From 9d2c5e61623fceca750c9f923f1cab0a4cf870ae Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Sun, 16 Jun 2024 11:11:26 +1000 Subject: [PATCH 1/3] update namespaces for apps --- kubernetes/apps/adguard-home/adguard-home.yaml | 2 +- kubernetes/apps/adguard-home/app/ingress.yaml | 2 +- kubernetes/apps/capacitor/app/ingress.yaml | 2 +- kubernetes/apps/capacitor/app/manifest.yaml | 4 ++-- kubernetes/apps/capacitor/app/rbac.yaml | 2 +- kubernetes/apps/capacitor/capacitor.yaml | 2 +- kubernetes/apps/cert-manager/cert-manager.yaml | 6 +++--- kubernetes/apps/podinfo/podinfo.yaml | 2 +- kubernetes/apps/prometheus-operator/app/namespace.yaml | 4 ++++ .../apps/prometheus-operator/prometheus-operator.yaml | 2 +- kubernetes/infrastructure/ingress-nginx/config/values.yaml | 2 +- .../infrastructure/ingress-nginx/ingress-nginx-config.yaml | 2 +- kubernetes/infrastructure/ingress-nginx/ingress-nginx.yaml | 2 +- 13 files changed, 19 insertions(+), 15 deletions(-) create mode 100644 kubernetes/apps/prometheus-operator/app/namespace.yaml diff --git a/kubernetes/apps/adguard-home/adguard-home.yaml b/kubernetes/apps/adguard-home/adguard-home.yaml index ce20174..c3221ba 100644 --- a/kubernetes/apps/adguard-home/adguard-home.yaml +++ b/kubernetes/apps/adguard-home/adguard-home.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: adguard-home - namespace: flux-system + namespace: adguard-home spec: interval: 10m timeout: 1m30s diff --git a/kubernetes/apps/adguard-home/app/ingress.yaml b/kubernetes/apps/adguard-home/app/ingress.yaml index 2c57855..b5bcd9a 100644 --- a/kubernetes/apps/adguard-home/app/ingress.yaml +++ b/kubernetes/apps/adguard-home/app/ingress.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: adguard-home-ingress - namespace: flux-system + namespace: adguard-home annotations: nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.ingress.kubernetes.io/use-regex: "true" diff --git a/kubernetes/apps/capacitor/app/ingress.yaml b/kubernetes/apps/capacitor/app/ingress.yaml index e95b47f..8ff6124 100644 --- a/kubernetes/apps/capacitor/app/ingress.yaml +++ b/kubernetes/apps/capacitor/app/ingress.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: capacitor-ingress - namespace: flux-system + namespace: capacitor annotations: nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.ingress.kubernetes.io/use-regex: "true" diff --git a/kubernetes/apps/capacitor/app/manifest.yaml b/kubernetes/apps/capacitor/app/manifest.yaml index e3212ee..8f16651 100644 --- a/kubernetes/apps/capacitor/app/manifest.yaml +++ b/kubernetes/apps/capacitor/app/manifest.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Service metadata: name: capacitor - namespace: flux-system + namespace: capacitor labels: helm.sh/chart: onechart-0.63.0 app.kubernetes.io/name: onechart @@ -26,7 +26,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: capacitor - namespace: flux-system + namespace: capacitor labels: helm.sh/chart: onechart-0.63.0 app.kubernetes.io/name: onechart diff --git a/kubernetes/apps/capacitor/app/rbac.yaml b/kubernetes/apps/capacitor/app/rbac.yaml index 61ef613..07157d1 100644 --- a/kubernetes/apps/capacitor/app/rbac.yaml +++ b/kubernetes/apps/capacitor/app/rbac.