Merge pull request #1015 from 3dwardch3ng/misc

update number of replicas
2024-09-26 19:53:59 +10:00 · 2024-09-26 19:44:22 +10:00 · 2024-09-25 23:26:38 +10:00 · 2024-09-25 23:25:25 +10:00 · 2024-09-25 23:24:04 +10:00 · 2024-09-25 23:19:36 +10:00
156 changed files with 3585 additions and 407 deletions
--- a/apps/adguard-home/base/service.yaml
+++ b/apps/adguard-home/base/service.yaml
@@ -3,12 +3,15 @@ kind: Service
 metadata:
  name: adguard-home
  namespace: adguard-home
  annotations:
    metallb.universe.tf/address-pool: k3s-cluster-ip-pool
    metallb.universe.tf/allow-shared-ip: k3s-cluster
  labels:
    app.kubernetes.io/name: adguard-home
 spec:
  selector:
    app.kubernetes.io/name: adguard-home
-  type: ClusterIP
+  type: LoadBalancer
  internalTrafficPolicy: Cluster
  ports:
    - protocol: TCP
@@ -32,11 +35,11 @@ spec:
      targetPort: 80
      name: http-tcp
    - protocol: TCP
-      port: 443
+      port: 10443
      targetPort: 443
      name: https-tcp
    - protocol: UDP
-      port: 443
+      port: 10443
      targetPort: 443
      name: https-udp
    - protocol: TCP
--- a/apps/adguard-home/env/k3s-cluster/config.json.bak
+++ b/apps/adguard-home/env/k3s-cluster/config.json.bak
--- a/apps/adguard-home/env/k3s-cluster/ingress.yaml
+++ b/apps/adguard-home/env/k3s-cluster/ingress.yaml
@@ -1,61 +0,0 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: adguard-home-ingress
  namespace: adguard-home
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/use-regex: "true"
 spec:
  ingressClassName: nginx
  rules:
    - host: "adguard-home.cluster.edward.sydney"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: adguard-home
                port:
                  number: 10080
    - host: "adguard-home.cluster.local"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: adguard-home
                port:
                  number: 10080
    - host: "setup.adguard-home.cluster.edward.sydney"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: adguard-home
                port:
                  number: 13000
    - host: "setup.adguard-home.cluster.local"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: adguard-home
                port:
                  number: 13000
    - host: "doh.adguard-home.cluster.edward.sydney"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: adguard-home
                port:
                  number: 443
--- a/apps/adguard-home/env/k3s-cluster/kustomization.yaml
+++ b/apps/adguard-home/env/k3s-cluster/kustomization.yaml
@@ -2,4 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ../../base
  - ./ingress.yaml
--- a/apps/chartmuseum/env/k3s-cluster/config.json
+++ b/apps/chartmuseum/env/k3s-cluster/config.json
@@ -0,0 +1,12 @@
 {
  "appName": "chartmuseum",
  "userGivenName": "chartmuseum",
  "namespace": "chartmuseum",
  "destNamespace": "chartmuseum",
  "destServer": "https://kubernetes.default.svc",
  "srcPath": "apps/chartmuseum/env/k3s-cluster",
  "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
  "srcTargetRevision": "",
  "labels": null,
  "annotations": null
 }
--- a/apps/chartmuseum/env/k3s-cluster/kustomization.yaml
+++ b/apps/chartmuseum/env/k3s-cluster/kustomization.yaml
@@ -0,0 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 helmCharts:
  - name: chartmuseum
    repo: https://chartmuseum.github.io/charts
    version: 3.10.3
    releaseName: chartmuseum
    valuesFile: values.yaml
--- a/apps/chartmuseum/env/k3s-cluster/values.yaml
+++ b/apps/chartmuseum/env/k3s-cluster/values.yaml
@@ -0,0 +1,24 @@
 env:
  open:
    AUTH_ANONYMOUS_GET: true
    DISABLE_API: false
    CACHE: redis
    CACHE_REDIS_ADDR: redis-master.redis.svc.cluster.local:6379
  existingSecret: chartmuseum-secrets
  existingSecretMappings:
    BASIC_AUTH_USER: auth-user
    BASIC_AUTH_PASS: auth-password
    CACHE_REDIS_PASSWORD: redis-password
 service:
  type: LoadBalancer
  externalPort: 8899
 persistence:
  enabled: true
  existingClaim: chartmuseum-pvc
 ingress:
  enabled: true
  hosts:
    - name: chartmuseum.cluster.edward.sydney
      tls: true
      tlsSecret: chartmuseum-tls
  ingressClassName: nginx
--- a/apps/coder/env/k3s-cluster/kustomization.yaml
+++ b/apps/coder/env/k3s-cluster/kustomization.yaml
@@ -3,6 +3,6 @@ kind: Kustomization
 helmCharts:
  - name: coder
    repo: https://helm.coder.com/v2
-    version: 2.14.1
+    version: 2.15.0
    releaseName: coder
    valuesFile: values.yaml
--- a/apps/coder/env/k3s-cluster/values.yaml
+++ b/apps/coder/env/k3s-cluster/values.yaml
@@ -18,5 +18,11 @@ coder:
    - name: coder-data
      mountPath: /config
  service:
-    type: NodePort
+    type: ClusterIP
-    httpNodePort: 31180
+    annotations:
      metallb.universe.tf/address-pool: k3s-cluster-ip-pool
      metallb.universe.tf/allow-shared-ip: k3s-cluster
  ingress:
    enable: true
    className: nginx
    host: "coder.cluster.edward.sydney"
--- a/apps/ec-config-server/env/k3s-cluster/config.json
+++ b/apps/ec-config-server/env/k3s-cluster/config.json
@@ -0,0 +1,12 @@
 {
  "appName": "ec-config-server",
  "userGivenName": "ec-config-server",
  "namespace": "ec-proj",
  "destNamespace": "ec-proj",
  "destServer": "https://kubernetes.default.svc",
  "srcPath": "apps/ec-config-server/env/k3s-cluster",
  "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
  "srcTargetRevision": "",
  "labels": null,
  "annotations": null
 }
--- a/apps/ec-config-server/env/k3s-cluster/kustomization.yaml
+++ b/apps/ec-config-server/env/k3s-cluster/kustomization.yaml
@@ -0,0 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 helmCharts:
  - name: ec-config-server
    repo: https://chartmuseum.cluster.edward.sydney:8899/
    version: 1.0.12
    releaseName: ec-config-server
    valuesFile: values.yaml
--- a/apps/ec-config-server/env/k3s-cluster/values.yaml
+++ b/apps/ec-config-server/env/k3s-cluster/values.yaml
@@ -0,0 +1,9 @@
 environment:
  configServerAuth:
    existingSecret: ec-config-server-auth-secrets
 service:
  type: LoadBalancer
 spring:
  activeprofile: native,k3s
 persistence:
  hostPath: /mnt/nfs/AppData/ec-config-server/config
--- a/apps/gitea/env/k3s-cluster/kustomization.yaml
+++ b/apps/gitea/env/k3s-cluster/kustomization.yaml
@@ -3,6 +3,6 @@ kind: Kustomization
 helmCharts:
  - name: gitea
    repo: oci://registry-1.docker.io/bitnamicharts
-    version: 2.3.18
+    version: 2.3.22
    releaseName: gitea
    valuesFile: values.yaml
--- a/apps/gitea/env/k3s-cluster/values.yaml
+++ b/apps/gitea/env/k3s-cluster/values.yaml
@@ -1,4 +1,7 @@
 namespaceOverride: "gitea"
 rootURL: "https://gitea.cluster.edward.sydney"
 updateStrategy:
  type: Recreate
 podAntiAffinityPreset: ""
 adminUsername: "gitea_admin"
 adminEmail: "edward@cheng.sydney"
@@ -11,12 +14,21 @@ smtpUser: "me@edward.sydney"
 smtpExistingSecret: "gitea-secrets"
 persistence:
  existingClaim: "gitea-pvc"
 resourcesPreset: "xlarge"
 podSecurityContext:
  fsGroup: 1000
 containerSecurityContext:
  runAsUser: 1000
  runAsGroup: 1000
 service:
  ports:
-    http: 10080
+    http: 10880
-    ssh: 10022
+    ssh: 10222
  annotations:
    metallb.universe.tf/address-pool: k3s-cluster-ip-pool
    metallb.universe.tf/allow-shared-ip: k3s-cluster
 ingress:
-  enabled: true
+  enabled: false
  ingressClassName: "nginx"
  hostname: "gitea.cluster.edward.sydney"
 serviceAccount:
@@ -28,3 +40,7 @@ externalDatabase:
  user: "gitea_user"
  existingSecret: "gitea-secrets"
  existingSecretPasswordKey: "db-password"
 nodeSelector:
  kubernetes.io/os: linux
  kubernetes.io/arch: amd64
  kubernetes.io/hostname: k3s-cluster-node-y
--- a/apps/homer/base/deployment.yaml
+++ b/apps/homer/base/deployment.yaml
@@ -39,3 +39,5 @@ spec:
          hostPath:
            path: /mnt/nfs/AppData/homer/www
            type: Directory
      nodeSelector:
        kubernetes.io/os: linux
--- a/apps/homer/base/service.yaml
+++ b/apps/homer/base/service.yaml
@@ -3,12 +3,15 @@ kind: Service
 metadata:
  name: homer
  namespace: homer
  annotations:
    metallb.universe.tf/address-pool: k3s-cluster-ip-pool
    metallb.universe.tf/allow-shared-ip: k3s-cluster
  labels:
    app.kubernetes.io/name: homer
 spec:
  selector:
    app.kubernetes.io/name: homer
-  type: ClusterIP
+  type: LoadBalancer
  internalTrafficPolicy: Cluster
  ports:
    - protocol: TCP
--- a/apps/homer/env/k3s-cluster/kustomization.yaml
+++ b/apps/homer/env/k3s-cluster/kustomization.yaml
@@ -2,4 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ../../base
  - ./ingress.yaml
--- a/apps/jellyfin/env/k3s-cluster/ingress.yaml
+++ b/apps/jellyfin/env/k3s-cluster/ingress.yaml
@@ -9,16 +9,6 @@ metadata:
 spec:
  ingressClassName: nginx
  rules:
    - host: "jellyfin.cluster.local"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: jellyfin
                port:
                  number: 8096
    - host: "jellyfin.cluster.edward.sydney"
      http:
        paths:
--- a/apps/jellyfin/env/k3s-cluster/kustomization.yaml
+++ b/apps/jellyfin/env/k3s-cluster/kustomization.yaml
@@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ../../base
-  - ./ingress.yaml
+#  - ./ingress.yaml
--- a/apps/kavita/base/deployment.yaml
+++ b/apps/kavita/base/deployment.yaml
@@ -20,7 +20,7 @@ spec:
        app.kubernetes.io/instance: kavita
    spec:
      containers:
-        - image: jvmilazz0/kavita:0.8.2
+        - image: jvmilazz0/kavita:0.8.3
          imagePullPolicy: IfNotPresent
          name: kavita
          ports:
--- a/apps/kubernetes-dashboard/base/kustomization.yaml
+++ b/apps/kubernetes-dashboard/base/kustomization.yaml
@@ -3,6 +3,6 @@ kind: Kustomization
 helmCharts:
  - name: kubernetes-dashboard
    repo: https://kubernetes.github.io/dashboard/
-    version: 7.5.0
+    version: 7.6.1
    releaseName: kubernetes-dashboard
    valuesFile: values.yaml
--- a/apps/nexus/base/deployment.yaml
+++ b/apps/nexus/base/deployment.yaml
@@ -22,10 +22,10 @@ spec:
          resources:
            limits:
              memory: "3Gi"
-              cpu: "1"
+              cpu: "2"
            requests:
              memory: "2Gi"
-              cpu: "500m"
+              cpu: "2"
          ports:
            - containerPort: 8081
          volumeMounts:
@@ -36,3 +36,6 @@ spec:
          hostPath:
            path: /mnt/nfs/AppData/nexus
            type: Directory
      nodeSelector:
        kubernetes.io/os: linux
        kubernetes.io/arch: arm64
--- a/apps/nexus/base/service.yaml
+++ b/apps/nexus/base/service.yaml
@@ -10,8 +10,7 @@ metadata:
 spec:
  selector:
    app: nexus
-  type: NodePort
+  type: LoadBalancer
  ports:
    - port: 8081
      targetPort: 8081
      nodePort: 32000
--- a/apps/nexus/env/k3s-cluster/ingress.yaml
+++ b/apps/nexus/env/k3s-cluster/ingress.yaml
@@ -1,21 +1,21 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: homer-ingress
+  name: nexus-ingress
-  namespace: homer
+  namespace: nexus
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/use-regex: "true"
 spec:
  ingressClassName: nginx
  rules:
-    - host: "home.edward.sydney"
+    - host: "nexus.cluster.edward.sydney"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
-                name: homer
+                name: nexus
                port:
-                  number: 8088
+                  number: 8081
--- a/apps/plane/base/deployment.yaml
+++ b/apps/plane/base/deployment.yaml
@@ -36,7 +36,7 @@ spec:
      serviceAccount: plane-srv-account
      serviceAccountName: plane-srv-account
      nodeSelector:
-        kubernetes.io/arch: arm64
+        kubernetes.io/os: linux
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -94,7 +94,7 @@ spec:
      serviceAccount: plane-srv-account
      serviceAccountName: plane-srv-account
      nodeSelector:
-        kubernetes.io/arch: arm64
+        kubernetes.io/os: linux
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -143,7 +143,7 @@ spec:
      serviceAccount: plane-srv-account
      serviceAccountName: plane-srv-account
      nodeSelector:
-        kubernetes.io/arch: arm64
+        kubernetes.io/os: linux
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -182,7 +182,7 @@ spec:
      serviceAccount: plane-srv-account
      serviceAccountName: plane-srv-account
      nodeSelector:
-        kubernetes.io/arch: arm64
+        kubernetes.io/os: linux
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -221,7 +221,7 @@ spec:
      serviceAccount: plane-srv-account
      serviceAccountName: plane-srv-account
      nodeSelector:
-        kubernetes.io/arch: arm64
+        kubernetes.io/os: linux
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -270,5 +270,5 @@ spec:
      serviceAccount: plane-srv-account
      serviceAccountName: plane-srv-account
      nodeSelector:
-        kubernetes.io/arch: arm64
+        kubernetes.io/os: linux
 ---
--- a/apps/plane/base/ingress.yaml
+++ b/apps/plane/base/ingress.yaml
@@ -1,46 +0,0 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  namespace: plane
  name: plane-ingress
 spec:
  ingressClassName: nginx
  rules:
    - host: plane.cluster.edward.sydney
      http:
        paths:
