diff --git a/clusters/standby/platform/vault/Chart.yaml b/clusters/standby/platform/vault/Chart.yaml index cbb4a0a12..be64a1486 100644 --- a/clusters/standby/platform/vault/Chart.yaml +++ b/clusters/standby/platform/vault/Chart.yaml @@ -16,13 +16,13 @@ dependencies: - name: vault version: 0.29.1 repository: https://helm.releases.hashicorp.com - - name: app-template - alias: snapshot - repository: https://bjw-s.github.io/helm-charts/ - version: 3.6.1 - - name: app-template - alias: unseal - repository: https://bjw-s.github.io/helm-charts/ - version: 3.6.1 + # - name: app-template + # alias: snapshot + # repository: https://bjw-s.github.io/helm-charts/ + # version: 3.6.1 + # - name: app-template + # alias: unseal + # repository: https://bjw-s.github.io/helm-charts/ + # version: 3.6.1 icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/vault.png appVersion: 1.18.2 diff --git a/clusters/standby/platform/vault/templates/external-secret.yaml b/clusters/standby/platform/vault/templates/external-secret.yaml index 20a186a53..f6b4799cd 100644 --- a/clusters/standby/platform/vault/templates/external-secret.yaml +++ b/clusters/standby/platform/vault/templates/external-secret.yaml @@ -1,379 +1,379 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: vault-snapshot-agent-token - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault-snapshot-agent-token - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: snapshot - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: VAULT_APPROLE_ROLE_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/snapshot/approle - metadataPolicy: None - property: role-id - - secretKey: VAULT_APPROLE_SECRET_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/snapshot/approle - metadataPolicy: None - property: secret-id +# apiVersion: external-secrets.io/v1beta1 +# kind: ExternalSecret +# metadata: +# name: vault-snapshot-agent-token +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: vault-snapshot-agent-token +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: snapshot +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: vault +# data: +# - secretKey: VAULT_APPROLE_ROLE_ID +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/snapshot/approle +# metadataPolicy: None +# property: role-id +# - secretKey: VAULT_APPROLE_SECRET_ID +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/snapshot/approle +# metadataPolicy: None +# property: secret-id ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: vault-snapshot-s3 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault-snapshot-s3 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: snapshot - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/vault-backup - metadataPolicy: None - property: AWS_ACCESS_KEY_ID - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/vault-backup - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ENDPOINT_URL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/vault-backup - metadataPolicy: None - property: AWS_ENDPOINT_URL - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /digital-ocean/home-infra/vault-backup - metadataPolicy: None - property: AWS_SECRET_ACCESS_KEY +# --- +# apiVersion: external-secrets.io/v1beta1 +# kind: ExternalSecret +# metadata: +# name: vault-snapshot-s3 +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: vault-snapshot-s3 +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: snapshot +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: vault +# data: +# - secretKey: AWS_ACCESS_KEY_ID +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/vault-backup +# metadataPolicy: None +# property: AWS_ACCESS_KEY_ID +# - secretKey: AWS_DEFAULT_REGION +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/vault-backup +# metadataPolicy: None +# property: AWS_DEFAULT_REGION +# - secretKey: AWS_ENDPOINT_URL +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/vault-backup +# metadataPolicy: None +# property: AWS_ENDPOINT_URL +# - secretKey: AWS_SECRET_ACCESS_KEY +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /digital-ocean/home-infra/vault-backup +# metadataPolicy: None +# property: AWS_SECRET_ACCESS_KEY ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: vault-unseal-config-1 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault-unseal-key-1 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: unseal - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ENVIRONMENT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: ENVIRONMENT - - secretKey: CHECK_INTERVAL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: CHECK_INTERVAL - - secretKey: MAX_CHECK_INTERVAL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: MAX_CHECK_INTERVAL - - secretKey: NODES - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: NODES - - secretKey: TLS_SKIP_VERIFY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: TLS_SKIP_VERIFY - - secretKey: TOKENS - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: TOKENS - - secretKey: EMAIL_ENABLED - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: EMAIL_ENABLED - - secretKey: NOTIFY_MAX_ELAPSED - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: NOTIFY_MAX_ELAPSED - - secretKey: NOTIFY_QUEUE_DELAY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None - property: NOTIFY_QUEUE_DELAY +# --- +# apiVersion: external-secrets.io/v1beta1 +# kind: ExternalSecret +# metadata: +# name: vault-unseal-config-1 +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: vault-unseal-key-1 +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: unseal +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: vault +# data: +# - secretKey: ENVIRONMENT +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-1 +# metadataPolicy: None +# property: ENVIRONMENT +# - secretKey: CHECK_INTERVAL +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-1 +# metadataPolicy: None +# property: CHECK_INTERVAL +# - secretKey: MAX_CHECK_INTERVAL +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-1 +# metadataPolicy: None +# property: MAX_CHECK_INTERVAL +# - secretKey: NODES +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-1 +# metadataPolicy: None +# property: NODES +# - secretKey: TLS_SKIP_VERIFY +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-1 +# metadataPolicy: None +# property: TLS_SKIP_VERIFY +# - secretKey: TOKENS +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-1 +# metadataPolicy: None +# property: TOKENS +# - secretKey: EMAIL_ENABLED +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-1 +# metadataPolicy: None +# property: EMAIL_ENABLED +# - secretKey: NOTIFY_MAX_ELAPSED +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-1 +# metadataPolicy: None +# property: NOTIFY_MAX_ELAPSED +# - secretKey: NOTIFY_QUEUE_DELAY +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-1 +# metadataPolicy: None +# property: NOTIFY_QUEUE_DELAY ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: vault-unseal-config-2 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault-unseal-key-2 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: unseal - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ENVIRONMENT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: ENVIRONMENT - - secretKey: CHECK_INTERVAL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: CHECK_INTERVAL - - secretKey: MAX_CHECK_INTERVAL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: MAX_CHECK_INTERVAL - - secretKey: NODES - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: NODES - - secretKey: TLS_SKIP_VERIFY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: TLS_SKIP_VERIFY - - secretKey: TOKENS - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: TOKENS - - secretKey: EMAIL_ENABLED - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: EMAIL_ENABLED - - secretKey: NOTIFY_MAX_ELAPSED - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: NOTIFY_MAX_ELAPSED - - secretKey: NOTIFY_QUEUE_DELAY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None - property: NOTIFY_QUEUE_DELAY +# --- +# apiVersion: external-secrets.io/v1beta1 +# kind: ExternalSecret +# metadata: +# name: vault-unseal-config-2 +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: vault-unseal-key-2 +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: unseal +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: vault +# data: +# - secretKey: ENVIRONMENT +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-2 +# metadataPolicy: None +# property: ENVIRONMENT +# - secretKey: CHECK_INTERVAL +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-2 +# metadataPolicy: None +# property: CHECK_INTERVAL +# - secretKey: MAX_CHECK_INTERVAL +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-2 +# metadataPolicy: None +# property: MAX_CHECK_INTERVAL +# - secretKey: NODES +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-2 +# metadataPolicy: None +# property: NODES +# - secretKey: TLS_SKIP_VERIFY +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-2 +# metadataPolicy: None +# property: TLS_SKIP_VERIFY +# - secretKey: TOKENS +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-2 +# metadataPolicy: None +# property: TOKENS +# - secretKey: EMAIL_ENABLED +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-2 +# metadataPolicy: None +# property: EMAIL_ENABLED +# - secretKey: NOTIFY_MAX_ELAPSED +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-2 +# metadataPolicy: None +# property: NOTIFY_MAX_ELAPSED +# - secretKey: NOTIFY_QUEUE_DELAY +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-2 +# metadataPolicy: None +# property: NOTIFY_QUEUE_DELAY ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: vault-unseal-config-3 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault-unseal-config-3 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: unseal - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ENVIRONMENT - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: ENVIRONMENT - - secretKey: CHECK_INTERVAL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: CHECK_INTERVAL - - secretKey: MAX_CHECK_INTERVAL - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: MAX_CHECK_INTERVAL - - secretKey: NODES - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: NODES - - secretKey: TLS_SKIP_VERIFY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: TLS_SKIP_VERIFY - - secretKey: TOKENS - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: TOKENS - - secretKey: EMAIL_ENABLED - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: EMAIL_ENABLED - - secretKey: NOTIFY_MAX_ELAPSED - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: NOTIFY_MAX_ELAPSED - - secretKey: NOTIFY_QUEUE_DELAY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None - property: NOTIFY_QUEUE_DELAY +# --- +# apiVersion: external-secrets.io/v1beta1 +# kind: ExternalSecret +# metadata: +# name: vault-unseal-config-3 +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: vault-unseal-config-3 +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: unseal +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: vault +# data: +# - secretKey: ENVIRONMENT +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-3 +# metadataPolicy: None +# property: ENVIRONMENT +# - secretKey: CHECK_INTERVAL +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-3 +# metadataPolicy: None +# property: CHECK_INTERVAL +# - secretKey: MAX_CHECK_INTERVAL +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-3 +# metadataPolicy: None +# property: MAX_CHECK_INTERVAL +# - secretKey: NODES +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-3 +# metadataPolicy: None +# property: NODES +# - secretKey: TLS_SKIP_VERIFY +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-3 +# metadataPolicy: None +# property: TLS_SKIP_VERIFY +# - secretKey: TOKENS +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-3 +# metadataPolicy: None +# property: TOKENS +# - secretKey: EMAIL_ENABLED +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-3 +# metadataPolicy: None +# property: EMAIL_ENABLED +# - secretKey: NOTIFY_MAX_ELAPSED +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-3 +# metadataPolicy: None +# property: NOTIFY_MAX_ELAPSED +# - secretKey: NOTIFY_QUEUE_DELAY +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/unseal/config-3 +# metadataPolicy: None +# property: NOTIFY_QUEUE_DELAY ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: vault-token - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault-token - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: token - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: token - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/token - metadataPolicy: None - property: token - - secretKey: unseal_key_1 - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/token - metadataPolicy: None - property: unseal_key_1 - - secretKey: unseal_key_2 - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/token - metadataPolicy: None - property: unseal_key_2 - - secretKey: unseal_key_3 - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/token - metadataPolicy: None - property: unseal_key_3 - - secretKey: unseal_key_4 - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/token - metadataPolicy: None - property: unseal_key_4 - - secretKey: unseal_key_5 - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/vault/token - metadataPolicy: None - property: unseal_key_5 +# --- +# apiVersion: external-secrets.io/v1beta1 +# kind: ExternalSecret +# metadata: +# name: vault-token +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: vault-token +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: token +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: vault +# data: +# - secretKey: token +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/token +# metadataPolicy: None +# property: token +# - secretKey: unseal_key_1 +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/token +# metadataPolicy: None +# property: unseal_key_1 +# - secretKey: unseal_key_2 +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/token +# metadataPolicy: None +# property: unseal_key_2 +# - secretKey: unseal_key_3 +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/token +# metadataPolicy: None +# property: unseal_key_3 +# - secretKey: unseal_key_4 +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/token +# metadataPolicy: None +# property: unseal_key_4 +# - secretKey: unseal_key_5 +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/vault/token +# metadataPolicy: None +# property: unseal_key_5 diff --git a/clusters/standby/services/generic-device-plugin/Chart.yaml b/clusters/standby/services/generic-device-plugin/Chart.yaml deleted file mode 100644 index a87406b3c..000000000 --- a/clusters/standby/services/generic-device-plugin/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: generic-device-plugin -version: 1.0.0 -description: Generic Device Plugin -keywords: - - generic-device-plugin - - device - - plugin -home: https://wiki.alexlebens.dev/doc/generic-device-plugin-PdquJy1lGu -sources: - - https://github.com/squat/generic-device-plugin - - https://github.com/alexlebens/helm-charts/tree/main/charts/generic-device-plugin -maintainers: - - name: alexlebens -dependencies: - - name: generic-device-plugin - repository: http://alexlebens.github.io/helm-charts - version: 0.1.6 -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png -appVersion: 0.1.2 diff --git a/clusters/standby/services/generic-device-plugin/values.yaml b/clusters/standby/services/generic-device-plugin/values.yaml deleted file mode 100644 index 108943fd7..000000000 --- a/clusters/standby/services/generic-device-plugin/values.yaml +++ /dev/null @@ -1,13 +0,0 @@ -generic-device-plugin: - image: - repository: ghcr.io/squat/generic-device-plugin - tag: latest@sha256:ba6f0b4cf6c858d6ad29ba4d32e4da11638abbc7d96436bf04f582a97b2b8821 - config: - enabled: true - data: | - devices: - - name: tun - groups: - - count: 1000 - paths: - - path: /dev/net/tun diff --git a/clusters/standby/services/intel-device-plugin/Chart.yaml b/clusters/standby/services/intel-device-plugin/Chart.yaml deleted file mode 100644 index a874bc32f..000000000 --- a/clusters/standby/services/intel-device-plugin/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v2 -name: intel-device-plugin -version: 1.0.0 -description: Intel Device Plugin -keywords: - - intel-device-plugin - - operator - - gpu - - kubernetes -home: https://wiki.alexlebens.dev/doc/intel-device-plugin-WGuYx3UYE3 -sources: - - https://github.com/intel/intel-device-plugins-for-kubernetes - - https://github.com/intel/helm-charts/tree/main/charts/device-plugin-operator - - https://github.com/intel/helm-charts/tree/main/charts/gpu-device-plugin -maintainers: - - name: alexlebens -dependencies: - - name: intel-device-plugins-operator - version: 0.32.0 - repository: https://intel.github.io/helm-charts/ - - name: intel-device-plugins-gpu - version: 0.32.0 - repository: https://intel.github.io/helm-charts/ -icon: https://avatars.githubusercontent.com/u/17888862?s=48&v=4 -appVersion: 0.31.1 diff --git a/clusters/standby/services/intel-device-plugin/values.yaml b/clusters/standby/services/intel-device-plugin/values.yaml deleted file mode 100644 index eb29f1508..000000000 --- a/clusters/standby/services/intel-device-plugin/values.yaml +++ /dev/null @@ -1,10 +0,0 @@ -intel-device-plugins-gpu: - name: gpudeviceplugin - resourceManager: false - sharedDevNum: 5 - logLevel: 2 - enableMonitoring: true - allocationPolicy: "none" - nodeSelector: - intel.feature.node.kubernetes.io/gpu: 'true' - nodeFeatureRule: false diff --git a/clusters/standby/services/node-feature-discovery/Chart.yaml b/clusters/standby/services/node-feature-discovery/Chart.yaml deleted file mode 100644 index 4993bdab6..000000000 --- a/clusters/standby/services/node-feature-discovery/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -name: node-feature-discovery -version: 1.0.0 -description: Node Feature Discovery -keywords: - - node-feature-discovery - - labels - - kubernetes -home: https://wiki.alexlebens.dev/doc/node-feature-discovery-ie3OiqJrjc -sources: - - https://github.com/kubernetes-sigs/node-feature-discovery -maintainers: - - name: alexlebens -dependencies: - - name: node-feature-discovery - version: 0.17.1 - repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png -appVersion: 0.16.6 diff --git a/clusters/standby/services/node-feature-discovery/values.yaml b/clusters/standby/services/node-feature-discovery/values.yaml deleted file mode 100644 index 22c3d7d4d..000000000 --- a/clusters/standby/services/node-feature-discovery/values.yaml +++ /dev/null @@ -1,244 +0,0 @@ -node-feature-discovery: - enableNodeFeatureApi: true - master: - enable: true - config: ### - # noPublish: false - # autoDefaultNs: true - # extraLabelNs: ["added.ns.io","added.kubernets.io","intel.com","devicetree.org"] - # denyLabelNs: ["denied.ns.io","denied.kubernetes.io"] - # resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"] - # enableTaints: false - # labelWhiteList: "foo" - # resyncPeriod: "2h" - # klog: - # addDirHeader: false - # alsologtostderr: false - # logBacktraceAt: - # logtostderr: true - # skipHeaders: false - # stderrthreshold: 2 - # v: 0 - # vmodule: - ## NOTE: the following options are not dynamically run-time configurable - ## and require a nfd-master restart to take effect after being changed - # logDir: - # logFile: - # logFileMaxSize: 1800 - # skipLogHeaders: false - # leaderElection: - # leaseDuration: 15s - # # this value has to be lower than leaseDuration and greater than retryPeriod*1.2 - # renewDeadline: 10s - # # this value has to be greater than 0 - # retryPeriod: 2s - # nfdApiParallelism: 10 - ### - port: 8080 - metricsPort: 8081 - instance: - featureApi: - resyncPeriod: - denyLabelNs: [] - extraLabelNs: [] - resourceLabels: [] - enableTaints: false - crdController: null - featureRulesController: null - nfdApiParallelism: null - deploymentAnnotations: {} - replicaCount: 1 - podSecurityContext: {} - # fsGroup: 2000 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - readOnlyRootFilesystem: true - runAsNonRoot: true - # runAsUser: 1000 - serviceAccount: - create: true - name: - rbac: - create: true - service: - type: ClusterIP - port: 8080 - resources: - requests: - cpu: 20m - memory: 60Mi - tolerations: - - key: "node-role.kubernetes.io/control-plane" - operator: "Equal" - value: "" - effect: "NoSchedule" - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - preference: - matchExpressions: - - key: "node-role.kubernetes.io/control-plane" - operator: In - values: [""] - worker: - enable: true - config: ### - #core: - # labelWhiteList: - # noPublish: false - # sleepInterval: 60s - # featureSources: [all] - # labelSources: [all] - # klog: - # addDirHeader: false - # alsologtostderr: false - # logBacktraceAt: - # logtostderr: true - # skipHeaders: false - # stderrthreshold: 2 - # v: 0 - # vmodule: - ## NOTE: the following options are not dynamically run-time configurable - ## and require a nfd-worker restart to take effect after being changed - # logDir: - # logFile: - # logFileMaxSize: 1800 - # skipLogHeaders: false - sources: - cpu: - cpuid: - attributeWhitelist: - - "AVX512BW" - - "AVX512CD" - - "AVX512DQ" - - "AVX512F" - - "AVX512VL" - kernel: - configOpts: - - "NO_HZ" - - "X86" - - "DMI" - usb: - deviceClassWhitelist: - - "02" - - "03" - - "0e" - - "ef" - - "fe" - - "ff" - deviceLabelFields: - - "vendor" - - "device" - - "class" - pci: - deviceClassWhitelist: - - "0200" - - "01" - - "08" - - "0300" - - "0302" - deviceLabelFields: - - "vendor" - - "device" - - "class" - custom: - - # Intel integrated GPU - name: "intel-gpu" - labels: - intel.feature.node.kubernetes.io/gpu: 'true' - matchOn: - - pciId: - class: ["0300"] - vendor: ["8086"] - - # Google Coral USB Accelerator - name: google.coral - labels: - google.feature.node.kubernetes.io/coral: "true" - matchFeatures: - - feature: usb.device - matchExpressions: - vendor: { op: In, value: ["1a6e", "18d1"] } - - # Aeotec Z-Stick Gen5+ - name: aeotec.zwave - labels: - aeotec.feature.node.kubernetes.io/zwave: "true" - matchFeatures: - - feature: usb.device - matchExpressions: - class: { op: In, value: ["02"] } - vendor: { op: In, value: ["0658"] } - device: { op: In, value: ["0200"] } - ### - metricsPort: 8081 - podSecurityContext: {} - # fsGroup: 2000 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - readOnlyRootFilesystem: true - runAsNonRoot: true - # runAsUser: 1000 - serviceAccount: - create: true - name: - rbac: - create: true - mountUsrSrc: false - resources: - requests: - cpu: 20m - memory: 60Mi - topologyUpdater: - config: ### - ## key = node name, value = list of resources to be excluded. - ## use * to exclude from all nodes. - ## an example for how the exclude list should looks like - #excludeList: - # node1: [cpu] - # node2: [memory, example/deviceA] - # *: [hugepages-2Mi] - ### - enable: true - createCRDs: true - serviceAccount: - create: true - name: - rbac: - create: true - metricsPort: 8081 - updateInterval: 60s - watchNamespace: "*" - kubeletStateDir: /var/lib/kubelet - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - readOnlyRootFilesystem: true - runAsUser: 0 - resources: - requests: - cpu: 20m - memory: 60Mi - gc: - enable: true - replicaCount: 1 - serviceAccount: - create: true - name: - rbac: - create: true - interval: 1h - resources: - requests: - cpu: 20m - memory: 60Mi - metricsPort: 8081 - tls: - enable: false - certManager: false - prometheus: - enable: false diff --git a/clusters/standby/services/reloader/Chart.yaml b/clusters/standby/services/reloader/Chart.yaml deleted file mode 100644 index 128c849f8..000000000 --- a/clusters/standby/services/reloader/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: reloader -version: 1.0.0 -description: Reloader -keywords: - - reloader - - config-map - - kubernetes -home: https://wiki.alexlebens.dev/doc/reloader-4L6pr8JdPl -sources: - - https://github.com/stakater/Reloader - - https://github.com/stakater/Reloader/blob/master/deployments/kubernetes/chart/reloader/Chart.yaml -maintainers: - - name: alexlebens -dependencies: - - name: reloader - version: 1.2.1 - repository: https://stakater.github.io/stakater-charts -icon: https://avatars.githubusercontent.com/u/15930712?s=48&v=4 -appVersion: 1.2.0 diff --git a/clusters/standby/services/reloader/values.yaml b/clusters/standby/services/reloader/values.yaml deleted file mode 100644 index e4bb46cc5..000000000 --- a/clusters/standby/services/reloader/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -reloader: - reloader: - serviceMonitor: - enabled: true - namespace: reloader diff --git a/clusters/standby/storage/cloudnative-pg/Chart.yaml b/clusters/standby/storage/cloudnative-pg/Chart.yaml deleted file mode 100644 index 4c62ddd85..000000000 --- a/clusters/standby/storage/cloudnative-pg/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: cloudnative-pg -version: 1.0.0 -description: Cloudnative PG -keywords: - - cloudnative-pg - - operator - - postgresql - - kubernetes -home: https://wiki.alexlebens.dev/doc/cloudnative-pg-87MyLNw4xG -sources: - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg -maintainers: - - name: alexlebens -dependencies: - - name: cloudnative-pg - version: 0.23.0 - repository: https://cloudnative-pg.io/charts/ -icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4 -appVersion: 1.24.1 diff --git a/clusters/standby/storage/cloudnative-pg/values.yaml b/clusters/standby/storage/cloudnative-pg/values.yaml deleted file mode 100644 index 41e79b909..000000000 --- a/clusters/standby/storage/cloudnative-pg/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -cloudnative-pg: - replicaCount: 2 - monitoring: - podMonitorEnabled: true diff --git a/clusters/standby/storage/local-path-provisioner/Chart.yaml b/clusters/standby/storage/local-path-provisioner/Chart.yaml deleted file mode 100644 index 4469092d6..000000000 --- a/clusters/standby/storage/local-path-provisioner/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: local-path-provisioner -version: 1.0.0 -description: Local Path Provisioner -keywords: - - local-path-provisioner - - storage - - kubernetes -home: https://wiki.alexlebens.dev/doc/local-path-provisioner-40NQQKSDVu -sources: - - https://github.com/rancher/local-path-provisioner - - https://hub.docker.com/r/rancher/local-path-provisioner - - https://github.com/containeroo/helm-charts/tree/master/charts/local-path-provisioner -maintainers: - - name: alexlebens -dependencies: - - name: local-path-provisioner - version: 0.0.32 - repository: https://charts.containeroo.ch -icon: https://avatars.githubusercontent.com/u/9343010?s=48&v=4 -appVersion: v0.0.30 diff --git a/clusters/standby/storage/local-path-provisioner/values.yaml b/clusters/standby/storage/local-path-provisioner/values.yaml deleted file mode 100644 index 6b131b15b..000000000 --- a/clusters/standby/storage/local-path-provisioner/values.yaml +++ /dev/null @@ -1,45 +0,0 @@ -local-path-provisioner: - image: - repository: rancher/local-path-provisioner - tag: v0.0.31 - helperImage: - repository: busybox - tag: 1.37.0 - storageClass: - create: true - defaultClass: false - defaultVolumeType: hostPath - name: local-path - reclaimPolicy: Delete - volumeBindingMode: WaitForFirstConsumer - nodePathMap: - - node: talos-di4-2sr - paths: - - /var/local-path-provisioner - - node: talos-iyl-d2a - paths: - - /var/local-path-provisioner - - node: talos-2ok-0ky - paths: - - /var/local-path-provisioner - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - talos-di4-2sr - - talos-iyl-d2a - - talos-2ok-0ky - configmap: - name: local-path-config - setup: |- - #!