feat(kube-nas): standardisation manifests #4446
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- kubernetes/base/flux/repositories/helm Kustomization: flux-system/flux-repositories HelmRepository: flux-system/cilium-charts
+++ kubernetes/base/flux/repositories/helm Kustomization: flux-system/flux-repositories HelmRepository: flux-system/cilium-charts
@@ -5,9 +5,10 @@
labels:
kustomize.toolkit.fluxcd.io/name: flux-repositories
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: cilium-charts
namespace: flux-system
spec:
- interval: 2h
+ interval: 1h
+ timeout: 3m
url: https://helm.cilium.io
--- kubernetes/base/flux/repositories/helm Kustomization: flux-system/flux-repositories HelmRepository: flux-system/coredns-charts
+++ kubernetes/base/flux/repositories/helm Kustomization: flux-system/flux-repositories HelmRepository: flux-system/coredns-charts
@@ -5,9 +5,10 @@
labels:
kustomize.toolkit.fluxcd.io/name: flux-repositories
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: coredns-charts
namespace: flux-system
spec:
- interval: 2h
+ interval: 1h
+ timeout: 3m
url: https://coredns.github.io/helm
--- kubernetes/base/flux/repositories/helm Kustomization: flux-system/flux-repositories HelmRepository: flux-system/flux-iac-charts
+++ kubernetes/base/flux/repositories/helm Kustomization: flux-system/flux-repositories HelmRepository: flux-system/flux-iac-charts
@@ -6,9 +6,10 @@
kustomize.toolkit.fluxcd.io/name: flux-repositories
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: flux-iac-charts
namespace: flux-system
spec:
interval: 1h
+ timeout: 3m
type: oci
url: oci://ghcr.io/flux-iac/charts
--- kubernetes/base/flux/repositories/helm Kustomization: flux-system/flux-repositories HelmRepository: flux-system/harbor-charts
+++ kubernetes/base/flux/repositories/helm Kustomization: flux-system/flux-repositories HelmRepository: flux-system/harbor-charts
@@ -5,10 +5,10 @@
labels:
kustomize.toolkit.fluxcd.io/name: flux-repositories
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: harbor-charts
namespace: flux-system
spec:
- interval: 2h
+ interval: 1h
timeout: 3m
url: https://helm.goharbor.io
--- kubernetes/base/flux/repositories/helm Kustomization: flux-system/flux-repositories HelmRepository: flux-system/ingress-nginx-charts
+++ kubernetes/base/flux/repositories/helm Kustomization: flux-system/flux-repositories HelmRepository: flux-system/ingress-nginx-charts
@@ -5,9 +5,10 @@
labels:
kustomize.toolkit.fluxcd.io/name: flux-repositories
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: ingress-nginx-charts
namespace: flux-system
spec:
- interval: 2h
+ interval: 1h
+ timeout: 3m
url: https://kubernetes.github.io/ingress-nginx
--- kubernetes/base/flux/repositories/helm Kustomization: flux-system/flux-repositories HelmRepository: flux-system/openebs-charts
+++ kubernetes/base/flux/repositories/helm Kustomization: flux-system/flux-repositories HelmRepository: flux-system/openebs-charts
@@ -5,9 +5,10 @@
labels:
kustomize.toolkit.fluxcd.io/name: flux-repositories
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: openebs-charts
namespace: flux-system
spec:
- interval: 2h
+ interval: 1h
+ timeout: 3m
url: https://openebs.github.io/openebs
--- kubernetes/kube-nas/apps/secops/external-secrets/app Kustomization: flux-system/external-secrets HelmRelease: secops/external-secrets
+++ kubernetes/kube-nas/apps/secops/external-secrets/app Kustomization: flux-system/external-secrets HelmRelease: secops/external-secrets
@@ -1,11 +1,12 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
labels:
+ app.kubernetes.io/name: external-secrets
kustomize.toolkit.fluxcd.io/name: external-secrets
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: external-secrets
namespace: secops
spec:
chart:
@@ -18,20 +19,21 @@
version: 0.13.0
driftDetection:
mode: enabled
install:
remediation:
retries: 3
- interval: 15m
- maxHistory: 5
+ interval: 30m
+ timeout: 5m
uninstall:
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
+ strategy: rollback
values:
grafana:
enabled: false
installCRDs: true
replicaCount: 1
--- kubernetes/kube-nas/apps/kube-system/kubelet-csr-approver/app Kustomization: flux-system/kubelet-csr-approver HelmRelease: kube-system/kubelet-csr-approver
+++ kubernetes/kube-nas/apps/kube-system/kubelet-csr-approver/app Kustomization: flux-system/kubelet-csr-approver HelmRelease: kube-system/kubelet-csr-approver
@@ -1,26 +1,37 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
labels:
+ app.kubernetes.io/name: kubelet-csr-approver
kustomize.toolkit.fluxcd.io/name: kubelet-csr-approver
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: kubelet-csr-approver
namespace: kube-system
spec:
chart:
spec:
chart: kubelet-csr-approver
- interval: 30m
sourceRef:
kind: HelmRepository
name: postfinance-charts
namespace: flux-system
version: 1.2.5
+ install:
+ remediation:
+ retries: 3
interval: 30m
+ timeout: 5m
