alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 14 Actions Activity

migrate
All checks were successful
lint-test-helm / helm-lint (push) Successful in 8s
Details
render-manifests / render-manifests (push) Successful in 19s
Details
renovate / renovate (push) Successful in 1m17s
Details

Browse Source
This commit is contained in:
Alex Lebens
2025-12-02 17:36:53 -06:00
parent 076a9e6bc8
commit cc2f89f9fc
27 changed files with 236 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
clusters/cl01tl/helm/cilium/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: cilium
repository: https://helm.cilium.io/
version: 1.18.4
digest: sha256:e38eb92ee87c9a52b0f45a2451142ade02bac7d484b246d32379eacce3800bc8
generated: "2025-12-02T17:17:49.043599-06:00"

21
clusters/cl01tl/helm/cilium/Chart.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v2
name: cilium
version: 1.0.0
description: Cilium
keywords:
- cilium
- cni
- network
- kubernetes
home: https://wiki.alexlebens.dev/s/9e6f5b17-e186-4af0-81cd-af647b162d3d
sources:
- https://github.com/cilium/cilium
- https://github.com/cilium/charts
maintainers:
- name: alexlebens
dependencies:
- name: cilium
version: 1.18.4
repository: https://helm.cilium.io/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
appVersion: 1.17.3

19
clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml Normal file
View File

@@ -0,0 +1,19 @@
# apiVersion: cilium.io/v2alpha1
# kind: CiliumBGPAdvertisement
# metadata:
# name: cilium-bgp-advertisements
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-bgp-advertisements
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# advertisements:
# - advertisementType: "Service"
# service:
# addresses:
# - ExternalIP
# - LoadBalancerIP
# selector:
# matchExpressions:
# - {key: somekey, operator: NotIn, values: ['never-used-value']}

22
clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml Normal file
View File

@@ -0,0 +1,22 @@
# apiVersion: cilium.io/v2alpha1
# kind: CiliumBGPClusterConfig
# metadata:
# name: cilium-bgp
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-bgp
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# nodeSelector:
# matchLabels:
# node-role.kubernetes.io/bgp: "65020"
# bgpInstances:
# - name: "65020"
# localASN: 65020
# peers:
# - name: "udm-65000"
# peerASN: 65000
# peerAddress: 192.168.1.1
# peerConfigRef:
# name: "cilium-peer"

23
clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml Normal file
View File

@@ -0,0 +1,23 @@
# apiVersion: cilium.io/v2alpha1
# kind: CiliumBGPPeerConfig
# metadata:
# name: cilium-peer
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-peer
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# timers:
# holdTimeSeconds: 9
# keepAliveTimeSeconds: 3
# ebgpMultihop: 4
# gracefulRestart:
# enabled: true
# restartTimeSeconds: 15
# families:
# - afi: ipv4
# safi: unicast
# advertisements:
# matchLabels:
# app.kubernetes.io/name: cilium-bgp-advertisements

31
clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
name: default-ip-pool
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: default-ip-pool
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
blocks:
- start: "10.232.1.21"
stop: "10.232.1.23"
- start: "10.232.2.21"
stop: "10.232.2.23"
---
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
name: bgp-ip-pool
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: bgp-ip-pool
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
blocks:
- start: "10.232.2.100"
stop: "10.232.2.200"
disabled: true

35
clusters/cl01tl/helm/cilium/templates/gateway.yaml Normal file
View File

@@ -0,0 +1,35 @@
# apiVersion: gateway.networking.k8s.io/v1
# kind: Gateway
# metadata:
# name: tls-gateway
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: tls-gateway
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# annotations:
# cert-manager.io/cluster-issuer: letsencrypt-issuer
# spec:
# gatewayClassName: cilium
# listeners:
# - allowedRoutes:
# namespaces:
# from: All
# hostname: '*.alexlebens.net'
# name: http
# port: 80
# protocol: HTTP
# - allowedRoutes:
# namespaces:
# from: All
# hostname: '*.alexlebens.net'
# name: https
# port: 443
# protocol: HTTPS
# tls:
# certificateRefs:
# - group: ''
# kind: Secret
# name: https-gateway-cert
# namespace: kube-system
# mode: Terminate

28
clusters/cl01tl/helm/cilium/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-hubble
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-hubble
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- hubble.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: hubble-ui
port: 80
weight: 100