          - backend:
              service:
                port:
                  number: 3000
                name: plane-web
            path: /
            pathType: Prefix
          - backend:
              service:
                port:
                  number: 8000
                name: plane-api
            path: /api
            pathType: Prefix
          - backend:
              service:
                port:
                  number: 8000
                name: plane-api
            path: /auth
            pathType: Prefix
          - backend:
              service:
                port:
                  number: 3000
                name: plane-space
            path: /spaces
            pathType: Prefix
          - backend:
              service:
                port:
                  number: 3000
                name: plane-admin
            path: /god-mode
            pathType: Prefix
--- a/apps/plane/base/kustomization.yaml
+++ b/apps/plane/base/kustomization.yaml
@@ -7,4 +7,3 @@ resources:
  - ./deployment.yaml
  - ./stateful-set.yaml
  - ./service.yaml
  - ./ingress.yaml
--- a/apps/plane/base/service.yaml
+++ b/apps/plane/base/service.yaml
@@ -7,9 +7,10 @@ metadata:
  labels:
    app.name: plane-admin
 spec:
  type: LoadBalancer
  ports:
    - name: admin-3000
-      port: 3000
+      port: 3333
      protocol: TCP
      targetPort: 3000
  selector:
@@ -23,9 +24,10 @@ metadata:
  labels:
    app.name: plane-api
 spec:
  type: LoadBalancer
  ports:
    - name: api-8000
-      port: 8000
+      port: 8808
      protocol: TCP
      targetPort: 8000
  selector:
@@ -39,9 +41,10 @@ metadata:
  labels:
    app.name: plane-space
 spec:
  type: LoadBalancer
  ports:
    - name: space-3000
-      port: 3000
+      port: 3330
      protocol: TCP
      targetPort: 3000
  selector:
@@ -55,9 +58,10 @@ metadata:
  labels:
    app.name: plane-web
 spec:
  type: LoadBalancer
  ports:
    - name: web-3000
-      port: 3000
+      port: 3033
      protocol: TCP
      targetPort: 3000
  selector:
@@ -71,6 +75,7 @@ metadata:
  labels:
    app.name: plane-redis
 spec:
  type: LoadBalancer
  ports:
    - name: redis-6379
      port: 6379
--- a/apps/plane/base/stateful-set.yaml
+++ b/apps/plane/base/stateful-set.yaml
@@ -15,7 +15,7 @@ spec:
        app.name: plane-redis
    spec:
      containers:
-        - image: valkey/valkey:7.2.6-alpine
+        - image: valkey/valkey:8.0.0-alpine
          imagePullPolicy: Always
          name: plane-redis
          stdin: true
--- a/apps/plex/base/values.yaml
+++ b/apps/plex/base/values.yaml
@@ -8,6 +8,12 @@ extraEnv:
  PLEX_UID: 1000
  PLEX_GID: 1000
  ALLOWED_NETWORKS: "0.0.0.0/0"
 service:
  type: LoadBalancer
  port: 32400
  annotations:
    metallb.universe.tf/address-pool: k3s-cluster-ip-pool
    metallb.universe.tf/allow-shared-ip: k3s-cluster
 extraVolumeMounts:
  - name: plex-tv
    mountPath: /tv
--- a/apps/plex/env/k3s-cluster/config.json.bak
+++ b/apps/plex/env/k3s-cluster/config.json.bak
--- a/apps/qbittorrent/base/service.yaml
+++ b/apps/qbittorrent/base/service.yaml
@@ -3,6 +3,9 @@ kind: Service
 metadata:
  name: qbittorrent
  namespace: qbittorrent
  annotations:
    metallb.universe.tf/address-pool: k3s-cluster-ip-pool
    metallb.universe.tf/allow-shared-ip: k3s-cluster
  labels:
    app.kubernetes.io/name: qbittorrent
 spec:
--- a/apps/rlpa-server/base/deployment.yaml
+++ b/apps/rlpa-server/base/deployment.yaml
@@ -19,7 +19,7 @@ spec:
        runAsGroup: 1000
      containers:
        - name: rlpa-server
-          image: damonto/estkme-cloud:v1.0.13
+          image: damonto/estkme-cloud:1.1.0
          securityContext:
            allowPrivilegeEscalation: false
          ports:
--- a/apps/rlpa-server/base/service.yaml
+++ b/apps/rlpa-server/base/service.yaml
@@ -3,12 +3,15 @@ kind: Service
 metadata:
  name: rlpa-server
  namespace: rlpa
  annotations:
    metallb.universe.tf/address-pool: k3s-cluster-ip-pool
    metallb.universe.tf/allow-shared-ip: k3s-cluster
  labels:
    app.kubernetes.io/name: rlpa
 spec:
  selector:
    app.kubernetes.io/name: rlpa
-  type: ClusterIP
+  type: LoadBalancer
  internalTrafficPolicy: Cluster
  ports:
    - protocol: TCP
--- a/apps/snippet-box/base/deployment.yaml
+++ b/apps/snippet-box/base/deployment.yaml
@@ -32,3 +32,6 @@ spec:
          hostPath:
            path: /mnt/nfs/AppData/snippet-box
            type: Directory
      nodeSelector:
        kubernetes.io/os: linux
        kubernetes.io/arch: arm64
--- a/apps/snippet-box/base/ingress.yaml
+++ b/apps/snippet-box/base/ingress.yaml
@@ -1,21 +0,0 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: snippet-box-ingress
  namespace: snippet-box
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/use-regex: "true"
 spec:
  ingressClassName: nginx
  rules:
    - host: "snippet-box.cluster.edward.sydney"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: snippet-box
                port:
                  number: 5000
--- a/apps/snippet-box/base/kustomization.yaml
+++ b/apps/snippet-box/base/kustomization.yaml
@@ -3,4 +3,3 @@ kind: Kustomization
 resources:
  - ./deployment.yaml
  - ./service.yaml
  - ./ingress.yaml
--- a/apps/snippet-box/base/service.yaml
+++ b/apps/snippet-box/base/service.yaml
@@ -8,10 +8,10 @@ metadata:
 spec:
  selector:
    app.kubernetes.io/name: snippet-box
-  type: ClusterIP
+  type: LoadBalancer
  internalTrafficPolicy: Cluster
  ports:
    - protocol: TCP
-      port: 5000
+      port: 5055
      targetPort: 5000
      name: snippet-box
--- a/apps/sonarqube/env/k3s-cluster/kustomization.yaml
+++ b/apps/sonarqube/env/k3s-cluster/kustomization.yaml
@@ -3,6 +3,6 @@ kind: Kustomization
 helmCharts:
  - name: sonarqube
    repo: oci://registry-1.docker.io/bitnamicharts
-    version: 5.2.12
+    version: 5.2.13
    releaseName: sonarqube
    valuesFile: values.yaml
--- a/apps/sonarqube/env/k3s-cluster/values.yaml
+++ b/apps/sonarqube/env/k3s-cluster/values.yaml
@@ -1,7 +1,9 @@
 priorityClassName: system-cluster-critical
 image:
  debug: true
 podAntiAffinityPreset: ""
 namespaceOverride: "sonarqube"
-clusterDomain: sonarqube.cluster.edward.sydney
+clusterDomain: cluster.edward.sydney
 sonarqubeUsername: sonarqube
 existingSecret: "sonarqube-secrets"
 sonarqubeEmail: "me@edward.sydney"
@@ -10,22 +12,21 @@ smtpPort: "587"
 smtpUser: "me@edward.sydney"
 smtpProtocol: "TLS"
 smtpExistingSecret: "sonarqube-secrets"
 resourcesPreset: "2xlarge"
 podSecurityContext:
  fsGroup: 1000
 containerSecurityContext:
  runAsUser: 1000
  runAsGroup: 1000
 updateStrategy:
  type: Recreate
 service:
  ports:
    http: 8090
    elastic: 9091
-  nodePorts:
+  annotations:
-    http: 30089
+    metallb.universe.tf/address-pool: k3s-cluster-ip-pool
-    elastic: 30091
+    metallb.universe.tf/allow-shared-ip: k3s-cluster
 ingress:
  enabled: true
  ingressClassName: "nginx"
  hostname: "sonarqube.cluster.edward.sydney"
 persistence:
  enabled: true
  storageClass: local-path
@@ -40,4 +41,4 @@ externalDatabase:
  user: "sonarqube_user"
  existingSecret: "sonarqube-secrets"
 nodeSelector:
-  kubernetes.io/hostname: k3s-cluster-node-3
+  kubernetes.io/hostname: k3s-cluster-node-y
--- a/apps/stirling-pdf/base/deployment.yaml
+++ b/apps/stirling-pdf/base/deployment.yaml
@@ -16,7 +16,7 @@ spec:
    spec:
      containers:
        - name: stirling-pdf
-          image: frooodle/s-pdf:0.27.0
+          image: frooodle/s-pdf:0.29.0
          securityContext:
            allowPrivilegeEscalation: false
          env:
--- a/apps/stirling-pdf/base/service.yaml
+++ b/apps/stirling-pdf/base/service.yaml
@@ -3,15 +3,18 @@ kind: Service
 metadata:
  name: stirling-pdf
  namespace: stirling-pdf
  annotations:
    metallb.universe.tf/address-pool: k3s-cluster-ip-pool
    metallb.universe.tf/allow-shared-ip: k3s-cluster
  labels:
    app.kubernetes.io/name: stirling-pdf
 spec:
  selector:
    app.kubernetes.io/name: stirling-pdf
-  type: ClusterIP
+  type: LoadBalancer
  internalTrafficPolicy: Cluster
  ports:
    - protocol: TCP
-      port: 8080
+      port: 8880
      targetPort: 8080
      name: http
--- a/apps/stirling-pdf/env/k3s-cluster/kustomization.yaml
+++ b/apps/stirling-pdf/env/k3s-cluster/kustomization.yaml
@@ -2,4 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ../../base
  - ./ingress.yaml
--- a/apps/trillium/base/service.yaml
+++ b/apps/trillium/base/service.yaml
@@ -3,12 +3,15 @@ kind: Service
 metadata:
  name: trillium
  namespace: trillium
  annotations:
    metallb.universe.tf/address-pool: k3s-cluster-ip-pool
    metallb.universe.tf/allow-shared-ip: k3s-cluster
  labels:
    app.kubernetes.io/name: trillium
 spec:
  selector:
    app.kubernetes.io/name: trillium
-  type: ClusterIP
+  type: LoadBalancer
  internalTrafficPolicy: Cluster
  ports:
    - protocol: TCP
--- a/apps/trillium/env/k3s-cluster/ingress.yaml
+++ b/apps/trillium/env/k3s-cluster/ingress.yaml
@@ -1,21 +0,0 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: trillium-ingress
  namespace: trillium
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/use-regex: "true"
 spec:
  ingressClassName: nginx
  rules:
    - host: "trillium.cluster.edward.sydney"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: trillium
                port:
                  number: 8080
--- a/apps/trillium/env/k3s-cluster/kustomization.yaml
+++ b/apps/trillium/env/k3s-cluster/kustomization.yaml
@@ -2,4 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ../../base
  - ./ingress.yaml
--- a/apps/vaultwarden/base/service.yaml
+++ b/apps/vaultwarden/base/service.yaml
@@ -3,12 +3,15 @@ kind: Service
 metadata:
  name: vaultwarden
  namespace: vaultwarden
  annotations:
    metallb.universe.tf/address-pool: k3s-cluster-ip-pool
    metallb.universe.tf/allow-shared-ip: k3s-cluster
  labels:
    app.kubernetes.io/name: vaultwarden
 spec:
  selector:
    app.kubernetes.io/name: vaultwarden
-  type: ClusterIP
+  type: LoadBalancer
  internalTrafficPolicy: Cluster
  ports:
    - protocol: TCP
--- a/apps/vaultwarden/env/k3s-cluster/ingress.yaml
+++ b/apps/vaultwarden/env/k3s-cluster/ingress.yaml
@@ -1,21 +0,0 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: vaultwarden-ingress
  namespace: vaultwarden
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/use-regex: "true"
 spec:
  ingressClassName: nginx
  rules:
    - host: "vaultwarden.cluster.edward.sydney"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: vaultwarden
                port:
                  number: 11080
--- a/apps/vaultwarden/env/k3s-cluster/kustomization.yaml
+++ b/apps/vaultwarden/env/k3s-cluster/kustomization.yaml
@@ -2,4 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ../../base
  - ./ingress.yaml
--- a/infrastructures/argo-events/base/cluster-role-binding.yaml
+++ b/infrastructures/argo-events/base/cluster-role-binding.yaml
@@ -0,0 +1,26 @@
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: argo-events-binding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: argo-events-role
 subjects:
  - kind: ServiceAccount
    name: argo-events-sa
    namespace: argo-events
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: argo-events-webhook-binding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: argo-events-webhook
 subjects:
  - kind: ServiceAccount
    name: argo-events-webhook-sa
    namespace: argo-events
--- a/infrastructures/argo-events/base/cluster-role.yaml
+++ b/infrastructures/argo-events/base/cluster-role.yaml
@@ -0,0 +1,230 @@
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
  name: argo-events-aggregate-to-admin
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - sensors
      - sensors/finalizers
      - sensors/status
      - eventsources
      - eventsources/finalizers
      - eventsources/status
      - eventbus
      - eventbus/finalizers
      - eventbus/status
    verbs:
      - create
      - delete
      - deletecollection
      - get
      - list
      - patch
      - update
      - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
  name: argo-events-aggregate-to-edit
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - sensors
      - sensors/finalizers
      - sensors/status
      - eventsources
      - eventsources/finalizers
      - eventsources/status
      - eventbus
      - eventbus/finalizers
      - eventbus/status
    verbs:
      - create
      - delete
      - deletecollection
      - get
      - list
      - patch
      - update
      - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
    rbac.authorization.k8s.io/aggregate-to-view: "true"
  name: argo-events-aggregate-to-view
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - sensors
      - sensors/finalizers
      - sensors/status
      - eventsources
      - eventsources/finalizers
      - eventsources/status
      - eventbus
      - eventbus/finalizers
      - eventbus/status
    verbs:
      - get
      - list
      - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: argo-events-role
 rules:
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
  - apiGroups:
      - coordination.k8s.io