+ uninstall:
+ keepHistory: false
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ strategy: rollback
values:
bypassDnsResolution: true
providerRegex: |
^(kube-nas)$
replicas: 1
--- kubernetes/kube-nas/apps/kube-system/coredns/app Kustomization: flux-system/coredns HelmRelease: kube-system/coredns
+++ kubernetes/kube-nas/apps/kube-system/coredns/app Kustomization: flux-system/coredns HelmRelease: kube-system/coredns
@@ -1,11 +1,12 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
labels:
+ app.kubernetes.io/name: coredns
kustomize.toolkit.fluxcd.io/name: coredns
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: coredns
namespace: kube-system
spec:
chart:
@@ -17,19 +18,20 @@
namespace: flux-system
version: 1.39.0
install:
remediation:
retries: 3
interval: 30m
- maxHistory: 2
+ timeout: 5m
uninstall:
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
+ strategy: rollback
values:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
--- kubernetes/kube-nas/apps/backup-system/snapshot-controller/app Kustomization: flux-system/snapshot-controller HelmRelease: backup-system/snapshot-controller
+++ kubernetes/kube-nas/apps/backup-system/snapshot-controller/app Kustomization: flux-system/snapshot-controller HelmRelease: backup-system/snapshot-controller
@@ -19,12 +19,15 @@
version: 4.0.1
install:
crds: CreateReplace
remediation:
retries: 3
interval: 30m
+ timeout: 5m
+ uninstall:
+ keepHistory: false
upgrade:
cleanupOnFail: true
crds: CreateReplace
remediation:
retries: 3
strategy: rollback
--- kubernetes/kube-nas/apps/database-system/cloudnative-pg/operator Kustomization: flux-system/cloudnative-pg HelmRelease: database-system/cloudnative-pg
+++ kubernetes/kube-nas/apps/database-system/cloudnative-pg/operator Kustomization: flux-system/cloudnative-pg HelmRelease: database-system/cloudnative-pg
@@ -15,21 +15,23 @@
sourceRef:
kind: HelmRepository
name: cloudnative-pg-charts
namespace: flux-system
version: 0.23.0
install:
- createNamespace: true
remediation:
retries: 3
- interval: 15m
- maxHistory: 15
+ interval: 30m
+ timeout: 5m
+ uninstall:
+ keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
+ strategy: rollback
values:
crds:
create: true
monitoring:
grafanaDashboard:
create: true
--- kubernetes/kube-nas/apps/database-system/dbman/operator Kustomization: flux-system/dbman HelmRelease: database-system/dbman
+++ kubernetes/kube-nas/apps/database-system/dbman/operator Kustomization: flux-system/dbman HelmRelease: database-system/dbman
@@ -15,19 +15,22 @@
sourceRef:
kind: HelmRepository
name: dbman-charts
namespace: flux-system
version: 0.123.2
install:
- createNamespace: true
remediation:
- retries: 5
+ retries: 3
interval: 30m
- timeout: 15m
+ timeout: 5m
+ uninstall:
+ keepHistory: false
upgrade:
+ cleanupOnFail: true
remediation:
- retries: 5
+ retries: 3
+ strategy: rollback
values:
env:
- name: RUST_LOG
value: info
--- kubernetes/kube-nas/apps/cert-manager/cert-manager/app Kustomization: flux-system/cert-manager HelmRelease: cert-manager/cert-manager
+++ kubernetes/kube-nas/apps/cert-manager/cert-manager/app Kustomization: flux-system/cert-manager HelmRelease: cert-manager/cert-manager
@@ -1,31 +1,35 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
labels:
+ app.kubernetes.io/name: cert-manager
kustomize.toolkit.fluxcd.io/name: cert-manager
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: cert-manager
namespace: cert-manager
spec:
chart:
spec:
chart: cert-manager
- interval: 30m
sourceRef:
kind: HelmRepository
name: jetstack-charts
namespace: flux-system
version: v1.16.3
install:
crds: CreateReplace
remediation:
retries: 5
interval: 30m
+ timeout: 5m
+ uninstall:
+ keepHistory: false
upgrade:
+ cleanupOnFail: true
crds: CreateReplace
remediation:
retries: 5
values:
extraArgs:
- --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53
--- kubernetes/kube-nas/apps/kube-tools/reloader/app Kustomization: flux-system/reloader HelmRelease: kube-tools/reloader
+++ kubernetes/kube-nas/apps/kube-tools/reloader/app Kustomization: flux-system/reloader HelmRelease: kube-tools/reloader
@@ -1,11 +1,12 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
labels:
+ app.kubernetes.io/name: reloader
kustomize.toolkit.fluxcd.io/name: reloader
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: reloader
namespace: kube-tools
spec:
chart:
@@ -14,17 +15,16 @@
sourceRef:
kind: HelmRepository
name: stakater-charts
namespace: flux-system
version: 1.2.1
install:
- createNamespace: true
remediation:
retries: 3
- interval: 15m
- maxHistory: 15
+ interval: 30m
+ timeout: 5m
uninstall:
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
--- kubernetes/kube-nas/apps/minio-system/minio/app Kustomization: flux-system/minio HelmRelease: minio-system/minio
+++ kubernetes/kube-nas/apps/minio-system/minio/app Kustomization: flux-system/minio HelmRelease: minio-system/minio
@@ -18,12 +18,15 @@
