuccess: 0s
delayOnFailure: 24h
nodeFilter:
type: exclude
selectors:
- eraser.sh/cleanup.filter
- kubernetes.io/os=windows
components:
collector:
enabled: true
request:
cpu: 10m
memory: 128Mi
scanner:
enabled: false
request:
cpu: 100m
memory: 128Mi
config: "" # |
# cacheDir: /var/lib/trivy
# dbRepo: ghcr.io/aquasecurity/trivy-db
# deleteFailedImages: true
# deleteEOLImages: true
# vulnerabilities:
# ignoreUnfixed: true
# types:
# - os
# - library
# securityChecks:
# - vuln
# severities:
# - CRITICAL
# - HIGH
# - MEDIUM
# - LOW
# ignoredStatuses:
# timeout:
# total: 23h
# perImage: 1h
remover:
request:
cpu: 10m
memory: 128Mi
deploy:
securityContext:
allowPrivilegeEscalation: false
resources:
requests:
cpu: 10m
memory: 30Mi
nodeSelector:
kubernetes.io/os: linux

20
clusters/cl01tl/services/generic-device-plugin/Chart.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v2
name: generic-device-plugin
version: 1.0.0
description: Generic Device Plugin
keywords:
- generic-device-plugin
- device
- plugin
home: https://wiki.alexlebens.dev/doc/generic-device-plugin-PdquJy1lGu
sources:
- https://github.com/squat/generic-device-plugin
- https://github.com/alexlebens/helm-charts/tree/main/charts/generic-device-plugin
maintainers:
- name: alexlebens
dependencies:
- name: generic-device-plugin
repository: http://alexlebens.github.io/helm-charts
version: 0.1.7
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: 0.1.2

8
clusters/cl01tl/services/generic-device-plugin/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Namespace
metadata:
name: generic-device-plugin
labels:
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

13
clusters/cl01tl/services/generic-device-plugin/values.yaml Normal file
View File

@@ -0,0 +1,13 @@
generic-device-plugin:
image:
repository: ghcr.io/squat/generic-device-plugin
tag: latest@sha256:ba6f0b4cf6c858d6ad29ba4d32e4da11638abbc7d96436bf04f582a97b2b8821
config:
enabled: true
data: |
devices:
- name: tun
groups:
- count: 1000
paths:
- path: /dev/net/tun

25
clusters/cl01tl/services/intel-device-plugin/Chart.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: v2
name: intel-device-plugin
version: 1.0.0
description: Intel Device Plugin
keywords:
- intel-device-plugin
- operator
- gpu
- kubernetes
home: https://wiki.alexlebens.dev/doc/intel-device-plugin-WGuYx3UYE3
sources:
- https://github.com/intel/intel-device-plugins-for-kubernetes
- https://github.com/intel/helm-charts/tree/main/charts/device-plugin-operator
- https://github.com/intel/helm-charts/tree/main/charts/gpu-device-plugin
maintainers:
- name: alexlebens
dependencies:
- name: intel-device-plugins-operator
version: 0.32.0
repository: https://intel.github.io/helm-charts/
- name: intel-device-plugins-gpu
version: 0.32.0
repository: https://intel.github.io/helm-charts/
icon: https://avatars.githubusercontent.com/u/17888862?s=48&v=4
appVersion: 0.31.1

8
clusters/cl01tl/services/intel-device-plugin/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Namespace
metadata:
name: intel-device-plugin
labels:
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

11
clusters/cl01tl/services/intel-device-plugin/values.yaml Normal file
View File

@@ -0,0 +1,11 @@
intel-device-plugins-gpu:
name: gpudeviceplugin
resourceManager: false
sharedDevNum: 5
logLevel: 2
enableMonitoring: true
allocationPolicy: "none"
nodeSelector:
intel.feature.node.kubernetes.io/gpu: 'true'
nodeFeatureRule: false
tolerations: []

19
clusters/cl01tl/services/node-feature-discovery/Chart.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v2
name: node-feature-discovery
version: 1.0.0
description: Node Feature Discovery
keywords:
- node-feature-discovery
- labels
- kubernetes
home: https://wiki.alexlebens.dev/doc/node-feature-discovery-ie3OiqJrjc
sources:
- https://github.com/kubernetes-sigs/node-feature-discovery
maintainers:
- name: alexlebens
dependencies:
- name: node-feature-discovery
version: 0.17.2
repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: 0.16.6