    resources:
      - leases
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  - apiGroups:
      - argoproj.io
    resources:
      - sensors
      - sensors/finalizers
      - sensors/status
      - eventsources
      - eventsources/finalizers
      - eventsources/status
      - eventbus
      - eventbus/finalizers
      - eventbus/status
    verbs:
      - create
      - delete
      - deletecollection
      - get
      - list
      - patch
      - update
      - watch
  - apiGroups:
      - ""
    resources:
      - pods
      - pods/exec
      - configmaps
      - services
      - persistentvolumeclaims
    verbs:
      - create
      - get
      - list
      - watch
      - update
      - patch
      - delete
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - create
      - get
      - list
      - update
      - patch
      - delete
  - apiGroups:
      - apps
    resources:
      - deployments
      - statefulsets
    verbs:
      - create
      - get
      - list
      - watch
      - update
      - patch
      - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: argo-events-webhook
 rules:
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - list
      - create
      - update
      - delete
      - patch
      - watch
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - apps
    resources:
      - deployments
    verbs:
      - get
      - list
  - apiGroups:
      - admissionregistration.k8s.io
    resources:
      - validatingwebhookconfigurations
    verbs:
      - get
      - list
      - create
      - update
      - delete
      - patch
      - watch
  - apiGroups:
      - argoproj.io
    resources:
      - eventbus
      - eventsources
      - sensors
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - rbac.authorization.k8s.io
    resources:
      - clusterroles
    verbs:
      - get
      - list
--- a/infrastructures/argo-events/base/configmap.yaml
+++ b/infrastructures/argo-events/base/configmap.yaml
@@ -0,0 +1,76 @@
 ---
 apiVersion: v1
 data:
  controller-config.yaml: |
    eventBus:
      nats:
        versions:
          - version: 0.22.1
            natsStreamingImage: nats-streaming:0.22.1
            metricsExporterImage: natsio/prometheus-nats-exporter:0.8.0
      jetstream:
        # Default JetStream settings, could be overridden by EventBus JetStream specs
        settings: |
          # https://docs.nats.io/running-a-nats-service/configuration#jetstream
          # Only configure "max_memory_store" or "max_file_store", do not set "store_dir" as it has been hardcoded.
          # e.g. 1G. -1 means no limit, up to 75% of available memory
          max_memory_store: -1
          # e.g. 20G. -1 means no limit, Up to 1TB if available
          max_file_store: 1TB
        streamConfig: |
          # The default properties of the streams to be created in this JetStream service
          maxMsgs: 50000
          maxAge: 168h
          maxBytes: -1
          replicas: 3
          duplicates: 300s
        versions:
          - version: latest
            natsImage: nats:2.10.10
            metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0
            configReloaderImage: natsio/nats-server-config-reloader:0.14.0
            startCommand: /nats-server
          - version: 2.8.1
            natsImage: nats:2.8.1
            metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
            configReloaderImage: natsio/nats-server-config-reloader:0.7.0
            startCommand: /nats-server
          - version: 2.8.1-alpine
            natsImage: nats:2.8.1-alpine
            metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
            configReloaderImage: natsio/nats-server-config-reloader:0.7.0
            startCommand: nats-server
          - version: 2.8.2
            natsImage: nats:2.8.2
            metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
            configReloaderImage: natsio/nats-server-config-reloader:0.7.0
            startCommand: /nats-server
          - version: 2.8.2-alpine
            natsImage: nats:2.8.2-alpine
            metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
            configReloaderImage: natsio/nats-server-config-reloader:0.7.0
            startCommand: nats-server
          - version: 2.9.1
            natsImage: nats:2.9.1
            metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
            configReloaderImage: natsio/nats-server-config-reloader:0.7.0
            startCommand: /nats-server
          - version: 2.9.12
            natsImage: nats:2.9.12
            metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
            configReloaderImage: natsio/nats-server-config-reloader:0.7.0
            startCommand: /nats-server
          - version: 2.9.16
            natsImage: nats:2.9.16
            metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
            configReloaderImage: natsio/nats-server-config-reloader:0.7.0
            startCommand: /nats-server
          - version: 2.10.10
            natsImage: nats:2.10.10
            metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0
            configReloaderImage: natsio/nats-server-config-reloader:0.14.0
            startCommand: /nats-server
 kind: ConfigMap
 metadata:
  name: argo-events-controller-config
  namespace: argo-events
--- a/infrastructures/argo-events/base/custom-resource-definition.yaml
+++ b/infrastructures/argo-events/base/custom-resource-definition.yaml
@@ -0,0 +1,120 @@
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: eventbus.argoproj.io
 spec:
  group: argoproj.io
  names:
    kind: EventBus
    listKind: EventBusList
    plural: eventbus
    shortNames:
      - eb
    singular: eventbus
  scope: Namespaced
  versions:
    - name: v1alpha1
      schema:
        openAPIV3Schema:
          properties:
            apiVersion:
              type: string
            kind:
              type: string
            metadata:
              type: object
            spec:
              type: object
              x-kubernetes-preserve-unknown-fields: true
            status:
              type: object
              x-kubernetes-preserve-unknown-fields: true
          required:
            - metadata
            - spec
          type: object
      served: true
      storage: true
      subresources:
        status: {}
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: eventsources.argoproj.io
 spec:
  group: argoproj.io
  names:
    kind: EventSource
    listKind: EventSourceList
    plural: eventsources
    shortNames:
      - es
    singular: eventsource
  scope: Namespaced
  versions:
    - name: v1alpha1
      schema:
        openAPIV3Schema:
          properties:
            apiVersion:
              type: string
            kind:
              type: string
            metadata:
              type: object
            spec:
              type: object
              x-kubernetes-preserve-unknown-fields: true
            status:
              type: object
              x-kubernetes-preserve-unknown-fields: true
          required:
            - metadata
            - spec
          type: object
      served: true
      storage: true
      subresources:
        status: {}
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: sensors.argoproj.io
 spec:
  group: argoproj.io
  names:
    kind: Sensor
    listKind: SensorList
    plural: sensors
    shortNames:
      - sn
    singular: sensor
  scope: Namespaced
  versions:
    - name: v1alpha1
      schema:
        openAPIV3Schema:
          properties:
            apiVersion:
              type: string
            kind:
              type: string
            metadata:
              type: object
            spec:
              type: object
              x-kubernetes-preserve-unknown-fields: true
            status:
              type: object
              x-kubernetes-preserve-unknown-fields: true
          required:
            - metadata
            - spec
          type: object
      served: true
      storage: true
      subresources:
        status: {}
--- a/infrastructures/argo-events/base/deployment.yaml
+++ b/infrastructures/argo-events/base/deployment.yaml
@@ -0,0 +1,82 @@
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: controller-manager
  namespace: argo-events
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: controller-manager
  template:
    metadata:
      labels:
        app: controller-manager
    spec:
      containers:
        - args:
            - controller
          env:
            - name: ARGO_EVENTS_IMAGE
              value: quay.io/argoproj/argo-events:v1.9.2
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          image: quay.io/argoproj/argo-events:v1.9.2
          imagePullPolicy: Always
          livenessProbe:
            httpGet:
              path: /healthz
              port: 8081
            initialDelaySeconds: 3
            periodSeconds: 3
          name: controller-manager
          readinessProbe:
            httpGet:
              path: /readyz
              port: 8081
            initialDelaySeconds: 3
            periodSeconds: 3
          volumeMounts:
            - mountPath: /etc/argo-events
              name: controller-config-volume
      securityContext:
        runAsNonRoot: true
        runAsUser: 9731
      serviceAccountName: argo-events-sa
      volumes:
        - configMap:
            name: argo-events-controller-config
          name: controller-config-volume
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: events-webhook
  namespace: argo-events
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: events-webhook
  template:
    metadata:
      labels:
        app: events-webhook
    spec:
      containers:
        - args:
            - webhook-service
          env:
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: PORT
              value: "443"
          image: quay.io/argoproj/argo-events:v1.9.2
          imagePullPolicy: Always
          name: webhook
      serviceAccountName: argo-events-webhook-sa
--- a/infrastructures/argo-events/base/kustomization.yaml
+++ b/infrastructures/argo-events/base/kustomization.yaml
@@ -0,0 +1,10 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./custom-resource-definition.yaml
  - ./service-account.yaml
  - ./cluster-role.yaml
  - ./cluster-role-binding.yaml
  - ./configmap.yaml
  - ./deployment.yaml
  - ./service.yaml
--- a/infrastructures/argo-events/base/service-account.yaml
+++ b/infrastructures/argo-events/base/service-account.yaml
@@ -0,0 +1,12 @@
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: argo-events-sa
  namespace: argo-events
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: argo-events-webhook-sa
  namespace: argo-events
--- a/infrastructures/argo-events/base/service.yaml
+++ b/infrastructures/argo-events/base/service.yaml
@@ -0,0 +1,12 @@
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: events-webhook
  namespace: argo-events
 spec:
  ports:
    - port: 443
      targetPort: 443
  selector:
    app: events-webhook
--- a/infrastructures/argo-events/env/k3s-cluster/config.json
+++ b/infrastructures/argo-events/env/k3s-cluster/config.json
@@ -0,0 +1,14 @@
 {
  "appName": "argo-events",
  "userGivenName": "argo-events",
  "namespace": "argo-events",
  "destNamespace": "argo-events",
  "destServer": "https://kubernetes.default.svc",
  "srcPath": "infrastructures/argo-events/env/k3s-cluster",
  "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
  "srcTargetRevision": "",
  "labels": null,
  "annotations": {
    "argo-events.argoproj.io/release-version": "v1.9.2"
  }
 }
--- a/infrastructures/argo-events/env/k3s-cluster/examples/event-source.yaml
+++ b/infrastructures/argo-events/env/k3s-cluster/examples/event-source.yaml
@@ -0,0 +1,37 @@
 apiVersion: argoproj.io/v1alpha1
 kind: EventSource
 metadata:
  name: webhook
 spec:
  service:
    ports:
      - port: 12000
        targetPort: 12000
  webhook:
    # event-source can run multiple HTTP servers. Simply define a unique port to start a new HTTP server
    example:
      # port to run HTTP server on
      port: "12000"
      # endpoint to listen to
      endpoint: /example
      # HTTP request method to allow. In this case, only POST requests are accepted
      method: POST
 #    example-foo:
 #      port: "12000"
 #      endpoint: /example2
 #      method: POST
 # Uncomment to use secure webhook
 #    example-secure:
 #      port: "13000"
 #      endpoint: "/secure"
 #      method: "POST"
 #      # k8s secret that contains the cert
 #      serverCertSecret:
 #        name: my-secret
 #        key: cert-key
 #      # k8s secret that contains the private key
 #      serverKeySecret:
 #        name: my-secret
 #        key: pk-key
--- a/infrastructures/argo-events/env/k3s-cluster/examples/eventbus.yaml
+++ b/infrastructures/argo-events/env/k3s-cluster/examples/eventbus.yaml
@@ -0,0 +1,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: EventBus
 metadata:
  name: default
 spec:
  nats:
    native:
      # Optional, defaults to 3. If it is < 3, set it to 3, that is the minimal requirement.
      replicas: 3
      # Optional, authen strategy, "none" or "token", defaults to "none"
      auth: token
 #      containerTemplate:
 #        resources:
 #          requests:
 #            cpu: "10m"
 #      metricsContainerTemplate:
 #        resources:
 #          requests:
 #            cpu: "10m"
 #      antiAffinity: false
 #      persistence:
 #        storageClassName: standard
 #        accessMode: ReadWriteOnce
 #        volumeSize: 10Gi
--- a/infrastructures/argo-events/env/k3s-cluster/examples/ingress.yaml
+++ b/infrastructures/argo-events/env/k3s-cluster/examples/ingress.yaml
@@ -1,21 +1,21 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: stirling-pdf-ingress
+  name: event-example-ingress
-  namespace: stirling-pdf
+  namespace: argo-events
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/use-regex: "true"
 spec:
  ingressClassName: nginx
  rules:
-    - host: "s-pdf.cluster.edward.sydney"
+    - host: "event-example.cluster.edward.sydney"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
-                name: stirling-pdf
+                name: webhook-eventsource-svc
                port:
-                  number: 8080
+                  number: 12000
--- a/infrastructures/argo-events/env/k3s-cluster/examples/sensor.yaml
+++ b/infrastructures/argo-events/env/k3s-cluster/examples/sensor.yaml
@@ -0,0 +1,33 @@
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: operate-workflow-sa
 ---
 # Similarly you can use a ClusterRole and ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: operate-workflow-role
 rules:
  - apiGroups:
      - argoproj.io
    verbs:
      - "*"
    resources:
      - workflows
      - workflowtemplates
      - cronworkflows
      - clusterworkflowtemplates
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: operate-workflow-role-binding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: operate-workflow-role
 subjects:
  - kind: ServiceAccount
    name: operate-workflow-sa
--- a/infrastructures/argo-events/env/k3s-cluster/examples/webhook.yaml
+++ b/infrastructures/argo-events/env/k3s-cluster/examples/webhook.yaml
@@ -0,0 +1,47 @@
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Sensor
 metadata:
  name: webhook
 spec:
  template:
    serviceAccountName: operate-workflow-sa
  dependencies:
    - name: test-dep
      eventSourceName: webhook
      eventName: example
  triggers:
    - template:
        name: webhook-workflow-trigger
        k8s:
          operation: create
          source:
            resource:
              apiVersion: argoproj.io/v1alpha1
              kind: Workflow
              metadata:
                generateName: webhook-
              spec:
                entrypoint: whalesay
                arguments:
                  parameters:
                    - name: message
                      # the value will get overridden by event payload from test-dep
                      value: "hello world!"
                templates:
                  - name: whalesay
                    inputs:
                      parameters:
                        - name: message
                    container:
                      image: docker/whalesay:latest
                      command: [cowsay]
                      args: ["{{inputs.parameters.message}}"]
                nodeSelector:
                  kubernetes.io/os: linux
                  kubernetes.io/arch: amd64
          parameters:
            - src:
                dependencyName: test-dep
                dataKey: body
              dest: spec.arguments.parameters.0.value
--- a/infrastructures/argo-events/env/k3s-cluster/examples/workflow.yaml
+++ b/infrastructures/argo-events/env/k3s-cluster/examples/workflow.yaml
@@ -0,0 +1,29 @@
 # This file enables a Workflow Pod (running Emissary executor) to be able to read and patch WorkflowTaskResults,
 # which get shared with the Workflow Controller. The Controller uses the results to update Workflow status.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  annotations:
    workflows.argoproj.io/description: |
      Recomended minimum permissions for the `emissary` executor.
  name: executor
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - workflowtaskresults
    verbs:
      - create
      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: executor-default
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: executor
 subjects:
  - kind: ServiceAccount
    name: default
--- a/infrastructures/argo-events/env/k3s-cluster/kustomization.yaml
+++ b/infrastructures/argo-events/env/k3s-cluster/kustomization.yaml
@@ -0,0 +1,10 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ../../base
 #  - ./examples/eventbus.yaml
 #  - ./examples/event-source.yaml
 #  - ./examples/ingress.yaml
 #  - ./examples/sensor.yaml
 #  - ./examples/workflow.yaml
 #  - ./examples/webhook.yaml
--- a/infrastructures/argo-workflows/base/cluster-role-binding.yaml
+++ b/infrastructures/argo-workflows/base/cluster-role-binding.yaml
@@ -0,0 +1,52 @@
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: argo-binding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: argo-cluster-role
 subjects:
  - kind: ServiceAccount
    name: argo
    namespace: argo
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: argo-clusterworkflowtemplate-role-binding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: argo-clusterworkflowtemplate-role
 subjects:
  - kind: ServiceAccount
    name: argo
    namespace: argo
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: argo-server-binding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: argo-server-cluster-role
 subjects:
  - kind: ServiceAccount
    name: argo-server
    namespace: argo
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: argo-server-clusterworkflowtemplate-role-binding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: argo-server-clusterworkflowtemplate-role
 subjects:
  - kind: ServiceAccount
    name: argo-server
    namespace: argo
--- a/infrastructures/argo-workflows/base/cluster-role.yaml
+++ b/infrastructures/argo-workflows/base/cluster-role.yaml
@@ -0,0 +1,298 @@
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
  name: argo-aggregate-to-admin
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - workflows
      - workflows/finalizers
      - workfloweventbindings
      - workfloweventbindings/finalizers
      - workflowtemplates
      - workflowtemplates/finalizers
      - cronworkflows
      - cronworkflows/finalizers
      - clusterworkflowtemplates
      - clusterworkflowtemplates/finalizers
      - workflowtasksets
      - workflowtasksets/finalizers
      - workflowtaskresults
      - workflowtaskresults/finalizers
    verbs:
      - create
      - delete
      - deletecollection
      - get
      - list
      - patch
      - update
      - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
  name: argo-aggregate-to-edit
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - workflows
      - workflows/finalizers
      - workfloweventbindings
      - workfloweventbindings/finalizers
      - workflowtemplates
      - workflowtemplates/finalizers
      - cronworkflows
      - cronworkflows/finalizers
      - clusterworkflowtemplates
      - clusterworkflowtemplates/finalizers
      - workflowtaskresults
      - workflowtaskresults/finalizers
    verbs:
      - create
      - delete
      - deletecollection
      - get
      - list
      - patch
      - update
      - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
    rbac.authorization.k8s.io/aggregate-to-view: "true"
  name: argo-aggregate-to-view
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - workflows
      - workflows/finalizers
      - workfloweventbindings
      - workfloweventbindings/finalizers
      - workflowtemplates
      - workflowtemplates/finalizers
      - cronworkflows
      - cronworkflows/finalizers
      - clusterworkflowtemplates
      - clusterworkflowtemplates/finalizers
      - workflowtaskresults
      - workflowtaskresults/finalizers
    verbs:
      - get
      - list
      - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: argo-cluster-role
 rules:
  - apiGroups:
      - ""
    resources:
      - pods
      - pods/exec
    verbs:
      - create
      - get
      - list
      - watch
      - update
      - patch
      - delete
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - get
      - watch
      - list
  - apiGroups:
      - ""
    resources:
      - persistentvolumeclaims
      - persistentvolumeclaims/finalizers
    verbs:
      - create
      - update
      - delete
      - get
  - apiGroups:
      - argoproj.io
    resources:
      - workflows
      - workflows/finalizers
      - workflowtasksets
      - workflowtasksets/finalizers
      - workflowartifactgctasks
    verbs:
      - get
      - list
      - watch
      - update
      - patch
      - delete
      - create
  - apiGroups:
      - argoproj.io
    resources:
      - workflowtemplates
      - workflowtemplates/finalizers
      - clusterworkflowtemplates
      - clusterworkflowtemplates/finalizers
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - argoproj.io
    resources:
      - workflowtaskresults
    verbs:
      - list
      - watch
      - deletecollection
  - apiGroups:
      - ""
    resources:
      - serviceaccounts
    verbs:
      - get
      - list
  - apiGroups:
      - argoproj.io
    resources:
      - cronworkflows
      - cronworkflows/finalizers
    verbs:
      - get
      - list
      - watch
      - update
      - patch
      - delete
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
  - apiGroups:
      - policy
    resources:
      - poddisruptionbudgets
    verbs:
      - create
      - get
      - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: argo-clusterworkflowtemplate-role
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - clusterworkflowtemplates
      - clusterworkflowtemplates/finalizers
    verbs:
      - get
      - list
      - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: argo-server-cluster-role
 rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - get
      - watch
      - list
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - create
  - apiGroups:
      - ""
    resources:
      - pods
      - pods/exec
      - pods/log
    verbs:
      - get
      - list
      - watch
      - delete
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - watch
      - create
      - patch
  - apiGroups:
      - ""
    resources:
      - serviceaccounts
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - argoproj.io
    resources:
      - eventsources
      - sensors
      - workflows
      - workfloweventbindings
      - workflowtemplates
      - cronworkflows
      - clusterworkflowtemplates
    verbs:
      - create
      - get
      - list
      - watch
      - update
      - patch
      - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: argo-server-clusterworkflowtemplate-role
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - clusterworkflowtemplates
      - clusterworkflowtemplates/finalizers
    verbs:
      - create
      - delete
      - watch
      - get
      - list
      - watch
--- a/infrastructures/argo-workflows/base/configmap.yaml
+++ b/infrastructures/argo-workflows/base/configmap.yaml
@@ -0,0 +1,110 @@
 ---
 apiVersion: v1
 data:
  artifactRepository: |
    s3:
      bucket: argo-workflows
      endpoint: minio.minio.svc.cluster.local:19000
      insecure: true
      accessKeySecret:
        name: argo-workflows-minio-cred
        key: accesskey
      secretKeySecret:
        name: argo-workflows-minio-cred
        key: secretkey
  columns: |
    - name: Workflow Completed
      type: label
      key: workflows.argoproj.io/completed
  executor: |
    resources:
      requests:
        cpu: 10m
        memory: 64Mi
  images: |
    docker/whalesay:v3.5.10:
       cmd: [cowsay]
  links: |
    - name: Workflow Link
      scope: workflow
      url: http://logging-facility?namespace=${metadata.namespace}&workflowName=${metadata.name}&startedAt=${status.startedAt}&finishedAt=${status.finishedAt}
    - name: Pod Link
      scope: pod
      url: http://logging-facility?namespace=${metadata.namespace}&podName=${metadata.name}&startedAt=${status.startedAt}&finishedAt=${status.finishedAt}
    - name: Pod Logs Link
      scope: pod-logs
      url: http://logging-facility?namespace=${metadata.namespace}&podName=${metadata.name}&startedAt=${status.startedAt}&finishedAt=${status.finishedAt}
    - name: Event Source Logs Link
      scope: event-source-logs
      url: http://logging-facility?namespace=${metadata.namespace}&podName=${metadata.name}&startedAt=${status.startedAt}&finishedAt=${status.finishedAt}
    - name: Sensor Logs Link
      scope: sensor-logs
      url: http://logging-facility?namespace=${metadata.namespace}&podName=${metadata.name}&startedAt=${status.startedAt}&finishedAt=${status.finishedAt}
    - name: Completed Workflows
      scope: workflow-list
      url: http://workflows?label=workflows.argoproj.io/completed=true
  metricsConfig: |
    enabled: true
    path: /metrics
    port: 9090
  namespaceParallelism: "10"
  persistence: |
    connectionPool:
      maxIdleConns: 100
      maxOpenConns: 0
      connMaxLifetime: 0s
    nodeStatusOffLoad: true
    archive: true
    archiveTTL: 7d
    postgresql:
      host: postgresql-primary.argocd.svc.cluster.local
      port: 5432
      database: argo_workflows
      tableName: argo_workflows
      userNameSecret:
        name: argo-workflows-postgres-config
        key: username
      passwordSecret:
        name: argo-workflows-postgres-config
        key: password
  retentionPolicy: |
    completed: 10
    failed: 3
    errored: 3
 kind: ConfigMap
 metadata:
  name: workflow-controller-configmap
  namespace: argo
 ---
 apiVersion: v1
 data:
  default-v1: |
    archiveLogs: true
    s3:
      bucket: argo-workflows
      endpoint: minio.minio.svc.cluster.local:19000
      insecure: true
      accessKeySecret:
        name: argo-workflows-minio-cred
        key: accesskey
      secretKeySecret:
        name: argo-workflows-minio-cred
        key: secretkey
  empty: ""
  my-key: |
    archiveLogs: true
    s3:
      bucket: argo-workflows
      endpoint: minio.minio.svc.cluster.local:19000
      insecure: true
      accessKeySecret:
        name: argo-workflows-minio-cred
        key: accesskey
      secretKeySecret:
        name: argo-workflows-minio-cred
        key: secretkey
 kind: ConfigMap
 metadata:
  annotations:
    workflows.argoproj.io/default-artifact-repository: default-v1
  name: artifact-repositories
--- a/infrastructures/argo-workflows/base/custom-resource-definition.yaml
+++ b/infrastructures/argo-workflows/base/custom-resource-definition.yaml
@@ -0,0 +1,888 @@
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: clusterworkflowtemplates.argoproj.io
 spec:
  group: argoproj.io
  names:
    kind: ClusterWorkflowTemplate
    listKind: ClusterWorkflowTemplateList
    plural: clusterworkflowtemplates
    shortNames:
      - clusterwftmpl
      - cwft
    singular: clusterworkflowtemplate
  scope: Cluster
  versions:
    - name: v1alpha1
      schema:
        openAPIV3Schema:
          properties:
            apiVersion:
              type: string
            kind:
              type: string
            metadata:
              type: object
            spec:
              type: object
              x-kubernetes-map-type: atomic
              x-kubernetes-preserve-unknown-fields: true
          required:
            - metadata
            - spec
          type: object
      served: true
      storage: true
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: cronworkflows.argoproj.io
 spec:
  group: argoproj.io
  names:
    kind: CronWorkflow
    listKind: CronWorkflowList
    plural: cronworkflows
    shortNames:
      - cwf
      - cronwf
    singular: cronworkflow
  scope: Namespaced
  versions:
    - name: v1alpha1
      schema:
        openAPIV3Schema:
          properties:
            apiVersion:
              type: string
            kind:
              type: string
            metadata:
              type: object
            spec:
              type: object
              x-kubernetes-map-type: atomic
              x-kubernetes-preserve-unknown-fields: true
            status:
              type: object
              x-kubernetes-map-type: atomic
              x-kubernetes-preserve-unknown-fields: true
          required:
            - metadata
            - spec
          type: object
      served: true
      storage: true
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: workflowartifactgctasks.argoproj.io
 spec:
  group: argoproj.io
  names:
    kind: WorkflowArtifactGCTask
    listKind: WorkflowArtifactGCTaskList
    plural: workflowartifactgctasks
    shortNames:
      - wfat
    singular: workflowartifactgctask
  scope: Namespaced
  versions:
    - name: v1alpha1