namespace: flux-system
version: 3.6.1
install:
remediation:
retries: 3
interval: 30m
+ timeout: 5m
+ uninstall:
+ keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
strategy: rollback
values:
--- kubernetes/kube-nas/apps/kube-system/cilium/app Kustomization: flux-system/cilium HelmRelease: kube-system/cilium
+++ kubernetes/kube-nas/apps/kube-system/cilium/app Kustomization: flux-system/cilium HelmRelease: kube-system/cilium
@@ -1,11 +1,12 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
labels:
+ app.kubernetes.io/name: cilium
kustomize.toolkit.fluxcd.io/name: cilium
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: cilium
namespace: kube-system
spec:
chart:
@@ -17,19 +18,20 @@
namespace: flux-system
version: 1.16.6
install:
remediation:
retries: 3
interval: 30m
- maxHistory: 2
+ timeout: 5m
uninstall:
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
+ strategy: rollback
values:
autoDirectNodeRoutes: true
bandwidthManager:
bbr: true
enabled: true
bgp:
--- kubernetes/kube-nas/apps/kube-system/cilium/app Kustomization: flux-system/cilium CiliumL2AnnouncementPolicy: kube-system/l2-policy
+++ kubernetes/kube-nas/apps/kube-system/cilium/app Kustomization: flux-system/cilium CiliumL2AnnouncementPolicy: kube-system/l2-policy
@@ -1,11 +1,12 @@
---
apiVersion: cilium.io/v2alpha1
kind: CiliumL2AnnouncementPolicy
metadata:
labels:
+ app.kubernetes.io/name: cilium
kustomize.toolkit.fluxcd.io/name: cilium
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: l2-policy
namespace: kube-system
spec:
interfaces:
--- kubernetes/kube-nas/apps/kube-system/cilium/app Kustomization: flux-system/cilium CiliumLoadBalancerIPPool: kube-system/l2-pool
+++ kubernetes/kube-nas/apps/kube-system/cilium/app Kustomization: flux-system/cilium CiliumLoadBalancerIPPool: kube-system/l2-pool
@@ -1,11 +1,12 @@
---
apiVersion: cilium.io/v2alpha1
kind: CiliumLoadBalancerIPPool
metadata:
labels:
+ app.kubernetes.io/name: cilium
kustomize.toolkit.fluxcd.io/name: cilium
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: l2-pool
namespace: kube-system
spec:
allowFirstLastIPs: 'Yes'
--- kubernetes/kube-nas/apps/openebs-system/openebs/app Kustomization: flux-system/openebs HelmRelease: openebs-system/openebs
+++ kubernetes/kube-nas/apps/openebs-system/openebs/app Kustomization: flux-system/openebs HelmRelease: openebs-system/openebs
@@ -18,12 +18,15 @@
namespace: flux-system
version: 4.1.3
install:
remediation:
retries: 3
interval: 30m
+ timeout: 5m
+ uninstall:
+ keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
strategy: rollback
values:
--- kubernetes/kube-nas/apps/default/echo-server/app Kustomization: flux-system/echo-server HelmRelease: default/echo-server
+++ kubernetes/kube-nas/apps/default/echo-server/app Kustomization: flux-system/echo-server HelmRelease: default/echo-server
@@ -1,12 +1,11 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
labels:
- app.kubernetes.io/instance: echo-server
app.kubernetes.io/name: echo-server
kustomize.toolkit.fluxcd.io/name: echo-server
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: echo-server
namespace: default
spec:
@@ -16,23 +15,23 @@
sourceRef:
kind: HelmRepository
name: bjw-s-charts
namespace: flux-system
version: 3.6.1
install:
- createNamespace: true
remediation:
retries: 3
- interval: 15m
- maxHistory: 15
+ interval: 30m
+ timeout: 5m
uninstall:
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
+ strategy: rollback
values:
controllers:
echo-server:
containers:
app:
image:
--- kubernetes/kube-nas/apps/kube-system/metrics-server/app Kustomization: flux-system/metrics-server HelmRelease: kube-system/metrics-server
+++ kubernetes/kube-nas/apps/kube-system/metrics-server/app Kustomization: flux-system/metrics-server HelmRelease: kube-system/metrics-server
@@ -1,26 +1,37 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
labels:
+ app.kubernetes.io/name: metrics-server
kustomize.toolkit.fluxcd.io/name: metrics-server
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: metrics-server
namespace: kube-system
spec:
chart:
spec:
chart: metrics-server
- interval: 30m
sourceRef:
kind: HelmRepository
name: metrics-server-charts
namespace: flux-system
version: 3.12.2
+ install:
+ remediation:
+ retries: 3
interval: 30m
+ timeout: 5m
+ uninstall:
+ keepHistory: false
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ strategy: rollback
values:
metrics:
enabled: true
serviceMonitor:
enabled: false
--- kubernetes/kube-nas/apps/database-system/dragonfly/operator Kustomization: flux-system/dragonfly-operator HelmRelease: database-system/dragonfly-operator
+++ kubernetes/kube-nas/apps/database-system/dragonfly/operator Kustomization: flux-system/dragonfly-operator HelmRelease: database-system/dragonfly-operator
@@ -17,17 +17,22 @@
sourceRef:
kind: HelmRepository
name: bjw-s-charts
namespace: flux-system
version: 3.6.1
install:
+ crds: CreateReplace
remediation:
retries: 3
interval: 30m
+ timeout: 5m
+ uninstall:
+ keepHistory: false
upgrade:
cleanupOnFail: true
+ crds: CreateReplace
remediation:
retries: 3
strategy: rollback
values:
controllers:
dragonfly-operator:
--- kubernetes/kube-nas/flux/operator Kustomization: flux-system/flux-operator HelmRelease: flux-system/flux-operator
+++ kubernetes/kube-nas/flux/operator Kustomization: flux-system/flux-operator HelmRelease: flux-system/flux-operator
@@ -1,11 +1,12 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
labels:
+ app.kubernetes.io/name: flux-operator
kustomize.toolkit.fluxcd.io/name: flux-operator
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: flux-operator
namespace: flux-system
spec:
chart:
@@ -19,12 +20,15 @@
install:
crds: Create
createNamespace: true
remediation:
retries: 3
interval: 30m
+ timeout: 5m
+ uninstall:
+ keepHistory: false
upgrade:
cleanupOnFail: true
crds: CreateReplace
remediation:
retries: 3
strategy: rollback
--- kubernetes/kube-nas/apps/secops/external-secrets/stores Kustomization: flux-system/external-secrets-stores ClusterSecretStore: secops/kube-nas-vault
+++ kubernetes/kube-nas/apps/secops/external-secrets/stores Kustomization: flux-system/external-secrets-stores ClusterSecretStore: secops/kube-nas-vault
@@ -1,11 +1,12 @@
---
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
labels:
+ app.kubernetes.io/name: external-secrets-stores
kustomize.toolkit.fluxcd.io/name: external-secrets-stores
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: kube-nas-vault
namespace: secops
spec:
provider:
--- kubernetes/kube-nas/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/cert-manager-issuers ClusterIssuer: cert-manager/self-signed
+++ kubernetes/kube-nas/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/cert-manager-issuers ClusterIssuer: cert-manager/self-signed
@@ -1,11 +1,12 @@
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
labels:
+ app.kubernetes.io/name: cert-manager-issuers
kustomize.toolkit.fluxcd.io/name: cert-manager-issuers
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: self-signed
namespace: cert-manager
spec:
selfSigned: {}
--- kubernetes/kube-nas/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/cert-manager-issuers ClusterIssuer: cert-manager/letsencrypt-staging
+++ kubernetes/kube-nas/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/cert-manager-issuers ClusterIssuer: cert-manager/letsencrypt-staging
@@ -1,11 +1,12 @@
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
labels:
+ app.kubernetes.io/name: cert-manager-issuers
kustomize.toolkit.fluxcd.io/name: cert-manager-issuers
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: letsencrypt-staging
namespace: cert-manager
spec:
acme:
--- kubernetes/kube-nas/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/cert-manager-issuers ClusterIssuer: cert-manager/letsencrypt-production
+++ kubernetes/kube-nas/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/cert-manager-issuers ClusterIssuer: cert-manager/letsencrypt-production
@@ -1,11 +1,12 @@
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
labels:
+ app.kubernetes.io/name: cert-manager-issuers
kustomize.toolkit.fluxcd.io/name: cert-manager-issuers
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: letsencrypt-production
namespace: cert-manager
spec:
acme:
--- kubernetes/kube-nas/apps/kube-system/csi-driver-nfs/app Kustomization: flux-system/csi-driver-nfs HelmRelease: kube-system/csi-driver-nfs
+++ kubernetes/kube-nas/apps/kube-system/csi-driver-nfs/app Kustomization: flux-system/csi-driver-nfs HelmRelease: kube-system/csi-driver-nfs
@@ -15,23 +15,23 @@
sourceRef:
kind: HelmRepository
name: csi-driver-nfs-charts
namespace: flux-system
version: v4.10.0
install:
- createNamespace: true
remediation:
retries: 3
interval: 30m
- maxHistory: 3
+ timeout: 5m
uninstall:
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
+ strategy: rollback
values:
externalSnapshotter:
enabled: false
volumeSnapshotClass:
create: true
deletionPolicy: Delete
--- kubernetes/kube-nas/apps/backup-system/volsync/app Kustomization: flux-system/volsync HelmRelease: backup-system/volsync
+++ kubernetes/kube-nas/apps/backup-system/volsync/app Kustomization: flux-system/volsync HelmRelease: backup-system/volsync
@@ -15,22 +15,22 @@
sourceRef:
kind: HelmRepository
name: backube-charts
namespace: flux-system
version: 0.11.0
install:
- createNamespace: true
remediation:
retries: 3
- interval: 15m
- maxHistory: 15
+ interval: 30m
+ timeout: 5m
uninstall:
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
+ strategy: rollback
values:
manageCRDs: true
metrics:
disableAuth: true
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/oauth2-proxy
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/oauth2-proxy
@@ -14,21 +14,23 @@
decryption:
provider: sops
secretRef:
name: sops-age
dependsOn:
- name: dragonfly-cluster
- interval: 10m