8
clusters/cl01tl/services/node-feature-discovery/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Namespace
metadata:
name: node-feature-discovery
labels:
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

244
clusters/cl01tl/services/node-feature-discovery/values.yaml Normal file
View File

@@ -0,0 +1,244 @@
node-feature-discovery:
enableNodeFeatureApi: true
master:
enable: true
config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE>
# noPublish: false
# autoDefaultNs: true
# extraLabelNs: ["added.ns.io","added.kubernets.io","intel.com","devicetree.org"]
# denyLabelNs: ["denied.ns.io","denied.kubernetes.io"]
# resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
# enableTaints: false
# labelWhiteList: "foo"
# resyncPeriod: "2h"
# klog:
# addDirHeader: false
# alsologtostderr: false
# logBacktraceAt:
# logtostderr: true
# skipHeaders: false
# stderrthreshold: 2
# v: 0
# vmodule:
## NOTE: the following options are not dynamically run-time configurable
## and require a nfd-master restart to take effect after being changed
# logDir:
# logFile:
# logFileMaxSize: 1800
# skipLogHeaders: false
# leaderElection:
# leaseDuration: 15s
# # this value has to be lower than leaseDuration and greater than retryPeriod*1.2
# renewDeadline: 10s
# # this value has to be greater than 0
# retryPeriod: 2s
# nfdApiParallelism: 10
### <NFD-MASTER-CONF-END-DO-NOT-REMOVE>
port: 8080
metricsPort: 8081
instance:
featureApi:
resyncPeriod:
denyLabelNs: []
extraLabelNs: []
resourceLabels: []
enableTaints: false
crdController: null
featureRulesController: null
nfdApiParallelism: null
deploymentAnnotations: {}
replicaCount: 1
podSecurityContext: {}
# fsGroup: 2000
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
readOnlyRootFilesystem: true
runAsNonRoot: true
# runAsUser: 1000
serviceAccount:
create: true
name:
rbac:
create: true
service:
type: ClusterIP
port: 8080
resources:
requests:
cpu: 20m
memory: 60Mi
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Equal"
value: ""
effect: "NoSchedule"
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: "node-role.kubernetes.io/control-plane"
operator: In
values: [""]
worker:
enable: true
config: ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE>
#core:
# labelWhiteList:
# noPublish: false
# sleepInterval: 60s
# featureSources: [all]
# labelSources: [all]
# klog:
# addDirHeader: false
# alsologtostderr: false
# logBacktraceAt:
# logtostderr: true
# skipHeaders: false
# stderrthreshold: 2
# v: 0
# vmodule:
## NOTE: the following options are not dynamically run-time configurable
## and require a nfd-worker restart to take effect after being changed
# logDir:
# logFile:
# logFileMaxSize: 1800
# skipLogHeaders: false
sources:
cpu:
cpuid:
attributeWhitelist:
- "AVX512BW"
- "AVX512CD"
- "AVX512DQ"
- "AVX512F"
- "AVX512VL"
kernel:
configOpts:
- "NO_HZ"
- "X86"
- "DMI"
usb:
deviceClassWhitelist:
- "02"
- "03"
- "0e"
- "ef"
- "fe"
- "ff"
deviceLabelFields:
- "vendor"
- "device"
- "class"
pci:
deviceClassWhitelist:
- "0200"
- "01"
- "08"
- "0300"
- "0302"
deviceLabelFields:
- "vendor"
- "device"
- "class"
custom:
- # Intel integrated GPU
name: "intel-gpu"
labels:
intel.feature.node.kubernetes.io/gpu: 'true'
matchOn:
- pciId:
class: ["0300"]
vendor: ["8086"]
- # Google Coral USB Accelerator
name: google.coral
labels:
google.feature.node.kubernetes.io/coral: "true"
matchFeatures:
- feature: usb.device
matchExpressions:
vendor: { op: In, value: ["1a6e", "18d1"] }
- # Aeotec Z-Stick Gen5+
name: aeotec.zwave
labels:
aeotec.feature.node.kubernetes.io/zwave: "true"
matchFeatures:
- feature: usb.device
matchExpressions:
class: { op: In, value: ["02"] }
vendor: { op: In, value: ["0658"] }
device: { op: In, value: ["0200"] }
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
metricsPort: 8081
podSecurityContext: {}
# fsGroup: 2000
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
readOnlyRootFilesystem: true
runAsNonRoot: true
# runAsUser: 1000
serviceAccount:
create: true
name:
rbac:
create: true
mountUsrSrc: false
resources:
requests:
cpu: 20m
memory: 60Mi
topologyUpdater:
config: ### <NFD-TOPOLOGY-UPDATER-CONF-START-DO-NOT-REMOVE>
## key = node name, value = list of resources to be excluded.
## use * to exclude from all nodes.
## an example for how the exclude list should looks like
#excludeList:
# node1: [cpu]
# node2: [memory, example/deviceA]
# *: [hugepages-2Mi]
### <NFD-TOPOLOGY-UPDATER-CONF-END-DO-NOT-REMOVE>
enable: true
createCRDs: true
serviceAccount:
create: true
name:
rbac:
create: true
metricsPort: 8081
updateInterval: 60s
watchNamespace: "*"
kubeletStateDir: /var/lib/kubelet
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
readOnlyRootFilesystem: true
runAsUser: 0
resources:
requests:
cpu: 20m
memory: 60Mi
gc:
enable: true
replicaCount: 1
serviceAccount:
create: true
name:
rbac:
create: true
interval: 1h
resources:
requests:
cpu: 20m
memory: 60Mi
metricsPort: 8081
tls:
enable: false
certManager: false
prometheus:
enable: false