      schema:
        openAPIV3Schema:
          properties:
            apiVersion:
              type: string
            kind:
              type: string
            metadata:
              type: object
            spec:
              type: object
              x-kubernetes-map-type: atomic
              x-kubernetes-preserve-unknown-fields: true
            status:
              type: object
              x-kubernetes-map-type: atomic
              x-kubernetes-preserve-unknown-fields: true
          required:
            - metadata
            - spec
          type: object
      served: true
      storage: true
      subresources:
        status: {}
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: workfloweventbindings.argoproj.io
 spec:
  group: argoproj.io
  names:
    kind: WorkflowEventBinding
    listKind: WorkflowEventBindingList
    plural: workfloweventbindings
    shortNames:
      - wfeb
    singular: workfloweventbinding
  scope: Namespaced
  versions:
    - name: v1alpha1
      schema:
        openAPIV3Schema:
          properties:
            apiVersion:
              type: string
            kind:
              type: string
            metadata:
              type: object
            spec:
              type: object
              x-kubernetes-map-type: atomic
              x-kubernetes-preserve-unknown-fields: true
          required:
            - metadata
            - spec
          type: object
      served: true
      storage: true
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: workflows.argoproj.io
 spec:
  group: argoproj.io
  names:
    kind: Workflow
    listKind: WorkflowList
    plural: workflows
    shortNames:
      - wf
    singular: workflow
  scope: Namespaced
  versions:
    - additionalPrinterColumns:
        - description: Status of the workflow
          jsonPath: .status.phase
          name: Status
          type: string
        - description: When the workflow was started
          format: date-time
          jsonPath: .status.startedAt
          name: Age
          type: date
        - description: Human readable message indicating details about why the workflow
            is in this condition.
          jsonPath: .status.message
          name: Message
          type: string
      name: v1alpha1
      schema:
        openAPIV3Schema:
          properties:
            apiVersion:
              type: string
            kind:
              type: string
            metadata:
              type: object
            spec:
              type: object
              x-kubernetes-map-type: atomic
              x-kubernetes-preserve-unknown-fields: true
            status:
              type: object
              x-kubernetes-map-type: atomic
              x-kubernetes-preserve-unknown-fields: true
          required:
            - metadata
            - spec
          type: object
      served: true
      storage: true
      subresources: {}
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: workflowtaskresults.argoproj.io
 spec:
  group: argoproj.io
  names:
    kind: WorkflowTaskResult
    listKind: WorkflowTaskResultList
    plural: workflowtaskresults
    singular: workflowtaskresult
  scope: Namespaced
  versions:
    - name: v1alpha1
      schema:
        openAPIV3Schema:
          properties:
            apiVersion:
              type: string
            kind:
              type: string
            message:
              type: string
            metadata:
              type: object
            outputs:
              properties:
                artifacts:
                  items:
                    properties:
                      archive:
                        properties:
                          none:
                            type: object
                          tar:
                            properties:
                              compressionLevel:
                                format: int32
                                type: integer
                            type: object
                          zip:
                            type: object
                        type: object
                      archiveLogs:
                        type: boolean
                      artifactGC:
                        properties:
                          podMetadata:
                            properties:
                              annotations:
                                additionalProperties:
                                  type: string
                                type: object
                              labels:
                                additionalProperties:
                                  type: string
                                type: object
                            type: object
                          serviceAccountName:
                            type: string
                          strategy:
                            enum:
                              - ""
                              - OnWorkflowCompletion
                              - OnWorkflowDeletion
                              - Never
                            type: string
                        type: object
                      artifactory:
                        properties:
                          passwordSecret:
                            properties:
                              key:
                                type: string
                              name:
                                type: string
                              optional:
                                type: boolean
                            required:
                              - key
                            type: object
                          url:
                            type: string
                          usernameSecret:
                            properties:
                              key:
                                type: string
                              name:
                                type: string
                              optional:
                                type: boolean
                            required:
                              - key
                            type: object
                        required:
                          - url
                        type: object
                      azure:
                        properties:
                          accountKeySecret:
                            properties:
                              key:
                                type: string
                              name:
                                type: string
                              optional:
                                type: boolean
                            required:
                              - key
                            type: object
                          blob:
                            type: string
                          container:
                            type: string
                          endpoint:
                            type: string
                          useSDKCreds:
                            type: boolean
                        required:
                          - blob
                          - container
                          - endpoint
                        type: object
                      deleted:
                        type: boolean
                      from:
                        type: string
                      fromExpression:
                        type: string
                      gcs:
                        properties:
                          bucket:
                            type: string
                          key:
                            type: string
                          serviceAccountKeySecret:
                            properties:
                              key:
                                type: string
                              name:
                                type: string
                              optional:
                                type: boolean
                            required:
                              - key
                            type: object
                        required:
                          - key
                        type: object
                      git:
                        properties:
                          branch:
                            type: string
                          depth:
                            format: int64
                            type: integer
                          disableSubmodules:
                            type: boolean
                          fetch:
                            items:
                              type: string
                            type: array
                          insecureIgnoreHostKey:
                            type: boolean
                          passwordSecret:
                            properties:
                              key:
                                type: string
                              name:
                                type: string
                              optional:
                                type: boolean
                            required:
                              - key
                            type: object
                          repo:
                            type: string
                          revision:
                            type: string
                          singleBranch:
                            type: boolean
                          sshPrivateKeySecret:
                            properties:
                              key:
                                type: string
                              name:
                                type: string
                              optional:
                                type: boolean
                            required:
                              - key
                            type: object
                          usernameSecret:
                            properties:
                              key:
                                type: string
                              name:
                                type: string
                              optional:
                                type: boolean
                            required:
                              - key
                            type: object
                        required:
                          - repo
                        type: object
                      globalName:
                        type: string
                      hdfs:
                        properties:
                          addresses:
                            items:
                              type: string
                            type: array
                          force:
                            type: boolean
                          hdfsUser:
                            type: string
                          krbCCacheSecret:
                            properties:
                              key:
                                type: string
                              name:
                                type: string
                              optional:
                                type: boolean
                            required:
                              - key
                            type: object
                          krbConfigConfigMap:
                            properties:
                              key:
                                type: string
                              name:
                                type: string
                              optional:
                                type: boolean
                            required:
                              - key
                            type: object
                          krbKeytabSecret:
                            properties:
                              key:
                                type: string
                              name:
                                type: string
                              optional:
                                type: boolean
                            required:
                              - key
                            type: object
                          krbRealm:
                            type: string
                          krbServicePrincipalName:
                            type: string
                          krbUsername:
                            type: string
                          path:
                            type: string
                        required:
                          - path
                        type: object
                      http:
                        properties:
                          auth:
                            properties:
                              basicAuth:
                                properties:
                                  passwordSecret:
                                    properties:
                                      key:
                                        type: string
                                      name:
                                        type: string
                                      optional:
                                        type: boolean
                                    required:
                                      - key
                                    type: object
                                  usernameSecret:
                                    properties:
                                      key:
                                        type: string
                                      name:
                                        type: string
                                      optional:
                                        type: boolean
                                    required:
                                      - key
                                    type: object
                                type: object
                              clientCert:
                                properties:
                                  clientCertSecret:
                                    properties:
                                      key:
                                        type: string
                                      name:
                                        type: string
                                      optional:
                                        type: boolean
                                    required:
                                      - key
                                    type: object
                                  clientKeySecret:
                                    properties:
                                      key:
                                        type: string
                                      name:
                                        type: string
                                      optional:
                                        type: boolean
                                    required:
                                      - key
                                    type: object
                                type: object
                              oauth2:
                                properties:
                                  clientIDSecret:
                                    properties:
                                      key:
                                        type: string
                                      name:
                                        type: string
                                      optional:
                                        type: boolean
                                    required:
                                      - key
                                    type: object
                                  clientSecretSecret:
                                    properties:
                                      key:
                                        type: string
                                      name:
                                        type: string
                                      optional:
                                        type: boolean
                                    required:
                                      - key
                                    type: object
                                  endpointParams:
                                    items:
                                      properties:
                                        key:
                                          type: string
                                        value:
                                          type: string
                                      required:
                                        - key
                                      type: object
                                    type: array
                                  scopes:
                                    items:
                                      type: string
                                    type: array
                                  tokenURLSecret:
                                    properties:
                                      key:
                                        type: string
                                      name:
                                        type: string
                                      optional:
                                        type: boolean
                                    required:
                                      - key
                                    type: object
                                type: object
                            type: object
                          headers:
                            items:
                              properties:
                                name:
                                  type: string
                                value:
                                  type: string
                              required:
                                - name
                                - value
                              type: object
                            type: array
                          url:
                            type: string
                        required:
                          - url
                        type: object
                      mode:
                        format: int32
                        type: integer
                      name:
                        type: string
                      optional:
                        type: boolean
                      oss:
                        properties:
                          accessKeySecret:
                            properties:
                              key:
                                type: string
                              name:
                                type: string
                              optional:
                                type: boolean
                            required:
                              - key
                            type: object
                          bucket:
                            type: string
                          createBucketIfNotPresent:
                            type: boolean
                          endpoint:
                            type: string
                          key:
                            type: string
                          lifecycleRule:
                            properties:
                              markDeletionAfterDays:
                                format: int32
                                type: integer
                              markInfrequentAccessAfterDays:
                                format: int32
                                type: integer
                            type: object
                          secretKeySecret:
                            properties:
                              key:
                                type: string
                              name:
                                type: string
                              optional:
                                type: boolean
                            required:
                              - key
                            type: object
                          securityToken:
                            type: string
                          useSDKCreds:
                            type: boolean
                        required:
                          - key
                        type: object
                      path:
                        type: string
                      raw:
                        properties:
                          data:
                            type: string
                        required:
                          - data
                        type: object
                      recurseMode:
                        type: boolean
                      s3:
                        properties:
                          accessKeySecret:
                            properties:
                              key:
                                type: string
                              name:
                                type: string
                              optional:
                                type: boolean
                            required:
                              - key
                            type: object
                          bucket:
                            type: string
                          caSecret:
                            properties:
                              key:
                                type: string
                              name:
                                type: string
                              optional:
                                type: boolean
                            required:
                              - key
                            type: object
                          createBucketIfNotPresent:
                            properties:
                              objectLocking:
                                type: boolean
                            type: object
                          encryptionOptions:
                            properties:
                              enableEncryption:
                                type: boolean
                              kmsEncryptionContext:
                                type: string
                              kmsKeyId:
                                type: string
                              serverSideCustomerKeySecret:
                                properties:
                                  key:
                                    type: string
                                  name:
                                    type: string
                                  optional:
                                    type: boolean
                                required:
                                  - key
                                type: object
                            type: object
                          endpoint:
                            type: string
                          insecure:
                            type: boolean
                          key:
                            type: string
                          region:
                            type: string
                          roleARN:
                            type: string
                          secretKeySecret:
                            properties:
                              key:
                                type: string
                              name:
                                type: string
                              optional:
                                type: boolean
                            required:
                              - key
                            type: object
                          useSDKCreds:
                            type: boolean
                        type: object
                      subPath:
                        type: string
                    required:
                      - name
                    type: object
                  type: array
                exitCode:
                  type: string
                parameters:
                  items:
                    properties:
                      default:
                        type: string
                      description:
                        type: string
                      enum:
                        items:
                          type: string
                        type: array
                      globalName:
                        type: string
                      name:
                        type: string
                      value:
                        type: string
                      valueFrom:
                        properties:
                          configMapKeyRef:
                            properties:
                              key:
                                type: string
                              name:
                                type: string
                              optional:
                                type: boolean
                            required:
                              - key
                            type: object
                          default:
                            type: string
                          event:
                            type: string
                          expression:
                            type: string
                          jqFilter:
                            type: string
                          jsonPath:
                            type: string
                          parameter:
                            type: string
                          path:
                            type: string
                          supplied:
                            type: object
                        type: object
                    required:
                      - name
                    type: object
                  type: array
                result:
                  type: string
              type: object
            phase:
              type: string
            progress:
              type: string
          required:
            - metadata
          type: object
      served: true
      storage: true
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: workflowtasksets.argoproj.io
 spec:
  group: argoproj.io
  names:
    kind: WorkflowTaskSet
    listKind: WorkflowTaskSetList
    plural: workflowtasksets
    shortNames:
      - wfts
    singular: workflowtaskset
  scope: Namespaced
  versions:
    - name: v1alpha1
      schema:
        openAPIV3Schema:
          properties:
            apiVersion:
              type: string
            kind:
              type: string
            metadata:
              type: object
            spec:
              type: object
              x-kubernetes-map-type: atomic
              x-kubernetes-preserve-unknown-fields: true
            status:
              type: object
              x-kubernetes-map-type: atomic
              x-kubernetes-preserve-unknown-fields: true
          required:
            - metadata
            - spec
          type: object
      served: true
      storage: true
      subresources:
        status: {}
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: workflowtemplates.argoproj.io
 spec:
  group: argoproj.io
  names:
    kind: WorkflowTemplate
    listKind: WorkflowTemplateList
    plural: workflowtemplates
    shortNames:
      - wftmpl
    singular: workflowtemplate
  scope: Namespaced
  versions:
    - name: v1alpha1
      schema:
        openAPIV3Schema:
          properties:
            apiVersion:
              type: string
            kind:
              type: string
            metadata:
              type: object
            spec:
              type: object
              x-kubernetes-map-type: atomic
              x-kubernetes-preserve-unknown-fields: true
          required:
            - metadata
            - spec
          type: object
      served: true
      storage: true
--- a/infrastructures/argo-workflows/base/deployment.yaml
+++ b/infrastructures/argo-workflows/base/deployment.yaml
@@ -0,0 +1,142 @@
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: argo-server
  namespace: argo
 spec:
  selector:
    matchLabels:
      app: argo-server
  template:
    metadata:
      labels:
        app: argo-server
    spec:
      containers:
        - args:
            - server
            - --auth-mode
            - server
            - --auth-mode
            - client
          env: []
          image: quay.io/argoproj/argocli:v3.5.11
          name: argo-server
          ports:
            - containerPort: 2746
              name: web
          readinessProbe:
            httpGet:
              path: /
              port: 2746
              scheme: HTTPS
            initialDelaySeconds: 10
            periodSeconds: 20
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
            runAsNonRoot: true
          volumeMounts:
            - mountPath: /tmp
              name: tmp
      nodeSelector:
        kubernetes.io/os: linux
        kubernetes.io/arch: amd64
      securityContext:
        runAsNonRoot: true
      serviceAccountName: argo-server
      volumes:
        - emptyDir: {}
          name: tmp
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: workflow-controller
  namespace: argo
 spec:
  selector:
    matchLabels:
      app: workflow-controller
  template:
    metadata:
      labels:
        app: workflow-controller
    spec:
      containers:
        - args: []
          command:
            - workflow-controller
          env:
            - name: LEADER_ELECTION_IDENTITY
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.name
          image: quay.io/argoproj/workflow-controller:v3.5.11
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 6060
            initialDelaySeconds: 90
            periodSeconds: 60
            timeoutSeconds: 30
          name: workflow-controller
          ports:
            - containerPort: 9090
              name: metrics
            - containerPort: 6060
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
            runAsNonRoot: true
      nodeSelector:
        kubernetes.io/os: linux
        kubernetes.io/arch: amd64
      priorityClassName: workflow-controller
      securityContext:
        runAsNonRoot: true
      serviceAccountName: argo
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  labels:
    app: httpbin
  name: httpbin
 spec:
  selector:
    matchLabels:
      app: httpbin
  template:
    metadata:
      labels:
        app: httpbin
    spec:
      automountServiceAccountToken: false
      containers:
        - image: kong/httpbin
          livenessProbe:
            httpGet:
              path: /get
              port: 80
            initialDelaySeconds: 5
            periodSeconds: 10
          name: main
          ports:
            - containerPort: 80
              name: api
          readinessProbe:
            httpGet:
              path: /get
              port: 80
            initialDelaySeconds: 5
            periodSeconds: 10
--- a/infrastructures/argo-workflows/base/kustomization.yaml
+++ b/infrastructures/argo-workflows/base/kustomization.yaml
@@ -0,0 +1,14 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./custom-resource-definition.yaml
  - ./service-account.yaml
  - ./role.yaml
  - ./cluster-role.yaml
  - ./role-binding.yaml
  - ./cluster-role-binding.yaml
  - ./configmap.yaml
  - ./secret.yaml
  - ./service.yaml
  - ./priority-class.yaml
  - ./deployment.yaml
--- a/infrastructures/argo-workflows/base/priority-class.yaml
+++ b/infrastructures/argo-workflows/base/priority-class.yaml
@@ -0,0 +1,6 @@
 ---
 apiVersion: scheduling.k8s.io/v1
 kind: PriorityClass
 metadata:
  name: workflow-controller
 value: 1000000
--- a/infrastructures/argo-workflows/base/role-binding.yaml
+++ b/infrastructures/argo-workflows/base/role-binding.yaml
@@ -0,0 +1,87 @@
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: argo-binding
  namespace: argo
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: argo-role
 subjects:
  - kind: ServiceAccount
    name: argo
    namespace: argo
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: agent-default
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: agent
 subjects:
  - kind: ServiceAccount
    name: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: artifactgc-default
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: artifactgc
 subjects:
  - kind: ServiceAccount
    name: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: executor-default
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: executor
 subjects:
  - kind: ServiceAccount
    name: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: github.com
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: submit-workflow-template
 subjects:
  - kind: ServiceAccount
    name: github.com
    namespace: argo
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: pod-manager-default
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: pod-manager
 subjects:
  - kind: ServiceAccount
    name: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: workflow-manager-default
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: workflow-manager
 subjects:
  - kind: ServiceAccount
    name: default
--- a/infrastructures/argo-workflows/base/role.yaml
+++ b/infrastructures/argo-workflows/base/role.yaml
@@ -0,0 +1,142 @@
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: argo-role
  namespace: argo
 rules:
  - apiGroups:
      - coordination.k8s.io
    resources:
      - leases
    verbs:
      - create
      - get
      - update
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  annotations:
    workflows.argoproj.io/description: |
      This is the minimum recommended permissions needed if you want to use the agent, e.g. for HTTP or plugin templates.
