diff --git a/k8s-peterg/alloy/configmap.yaml b/k8s-peterg/alloy/configmap.yaml index 18b2843..01cad1f 100644 --- a/k8s-peterg/alloy/configmap.yaml +++ b/k8s-peterg/alloy/configmap.yaml @@ -6,6 +6,11 @@ metadata: data: config.alloy: |- prometheus.exporter.unix "node" { + set_collectors = [ + "cpu", "diskstats", "filesystem", "loadavg", + "meminfo", "netdev", "netstat", "os", + "pressure", "processes", "stat", "uname", "vmstat", + ] } discovery.kubernetes "kubernetes_apiservers" { @@ -141,6 +146,11 @@ data: source_labels = ["__meta_kubernetes_pod_node_name"] target_label = "node" } + + rule { + regex = "pod_template_hash|controller_revision_hash|deployment_kubernetes_io_revision" + action = "labeldrop" + } } discovery.relabel "kubernetes_services" { @@ -249,6 +259,11 @@ data: source_labels = ["__meta_kubernetes_pod_node_name"] target_label = "node" } + + rule { + regex = "pod_template_hash|controller_revision_hash|deployment_kubernetes_io_revision" + action = "labeldrop" + } } discovery.relabel "pod_logs" { @@ -298,6 +313,11 @@ data: target_label = "__path__" replacement = "/var/log/pods/*$1/*.log" } + + rule { + regex = "pod_template_hash|controller_revision_hash|deployment_kubernetes_io_revision" + action = "labeldrop" + } } local.file_match "pod_logs" { @@ -352,9 +372,19 @@ data: } } + prometheus.relabel "cadvisor" { + forward_to = [prometheus.remote_write.default.receiver] + + rule { + source_labels = ["__name__"] + regex = "container_(cpu_usage_seconds_total|memory_usage_bytes|memory_working_set_bytes|memory_rss|memory_cache|memory_swap|network_receive_bytes_total|network_transmit_bytes_total|network_receive_packets_total|network_transmit_packets_total|fs_reads_bytes_total|fs_writes_bytes_total|spec_cpu_quota|spec_cpu_period|spec_memory_limit_bytes|last_seen)" + action = "keep" + } + } + prometheus.scrape "kubernetes_nodes_cadvisor" { targets = discovery.relabel.kubernetes_nodes_cadvisor.output - forward_to = [prometheus.remote_write.default.receiver] + forward_to = [prometheus.relabel.cadvisor.receiver] job_name = "kubernetes-nodes-cadvisor" scheme = "https" diff --git a/k8s-peterg/argo-workflows/kustomization.yaml b/k8s-peterg/argo-workflows/kustomization.yaml new file mode 100644 index 0000000..64f5160 --- /dev/null +++ b/k8s-peterg/argo-workflows/kustomization.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - namespace.yaml + - secrets.yaml + +helmCharts: + - name: argo-workflows + repo: https://argoproj.github.io/argo-helm + namespace: argo-workflows + releaseName: argo-workflows + version: 1.0.14 + valuesFile: values.yaml diff --git a/k8s-peterg/argo-workflows/namespace.yaml b/k8s-peterg/argo-workflows/namespace.yaml new file mode 100644 index 0000000..67653ed --- /dev/null +++ b/k8s-peterg/argo-workflows/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: argo-workflows diff --git a/k8s-peterg/argo-workflows/secrets.yaml b/k8s-peterg/argo-workflows/secrets.yaml new file mode 100644 index 0000000..a32f76d --- /dev/null +++ b/k8s-peterg/argo-workflows/secrets.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: argo-workflows-sso + namespace: argo-workflows +spec: + secretStoreRef: + name: vault-wheatley + kind: ClusterSecretStore + target: + name: argo-workflows-sso + template: + metadata: + labels: + app.kubernetes.io/part-of: argo-workflows + data: + - secretKey: client-id + remoteRef: + key: secrets/managed/argo-workflows/authentik-sso + property: client-id + conversionStrategy: Default + decodingStrategy: None + metadataPolicy: None + nullBytePolicy: Ignore + - secretKey: client-secret + remoteRef: + key: secrets/managed/argo-workflows/authentik-sso + property: client-secret + conversionStrategy: Default + decodingStrategy: None + metadataPolicy: None + nullBytePolicy: Ignore diff --git a/k8s-peterg/argo-workflows/values.yaml b/k8s-peterg/argo-workflows/values.yaml new file mode 100644 index 0000000..deb3575 --- /dev/null +++ b/k8s-peterg/argo-workflows/values.yaml @@ -0,0 +1,342 @@ +## Custom resource configuration +crds: + # -- Install and upgrade CRDs + install: true + # -- Keep CRDs on chart uninstall + keep: true + # -- Use full CRDs with complete OpenAPI schemas. When false, uses minified CRDs with x-kubernetes-preserve-unknown-fields. + # Full CRDs are very large and are installed via a pre-install/pre-upgrade hook Job that uses server-side apply. + full: true + +# -- Create ClusterRoles that extend existing ClusterRoles to interact with Argo Workflows CRDs. +## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles +createAggregateRoles: true + +# -- Restrict Argo to operate only in a single namespace (the namespace of the +# Helm release) by apply Roles and RoleBindings instead of the Cluster +# equivalents, and start workflow-controller with the --namespaced flag. Use it +# in clusters with strict access policy. +singleNamespace: false + +workflow: + serviceAccount: + # -- Specifies whether a service account should be created + create: false + # -- Labels applied to created service account + labels: {} + # -- Annotations applied to created service account + annotations: {} + # -- Service account which is used to run workflows + name: "argo-workflow" + # -- Secrets with credentials to pull images from a private registry. Same format as `.Values.images.pullSecrets` + pullSecrets: [] + rbac: + # -- Adds Role and RoleBinding for the above specified service account to be able to run workflows. + # A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) + create: true + # -- Allows permissions for the Argo Agent. Only required if using http/plugin templates + agentPermissions: false + # -- Allows permissions for the Argo Artifact GC pod. Only required if using artifact gc + artifactGC: false + # -- Extra service accounts to be added to the RoleBinding + serviceAccounts: [] + # - name: my-service-account + # namespace: my-namespace + # -- Additional rules for the service account that runs the workflows. + rules: [] + +controller: + rbac: + # -- Adds Role and RoleBinding for the controller. + create: true + # -- Allows controller to get, list, and watch certain k8s secrets + secretWhitelist: [] + # -- Allows controller to get, list and watch all k8s secrets. Can only be used if secretWhitelist is empty. + accessAllSecrets: false + # -- Allows controller to create and update ConfigMaps. Enables memoization feature + writeConfigMaps: false + + configMap: + # -- Create a ConfigMap for the controller + create: true + # -- ConfigMap name + name: "" + # -- ConfigMap annotations + annotations: {} + + # -- enable Workflow Archive to store the status of workflows. Postgres and MySQL (>= 5.7.8) are available. + ## Ref: https://argo-workflows.readthedocs.io/en/stable/workflow-archive/ + persistence: {} + # connectionPool: + # maxIdleConns: 100 + # maxOpenConns: 0 + # # save the entire workflow into etcd and DB + # nodeStatusOffLoad: false + # # enable archiving of old workflows + # archive: false + # postgresql: + # host: localhost + # port: 5432 + # database: postgres + # tableName: argo_workflows + # # the database secrets must be in the same namespace of the controller + # userNameSecret: + # name: argo-postgres-config + # key: username + # passwordSecret: + # name: argo-postgres-config + # key: password + # ssl: true + # # sslMode must be one of: disable, require, verify-ca, verify-full + # # you can find more information about those ssl options here: https://godoc.org/github.com/lib/pq + # sslMode: require + # mysql: + # host: localhost + # port: 3306 + # database: argo + # tableName: argo_workflows + # userNameSecret: + # name: argo-mysql-config + # key: username + # passwordSecret: + # name: argo-mysql-config + # key: password + + # -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. + # Only valid for 2.7+ + ## See more: https://argo-workflows.readthedocs.io/en/stable/default-workflow-specs/ + workflowDefaults: {} + # spec: + # ttlStrategy: + # secondsAfterCompletion: 86400 + # # Ref: https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/ + # artifactRepositoryRef: + # configMap: my-artifact-repository # default is "artifact-repositories" + # key: v2-s3-artifact-repository # default can be set by the `workflows.argoproj.io/default-artifact-repository` annotation in config map. + + serviceAccount: + # -- Create a service account for the controller + create: true + # -- Service account name + name: "" + # -- Labels applied to created service account + labels: {} + # -- Annotations applied to created service account + annotations: {} + + # -- Workflow controller name string + name: workflow-controller + + # -- Specify all namespaces where this workflow controller instance will manage + # workflows. This controls where the service account and RBAC resources will + # be created. Only valid when singleNamespace is false. + workflowNamespaces: + - default + + logging: + # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`) + level: info + # -- Set the glog logging level + globallevel: "0" + # -- Set the logging format (one of: `text`, `json`) + format: "text" + +server: + # -- Deploy the Argo Server + enabled: true + # -- Value for base href in index.html. Used if the server is running behind reverse proxy under subpath different from /. + ## only updates base url of resources on client side, + ## it's expected that a proxy server rewrites the request URL and gets rid of this prefix + ## https://github.com/argoproj/argo-workflows/issues/716#issuecomment-433213190 + baseHref: / + image: + # -- Registry to use for the server + registry: quay.io + # -- Repository to use for the server + repository: argoproj/argocli + rbac: + # -- Adds Role and RoleBinding for the server. + create: true + # -- Servers container-level security context + serviceAccount: + # -- Create a service account for the server + create: true + # -- Service account name + name: "" + # -- Labels applied to created service account + labels: {} + # -- Annotations applied to created service account + annotations: {} + + # -- A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well. + ## Ref: https://argo-workflows.readthedocs.io/en/stable/argo-server-auth-mode/ + authModes: + - sso + + ## Ingress configuration. + # ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ + ingress: + # -- Enable an ingress resource + enabled: false + + # Gateway API HTTPRoute configuration + # NOTE: Gateway API support is in EXPERIMENTAL status + # Support depends on your Gateway controller implementation + # Some controllers may require additional configuration (e.g., BackendTLSPolicy for HTTPS backends) + # Refer to https://gateway-api.sigs.k8s.io/implementations/ for controller-specific details + httproute: + # -- Enable HTTPRoute resource for Argo Workflows server (Gateway API) + enabled: true + # -- Additional HTTPRoute labels + labels: {} + # -- Additional HTTPRoute annotations + annotations: {} + # -- Gateway API parentRefs for the HTTPRoute + ## Must reference an existing Gateway + # @default -- `[]` (See [values.yaml]) + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: internal + namespace: kube-system + sectionName: https + # -- List of hostnames for the HTTPRoute + # @default -- `[]` (See [values.yaml]) + hostnames: + - "workflows.peterg.nl" + # @default -- `[]` (See [values.yaml]) + rules: + - matches: + - path: + type: PathPrefix + value: / + # filters: [] + # - type: RequestHeaderModifier + # requestHeaderModifier: + # add: + # - name: X-Custom-Header + # value: custom-value + + # Gateway API BackendTLSPolicy configuration + # NOTE: BackendTLSPolicy support is in EXPERIMENTAL status + # Required for HTTPS backends when using Gateway API + # Not all Gateway controllers support this resource (e.g., Cilium does not support it yet) + backendTLSPolicy: + # -- Enable BackendTLSPolicy resource