+ interval: 30m
path: ./kubernetes/kube-nas/apps/auth-system/oauth2-proxy/app
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
prune: true
+ retryInterval: 1m
sourceRef:
kind: GitRepository
name: home-ops
targetNamespace: auth-system
+ timeout: 5m
wait: true
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/volsync
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/volsync
@@ -15,22 +15,23 @@
decryption:
provider: sops
secretRef:
name: sops-age
dependsOn:
- name: snapshot-controller
- interval: 10m
+ interval: 30m
path: ./kubernetes/kube-nas/apps/backup-system/volsync/app
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
prune: true
+ retryInterval: 1m
sourceRef:
kind: GitRepository
name: home-ops
targetNamespace: backup-system
- timeout: 3m
+ timeout: 5m
wait: true
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/bunkerweb-ingress
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/bunkerweb-ingress
@@ -15,13 +15,13 @@
decryption:
provider: sops
secretRef:
name: sops-age
dependsOn:
- name: cert-manager-issuers
- interval: 10m
+ interval: 30m
path: ./kubernetes/kube-nas/apps/bunkerweb-ingress/bunkerweb/app
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/cert-manager
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/cert-manager
@@ -5,24 +5,30 @@
labels:
kustomize.toolkit.fluxcd.io/name: flux-apps
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: cert-manager
namespace: flux-system
spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: cert-manager
decryption:
provider: sops
secretRef:
name: sops-age
- interval: 10m
+ interval: 30m
path: ./kubernetes/kube-nas/apps/cert-manager/cert-manager/app
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
prune: true
+ retryInterval: 1m
sourceRef:
kind: GitRepository
name: home-ops
+ targetNamespace: cert-manager
+ timeout: 5m
wait: true
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/cert-manager-issuers
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/cert-manager-issuers
@@ -5,26 +5,32 @@
labels:
kustomize.toolkit.fluxcd.io/name: flux-apps
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: cert-manager-issuers
namespace: flux-system
spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: cert-manager-issuers
decryption:
provider: sops
secretRef:
name: sops-age
dependsOn:
- name: cert-manager
- interval: 10m
+ interval: 30m
path: ./kubernetes/kube-nas/apps/cert-manager/cert-manager/issuers
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
prune: true
+ retryInterval: 1m
sourceRef:
kind: GitRepository
name: home-ops
+ targetNamespace: cert-manager
+ timeout: 5m
wait: true
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/cloudnative-pg
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/cloudnative-pg
@@ -26,9 +26,9 @@
prune: true
retryInterval: 1m
sourceRef:
kind: GitRepository
name: home-ops
targetNamespace: database-system
- timeout: 3m
+ timeout: 5m
wait: true
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/cloudnative-pg-cluster
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/cloudnative-pg-cluster
@@ -26,14 +26,14 @@
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
prune: true
- retryInterval: 15s
+ retryInterval: 1m
sourceRef:
kind: GitRepository
name: home-ops
targetNamespace: database-system
- timeout: 3m
+ timeout: 5m
wait: true
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/dbman
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/dbman
@@ -26,9 +26,9 @@
prune: true
retryInterval: 1m
sourceRef:
kind: GitRepository
name: home-ops
targetNamespace: database-system
- timeout: 3m
+ timeout: 5m
wait: true
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/echo-server
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/echo-server
@@ -6,24 +6,30 @@
kustomize.toolkit.fluxcd.io/name: flux-apps
kustomize.toolkit.fluxcd.io/namespace: flux-system
substitution.flux.home.arpa/enabled: 'true'
name: echo-server
namespace: flux-system
spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: echo-server
decryption:
provider: sops
secretRef:
name: sops-age
- interval: 10m
+ interval: 30m
path: ./kubernetes/kube-nas/apps/default/echo-server/app
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
prune: true
+ retryInterval: 1m
sourceRef:
kind: GitRepository
name: home-ops
+ targetNamespace: default
+ timeout: 5m
wait: true
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/cilium
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/cilium
@@ -5,12 +5,15 @@
labels:
kustomize.toolkit.fluxcd.io/name: flux-apps
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: cilium
namespace: flux-system
spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: cilium
decryption:
provider: sops
secretRef:
name: sops-age
interval: 30m
path: ./kubernetes/kube-nas/apps/kube-system/cilium/app
@@ -22,9 +25,10 @@
name: cluster-secrets
prune: false
retryInterval: 1m
sourceRef:
kind: GitRepository