      If <= v3.2 you must replace `workflowtasksets/status` with `patch workflowtasksets`.
  name: agent
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - workflowtasksets
    verbs:
      - list
      - watch
  - apiGroups:
      - argoproj.io
    resources:
      - workflowtasksets/status
    verbs:
      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  annotations:
    workflows.argoproj.io/description: |
      This is the minimum recommended permissions needed if you want to use artifact GC.
  name: artifactgc
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - workflowartifactgctasks
    verbs:
      - list
      - watch
  - apiGroups:
      - argoproj.io
    resources:
      - workflowartifactgctasks/status
    verbs:
      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  annotations:
    workflows.argoproj.io/description: |
      Recomended minimum permissions for the `emissary` executor.
  name: executor
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - workflowtaskresults
    verbs:
      - create
      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  annotations:
    workflows.argoproj.io/description: |
      This is an example of the permissions you would need if you wanted to use a resource template to create and manage
      other pods. The same pattern would be suitable for other resurces, e.g. a service
  name: pod-manager
 rules:
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - create
      - get
      - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: submit-workflow-template
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - workfloweventbindings
    verbs:
      - list
  - apiGroups:
      - argoproj.io
    resources:
      - workflowtemplates
    verbs:
      - get
  - apiGroups:
      - argoproj.io
    resources:
      - workflows
    verbs:
      - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  annotations:
    workflows.argoproj.io/description: |
      This is an example of the permissions you would need if you wanted to use a resource template to create and manage
      other workflows. The same pattern would be suitable for other resurces, e.g. a service
  name: workflow-manager
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - workflows
    verbs:
      - create
      - get
--- a/infrastructures/argo-workflows/base/secret.yaml
+++ b/infrastructures/argo-workflows/base/secret.yaml
@@ -0,0 +1,16 @@
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  annotations:
    kubernetes.io/service-account.name: default
  name: default.service-account-token
 type: kubernetes.io/service-account-token
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  annotations:
    kubernetes.io/service-account.name: github.com
  name: github.com.service-account-token
 type: kubernetes.io/service-account-token
--- a/infrastructures/argo-workflows/base/service-account.yaml
+++ b/infrastructures/argo-workflows/base/service-account.yaml
@@ -0,0 +1,17 @@
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: argo
  namespace: argo
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: argo-server
  namespace: argo
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: github.com
--- a/infrastructures/argo-workflows/base/service.yaml
+++ b/infrastructures/argo-workflows/base/service.yaml
@@ -0,0 +1,32 @@
 ---
 apiVersion: v1
 kind: Service
 metadata:
  annotations:
    metallb.universe.tf/address-pool: k3s-cluster-ip-pool
    metallb.universe.tf/allow-shared-ip: k3s-cluster
  name: argo-server
  namespace: argo
 spec:
  type: LoadBalancer
  ports:
    - name: web
      port: 2746
      targetPort: 2746
  selector:
    app: argo-server
 ---
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    app: httpbin
  name: httpbin
 spec:
  ports:
    - name: api
      port: 9100
      protocol: TCP
      targetPort: 80
  selector:
    app: httpbin
--- a/infrastructures/argo-workflows/env/k3s-cluster/config.json
+++ b/infrastructures/argo-workflows/env/k3s-cluster/config.json
@@ -0,0 +1,14 @@
 {
  "appName": "argo-workflows",
  "userGivenName": "argo-workflows",
  "namespace": "argo",
  "destNamespace": "argo",
  "destServer": "https://kubernetes.default.svc",
  "srcPath": "infrastructures/argo-workflows/env/k3s-cluster",
  "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
  "srcTargetRevision": "",
  "labels": null,
  "annotations": {
    "argo-workflows.argoproj.io/release-version": "v3.5.10"
  }
 }
--- a/infrastructures/argo-workflows/env/k3s-cluster/kustomization.yaml
+++ b/infrastructures/argo-workflows/env/k3s-cluster/kustomization.yaml
@@ -0,0 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ../../base
--- a/infrastructures/cert-manager/base/kustomization.yaml
+++ b/infrastructures/cert-manager/base/kustomization.yaml
@@ -3,6 +3,6 @@ kind: Kustomization
 helmCharts:
  - name: cert-manager
    repo: https://charts.jetstack.io
-    version: v1.15.2
+    version: v1.15.3
    releaseName: cert-manager
    valuesFile: values.yaml
--- a/infrastructures/ingress-nginx/base/kustomization.yaml
+++ b/infrastructures/ingress-nginx/base/kustomization.yaml
@@ -3,6 +3,6 @@ kind: Kustomization
 helmCharts:
  - name: ingress-nginx
    repo: https://kubernetes.github.io/ingress-nginx
-    version: 4.11.1
+    version: 4.11.2
    releaseName: ingress-nginx
    valuesFile: values.yaml
--- a/infrastructures/ingress-nginx/base/values.yaml
+++ b/infrastructures/ingress-nginx/base/values.yaml
@@ -3,3 +3,71 @@ rbac:
 controller:
  priorityClassName: system-cluster-critical
  extraArgs:
    update-status-on-shutdown: "false"
  allowSnippetAnnotations: true
  config:
    proxy-buffer-size: 16k
    use-gzip: true
    enable-brotli: true
    hsts-max-age: 31536000
    hsts-preload: true
    disable-ipv6: true
    disable-ipv6-dns: true
    keep-alive-requests: 1000
    use-geoip2: false
    custom-http-errors: 401,403,404,500,501,502,503,504
  extraEnvs:
    - name: TZ
      value: Australia/Sydney
  addHeaders:
    Referrer-Policy: same-origin, strict-origin-when-cross-origin
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    X-XSS-Protection: 1; mode=block
  ingressClassResource:
    default: true
  service:
    externalTrafficPolicy: Cluster
    ipFamilyPolicy: SingleStack
  metrics:
    enabled: ${metrics_enabled:=false}
  #        serviceMonitor:
  #          enabled: ${metrics_enabled:=false}
  #          scrapeInterval: 1m
  spec:
    template:
      spec:
        containers:
          volumeMounts:
            - mountPath: /etc/nginx/template
              name: nginx-template-volume
              readOnly: true
        volumes:
          - name: nginx-template-volume
            hostPath:
              path: /mnt/nfs/AppData/ingress-nginx/etc/nginx/template
              type: Directory
 defaultBackend:
  enabled: true
  image:
    repository: ghcr.io/tarampampam/error-pages
    tag: 3.3.0@sha256:43c9917e99ac1bb4df3c4e037327637e502e2ab4c3d84803b223d5b7db6d4cd7
    pullPolicy: IfNotPresent
  extraEnvs:
    - name: TEMPLATE_NAME
      value: connection
    - name: SHOW_DETAILS
      value: "true"
    - name: READ_BUFFER_SIZE
      value: "8192"
--- a/infrastructures/ingress-nginx/env/k3s-cluster/kustomization.yaml
+++ b/infrastructures/ingress-nginx/env/k3s-cluster/kustomization.yaml
@@ -1,8 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-helmCharts:
+resources:
-  - name: ingress-nginx
+  - ../../base
    repo: https://kubernetes.github.io/ingress-nginx
    version: 4.11.1
    releaseName: ingress-nginx
    valuesFile: values.yaml
--- a/infrastructures/logstash/base/kustomization.yaml
+++ b/infrastructures/logstash/base/kustomization.yaml
@@ -3,6 +3,6 @@ kind: Kustomization
 helmCharts:
  - name: logstash
    repo: oci://registry-1.docker.io/bitnamicharts
-    version: 6.3.2
+    version: 6.3.4
    releaseName: logstash
    valuesFile: values.yaml
--- a/infrastructures/minio/env/k3s-cluster/kustomization.yaml
+++ b/infrastructures/minio/env/k3s-cluster/kustomization.yaml
@@ -3,6 +3,6 @@ kind: Kustomization
 helmCharts:
  - name: minio
    repo: oci://registry-1.docker.io/bitnamicharts
-    version: 14.6.33
+    version: 14.7.10
    releaseName: minio
    valuesFile: values.yaml
--- a/infrastructures/minio/env/k3s-cluster/values.yaml
+++ b/infrastructures/minio/env/k3s-cluster/values.yaml
@@ -1,23 +1,21 @@
 namespaceOverride: "minio"
-clusterDomain: minio.cluster.edward.sydney
+image:
  debug: true
 clusterDomain: cluster.edward.sydney
 auth:
  existingSecret: "minio-secrets"
  rootUserSecretKey: "root_user"
  rootPasswordSecretKey: "root_password"
 nodeSelector:
-  kubernetes.io/hostname: k3s-cluster-node-2
+  kubernetes.io/hostname: k3s-cluster-node-y
 service:
  type: LoadBalancer
  ports:
    api: 19000
    console: 19001
-ingress:
+  annotations:
-  enabled: true
+    metallb.universe.tf/address-pool: k3s-cluster-ip-pool
-  ingressClassName: "nginx"
+    metallb.universe.tf/allow-shared-ip: k3s-cluster
  hostname: "minio.cluster.edward.sydney"
 apiIngress:
  enabled: true
  ingressClassName: "nginx"
  hostname: "api.minio.cluster.edward.sydney"
 persistence:
  existingClaim: "minio-pvc"
 containerSecurityContext:
--- a/infrastructures/mongodb/env/k3s-cluster/kustomization.yaml
+++ b/infrastructures/mongodb/env/k3s-cluster/kustomization.yaml
@@ -3,6 +3,6 @@ kind: Kustomization
 helmCharts:
  - name: mongodb
    repo: oci://registry-1.docker.io/bitnamicharts
-    version: 15.6.18
+    version: 15.6.26
    releaseName: mongodb
    valuesFile: values.yaml
--- a/infrastructures/mongodb/env/k3s-cluster/values.yaml
+++ b/infrastructures/mongodb/env/k3s-cluster/values.yaml
@@ -8,6 +8,8 @@ auth:
    - edward
    - anysync
  existingSecret: "mongodb-secrets"
 updateStrategy:
  type: Recreate
 automountServiceAccountToken: true
 nodeSelector:
  kubernetes.io/arch: amd64
@@ -20,6 +22,9 @@ startupProbe:
  enabled: true
 service:
  type: LoadBalancer
  annotations:
    metallb.universe.tf/address-pool: k3s-cluster-ip-pool
    metallb.universe.tf/allow-shared-ip: k3s-cluster
 persistence:
  existingClaim: "mongodb-pvc"
 persistentVolumeClaimRetentionPolicy:
--- a/infrastructures/netdata/base/kustomization.yaml
+++ b/infrastructures/netdata/base/kustomization.yaml
@@ -3,6 +3,6 @@ kind: Kustomization
 helmCharts:
  - name: netdata
    repo: https://netdata.github.io/helmchart/
-    version: 3.7.97
+    version: 3.7.102
    releaseName: netdata
    valuesFile: values.yaml
--- a/infrastructures/netdata/base/values.yaml
+++ b/infrastructures/netdata/base/values.yaml
@@ -1,15 +1,15 @@
 image:
  tag: stable
-
+ingress:
  hosts:
    - netdata.cluster.edward.sydney
 restarter:
  enabled: true
 parent:
  claiming:
    enabled: true
    token: HOJS7JMbEzKuDjbkJJv_Qp5369dyBGc0-qQ2DpKfWT22tiNWRZVH63bALjOv6A4bevsAJixzY1rIKO-1RvIr-NKGiYGpgfrMt1I5loXpU4CY7BgJp22jpK72kvRLwdM2rhNLcSQ
    rooms: 20334923-196a-477e-9a12-cfd5d02b24ec
 child:
  claiming:
    enabled: true
--- a/infrastructures/newrelic/env/k3s-cluster/config.json
+++ b/infrastructures/newrelic/env/k3s-cluster/config.json
@@ -0,0 +1,12 @@
 {
  "appName": "newrelic",
  "userGivenName": "newrelic",
  "namespace": "newrelic",
  "destNamespace": "newrelic",
  "destServer": "https://kubernetes.default.svc",
  "srcPath": "infrastructures/newrelic/env/k3s-cluster",
  "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
  "srcTargetRevision": "",
  "labels": null,
  "annotations": null
 }
--- a/infrastructures/newrelic/env/k3s-cluster/kustomization.yaml
+++ b/infrastructures/newrelic/env/k3s-cluster/kustomization.yaml
@@ -0,0 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 helmCharts:
  - name: nri-bundle
    repo: https://helm-charts.newrelic.com
    version: 5.0.92
    releaseName: nri-bundle
    valuesFile: values.yaml
--- a/infrastructures/newrelic/env/k3s-cluster/values.yaml
+++ b/infrastructures/newrelic/env/k3s-cluster/values.yaml
@@ -0,0 +1,192 @@
 kubeEvents:
  enabled: true
 logging:
  enabled: false
 newrelic-infrastructure:
  # newrelic-infrastructure.enabled -- Install the [`newrelic-infrastructure` chart](https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure)
  enabled: true
  privileged: true
 nri-prometheus:
  # nri-prometheus.enabled -- Install the [`nri-prometheus` chart](https://github.com/newrelic/nri-prometheus/tree/main/charts/nri-prometheus)
  enabled: false
 nri-metadata-injection:
  # nri-metadata-injection.enabled -- Install the [`nri-metadata-injection` chart](https://github.com/newrelic/k8s-metadata-injection/tree/main/charts/nri-metadata-injection)
  enabled: true
 kube-state-metrics:
  prometheusScrape: false
  image:
    tag: v2.10.0
  revisionHistoryLimit: 5
  releaseLabel: true
  # kube-state-metrics.enabled -- Install the [`kube-state-metrics` chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) from the stable helm charts repository.
  # This is mandatory if `infrastructure.enabled` is set to `true` and the user does not provide its own instance of KSM version >=1.8 and <=2.0. Note, kube-state-metrics v2+ disables labels/annotations
  # metrics by default. You can enable the target labels/annotations metrics to be monitored by using the metricLabelsAllowlist/metricAnnotationsAllowList options described [here](https://github.com/prometheus-community/helm-charts/blob/159cd8e4fb89b8b107dcc100287504bb91bf30e0/charts/kube-state-metrics/values.yaml#L274) in
  # your Kubernetes clusters.
  enabled: true
 nri-kube-events:
  # nri-kube-events.enabled -- Install the [`nri-kube-events` chart](https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events)
  enabled: true
 newrelic-logging:
  # newrelic-logging.enabled -- Install the [`newrelic-logging` chart](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging)
  enabled: true
    # fluentBit:
    # -- What path will be mounted to read logs from the node
    # linuxMountPath: /var
    # persistence:
    # -- Fluent Bit persistence is needed to keep track of tailed logs, if set to none data loss or logs duplications could happen. Options are "hostPath", "none", "persistentVolume"
    # mode: hostPath
    # persistentVolume:
    # -- When using persistent volume a storage class could be needed depending on the cluster. It should be a storage class that allows ReadWriteMany
  # storageClass:
 newrelic-pixie:
  # newrelic-pixie.enabled -- Install the [`newrelic-pixie`](https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie)
  enabled: false
 pixie-chart:
  # pixie-chart.enabled -- Install the [`pixie-chart` chart](https://docs.pixielabs.ai/installing-pixie/install-schemes/helm/#3.-deploy)
  enabled: false
 newrelic-infra-operator:
  # newrelic-infra-operator.enabled -- Install the [`newrelic-infra-operator` chart](https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator) (Beta)
  enabled: false
 newrelic-prometheus-agent:
  # newrelic-prometheus-agent.enabled -- Install the [`newrelic-prometheus-agent` chart](https://github.com/newrelic/newrelic-prometheus-configurator/tree/main/charts/newrelic-prometheus-agent)
  enabled: false
  lowDataMode: true
  config:
    kubernetes:
      integrations_filter:
        enabled: false
 newrelic-k8s-metrics-adapter:
  # newrelic-k8s-metrics-adapter.enabled -- Install the [`newrelic-k8s-metrics-adapter.` chart](https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter) (Beta)
  enabled: false
 # -- change the behaviour globally to all the supported helm charts.
 # See [user's guide of the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md) for further information.
 # @default -- See [`values.yaml`](values.yaml)
 global:
  # -- The cluster name for the Kubernetes cluster.
  cluster: Home Lab K3S Cluster
  # -- The license key for your New Relic Account. This will be preferred configuration option if both `licenseKey` and `customSecret` are specified.
  licenseKey: ""
  # -- The license key for your New Relic Account. This will be preferred configuration option if both `insightsKey` and `customSecret` are specified.
  insightsKey: ""
  # -- Name of the Secret object where the license key is stored
  customSecretName: newrelic-secrets
  # -- Key in the Secret object where the license key is stored
  customSecretLicenseKey: licence-key
  # -- Additional labels for chart objects
  labels: {}
  # -- Additional labels for chart pods
  podLabels: {}
  images:
    # -- Changes the registry where to get the images. Useful when there is an internal image cache/proxy
    registry: ""
    # -- Set secrets to be able to fetch images
    pullSecrets: []
  serviceAccount:
    # -- Add these annotations to the service account we create
    annotations: {}
    # -- Configures if the service account should be created or not
    create:
    # -- Change the name of the service account. This is honored if you disable on this chart the creation of the service account so you can use your own
    name:
  # -- (bool) Sets pod's hostNetwork
  # @default -- false
  hostNetwork:
  # -- Sets pod's dnsConfig
  dnsConfig: {}
  # -- Sets pod's priorityClassName
  priorityClassName: ""
  # -- Sets security context (at pod level)
  podSecurityContext: {}
  # -- Sets security context (at container level)
  containerSecurityContext: {}
  # -- Sets pod/node affinities
  affinity: {}
  # -- Sets pod's node selector
  nodeSelector: {}
  # -- Sets pod's tolerations to node taints
  tolerations: []
  # -- Adds extra attributes to the cluster and all the metrics emitted to the backend
  customAttributes: {}
  # -- (bool) Reduces number of metrics sent in order to reduce costs
  # @default -- false
  lowDataMode: true
  # -- (bool) In each integration it has different behavior. See [Further information](#values-managed-globally-3) but all aims to send less metrics to the backend to try to save costs |
  # @default -- false
  privileged: true
  # -- (bool) Must be set to `true` when deploying in an EKS Fargate environment
  # @default -- false
  fargate:
  # -- Configures the integration to send all HTTP/HTTPS request through the proxy in that URL. The URL should have a standard format like `https://user:password@hostname:port`
  proxy:
  # -- (bool) Send the metrics to the staging backend. Requires a valid staging license key
  # @default -- false
  nrStaging:
  fedramp:
    # fedramp.enabled -- (bool) Enables FedRAMP
    # @default -- false
    enabled:
  # -- (bool) Sets the debug logs to this integration or all integrations if it is set globally
  # @default -- false
  verboseLog:
  # To add values to the subcharts. Follow Helm's guide: https://helm.sh/docs/chart_template_guide/subcharts_and_globals
  # If you wish to monitor services running on Kubernetes you can provide integrations
  # configuration under `integrations_config` that it will passed down to the `newrelic-infrastructure` chart.
  #
  # You just need to create a new entry where the "name" is the filename of the configuration file and the data is the content of
  # the integration configuration. The name must end in ".yaml" as this will be the
  # filename generated and the Infrastructure agent only looks for YAML files.
  #
  # The data part is the actual integration configuration as described in the spec here:
  # https://docs.newrelic.com/docs/integrations/integrations-sdk/file-specifications/integration-configuration-file-specifications-agent-v180
  #
  # In the following example you can see how to monitor a Redis integration with autodiscovery
  #
  #
  # newrelic-infrastructure:
  #   integrations:
  #     nri-redis-sampleapp:
  #       discovery:
  #         command:
  #           exec: /var/db/newrelic-infra/nri-discovery-kubernetes --tls --port 10250
  #           match:
  #             label.app: sampleapp
  #       integrations:
  #         - name: nri-redis
  #           env:
  #             # using the discovered IP as the hostname address
  #             HOSTNAME: ${discovery.ip}
  #             PORT: 6379
  #           labels:
  #             env: test
--- a/infrastructures/postgresql/env/k3s-cluster/kustomization.yaml
+++ b/infrastructures/postgresql/env/k3s-cluster/kustomization.yaml
@@ -3,6 +3,6 @@ kind: Kustomization
 helmCharts:
  - name: postgresql
    repo: oci://registry-1.docker.io/bitnamicharts
-    version: 15.5.21
+    version: 15.5.32
    releaseName: postgresql
    valuesFile: values.yaml
--- a/infrastructures/postgresql/env/k3s-cluster/values.yaml
+++ b/infrastructures/postgresql/env/k3s-cluster/values.yaml
@@ -21,6 +21,9 @@ primary:
    name: "postgresql-primary"
  service:
    type: "LoadBalancer"
    annotations:
      metallb.universe.tf/address-pool: k3s-cluster-ip-pool
      metallb.universe.tf/allow-shared-ip: k3s-cluster
  persistence:
    existingClaim: postgresql-primary-pvc
    selector:
@@ -41,6 +44,9 @@ readReplicas:
    type: "LoadBalancer"
    ports:
      postgresql: 5433
    annotations:
      metallb.universe.tf/address-pool: k3s-cluster-ip-pool
      metallb.universe.tf/allow-shared-ip: k3s-cluster
  persistence:
    existingClaim: postgresql-replica-pvc
    selector:
--- a/infrastructures/prometheus-exporters/env/k3s-cluster/node-exporter.yaml
+++ b/infrastructures/prometheus-exporters/env/k3s-cluster/node-exporter.yaml
@@ -6,7 +6,7 @@ metadata:
  labels:
    app: prometheus-node-exporter
 spec:
-  replicas: 5
+  replicas: 6
  selector:
    matchLabels:
      app: prometheus-node-exporter
--- a/infrastructures/prometheus/env/k3s-cluster/deployment.yaml
+++ b/infrastructures/prometheus/env/k3s-cluster/deployment.yaml
@@ -22,7 +22,7 @@ spec:
        runAsGroup: 0
      containers:
        - name: prometheus
-          image: prom/prometheus:v2.54.0
+          image: prom/prometheus:v2.54.1
          args:
            - "--storage.tsdb.retention.time=14d"
            - "--config.file=/etc/prometheus/prometheus.yaml"
@@ -42,7 +42,7 @@ spec:
            - name: prometheus-storage-volume
              mountPath: /prometheus/
        - name: grafana
-          image: grafana/grafana:11.1.3
+          image: grafana/grafana:11.2.0
          ports:
            - containerPort: 3000
          volumeMounts:
--- a/infrastructures/prometheus/env/k3s-cluster/service.yaml
+++ b/infrastructures/prometheus/env/k3s-cluster/service.yaml
@@ -9,14 +9,12 @@ metadata:
 spec:
  selector:
    app: prometheus
-  type: NodePort
+  type: LoadBalancer
  ports:
    - port: 9999
      targetPort: 9090
      nodePort: 30999
      protocol: TCP
      name: http
    - name: grafana-port
      port: 3030
      nodePort: 30303
      targetPort: 3000
--- a/infrastructures/redis-insight/base/deployment.yaml
+++ b/infrastructures/redis-insight/base/deployment.yaml
@@ -19,7 +19,7 @@ spec:
        runAsGroup: 1000
      containers:
        - name: redis-insight
-          image: redis/redisinsight:2.54
+          image: redis/redisinsight:2.56
          securityContext:
            allowPrivilegeEscalation: false
          ports:
--- a/infrastructures/redis-insight/base/service.yaml
+++ b/infrastructures/redis-insight/base/service.yaml
@@ -3,10 +3,13 @@ kind: Service
 metadata:
  name: redis-insight
  namespace: redis
  annotations:
    metallb.universe.tf/address-pool: k3s-cluster-ip-pool
    metallb.universe.tf/allow-shared-ip: k3s-cluster
  labels:
    app.kubernetes.io/name: redis-insight
 spec:
-  type: ClusterIP
+  type: LoadBalancer
  ports:
    - port: 5540
      targetPort: 5540
--- a/Show More
+++ b/Show More