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: capacitor - namespace: flux-system + namespace: capacitor --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/kubernetes/apps/capacitor/capacitor.yaml b/kubernetes/apps/capacitor/capacitor.yaml index 804279a..c3ff292 100644 --- a/kubernetes/apps/capacitor/capacitor.yaml +++ b/kubernetes/apps/capacitor/capacitor.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: capacitor - namespace: flux-system + namespace: capacitor spec: interval: 10m timeout: 1m30s diff --git a/kubernetes/apps/cert-manager/cert-manager.yaml b/kubernetes/apps/cert-manager/cert-manager.yaml index 1f456c0..11de5e0 100644 --- a/kubernetes/apps/cert-manager/cert-manager.yaml +++ b/kubernetes/apps/cert-manager/cert-manager.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: cert-manager - namespace: flux-system + namespace: cert-manager spec: interval: 10m timeout: 1m30s @@ -19,7 +19,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: clusterissuer-secrets - namespace: flux-system + namespace: cert-manager spec: interval: 10m timeout: 1m30s @@ -42,7 +42,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: clusterissuer - namespace: flux-system + namespace: cert-manager spec: interval: 10m timeout: 1m30s diff --git a/kubernetes/apps/podinfo/podinfo.yaml b/kubernetes/apps/podinfo/podinfo.yaml index 5bb45d4..fe06bd5 100644 --- a/kubernetes/apps/podinfo/podinfo.yaml +++ b/kubernetes/apps/podinfo/podinfo.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: podinfo - namespace: flux-system + namespace: podinfo spec: interval: 10m timeout: 1m30s diff --git a/kubernetes/apps/prometheus-operator/app/namespace.yaml b/kubernetes/apps/prometheus-operator/app/namespace.yaml new file mode 100644 index 0000000..a586749 --- /dev/null +++ b/kubernetes/apps/prometheus-operator/app/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: prometheus-operator diff --git a/kubernetes/apps/prometheus-operator/prometheus-operator.yaml b/kubernetes/apps/prometheus-operator/prometheus-operator.yaml index 330aa66..84310e0 100644 --- a/kubernetes/apps/prometheus-operator/prometheus-operator.yaml +++ b/kubernetes/apps/prometheus-operator/prometheus-operator.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: prometheus-operator - namespace: flux-system + namespace: prometheus-operator spec: suspend: true interval: 1h diff --git a/kubernetes/infrastructure/ingress-nginx/config/values.yaml b/kubernetes/infrastructure/ingress-nginx/config/values.yaml index 9fbd9d8..bfd5e09 100644 --- a/kubernetes/infrastructure/ingress-nginx/config/values.yaml +++ b/kubernetes/infrastructure/ingress-nginx/config/values.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: ingress-nginx-values - namespace: flux-system + namespace: ingress-nginx data: use_geoip2: "false" disable_ipv6: "true" diff --git a/kubernetes/infrastructure/ingress-nginx/ingress-nginx-config.yaml b/kubernetes/infrastructure/ingress-nginx/ingress-nginx-config.yaml index 38cad47..53e5622 100644 --- a/kubernetes/infrastructure/ingress-nginx/ingress-nginx-config.yaml +++ b/kubernetes/infrastructure/ingress-nginx/ingress-nginx-config.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: ingress-nginx-config - namespace: flux-system + namespace: ingress-nginx spec: interval: 10m timeout: 1m30s diff --git a/kubernetes/infrastructure/ingress-nginx/ingress-nginx.yaml b/kubernetes/infrastructure/ingress-nginx/ingress-nginx.yaml index c189c3d..001c917 100644 --- a/kubernetes/infrastructure/ingress-nginx/ingress-nginx.yaml +++ b/kubernetes/infrastructure/ingress-nginx/ingress-nginx.