Compare commits
5 Commits
8d2483ef08
...
6da56d6530
| Author | SHA1 | Date | |
|---|---|---|---|
6da56d6530
|
|||
| cb568263d5 | |||
| f453d2871c | |||
| 8b8829df3c | |||
| 950b50275a |
@@ -4,11 +4,8 @@ metadata:
|
||||
name: harbor-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: harbor-secret
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: web
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
@@ -71,11 +68,8 @@ metadata:
|
||||
name: harbor-postgresql-17-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: harbor-postgresql-17-cluster-backup-secret
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: database
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
|
||||
@@ -4,11 +4,8 @@ metadata:
|
||||
name: subnet-router-local
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: subnet-router-local
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: tailscale
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
hostname: subnet-router-local-cl01tl
|
||||
proxyClass: default
|
||||
|
||||
@@ -4,11 +4,8 @@ metadata:
|
||||
name: ts-dns
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: ts-dns
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: tailscale
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
nameserver:
|
||||
image:
|
||||
|
||||
@@ -4,11 +4,8 @@ metadata:
|
||||
name: operator-oauth
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: operator-oauth
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: web
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
|
||||
@@ -4,11 +4,8 @@ metadata:
|
||||
name: default
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: default
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: proxy
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
metrics:
|
||||
enable: true
|
||||
@@ -32,11 +29,8 @@ metadata:
|
||||
name: no-metrics
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: no-metrics
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: proxy
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
metrics:
|
||||
enable: false
|
||||
|
||||
@@ -4,11 +4,8 @@ metadata:
|
||||
name: talos-etcd-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: talos-etcd-backup-secret
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: storage
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
annotations:
|
||||
kubernetes.io/service-account.name: talos-backup-secrets
|
||||
spec:
|
||||
|
||||
@@ -4,10 +4,7 @@ metadata:
|
||||
name: talos-backup-secrets
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: talos-backup-secrets
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: storage
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
annotations:
|
||||
kubernetes.io/service-account.name: talos-backup-secrets
|
||||
|
||||
@@ -4,11 +4,8 @@ metadata:
|
||||
name: talos-backup-secrets
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: talos-backup-secrets
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: storage
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
roles:
|
||||
- os:etcd:backup
|
||||
|
||||
@@ -4,11 +4,8 @@ metadata:
|
||||
name: default-l2-announcement-policy
|
||||
namespace: cilium
|
||||
labels:
|
||||
app.kubernetes.io/name: default-l2-announcement-policy
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: network
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
interfaces:
|
||||
- enp6s0
|
||||
|
||||
@@ -4,11 +4,8 @@ metadata:
|
||||
name: default-ip-pool
|
||||
namespace: cilium
|
||||
labels:
|
||||
app.kubernetes.io/name: default-ip-pool
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: network
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
blocks:
|
||||
- start: "10.232.1.21"
|
||||
|
||||
@@ -4,11 +4,8 @@ metadata:
|
||||
name: http-route-hubble
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: http-route-hubble
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: web
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
|
||||
@@ -17,6 +17,6 @@ dependencies:
|
||||
- name: app-template
|
||||
alias: kubelet-serving-cert-approver
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 3.7.3
|
||||
version: 4.0.1
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
|
||||
appVersion: 0.9.1
|
||||
|
||||
@@ -4,16 +4,13 @@ metadata:
|
||||
name: kubelet-serving-cert-approver
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: kubelet-serving-cert-approver
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: server
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: "certificates:{{ .Release.Name }}"
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Release.Name }}
|
||||
name: kubelet-serving-cert-approver
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -4,11 +4,8 @@ metadata:
|
||||
name: "certificates:{{ .Release.Name }}"
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: kubelet-serving-cert-approver
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: server
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- certificates.k8s.io
|
||||
@@ -46,11 +43,8 @@ metadata:
|
||||
name: "events:{{ .Release.Name }}"
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: kubelet-serving-cert-approver
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: server
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
|
||||
@@ -3,7 +3,7 @@ kind: Namespace
|
||||
metadata:
|
||||
name: kubelet-serving-cert-approver
|
||||
labels:
|
||||
app.kubernetes.io/name: kubelet-serving-cert-approver
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
pod-security.kubernetes.io/audit: restricted
|
||||
pod-security.kubernetes.io/enforce: restricted
|
||||
|
||||
@@ -4,11 +4,8 @@ metadata:
|
||||
name: "events:{{ .Release.Name }}"
|
||||
namespace: default
|
||||
labels:
|
||||
app.kubernetes.io/name: kubelet-serving-cert-approver
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: server
|
||||
app.kubernetes.io/part-of: kubelet-serving-cert-approver
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
|
||||
@@ -30,6 +30,10 @@ kubelet-serving-cert-approver:
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
revisionHistoryLimit: 3
|
||||
serviceAccount:
|
||||
name: kubelet-serving-cert-approver
|
||||
pod:
|
||||
automountServiceAccountToken: true
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
@@ -56,7 +60,9 @@ kubelet-serving-cert-approver:
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
serviceAccount:
|
||||
create: true
|
||||
kubelet-serving-cert-approver:
|
||||
enabled: true
|
||||
staticToken: true
|
||||
service:
|
||||
main:
|
||||
controller: main
|
||||
|
||||
Reference in New Issue
Block a user