20
clusters/cl01tl/services/reloader/Chart.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v2
name: reloader
version: 1.0.0
description: Reloader
keywords:
- reloader
- config-map
- kubernetes
home: https://wiki.alexlebens.dev/doc/reloader-4L6pr8JdPl
sources:
- https://github.com/stakater/Reloader
- https://github.com/stakater/Reloader/blob/master/deployments/kubernetes/chart/reloader/Chart.yaml
maintainers:
- name: alexlebens
dependencies:
- name: reloader
version: 1.3.0
repository: https://stakater.github.io/stakater-charts
icon: https://avatars.githubusercontent.com/u/15930712?s=48&v=4
appVersion: 1.2.0

5
clusters/cl01tl/services/reloader/values.yaml Normal file
View File

@@ -0,0 +1,5 @@
reloader:
reloader:
serviceMonitor:
enabled: true
namespace: reloader

21
clusters/cl01tl/services/spegel/Chart.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v2
name: spegel
version: 1.0.0
description: Spegel
keywords:
- spegel
- image
- cache
- kubernetes
home: https://wiki.alexlebens.dev/doc/spegel-sGOCkqO5Gu
sources:
- https://github.com/spegel-org/spegel
- https://github.com/spegel-org/spegel/tree/main/charts/spegel
maintainers:
- name: alexlebens
dependencies:
- name: spegel
version: v0.0.30
repository: oci://ghcr.io/spegel-org/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: v0.0.27

8
clusters/cl01tl/services/spegel/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Namespace
metadata:
name: spegel
labels:
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

41
clusters/cl01tl/services/spegel/values.yaml Normal file
View File

@@ -0,0 +1,41 @@
spegel:
service:
registry:
port: 5000
nodePort: 30021
hostPort: 30020
topologyAwareHintsEnabled: true
router:
port: 5001
metrics:
port: 9090
resources:
requests:
cpu: 10m
memory: 64Mi
nodeSelector:
kubernetes.io/os: linux
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists
serviceMonitor:
enabled: true
priorityClassName: system-node-critical
spegel:
logLevel: "INFO"
registries:
- https://cgr.dev
- https://docker.io
- https://ghcr.io
- https://quay.io
- https://mcr.microsoft.com
- https://public.ecr.aws
- https://gcr.io
- https://registry.k8s.io
- https://k8s.gcr.io
- https://lscr.io
containerdRegistryConfigPath: /etc/cri/conf.d/hosts