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: ingress-nginx - namespace: flux-system + namespace: ingress-nginx spec: interval: 10m timeout: 1m30s From b60ebde576fd31937d85fa0f2f70dfe3fe45ee2b Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Sun, 16 Jun 2024 11:25:54 +1000 Subject: [PATCH 2/3] suspend app reconcile for now --- kubernetes/rpi5-cluster/apps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/rpi5-cluster/apps.yaml b/kubernetes/rpi5-cluster/apps.yaml index 28811f4..89fd31c 100644 --- a/kubernetes/rpi5-cluster/apps.yaml +++ b/kubernetes/rpi5-cluster/apps.yaml @@ -4,7 +4,7 @@ metadata: name: apps namespace: flux-system spec: - suspend: false + suspend: true interval: 10m0s dependsOn: - name: infrastructure From c3018a21bab908ad08de4fd49827faa27d728641 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Sun, 16 Jun 2024 11:32:11 +1000 Subject: [PATCH 3/3] update namespace for cilium --- kubernetes/infrastructure/cilium/app/release.yaml | 2 +- kubernetes/infrastructure/cilium/app/repository.yaml | 2 +- kubernetes/infrastructure/cilium/cilium.yaml | 4 ++-- .../infrastructure/cilium/networkpolicies/coredns.yaml | 2 +- .../cilium/networkpolicies/egress-kube-dns.yaml | 2 +- .../cilium/networkpolicies/egress-kubeapi.yaml | 2 +- .../cilium/networkpolicies/egress-namespace.yaml | 2 +- .../cilium/networkpolicies/egress-nodes.yaml | 2 +- .../cilium/networkpolicies/egress-world-with-lan.yaml | 2 +- .../cilium/networkpolicies/egress-world.yaml | 2 +- .../cilium/networkpolicies/ingress-namespace.yaml | 2 +- .../cilium/networkpolicies/ingress-nginx.yaml | 8 ++++---- .../cilium/networkpolicies/ingress-nodes.yaml | 2 +- .../cilium/networkpolicies/ingress-world.yaml | 2 +- .../cilium/networkpolicies/local-path-provisioner.yaml | 2 +- 15 files changed, 19 insertions(+), 19 deletions(-) diff --git a/kubernetes/infrastructure/cilium/app/release.yaml b/kubernetes/infrastructure/cilium/app/release.yaml index 8be73c8..2f9dad5 100644 --- a/kubernetes/infrastructure/cilium/app/release.yaml +++ b/kubernetes/infrastructure/cilium/app/release.yaml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: cilium - namespace: kube-system + namespace: cilium spec: chart: spec: diff --git a/kubernetes/infrastructure/cilium/app/repository.yaml b/kubernetes/infrastructure/cilium/app/repository.yaml index 0ca641c..a2caf9b 100644 --- a/kubernetes/infrastructure/cilium/app/repository.yaml +++ b/kubernetes/infrastructure/cilium/app/repository.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: cilium - namespace: kube-system + namespace: cilium spec: interval: 1h url: https://helm.cilium.io diff --git a/kubernetes/infrastructure/cilium/cilium.yaml b/kubernetes/infrastructure/cilium/cilium.yaml index 6211012..b293195 100644 --- a/kubernetes/infrastructure/cilium/cilium.yaml +++ b/kubernetes/infrastructure/cilium/cilium.