for Argo Workflows server (Gateway API) + enabled: false + # -- Additional BackendTLSPolicy labels + labels: {} + # -- Additional BackendTLSPolicy annotations + annotations: {} + # -- Target references for the BackendTLSPolicy + # @default -- `[]` (See [values.yaml]) + targetRefs: [] + # - group: "" + # kind: Service + # name: argo-workflows-server + # sectionName: https + # -- TLS validation configuration + # @default -- `{}` (See [values.yaml]) + validation: {} + # hostname: argo-workflows-server.argo.svc.cluster.local + # caCertificateRefs: + # - name: example-ca-cert + # group: "" + # kind: ConfigMap + # wellKnownCACertificates: System + + clusterWorkflowTemplates: + # -- Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. + enabled: true + # -- Give the server permissions to edit ClusterWorkflowTemplates. + enableEditing: true + + # SSO configuration when SSO is specified as a server auth mode. + sso: + enabled: true + issuer: https://auth.peterg.nl/application/o/argo-workflows/ + clientId: + name: argo-workflows-sso + key: client-id + clientSecret: + name: argo-workflows-sso + key: client-secret + redirectUrl: https://workflows.peterg.nl/oauth2/callback + scopes: + - groups + rbac: + enabled: true + +# -- Array of extra K8s manifests to deploy +extraObjects: + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: admin-user + namespace: argo-workflows + annotations: + workflows.argoproj.io/rbac-rule: "'ArgoCD Admins' in groups" + workflows.argoproj.io/rbac-rule-precedence: "1" + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: read-only + namespace: argo-workflows + annotations: + workflows.argoproj.io/rbac-rule: "true" + workflows.argoproj.io/rbac-rule-precedence: "0" + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: argo-workflows-admin-user + subjects: + - kind: ServiceAccount + name: admin-user + namespace: argo-workflows + roleRef: + kind: ClusterRole + name: argo-workflows-admin + apiGroup: rbac.authorization.k8s.io + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: argo-workflows-read-only + subjects: + - kind: ServiceAccount + name: read-only + namespace: argo-workflows + roleRef: + kind: ClusterRole + name: argo-workflows-view + apiGroup: rbac.authorization.k8s.io + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: argo-workflows-server-sso + namespace: argo-workflows + rules: + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: argo-workflows-server-sso + namespace: argo-workflows + subjects: + - kind: ServiceAccount + name: argo-workflows-server + namespace: argo-workflows + roleRef: + kind: Role + name: argo-workflows-server-sso + apiGroup: rbac.authorization.k8s.io diff --git a/k8s-peterg/argocd/applications-peterg.yaml b/k8s-peterg/argocd/applications-peterg.yaml index 915b119..65805fb 100644 --- a/k8s-peterg/argocd/applications-peterg.yaml +++ b/k8s-peterg/argocd/applications-peterg.yaml @@ -17,6 +17,8 @@ spec: automated: prune: true selfHeal: true + syncOptions: + - ServerSideApply=true --- apiVersion: argoproj.io/v1alpha1 kind: Application @@ -78,3 +80,68 @@ spec: selfHeal: true syncOptions: - ServerSideApply=true +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: metrics-server-peterg + namespace: argocd +spec: + project: default + source: + repoURL: https://kubernetes-sigs.github.io/metrics-server + targetRevision: 3.13.0 + chart: metrics-server + helm: + releaseName: metrics-server + values: | + args: + - --kubelet-insecure-tls=true + - --kubelet-preferred-address-types=InternalIP + destination: + server: https://kubernetes.default.svc + namespace: kube-system + syncPolicy: + automated: + prune: true + selfHeal: true +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: argo-workflows + namespace: argocd +spec: + project: default + source: + repoURL: https://code.peterg.nl/wheatley/kubernetes.git + path: k8s-peterg/argo-workflows + targetRevision: HEAD + destination: + server: https://kubernetes.default.svc + namespace: argo-workflows + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - ServerSideApply=true +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: renovate-operator + namespace: argocd +spec: + project: default + source: + repoURL: https://code.peterg.nl/wheatley/kubernetes.git + path: k8s-peterg/renovate-operator + targetRevision: HEAD + destination: + server: https://kubernetes.default.svc + namespace: renovate-operator + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/k8s-peterg/argocd/applications-wheatley.yaml b/k8s-peterg/argocd/applications-wheatley.yaml index 2f86524..87f767b 100644 --- a/k8s-peterg/argocd/applications-wheatley.yaml +++ b/k8s-peterg/argocd/applications-wheatley.yaml @@ -80,6 +80,31 @@ spec: selfHeal: true syncOptions: - ServerSideApply=true +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: metrics-server-wheatley + namespace: argocd +spec: + project: default + source: + repoURL: https://kubernetes-sigs.github.io/metrics-server + targetRevision: 3.13.0 + chart: metrics-server + helm: + releaseName: metrics-server + values: | + args: + - --kubelet-insecure-tls=true + - --kubelet-preferred-address-types=InternalIP + destination: + server: https://10.13.37.10:6443 + namespace: kube-system + syncPolicy: + automated: + prune: true + selfHeal: true --- apiVersion: argoproj.io/v1alpha1 @@ -143,6 +168,25 @@ spec: --- apiVersion: argoproj.io/v1alpha1 kind: Application +metadata: + name: lidarr + namespace: argocd +spec: + project: default + source: + repoURL: https://code.peterg.nl/wheatley/kubernetes.git + path: k8s-wheatley/lidarr + targetRevision: HEAD + destination: + server: https://10.13.37.10:6443 + namespace: lidarr + syncPolicy: + automated: + prune: true + selfHeal: true +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application metadata: name: prowlarr namespace: argocd @@ -181,6 +225,25 @@ spec: --- apiVersion: argoproj.io/v1alpha1 kind: Application +metadata: + name: soulseekd + namespace: argocd +spec: + project: default + source: + repoURL: https://code.peterg.nl/wheatley/kubernetes.git + path: k8s-wheatley/soulseekd + targetRevision: HEAD + destination: + server: https://10.13.37.10:6443 + namespace: soulseekd + syncPolicy: + automated: + prune: true + selfHeal: true +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application metadata: name: plex namespace: argocd @@ -197,3 +260,22 @@ spec: automated: prune: true selfHeal: true +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: romm + namespace: argocd +spec: + project: default + source: + repoURL: https://code.peterg.nl/wheatley/kubernetes.git + path: k8s-wheatley/romm + targetRevision: HEAD + destination: + server: https://10.13.37.10:6443 + namespace: romm + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/k8s-peterg/argocd/install.yaml b/k8s-peterg/argocd/install.yaml index e15427a..b8f05b0 100644 --- a/k8s-peterg/argocd/install.yaml +++ b/k8s-peterg/argocd/install.yaml @@ -411,12 +411,12 @@ spec: apply common labels to resource selectors or not type: boolean namePrefix: - description: NamePrefix is a prefix appended to resources - for Kustomize apps + description: NamePrefix overrides the namePrefix in the + kustomization.yaml for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended to resources - for Kustomize apps + description: NameSuffix overrides the nameSuffix in the + kustomization.yaml for Kustomize apps type: string namespace: description: Namespace sets the namespace that Kustomize @@ -800,12 +800,12 @@ spec: to apply common labels to resource selectors or not type: boolean namePrefix: - description: NamePrefix is a prefix appended to resources - for Kustomize apps + description: NamePrefix overrides the namePrefix in + the kustomization.yaml for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended to resources - for Kustomize apps + description: NameSuffix overrides the nameSuffix in + the kustomization.yaml for Kustomize apps type: string namespace: description: Namespace sets the namespace that Kustomize @@ -1299,11 +1299,11 @@ spec: common labels to resource selectors or not type: boolean namePrefix: - description: NamePrefix is a prefix appended to resources + description: NamePrefix overrides the namePrefix in the kustomization.yaml for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended to resources + description: NameSuffix overrides the nameSuffix in the kustomization.yaml for Kustomize apps type: string namespace: @@ -1443,10 +1443,357 @@ spec: description: DrySource specifies where the dry "don't repeat yourself" manifest source lives. properties: + directory: + description: Directory specifies path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable to + be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to + be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm specifies helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by + not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest + generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize specifies kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources for + Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally by + not appending them to kustomization file + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether to + apply common labels to resource templates or not + type: boolean + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to + apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix overrides the namePrefix in the + kustomization.yaml for Kustomize apps + type: string + nameSuffix: + description: NameSuffix overrides the nameSuffix in the + kustomization.yaml for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object path: description: Path is a directory path within the Git repository where the manifests are located type: string + plugin: + description: Plugin specifies config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type + parameter. + type: string + type: object + type: array + type: object repoURL: description: RepoURL is the URL to the git repository that contains the application manifests @@ -1740,12 +2087,12 @@ spec: common labels to resource selectors or not type: boolean namePrefix: - description: NamePrefix is a prefix appended to resources - for Kustomize apps + description: NamePrefix overrides the namePrefix in the + kustomization.yaml for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended to resources - for Kustomize apps + description: NameSuffix overrides the nameSuffix in the + kustomization.yaml for Kustomize apps type: string namespace: description: Namespace sets the namespace that Kustomize @@ -2299,12 +2646,12 @@ spec: to apply common labels to resource selectors or not type: boolean namePrefix: - description: NamePrefix is a prefix appended to resources - for Kustomize apps + description: NamePrefix overrides the namePrefix in + the kustomization.yaml for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended to resources - for Kustomize apps + description: NameSuffix overrides the nameSuffix in + the kustomization.yaml for Kustomize apps type: string namespace: description: Namespace sets the namespace that Kustomize @@ -2692,12 +3039,12 @@ spec: not type: boolean namePrefix: - description: NamePrefix is a prefix appended to resources - for Kustomize apps + description: NamePrefix overrides the namePrefix in + the kustomization.yaml for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended to resources - for Kustomize apps + description: NameSuffix overrides the nameSuffix in + the kustomization.yaml for Kustomize apps type: string namespace: description: Namespace sets the namespace that Kustomize @@ -2844,6 +3191,7 @@ spec: observedAt: description: |- ObservedAt indicates when the application state was updated without querying latest git state + Deprecated: controller no longer updates ObservedAt