103
clusters/cl01tl/helm/cilium/values.yaml Normal file
View File

@@ -0,0 +1,103 @@
cilium:
k8sServiceHost: "localhost"
k8sServicePort: "7445"
k8sClientRateLimit:
qps: 50
burst: 100
rollOutCiliumPods: true
securityContext:
capabilities:
ciliumAgent:
- CHOWN
- KILL
- NET_ADMIN
- NET_RAW
- IPC_LOCK
- SYS_ADMIN
- SYS_RESOURCE
- DAC_OVERRIDE
- FOWNER
- SETGID
- SETUID
- PERFMON
- BPF
cleanCiliumState:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE
l2announcements:
enabled: false
bgpControlPlane:
enabled: false
secretsNamespace:
name: kube-system
statusReport:
enabled: true
routerIDAllocation:
mode: "default"
devices: end0 enp6s0
enableK8sEndpointSlice: true
ciliumEndpointSlice:
enabled: true
ingressController:
enabled: false
gatewayAPI:
enabled: true
enableAlpn: true
enableAppProtocol: true
externalIPs:
enabled: true
socketLB:
enabled: true
hostNamespaceOnly: true
hubble:
enabled: true
metrics:
serviceMonitor:
enabled: true
relay:
enabled: true
metrics:
serviceMonitor:
enabled: true
ui:
enabled: true
ingress:
enabled: false
ipam:
mode: "kubernetes"
ipv4:
enabled: true
ipv6:
enabled: false
kubeProxyReplacement: true
l7Proxy: true
prometheus:
enabled: true
serviceMonitor:
enabled: true
envoy:
enabled: true
securityContext:
capabilities:
keepCapNetBindService: true
envoy:
- NET_ADMIN
- NET_BIND_SERVICE
- PERFMON
- BPF
prometheus:
enabled: true
serviceMonitor:
enabled: true
operator:
enabled: true
rollOutPods: true
prometheus:
enabled: true
serviceMonitor:
enabled: true
cgroup:
autoMount:
enabled: false
hostRoot: /sys/fs/cgroup

6
clusters/cl01tl/helm/coredns/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: coredns
repository: https://coredns.github.io/helm
version: 1.45.0
digest: sha256:cfcb22a7d0bce4d6000800706597ae43faec74255f1deb5cc3279b2d0a81f6c6
generated: "2025-12-02T17:17:52.206039-06:00"

21
clusters/cl01tl/helm/coredns/Chart.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v2
name: coredns
version: 1.0.0
description: CoreDNS
keywords:
- coredns
- dns
- network
- kubernetes
home: https://wiki.alexlebens.dev/s/43947ec6-a034-449f-8c76-982ac493b072
sources:
- https://github.com/coredns/coredns
- https://github.com/coredns/helm
maintainers:
- name: alexlebens
dependencies:
- name: coredns
version: 1.45.0
repository: https://coredns.github.io/helm
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png
appVersion: v1.12.1

105
clusters/cl01tl/helm/coredns/values.yaml Normal file
View File

@@ -0,0 +1,105 @@
coredns:
image:
repository: registry.k8s.io/coredns/coredns
tag: v1.13.1
replicaCount: 3
resources:
requests:
cpu: 50m
memory: 128Mi
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
terminationGracePeriodSeconds: 30
serviceType: "ClusterIP"
prometheus:
service:
enabled: true
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9153"
monitor:
enabled: true
namespace: kube-system
service:
clusterIP: 10.96.0.10
clusterIPs:
- 10.96.0.10
name: kube-dns
serviceAccount:
create: true
name: coredns
rbac:
create: true
isClusterService: true
priorityClassName: system-cluster-critical
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
servers:
- zones:
- zone: .
scheme: dns://
use_tcp: true
port: 53
plugins:
- name: errors
- name: health
configBlock: |-
lameduck 5s
- name: ready
- name: kubernetes
parameters: cluster.local in-addr.arpa ip6.arpa
configBlock: |-
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
- name: prometheus
parameters: :9153
- name: forward
parameters: . /etc/resolv.conf
- name: cache
parameters: 30
- name: loop
- name: reload
- name: loadbalance
- zones:
- zone: alexlebens.net
scheme: dns://
use_tcp: true
port: 53
plugins:
- name: errors
- name: cache
parameters: 30
- name: forward
parameters: . 10.111.232.172
- zones:
- zone: ts.net
scheme: dns://
use_tcp: true
port: 53
plugins:
- name: errors
- name: cache
parameters: 30
- name: forward
parameters: . 10.97.20.219
nodeSelector:
kubernetes.io/os: linux
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node.cloudprovider.kubernetes.io/uninitialized
operator: Exists
effect: NoSchedule
deployment:
skipConfig: false
enabled: true
name: coredns

6
clusters/cl01tl/helm/kubelet-serving-cert-approver/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
digest: sha256:3a7aa84837ff6fe008d5eb3b39aeafa0abb7be470db2b6aac78e190365a75c0c
generated: "2025-12-02T17:18:28.155875-06:00"

