alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Activity

Automated Manifest Update #4990

Merged
alexlebens merged 3 commits from auto/update-manifests into manifests 2026-03-23 01:23:30 +00:00
Conversation 0 Commits 3 Files Changed 19 +152 -61
19 changed files with 152 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 08cea325f5 - Show all commits

2
clusters/cl01tl/manifests/argocd/ConfigMap-argocd-cm.yaml
View File

@@ -127,6 +127,6 @@ data:
statusbadge.enabled: "true"
statusbadge.url: https://argocd.alexlebens.net/
timeout.hard.reconciliation: 0s
timeout.reconciliation: 100s
timeout.reconciliation: 120s
timeout.reconciliation.jitter: 60s
url: https://argocd.alexlebens.net

1
clusters/cl01tl/manifests/argocd/ConfigMap-argocd-notifications-cm.yaml
View File

@@ -13,7 +13,6 @@ metadata:
app.kubernetes.io/version: "v3.3.4"
data:
context: |
argocdUrl: https://argocd.example.com
argocdUrl: https://argocd.alexlebens.net
service.webhook.ntfy: |
url: http://ntfy.ntfy/

17
clusters/cl01tl/manifests/argocd/Deployment-argocd-applicationset-controller.yaml
View File

@@ -223,20 +223,23 @@ spec:
livenessProbe:
tcpSocket:
port: probe
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
tcpSocket:
port: probe
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
resources: {}
resources:
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:

12
clusters/cl01tl/manifests/argocd/Deployment-argocd-dex-server.yaml
View File

@@ -22,7 +22,7 @@ spec:
metadata:
annotations:
checksum/cmd-params: 362141fbaf5ddcad145ee51a3a6db083fab8509f6c73479f1359ffe75d7589be
checksum/cm: 44a2e45c2c3dbd82942defeed934270a6ee4d9850869d9b7ba268e4c873a8847
checksum/cm: 7e934038471270914ddb1112d29a81a9239f0edb8dece4e96029b7edee00e3a2
labels:
helm.sh/chart: argo-cd-9.4.15
app.kubernetes.io/name: argocd-dex-server
@@ -98,7 +98,10 @@ spec:
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
resources: {}
resources:
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -130,7 +133,10 @@ spec:
name: static-files
- mountPath: /tmp
name: dexconfig
resources: {}
resources:
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:

5
clusters/cl01tl/manifests/argocd/Deployment-argocd-notifications-controller.yaml
View File

@@ -103,7 +103,10 @@ spec:
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
resources: {}
resources:
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:

12
clusters/cl01tl/manifests/argocd/Deployment-argocd-redis-ha-haproxy.yaml
View File

@@ -28,9 +28,6 @@ spec:
component: haproxy
app.kubernetes.io/name: argocd-redis-ha-haproxy
annotations:
prometheus.io/port: "9101"
prometheus.io/scrape: "true"
prometheus.io/path: "/metrics"
checksum/config: 41729c8b600983b574147eb778eb317992f0a620e163e58b070b159548c3f8e6
spec:
serviceAccountName: argocd-redis-ha-haproxy
@@ -52,7 +49,7 @@ spec:
topologyKey: kubernetes.io/hostname
initContainers:
- name: config-init
image: ecr-public.aws.com/docker/library/haproxy:3.0.8-alpine
image: haproxy:3.0.19-alpine@sha256:ec781a129b8c4837c76fcb26f7b585708966873b536b9d7aa7cbcc342ae8a76f
imagePullPolicy: IfNotPresent
resources: {}
command:
@@ -76,7 +73,7 @@ spec:
mountPath: /data
containers:
- name: haproxy
image: ecr-public.aws.com/docker/library/haproxy:3.0.8-alpine
image: haproxy:3.0.19-alpine@sha256:ec781a129b8c4837c76fcb26f7b585708966873b536b9d7aa7cbcc342ae8a76f
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
@@ -106,7 +103,10 @@ spec:
containerPort: 6379
- name: metrics-port
containerPort: 9101
resources: {}
resources:
requests:
cpu: 10m
memory: 128Mi
volumeMounts:
- name: data
mountPath: /usr/local/etc/haproxy

24
clusters/cl01tl/manifests/argocd/Deployment-argocd-repo-server.yaml
View File

@@ -22,7 +22,7 @@ spec:
metadata:
annotations:
checksum/cmd-params: 362141fbaf5ddcad145ee51a3a6db083fab8509f6c73479f1359ffe75d7589be
checksum/cm: 44a2e45c2c3dbd82942defeed934270a6ee4d9850869d9b7ba268e4c873a8847
checksum/cm: 7e934038471270914ddb1112d29a81a9239f0edb8dece4e96029b7edee00e3a2
labels:
helm.sh/chart: argo-cd-9.4.15
app.kubernetes.io/name: argocd-repo-server
@@ -332,21 +332,24 @@ spec:
httpGet:
path: /healthz?full=true
port: metrics
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /healthz
port: metrics
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
resources: {}
resources:
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -365,7 +368,10 @@ spec:
image: quay.io/argoproj/argocd:v3.3.4
imagePullPolicy: IfNotPresent
name: copyutil
resources: {}
resources:
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:

7
clusters/cl01tl/manifests/argocd/Deployment-argocd-server.yaml
View File

@@ -22,7 +22,7 @@ spec:
metadata:
annotations:
checksum/cmd-params: 362141fbaf5ddcad145ee51a3a6db083fab8509f6c73479f1359ffe75d7589be
checksum/cm: 44a2e45c2c3dbd82942defeed934270a6ee4d9850869d9b7ba268e4c873a8847
checksum/cm: 7e934038471270914ddb1112d29a81a9239f0edb8dece4e96029b7edee00e3a2
labels:
helm.sh/chart: argo-cd-9.4.15
app.kubernetes.io/name: argocd-server
@@ -394,7 +394,10 @@ spec:
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
resources: {}
resources:
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:

9
clusters/cl01tl/manifests/argocd/ExternalSecret-argocd-gitea-repo-infrastructure-secret.yaml
View File

@@ -14,22 +14,13 @@ spec:
data:
- secretKey: type
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: type
- secretKey: url
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: url
- secretKey: sshPrivateKey
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: sshPrivateKey

3
clusters/cl01tl/manifests/argocd/ExternalSecret-argocd-notifications-secret.yaml
View File

@@ -14,8 +14,5 @@ spec:
data:
- secretKey: ntfy-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl
metadataPolicy: None
property: token

6
clusters/cl01tl/manifests/argocd/ExternalSecret-argocd-oidc-secret.yaml
View File

@@ -14,15 +14,9 @@ spec:
data:
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argocd
metadataPolicy: None
property: secret
- secretKey: client
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argocd
metadataPolicy: None
property: client

2
clusters/cl01tl/manifests/argocd/Pod-argocd-redis-ha-service-test.yaml
View File

@@ -15,7 +15,7 @@ spec:
tolerations: []
containers:
- name: "argocd-service-test"
image: ecr-public.aws.com/docker/library/redis:8.2.3-alpine
image: redis:8.6.1@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0
command:
- sh
- -c

18
clusters/cl01tl/manifests/argocd/PrometheusRule-argocd-redis-ha.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: argocd-redis-ha
spec:
groups:
- name: argocd-redis-ha
interval: 30s
rules:
- alert: RedisPodDown
annotations:
description: Redis pod {{ $labels.pod }} is down
summary: Redis pod {{ $labels.pod }} is down
expr: |
redis_up{job="argocd-redis-ha"} == 0
for: 5m
labels:
severity: critical

4
clusters/cl01tl/manifests/argocd/Service-argocd-redis-ha-announce-0.yaml
View File

@@ -21,6 +21,10 @@ spec:
port: 26379
protocol: TCP
targetPort: sentinel
- name: http-exporter
port: 9121
protocol: TCP
targetPort: exporter-port
selector:
release: argocd
app: redis-ha

4
clusters/cl01tl/manifests/argocd/Service-argocd-redis-ha-announce-1.yaml
View File

@@ -21,6 +21,10 @@ spec:
port: 26379
protocol: TCP
targetPort: sentinel
- name: http-exporter
port: 9121
protocol: TCP
targetPort: exporter-port
selector:
release: argocd
app: redis-ha

4
clusters/cl01tl/manifests/argocd/Service-argocd-redis-ha-announce-2.yaml
View File