name: home-ops
+ targetNamespace: kube-system
timeout: 5m
wait: false
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/coredns
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/coredns
@@ -6,12 +6,15 @@
kustomize.toolkit.fluxcd.io/name: flux-apps
kustomize.toolkit.fluxcd.io/namespace: flux-system
substitution.flux.home.arpa/enabled: 'true'
name: coredns
namespace: flux-system
spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: coredns
decryption:
provider: sops
secretRef:
name: sops-age
interval: 30m
path: ./kubernetes/kube-nas/apps/kube-system/coredns/app
@@ -23,9 +26,10 @@
name: cluster-secrets
prune: false
retryInterval: 1m
sourceRef:
kind: GitRepository
name: home-ops
+ targetNamespace: kube-system
timeout: 5m
wait: false
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/kubelet-csr-approver
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/kubelet-csr-approver
@@ -6,12 +6,15 @@
kustomize.toolkit.fluxcd.io/name: flux-apps
kustomize.toolkit.fluxcd.io/namespace: flux-system
substitution.flux.home.arpa/enabled: 'true'
name: kubelet-csr-approver
namespace: flux-system
spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: kubelet-csr-approver
decryption:
provider: sops
secretRef:
name: sops-age
interval: 30m
path: ./kubernetes/kube-nas/apps/kube-system/kubelet-csr-approver/app
@@ -23,9 +26,10 @@
name: cluster-secrets
prune: false
retryInterval: 1m
sourceRef:
kind: GitRepository
name: home-ops
+ targetNamespace: kube-system
timeout: 5m
wait: false
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/metrics-server
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/metrics-server
@@ -6,12 +6,15 @@
kustomize.toolkit.fluxcd.io/name: flux-apps
kustomize.toolkit.fluxcd.io/namespace: flux-system
substitution.flux.home.arpa/enabled: 'true'
name: metrics-server
namespace: flux-system
spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: metrics-server
decryption:
provider: sops
secretRef:
name: sops-age
interval: 30m
path: ./kubernetes/kube-nas/apps/kube-system/metrics-server/app
@@ -23,9 +26,10 @@
name: cluster-secrets
prune: false
retryInterval: 1m
sourceRef:
kind: GitRepository
name: home-ops
+ targetNamespace: kube-system
timeout: 5m
wait: false
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/reloader
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/reloader
@@ -6,24 +6,30 @@
kustomize.toolkit.fluxcd.io/name: flux-apps
kustomize.toolkit.fluxcd.io/namespace: flux-system
substitution.flux.home.arpa/enabled: 'true'
name: reloader
namespace: flux-system
spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: reloader
decryption:
provider: sops
secretRef:
name: sops-age
- interval: 10m
+ interval: 30m
path: ./kubernetes/kube-nas/apps/kube-tools/reloader/app
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
prune: true
+ retryInterval: 1m
sourceRef:
kind: GitRepository
name: home-ops
+ targetNamespace: kube-tools
+ timeout: 5m
wait: true
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/nginx-ingress
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/nginx-ingress
@@ -6,26 +6,32 @@
kustomize.toolkit.fluxcd.io/name: flux-apps
kustomize.toolkit.fluxcd.io/namespace: flux-system
substitution.flux.home.arpa/enabled: 'true'
name: nginx-ingress
namespace: flux-system
spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: nginx-ingress
decryption:
provider: sops
secretRef:
name: sops-age
dependsOn:
- name: cert-manager-issuers
- interval: 10m
+ interval: 30m
path: ./kubernetes/kube-nas/apps/nginx-ingress/nginx/app
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
prune: true
+ retryInterval: 1m
sourceRef:
kind: GitRepository
name: home-ops
+ targetNamespace: nginx-ingress
+ timeout: 5m
wait: true
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/harbor
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/harbor
@@ -6,27 +6,32 @@
kustomize.toolkit.fluxcd.io/name: flux-apps
kustomize.toolkit.fluxcd.io/namespace: flux-system
substitution.flux.home.arpa/enabled: 'true'
name: harbor
namespace: flux-system
spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: harbor
decryption:
provider: sops
secretRef:
name: sops-age
dependsOn:
- name: nginx-ingress
- interval: 10m
+ interval: 30m
path: ./kubernetes/kube-nas/apps/oci-registry/harbor/app
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
prune: true
+ retryInterval: 1m
sourceRef:
kind: GitRepository
name: home-ops
targetNamespace: oci-registry
+ timeout: 5m
wait: true
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/openebs
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/openebs
@@ -12,13 +12,13 @@
labels:
app.kubernetes.io/name: openebs
decryption:
provider: sops
secretRef:
name: sops-age
- interval: 10m
+ interval: 30m
path: ./kubernetes/kube-nas/apps/openebs-system/openebs/app
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/external-secrets
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/external-secrets
@@ -6,25 +6,30 @@
kustomize.toolkit.fluxcd.io/name: flux-apps
kustomize.toolkit.fluxcd.io/namespace: flux-system
substitution.flux.home.arpa/enabled: 'true'
name: external-secrets
namespace: flux-system
spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: external-secrets
decryption:
provider: sops
secretRef:
name: sops-age
- interval: 10m
+ interval: 30m
path: ./kubernetes/kube-nas/apps/secops/external-secrets/app
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
prune: true
+ retryInterval: 1m
sourceRef:
kind: GitRepository
name: home-ops
targetNamespace: secops
+ timeout: 5m
wait: true
--- kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/external-secrets-stores
+++ kubernetes/kube-nas/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/external-secrets-stores
@@ -6,27 +6,32 @@
kustomize.toolkit.fluxcd.io/name: flux-apps
kustomize.toolkit.fluxcd.io/namespace: flux-system
substitution.flux.home.arpa/enabled: 'true'
name: external-secrets-stores
namespace: flux-system
spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: external-secrets-stores
decryption:
provider: sops
secretRef:
name: sops-age
dependsOn:
- name: external-secrets
- interval: 10m
+ interval: 30m
path: ./kubernetes/kube-nas/apps/secops/external-secrets/stores
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
prune: true
+ retryInterval: 1m
sourceRef:
kind: GitRepository
name: home-ops
targetNamespace: secops
+ timeout: 5m
wait: true
--- kubernetes/kube-nas/flux/instance Kustomization: flux-system/flux-instance FluxInstance: flux-system/flux
+++ kubernetes/kube-nas/flux/instance Kustomization: flux-system/flux-instance FluxInstance: flux-system/flux
@@ -1,11 +1,12 @@
---
apiVersion: fluxcd.controlplane.io/v1
kind: FluxInstance
metadata:
labels:
+ app.kubernetes.io/name: flux-instance
kustomize.toolkit.fluxcd.io/name: flux-instance
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: flux
namespace: flux-system
spec:
cluster:
--- kubernetes/kube-nas/apps/auth-system/oauth2-proxy/app Kustomization: flux-system/oauth2-proxy HelmRelease: auth-system/oauth2-proxy
+++ kubernetes/kube-nas/apps/auth-system/oauth2-proxy/app Kustomization: flux-system/oauth2-proxy HelmRelease: auth-system/oauth2-proxy
@@ -18,12 +18,15 @@
namespace: flux-system
version: 3.6.1
install:
remediation:
retries: 3
interval: 30m
+ timeout: 5m
+ uninstall:
+ keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
strategy: rollback
values:
--- kubernetes/kube-nas/apps/nginx-ingress/nginx/app Kustomization: flux-system/nginx-ingress HelmRelease: nginx-ingress/nginx
+++ kubernetes/kube-nas/apps/nginx-ingress/nginx/app Kustomization: flux-system/nginx-ingress HelmRelease: nginx-ingress/nginx
@@ -1,11 +1,12 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
labels:
+ app.kubernetes.io/name: nginx-ingress
kustomize.toolkit.fluxcd.io/name: nginx-ingress
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: nginx
namespace: nginx-ingress
spec:
chart:
@@ -17,19 +18,20 @@
namespace: flux-system
version: 4.12.0
install:
remediation:
retries: 3
interval: 30m
- maxHistory: 2
+ timeout: 5m
uninstall:
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
+ strategy: rollback
values:
controller:
allowSnippetAnnotations: true
config:
client-body-buffer-size: 100M
client-body-timeout: 120
--- kubernetes/kube-nas/apps/bunkerweb-ingress/bunkerweb/app Kustomization: flux-system/bunkerweb-ingress HelmRelease: bunkerweb-ingress/bunkerweb
+++ kubernetes/kube-nas/apps/bunkerweb-ingress/bunkerweb/app Kustomization: flux-system/bunkerweb-ingress HelmRelease: bunkerweb-ingress/bunkerweb
@@ -18,12 +18,15 @@
namespace: flux-system
version: 3.6.1
install:
remediation:
retries: 3
interval: 30m
+ timeout: 5m
+ uninstall:
+ keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
strategy: rollback
values:
--- kubernetes/kube-nas/apps/secops/vault/app Kustomization: flux-system/vault HelmRelease: secops/vault
+++ kubernetes/kube-nas/apps/secops/vault/app Kustomization: flux-system/vault HelmRelease: secops/vault
@@ -19,20 +19,21 @@
version: 0.29.1
driftDetection:
mode: enabled
install:
remediation:
retries: 3
- interval: 15m
- maxHistory: 5
+ interval: 30m
+ timeout: 5m
uninstall:
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
+ strategy: rollback
values:
global:
enabled: true
injector:
logFormat: json
metrics:
--- kubernetes/kube-nas/apps/secops/vault/snapshots Kustomization: flux-system/vault-snapshots HelmRelease: secops/vault-snapshots
+++ kubernetes/kube-nas/apps/secops/vault/snapshots Kustomization: flux-system/vault-snapshots HelmRelease: secops/vault-snapshots
@@ -14,13 +14,24 @@
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s-charts
namespace: flux-system
version: 3.6.1
- interval: 15m
+ install:
+ remediation:
+ retries: 3
+ interval: 30m
+ timeout: 5m
+ uninstall:
+ keepHistory: false
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ strategy: rollback
values:
controllers:
vault-snapshots:
annotations:
reloader.stakater.com/auto: 'true'
containers:
--- kubernetes/kube-nas/apps/oci-registry/harbor/app Kustomization: flux-system/harbor PersistentVolumeClaim: oci-registry/harbor-registry-0
+++ kubernetes/kube-nas/apps/oci-registry/harbor/app Kustomization: flux-system/harbor PersistentVolumeClaim: oci-registry/harbor-registry-0
@@ -1,11 +1,12 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
+ app.kubernetes.io/name: harbor
kustomize.toolkit.fluxcd.io/name: harbor
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: harbor-registry-0
namespace: oci-registry
spec:
accessModes:
--- kubernetes/kube-nas/apps/oci-registry/harbor/app Kustomization: flux-system/harbor Database: oci-registry/harbor
+++ kubernetes/kube-nas/apps/oci-registry/harbor/app Kustomization: flux-system/harbor Database: oci-registry/harbor
@@ -1,11 +1,12 @@
---
apiVersion: dbman.hef.sh/v1alpha3
kind: Database
metadata:
labels:
+ app.kubernetes.io/name: harbor
kustomize.toolkit.fluxcd.io/name: harbor
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: harbor
namespace: oci-registry
spec:
credentials:
--- kubernetes/kube-nas/apps/oci-registry/harbor/app Kustomization: flux-system/harbor HelmRelease: oci-registry/harbor
+++ kubernetes/kube-nas/apps/oci-registry/harbor/app Kustomization: flux-system/harbor HelmRelease: oci-registry/harbor
@@ -1,11 +1,12 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
labels:
+ app.kubernetes.io/name: harbor
kustomize.toolkit.fluxcd.io/name: harbor
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: harbor
namespace: oci-registry
spec:
chart:
@@ -20,12 +21,14 @@
mode: enabled
install:
remediation:
retries: 3
interval: 30m
timeout: 15m
+ uninstall:
+ keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
strategy: rollback
values: |
--- HelmRelease: oci-registry/harbor Deployment: oci-registry/harbor-core
+++ HelmRelease: oci-registry/harbor Deployment: oci-registry/harbor-core
@@ -33,14 +33,14 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: harbor
component: core
app.kubernetes.io/component: core
annotations:
checksum/configmap: bc72ac8755ccf8c649ec6f311c78f63cf8209229beca2c2c8c4ef8a99f1be86f
- checksum/secret: 771cf5bcc6c3979d4d8c67a6aadefddc781ef047ed1764921c1e08538b420d98
- checksum/secret-jobservice: b760dd2967604ef1e5f8a50fddf4ef132a2a5b129752aefa2e9a20206a74ec58
+ checksum/secret: f08e694086491c243225f8566e459ab6fff0b0d5991bda19e4f3fedbdacc9476
+ checksum/secret-jobservice: e70b54f1ba7fba94624067be8d34f8b4c8ef85e2ae5e3ece81c38cd545e0dfec
spec:
securityContext:
runAsUser: 10000
fsGroup: 10000
automountServiceAccountToken: false
terminationGracePeriodSeconds: 120
--- HelmRelease: oci-registry/harbor Deployment: oci-registry/harbor-jobservice
+++ HelmRelease: oci-registry/harbor Deployment: oci-registry/harbor-jobservice
@@ -36,14 +36,14 @@
app.kubernetes.io/part-of: harbor
component: jobservice
app.kubernetes.io/component: jobservice
annotations:
checksum/configmap: 0f1812b2ccbad9495dd13cb8e78746a1b21607cb90842b145c29c2a1cc3b82fe
checksum/configmap-env: 2fc5289ec213154b69e3208a8fed3e19505005fb6cf4adad7186f932d41b2d8f
- checksum/secret: 5b6a3496edb27ae2591eb1231cb3aed6aee76164493c5dda9003c711438c7d1f
- checksum/secret-core: 8c4b8474d47624c50579cbad0cd2b2619b8d845f928e6da972a6c4d82206ed2e
+ checksum/secret: 88a2a0884ea441106240073b2bdcaf8e38547744ea66810960a1657fa477f197
+ checksum/secret-core: 26221752a26efbc7874e1e4310e1d2873dba68f5fc614b5b5d9450d9726ddf8e
spec:
securityContext:
runAsUser: 10000
fsGroup: 10000
automountServiceAccountToken: false
terminationGracePeriodSeconds: 120
--- HelmRelease: oci-registry/harbor Deployment: oci-registry/harbor-registry
+++ HelmRelease: oci-registry/harbor Deployment: oci-registry/harbor-registry
@@ -35,15 +35,15 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: harbor
component: registry
app.kubernetes.io/component: registry
annotations:
checksum/configmap: dcbebc677a155d533eb2153125b95bce01dc71bd30ad498a0d36afded9e1a0e0
- checksum/secret: 1b91406981e8b06150ee20d3e5b7210370fb7be146cf75e867f0fafc66ff4cd8
- checksum/secret-jobservice: 7de6b9fa6a8d92db15f433fe6428284c19a779058462d6c45097f2fe31d07c1c
- checksum/secret-core: 5e266d3fc925d3a195a2d8b3465456bd9712a1650f1355ab8ede8466653e534d
+ checksum/secret: c502c0f28f0556b6af0b2c685d5130fc24d0dfcee8990627a83a640d62e64839
+ checksum/secret-jobservice: 19a1d5ea7516e97a1bbd8dda8e77bff5250d33724799dd73af3f4286c86c2696
+ checksum/secret-core: deda2f1d32cfc0f0c825cdd5cedb1e5b5989d82d2411adaa34c77c24525074d4
spec:
securityContext:
runAsUser: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
automountServiceAccountToken: false |
🦙 MegaLinter status: ✅ SUCCESS
See detailed report in MegaLinter reports MegaLinter is graciously provided by OX Security |
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.