field format: date-time type: string @@ -3240,12 +3588,12 @@ spec: or not type: boolean namePrefix: - description: NamePrefix is a prefix appended to - resources for Kustomize apps + description: NamePrefix overrides the namePrefix + in the kustomization.yaml for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended to - resources for Kustomize apps + description: NameSuffix overrides the nameSuffix + in the kustomization.yaml for Kustomize apps type: string namespace: description: Namespace sets the namespace that @@ -3653,12 +4001,12 @@ spec: selectors or not type: boolean namePrefix: - description: NamePrefix is a prefix appended - to resources for Kustomize apps + description: NamePrefix overrides the namePrefix + in the kustomization.yaml for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended - to resources for Kustomize apps + description: NameSuffix overrides the nameSuffix + in the kustomization.yaml for Kustomize apps type: string namespace: description: Namespace sets the namespace that @@ -4183,12 +4531,12 @@ spec: not type: boolean namePrefix: - description: NamePrefix is a prefix appended to resources - for Kustomize apps + description: NamePrefix overrides the namePrefix in + the kustomization.yaml for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended to resources - for Kustomize apps + description: NameSuffix overrides the nameSuffix in + the kustomization.yaml for Kustomize apps type: string namespace: description: Namespace sets the namespace that Kustomize @@ -4587,12 +4935,12 @@ spec: not type: boolean namePrefix: - description: NamePrefix is a prefix appended to - resources for Kustomize apps + description: NamePrefix overrides the namePrefix + in the kustomization.yaml for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended to - resources for Kustomize apps + description: NameSuffix overrides the nameSuffix + in the kustomization.yaml for Kustomize apps type: string namespace: description: Namespace sets the namespace that Kustomize @@ -4859,10 +5207,380 @@ spec: description: DrySource specifies where the dry "don't repeat yourself" manifest source lives. properties: + directory: + description: Directory specifies path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to + Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan + a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm specifies helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents + helm template from failing when valueFiles do + not exist locally by not appending them to helm + template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to + the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and + numbers as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the + Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials + to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over + Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a + map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize specifies kustomize specific + options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources + for Kustomize apps + type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents + kustomize from failing when components do not + exist locally by not appending them to kustomization + file + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates + or not + type: boolean + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors + or not + type: boolean + namePrefix: + description: NamePrefix overrides the namePrefix + in the kustomization.yaml for Kustomize apps + type: string + nameSuffix: + description: NameSuffix overrides the nameSuffix + in the kustomization.yaml for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of + Kustomize to use for rendering manifests + type: string + type: object path: description: Path is a directory path within the Git repository where the manifests are located type: string + plugin: + description: Plugin specifies config management plugin + specific options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in + the application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object repoURL: description: RepoURL is the URL to the git repository that contains the application manifests @@ -4942,10 +5660,380 @@ spec: description: DrySource specifies where the dry "don't repeat yourself" manifest source lives. properties: + directory: + description: Directory specifies path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to + Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan + a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm specifies helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents + helm template from failing when valueFiles do + not exist locally by not appending them to helm + template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to + the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and + numbers as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the + Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials + to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over + Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a + map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize specifies kustomize specific + options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources + for Kustomize apps + type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents + kustomize from failing when components do not + exist locally by not appending them to kustomization + file + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates + or not + type: boolean + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors + or not + type: boolean + namePrefix: + description: NamePrefix overrides the namePrefix + in the kustomization.yaml for Kustomize apps + type: string + nameSuffix: + description: NameSuffix overrides the nameSuffix + in the kustomization.yaml for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of + Kustomize to use for rendering manifests + type: string + type: object path: description: Path is a directory path within the Git repository where the manifests are located type: string + plugin: + description: Plugin specifies config management plugin + specific options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in + the application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object repoURL: description: RepoURL is the URL to the git repository that contains the application manifests @@ -5338,12 +6426,12 @@ spec: not type: boolean namePrefix: - description: NamePrefix is a prefix appended to resources - for Kustomize apps + description: NamePrefix overrides the namePrefix in + the kustomization.yaml for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended to resources - for Kustomize apps + description: NameSuffix overrides the nameSuffix in + the kustomization.yaml for Kustomize apps type: string namespace: description: Namespace sets the namespace that Kustomize @@ -5742,12 +6830,12 @@ spec: not type: boolean namePrefix: - description: NamePrefix is a prefix appended to - resources for Kustomize apps + description: NamePrefix overrides the namePrefix + in the kustomization.yaml for Kustomize apps type: string nameSuffix: - description: NameSuffix is a suffix appended to - resources for Kustomize apps + description: NameSuffix overrides the nameSuffix + in the kustomization.yaml for Kustomize apps type: string namespace: description: Namespace sets the namespace that Kustomize @@ -6305,8 +7393,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -6991,8 +8301,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -7678,8 +9210,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -8343,8 +10097,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -9033,8 +11009,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -9719,8 +11917,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -10406,8 +12826,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -11071,8 +13713,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -11744,8 +14608,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -12644,8 +15730,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -13535,8 +16843,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -14217,8 +17747,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -14909,8 +18661,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -15595,8 +19569,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -16282,8 +20478,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -16947,8 +21365,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -17620,8 +22260,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -18520,8 +23382,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -19411,8 +24495,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -20097,8 +25403,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -20769,8 +26297,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -21669,8 +27419,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -22560,8 +28532,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -23319,8 +29513,230 @@ spec: properties: drySource: properties: + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object path: type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object repoURL: type: string targetRevision: @@ -23704,6 +30120,16 @@ spec: - type type: object type: array + health: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + status: + type: string + type: object resources: items: properties: @@ -23807,14 +30233,18 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: ClusterResourceRestrictionItem is a cluster resource + that is restricted by the project's whitelist or blacklist properties: group: type: string kind: type: string + name: + description: |- + Name is the name of the restricted resource. Glob patterns using Go's filepath.Match syntax are supported. + Unlike the group and kind fields, if no name is specified, all resources of the specified group/kind are matched. + type: string required: - group - kind @@ -23824,14 +30254,18 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: ClusterResourceRestrictionItem is a cluster resource + that is restricted by the project's whitelist or blacklist properties: group: type: string kind: type: string + name: + description: |- + Name is the name of the restricted resource. Glob patterns using Go's filepath.Match syntax are supported. + Unlike the group and kind fields, if no name is specified, all resources of the specified group/kind are matched. + type: string required: - group - kind @@ -25096,6 +31530,12 @@ spec: - args: - /usr/local/bin/argocd-applicationset-controller env: + - name: GRPC_ENABLE_TXT_SERVICE_CONFIG + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.grpc.enable.txt.service.config + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS valueFrom: configMapKeyRef: @@ -25160,6 +31600,48 @@ spec: key: log.format.timestamp name: argocd-cmd-params-cm optional: true + - name: ARGOCD_K8S_CLIENT_QPS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.k8s.client.qps + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_CLIENT_BURST + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.k8s.client.burst + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_CLIENT_MAX_IDLE_CONNECTIONS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.k8s.client.max.idle.connections + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_TCP_TIMEOUT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.k8s.tcp.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_TCP_KEEPALIVE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.k8s.tcp.keepalive + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_TLS_HANDSHAKE_TIMEOUT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.k8s.tls.handshake.