22
clusters/cl01tl/helm/kubelet-serving-cert-approver/Chart.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: v2
name: kubelet-serving-cert-approver
version: 1.0.0
description: Kubelet Serving Cert Approver
keywords:
- kubelet-serving-cert-approver
- kubernetes
- certificate
home: https://wiki.alexlebens.dev/s/3aa80722-db85-41b4-ba1e-8d4c3d8643b5
sources:
- https://github.com/alex1989hu/kubelet-serving-cert-approver
- https://github.com/alex1989hu/kubelet-serving-cert-approver/pkgs/container/kubelet-serving-cert-approver
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: kubelet-serving-cert-approver
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 0.9.1

17
clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubelet-serving-cert-approver
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kubelet-serving-cert-approver
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "certificates-{{ .Release.Name }}"
subjects:
- kind: ServiceAccount
name: kubelet-serving-cert-approver
namespace: {{ .Release.Namespace }}

57
clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role.yaml Normal file
View File

@@ -0,0 +1,57 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "certificates-{{ .Release.Name }}"
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: "certificates-{{ .Release.Name }}"
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
rules:
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
verbs:
- get
- list
- watch
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests/approval
verbs:
- update
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- certificates.k8s.io
resourceNames:
- kubernetes.io/kubelet-serving
resources:
- signers
verbs:
- approve
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "events-{{ .Release.Name }}"
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: "events-{{ .Release.Name }}"
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

11
clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Namespace
metadata:
name: kubelet-serving-cert-approver
labels:
app.kubernetes.io/name: kubelet-serving-cert-approver
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: restricted
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/warn: restricted

17
clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/role-binding.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "events-{{ .Release.Name }}"
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: "events-{{ .Release.Name }}"
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "events-{{ .Release.Name }}"
subjects:
- kind: ServiceAccount
name: kubelet-serving-cert-approver
namespace: {{ .Release.Name }}

77
clusters/cl01tl/helm/kubelet-serving-cert-approver/values.yaml Normal file
View File

@@ -0,0 +1,77 @@
kubelet-serving-cert-approver:
defaultPodOptions:
priorityClassName: system-cluster-critical
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: DoesNotExist
- key: node-role.kubernetes.io/control-plane
operator: DoesNotExist
weight: 100
securityContext:
fsGroup: 65534
runAsGroup: 65534
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
serviceAccount:
name: kubelet-serving-cert-approver
pod:
automountServiceAccountToken: true
containers:
main:
image:
repository: ghcr.io/alex1989hu/kubelet-serving-cert-approver
tag: 0.10.0
pullPolicy: Always
args:
- serve
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
requests:
cpu: 100m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
serviceAccount:
kubelet-serving-cert-approver:
enabled: true
staticToken: true
service:
main:
controller: main
ports:
health:
port: 8080
targetPort: 8080
protocol: HTTP
metrics:
port: 9090
targetPort: 9090
protocol: HTTP

6
clusters/cl01tl/helm/metrics-server/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: metrics-server
repository: https://kubernetes-sigs.github.io/metrics-server/
version: 3.13.0
digest: sha256:ada810d4bcaa68d1dfd2c7d4c8f3e8cd25bbdff004261f09115d58a48fee59dd
generated: "2025-12-02T17:18:42.831894-06:00"

20
clusters/cl01tl/helm/metrics-server/Chart.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v2
name: metrics-server
version: 1.0.0
description: Metrics Server
keywords:
- metrics-server
- metrics
- kubernetes
home: https://wiki.alexlebens.dev/s/feb71856-e3d9-4655-9808-6c4bfb330872
sources:
- https://github.com/kubernetes-sigs/metrics-server
- https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server
maintainers:
- name: alexlebens
dependencies:
- name: metrics-server
version: 3.13.0
repository: https://kubernetes-sigs.github.io/metrics-server/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 0.7.2

12
clusters/cl01tl/helm/metrics-server/values.yaml Normal file
View File

@@ -0,0 +1,12 @@
metrics-server:
replicas: 3
metrics:
enabled: true
serviceMonitor:
enabled: true
defaultArgs:
- --cert-dir=/tmp
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
- --kubelet-insecure-tls

6
clusters/cl01tl/helm/prometheus-operator-crds/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: prometheus-operator-crds
repository: oci://ghcr.io/prometheus-community/charts
version: 25.0.0
digest: sha256:9d103810351095faa83536eb9de22b45a80ea2cf9ccfe9add3d2f5f294ab30c0
generated: "2025-12-02T17:19:01.082597-06:00"

21
clusters/cl01tl/helm/prometheus-operator-crds/Chart.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v2
name: prometheus-operator-crds
version: 1.0.0
description: Prometheus Operator CRDs
keywords:
- prometheus-operator-crds
- prometheus
- crds
- kubernetes
home: https://wiki.alexlebens.dev/s/db00183d-0b1e-4e40-bf7f-b7a40b5ca443
sources:
- https://github.com/prometheus-operator/prometheus-operator
- https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-operator-crds
maintainers:
- name: alexlebens
dependencies:
- name: prometheus-operator-crds
version: 25.0.0
repository: oci://ghcr.io/prometheus-community/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
appVersion: v0.82.0

10
clusters/cl01tl/helm/stack/templates/application-set.yaml
View File

@@ -20,6 +20,16 @@ spec:
- path: clusters/cl01tl/manifests/*
- path: clusters/cl01tl/manifests/stack
exclude: true
- path: clusters/cl01tl/manifests/cilium
exclude: true
- path: clusters/cl01tl/manifests/coredns
exclude: true
- path: clusters/cl01tl/manifests/metrics-server
exclude: true
- path: clusters/cl01tl/manifests/kubelet-serving-cert-approver
exclude: true
- path: clusters/cl01tl/manifests/prometheus-operator-crds
exclude: true
template:
metadata:
name: '{{ `{{path.basename}}` }}'

196
clusters/cl01tl/helm/stack/templates/application.yaml
View File

@@ -35,3 +35,199 @@ spec:
- ServerSideApply=true
- PruneLast=true
- RespectIgnoreDifferences=true
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cilium
namespace: argocd
labels:
app.kubernetes.io/name: cilium
app.kubernetes.io/instance: argocd
app.kubernetes.io/part-of: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: http://gitea-http.gitea:3000/alexlebens/infrastructure
targetRevision: manifests
path: clusters/cl01tl/manifests/cilium
destination:
name: in-cluster
namespace: kube-system
revisionHistoryLimit: 3
ignoreDifferences:
- group: monitoring.coreos.com
kind: ServiceMonitor
jqPathExpressions:
- .spec.endpoints[]?.relabelings[]?.action
syncPolicy:
automated:
prune: true
selfHeal: false
retry:
limit: 3
backoff:
duration: 1m
factor: 2
maxDuration: 15m
syncOptions:
- CreateNamespace=false
- ApplyOutOfSyncOnly=true
- ServerSideApply=true
- PruneLast=true
- RespectIgnoreDifferences=true
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: coredns
namespace: argocd
labels:
app.kubernetes.io/name: coredns
app.kubernetes.io/instance: argocd
app.kubernetes.io/part-of: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: http://gitea-http.gitea:3000/alexlebens/infrastructure
targetRevision: manifests
path: clusters/cl01tl/manifests/coredns
destination:
name: in-cluster
namespace: kube-system
revisionHistoryLimit: 3
syncPolicy:
automated:
prune: true
selfHeal: true
retry:
limit: 3
backoff:
duration: 1m
factor: 2
maxDuration: 15m
syncOptions:
- CreateNamespace=false
- ApplyOutOfSyncOnly=true
- ServerSideApply=true
- PruneLast=true
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: metrics-server
namespace: argocd
labels:
app.kubernetes.io/name: metrics-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/part-of: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: http://gitea-http.gitea:3000/alexlebens/infrastructure
targetRevision: manifests
path: clusters/cl01tl/manifests/metrics-server
destination:
name: in-cluster
namespace: kube-system
revisionHistoryLimit: 3
syncPolicy:
automated:
prune: true
selfHeal: true
retry:
limit: 3
backoff:
duration: 1m
factor: 2
maxDuration: 15m
syncOptions:
- CreateNamespace=false
- ApplyOutOfSyncOnly=true
- ServerSideApply=true
- PruneLast=true
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kubelet-serving-cert-approver
namespace: argocd
labels:
app.kubernetes.io/name: kubelet-serving-cert-approver
app.kubernetes.io/instance: argocd
app.kubernetes.io/part-of: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: http://gitea-http.gitea:3000/alexlebens/infrastructure
targetRevision: manifests
path: clusters/cl01tl/manifests/kubelet-serving-cert-approver
destination:
name: in-cluster
namespace: kubelet-serving-cert-approver
revisionHistoryLimit: 3
syncPolicy:
automated:
prune: true
selfHeal: false
retry:
limit: 3
backoff:
duration: 1m
factor: 2
maxDuration: 15m
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
- ServerSideApply=true
- PruneLast=true
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: prometheus-operator-crds
namespace: argocd
labels:
app.kubernetes.io/name: prometheus-operator-crds
app.kubernetes.io/instance: argocd
app.kubernetes.io/part-of: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: http://gitea-http.gitea:3000/alexlebens/infrastructure
targetRevision: manifests
path: clusters/cl01tl/manifests/prometheus-operator-crds
destination:
name: in-cluster
namespace: kube-system
revisionHistoryLimit: 3
syncPolicy:
automated:
prune: true
selfHeal: false
retry:
limit: 3
backoff:
duration: 1m
factor: 2
maxDuration: 15m
syncOptions:
- CreateNamespace=false
- ApplyOutOfSyncOnly=true
- ServerSideApply=true
- PruneLast=true