@@ -21,6 +21,10 @@ spec:
port: 26379
protocol: TCP
targetPort: sentinel
- name: http-exporter
port: 9121
protocol: TCP
targetPort: exporter-port
selector:
release: argocd
app: redis-ha

5
clusters/cl01tl/manifests/argocd/Service-argocd-redis-ha.yaml
View File

@@ -8,6 +8,7 @@ metadata:
heritage: "Helm"
release: "argocd"
chart: redis-ha-4.34.11
exporter: enabled
annotations:
spec:
type: ClusterIP
@@ -21,6 +22,10 @@ spec:
port: 26379
protocol: TCP
targetPort: sentinel
- name: http-exporter-port
port: 9121
protocol: TCP
targetPort: exporter-port
selector:
release: argocd
app: redis-ha

13
clusters/cl01tl/manifests/argocd/StatefulSet-argocd-application-controller.yaml
View File

@@ -23,7 +23,7 @@ spec:
metadata:
annotations:
checksum/cmd-params: 362141fbaf5ddcad145ee51a3a6db083fab8509f6c73479f1359ffe75d7589be
checksum/cm: 44a2e45c2c3dbd82942defeed934270a6ee4d9850869d9b7ba268e4c873a8847
checksum/cm: 7e934038471270914ddb1112d29a81a9239f0edb8dece4e96029b7edee00e3a2
labels:
helm.sh/chart: argo-cd-9.4.15
app.kubernetes.io/name: argocd-application-controller
@@ -334,12 +334,15 @@ spec:
httpGet:
path: /healthz
port: metrics
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
resources: {}
resources:
requests:
cpu: 15m
memory: 1Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:

65
clusters/cl01tl/manifests/argocd/StatefulSet-argocd-redis-ha-server.yaml
View File

@@ -47,7 +47,7 @@ spec:
automountServiceAccountToken: false
initContainers:
- name: config-init
image: ecr-public.aws.com/docker/library/redis:8.2.3-alpine
image: redis:8.6.1@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0
imagePullPolicy: IfNotPresent
resources: {}
command:
@@ -79,7 +79,7 @@ spec:
mountPath: /data
containers:
- name: redis
image: ecr-public.aws.com/docker/library/redis:8.2.3-alpine
image: redis:8.6.1@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0
imagePullPolicy: IfNotPresent
command:
- redis-server
@@ -128,7 +128,10 @@ spec:
- sh
- -c
- /health/redis_readiness.sh
resources: {}
resources:
requests:
cpu: 1000m
memory: 64Mi
ports:
- name: redis
containerPort: 6379
@@ -147,7 +150,7 @@ spec:
- /bin/sh
- /readonly-config/trigger-failover-if-master.sh
- name: sentinel
image: ecr-public.aws.com/docker/library/redis:8.2.3-alpine
image: redis:8.6.1@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0
imagePullPolicy: IfNotPresent
command:
- redis-sentinel
@@ -207,7 +210,7 @@ spec:
name: health
lifecycle: {}
- name: split-brain-fix
image: ecr-public.aws.com/docker/library/redis:8.2.3-alpine
image: redis:8.6.1@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0
imagePullPolicy: IfNotPresent
command:
- sh
@@ -237,6 +240,43 @@ spec:
readOnly: true
- mountPath: /data
name: data
- name: redis-exporter
image: "ghcr.io/oliver006/redis_exporter:v1.82.0@sha256:6a97d4dd743b533e1f950c677b87d880e44df363c61af3f406fc9e53ed65ee03"
imagePullPolicy: IfNotPresent
args:
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
env:
- name: REDIS_ADDR
value: redis://localhost:6379
livenessProbe:
httpGet:
path: /metrics
port: 9121
initialDelaySeconds: 15
periodSeconds: 15
timeoutSeconds: 3
readinessProbe:
httpGet:
path: /metrics
port: 9121
initialDelaySeconds: 15
periodSeconds: 15
successThreshold: 2
timeoutSeconds: 3
resources: {}
ports:
- name: exporter-port
containerPort: 9121
volumeMounts:
volumes:
- name: config
configMap:
@@ -245,5 +285,16 @@ spec:
configMap:
name: argocd-redis-ha-health-configmap
defaultMode: 0755
- name: data
emptyDir: {}
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
annotations:
labels: {}
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "10Gi"