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_TCP_IDLE_TIMEOUT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.k8s.tcp.idle.timeout + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN valueFrom: configMapKeyRef: @@ -25262,7 +31744,7 @@ spec: key: applicationsetcontroller.status.max.resources.count name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:v3.2.6 + image: quay.io/argoproj/argocd:v3.4.2 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -25385,7 +31867,13 @@ spec: key: dexserver.disable.tls name: argocd-cmd-params-cm optional: true - image: ghcr.io/dexidp/dex:v2.43.0 + - name: DEX_CONTINUE_ON_CONNECTOR_FAILURE + valueFrom: + configMapKeyRef: + key: dexserver.connector.failure.continue + name: argocd-cmd-params-cm + optional: true + image: ghcr.io/dexidp/dex:v2.45.0 imagePullPolicy: Always name: dex ports: @@ -25399,6 +31887,7 @@ spec: - ALL readOnlyRootFilesystem: true runAsNonRoot: true + runAsUser: 1001 seccompProfile: type: RuntimeDefault volumeMounts: @@ -25414,7 +31903,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:v3.2.6 + image: quay.io/argoproj/argocd:v3.4.2 imagePullPolicy: Always name: copyutil securityContext: @@ -25486,6 +31975,12 @@ spec: key: notificationscontroller.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_PROCESSORS_COUNT + valueFrom: + configMapKeyRef: + key: notificationscontroller.processors.count + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_LOG_FORMAT_TIMESTAMP valueFrom: configMapKeyRef: @@ -25510,7 +32005,7 @@ spec: key: notificationscontroller.repo.server.plaintext name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:v3.2.6 + image: quay.io/argoproj/argocd:v3.4.2 imagePullPolicy: Always livenessProbe: tcpSocket: @@ -25596,7 +32091,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/redis:8.2.2-alpine + image: public.ecr.aws/docker/library/redis:8.2.3-alpine imagePullPolicy: Always name: redis ports: @@ -25612,7 +32107,7 @@ spec: - argocd - admin - redis-initial-password - image: quay.io/argoproj/argocd:v3.2.6 + image: quay.io/argoproj/argocd:v3.4.2 imagePullPolicy: IfNotPresent name: secret-init securityContext: @@ -25675,6 +32170,12 @@ spec: secretKeyRef: key: auth name: argocd-redis + - name: GRPC_ENABLE_TXT_SERVICE_CONFIG + valueFrom: + configMapKeyRef: + key: reposerver.grpc.enable.txt.service.config + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -25903,13 +32404,19 @@ spec: key: reposerver.include.hidden.directories name: argocd-cmd-params-cm optional: true + - name: ARGOCD_HELM_USER_AGENT + valueFrom: + configMapKeyRef: + key: reposerver.helm.user.agent + name: argocd-cmd-params-cm + optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:v3.2.6 + image: quay.io/argoproj/argocd:v3.4.2 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -25956,12 +32463,13 @@ spec: - mountPath: /home/argocd/cmp-server/plugins name: plugins initContainers: - - command: - - /bin/cp - - -n - - /usr/local/bin/argocd - - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:v3.2.6 + - args: + - /bin/cp /usr/local/bin/argocd /var/run/argocd/argocd && /bin/ln -sf /var/run/argocd/argocd + /var/run/argocd/argocd-cmp-server + command: + - sh + - -c + image: quay.io/argoproj/argocd:v3.4.2 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -26009,6 +32517,13 @@ spec: name: var-files - emptyDir: {} name: plugins + - configMap: + items: + - key: reposerver.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm + optional: true + name: argocd-cmd-params-cm --- apiVersion: apps/v1 kind: Deployment @@ -26051,6 +32566,12 @@ spec: secretKeyRef: key: auth name: argocd-redis + - name: GRPC_ENABLE_TXT_SERVICE_CONFIG + valueFrom: + configMapKeyRef: + key: server.grpc.enable.txt.service.config + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -26081,6 +32602,48 @@ spec: key: server.log.level name: argocd-cmd-params-cm optional: true + - name: ARGOCD_K8S_CLIENT_QPS + valueFrom: + configMapKeyRef: + key: server.k8s.client.qps + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_CLIENT_BURST + valueFrom: + configMapKeyRef: + key: server.k8s.client.burst + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_CLIENT_MAX_IDLE_CONNECTIONS + valueFrom: + configMapKeyRef: + key: server.k8s.client.max.idle.connections + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_TCP_TIMEOUT + valueFrom: + configMapKeyRef: + key: server.k8s.tcp.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_TCP_KEEPALIVE + valueFrom: + configMapKeyRef: + key: server.k8s.tcp.keepalive + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_TLS_HANDSHAKE_TIMEOUT + valueFrom: + configMapKeyRef: + key: server.k8s.tls.handshake.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_TCP_IDLE_TIMEOUT + valueFrom: + configMapKeyRef: + key: server.k8s.tcp.idle.timeout + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_SERVER_REPO_SERVER valueFrom: configMapKeyRef: @@ -26333,7 +32896,7 @@ spec: key: server.sync.replace.allowed name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:v3.2.6 + image: quay.io/argoproj/argocd:v3.4.2 imagePullPolicy: Always livenessProbe: httpGet: @@ -26461,6 +33024,12 @@ spec: secretKeyRef: key: auth name: argocd-redis + - name: GRPC_ENABLE_TXT_SERVICE_CONFIG + valueFrom: + configMapKeyRef: + key: controller.grpc.enable.txt.service.config + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -26529,6 +33098,48 @@ spec: key: log.format.timestamp name: argocd-cmd-params-cm optional: true + - name: ARGOCD_K8S_CLIENT_QPS + valueFrom: + configMapKeyRef: + key: controller.k8s.client.qps + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_CLIENT_BURST + valueFrom: + configMapKeyRef: + key: controller.k8s.client.burst + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_CLIENT_MAX_IDLE_CONNECTIONS + valueFrom: + configMapKeyRef: + key: controller.k8s.client.max.idle.connections + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_TCP_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.k8s.tcp.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_TCP_KEEPALIVE + valueFrom: + configMapKeyRef: + key: controller.k8s.tcp.keepalive + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_TLS_HANDSHAKE_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.k8s.tls.handshake.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8S_TCP_IDLE_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.k8s.tcp.idle.timeout + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION valueFrom: configMapKeyRef: @@ -26717,7 +33328,7 @@ spec: optional: true - name: KUBECACHEDIR value: /tmp/kubecache - image: quay.io/argoproj/argocd:v3.2.6 + image: quay.io/argoproj/argocd:v3.4.2 imagePullPolicy: Always name: argocd-application-controller ports: diff --git a/k8s-peterg/external-secrets-operator/clustersecrets.yaml b/k8s-peterg/external-secrets-operator/clustersecrets.yaml index db674e7..87bfcef 100644 --- a/k8s-peterg/external-secrets-operator/clustersecrets.yaml +++ b/k8s-peterg/external-secrets-operator/clustersecrets.yaml @@ -27,6 +27,7 @@ spec: conversionStrategy: Default decodingStrategy: None metadataPolicy: None + nullBytePolicy: Ignore - secretKey: key remoteRef: key: secrets/provisioned/tls-wildcard-peterg-nl @@ -34,3 +35,4 @@ spec: conversionStrategy: Default decodingStrategy: None metadataPolicy: None + nullBytePolicy: Ignore diff --git a/k8s-peterg/external-secrets-operator/kustomization.yaml b/k8s-peterg/external-secrets-operator/kustomization.yaml index bf9ffc9..bed871c 100644 --- a/k8s-peterg/external-secrets-operator/kustomization.yaml +++ b/k8s-peterg/external-secrets-operator/kustomization.yaml @@ -12,4 +12,4 @@ helmCharts: repo: https://charts.external-secrets.io namespace: external-secrets releaseName: external-secrets - version: 2.1.0 + version: 2.5.0 diff --git a/k8s-peterg/renovate-operator/configmap.yaml b/k8s-peterg/renovate-operator/configmap.yaml new file mode 100644 index 0000000..1edf30b --- /dev/null +++ b/k8s-peterg/renovate-operator/configmap.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: renovate-config + namespace: renovate-operator +data: + config.js: |- + module.exports = { + platform: 'forgejo', + endpoint: 'https://code.peterg.nl/api/v1/', + gitAuthor: 'Renovate ', + username: 'renovate', + onboardingConfig: { + $schema: 'https://docs.renovatebot.com/renovate-schema.json', + extends: ['config:recommended'], + }, + optimizeForDisabled: true, + persistRepoData: true, + }; diff --git a/k8s-peterg/renovate-operator/kustomization.yaml b/k8s-peterg/renovate-operator/kustomization.yaml new file mode 100644 index 0000000..d1063a2 --- /dev/null +++ b/k8s-peterg/renovate-operator/kustomization.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: renovate-operator + +resources: + - configmap.yaml + - namespace.yaml + - policies.yaml + - renovate-job.yaml + - secrets.yaml + +helmCharts: + - name: renovate-operator + repo: https://helm.mogenius.com/public + namespace: renovate-operator + releaseName: renovate-operator + version: "4.8.1" + valuesFile: values.yaml diff --git a/k8s-peterg/renovate-operator/namespace.yaml b/k8s-peterg/renovate-operator/namespace.yaml new file mode 100644 index 0000000..981aeee --- /dev/null +++ b/k8s-peterg/renovate-operator/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: renovate-operator diff --git a/k8s-peterg/renovate-operator/policies.yaml b/k8s-peterg/renovate-operator/policies.yaml new file mode 100644 index 0000000..e7c6c9a --- /dev/null +++ b/k8s-peterg/renovate-operator/policies.yaml @@ -0,0 +1,37 @@ +--- +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: allow-internet-only +spec: + podSelector: {} + policyTypes: + - Egress + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/12 +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: kubernetes-egress +spec: + podSelector: {} + policyTypes: + - Egress + egress: + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + - podSelector: + matchLabels: + k8s-app: kube-apiserver + - ports: + - protocol: TCP + port: 6443 diff --git a/k8s-peterg/renovate-operator/renovate-job.yaml b/k8s-peterg/renovate-operator/renovate-job.yaml new file mode 100644 index 0000000..7f161da --- /dev/null +++ b/k8s-peterg/renovate-operator/renovate-job.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: renovate-operator.mogenius.com/v1alpha1 +kind: RenovateJob +metadata: + name: renovate + namespace: renovate-operator +spec: + schedule: "0 * * * *" + provider: + name: forgejo + endpoint: https://code.peterg.nl/api/v1/ + image: ghcr.io/renovatebot/renovate:43.161.0 + secretRef: renovate-operator-secrets + parallelism: 1 + skipForks: true + extraVolumes: + - name: renovate-config + configMap: + name: renovate-config + extraVolumeMounts: + - name: renovate-config + mountPath: /config + extraEnv: + - name: LOG_LEVEL + value: debug + - name: RENOVATE_CONFIG_FILE + value: /config/config.js diff --git a/k8s-peterg/renovate-operator/secrets.yaml b/k8s-peterg/renovate-operator/secrets.yaml new file mode 100644 index 0000000..543f6f2 --- /dev/null +++ b/k8s-peterg/renovate-operator/secrets.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: renovate-operator-secrets + namespace: renovate-operator +spec: + refreshInterval: "15s" + secretStoreRef: + name: vault-wheatley + kind: ClusterSecretStore + target: + name: renovate-operator-secrets + data: + - secretKey: RENOVATE_TOKEN + remoteRef: + key: /secrets/managed/renovate/token + property: RENOVATE_TOKEN + - secretKey: GITHUB_COM_TOKEN + remoteRef: + key: /secrets/managed/renovate/token + property: GITHUB_COM_TOKEN diff --git a/k8s-peterg/renovate-operator/values.yaml b/k8s-peterg/renovate-operator/values.yaml new file mode 100644 index 0000000..d93c1d9 --- /dev/null +++ b/k8s-peterg/renovate-operator/values.yaml @@ -0,0 +1,20 @@ +fullnameOverride: "renovate-operator" +metrics: + enabled: true + serviceMonitor: + enabled: false + +crd: + install: true + mode: template + +rbac: + ownNamespaceOnly: true + +route: + enabled: true + hostnames: + parentRefs: + - name: internal + namespace: kube-system + sectionName: https diff --git a/k8s-wheatley/alloy/configmap.yaml b/k8s-wheatley/alloy/configmap.yaml index 991eb51..819a1c1 100644 --- a/k8s-wheatley/alloy/configmap.yaml +++ b/k8s-wheatley/alloy/configmap.yaml @@ -5,7 +5,13 @@ metadata: name: alloy-config data: config.alloy: |- - prometheus.exporter.unix "node" {} + prometheus.exporter.unix "node" { + set_collectors = [ + "cpu", "diskstats", "filesystem", "loadavg", + "meminfo", "netdev", "netstat", "os", + "pressure", "processes", "stat", "uname", "vmstat", + ] + } discovery.kubernetes "kubernetes_apiservers" { role = "endpoints" @@ -152,6 +158,11 @@ data: source_labels = ["__meta_kubernetes_pod_node_name"] target_label = "node" } + + rule { + regex = "pod_template_hash|controller_revision_hash|deployment_kubernetes_io_revision" + action = "labeldrop" + } } discovery.relabel "kubernetes_services" { @@ -260,6 +271,11 @@ data: source_labels = ["__meta_kubernetes_pod_node_name"] target_label = "node" } + + rule { + regex = "pod_template_hash|controller_revision_hash|deployment_kubernetes_io_revision" + action = "labeldrop" + } } discovery.relabel "pod_logs" { @@ -309,6 +325,11 @@ data: target_label = "__path__" replacement = "/var/log/pods/*$1/*.log" } + + rule { + regex = "pod_template_hash|controller_revision_hash|deployment_kubernetes_io_revision" + action = "labeldrop" + } } local.file_match "pod_logs" { @@ -369,9 +390,19 @@ data: } } + prometheus.relabel "cadvisor" { + forward_to = [prometheus.remote_write.default.receiver] + + rule { + source_labels = ["__name__"] + regex = "container_(cpu_usage_seconds_total|memory_usage_bytes|memory_working_set_bytes|memory_rss|memory_cache|memory_swap|network_receive_bytes_total|network_transmit_bytes_total|network_receive_packets_total|network_transmit_packets_total|fs_reads_bytes_total|fs_writes_bytes_total|spec_cpu_quota|spec_cpu_period|spec_memory_limit_bytes|last_seen)" + action = "keep" + } + } + prometheus.scrape "kubernetes_nodes_cadvisor" { targets = discovery.relabel.kubernetes_nodes_cadvisor.output - forward_to = [prometheus.remote_write.default.receiver] + forward_to = [prometheus.relabel.cadvisor.receiver] job_name = "kubernetes-nodes-cadvisor" scheme = "https" clustering { diff --git a/k8s-wheatley/cloudnative-pg/kustomization.yaml b/k8s-wheatley/cloudnative-pg/kustomization.yaml index 5d961e4..d13cfea 100644 --- a/k8s-wheatley/cloudnative-pg/kustomization.yaml +++ b/k8s-wheatley/cloudnative-pg/kustomization.yaml @@ -11,5 +11,5 @@ helmCharts: repo: https://cloudnative-pg.github.io/charts namespace: cnpg-system releaseName: cloudnative-pg - version: 0.27.1 + version: 0.28.2 valuesFile: values.yaml diff --git a/k8s-wheatley/external-secrets-operator/clustersecrets.yaml b/k8s-wheatley/external-secrets-operator/clustersecrets.yaml index ea424ae..16840b4 100644 --- a/k8s-wheatley/external-secrets-operator/clustersecrets.yaml +++ b/k8s-wheatley/external-secrets-operator/clustersecrets.yaml @@ -27,6 +27,7 @@ spec: conversionStrategy: Default decodingStrategy: None metadataPolicy: None + nullBytePolicy: Ignore - secretKey: key remoteRef: key: secrets/provisioned/tls-wildcard-wheatley-in @@ -34,3 +35,4 @@ spec: conversionStrategy: Default decodingStrategy: None metadataPolicy: None + nullBytePolicy: Ignore diff --git a/k8s-wheatley/external-secrets-operator/kustomization.yaml b/k8s-wheatley/external-secrets-operator/kustomization.yaml index bf9ffc9..bed871c 100644 --- a/k8s-wheatley/external-secrets-operator/kustomization.yaml +++ b/k8s-wheatley/external-secrets-operator/kustomization.yaml @@ -12,4 +12,4 @@ helmCharts: repo: https://charts.external-secrets.io namespace: external-secrets releaseName: external-secrets - version: 2.1.0 + version: 2.5.0 diff --git a/k8s-wheatley/lidarr/configmap.yaml b/k8s-wheatley/lidarr/configmap.yaml new file mode 100644 index 0000000..188b4e6 --- /dev/null +++ b/k8s-wheatley/lidarr/configmap.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: lidarr-envs +data: + PUID: "1000" + PGID: "1000" + TZ: Europe/Amsterdam diff --git a/k8s-wheatley/lidarr/deployments.yaml b/k8s-wheatley/lidarr/deployments.yaml new file mode 100644 index 0000000..f81dda7 --- /dev/null +++ b/k8s-wheatley/lidarr/deployments.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: lidarr + labels: + app: lidarr +spec: + replicas: 1 + serviceName: lidarr + selector: + matchLabels: + app: lidarr + template: + metadata: + labels: + app: lidarr + spec: + containers: + - name: lidarr + image: linuxserver/lidarr + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8686 + envFrom: + - configMapRef: + name: lidarr-envs + volumeMounts: + - mountPath: /config + name: lidarr-config + - mountPath: /shared/media/music + name: nfs-media-music + - mountPath: /shared/media/downloads + name: nfs-media-downloads + securityContext: + seccompProfile: + type: RuntimeDefault + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + add: + - "CHOWN" + - "SETUID" + - "SETGID" + volumes: + - name: lidarr-config + persistentVolumeClaim: + claimName: lidarr-storage + - name: nfs-media-music + persistentVolumeClaim: + claimName: nfs-media-music + - name: nfs-media-downloads + persistentVolumeClaim: + claimName: nfs-media-downloads diff --git a/k8s-wheatley/lidarr/ingress.yaml b/k8s-wheatley/lidarr/ingress.yaml new file mode 100644 index 0000000..727dfc4 --- /dev/null +++ b/k8s-wheatley/lidarr/ingress.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: lidarr-route +spec: + parentRefs: + - name: internal + namespace: kube-system + sectionName: https + hostnames: + - "lidarr.wheatley.in" + rules: + - backendRefs: + - name: lidarr + port: 80 diff --git a/k8s-wheatley/lidarr/kustomization.yaml b/k8s-wheatley/lidarr/kustomization.yaml new file mode 100644 index 0000000..17284fa --- /dev/null +++ b/k8s-wheatley/lidarr/kustomization.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: lidarr + +resources: + - configmap.yaml + - deployments.yaml + - ingress.yaml + - pvc.yaml + - services.yaml + - namespace.yaml + +components: + - ../../kustomize-bases/nfs-media/components/music + - ../../kustomize-bases/nfs-media/components/downloads + +patches: + - target: + kind: PersistentVolume + name: nfs-media-music + patch: | + - op: replace + path: /metadata/name + value: nfs-media-lidarr-music + - target: + kind: PersistentVolumeClaim + name: nfs-media-music + patch: | + - op: replace + path: /spec/volumeName + value: nfs-media-lidarr-music + - target: + kind: PersistentVolume + name: nfs-media-downloads + patch: | + - op: replace + path: /metadata/name + value: nfs-media-lidarr-downloads + - target: + kind: PersistentVolumeClaim + name: nfs-media-downloads + patch: | + - op: replace + path: /spec/volumeName + value: nfs-media-lidarr-downloads + +images: + - name: linuxserver/lidarr + newTag: 3.1.3-nightly@sha256:1e6019d60c5f16e73d4656a1d97d1f6ec48c8389695c0670a845fe8932b106a2 diff --git a/k8s-wheatley/lidarr/namespace.yaml b/k8s-wheatley/lidarr/namespace.yaml new file mode 100644 index 0000000..54f155f --- /dev/null +++ b/k8s-wheatley/lidarr/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: lidarr diff --git a/k8s-wheatley/lidarr/pvc.yaml b/k8s-wheatley/lidarr/pvc.yaml new file mode 100644 index 0000000..0953aac --- /dev/null +++ b/k8s-wheatley/lidarr/pvc.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: lidarr-storage +spec: + storageClassName: piraeus-lvmthin + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/k8s-wheatley/qbittorrent/services.yaml b/k8s-wheatley/lidarr/services.yaml similarity index 62% rename from k8s-wheatley/qbittorrent/services.yaml rename to k8s-wheatley/lidarr/services.yaml index 323409e..d1a3deb 100644 --- a/k8s-wheatley/qbittorrent/services.yaml +++ b/k8s-wheatley/lidarr/services.yaml @@ -2,11 +2,11 @@ apiVersion: v1 kind: Service metadata: - name: qbittorrent + name: lidarr spec: selector: - app: qbittorrent + app: lidarr ports: - port: 80 protocol: TCP - targetPort: 8112 + targetPort: 8686 diff --git a/k8s-wheatley/plex/deployments.yaml b/k8s-wheatley/plex/deployments.yaml index 3e48bda..74bb4f9 100644 --- a/k8s-wheatley/plex/deployments.yaml +++ b/k8s-wheatley/plex/deployments.yaml @@ -28,8 +28,14 @@ spec: volumeMounts: - mountPath: /config name: plex-config - - mountPath: /data - name: nfs-media + - mountPath: /data/movies + name: nfs-media-movies + - mountPath: /data/series + name: nfs-media-series + - mountPath: /data/anime + name: nfs-media-anime + - mountPath: /data/music + name: nfs-media-music securityContext: seccompProfile: type: RuntimeDefault @@ -45,6 +51,15 @@ spec: - name: plex-config persistentVolumeClaim: claimName: plex-storage - - name: nfs-media + - name: nfs-media-movies persistentVolumeClaim: - claimName: nfs-media + claimName: nfs-media-movies + - name: nfs-media-series + persistentVolumeClaim: + claimName: nfs-media-series + - name: nfs-media-anime + persistentVolumeClaim: + claimName: nfs-media-anime + - name: nfs-media-music + persistentVolumeClaim: + claimName: nfs-media-music diff --git a/k8s-wheatley/plex/kustomization.yaml b/k8s-wheatley/plex/kustomization.yaml index eb8b1eb..b4c5d78 100644 --- a/k8s-wheatley/plex/kustomization.yaml +++ b/k8s-wheatley/plex/kustomization.yaml @@ -12,6 +12,94 @@ resources: - services.yaml - namespace.yaml +components: + - ../../kustomize-bases/nfs-media/components/movies + - ../../kustomize-bases/nfs-media/components/series + - ../../kustomize-bases/nfs-media/components/anime + - ../../kustomize-bases/nfs-media/components/music + +patches: + - target: + kind: PersistentVolume + name: nfs-media-movies + patch: | + - op: replace + path: /metadata/name + value: nfs-media-plex-movies + - op: replace + path: /spec/accessModes/0 + value: ReadOnlyMany + - target: + kind: PersistentVolumeClaim + name: nfs-media-movies + patch: | + - op: replace + path: /spec/volumeName + value: nfs-media-plex-movies + - op: replace + path: /spec/accessModes/0 + value: ReadOnlyMany + - target: + kind: PersistentVolume + name: nfs-media-series + patch: | + - op: replace + path: /metadata/name + value: nfs-media-plex-series + - op: replace + path: /spec/accessModes/0 + value: ReadOnlyMany + - target: + kind: PersistentVolumeClaim + name: nfs-media-series + patch: | + - op: replace + path: /spec/volumeName + value: nfs-media-plex-series + - op: replace + path: /spec/accessModes/0 + value: ReadOnlyMany + - target: + kind: PersistentVolume + name: nfs-media-anime + patch: | + - op: replace + path: /metadata/name + value: nfs-media-plex-anime + - op: replace + path: /spec/accessModes/0 + value: ReadOnlyMany + - target: + kind: PersistentVolumeClaim + name: nfs-media-anime + patch: | + - op: replace + path: /spec/volumeName + value: nfs-media-plex-anime + - op: replace + path: /spec/accessModes/0 + value: ReadOnlyMany + - target: + kind: PersistentVolume + name: nfs-media-music + patch: | + - op: replace + path: /metadata/name + value: nfs-media-plex-music + - op: replace + path: /spec/accessModes/0 + value: ReadOnlyMany + - target: + kind: PersistentVolumeClaim + name: nfs-media-music + patch: | + - op: replace + path: /spec/volumeName + value: nfs-media-plex-music + - op: replace + path: /spec/accessModes/0 + value: ReadOnlyMany + images: - name: plexinc/pms-docker - newTag: 1.43.0.10492-121068a07@sha256:1131c4cd21fa22f8196f749f1dbb69af306776c3c83c7f5b061e51dc49bcff7f + newTag: 1.43.2.10687-563d026ea@sha256:c37106c57fed7a6624f5dee5a3ce460ff011f09a2aa7f4ee9e8dbbd08ae1b87e diff --git a/k8s-wheatley/plex/pvc.yaml b/k8s-wheatley/plex/pvc.yaml index 7943bab..69e27fe 100644 --- a/k8s-wheatley/plex/pvc.yaml +++ b/k8s-wheatley/plex/pvc.yaml @@ -10,36 +10,3 @@ spec: resources: requests: storage: 20Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nfs-media -spec: - accessModes: - - ReadOnlyMany - resources: - requests: - storage: 40Ti - volumeName: nfs-media-plex ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: nfs-media-plex -spec: - capacity: - storage: 40Ti - accessModes: - - ReadOnlyMany - nfs: - server: 10.0.69.10 - path: /tank/media - mountOptions: - - vers=4.1 - - rsize=1048576 - - wsize=1048576 - - hard - - timeo=600 - - noatime - persistentVolumeReclaimPolicy: Retain diff --git a/k8s-wheatley/prowlarr/kustomization.yaml b/k8s-wheatley/prowlarr/kustomization.yaml index 71d1948..ed561a6 100644 --- a/k8s-wheatley/prowlarr/kustomization.yaml +++ b/k8s-wheatley/prowlarr/kustomization.yaml @@ -16,4 +16,4 @@ images: - name: flaresolverr/flaresolverr newTag: v3.4.6@sha256:7962759d99d7e125e108e0f5e7f3cdbcd36161776d058d1d9b7153b92ef1af9e - name: linuxserver/prowlarr - newTag: 2.3.0@sha256:9ef5d8bf832edcacb6082f9262cb36087854e78eb7b1c3e1d4375056055b2d82 + newTag: 2.3.5@sha256:c9fe528f34b1fd3715438b6f6d6991d64e2965f2c055db36398bc66a0e7eab01 diff --git a/k8s-wheatley/qbittorrent/configmap.yaml b/k8s-wheatley/qbittorrent/configmap.yaml index de1c6cf..61c614d 100644 --- a/k8s-wheatley/qbittorrent/configmap.yaml +++ b/k8s-wheatley/qbittorrent/configmap.yaml @@ -9,22 +9,26 @@ data: VPN_TYPE: "wireguard" VPN_PORT_FORWARDING: on VPN_PORT_FORWARDING_PROVIDER: protonvpn - VPN_PORT_FORWARDING_UP_COMMAND: | - /bin/sh -c ' + VPN_PORT_FORWARDING_UP_COMMAND: "/scripts/port-up.sh" + VPN_PORT_FORWARDING_DOWN_COMMAND: "/scripts/port-down.sh" + FIREWALL_OUTBOUND_SUBNETS: 10.244.0.0/16,10.96.0.0/12 + FIREWALL_INPUT_PORTS: "8112" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: gluetun-scripts +data: + port-up.sh: | + #!/bin/sh wget -O- --retry-connrefused \ --post-data "json={\"listen_port\":{{PORTS}},\"current_network_interface\":\"tun0\",\"random_port\":false,\"upnp\":false}" \ http://127.0.0.1:8112/api/v2/app/setPreferences 2>&1 - ' - VPN_PORT_FORWARDING_DOWN_COMMAND: | - /bin/sh -c ' + port-down.sh: | + #!/bin/sh wget -O- --retry-connrefused \ --post-data "json={\"listen_port\":0,\"current_network_interface\":\"lo\"}" \ http://127.0.0.1:8112/api/v2/app/setPreferences 2>&1 - ' - FIREWALL_OUTBOUND_SUBNETS: 10.244.0.0/16,10.96.0.0/12 - FIREWALL_INPUT_PORTS: "8112" - DNS_KEEP_NAMESERVER: on - DOT: off --- apiVersion: v1 kind: ConfigMap diff --git a/k8s-wheatley/qbittorrent/deployments.yaml b/k8s-wheatley/qbittorrent/deployments.yaml index 939dd66..e0cd447 100644 --- a/k8s-wheatley/qbittorrent/deployments.yaml +++ b/k8s-wheatley/qbittorrent/deployments.yaml @@ -17,25 +17,39 @@ spec: labels: app: qbittorrent spec: + nodeName: k8s-wheatley-worker02 initContainers: - name: gluetun image: ghcr.io/qdm12/gluetun ports: - - name: http + - name: qbit-http containerPort: 8112 protocol: TCP envFrom: - configMapRef: name: gluetun-envs + - secretRef: + name: gluetun-env-secrets volumeMounts: - mountPath: /dev/net/tun name: dev-tun - - mountPath: "/gluetun/wireguard" + - mountPath: /gluetun/wireguard name: gluetun-wgconfig readOnly: true + - name: gluetun-scripts + mountPath: /scripts - name: gluetun-tmp mountPath: /tmp/gluetun restartPolicy: Always + lifecycle: + postStart: + exec: + command: + [ + "/bin/sh", + "-c", + "(ip rule del table 51820; ip -6 rule del table 51820) || true", + ] readinessProbe: exec: command: @@ -78,7 +92,7 @@ spec: - mountPath: /config name: qbittorrent-config - mountPath: /shared/media/downloads - name: nfs-media + name: nfs-media-downloads securityContext: seccompProfile: type: RuntimeDefault @@ -98,7 +112,7 @@ spec: name: unpackerr-env-secrets volumeMounts: - mountPath: /shared/media/downloads - name: nfs-media + name: nfs-media-downloads securityContext: seccompProfile: type: RuntimeDefault @@ -119,8 +133,12 @@ spec: - name: gluetun-wgconfig secret: secretName: gluetun-wgconfig + - name: gluetun-scripts + configMap: + name: gluetun-scripts + defaultMode: 0755 - name: gluetun-tmp emptyDir: {} - - name: nfs-media + - name: nfs-media-downloads persistentVolumeClaim: - claimName: nfs-media + claimName: nfs-media-downloads diff --git a/k8s-wheatley/qbittorrent/ingress.yaml b/k8s-wheatley/qbittorrent/ingress.yaml index 4b77fad..38ddcdf 100644 --- a/k8s-wheatley/qbittorrent/ingress.yaml +++ b/k8s-wheatley/qbittorrent/ingress.yaml @@ -14,3 +14,16 @@ spec: - backendRefs: - name: qbittorrent port: 80 + +--- +apiVersion: v1 +kind: Service +metadata: + name: qbittorrent +spec: + selector: + app: qbittorrent + ports: + - port: 80 + protocol: TCP + targetPort: 8112 diff --git a/k8s-wheatley/qbittorrent/kustomization.yaml b/k8s-wheatley/qbittorrent/kustomization.yaml index 3e94bd5..c0a83b0 100644 --- a/k8s-wheatley/qbittorrent/kustomization.yaml +++ b/k8s-wheatley/qbittorrent/kustomization.yaml @@ -9,9 +9,27 @@ resources: - ingress.yaml - pvc.yaml - secrets.yaml - - services.yaml - namespace.yaml +components: + - ../../kustomize-bases/nfs-media/components/downloads + +patches: + - target: + kind: PersistentVolume + name: nfs-media-downloads + patch: | + - op: replace + path: /metadata/name + value: nfs-media-qbittorrent-downloads + - target: + kind: PersistentVolumeClaim + name: nfs-media-downloads + patch: | + - op: replace + path: /spec/volumeName + value: nfs-media-qbittorrent-downloads + images: - name: ghcr.io/qdm12/gluetun newTag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab diff --git a/k8s-wheatley/qbittorrent/pvc.yaml b/k8s-wheatley/qbittorrent/pvc.yaml index aa566ea..c352b02 100644 --- a/k8s-wheatley/qbittorrent/pvc.yaml +++ b/k8s-wheatley/qbittorrent/pvc.yaml @@ -10,36 +10,3 @@ spec: resources: requests: storage: 5Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nfs-media -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 40Ti - volumeName: nfs-media-qbittorrent ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: nfs-media-qbittorrent -spec: - capacity: - storage: 40Ti - accessModes: - - ReadWriteMany - nfs: - server: 10.0.69.10 - path: /tank/media/downloads - mountOptions: - - vers=4.1 - - rsize=1048576 - - wsize=1048576 - - hard - - timeo=600 - - noatime - persistentVolumeReclaimPolicy: Retain diff --git a/k8s-wheatley/qbittorrent/secrets.yaml b/k8s-wheatley/qbittorrent/secrets.yaml index 5e7e3bc..7eebf6b 100644 --- a/k8s-wheatley/qbittorrent/secrets.yaml +++ b/k8s-wheatley/qbittorrent/secrets.yaml @@ -17,6 +17,24 @@ spec: remoteRef: key: secrets/managed/qbittorrent/protonvpn-wgconfig property: config + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: gluetun-env-secrets +spec: + secretStoreRef: + name: vault-wheatley + kind: ClusterSecretStore + target: + name: gluetun-env-secrets + data: + - secretKey: HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE + remoteRef: + key: secrets/managed/qbittorrent/gluetun-env-secrets + property: HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE + --- apiVersion: external-secrets.io/v1 kind: ExternalSecret diff --git a/k8s-wheatley/radarr/deployments.yaml b/k8s-wheatley/radarr/deployments.yaml index a4042c0..41587c3 100644 --- a/k8s-wheatley/radarr/deployments.yaml +++ b/k8s-wheatley/radarr/deployments.yaml @@ -28,8 +28,10 @@ spec: volumeMounts: - mountPath: /config name: radarr-config - - mountPath: /shared/media - name: nfs-media + - mountPath: /shared/media/movies + name: nfs-media-movies + - mountPath: /shared/media/downloads + name: nfs-media-downloads securityContext: seccompProfile: type: RuntimeDefault @@ -45,6 +47,9 @@ spec: - name: radarr-config persistentVolumeClaim: claimName: radarr-storage - - name: nfs-media + - name: nfs-media-movies persistentVolumeClaim: - claimName: nfs-media + claimName: nfs-media-movies + - name: nfs-media-downloads + persistentVolumeClaim: + claimName: nfs-media-downloads diff --git a/k8s-wheatley/radarr/kustomization.yaml b/k8s-wheatley/radarr/kustomization.yaml index 25417d3..4b82956 100644 --- a/k8s-wheatley/radarr/kustomization.yaml +++ b/k8s-wheatley/radarr/kustomization.yaml @@ -12,6 +12,40 @@ resources: - services.yaml - namespace.yaml +components: + - ../../kustomize-bases/nfs-media/components/movies + - ../../kustomize-bases/nfs-media/components/downloads + +patches: + - target: + kind: PersistentVolume + name: nfs-media-movies + patch: | + - op: replace + path: /metadata/name + value: nfs-media-radarr-movies + - target: + kind: PersistentVolumeClaim + name: nfs-media-movies + patch: | + - op: replace + path: /spec/volumeName + value: nfs-media-radarr-movies + - target: + kind: PersistentVolume + name: nfs-media-downloads + patch: | + - op: replace + path: /metadata/name + value: nfs-media-radarr-downloads + - target: + kind: PersistentVolumeClaim + name: nfs-media-downloads + patch: | + - op: replace + path: /spec/volumeName + value: nfs-media-radarr-downloads + images: - name: linuxserver/radarr - newTag: 6.0.4@sha256:ca43905eaf2dd11425efdcfe184892e43806b1ae0a830440c825cecbc2629cfb + newTag: 6.1.1@sha256:079e48870584baf2a3e7e43e7ba6d3c834555931851a59c82c51cc792d285caf diff --git a/k8s-wheatley/radarr/pvc.yaml b/k8s-wheatley/radarr/pvc.yaml index fe76bfc..d188698 100644 --- a/k8s-wheatley/radarr/pvc.yaml +++ b/k8s-wheatley/radarr/pvc.yaml @@ -10,36 +10,3 @@ spec: resources: requests: storage: 5Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nfs-media -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 40Ti - volumeName: nfs-media-radarr ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: nfs-media-radarr -spec: - capacity: - storage: 40Ti - accessModes: - - ReadWriteMany - nfs: - server: 10.0.69.10 - path: /tank/media - mountOptions: - - vers=4.1 - - rsize=1048576 - - wsize=1048576 - - hard - - timeo=600 - - noatime - persistentVolumeReclaimPolicy: Retain diff --git a/k8s-wheatley/romm/configmap.yaml b/k8s-wheatley/romm/configmap.yaml new file mode 100644 index 0000000..e90220b --- /dev/null +++ b/k8s-wheatley/romm/configmap.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: romm-db-envs +data: + MARIADB_DATABASE: romm + MARIADB_USER: romm + TZ: Europe/Amsterdam +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: romm-envs +data: + DB_HOST: 127.0.0.1 + DB_NAME: romm + DB_USER: romm + ROMM_PORT: "8080" + HASHEOUS_API_ENABLED: "true" + TZ: Europe/Amsterdam diff --git a/k8s-wheatley/romm/deployments.yaml b/k8s-wheatley/romm/deployments.yaml new file mode 100644 index 0000000..79b7fd1 --- /dev/null +++ b/k8s-wheatley/romm/deployments.yaml @@ -0,0 +1,83 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: romm + labels: + app: romm +spec: + replicas: 1 + serviceName: romm + selector: + matchLabels: + app: romm + template: + metadata: + labels: + app: romm + spec: + initContainers: + - name: romm-db + image: mariadb + envFrom: + - configMapRef: + name: romm-db-envs + - secretRef: + name: romm-db-env-secrets + volumeMounts: + - mountPath: /var/lib/mysql + name: romm-db-data + restartPolicy: Always + readinessProbe: + exec: + command: + - sh + - -c + - "healthcheck.sh --connect --innodb_initialized" + initialDelaySeconds: 5 + periodSeconds: 3 + timeoutSeconds: 2 + failureThreshold: 3 + livenessProbe: + exec: + command: + - sh + - -c + - "healthcheck.sh --connect --innodb_initialized" + initialDelaySeconds: 10 + periodSeconds: 15 + timeoutSeconds: 2 + failureThreshold: 3 + containers: + - name: romm + image: rommapp/romm + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8080 + envFrom: + - configMapRef: + name: romm-envs + - secretRef: + name: romm-env-secrets + volumeMounts: + - mountPath: /romm + name: romm-data + - mountPath: /romm/library + name: nfs-media-roms + readOnly: true + - mountPath: /romm/downloads + name: nfs-media-downloads + readOnly: true + volumes: + - name: romm-db-data + persistentVolumeClaim: + claimName: romm-db-storage + - name: romm-data + persistentVolumeClaim: + claimName: romm-storage + - name: nfs-media-roms + persistentVolumeClaim: + claimName: nfs-media-roms + - name: nfs-media-downloads + persistentVolumeClaim: + claimName: nfs-media-downloads diff --git a/k8s-wheatley/romm/ingress.yaml b/k8s-wheatley/romm/ingress.yaml new file mode 100644 index 0000000..8a7eae1 --- /dev/null +++ b/k8s-wheatley/romm/ingress.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: romm-route +spec: + parentRefs: + - name: internal + namespace: kube-system + sectionName: https + hostnames: + - "roms.wheatley.in" + rules: + - backendRefs: + - name: romm + port: 80 diff --git a/k8s-wheatley/romm/kustomization.yaml b/k8s-wheatley/romm/kustomization.yaml new file mode 100644 index 0000000..1573d32 --- /dev/null +++ b/k8s-wheatley/romm/kustomization.yaml @@ -0,0 +1,53 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: romm + +resources: + - configmap.yaml + - deployments.yaml + - ingress.yaml + - pvc.yaml + - secrets.yaml + - services.yaml + - namespace.yaml + +components: + - ../../kustomize-bases/nfs-media/components/roms + - ../../kustomize-bases/nfs-media/components/downloads + +patches: + - target: + kind: PersistentVolume + name: nfs-media-roms + patch: | + - op: replace + path: /metadata/name + value: nfs-media-romm-roms + - target: + kind: PersistentVolume + name: nfs-media-downloads + patch: | + - op: replace + path: /metadata/name + value: nfs-media-romm-downloads + - target: + kind: PersistentVolumeClaim + name: nfs-media-roms + patch: | + - op: replace + path: /spec/volumeName + value: nfs-media-romm-roms + - target: + kind: PersistentVolumeClaim + name: nfs-media-downloads + patch: | + - op: replace + path: /spec/volumeName + value: nfs-media-romm-downloads + +images: + - name: mariadb + newTag: lts@sha256:78185355dd49b54dd6909072531ce8d7e06aa0eccd7aa5b23c93ebb7e34c5aaa + - name: rommapp/romm + newTag: 4.8.1@sha256:2b7a1714b287f69b081ad2a63bb8c2fa673666a17b2f21322b580b0cd51cb266 diff --git a/k8s-wheatley/romm/namespace.yaml b/k8s-wheatley/romm/namespace.yaml new file mode 100644 index 0000000..131f95c --- /dev/null +++ b/k8s-wheatley/romm/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: romm diff --git a/k8s-wheatley/romm/pvc.yaml b/k8s-wheatley/romm/pvc.yaml new file mode 100644 index 0000000..3d64e4c --- /dev/null +++ b/k8s-wheatley/romm/pvc.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: romm-db-storage +spec: + storageClassName: piraeus-lvmthin + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: romm-storage +spec: + storageClassName: piraeus-lvmthin + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/k8s-wheatley/romm/secrets.yaml b/k8s-wheatley/romm/secrets.yaml new file mode 100644 index 0000000..e1a9d82 --- /dev/null +++ b/k8s-wheatley/romm/secrets.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: romm-db-env-secrets +spec: + secretStoreRef: + name: vault-wheatley + kind: ClusterSecretStore + target: + name: romm-db-env-secrets + data: + - secretKey: MARIADB_ROOT_PASSWORD + remoteRef: + key: secrets/managed/romm/romm-db + property: ROOT_PASSWORD + - secretKey: MARIADB_PASSWORD + remoteRef: + key: secrets/managed/romm/romm-db + property: PASSWORD +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: romm-env-secrets +spec: + secretStoreRef: + name: vault-wheatley + kind: ClusterSecretStore + target: + name: romm-env-secrets + data: + - secretKey: DB_PASSWD + remoteRef: + key: secrets/managed/romm/romm-db + property: PASSWORD + - secretKey: ROMM_AUTH_SECRET_KEY + remoteRef: + key: secrets/managed/romm/romm + property: SECRET_KEY + - secretKey: IGDB_CLIENT_ID + remoteRef: + key: secrets/managed/romm/romm + property: IGDB_CLIENT_ID + - secretKey: IGDB_CLIENT_SECRET + remoteRef: + key: secrets/managed/romm/romm + property: IGDB_CLIENT_SECRET + - secretKey: STEAMGRIDDB_API_KEY + remoteRef: + key: secrets/managed/romm/romm + property: STEAMGRIDDB_API_KEY diff --git a/k8s-wheatley/romm/services.yaml b/k8s-wheatley/romm/services.yaml new file mode 100644 index 0000000..1d89402 --- /dev/null +++ b/k8s-wheatley/romm/services.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: romm +spec: + selector: + app: romm + ports: + - port: 80 + protocol: TCP + targetPort: 8080 diff --git a/k8s-wheatley/sonarr/deployments.yaml b/k8s-wheatley/sonarr/deployments.yaml index 45e7ea9..1b66aba 100644 --- a/k8s-wheatley/sonarr/deployments.yaml +++ b/k8s-wheatley/sonarr/deployments.yaml @@ -16,6 +16,7 @@ spec: labels: app: sonarr spec: + nodeName: k8s-wheatley-worker03 containers: - name: sonarr image: linuxserver/sonarr @@ -28,8 +29,12 @@ spec: volumeMounts: - mountPath: /config name: sonarr-config - - mountPath: /shared/media - name: nfs-media + - mountPath: /shared/media/series + name: nfs-media-series + - mountPath: /shared/media/anime + name: nfs-media-anime + - mountPath: /shared/media/downloads + name: nfs-media-downloads securityContext: seccompProfile: type: RuntimeDefault @@ -45,6 +50,12 @@ spec: - name: sonarr-config persistentVolumeClaim: claimName: sonarr-storage - - name: nfs-media + - name: nfs-media-series persistentVolumeClaim: - claimName: nfs-media + claimName: nfs-media-series + - name: nfs-media-anime + persistentVolumeClaim: + claimName: nfs-media-anime + - name: nfs-media-downloads + persistentVolumeClaim: + claimName: nfs-media-downloads diff --git a/k8s-wheatley/sonarr/kustomization.yaml b/k8s-wheatley/sonarr/kustomization.yaml index 8ea7bb6..f82cd90 100644 --- a/k8s-wheatley/sonarr/kustomization.yaml +++ b/k8s-wheatley/sonarr/kustomization.yaml @@ -12,6 +12,55 @@ resources: - services.yaml - namespace.yaml +components: + - ../../kustomize-bases/nfs-media/components/series + - ../../kustomize-bases/nfs-media/components/anime + - ../../kustomize-bases/nfs-media/components/downloads + +patches: + - target: + kind: PersistentVolume + name: nfs-media-series + patch: | + - op: replace + path: /metadata/name + value: nfs-media-sonarr-series + - target: + kind: PersistentVolumeClaim + name: nfs-media-series + patch: | + - op: replace + path: /spec/volumeName + value: nfs-media-sonarr-series + - target: + kind: PersistentVolume + name: nfs-media-anime + patch: | + - op: replace + path: /metadata/name + value: nfs-media-sonarr-anime + - target: + kind: PersistentVolumeClaim + name: nfs-media-anime + patch: | + - op: replace + path: /spec/volumeName + value: nfs-media-sonarr-anime + - target: + kind: PersistentVolume + name: nfs-media-downloads + patch: | + - op: replace + path: /metadata/name + value: nfs-media-sonarr-downloads + - target: + kind: PersistentVolumeClaim + name: nfs-media-downloads + patch: | + - op: replace + path: /spec/volumeName + value: nfs-media-sonarr-downloads + images: - name: linuxserver/sonarr - newTag: 4.0.16@sha256:21c1c3d52248589bb064f5adafec18cad45812d7a01d317472955eef051e619b + newTag: 4.0.17@sha256:0b5c4803f92456fb9b65bae8375716ea120b4ea17b3cced7da32b63f0085782b diff --git a/k8s-wheatley/sonarr/pvc.yaml b/k8s-wheatley/sonarr/pvc.yaml index d431b58..2cc9dcb 100644 --- a/k8s-wheatley/sonarr/pvc.yaml +++ b/k8s-wheatley/sonarr/pvc.yaml @@ -9,37 +9,4 @@ spec: - ReadWriteOnce resources: requests: - storage: 5Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nfs-media -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 40Ti - volumeName: nfs-media-sonarr ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: nfs-media-sonarr -spec: - capacity: - storage: 40Ti - accessModes: - - ReadWriteMany - nfs: - server: 10.0.69.10 - path: /tank/media - mountOptions: - - vers=4.1 - - rsize=1048576 - - wsize=1048576 - - hard - - timeo=600 - - noatime - persistentVolumeReclaimPolicy: Retain + storage: 10Gi diff --git a/k8s-wheatley/soulseekd/configmap.yaml b/k8s-wheatley/soulseekd/configmap.yaml new file mode 100644 index 0000000..f27e944 --- /dev/null +++ b/k8s-wheatley/soulseekd/configmap.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: gluetun-envs +data: + TZ: Europe/Amsterdam + VPN_SERVICE_PROVIDER: "custom" + VPN_TYPE: "wireguard" + VPN_PORT_FORWARDING: on + VPN_PORT_FORWARDING_PROVIDER: protonvpn + FIREWALL_OUTBOUND_SUBNETS: 10.244.0.0/16,10.96.0.0/12 + FIREWALL_INPUT_PORTS: "5030" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: slskd-envs +data: + TZ: Europe/Amsterdam + PUID: "1000" + PGID: "1000" + SLSKD_DOWNLOADS_DIR: /shared/media/downloads/_slsk-downloads + SLSKD_INCOMPLETE_DIR: /shared/media/downloads/_slsk-incomplete + SLSKD_SHARED_DIR: "[Music]/shared/media/music" + SLSKD_REMOTE_CONFIGURATION: "true" + SLSKD_VPN: "true" + SLSKD_VPN_PORT_FORWARDING: "true" + SLSKD_VPN_GLUETUN_URL: http://localhost:8000 diff --git a/k8s-wheatley/soulseekd/deployments.yaml b/k8s-wheatley/soulseekd/deployments.yaml new file mode 100644 index 0000000..4f03e97 --- /dev/null +++ b/k8s-wheatley/soulseekd/deployments.yaml @@ -0,0 +1,127 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: soulseekd + namespace: soulseekd + labels: + app: soulseekd +spec: + replicas: 1 + serviceName: soulseekd + selector: + matchLabels: + app: soulseekd + template: + metadata: + labels: + app: soulseekd + spec: + nodeName: k8s-wheatley-worker01 + initContainers: + - name: gluetun + image: ghcr.io/qdm12/gluetun + ports: + - name: slskd-http + containerPort: 5030 + protocol: TCP + envFrom: + - configMapRef: + name: gluetun-envs + - secretRef: + name: gluetun-env-secrets + volumeMounts: + - mountPath: /dev/net/tun + name: dev-tun + - mountPath: /gluetun/wireguard + name: gluetun-wgconfig + readOnly: true + - name: gluetun-tmp + mountPath: /tmp/gluetun + restartPolicy: Always + lifecycle: + postStart: + exec: + command: + [ + "/bin/sh", + "-c", + "(ip rule del table 51820; ip -6 rule del table 51820) || true", + ] + readinessProbe: + exec: + command: + - sh + - -c + - "ping -c 1 9.9.9.9" + initialDelaySeconds: 5 + periodSeconds: 3 + timeoutSeconds: 2 + failureThreshold: 3 + livenessProbe: + exec: + command: + - sh + - -c + - "ping -c 1 9.9.9.9" + initialDelaySeconds: 10 + periodSeconds: 15 + timeoutSeconds: 2 + failureThreshold: 3 + securityContext: + seccompProfile: + type: RuntimeDefault + allowPrivilegeEscalation: true + capabilities: + drop: + - "ALL" + add: + - "CHOWN" + - "NET_ADMIN" + - "NET_RAW" + containers: + - name: slskd + image: docker.io/slskd/slskd + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: slskd-envs + - secretRef: + name: slskd-env-secrets + volumeMounts: + - mountPath: /config + name: slskd-config + - mountPath: /shared/media/downloads + name: nfs-media-downloads + - mountPath: /shared/media/music + name: nfs-media-music + securityContext: + seccompProfile: + type: RuntimeDefault + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + add: + - "CHOWN" + - "SETUID" + - "SETGID" + volumes: + - name: dev-tun + hostPath: + path: /dev/net/tun + type: CharDevice + - name: slskd-config + persistentVolumeClaim: + claimName: slskd-storage + - name: gluetun-wgconfig + secret: + secretName: gluetun-wgconfig + - name: gluetun-tmp + emptyDir: {} + - name: nfs-media-downloads + persistentVolumeClaim: + claimName: nfs-media-downloads + - name: nfs-media-music + persistentVolumeClaim: + claimName: nfs-media-music diff --git a/k8s-wheatley/soulseekd/ingress.yaml b/k8s-wheatley/soulseekd/ingress.yaml new file mode 100644 index 0000000..9ddba90 --- /dev/null +++ b/k8s-wheatley/soulseekd/ingress.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: slskd-route +spec: + parentRefs: + - name: internal + namespace: kube-system + sectionName: https + hostnames: + - "slskd.wheatley.in" + rules: + - backendRefs: + - name: slskd + port: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: slskd +spec: + selector: + app: soulseekd + ports: + - port: 80 + protocol: TCP + targetPort: 5030 diff --git a/k8s-wheatley/soulseekd/kustomization.yaml b/k8s-wheatley/soulseekd/kustomization.yaml new file mode 100644 index 0000000..0667a41 --- /dev/null +++ b/k8s-wheatley/soulseekd/kustomization.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: soulseekd + +resources: + - configmap.yaml + - deployments.yaml + - ingress.yaml + - pvc.yaml + - secrets.yaml + - namespace.yaml + +components: + - ../../kustomize-bases/nfs-media/components/downloads + - ../../kustomize-bases/nfs-media/components/music + +patches: + - target: + kind: PersistentVolume + name: nfs-media-downloads + patch: | + - op: replace + path: /metadata/name + value: nfs-media-soulseekd-downloads + - target: + kind: PersistentVolumeClaim + name: nfs-media-downloads + patch: | + - op: replace + path: /spec/volumeName + value: nfs-media-soulseekd-downloads + - target: + kind: PersistentVolume + name: nfs-media-music + patch: | + - op: replace + path: /metadata/name + value: nfs-media-soulseekd-music + - target: + kind: PersistentVolumeClaim + name: nfs-media-music + patch: | + - op: replace + path: /spec/volumeName + value: nfs-media-soulseekd-music + +images: + - name: ghcr.io/qdm12/gluetun + newTag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab + - name: docker.io/slskd/slskd + newTag: 0.25.1@sha256:ab9ed50e028b524cefdb7c1dd8ebca368a076e18441ee8ac2326473eb850b4c3 diff --git a/k8s-wheatley/soulseekd/namespace.yaml b/k8s-wheatley/soulseekd/namespace.yaml new file mode 100644 index 0000000..8e7a9f5 --- /dev/null +++ b/k8s-wheatley/soulseekd/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: soulseekd + labels: + pod-security.kubernetes.io/enforce: privileged diff --git a/k8s-wheatley/soulseekd/pvc.yaml b/k8s-wheatley/soulseekd/pvc.yaml new file mode 100644 index 0000000..214582c --- /dev/null +++ b/k8s-wheatley/soulseekd/pvc.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: slskd-storage +spec: + storageClassName: piraeus-lvmthin + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/k8s-wheatley/soulseekd/secrets.yaml b/k8s-wheatley/soulseekd/secrets.yaml new file mode 100644 index 0000000..41f76d1 --- /dev/null +++ b/k8s-wheatley/soulseekd/secrets.yaml @@ -0,0 +1,69 @@ +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: gluetun-wgconfig +spec: + secretStoreRef: + name: vault-wheatley + kind: ClusterSecretStore + target: + name: gluetun-wgconfig + template: + data: + wg0.conf: "{{ .config }}" + data: + - secretKey: config + remoteRef: + key: secrets/managed/soulseekd/protonvpn-wgconfig + property: config + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: slskd-env-secrets +spec: + secretStoreRef: + name: vault-wheatley + kind: ClusterSecretStore + target: + name: slskd-env-secrets + data: + - secretKey: SLSKD_VPN_GLUETUN_API_KEY + remoteRef: + key: secrets/managed/soulseekd/slskd-env-secrets + property: GLUETUN_API_KEY + - secretKey: SLSKD_SLSK_USERNAME + remoteRef: + key: secrets/managed/soulseekd/slskd-env-secrets + property: SLSK_USERNAME + - secretKey: SLSKD_SLSK_PASSWORD + remoteRef: + key: secrets/managed/soulseekd/slskd-env-secrets + property: SLSK_PASSWORD + - secretKey: SLSKD_PASSWORD + remoteRef: + key: secrets/managed/soulseekd/slskd-env-secrets + property: SLSKD_PASSWORD + - secretKey: SLSKD_API_KEY + remoteRef: + key: secrets/managed/soulseekd/slskd-env-secrets + property: API_KEY + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: gluetun-env-secrets +spec: + secretStoreRef: + name: vault-wheatley + kind: ClusterSecretStore + target: + name: gluetun-env-secrets + data: + - secretKey: HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE + remoteRef: + key: secrets/managed/soulseekd/gluetun-env-secrets + property: HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE diff --git a/kustomize-bases/alloy/kustomization.yaml b/kustomize-bases/alloy/kustomization.yaml index f186140..0c063e9 100644 --- a/kustomize-bases/alloy/kustomization.yaml +++ b/kustomize-bases/alloy/kustomization.yaml @@ -9,14 +9,14 @@ resources: helmCharts: - name: alloy repo: https://grafana.github.io/helm-charts - version: "1.6.2" + version: "1.8.2" releaseName: alloy valuesFile: values.yaml - name: kube-state-metrics repo: https://prometheus-community.github.io/helm-charts - version: "7.2.1" + version: "7.4.0" releaseName: kube-state-metrics - name: prometheus-operator-crds repo: https://prometheus-community.github.io/helm-charts - version: "27.0.0" + version: "29.0.0" releaseName: prometheus-operator-crds diff --git a/kustomize-bases/alloy/values.yaml b/kustomize-bases/alloy/values.yaml index fd88ceb..5d3b5ba 100644 --- a/kustomize-bases/alloy/values.yaml +++ b/kustomize-bases/alloy/values.yaml @@ -127,7 +127,7 @@ configReloader: # -- Repository to get config reloader image from. repository: prometheus-operator/prometheus-config-reloader # -- Tag of image to use for config reloading. - tag: v0.89.0@sha256:cb4ac6a56555bef0e202bec11e367dfe07ffb241cf4d30566b12b864692607a8 + tag: v0.91.0@sha256:7d9e4eea5f1139e602508871f422b0116c60e87c662f3dcd234d5ab60cd0d8c1 # -- SHA256 digest of image to use for config reloading (either in format "sha256:XYZ" or "XYZ"). When set, will override `configReloader.image.tag` digest: "" # -- Override the args passed to the container. diff --git a/kustomize-bases/cilium/kustomization.yaml b/kustomize-bases/cilium/kustomization.yaml index 4cccdf0..db4bf50 100644 --- a/kustomize-bases/cilium/kustomization.yaml +++ b/kustomize-bases/cilium/kustomization.yaml @@ -13,5 +13,5 @@ helmCharts: repo: https://helm.cilium.io namespace: kube-system releaseName: cilium - version: 1.18.6 + version: 1.18.10 valuesFile: values.yaml diff --git a/kustomize-bases/nfs-media/components/anime/kustomization.yaml b/kustomize-bases/nfs-media/components/anime/kustomization.yaml new file mode 100644 index 0000000..9014f38 --- /dev/null +++ b/kustomize-bases/nfs-media/components/anime/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +resources: + - pvc.yaml diff --git a/kustomize-bases/nfs-media/components/anime/pvc.yaml b/kustomize-bases/nfs-media/components/anime/pvc.yaml new file mode 100644 index 0000000..9471154 --- /dev/null +++ b/kustomize-bases/nfs-media/components/anime/pvc.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nfs-media-anime +spec: + capacity: + storage: 40Ti + accessModes: + - ReadWriteMany + nfs: + server: 10.0.69.10 + path: /tank/media/anime + mountOptions: + - vers=4.1 + - rsize=1048576 + - wsize=1048576 + - hard + - timeo=600 + - noatime + persistentVolumeReclaimPolicy: Retain +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nfs-media-anime +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 40Ti + volumeName: nfs-media-anime diff --git a/kustomize-bases/nfs-media/components/downloads/kustomization.yaml b/kustomize-bases/nfs-media/components/downloads/kustomization.yaml new file mode 100644 index 0000000..9014f38 --- /dev/null +++ b/kustomize-bases/nfs-media/components/downloads/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +resources: + - pvc.yaml diff --git a/kustomize-bases/nfs-media/components/downloads/pvc.yaml b/kustomize-bases/nfs-media/components/downloads/pvc.yaml new file mode 100644 index 0000000..16b0b65 --- /dev/null +++ b/kustomize-bases/nfs-media/components/downloads/pvc.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nfs-media-downloads +spec: + capacity: + storage: 40Ti + accessModes: + - ReadWriteMany + nfs: + server: 10.0.69.10 + path: /tank/media/downloads + mountOptions: + - vers=4.1 + - rsize=1048576 + - wsize=1048576 + - hard + - timeo=600 + - noatime + persistentVolumeReclaimPolicy: Retain +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nfs-media-downloads +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 40Ti + volumeName: nfs-media-downloads diff --git a/kustomize-bases/nfs-media/components/movies/kustomization.yaml b/kustomize-bases/nfs-media/components/movies/kustomization.yaml new file mode 100644 index 0000000..9014f38 --- /dev/null +++ b/kustomize-bases/nfs-media/components/movies/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +resources: + - pvc.yaml diff --git a/kustomize-bases/nfs-media/components/movies/pvc.yaml b/kustomize-bases/nfs-media/components/movies/pvc.yaml new file mode 100644 index 0000000..28af8e4 --- /dev/null +++ b/kustomize-bases/nfs-media/components/movies/pvc.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nfs-media-movies +spec: + capacity: + storage: 40Ti + accessModes: + - ReadWriteMany + nfs: + server: 10.0.69.10 + path: /tank/media/movies + mountOptions: + - vers=4.1 + - rsize=1048576 + - wsize=1048576 + - hard + - timeo=600 + - noatime + persistentVolumeReclaimPolicy: Retain +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nfs-media-movies +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 40Ti + volumeName: nfs-media-movies diff --git a/kustomize-bases/nfs-media/components/music/kustomization.yaml b/kustomize-bases/nfs-media/components/music/kustomization.yaml new file mode 100644 index 0000000..9014f38 --- /dev/null +++ b/kustomize-bases/nfs-media/components/music/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +resources: + - pvc.yaml diff --git a/kustomize-bases/nfs-media/components/music/pvc.yaml b/kustomize-bases/nfs-media/components/music/pvc.yaml new file mode 100644 index 0000000..117fb3e --- /dev/null +++ b/kustomize-bases/nfs-media/components/music/pvc.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nfs-media-music +spec: + capacity: + storage: 40Ti + accessModes: + - ReadWriteMany + nfs: + server: 10.0.69.10 + path: /tank/media/music + mountOptions: + - vers=4.1 + - rsize=1048576 + - wsize=1048576 + - hard + - timeo=600 + - noatime + persistentVolumeReclaimPolicy: Retain +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nfs-media-music +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 40Ti + volumeName: nfs-media-music diff --git a/kustomize-bases/nfs-media/components/roms/kustomization.yaml b/kustomize-bases/nfs-media/components/roms/kustomization.yaml new file mode 100644 index 0000000..9014f38 --- /dev/null +++ b/kustomize-bases/nfs-media/components/roms/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +resources: + - pvc.yaml diff --git a/kustomize-bases/nfs-media/components/roms/pvc.yaml b/kustomize-bases/nfs-media/components/roms/pvc.yaml new file mode 100644 index 0000000..6f2e6e6 --- /dev/null +++ b/kustomize-bases/nfs-media/components/roms/pvc.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nfs-media-roms +spec: + capacity: + storage: 40Ti + accessModes: + - ReadWriteMany + nfs: + server: 10.0.69.10 + path: /tank/media/roms + mountOptions: + - vers=4.1 + - rsize=1048576 + - wsize=1048576 + - hard + - timeo=600 + - noatime + persistentVolumeReclaimPolicy: Retain +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nfs-media-roms +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 40Ti + volumeName: nfs-media-roms diff --git a/kustomize-bases/nfs-media/components/series/kustomization.yaml b/kustomize-bases/nfs-media/components/series/kustomization.yaml new file mode 100644 index 0000000..9014f38 --- /dev/null +++ b/kustomize-bases/nfs-media/components/series/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +resources: + - pvc.yaml diff --git a/kustomize-bases/nfs-media/components/series/pvc.yaml b/kustomize-bases/nfs-media/components/series/pvc.yaml new file mode 100644 index 0000000..0aec6a8 --- /dev/null +++ b/kustomize-bases/nfs-media/components/series/pvc.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nfs-media-series +spec: + capacity: + storage: 40Ti + accessModes: + - ReadWriteMany + nfs: + server: 10.0.69.10 + path: /tank/media/series + mountOptions: + - vers=4.1 + - rsize=1048576 + - wsize=1048576 + - hard + - timeo=600 + - noatime + persistentVolumeReclaimPolicy: Retain +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nfs-media-series +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 40Ti + volumeName: nfs-media-series