/bin/sh - set -eu - mkdir -m 0777 -p "$VOL_DIR" - teardown: |- - #!/bin/sh - set -eu - rm -rf "$VOL_DIR" diff --git a/clusters/standby/storage/minio-operator/Chart.yaml b/clusters/standby/storage/minio-operator/Chart.yaml deleted file mode 100644 index 63c446578..000000000 --- a/clusters/standby/storage/minio-operator/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: minio-operator -version: 1.0.0 -description: Minio Operator -keywords: - - minio-operator - - minio - - operator - - storage - - s3 - - kubernetes -home: https://wiki.alexlebens.dev/doc/minio-operator-bEvMUpVreJ -sources: - - https://github.com/minio/operator - - https://github.com/minio/operator/tree/master/helm/operator -maintainers: - - name: alexlebens -dependencies: - - name: operator - version: 7.0.0 - repository: https://operator.min.io -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/minio.png -appVersion: v6.0.4 diff --git a/clusters/standby/storage/minio-operator/values.yaml b/clusters/standby/storage/minio-operator/values.yaml deleted file mode 100644 index a84caba3f..000000000 --- a/clusters/standby/storage/minio-operator/values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -operator: - operator: - env: - - name: OPERATOR_STS_ENABLED - value: "off" - - name: MINIO_CONSOLE_TLS_ENABLE - value: "off" diff --git a/clusters/standby/storage/nfs/Chart.yaml b/clusters/standby/storage/nfs/Chart.yaml deleted file mode 100644 index 26ac50f31..000000000 --- a/clusters/standby/storage/nfs/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: nfs-subdir-external-provisioner -version: 1.0.0 -description: NFS Subdir External Provisioner -keywords: - - nfs-subdir-external-provisioner - - nfs - - storage - - kubernetes -home: https://wiki.alexlebens.dev/doc/nfs-z7rfU2dz5C -sources: - - https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner - - https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/tree/master/charts/nfs-subdir-external-provisioner -maintainers: - - name: alexlebens -dependencies: - - name: nfs-subdir-external-provisioner - version: 4.0.18 - repository: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png -appVersion: 4.0.18 diff --git a/clusters/standby/storage/nfs/values.yaml b/clusters/standby/storage/nfs/values.yaml deleted file mode 100644 index feaf1d472..000000000 --- a/clusters/standby/storage/nfs/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -nfs-subdir-external-provisioner: - nfs: - server: 192.168.1.194 - path: /volume2/Talos - mountOptions: - - hard - - vers=4 - - minorversion=1 diff --git a/clusters/standby/storage/rook-ceph/Chart.yaml b/clusters/standby/storage/rook-ceph/Chart.yaml deleted file mode 100644 index ccd284b33..000000000 --- a/clusters/standby/storage/rook-ceph/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v2 -name: rook-ceph -version: 1.0.0 -description: Rook Ceph -keywords: - - rook-ceph - - ceph - - storage - - kubernetes -home: https://wiki.alexlebens.dev/doc/rook-ceph-C7G7SNuP5Z -sources: - - https://github.com/rook/rook - - https://quay.io/repository/ceph/ceph?tab=tags - - https://github.com/rook/rook/tree/master/deploy/charts -maintainers: - - name: alexlebens -dependencies: - - name: rook-ceph - version: v1.16.3 - repository: https://charts.rook.io/release - - name: rook-ceph-cluster - version: v1.16.3 - repository: https://charts.rook.io/release -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/rook.png -appVersion: v1.16.0 diff --git a/clusters/standby/storage/rook-ceph/templates/storage-class.yaml b/clusters/standby/storage/rook-ceph/templates/storage-class.yaml deleted file mode 100644 index 3ab402df0..000000000 --- a/clusters/standby/storage/rook-ceph/templates/storage-class.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: ceph-block-delete -provisioner: rook-ceph.rbd.csi.ceph.com -parameters: - clusterID: rook-ceph - csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner - csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph - csi.storage.k8s.io/fstype: ext4 - csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node - csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph - csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner - csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph - imageFeatures: layering,exclusive-lock,object-map,fast-diff - imageFormat: "2" - pool: ceph-blockpool -reclaimPolicy: Delete -allowVolumeExpansion: true -volumeBindingMode: Immediate diff --git a/clusters/standby/storage/rook-ceph/values.yaml b/clusters/standby/storage/rook-ceph/values.yaml deleted file mode 100644 index 9210ffaaa..000000000 --- a/clusters/standby/storage/rook-ceph/values.yaml +++ /dev/null @@ -1,146 +0,0 @@ -rook-ceph: - crds: - enabled: true - csi: - enableMetadata: true - provisionerReplicas: 3 - serviceMonitor: - enabled: true - enableDiscoveryDaemon: true - monitoring: - enabled: true - -rook-ceph-cluster: - operatorNamespace: rook-ceph - toolbox: - enabled: true - monitoring: - enabled: true - createPrometheusRules: true - cephClusterSpec: - cephVersion: - # https://quay.io/repository/ceph/ceph?tab=tags - image: quay.io/ceph/ceph:v19.2.0-20240927 - mon: - count: 3 - mgr: - count: 1 - modules: - - name: pg_autoscaler - enabled: true - - name: rook - enabled: true - dashboard: - enabled: true - ssl: false - network: - connections: - encryption: - enabled: true - compression: - enabled: true - requireMsgr2: true - placement: - all: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/rook-osd-node - operator: Exists - mon: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/rook-control-node - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - tolerations: - - key: node-role.kubernetes.io/rook-control-node - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - resources: - mgr: - limits: - cpu: 2000m - requests: - cpu: 100m - memory: 512Mi - mon: - limits: - cpu: 2000m - requests: - cpu: 200m - memory: 256Mi - osd: - limits: - cpu: 5000m - requests: - cpu: 100m - memory: 2Gi - prepareosd: - requests: - cpu: 100m - memory: 128Mi - storage: - useAllNodes: true - useAllDevices: true - deviceFilter: sda - config: - osdsPerDevice: "1" - csi: - readAffinity: - enabled: true - ingress: - dashboard: - ingressClassName: tailscale - host: - name: ceph-cl01tl - path: / - tls: - - secretName: ceph-cl01tl - hosts: - - ceph-cl01tl - rules: - - host: ceph-cl01tl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: rook-ceph-mgr-dashboard - port: - name: http-dashboard - cephBlockPools: - - name: ceph-blockpool - spec: - failureDomain: host - replicated: - size: 3 - enableRBDStats: false - storageClass: - enabled: true - name: ceph-block - isDefault: true - reclaimPolicy: Retain - allowVolumeExpansion: true - volumeBindingMode: "Immediate" - parameters: - imageFormat: "2" - imageFeatures: layering,exclusive-lock,object-map,fast-diff - csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner - csi.storage.k8s.io/provisioner-secret-namespace: "{{ .Release.Namespace }}" - csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner - csi.storage.k8s.io/controller-expand-secret-namespace: "{{ .Release.Namespace }}" - csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node - csi.storage.k8s.io/node-stage-secret-namespace: "{{ .Release.Namespace }}" - csi.storage.k8s.io/fstype: ext4 - cephBlockPoolsVolumeSnapshotClass: - enabled: true - name: ceph-blockpool-snapshot - isDefault: false - deletionPolicy: Retain diff --git a/clusters/standby/storage/volsync/Chart.yaml b/clusters/standby/storage/volsync/Chart.yaml deleted file mode 100644 index f6ff63e86..000000000 --- a/clusters/standby/storage/volsync/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: volsync -version: 1.0.0 -description: Volsync -keywords: - - volsync - - backup - - storage - - s3 - - kubernetes -home: https://wiki.alexlebens.dev/doc/volsync-iusm70xWOf -sources: - - https://github.com/backube/volsync - - https://github.com/backube/volsync/tree/main/helm/volsync -maintainers: - - name: alexlebens -dependencies: - - name: volsync - version: 0.11.0 - repository: https://backube.github.io/helm-charts/ -icon: https://raw.githubusercontent.com/backube/volsync/main/docs/media/volsync.svg?sanitize=true -appVersion: 0.11.1 diff --git a/clusters/standby/storage/volsync/values.yaml b/clusters/standby/storage/volsync/values.yaml deleted file mode 100644 index ff5076547..000000000 --- a/clusters/standby/storage/volsync/values.yaml +++ /dev/null @@ -1,17 +0,0 @@ -volsync: - replicaCount: 3 - manageCRDs: true - metrics: - disableAuth: true - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - resources: - limits: - cpu: 2000m - requests: - cpu: 10m - memory: 128Mi