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: cilium - namespace: kube-system + namespace: cilium spec: interval: 10m timeout: 1m30s @@ -18,7 +18,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: cilium-networkpolicies - namespace: kube-system + namespace: cilium spec: interval: 10m timeout: 1m30s diff --git a/kubernetes/infrastructure/cilium/networkpolicies/coredns.yaml b/kubernetes/infrastructure/cilium/networkpolicies/coredns.yaml index 5b7826c..bf95260 100644 --- a/kubernetes/infrastructure/cilium/networkpolicies/coredns.yaml +++ b/kubernetes/infrastructure/cilium/networkpolicies/coredns.yaml @@ -2,7 +2,7 @@ apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: coredns - namespace: kube-system + namespace: cilium spec: endpointSelector: matchLabels: diff --git a/kubernetes/infrastructure/cilium/networkpolicies/egress-kube-dns.yaml b/kubernetes/infrastructure/cilium/networkpolicies/egress-kube-dns.yaml index 419a3df..dc0ac94 100644 --- a/kubernetes/infrastructure/cilium/networkpolicies/egress-kube-dns.yaml +++ b/kubernetes/infrastructure/cilium/networkpolicies/egress-kube-dns.yaml @@ -2,7 +2,7 @@ apiVersion: cilium.io/v2 kind: CiliumClusterwideNetworkPolicy metadata: name: egress-kube-dns - namespace: kube-system + namespace: cilium spec: endpointSelector: matchExpressions: diff --git a/kubernetes/infrastructure/cilium/networkpolicies/egress-kubeapi.yaml b/kubernetes/infrastructure/cilium/networkpolicies/egress-kubeapi.yaml index 97be096..74fbe0b 100644 --- a/kubernetes/infrastructure/cilium/networkpolicies/egress-kubeapi.yaml +++ b/kubernetes/infrastructure/cilium/networkpolicies/egress-kubeapi.yaml @@ -2,7 +2,7 @@ apiVersion: cilium.io/v2 kind: CiliumClusterwideNetworkPolicy metadata: name: egress-kubeapi - namespace: kube-system + namespace: cilium spec: endpointSelector: matchLabels: diff --git a/kubernetes/infrastructure/cilium/networkpolicies/egress-namespace.yaml b/kubernetes/infrastructure/cilium/networkpolicies/egress-namespace.yaml index b4a7b3c..12062cf 100644 --- a/kubernetes/infrastructure/cilium/networkpolicies/egress-namespace.yaml +++ b/kubernetes/infrastructure/cilium/networkpolicies/egress-namespace.yaml @@ -2,7 +2,7 @@ apiVersion: cilium.io/v2 kind: CiliumClusterwideNetworkPolicy metadata: name: egress-namespace - namespace: kube-system + namespace: cilium spec: endpointSelector: matchLabels: diff --git a/kubernetes/infrastructure/cilium/networkpolicies/egress-nodes.yaml b/kubernetes/infrastructure/cilium/networkpolicies/egress-nodes.yaml index c29203d..338c8c6 100644 --- a/kubernetes/infrastructure/cilium/networkpolicies/egress-nodes.yaml +++ b/kubernetes/infrastructure/cilium/networkpolicies/egress-nodes.yaml @@ -2,7 +2,7 @@ apiVersion: cilium.io/v2 kind: CiliumClusterwideNetworkPolicy metadata: name: egress-nodes - namespace: kube-system + namespace: cilium spec: endpointSelector: matchLabels: diff --git a/kubernetes/infrastructure/cilium/networkpolicies/egress-world-with-lan.yaml b/kubernetes/infrastructure/cilium/networkpolicies/egress-world-with-lan.yaml index 57e9e3b..de7e3d2 100644 --- a/kubernetes/infrastructure/cilium/networkpolicies/egress-world-with-lan.yaml +++ b/kubernetes/infrastructure/cilium/networkpolicies/egress-world-with-lan.yaml @@ -2,7 +2,7 @@ apiVersion: cilium.io/v2 kind: CiliumClusterwideNetworkPolicy metadata: name: egress-world-with-lan - namespace: kube-system + namespace: cilium spec: endpointSelector: matchLabels: diff --git a/kubernetes/infrastructure/cilium/networkpolicies/egress-world.yaml b/kubernetes/infrastructure/cilium/networkpolicies/egress-world.yaml index af78575..665ea52 100644 --- a/kubernetes/infrastructure/cilium/networkpolicies/egress-world.yaml +++ b/kubernetes/infrastructure/cilium/networkpolicies/egress-world.yaml @@ -2,7 +2,7 @@ apiVersion: cilium.io/v2 kind: CiliumClusterwideNetworkPolicy metadata: name: egress-world - namespace: kube-system + namespace: cilium spec: endpointSelector: matchLabels: diff --git a/kubernetes/infrastructure/cilium/networkpolicies/ingress-namespace.yaml b/kubernetes/infrastructure/cilium/networkpolicies/ingress-namespace.yaml index 6922846..8afb146 100644 --- a/kubernetes/infrastructure/cilium/networkpolicies/ingress-namespace.yaml +++ b/kubernetes/infrastructure/cilium/networkpolicies/ingress-namespace.yaml @@ -2,7 +2,7 @@ apiVersion: cilium.io/v2 kind: CiliumClusterwideNetworkPolicy metadata: name: ingress-namespace - namespace: kube-system + namespace: cilium spec: endpointSelector: matchLabels: diff --git a/kubernetes/infrastructure/cilium/networkpolicies/ingress-nginx.yaml b/kubernetes/infrastructure/cilium/networkpolicies/ingress-nginx.yaml index fdd215f..2b93142 100644 --- a/kubernetes/infrastructure/cilium/networkpolicies/ingress-nginx.yaml +++ b/kubernetes/infrastructure/cilium/networkpolicies/ingress-nginx.yaml @@ -2,7 +2,7 @@ apiVersion: cilium.io/v2 kind: CiliumClusterwideNetworkPolicy metadata: name: ingress-ingress - namespace: ingress-nginx + namespace: cilium spec: endpointSelector: matchLabels: @@ -18,7 +18,7 @@ apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: ingress-nginx - namespace: ingress-nginx + namespace: cilium spec: endpointSelector: matchLabels: @@ -36,7 +36,7 @@ apiVersion: cilium.io/v2 kind: CiliumClusterwideNetworkPolicy metadata: name: egress-ingress - namespace: ingress-nginx + namespace: cilium spec: endpointSelector: matchLabels: @@ -52,7 +52,7 @@ apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: egress-nginx - namespace: ingress-nginx + namespace: cilium spec: endpointSelector: matchLabels: diff --git a/kubernetes/infrastructure/cilium/networkpolicies/ingress-nodes.yaml b/kubernetes/infrastructure/cilium/networkpolicies/ingress-nodes.yaml index 88ad767..1e69a20 100644 --- a/kubernetes/infrastructure/cilium/networkpolicies/ingress-nodes.yaml +++ b/kubernetes/infrastructure/cilium/networkpolicies/ingress-nodes.yaml @@ -2,7 +2,7 @@ apiVersion: cilium.io/v2 kind: CiliumClusterwideNetworkPolicy metadata: name: ingress-nodes - namespace: kube-system + namespace: cilium spec: endpointSelector: matchLabels: diff --git a/kubernetes/infrastructure/cilium/networkpolicies/ingress-world.yaml b/kubernetes/infrastructure/cilium/networkpolicies/ingress-world.yaml index 6445ffe..1c3f6ed 100644 --- a/kubernetes/infrastructure/cilium/networkpolicies/ingress-world.yaml +++ b/kubernetes/infrastructure/cilium/networkpolicies/ingress-world.yaml @@ -2,7 +2,7 @@ apiVersion: cilium.io/v2 kind: CiliumClusterwideNetworkPolicy metadata: name: ingress-world - namespace: kube-system + namespace: cilium spec: endpointSelector: matchLabels: diff --git a/kubernetes/infrastructure/cilium/networkpolicies/local-path-provisioner.yaml b/kubernetes/infrastructure/cilium/networkpolicies/local-path-provisioner.yaml index 947aff1..8416a9e 100644 --- a/kubernetes/infrastructure/cilium/networkpolicies/local-path-provisioner.yaml +++ b/kubernetes/infrastructure/cilium/networkpolicies/local-path-provisioner.yaml @@ -2,7 +2,7 @@ apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: local-path-provisioner - namespace: kube-system + namespace: cilium spec: endpointSelector: matchLabels: