From 6e1f6ce3ec24d5761ad9f505ef5780ecb8cea0ec Mon Sep 17 00:00:00 2001 From: Thomas Deutsch Date: Wed, 5 Jun 2024 09:27:02 +0200 Subject: [PATCH] Switch to Talos --- .devcontainer/ci/Dockerfile | 2 + .devcontainer/ci/devcontainer.json | 26 + .../ci/features/devcontainer-feature.json | 6 + .devcontainer/ci/features/install.sh | 77 ++ .devcontainer/devcontainer.json | 11 + .devcontainer/postCreateCommand.sh | 19 + .editorconfig | 6 +- .envrc | 15 +- .gitattributes | 2 - .github/labeler.yaml | 16 +- .github/labels.yaml | 69 +- .github/release.yaml | 4 + .github/renovate.json5 | 220 +++- .github/tests/config-talos.yaml | 44 + .github/workflows/devcontainer.yaml | 58 ++ .github/workflows/e2e.yaml | 91 ++ .github/workflows/flux-diff.yaml | 68 ++ .github/workflows/kubeconform.yaml | 29 + .github/workflows/label-sync.yaml | 23 + .github/workflows/labeler.yaml | 21 + .github/workflows/release.yaml | 34 +- .gitignore | 26 +- .sops.yaml | 15 +- .taskfiles/Flux/Taskfile.yaml | 70 ++ .taskfiles/Kubernetes/Taskfile.yaml | 36 + .taskfiles/Repository/Taskfile.yaml | 43 + .taskfiles/Sops/Taskfile.yaml | 36 + .taskfiles/Talos/Taskfile.yaml | 95 ++ .taskfiles/Workstation/Archfile | 17 + .taskfiles/Workstation/Brewfile | 20 + .taskfiles/Workstation/Taskfile.yaml | 71 ++ .vscode/extensions.json | 4 +- .vscode/settings.json | 23 +- LICENSE | 2 +- README.md | 412 ++++++++ Taskfile.yaml | 92 ++ archive/pre_talos/.editorconfig | 18 + archive/pre_talos/.envrc | 6 + archive/pre_talos/.gitattributes | 5 + archive/pre_talos/.github/labeler.yaml | 16 + archive/pre_talos/.github/labels.yaml | 59 ++ .../pre_talos/.github}/release-drafter.yaml | 0 archive/pre_talos/.github/renovate.json5 | 73 ++ .../.github}/renovate/autoMerge.json5 | 0 .../.github}/renovate/commitMessage.json5 | 0 .../pre_talos/.github}/renovate/groups.json5 | 0 .../pre_talos/.github}/renovate/labels.json5 | 0 .../.github}/renovate/semanticCommits.json5 | 0 .../workflows/auto-assign-issues.yaml | 0 .../.github}/workflows/flux-tests.yaml | 0 .../.github}/workflows/link-check.yaml | 0 .../.github}/workflows/meta-labeler.yaml | 0 .../.github}/workflows/meta-sync-labels.yaml | 0 .../.github}/workflows/release-drafter.yaml | 0 .../pre_talos/.github/workflows/release.yaml | 16 + archive/pre_talos/.gitignore | 20 + .../pre_talos/.lycheeignore | 0 .../pre_talos/.pre-commit-config.yaml | 0 archive/pre_talos/.sops.yaml | 15 + .../pre_talos/.taskfiles}/AnsibleTasks.yml | 0 .../pre_talos/.taskfiles}/ClusterTasks.yml | 0 .../pre_talos/.taskfiles}/PrecommitTasks.yml | 0 .../pre_talos/.taskfiles}/TerraformTasks.yml | 0 archive/pre_talos/.vscode/extensions.json | 14 + archive/pre_talos/.vscode/settings.json | 21 + .../pre_talos/.yamllint.yaml | 0 archive/pre_talos/LICENSE | 21 + .../pre_talos/Taskfile.yml | 0 ansible.cfg => archive/pre_talos/ansible.cfg | 0 .../group_vars/kubernetes/general.yml | 0 .../inventory/group_vars/kubernetes/k3s.yml | 0 .../group_vars/kubernetes/kube-vip.yml | 0 .../inventory/group_vars/kubernetes/nfs.yml | 0 .../inventory/group_vars/kubernetes/os.yml | 0 .../group_vars/kubernetes/supplemental.yml | 0 .../group_vars/kubernetes/vault.sops.yml | 0 .../inventory/group_vars/master/k3s.yml | 0 .../inventory/group_vars/worker/k3s.yml | 0 .../test-cluster/inventory/host_vars/.gitkeep | 0 .../ansible}/test-cluster/inventory/hosts.yml | 0 .../playbooks/cluster-installation.yml | 0 .../test-cluster/playbooks/cluster-nuke.yml | 0 .../playbooks/cluster-prepare.yml | 0 .../test-cluster/playbooks/cluster-reboot.yml | 0 .../test-cluster/playbooks/filesystems.yml | 0 .../test-cluster/playbooks/setup-nfs.yml | 0 .../templates/calico-installation.yaml.j2 | 0 .../templates/custom-cilium-helmchart.yaml.j2 | 0 .../templates/custom-kube-vip-ds.yaml.j2 | 0 .../templates/custom-kube-vip-rbac.yaml.j2 | 0 .../ansible}/test-cluster/requirements.txt | 0 .../ansible}/test-cluster/requirements.yml | 0 .../roles/raspberrypi/handlers/main.yml | 0 .../roles/raspberrypi/tasks/main.yml | 0 .../raspberrypi/tasks/prereq/Archlinux.yml | 0 .../roles/raspberrypi/tasks/prereq/CentOS.yml | 0 .../roles/raspberrypi/tasks/prereq/Debian.yml | 0 .../raspberrypi/tasks/prereq/Raspbian.yml | 0 .../roles/raspberrypi/tasks/prereq/Ubuntu.yml | 0 .../raspberrypi/tasks/prereq/default.yml | 0 .../group_vars/kubernetes/general.yml | 0 .../inventory/group_vars/kubernetes/k3s.yml | 0 .../group_vars/kubernetes/kube-vip.yml | 0 .../inventory/group_vars/kubernetes/nfs.yml | 0 .../inventory/group_vars/kubernetes/os.yml | 0 .../group_vars/kubernetes/supplemental.yml | 0 .../group_vars/kubernetes/vault.sops.yml | 0 .../tpi/inventory/group_vars/master/k3s.yml | 0 .../tpi/inventory/group_vars/worker/k3s.yml | 0 .../ansible}/tpi/inventory/host_vars/.gitkeep | 0 .../ansible}/tpi/inventory/hosts.yml | 0 .../tpi/playbooks/cluster-installation.yml | 0 .../ansible}/tpi/playbooks/cluster-nuke.yml | 0 .../tpi/playbooks/cluster-prepare.yml | 0 .../ansible}/tpi/playbooks/cluster-reboot.yml | 0 .../ansible}/tpi/playbooks/filesystems.yml | 0 .../ansible}/tpi/playbooks/setup-nfs.yml | 0 .../templates/calico-installation.yaml.j2 | 0 .../templates/custom-cilium-helmchart.yaml.j2 | 0 .../templates/custom-kube-vip-ds.yaml.j2 | 0 .../templates/custom-kube-vip-rbac.yaml.j2 | 0 .../pre_talos/ansible}/tpi/requirements.txt | 0 .../pre_talos/ansible}/tpi/requirements.yml | 0 .../tpi/roles/raspberrypi/handlers/main.yml | 0 .../tpi/roles/raspberrypi/tasks/main.yml | 0 .../raspberrypi/tasks/prereq/Archlinux.yml | 0 .../roles/raspberrypi/tasks/prereq/CentOS.yml | 0 .../roles/raspberrypi/tasks/prereq/Debian.yml | 0 .../raspberrypi/tasks/prereq/Raspbian.yml | 0 .../roles/raspberrypi/tasks/prereq/Ubuntu.yml | 0 .../raspberrypi/tasks/prereq/default.yml | 0 .../pre_talos/bootstrap.sh | 0 .../cert-manager/app/helmrelease.yaml | 0 .../cert-manager/app/kustomization.yaml | 0 .../cert-manager/app/prometheusrule.yaml | 0 .../cert-manager/issuers/issuers.yaml | 0 .../cert-manager/issuers/kustomization.yaml | 0 .../cert-manager/issuers/secret.sops.yaml | 0 .../apps/cert-manager/cert-manager/ks.yaml | 0 .../apps/cert-manager/kustomization.yaml | 0 .../apps/cert-manager/namespace.yaml | 0 .../crossplane/app/helmrelease.yaml | 0 .../crossplane/app/kustomization.yaml | 0 .../apps/crossplane-system/crossplane/ks.yaml | 0 .../apps/crossplane-system/kustomization.yaml | 0 .../apps/crossplane-system/namespace.yaml | 0 .../apps/database/kustomization.yaml | 0 .../database/mariadb/instance/backup.yaml | 0 .../mariadb/instance/kustomization.yaml | 0 .../database/mariadb/instance/mariadb.yaml | 0 .../mariadb/instance/secret.sops.yaml | 0 .../apps/database/mariadb/ks.yaml | 0 .../mariadb/operator/helmrelease.yaml | 0 .../mariadb/operator/kustomization.yaml | 0 .../test-cluster/apps/database/namespace.yaml | 0 .../default/code-server/app/helmrelease.yaml | 0 .../code-server/app/kustomization.yaml | 0 .../apps/default/code-server/ks.yaml | 0 .../apps/default/dashy/app/config/conf.yml | 0 .../apps/default/dashy/app/helmrelease.yaml | 0 .../apps/default/dashy/app/kustomization.yaml | 0 .../test-cluster/apps/default/dashy/ks.yaml | 0 .../apps/default/drop/app/helmrelease.yaml | 0 .../apps/default/drop/app/kustomization.yaml | 0 .../test-cluster/apps/default/drop/ks.yaml | 0 .../default/echo-server/app/helmrelease.yaml | 0 .../echo-server/app/kustomization.yaml | 0 .../apps/default/echo-server/ks.yaml | 0 .../default/hajimari/app/helmrelease.yaml | 0 .../default/hajimari/app/kustomization.yaml | 0 .../apps/default/hajimari/ks.yaml | 0 .../default/headscale/app/helmrelease.yaml | 0 .../default/headscale/app/kustomization.yaml | 0 .../apps/default/headscale/ks.yaml.disabled | 0 .../default/jdownloader/app/helmrelease.yaml | 0 .../jdownloader/app/kustomization.yaml | 0 .../default/jdownloader/app/secret.sops.yaml | 0 .../apps/default/jdownloader/ks.yaml | 0 .../apps/default/kasm/app/ingress.yaml | 0 .../apps/default/kasm/app/kustomization.yaml | 0 .../apps/default/kasm/app/service.yaml | 0 .../test-cluster/apps/default/kasm/ks.yaml | 0 .../apps/default/kustomization.yaml | 0 .../default/linkding/app/helmrelease.yaml | 0 .../default/linkding/app/kustomization.yaml | 0 .../default/linkding/app/secret.sops.yaml | 0 .../apps/default/linkding/ks.yaml | 0 .../test-cluster/apps/default/namespace.yaml | 0 .../apps/default/octoprint/app/ingress.yaml | 0 .../default/octoprint/app/kustomization.yaml | 0 .../apps/default/octoprint/app/service.yaml | 0 .../apps/default/octoprint/ks.yaml | 0 .../paperless/app/helmrelease-gotenberg.yaml | 0 .../paperless/app/helmrelease-tika.yaml | 0 .../default/paperless/app/helmrelease.yaml | 0 .../default/paperless/app/kustomization.yaml | 0 .../default/paperless/app/secret.sops.yaml | 0 .../apps/default/paperless/ks.yaml | 0 .../default/paperless/redis/helmrelease.yaml | 0 .../paperless/redis/kustomization.yaml | 0 .../apps/default/s3gw/app/helmrelease.yaml | 0 .../apps/default/s3gw/app/kustomization.yaml | 0 .../apps/default/s3gw/ks.yaml.disabled | 0 .../default/sharry/app/config/sharry.conf | 0 .../apps/default/sharry/app/helmrelease.yaml | 0 .../default/sharry/app/kustomization.yaml | 0 .../test-cluster/apps/default/sharry/ks.yaml | 0 .../default/smtp-relay/app/config/maddy.conf | 0 .../smtp-relay/app/externalsecret.yaml | 0 .../default/smtp-relay/app/helmrelease.yaml | 0 .../default/smtp-relay/app/kustomization.yaml | 0 .../apps/default/smtp-relay/ks.yaml | 0 .../default/webtrees/app/helmrelease.yaml | 0 .../default/webtrees/app/kustomization.yaml | 0 .../default/webtrees/app/secret.sops.yaml | 0 .../apps/default/webtrees/db/cronjob.yaml | 0 .../apps/default/webtrees/db/helmrelease.yaml | 0 .../default/webtrees/db/kustomization.yaml | 0 .../apps/default/webtrees/db/secret.sops.yaml | 0 .../apps/default/webtrees/ks.yaml | 0 .../apps/flux-system/addons/ks.yaml | 0 .../addons/monitoring/kustomization.yaml | 0 .../addons/monitoring/podmonitor.yaml | 0 .../addons/monitoring/prometheusrule.yaml | 0 .../addons/webhooks/github/ingress.yaml | 0 .../addons/webhooks/github/kustomization.yaml | 0 .../addons/webhooks/github/receiver.yaml | 0 .../addons/webhooks/github/secret.sops.yaml | 0 .../addons/webhooks/kustomization.yaml | 0 .../apps/flux-system/kustomization.yaml | 0 .../apps/flux-system/namespace.yaml | 0 .../weave-gitops/app/helmrelease.yaml | 0 .../weave-gitops/app/kustomization.yaml | 0 .../flux-system/weave-gitops/app/rbac.yaml | 0 .../weave-gitops/app/secret.sops.yaml | 0 .../apps/flux-system/weave-gitops/ks.yaml | 0 .../apps/games/kustomization.yaml | 0 .../games/minecraft-server/app/backup-sa.yaml | 0 .../app/helmrelease-creative.yaml | 0 .../app/helmrelease-family.yaml | 0 .../app/helmrelease-insel.yaml | 0 .../app/helmrelease-survival.yaml | 0 .../minecraft-server/app/kustomization.yaml | 0 .../games/minecraft-server/app/mc-backup.sh | 0 .../minecraft-server/app/monitoring.yaml | 0 .../apps/games/minecraft-server/ks.dis | 0 .../test-cluster/apps/games/namespace.yaml | 0 .../kube-system/cilium/app/helmrelease.yaml | 0 .../kube-system/cilium/app/kustomization.yaml | 0 .../kube-system/cilium/config/cilium-l2.yaml | 0 .../cilium/config/kustomization.yaml | 0 .../apps/kube-system/cilium/ks.yaml | 0 .../app/kustomization.yaml | 0 .../container-object-storage-interface/ks.dis | 0 .../descheduler/app/helmrelease.yaml | 0 .../descheduler/app/kustomization.yaml | 0 .../apps/kube-system/descheduler/ks.yaml | 0 .../kube-system/kube-vip/app/daemonset.yaml | 0 .../kube-vip/app/kustomization.yaml | 0 .../apps/kube-system/kube-vip/app/rbac.yaml | 0 .../apps/kube-system/kube-vip/ks.dis | 0 .../app/helmrelease.yaml | 0 .../app/kustomization.yaml | 0 .../kube-system/kubernetes-replicator/ks.yaml | 0 .../kube-system/kured/app/helmrelease.yaml | 0 .../kube-system/kured/app/kustomization.yaml | 0 .../kube-system/kured/app/prometheusrule.yaml | 0 .../apps/kube-system/kured/ks.yaml | 0 .../apps/kube-system/kustomization.yaml | 0 .../app/helmrelease.yaml | 0 .../app/kustomization.yaml | 0 .../kube-system/local-path-provisioner/ks.dis | 0 .../metrics-server/app/helmrelease.yaml | 0 .../metrics-server/app/kustomization.yaml | 0 .../apps/kube-system/metrics-server/ks.yaml | 0 .../apps/kube-system/namespace.yaml | 0 .../app/helmrelease.yaml | 0 .../app/kustomization.yaml | 0 .../kube-system/node-problem-detector/ks.yaml | 0 .../kube-system/reloader/app/helmrelease.yaml | 0 .../reloader/app/kustomization.yaml | 0 .../apps/kube-system/reloader/ks.yaml | 0 .../media/calibre-web/app/helmrelease.yaml | 0 .../media/calibre-web/app/kustomization.yaml | 0 .../apps/media/calibre-web/ks.yaml | 0 .../apps/media/kustomization.yaml | 0 .../media/mediabox/app/bazarr-ingress.yaml | 0 .../apps/media/mediabox/app/gaps-ingress.yaml | 0 .../media/mediabox/app/kustomization.yaml | 0 .../media/mediabox/app/lldap-ingress.yaml | 0 .../media/mediabox/app/notifiarr-ingress.yaml | 0 .../media/mediabox/app/prowlarr-exporter.yaml | 0 .../media/mediabox/app/prowlarr-ingress.yaml | 0 .../media/mediabox/app/radarr-exporter.yaml | 0 .../media/mediabox/app/radarr-ingress.yaml | 0 .../media/mediabox/app/sabnzbd-ingress.yaml | 0 .../apps/media/mediabox/app/service.yaml | 0 .../media/mediabox/app/sonar-ingress.yaml | 0 .../media/mediabox/app/sonarr-exporter.yaml | 0 .../test-cluster/apps/media/mediabox/ks.yaml | 0 .../test-cluster/apps/media/namespace.yaml | 0 .../media/plex-exporter/app/configmap.yaml | 0 .../media/plex-exporter/app/deployment.yaml | 0 .../plex-exporter/app/grafana-dashboard.yaml | 0 .../plex-exporter/app/kustomization.yaml | 0 .../app/plex-exporter-grafana-dashboard.json | 0 .../plex-exporter/app/service-monitor.yaml | 0 .../apps/media/plex-exporter/app/service.yaml | 0 .../apps/media/plex-exporter/ks.yaml | 0 .../plex-trakt-sync/app/config/config.yml | 0 .../plex-trakt-sync/app/helmrelease.yaml | 0 .../plex-trakt-sync/app/kustomization.yaml | 0 .../apps/media/plex-trakt-sync/ks.yaml | 0 .../apps/media/podsync/app/config/config.toml | 0 .../apps/media/podsync/app/helmrelease.yaml | 0 .../apps/media/podsync/app/kustomization.yaml | 0 .../test-cluster/apps/media/podsync/ks.dis | 0 .../apps/media/tautulli/app/helmrelease.yaml | 0 .../media/tautulli/app/kustomization.yaml | 0 .../media/tautulli/exporter/helmrelease.yaml | 0 .../tautulli/exporter/kustomization.yaml | 0 .../test-cluster/apps/media/tautulli/ks.yaml | 0 .../cloudflare-ddns/app/cloudflare-ddns.sh | 0 .../cloudflare-ddns/app/helmrelease.yaml | 0 .../cloudflare-ddns/app/kustomization.yaml | 0 .../apps/networking/cloudflare-ddns/ks.yaml | 0 .../external-dns/app/dnsendpoint-crd.yaml | 0 .../external-dns/app/helmrelease.yaml | 0 .../external-dns/app/kustomization.yaml | 0 .../external-dns/app/secret.sops.yaml | 0 .../apps/networking/external-dns/ks.yaml | 0 .../ingress-nginx/app/helmrelease.yaml | 0 .../ingress-nginx/app/kustomization.yaml | 0 .../certificates/kustomization.yaml | 0 .../certificates/production.yaml | 0 .../ingress-nginx/certificates/staging.yaml | 0 .../apps/networking/ingress-nginx/ks.yaml | 0 .../app/helmrelease.yaml | 0 .../app/kustomization.yaml | 0 .../app/secret.sops.yaml | 0 .../ingressmonitorcontroller/ks.yaml | 0 .../k8s-gateway/app/helmrelease.yaml | 0 .../k8s-gateway/app/kustomization.yaml | 0 .../apps/networking/k8s-gateway/ks.yaml | 0 .../apps/networking/kustomization.yaml | 0 .../networking/metallb/app/helmrelease.yaml | 0 .../networking/metallb/app/kustomization.yaml | 0 .../metallb/config/kustomization.yaml | 0 .../networking/metallb/config/resources.yaml | 0 .../apps/networking/metallb/ks.disable | 0 .../apps/networking/namespace.yaml | 0 .../apps/networking/phpipam/ks.yaml | 0 .../phpipam/phpipam-db/database.yaml | 0 .../networking/phpipam/phpipam-db/grant.yaml | 0 .../phpipam/phpipam-db/kustomization.yaml | 0 .../phpipam/phpipam-db/secret.sops.yaml | 0 .../networking/phpipam/phpipam-db/user.yaml | 0 .../phpipam/phpipam-web/deployment.yaml | 0 .../phpipam/phpipam-web/ingress.yaml | 0 .../phpipam/phpipam-web/kustomization.yaml | 0 .../phpipam/phpipam-web/service.yaml | 0 .../networking/traefik/app/helm-release.yaml | 0 .../networking/traefik/app/kustomization.yaml | 0 .../config/certificates/kustomization.yaml | 0 .../config/certificates/production.yaml | 0 .../traefik/config/certificates/staging.yaml | 0 .../traefik/config/dashboard/ingress.yaml | 0 .../config/dashboard/kustomization.yaml | 0 .../traefik/config/kustomization.yaml | 0 .../traefik/config/middlewares/authelia.yaml | 0 .../config/middlewares/cloudflare-only.yaml | 0 .../config/middlewares/internal-only.yaml | 0 .../config/middlewares/kustomization.yaml | 0 .../serverstransport/insecureskipverify.yaml | 0 .../serverstransport/kustomization.yaml | 0 .../traefik/config/tls-store/default.yaml | 0 .../config/tls-store/kustomization.yaml | 0 .../apps/networking/traefik/ks.dis | 0 .../networking/vpn/app/ingressroutetcp.yaml | 0 .../networking/vpn/app/kustomization.yaml | 0 .../apps/networking/vpn/app/service.yaml | 0 .../test-cluster/apps/networking/vpn/ks.dis | 0 .../app/alertmanager-discord-config.yaml | 0 .../app/alertmanager-discord-deployment.yaml | 0 .../app/alertmanager-discord-service.yaml | 0 .../app/kustomization.yaml | 0 .../alertmanager-discord/app/secret.sops.yaml | 0 .../alertmanager-discord/ks.yaml | 0 .../gatus/app/config/config.yaml | 0 .../gatus/app/externalsecret.yaml | 0 .../observability/gatus/app/helmrelease.yaml | 0 .../gatus/app/kustomization.yaml | 0 .../apps/observability/gatus/app/rbac.yaml | 0 .../apps/observability/gatus/ks.yaml | 0 .../goldilocks/app/helmrelease.yaml | 0 .../goldilocks/app/kustomization.yaml | 0 .../apps/observability/goldilocks/ks.yaml | 0 .../grafana/app/helmrelease.yaml | 0 .../grafana/app/kustomization.yaml | 0 .../grafana/app/secret.sops.yaml | 0 .../apps/observability/grafana/ks.yaml | 0 .../app/helmrelease.yaml | 0 .../app/kustomization.yaml | 0 .../config/kustomization.yaml | 0 .../config/prometheusrules.yaml | 0 .../config/scrapeconfigs.yaml | 0 .../kube-prometheus-stack/ks.yaml | 0 .../kubernetes-dashboard/app/helmrelease.yaml | 0 .../app/kustomization.yaml | 0 .../kubernetes-dashboard/app/rbac.yaml | 0 .../kubernetes-dashboard/ks.yaml | 0 .../apps/observability/kustomization.yaml | 0 .../observability/loki/app/configmap.yaml | 0 .../observability/loki/app/helmrelease.yaml | 0 .../observability/loki/app/kustomization.yaml | 0 .../loki/app/servicemonitor.yaml | 0 .../apps/observability/loki/ks.dis | 0 .../apps/observability/namespace.yaml | 0 .../netdata/app/helmrelease.yaml | 0 .../netdata/app/kustomization.yaml | 0 .../apps/observability/netdata/ks.dis | 0 .../app/helmrelease.yaml | 0 .../app/kustomization.yaml | 0 .../app/prometheusrule.yaml | 0 .../prometheus-pushgateway/ks.yaml | 0 .../unpoller/app/helmrelease.yaml | 0 .../unpoller/app/kustomization.yaml | 0 .../unpoller/config/kustomization.yaml | 0 .../unpoller/config/prometheusrule.yaml | 0 .../apps/observability/unpoller/ks.yaml | 0 .../vector/agent/helmrelease.yaml | 0 .../vector/agent/kustomization.yaml | 0 .../vector/aggregator/helmrelease.yaml | 0 .../vector/aggregator/kustomization.yaml | 0 .../apps/observability/vector/ks.yaml | 0 .../observability/vpa/app/helmrelease.yaml | 0 .../observability/vpa/app/kustomization.yaml | 0 .../apps/observability/vpa/ks.yaml | 0 .../apps/security/external-secrets/ks.yaml | 0 .../operator/helmrelease.yaml | 0 .../operator/kustomization.yaml | 0 .../secretstores/doppler/kustomization.yaml | 0 .../secretstores/doppler/secret.sops.yaml | 0 .../secretstores/doppler/secretstore.yaml | 0 .../secretstores/kustomization.yaml | 0 .../secretstores/onepassword/helmrelease.yaml | 0 .../onepassword/kustomization.yaml | 0 .../secretstores/onepassword/secret.sops.yaml | 0 .../secretstores/onepassword/secretstore.yaml | 0 .../apps/security/kustomization.yaml | 0 .../test-cluster/apps/security/namespace.yaml | 0 .../csi-driver-nfs/app/helmrelease.yaml | 0 .../csi-driver-nfs/app/kustomization.yaml | 0 .../csi-driver-nfs/app/storageclass.yaml | 0 .../apps/storage/csi-driver-nfs/ks.yaml | 0 .../democratic-csi/app/helmrelease.yaml | 0 .../democratic-csi/app/kustomization.yaml | 0 .../apps/storage/democratic-csi/ks.dis | 0 .../apps/storage/kustomization.yaml | 0 .../storage/longhorn/app/helm-release.yaml | 0 .../storage/longhorn/app/kustomization.yaml | 0 .../storage/longhorn/conf/kustomization.yaml | 0 .../conf/monitoring/kustomization.yaml | 0 .../conf/monitoring/prometheusrule.yaml | 0 .../conf/monitoring/servicemonitor.yaml | 0 .../longhorn/conf/other/kustomization.yaml | 0 .../longhorn/conf/other/systembackup.yaml | 0 .../conf/recurringjobs/30min-snapshot.yaml | 0 .../conf/recurringjobs/daily-backup.yaml | 0 .../conf/recurringjobs/daily-cleanup.yaml | 0 .../conf/recurringjobs/daily-delete.yaml | 0 .../conf/recurringjobs/daily-trim.yaml | 0 .../conf/recurringjobs/hourly-backup.yaml | 0 .../conf/recurringjobs/kustomization.yaml | 0 .../storage/longhorn/conf/snap-class.yaml | 0 .../apps/storage/longhorn/ks.yaml | 0 .../longhorn/prereq/kustomization.yaml | 0 .../prereq/longhorn-iscsi-installation.yaml | 0 .../test-cluster/apps/storage/namespace.yaml | 0 .../snapshot-controller/app/helmrelease.yaml | 0 .../app/kustomization.yaml | 0 .../storage/snapshot-controller/app/pki.yaml | 0 .../apps/storage/snapshot-controller/ks.yaml | 0 .../storage/synology-csi/app/clients.yaml | 0 .../storage/synology-csi/app/helmrelease.yaml | 0 .../synology-csi/app/kustomization.yaml | 0 .../apps/storage/synology-csi/ks.dis | 0 .../apps/storage/velero/app/helmrelease.yaml | 0 .../storage/velero/app/kustomization.yaml | 0 .../storage/velero/app/resourcepolicy.yaml | 0 .../apps/storage/velero/app/secret.sops.yaml | 0 .../test-cluster/apps/storage/velero/ks.yaml | 0 .../apps/storage/volsync/app/helmrelease.yaml | 0 .../storage/volsync/app/kustomization.yaml | 0 .../storage/volsync/app/prometheusrule.yaml | 0 .../test-cluster/apps/storage/volsync/ks.yaml | 0 .../apps/system-upgrade/kustomization.yaml | 0 .../apps/system-upgrade/namespace.yaml | 0 .../app/kustomization.yaml | 0 .../system-upgrade-controller/ks.yaml | 0 .../plans/agent.yaml | 0 .../plans/kustomization.yaml | 0 .../plans/server.yaml | 0 .../plans/ubuntu.yaml | 0 .../test-cluster/bootstrap/kustomization.yaml | 0 .../kubernetes}/test-cluster/flux/apps.yaml | 0 .../test-cluster/flux/config/cluster.yaml | 0 .../test-cluster/flux/config/flux.yaml | 0 .../flux/config/kustomization.yaml | 0 .../flux/repositories/git/kustomization.yaml | 0 .../git/local-path-provisioner.yaml | 0 .../repositories/git/synology-csi-chart.yaml | 0 .../flux/repositories/helm/backube.yaml | 0 .../flux/repositories/helm/bitnami.yaml | 0 .../flux/repositories/helm/bjw-s.yaml | 0 .../flux/repositories/helm/cilium.yaml | 0 .../flux/repositories/helm/crossplane.yaml | 0 .../repositories/helm/csi-driver-nfs.yaml | 0 .../repositories/helm/deliveryheroio.yaml | 0 .../repositories/helm/democratic-csi.yaml | 0 .../flux/repositories/helm/external-dns.yaml | 0 .../repositories/helm/external-secrets.yaml | 0 .../flux/repositories/helm/fairwinds.yaml | 0 .../flux/repositories/helm/grafana.yaml | 0 .../flux/repositories/helm/hajimari.yaml | 0 .../flux/repositories/helm/ingress-nginx.yaml | 0 .../flux/repositories/helm/jetstack.yaml | 0 .../flux/repositories/helm/k8s-gateway.yaml | 0 .../flux/repositories/helm/kubereboot.yaml | 0 .../helm/kubernetes-dashboard.yaml | 0 .../kubernetes-sigs-descheduler-charts.yaml | 0 .../flux/repositories/helm/kustomization.yaml | 0 .../flux/repositories/helm/longhorn.yaml | 0 .../repositories/helm/mariadb-operator.yaml | 0 .../flux/repositories/helm/metallb.yaml | 0 .../repositories/helm/metrics-server.yaml | 0 .../helm/minecraft-server-charts.yaml | 0 .../flux/repositories/helm/minio.yaml | 0 .../repositories/helm/mittwald-charts.yaml | 0 .../flux/repositories/helm/netdata.yaml | 0 .../flux/repositories/helm/piraeus.yaml | 0 .../helm/prometheus-community.yaml | 0 .../flux/repositories/helm/rancher.yaml | 0 .../flux/repositories/helm/s3gw-charts.yaml | 0 .../flux/repositories/helm/stakater.yaml | 0 .../repositories/helm/traefik-charts.yaml | 0 .../flux/repositories/helm/vector-charts.yaml | 0 .../flux/repositories/helm/vmware-charts.yaml | 0 .../flux/repositories/helm/weave-gitops.yaml | 0 .../flux/repositories/kustomization.yaml | 0 .../flux/repositories/oci/.gitkeep | 0 .../flux/vars/cluster-secrets.sops.yaml | 0 .../flux/vars/cluster-settings.yaml | 0 .../test-cluster/flux/vars/kustomization.yaml | 0 .../shared/gatus/check/configmap.yaml | 0 .../shared/gatus/check/kustomization.yaml | 0 .../shared/gatus/dns-only/configmap.yaml | 0 .../shared/gatus/dns-only/kustomization.yaml | 0 .../test-cluster/shared/volsync/claim.yaml | 0 .../shared/volsync/kustomization.yaml | 0 .../test-cluster/shared/volsync/minio.yaml | 0 .../cert-manager/app/helmrelease.yaml | 0 .../cert-manager/app/kustomization.yaml | 0 .../cert-manager/app/prometheusrule.yaml | 0 .../cert-manager/issuers/issuers.yaml | 0 .../cert-manager/issuers/kustomization.yaml | 0 .../cert-manager/issuers/secret.sops.yaml | 0 .../apps/cert-manager/cert-manager/ks.yaml | 0 .../tpi/apps/cert-manager/kustomization.yaml | 0 .../tpi/apps/cert-manager/namespace.yaml | 0 .../crossplane/app/helmrelease.yaml | 0 .../crossplane/app/kustomization.yaml | 0 .../apps/crossplane-system/crossplane/ks.yaml | 0 .../apps/crossplane-system/kustomization.yaml | 0 .../tpi/apps/crossplane-system/namespace.yaml | 0 .../tpi/apps/database/kustomization.yaml | 0 .../database/mariadb/instance/backup.yaml | 0 .../mariadb/instance/kustomization.yaml | 0 .../database/mariadb/instance/mariadb.yaml | 0 .../mariadb/instance/secret.sops.yaml | 0 .../tpi/apps/database/mariadb/ks.yaml | 0 .../mariadb/operator/helmrelease.yaml | 0 .../mariadb/operator/kustomization.yaml | 0 .../tpi/apps/database/namespace.yaml | 0 .../default/code-server/app/helmrelease.yaml | 0 .../code-server/app/kustomization.yaml | 0 .../tpi/apps/default/code-server/ks.yaml | 0 .../apps/default/dashy/app/config/conf.yml | 0 .../apps/default/dashy/app/helmrelease.yaml | 0 .../apps/default/dashy/app/kustomization.yaml | 0 .../tpi/apps/default/dashy/ks.yaml | 0 .../apps/default/drop/app/helmrelease.yaml | 0 .../apps/default/drop/app/kustomization.yaml | 0 .../kubernetes}/tpi/apps/default/drop/ks.yaml | 0 .../default/echo-server/app/helmrelease.yaml | 0 .../echo-server/app/kustomization.yaml | 0 .../tpi/apps/default/echo-server/ks.yaml | 0 .../default/hajimari/app/helmrelease.yaml | 0 .../default/hajimari/app/kustomization.yaml | 0 .../tpi/apps/default/hajimari/ks.yaml | 0 .../default/headscale/app/helmrelease.yaml | 0 .../default/headscale/app/kustomization.yaml | 0 .../apps/default/headscale/ks.yaml.disabled | 0 .../default/jdownloader/app/helmrelease.yaml | 0 .../jdownloader/app/kustomization.yaml | 0 .../default/jdownloader/app/secret.sops.yaml | 0 .../tpi/apps/default/jdownloader/ks.yaml | 0 .../tpi/apps/default/kasm/app/ingress.yaml | 0 .../apps/default/kasm/app/kustomization.yaml | 0 .../tpi/apps/default/kasm/app/service.yaml | 0 .../kubernetes}/tpi/apps/default/kasm/ks.yaml | 0 .../tpi/apps/default/kustomization.yaml | 0 .../default/linkding/app/helmrelease.yaml | 0 .../default/linkding/app/kustomization.yaml | 0 .../default/linkding/app/secret.sops.yaml | 0 .../tpi/apps/default/linkding/ks.yaml | 0 .../tpi/apps/default/namespace.yaml | 0 .../apps/default/octoprint/app/ingress.yaml | 0 .../default/octoprint/app/kustomization.yaml | 0 .../apps/default/octoprint/app/service.yaml | 0 .../tpi/apps/default/octoprint/ks.yaml | 0 .../paperless/app/helmrelease-gotenberg.yaml | 0 .../paperless/app/helmrelease-tika.yaml | 0 .../default/paperless/app/helmrelease.yaml | 0 .../default/paperless/app/kustomization.yaml | 0 .../default/paperless/app/secret.sops.yaml | 0 .../tpi/apps/default/paperless/ks.yaml | 0 .../default/paperless/redis/helmrelease.yaml | 0 .../paperless/redis/kustomization.yaml | 0 .../apps/default/s3gw/app/helmrelease.yaml | 0 .../apps/default/s3gw/app/kustomization.yaml | 0 .../tpi/apps/default/s3gw/ks.yaml.disabled | 0 .../default/sharry/app/config/sharry.conf | 0 .../apps/default/sharry/app/helmrelease.yaml | 0 .../default/sharry/app/kustomization.yaml | 0 .../tpi/apps/default/sharry/ks.yaml | 0 .../default/smtp-relay/app/config/maddy.conf | 0 .../smtp-relay/app/externalsecret.yaml | 0 .../default/smtp-relay/app/helmrelease.yaml | 0 .../default/smtp-relay/app/kustomization.yaml | 0 .../tpi/apps/default/smtp-relay/ks.yaml | 0 .../default/webtrees/app/helmrelease.yaml | 0 .../default/webtrees/app/kustomization.yaml | 0 .../default/webtrees/app/secret.sops.yaml | 0 .../tpi/apps/default/webtrees/db/cronjob.yaml | 0 .../apps/default/webtrees/db/helmrelease.yaml | 0 .../default/webtrees/db/kustomization.yaml | 0 .../apps/default/webtrees/db/secret.sops.yaml | 0 .../tpi/apps/default/webtrees/ks.yaml | 0 .../tpi/apps/flux-system/addons/ks.yaml | 0 .../addons/monitoring/kustomization.yaml | 0 .../addons/monitoring/podmonitor.yaml | 0 .../addons/monitoring/prometheusrule.yaml | 0 .../addons/webhooks/github/ingress.yaml | 0 .../addons/webhooks/github/kustomization.yaml | 0 .../addons/webhooks/github/receiver.yaml | 0 .../addons/webhooks/github/secret.sops.yaml | 0 .../addons/webhooks/kustomization.yaml | 0 .../tpi/apps/flux-system/kustomization.yaml | 0 .../tpi/apps/flux-system/namespace.yaml | 0 .../weave-gitops/app/helmrelease.yaml | 0 .../weave-gitops/app/kustomization.yaml | 0 .../flux-system/weave-gitops/app/rbac.yaml | 0 .../weave-gitops/app/secret.sops.yaml | 0 .../tpi/apps/flux-system/weave-gitops/ks.yaml | 0 .../tpi/apps/games/kustomization.yaml | 0 .../games/minecraft-server/app/backup-sa.yaml | 0 .../app/helmrelease-creative.yaml | 0 .../app/helmrelease-family.yaml | 0 .../app/helmrelease-insel.yaml | 0 .../app/helmrelease-survival.yaml | 0 .../minecraft-server/app/kustomization.yaml | 0 .../games/minecraft-server/app/mc-backup.sh | 0 .../minecraft-server/app/monitoring.yaml | 0 .../tpi/apps/games/minecraft-server/ks.dis | 0 .../kubernetes}/tpi/apps/games/namespace.yaml | 0 .../kube-system/cilium/app/helmrelease.yaml | 0 .../kube-system/cilium/app/kustomization.yaml | 0 .../kube-system/cilium/config/cilium-l2.yaml | 0 .../cilium/config/kustomization.yaml | 0 .../tpi/apps/kube-system/cilium/ks.yaml | 0 .../app/kustomization.yaml | 0 .../container-object-storage-interface/ks.dis | 0 .../descheduler/app/helmrelease.yaml | 0 .../descheduler/app/kustomization.yaml | 0 .../tpi/apps/kube-system/descheduler/ks.yaml | 0 .../kube-system/kube-vip/app/daemonset.yaml | 0 .../kube-vip/app/kustomization.yaml | 0 .../apps/kube-system/kube-vip/app/rbac.yaml | 0 .../tpi/apps/kube-system/kube-vip/ks.dis | 0 .../app/helmrelease.yaml | 0 .../app/kustomization.yaml | 0 .../kube-system/kubernetes-replicator/ks.yaml | 0 .../kube-system/kured/app/helmrelease.yaml | 0 .../kube-system/kured/app/kustomization.yaml | 0 .../kube-system/kured/app/prometheusrule.yaml | 0 .../tpi/apps/kube-system/kured/ks.yaml | 0 .../tpi/apps/kube-system/kustomization.yaml | 0 .../app/helmrelease.yaml | 0 .../app/kustomization.yaml | 0 .../kube-system/local-path-provisioner/ks.dis | 0 .../metrics-server/app/helmrelease.yaml | 0 .../metrics-server/app/kustomization.yaml | 0 .../apps/kube-system/metrics-server/ks.yaml | 0 .../tpi/apps/kube-system/namespace.yaml | 0 .../app/helmrelease.yaml | 0 .../app/kustomization.yaml | 0 .../kube-system/node-problem-detector/ks.yaml | 0 .../kube-system/reloader/app/helmrelease.yaml | 0 .../reloader/app/kustomization.yaml | 0 .../tpi/apps/kube-system/reloader/ks.yaml | 0 .../media/calibre-web/app/helmrelease.yaml | 0 .../media/calibre-web/app/kustomization.yaml | 0 .../tpi/apps/media/calibre-web/ks.yaml | 0 .../tpi/apps/media/kustomization.yaml | 0 .../media/mediabox/app/bazarr-ingress.yaml | 0 .../apps/media/mediabox/app/gaps-ingress.yaml | 0 .../media/mediabox/app/kustomization.yaml | 0 .../media/mediabox/app/lldap-ingress.yaml | 0 .../media/mediabox/app/notifiarr-ingress.yaml | 0 .../media/mediabox/app/prowlarr-exporter.yaml | 0 .../media/mediabox/app/prowlarr-ingress.yaml | 0 .../media/mediabox/app/radarr-exporter.yaml | 0 .../media/mediabox/app/radarr-ingress.yaml | 0 .../media/mediabox/app/sabnzbd-ingress.yaml | 0 .../tpi/apps/media/mediabox/app/service.yaml | 0 .../media/mediabox/app/sonar-ingress.yaml | 0 .../media/mediabox/app/sonarr-exporter.yaml | 0 .../tpi/apps/media/mediabox/ks.yaml | 0 .../kubernetes}/tpi/apps/media/namespace.yaml | 0 .../media/plex-exporter/app/configmap.yaml | 0 .../media/plex-exporter/app/deployment.yaml | 0 .../plex-exporter/app/grafana-dashboard.yaml | 0 .../plex-exporter/app/kustomization.yaml | 0 .../app/plex-exporter-grafana-dashboard.json | 0 .../plex-exporter/app/service-monitor.yaml | 0 .../apps/media/plex-exporter/app/service.yaml | 0 .../tpi/apps/media/plex-exporter/ks.yaml | 0 .../plex-trakt-sync/app/config/config.yml | 0 .../plex-trakt-sync/app/helmrelease.yaml | 0 .../plex-trakt-sync/app/kustomization.yaml | 0 .../tpi/apps/media/plex-trakt-sync/ks.yaml | 0 .../apps/media/podsync/app/config/config.toml | 0 .../apps/media/podsync/app/helmrelease.yaml | 0 .../apps/media/podsync/app/kustomization.yaml | 0 .../kubernetes}/tpi/apps/media/podsync/ks.dis | 0 .../apps/media/tautulli/app/helmrelease.yaml | 0 .../media/tautulli/app/kustomization.yaml | 0 .../media/tautulli/exporter/helmrelease.yaml | 0 .../tautulli/exporter/kustomization.yaml | 0 .../tpi/apps/media/tautulli/ks.yaml | 0 .../cloudflare-ddns/app/cloudflare-ddns.sh | 0 .../cloudflare-ddns/app/helmrelease.yaml | 0 .../cloudflare-ddns/app/kustomization.yaml | 0 .../apps/networking/cloudflare-ddns/ks.yaml | 0 .../external-dns/app/dnsendpoint-crd.yaml | 0 .../external-dns/app/helmrelease.yaml | 0 .../external-dns/app/kustomization.yaml | 0 .../external-dns/app/secret.sops.yaml | 0 .../tpi/apps/networking/external-dns/ks.yaml | 0 .../ingress-nginx/app/helmrelease.yaml | 0 .../ingress-nginx/app/kustomization.yaml | 0 .../certificates/kustomization.yaml | 0 .../certificates/production.yaml | 0 .../ingress-nginx/certificates/staging.yaml | 0 .../tpi/apps/networking/ingress-nginx/ks.yaml | 0 .../app/helmrelease.yaml | 0 .../app/kustomization.yaml | 0 .../app/secret.sops.yaml | 0 .../ingressmonitorcontroller/ks.yaml | 0 .../k8s-gateway/app/helmrelease.yaml | 0 .../k8s-gateway/app/kustomization.yaml | 0 .../tpi/apps/networking/k8s-gateway/ks.yaml | 0 .../tpi/apps/networking/kustomization.yaml | 0 .../networking/metallb/app/helmrelease.yaml | 0 .../networking/metallb/app/kustomization.yaml | 0 .../metallb/config/kustomization.yaml | 0 .../networking/metallb/config/resources.yaml | 0 .../tpi/apps/networking/metallb/ks.disable | 0 .../tpi/apps/networking/namespace.yaml | 0 .../tpi/apps/networking/phpipam/ks.yaml | 0 .../phpipam/phpipam-db/database.yaml | 0 .../networking/phpipam/phpipam-db/grant.yaml | 0 .../phpipam/phpipam-db/kustomization.yaml | 0 .../phpipam/phpipam-db/secret.sops.yaml | 0 .../networking/phpipam/phpipam-db/user.yaml | 0 .../phpipam/phpipam-web/deployment.yaml | 0 .../phpipam/phpipam-web/ingress.yaml | 0 .../phpipam/phpipam-web/kustomization.yaml | 0 .../phpipam/phpipam-web/service.yaml | 0 .../networking/traefik/app/helm-release.yaml | 0 .../networking/traefik/app/kustomization.yaml | 0 .../config/certificates/kustomization.yaml | 0 .../config/certificates/production.yaml | 0 .../traefik/config/certificates/staging.yaml | 0 .../traefik/config/dashboard/ingress.yaml | 0 .../config/dashboard/kustomization.yaml | 0 .../traefik/config/kustomization.yaml | 0 .../traefik/config/middlewares/authelia.yaml | 0 .../config/middlewares/cloudflare-only.yaml | 0 .../config/middlewares/internal-only.yaml | 0 .../config/middlewares/kustomization.yaml | 0 .../serverstransport/insecureskipverify.yaml | 0 .../serverstransport/kustomization.yaml | 0 .../traefik/config/tls-store/default.yaml | 0 .../config/tls-store/kustomization.yaml | 0 .../tpi/apps/networking/traefik/ks.dis | 0 .../networking/vpn/app/ingressroutetcp.yaml | 0 .../networking/vpn/app/kustomization.yaml | 0 .../tpi/apps/networking/vpn/app/service.yaml | 0 .../tpi/apps/networking/vpn/ks.dis | 0 .../app/alertmanager-discord-config.yaml | 0 .../app/alertmanager-discord-deployment.yaml | 0 .../app/alertmanager-discord-service.yaml | 0 .../app/kustomization.yaml | 0 .../alertmanager-discord/app/secret.sops.yaml | 0 .../alertmanager-discord/ks.yaml | 0 .../gatus/app/config/config.yaml | 0 .../gatus/app/externalsecret.yaml | 0 .../observability/gatus/app/helmrelease.yaml | 0 .../gatus/app/kustomization.yaml | 0 .../apps/observability/gatus/app/rbac.yaml | 0 .../tpi/apps/observability/gatus/ks.yaml | 0 .../goldilocks/app/helmrelease.yaml | 0 .../goldilocks/app/kustomization.yaml | 0 .../tpi/apps/observability/goldilocks/ks.yaml | 0 .../grafana/app/helmrelease.yaml | 0 .../grafana/app/kustomization.yaml | 0 .../grafana/app/secret.sops.yaml | 0 .../tpi/apps/observability/grafana/ks.yaml | 0 .../app/helmrelease.yaml | 0 .../app/kustomization.yaml | 0 .../config/kustomization.yaml | 0 .../config/prometheusrules.yaml | 0 .../config/scrapeconfigs.yaml | 0 .../kube-prometheus-stack/ks.yaml | 0 .../kubernetes-dashboard/app/helmrelease.yaml | 0 .../app/kustomization.yaml | 0 .../kubernetes-dashboard/app/rbac.yaml | 0 .../kubernetes-dashboard/ks.yaml | 0 .../tpi/apps/observability/kustomization.yaml | 0 .../observability/loki/app/configmap.yaml | 0 .../observability/loki/app/helmrelease.yaml | 0 .../observability/loki/app/kustomization.yaml | 0 .../loki/app/servicemonitor.yaml | 0 .../tpi/apps/observability/loki/ks.dis | 0 .../tpi/apps/observability/namespace.yaml | 0 .../netdata/app/helmrelease.yaml | 0 .../netdata/app/kustomization.yaml | 0 .../tpi/apps/observability/netdata/ks.dis | 0 .../app/helmrelease.yaml | 0 .../app/kustomization.yaml | 0 .../app/prometheusrule.yaml | 0 .../prometheus-pushgateway/ks.yaml | 0 .../unpoller/app/helmrelease.yaml | 0 .../unpoller/app/kustomization.yaml | 0 .../unpoller/config/kustomization.yaml | 0 .../unpoller/config/prometheusrule.yaml | 0 .../tpi/apps/observability/unpoller/ks.yaml | 0 .../vector/agent/helmrelease.yaml | 0 .../vector/agent/kustomization.yaml | 0 .../vector/aggregator/helmrelease.yaml | 0 .../vector/aggregator/kustomization.yaml | 0 .../tpi/apps/observability/vector/ks.yaml | 0 .../observability/vpa/app/helmrelease.yaml | 0 .../observability/vpa/app/kustomization.yaml | 0 .../tpi/apps/observability/vpa/ks.yaml | 0 .../apps/security/external-secrets/ks.yaml | 0 .../operator/helmrelease.yaml | 0 .../operator/kustomization.yaml | 0 .../secretstores/doppler/kustomization.yaml | 0 .../secretstores/doppler/secret.sops.yaml | 0 .../secretstores/doppler/secretstore.yaml | 0 .../secretstores/kustomization.yaml | 0 .../secretstores/onepassword/helmrelease.yaml | 0 .../onepassword/kustomization.yaml | 0 .../secretstores/onepassword/secret.sops.yaml | 0 .../secretstores/onepassword/secretstore.yaml | 0 .../tpi/apps/security/kustomization.yaml | 0 .../tpi/apps/security/namespace.yaml | 0 .../csi-driver-nfs/app/helmrelease.yaml | 0 .../csi-driver-nfs/app/kustomization.yaml | 0 .../csi-driver-nfs/app/storageclass.yaml | 0 .../tpi/apps/storage/csi-driver-nfs/ks.yaml | 0 .../democratic-csi/app/helmrelease.yaml | 0 .../democratic-csi/app/kustomization.yaml | 0 .../tpi/apps/storage/democratic-csi/ks.dis | 0 .../tpi/apps/storage/kustomization.yaml | 0 .../storage/longhorn/app/helm-release.yaml | 0 .../storage/longhorn/app/kustomization.yaml | 0 .../storage/longhorn/conf/kustomization.yaml | 0 .../conf/monitoring/kustomization.yaml | 0 .../conf/monitoring/prometheusrule.yaml | 0 .../conf/monitoring/servicemonitor.yaml | 0 .../longhorn/conf/other/kustomization.yaml | 0 .../longhorn/conf/other/systembackup.yaml | 0 .../conf/recurringjobs/30min-snapshot.yaml | 0 .../conf/recurringjobs/daily-backup.yaml | 0 .../conf/recurringjobs/daily-cleanup.yaml | 0 .../conf/recurringjobs/daily-delete.yaml | 0 .../conf/recurringjobs/daily-trim.yaml | 0 .../conf/recurringjobs/hourly-backup.yaml | 0 .../conf/recurringjobs/kustomization.yaml | 0 .../storage/longhorn/conf/snap-class.yaml | 0 .../tpi/apps/storage/longhorn/ks.yaml | 0 .../longhorn/prereq/kustomization.yaml | 0 .../prereq/longhorn-iscsi-installation.yaml | 0 .../tpi/apps/storage/namespace.yaml | 0 .../snapshot-controller/app/helmrelease.yaml | 0 .../app/kustomization.yaml | 0 .../storage/snapshot-controller/app/pki.yaml | 0 .../apps/storage/snapshot-controller/ks.yaml | 0 .../storage/synology-csi/app/clients.yaml | 0 .../storage/synology-csi/app/helmrelease.yaml | 0 .../synology-csi/app/kustomization.yaml | 0 .../tpi/apps/storage/synology-csi/ks.dis | 0 .../apps/storage/velero/app/helmrelease.yaml | 0 .../storage/velero/app/kustomization.yaml | 0 .../storage/velero/app/resourcepolicy.yaml | 0 .../apps/storage/velero/app/secret.sops.yaml | 0 .../tpi/apps/storage/velero/ks.dis | 0 .../apps/storage/volsync/app/helmrelease.yaml | 0 .../storage/volsync/app/kustomization.yaml | 0 .../storage/volsync/app/prometheusrule.yaml | 0 .../tpi/apps/storage/volsync/ks.yaml | 0 .../apps/system-upgrade/kustomization.yaml | 0 .../tpi/apps/system-upgrade/namespace.yaml | 0 .../app/kustomization.yaml | 0 .../system-upgrade-controller/ks.yaml | 0 .../plans/agent.yaml | 0 .../plans/kustomization.yaml | 0 .../plans/server.yaml | 0 .../plans/ubuntu.yaml | 0 .../tpi/bootstrap/kustomization.yaml | 0 .../pre_talos/kubernetes}/tpi/flux/apps.yaml | 0 .../kubernetes}/tpi/flux/config/cluster.yaml | 0 .../kubernetes}/tpi/flux/config/flux.yaml | 0 .../tpi/flux/config/kustomization.yaml | 0 .../flux/repositories/git/kustomization.yaml | 0 .../git/local-path-provisioner.yaml | 0 .../repositories/git/synology-csi-chart.yaml | 0 .../tpi/flux/repositories/helm/backube.yaml | 0 .../tpi/flux/repositories/helm/bitnami.yaml | 0 .../tpi/flux/repositories/helm/bjw-s.yaml | 0 .../tpi/flux/repositories/helm/cilium.yaml | 0 .../flux/repositories/helm/crossplane.yaml | 0 .../repositories/helm/csi-driver-nfs.yaml | 0 .../repositories/helm/deliveryheroio.yaml | 0 .../repositories/helm/democratic-csi.yaml | 0 .../flux/repositories/helm/external-dns.yaml | 0 .../repositories/helm/external-secrets.yaml | 0 .../tpi/flux/repositories/helm/fairwinds.yaml | 0 .../tpi/flux/repositories/helm/grafana.yaml | 0 .../tpi/flux/repositories/helm/hajimari.yaml | 0 .../flux/repositories/helm/ingress-nginx.yaml | 0 .../tpi/flux/repositories/helm/jetstack.yaml | 0 .../flux/repositories/helm/k8s-gateway.yaml | 0 .../flux/repositories/helm/kubereboot.yaml | 0 .../helm/kubernetes-dashboard.yaml | 0 .../kubernetes-sigs-descheduler-charts.yaml | 0 .../flux/repositories/helm/kustomization.yaml | 0 .../tpi/flux/repositories/helm/longhorn.yaml | 0 .../repositories/helm/mariadb-operator.yaml | 0 .../tpi/flux/repositories/helm/metallb.yaml | 0 .../repositories/helm/metrics-server.yaml | 0 .../helm/minecraft-server-charts.yaml | 0 .../tpi/flux/repositories/helm/minio.yaml | 0 .../repositories/helm/mittwald-charts.yaml | 0 .../tpi/flux/repositories/helm/netdata.yaml | 0 .../tpi/flux/repositories/helm/piraeus.yaml | 0 .../helm/prometheus-community.yaml | 0 .../tpi/flux/repositories/helm/rancher.yaml | 0 .../flux/repositories/helm/s3gw-charts.yaml | 0 .../tpi/flux/repositories/helm/stakater.yaml | 0 .../repositories/helm/traefik-charts.yaml | 0 .../flux/repositories/helm/vector-charts.yaml | 0 .../flux/repositories/helm/vmware-charts.yaml | 0 .../flux/repositories/helm/weave-gitops.yaml | 0 .../tpi/flux/repositories/kustomization.yaml | 0 .../tpi/flux/repositories/oci/.gitkeep | 0 .../tpi/flux/vars/cluster-secrets.sops.yaml | 0 .../tpi/flux/vars/cluster-settings.yaml | 0 .../tpi/flux/vars/kustomization.yaml | 0 .../tpi/shared/gatus/check/configmap.yaml | 0 .../tpi/shared/gatus/check/kustomization.yaml | 0 .../tpi/shared/gatus/dns-only/configmap.yaml | 0 .../shared/gatus/dns-only/kustomization.yaml | 0 archive/pre_talos/readme.md | 27 + .../terraform}/cloudflare/.terraform.lock.hcl | 0 .../pre_talos/terraform}/cloudflare/main.tf | 0 .../terraform}/cloudflare/secret.sops.yaml | 0 {tools => archive/pre_talos/tools}/backup.sh | 0 .../pre_talos/tools}/fix-document-start.py | 0 {tools => archive/pre_talos/tools}/fix-yaml | 0 .../pre_talos/tools}/rebuild-kustomizations | 0 {tools => archive/pre_talos/tools}/restore.sh | 0 .../cert-manager/app/helmrelease.yaml | 30 + .../cert-manager/app/kustomization.yaml | 5 + .../cert-manager/issuers/issuers.yaml | 39 + .../cert-manager/issuers/kustomization.yaml | 6 + .../cert-manager/issuers/secret.sops.yaml | 26 + .../apps/cert-manager/cert-manager/ks.yaml | 42 + .../apps/cert-manager/kustomization.yaml | 6 + kubernetes/apps/cert-manager/namespace.yaml | 7 + .../crossplane/app/helmrelease.yaml | 31 + .../crossplane/app/kustomization.yaml | 6 + .../apps/crossplane-system/crossplane/ks.yaml | 21 + .../apps/crossplane-system/kustomization.yaml | 7 + .../apps/crossplane-system/namespace.yaml | 10 + kubernetes/apps/database/kustomization.yaml | 7 + .../database/mariadb/instance/backup.yaml | 23 + .../mariadb/instance/kustomization.yaml | 9 + .../database/mariadb/instance/mariadb.yaml | 56 ++ .../mariadb/instance/secret.sops.yaml | 26 + kubernetes/apps/database/mariadb/ks.yaml | 45 + .../mariadb/operator/helmrelease.yaml | 43 + .../mariadb/operator/kustomization.yaml | 7 + kubernetes/apps/database/namespace.yaml | 10 + .../default/code-server/app/helmrelease.yaml | 95 ++ .../code-server/app/kustomization.yaml | 7 + kubernetes/apps/default/code-server/ks.yaml | 23 + .../apps/default/dashy/app/config/conf.yml | 22 + .../apps/default/dashy/app/helmrelease.yaml | 106 ++ .../apps/default/dashy/app/kustomization.yaml | 13 + kubernetes/apps/default/dashy/ks.yaml | 23 + .../apps/default/drop/app/helmrelease.yaml | 79 ++ .../apps/default/drop/app/kustomization.yaml | 7 + kubernetes/apps/default/drop/ks.yaml | 23 + .../default/echo-server/app/helmrelease.yaml | 99 ++ .../echo-server/app/kustomization.yaml | 8 + kubernetes/apps/default/echo-server/ks.yaml | 24 + .../default/hajimari/app/helmrelease.yaml | 76 ++ .../default/hajimari/app/kustomization.yaml | 7 + kubernetes/apps/default/hajimari/ks.yaml | 21 + .../default/headscale/app/helmrelease.yaml | 360 +++++++ .../default/headscale/app/kustomization.yaml | 7 + .../apps/default/headscale/ks.yaml.disabled | 23 + .../default/jdownloader/app/helmrelease.yaml | 88 ++ .../jdownloader/app/kustomization.yaml | 8 + .../default/jdownloader/app/secret.sops.yaml | 27 + kubernetes/apps/default/jdownloader/ks.yaml | 23 + kubernetes/apps/default/kasm/app/ingress.yaml | 36 + .../apps/default/kasm/app/kustomization.yaml | 8 + kubernetes/apps/default/kasm/app/service.yaml | 17 + kubernetes/apps/default/kasm/ks.yaml | 21 + kubernetes/apps/default/kustomization.yaml | 19 + .../default/linkding/app/helmrelease.yaml | 199 ++++ .../default/linkding/app/kustomization.yaml | 8 + .../default/linkding/app/secret.sops.yaml | 31 + kubernetes/apps/default/linkding/ks.yaml | 23 + kubernetes/apps/default/namespace.yaml | 10 + .../apps/default/octoprint/app/ingress.yaml | 34 + .../default/octoprint/app/kustomization.yaml | 8 + .../apps/default/octoprint/app/service.yaml | 14 + kubernetes/apps/default/octoprint/ks.yaml | 21 + .../paperless/app/helmrelease-gotenberg.yaml | 48 + .../paperless/app/helmrelease-tika.yaml | 46 + .../default/paperless/app/helmrelease.yaml | 146 +++ .../default/paperless/app/kustomization.yaml | 8 + .../default/paperless/app/secret.sops.yaml | 28 + kubernetes/apps/default/paperless/ks.yaml | 45 + .../default/paperless/redis/helmrelease.yaml | 51 + .../paperless/redis/kustomization.yaml | 5 + .../apps/default/s3gw/app/helmrelease.yaml | 38 + .../apps/default/s3gw/app/kustomization.yaml | 7 + kubernetes/apps/default/s3gw/ks.yaml.disabled | 21 + .../default/sharry/app/config/sharry.conf | 67 ++ .../apps/default/sharry/app/helmrelease.yaml | 88 ++ .../default/sharry/app/kustomization.yaml | 18 + kubernetes/apps/default/sharry/ks.yaml | 23 + .../default/smtp-relay/app/config/maddy.conf | 24 + .../smtp-relay/app/externalsecret.yaml | 22 + .../default/smtp-relay/app/helmrelease.yaml | 109 ++ .../default/smtp-relay/app/kustomization.yaml | 13 + kubernetes/apps/default/smtp-relay/ks.yaml | 23 + .../default/webtrees/app/helmrelease.yaml | 139 +++ .../default/webtrees/app/kustomization.yaml | 8 + .../default/webtrees/app/secret.sops.yaml | 26 + .../apps/default/webtrees/db/cronjob.yaml | 53 + .../apps/default/webtrees/db/helmrelease.yaml | 46 + .../default/webtrees/db/kustomization.yaml | 9 + .../apps/default/webtrees/db/secret.sops.yaml | 28 + kubernetes/apps/default/webtrees/ks.yaml | 47 + kubernetes/apps/flux-system/addons/ks.yaml | 44 + .../addons/monitoring/kustomization.yaml | 8 + .../addons/monitoring/podmonitor.yaml | 32 + .../addons/monitoring/prometheusrule.yaml | 32 + .../addons/webhooks/github/ingress.yaml | 25 + .../addons/webhooks/github/kustomization.yaml | 8 + .../addons/webhooks/github/receiver.yaml | 27 + .../addons/webhooks/github/secret.sops.yaml | 27 + .../addons/webhooks/kustomization.yaml | 6 + .../apps/flux-system/kustomization.yaml | 6 + kubernetes/apps/flux-system/namespace.yaml | 7 + .../weave-gitops/app/helmrelease.yaml | 79 ++ .../weave-gitops/app/kustomization.yaml | 9 + .../flux-system/weave-gitops/app/rbac.yaml | 13 + .../weave-gitops/app/secret.sops.yaml | 62 ++ .../apps/flux-system/weave-gitops/ks.yaml | 21 + .../webhooks/app/github/ingress.yaml | 20 + .../webhooks/app/github/kustomization.yaml | 7 + .../webhooks/app/github/receiver.yaml | 25 + .../webhooks/app/github/secret.sops.yaml | 26 + .../webhooks/app/kustomization.yaml | 5 + kubernetes/apps/flux-system/webhooks/ks.yaml | 20 + kubernetes/apps/games/kustomization.yaml | 7 + .../games/minecraft-server/app/backup-sa.yaml | 29 + .../app/helmrelease-creative.yaml | 111 +++ .../app/helmrelease-family.yaml | 161 +++ .../app/helmrelease-insel.yaml | 151 +++ .../app/helmrelease-survival.yaml | 143 +++ .../minecraft-server/app/kustomization.yaml | 21 + .../games/minecraft-server/app/mc-backup.sh | 159 +++ .../minecraft-server/app/monitoring.yaml | 709 +++++++++++++ kubernetes/apps/games/minecraft-server/ks.dis | 25 + kubernetes/apps/games/namespace.yaml | 10 + .../kube-system/cilium/app/helm-values.yaml | 57 ++ .../kube-system/cilium/app/helmrelease.yaml | 74 ++ .../kube-system/cilium/app/kustomization.yaml | 11 + .../cilium/app/kustomizeconfig.yaml | 7 + .../kube-system/cilium/config/cilium-l2.yaml | 26 + .../cilium/config/kustomization.yaml | 5 + kubernetes/apps/kube-system/cilium/ks.yaml | 42 + .../app/kustomization.yaml | 11 + .../container-object-storage-interface/ks.dis | 21 + .../kube-system/coredns/app/helm-values.yaml | 50 + .../kube-system/coredns/app/helmrelease.yaml | 26 + .../coredns/app/kustomization.yaml | 11 + .../coredns/app/kustomizeconfig.yaml | 7 + kubernetes/apps/kube-system/coredns/ks.yaml | 20 + .../descheduler/app/helmrelease.yaml | 104 ++ .../descheduler/app/kustomization.yaml | 7 + .../apps/kube-system/descheduler/ks.yaml | 21 + .../kube-system/kube-vip/app/daemonset.yaml | 74 ++ .../kube-vip/app/kustomization.yaml | 7 + .../apps/kube-system/kube-vip/app/rbac.yaml | 41 + kubernetes/apps/kube-system/kube-vip/ks.dis | 21 + .../kubelet-csr-approver/app/helm-values.yaml | 3 + .../kubelet-csr-approver/app/helmrelease.yaml | 30 + .../app/kustomization.yaml | 11 + .../app/kustomizeconfig.yaml | 7 + .../kube-system/kubelet-csr-approver/ks.yaml | 20 + .../app/helmrelease.yaml | 31 + .../app/kustomization.yaml | 7 + .../kube-system/kubernetes-replicator/ks.yaml | 21 + .../kube-system/kured/app/helmrelease.yaml | 43 + .../kube-system/kured/app/kustomization.yaml | 8 + .../kube-system/kured/app/prometheusrule.yaml | 29 + kubernetes/apps/kube-system/kured/ks.yaml | 21 + .../apps/kube-system/kustomization.yaml | 11 + .../app/helmrelease.yaml | 76 ++ .../app/kustomization.yaml | 7 + .../kube-system/local-path-provisioner/ks.dis | 19 + .../metrics-server/app/helmrelease.yaml | 31 + .../metrics-server/app/kustomization.yaml | 5 + .../apps/kube-system/metrics-server/ks.yaml | 20 + kubernetes/apps/kube-system/namespace.yaml | 7 + .../app/helmrelease.yaml | 37 + .../app/kustomization.yaml | 7 + .../kube-system/node-problem-detector/ks.yaml | 21 + .../kube-system/reloader/app/helmrelease.yaml | 29 + .../reloader/app/kustomization.yaml | 5 + kubernetes/apps/kube-system/reloader/ks.yaml | 20 + .../kube-system/spegel/app/helm-values.yaml | 7 + .../kube-system/spegel/app/helmrelease.yaml | 28 + .../kube-system/spegel/app/kustomization.yaml | 11 + .../spegel/app/kustomizeconfig.yaml | 7 + kubernetes/apps/kube-system/spegel/ks.yaml | 20 + .../media/calibre-web/app/helmrelease.yaml | 115 +++ .../media/calibre-web/app/kustomization.yaml | 7 + kubernetes/apps/media/calibre-web/ks.yaml | 23 + kubernetes/apps/media/kustomization.yaml | 11 + .../media/mediabox/app/bazarr-ingress.yaml | 32 + .../apps/media/mediabox/app/gaps-ingress.yaml | 32 + .../media/mediabox/app/kustomization.yaml | 18 + .../media/mediabox/app/lldap-ingress.yaml | 25 + .../media/mediabox/app/notifiarr-ingress.yaml | 27 + .../media/mediabox/app/prowlarr-exporter.yaml | 884 ++++++++++++++++ .../media/mediabox/app/prowlarr-ingress.yaml | 32 + .../media/mediabox/app/radarr-exporter.yaml | 942 ++++++++++++++++++ .../media/mediabox/app/radarr-ingress.yaml | 32 + .../media/mediabox/app/sabnzbd-ingress.yaml | 32 + .../apps/media/mediabox/app/service.yaml | 42 + .../media/mediabox/app/sonar-ingress.yaml | 32 + .../media/mediabox/app/sonarr-exporter.yaml | 884 ++++++++++++++++ kubernetes/apps/media/mediabox/ks.yaml | 21 + kubernetes/apps/media/namespace.yaml | 10 + .../media/plex-exporter/app/configmap.yaml | 19 + .../media/plex-exporter/app/deployment.yaml | 50 + .../plex-exporter/app/grafana-dashboard.yaml | 477 +++++++++ .../plex-exporter/app/kustomization.yaml | 11 + .../app/plex-exporter-grafana-dashboard.json | 464 +++++++++ .../plex-exporter/app/service-monitor.yaml | 18 + .../apps/media/plex-exporter/app/service.yaml | 16 + kubernetes/apps/media/plex-exporter/ks.yaml | 21 + .../plex-trakt-sync/app/config/config.yml | 34 + .../plex-trakt-sync/app/helmrelease.yaml | 132 +++ .../plex-trakt-sync/app/kustomization.yaml | 20 + kubernetes/apps/media/plex-trakt-sync/ks.yaml | 23 + .../apps/media/podsync/app/config/config.toml | 110 ++ .../apps/media/podsync/app/helmrelease.yaml | 113 +++ .../apps/media/podsync/app/kustomization.yaml | 12 + kubernetes/apps/media/podsync/ks.dis | 21 + .../apps/media/tautulli/app/helmrelease.yaml | 114 +++ .../media/tautulli/app/kustomization.yaml | 8 + .../media/tautulli/exporter/helmrelease.yaml | 76 ++ .../tautulli/exporter/kustomization.yaml | 7 + kubernetes/apps/media/tautulli/ks.yaml | 50 + .../network/echo-server/app/helmrelease.yaml | 91 ++ .../echo-server/app/kustomization.yaml | 5 + kubernetes/apps/network/echo-server/ks.yaml | 20 + .../network/external-dns/app/helmrelease.yaml | 48 + .../external-dns/app/kustomization.yaml | 6 + .../network/external-dns/app/secret.sops.yaml | 26 + kubernetes/apps/network/external-dns/ks.yaml | 20 + .../certificates/kustomization.yaml | 5 + .../certificates/production.yaml | 14 + .../ingress-nginx/certificates/staging.yaml | 14 + .../ingress-nginx/external/helmrelease.yaml | 75 ++ .../ingress-nginx/external/kustomization.yaml | 5 + .../ingress-nginx/internal/helmrelease.yaml | 72 ++ .../ingress-nginx/internal/kustomization.yaml | 5 + kubernetes/apps/network/ingress-nginx/ks.yaml | 66 ++ .../network/k8s-gateway/app/helmrelease.yaml | 33 + .../k8s-gateway/app/kustomization.yaml | 5 + kubernetes/apps/network/k8s-gateway/ks.yaml | 20 + kubernetes/apps/network/kustomization.yaml | 9 + kubernetes/apps/network/namespace.yaml | 7 + .../cloudflare-ddns/app/cloudflare-ddns.sh | 36 + .../cloudflare-ddns/app/helmrelease.yaml | 74 ++ .../cloudflare-ddns/app/kustomization.yaml | 15 + .../apps/networking/cloudflare-ddns/ks.yaml | 21 + .../external-dns/app/dnsendpoint-crd.yaml | 104 ++ .../external-dns/app/helmrelease.yaml | 54 + .../external-dns/app/kustomization.yaml | 9 + .../external-dns/app/secret.sops.yaml | 27 + .../apps/networking/external-dns/ks.yaml | 21 + .../ingress-nginx/app/helmrelease.yaml | 91 ++ .../ingress-nginx/app/kustomization.yaml | 5 + .../certificates/kustomization.yaml | 11 + .../certificates/production.yaml | 36 + .../ingress-nginx/certificates/staging.yaml | 36 + .../apps/networking/ingress-nginx/ks.yaml | 44 + .../app/helmrelease.yaml | 37 + .../app/kustomization.yaml | 8 + .../app/secret.sops.yaml | 27 + .../ingressmonitorcontroller/ks.yaml | 21 + .../k8s-gateway/app/helmrelease.yaml | 59 ++ .../k8s-gateway/app/kustomization.yaml | 7 + .../apps/networking/k8s-gateway/ks.yaml | 23 + kubernetes/apps/networking/kustomization.yaml | 12 + .../networking/metallb/app/helmrelease.yaml | 34 + .../networking/metallb/app/kustomization.yaml | 7 + .../metallb/config/kustomization.yaml | 7 + .../networking/metallb/config/resources.yaml | 18 + kubernetes/apps/networking/metallb/ks.disable | 44 + kubernetes/apps/networking/namespace.yaml | 10 + kubernetes/apps/networking/phpipam/ks.yaml | 46 + .../phpipam/phpipam-db/database.yaml | 13 + .../networking/phpipam/phpipam-db/grant.yaml | 18 + .../phpipam/phpipam-db/kustomization.yaml | 10 + .../phpipam/phpipam-db/secret.sops.yaml | 26 + .../networking/phpipam/phpipam-db/user.yaml | 17 + .../phpipam/phpipam-web/deployment.yaml | 82 ++ .../phpipam/phpipam-web/ingress.yaml | 25 + .../phpipam/phpipam-web/kustomization.yaml | 9 + .../phpipam/phpipam-web/service.yaml | 14 + .../networking/traefik/app/helm-release.yaml | 106 ++ .../networking/traefik/app/kustomization.yaml | 7 + .../config/certificates/kustomization.yaml | 11 + .../config/certificates/production.yaml | 36 + .../traefik/config/certificates/staging.yaml | 36 + .../traefik/config/dashboard/ingress.yaml | 35 + .../config/dashboard/kustomization.yaml | 6 + .../traefik/config/kustomization.yaml | 11 + .../traefik/config/middlewares/authelia.yaml | 14 + .../config/middlewares/cloudflare-only.yaml | 45 + .../config/middlewares/internal-only.yaml | 20 + .../config/middlewares/kustomization.yaml | 8 + .../serverstransport/insecureskipverify.yaml | 7 + .../serverstransport/kustomization.yaml | 6 + .../traefik/config/tls-store/default.yaml | 8 + .../config/tls-store/kustomization.yaml | 6 + kubernetes/apps/networking/traefik/ks.dis | 46 + .../networking/vpn/app/ingressroutetcp.yaml | 15 + .../networking/vpn/app/kustomization.yaml | 8 + .../apps/networking/vpn/app/service.yaml | 14 + kubernetes/apps/networking/vpn/ks.dis | 23 + .../app/alertmanager-discord-config.yaml | 23 + .../app/alertmanager-discord-deployment.yaml | 35 + .../app/alertmanager-discord-service.yaml | 15 + .../app/kustomization.yaml | 10 + .../alertmanager-discord/app/secret.sops.yaml | 27 + .../alertmanager-discord/ks.yaml | 21 + .../gatus/app/config/config.yaml | 47 + .../gatus/app/externalsecret.yaml | 19 + .../observability/gatus/app/helmrelease.yaml | 135 +++ .../gatus/app/kustomization.yaml | 14 + .../apps/observability/gatus/app/rbac.yaml | 22 + kubernetes/apps/observability/gatus/ks.yaml | 23 + .../goldilocks/app/helmrelease.yaml | 60 ++ .../goldilocks/app/kustomization.yaml | 7 + .../apps/observability/goldilocks/ks.yaml | 23 + .../grafana/app/helmrelease.yaml | 277 +++++ .../grafana/app/kustomization.yaml | 8 + .../grafana/app/secret.sops.yaml | 28 + kubernetes/apps/observability/grafana/ks.yaml | 23 + .../app/helmrelease.yaml | 453 +++++++++ .../app/kustomization.yaml | 7 + .../config/kustomization.yaml | 8 + .../config/prometheusrules.yaml | 26 + .../config/scrapeconfigs.yaml | 35 + .../kube-prometheus-stack/ks.yaml | 47 + .../kubernetes-dashboard/app/helmrelease.yaml | 59 ++ .../app/kustomization.yaml | 8 + .../kubernetes-dashboard/app/rbac.yaml | 39 + .../kubernetes-dashboard/ks.yaml | 21 + .../apps/observability/kustomization.yaml | 16 + .../observability/loki/app/configmap.yaml | 45 + .../observability/loki/app/helmrelease.yaml | 224 +++++ .../observability/loki/app/kustomization.yaml | 9 + .../loki/app/servicemonitor.yaml | 20 + kubernetes/apps/observability/loki/ks.dis | 23 + kubernetes/apps/observability/namespace.yaml | 7 + .../netdata/app/helmrelease.yaml | 68 ++ .../netdata/app/kustomization.yaml | 7 + kubernetes/apps/observability/netdata/ks.dis | 24 + .../app/helmrelease.yaml | 22 + .../app/kustomization.yaml | 5 + .../prometheus-operator-crds/ks.yaml | 20 + .../app/helmrelease.yaml | 46 + .../app/kustomization.yaml | 8 + .../app/prometheusrule.yaml | 36 + .../prometheus-pushgateway/ks.yaml | 23 + .../unpoller/app/helmrelease.yaml | 85 ++ .../unpoller/app/kustomization.yaml | 7 + .../unpoller/config/kustomization.yaml | 7 + .../unpoller/config/prometheusrule.yaml | 104 ++ .../apps/observability/unpoller/ks.yaml | 44 + .../vector/agent/helmrelease.yaml | 85 ++ .../vector/agent/kustomization.yaml | 7 + .../vector/aggregator/helmrelease.yaml | 119 +++ .../vector/aggregator/kustomization.yaml | 7 + kubernetes/apps/observability/vector/ks.yaml | 47 + .../observability/vpa/app/helmrelease.yaml | 51 + .../observability/vpa/app/kustomization.yaml | 7 + kubernetes/apps/observability/vpa/ks.yaml | 21 + .../apps/openebs-system/kustomization.yaml | 6 + kubernetes/apps/openebs-system/namespace.yaml | 7 + .../openebs/app/helmrelease.yaml | 45 + .../openebs/app/kustomization.yaml | 5 + .../apps/openebs-system/openebs/ks.yaml | 20 + .../apps/security/external-secrets/ks.yaml | 44 + .../operator/helmrelease.yaml | 40 + .../operator/kustomization.yaml | 6 + .../secretstores/doppler/kustomization.yaml | 7 + .../secretstores/doppler/secret.sops.yaml | 26 + .../secretstores/doppler/secretstore.yaml | 14 + .../secretstores/kustomization.yaml | 8 + .../secretstores/onepassword/helmrelease.yaml | 143 +++ .../onepassword/kustomization.yaml | 8 + .../secretstores/onepassword/secret.sops.yaml | 28 + .../secretstores/onepassword/secretstore.yaml | 17 + kubernetes/apps/security/kustomization.yaml | 7 + kubernetes/apps/security/namespace.yaml | 10 + .../csi-driver-nfs/app/helmrelease.yaml | 33 + .../csi-driver-nfs/app/kustomization.yaml | 7 + .../csi-driver-nfs/app/storageclass.yaml | 12 + .../apps/storage/csi-driver-nfs/ks.yaml | 23 + .../democratic-csi/app/helmrelease.yaml | 69 ++ .../democratic-csi/app/kustomization.yaml | 6 + kubernetes/apps/storage/democratic-csi/ks.dis | 23 + kubernetes/apps/storage/kustomization.yaml | 11 + .../storage/longhorn/app/helm-release.yaml | 90 ++ .../storage/longhorn/app/kustomization.yaml | 7 + .../storage/longhorn/conf/kustomization.yaml | 10 + .../conf/monitoring/kustomization.yaml | 8 + .../conf/monitoring/prometheusrule.yaml | 110 ++ .../conf/monitoring/servicemonitor.yaml | 16 + .../longhorn/conf/other/kustomization.yaml | 7 + .../longhorn/conf/other/systembackup.yaml | 7 + .../conf/recurringjobs/30min-snapshot.yaml | 13 + .../conf/recurringjobs/daily-backup.yaml | 13 + .../conf/recurringjobs/daily-cleanup.yaml | 13 + .../conf/recurringjobs/daily-delete.yaml | 13 + .../conf/recurringjobs/daily-trim.yaml | 13 + .../conf/recurringjobs/hourly-backup.yaml | 13 + .../conf/recurringjobs/kustomization.yaml | 12 + .../storage/longhorn/conf/snap-class.yaml | 9 + kubernetes/apps/storage/longhorn/ks.yaml | 63 ++ .../longhorn/prereq/kustomization.yaml | 12 + .../prereq/longhorn-iscsi-installation.yaml | 40 + kubernetes/apps/storage/namespace.yaml | 10 + .../snapshot-controller/app/helmrelease.yaml | 40 + .../app/kustomization.yaml | 7 + .../storage/snapshot-controller/app/pki.yaml | 28 + .../apps/storage/snapshot-controller/ks.yaml | 21 + .../apps/storage/velero/app/helmrelease.yaml | 132 +++ .../storage/velero/app/kustomization.yaml | 8 + .../storage/velero/app/resourcepolicy.yaml | 16 + .../apps/storage/velero/app/secret.sops.yaml | 26 + kubernetes/apps/storage/velero/ks.yaml | 24 + .../apps/storage/volsync/app/helmrelease.yaml | 36 + .../storage/volsync/app/kustomization.yaml | 7 + .../storage/volsync/app/prometheusrule.yaml | 28 + kubernetes/apps/storage/volsync/ks.yaml | 24 + kubernetes/bootstrap/flux/kustomization.yaml | 61 ++ kubernetes/bootstrap/helmfile.yaml | 59 ++ .../bootstrap/talos/clusterconfig/.gitignore | 5 + kubernetes/bootstrap/talos/talconfig.yaml | 200 ++++ .../bootstrap/talos/talsecret.sops.yaml | 43 + kubernetes/flux/apps.yaml | 56 ++ kubernetes/flux/config/cluster.yaml | 40 + kubernetes/flux/config/flux.yaml | 86 ++ kubernetes/flux/config/kustomization.yaml | 6 + .../flux/repositories/git/kustomization.yaml | 5 + .../git/local-path-provisioner.yaml | 17 + .../repositories/git/synology-csi-chart.yaml | 17 + .../flux/repositories/helm/backube.yaml | 10 + .../flux/repositories/helm/bitnami.yaml | 11 + kubernetes/flux/repositories/helm/bjw-s.yaml | 10 + kubernetes/flux/repositories/helm/cilium.yaml | 9 + .../flux/repositories/helm/coredns.yaml | 9 + .../flux/repositories/helm/crossplane.yaml | 10 + .../repositories/helm/csi-driver-nfs.yaml | 10 + .../repositories/helm/deliveryheroio.yaml | 10 + .../repositories/helm/democratic-csi.yaml | 10 + .../flux/repositories/helm/external-dns.yaml | 9 + .../repositories/helm/external-secrets.yaml | 10 + .../flux/repositories/helm/fairwinds.yaml | 10 + .../flux/repositories/helm/grafana.yaml | 10 + .../flux/repositories/helm/hajimari.yaml | 10 + .../flux/repositories/helm/ingress-nginx.yaml | 9 + .../flux/repositories/helm/jetstack.yaml | 9 + .../flux/repositories/helm/k8s-gateway.yaml | 9 + .../flux/repositories/helm/kubereboot.yaml | 10 + .../helm/kubernetes-dashboard.yaml | 10 + .../kubernetes-sigs-descheduler-charts.yaml | 10 + .../flux/repositories/helm/kustomization.yaml | 44 + .../flux/repositories/helm/longhorn.yaml | 10 + .../repositories/helm/mariadb-operator.yaml | 9 + .../flux/repositories/helm/metallb.yaml | 10 + .../repositories/helm/metrics-server.yaml | 9 + .../helm/minecraft-server-charts.yaml | 10 + kubernetes/flux/repositories/helm/minio.yaml | 10 + .../repositories/helm/mittwald-charts.yaml | 10 + .../flux/repositories/helm/netdata.yaml | 10 + .../flux/repositories/helm/openebs.yaml | 9 + .../flux/repositories/helm/piraeus.yaml | 10 + .../flux/repositories/helm/postfinance.yaml | 9 + .../helm/prometheus-community.yaml | 10 + .../flux/repositories/helm/rancher.yaml | 10 + .../flux/repositories/helm/s3gw-charts.yaml | 10 + kubernetes/flux/repositories/helm/spegel.yaml | 10 + .../flux/repositories/helm/stakater.yaml | 9 + .../repositories/helm/traefik-charts.yaml | 10 + .../flux/repositories/helm/vector-charts.yaml | 10 + .../flux/repositories/helm/vmware-charts.yaml | 10 + .../flux/repositories/helm/weave-gitops.yaml | 11 + .../flux/repositories/kustomization.yaml | 7 + .../flux/repositories/oci/kustomization.yaml | 4 + .../flux/vars/cluster-secrets.sops.yaml | 56 ++ kubernetes/flux/vars/cluster-settings.yaml | 22 + kubernetes/flux/vars/kustomization.yaml | 5 + kubernetes/shared/gatus/check/configmap.yaml | 23 + .../shared/gatus/check/kustomization.yaml | 6 + .../shared/gatus/dns-only/configmap.yaml | 24 + .../shared/gatus/dns-only/kustomization.yaml | 6 + kubernetes/shared/volsync/claim.yaml | 15 + kubernetes/shared/volsync/kustomization.yaml | 7 + kubernetes/shared/volsync/minio.yaml | 75 ++ makejinja.toml | 18 + readme.md | 421 +++++++- requirements.txt | 4 + scripts/kubeconform.sh | 52 + 1475 files changed, 21639 insertions(+), 177 deletions(-) create mode 100644 .devcontainer/ci/Dockerfile create mode 100644 .devcontainer/ci/devcontainer.json create mode 100644 .devcontainer/ci/features/devcontainer-feature.json create mode 100644 .devcontainer/ci/features/install.sh create mode 100644 .devcontainer/devcontainer.json create mode 100755 .devcontainer/postCreateCommand.sh create mode 100644 .github/release.yaml create mode 100644 .github/tests/config-talos.yaml create mode 100644 .github/workflows/devcontainer.yaml create mode 100644 .github/workflows/e2e.yaml create mode 100644 .github/workflows/flux-diff.yaml create mode 100644 .github/workflows/kubeconform.yaml create mode 100644 .github/workflows/label-sync.yaml create mode 100644 .github/workflows/labeler.yaml create mode 100644 .taskfiles/Flux/Taskfile.yaml create mode 100644 .taskfiles/Kubernetes/Taskfile.yaml create mode 100644 .taskfiles/Repository/Taskfile.yaml create mode 100644 .taskfiles/Sops/Taskfile.yaml create mode 100644 .taskfiles/Talos/Taskfile.yaml create mode 100644 .taskfiles/Workstation/Archfile create mode 100644 .taskfiles/Workstation/Brewfile create mode 100644 .taskfiles/Workstation/Taskfile.yaml create mode 100644 README.md create mode 100644 Taskfile.yaml create mode 100644 archive/pre_talos/.editorconfig create mode 100644 archive/pre_talos/.envrc create mode 100644 archive/pre_talos/.gitattributes create mode 100644 archive/pre_talos/.github/labeler.yaml create mode 100644 archive/pre_talos/.github/labels.yaml rename {.github => archive/pre_talos/.github}/release-drafter.yaml (100%) create mode 100644 archive/pre_talos/.github/renovate.json5 rename {.github => archive/pre_talos/.github}/renovate/autoMerge.json5 (100%) rename {.github => archive/pre_talos/.github}/renovate/commitMessage.json5 (100%) rename {.github => archive/pre_talos/.github}/renovate/groups.json5 (100%) rename {.github => archive/pre_talos/.github}/renovate/labels.json5 (100%) rename {.github => archive/pre_talos/.github}/renovate/semanticCommits.json5 (100%) rename {.github => archive/pre_talos/.github}/workflows/auto-assign-issues.yaml (100%) rename {.github => archive/pre_talos/.github}/workflows/flux-tests.yaml (100%) rename {.github => archive/pre_talos/.github}/workflows/link-check.yaml (100%) rename {.github => archive/pre_talos/.github}/workflows/meta-labeler.yaml (100%) rename {.github => archive/pre_talos/.github}/workflows/meta-sync-labels.yaml (100%) rename {.github => archive/pre_talos/.github}/workflows/release-drafter.yaml (100%) create mode 100644 archive/pre_talos/.github/workflows/release.yaml create mode 100644 archive/pre_talos/.gitignore rename .lycheeignore => archive/pre_talos/.lycheeignore (100%) rename .pre-commit-config.yaml => archive/pre_talos/.pre-commit-config.yaml (100%) create mode 100644 archive/pre_talos/.sops.yaml rename {.taskfiles => archive/pre_talos/.taskfiles}/AnsibleTasks.yml (100%) rename {.taskfiles => archive/pre_talos/.taskfiles}/ClusterTasks.yml (100%) rename {.taskfiles => archive/pre_talos/.taskfiles}/PrecommitTasks.yml (100%) rename {.taskfiles => archive/pre_talos/.taskfiles}/TerraformTasks.yml (100%) create mode 100644 archive/pre_talos/.vscode/extensions.json create mode 100644 archive/pre_talos/.vscode/settings.json rename .yamllint.yaml => archive/pre_talos/.yamllint.yaml (100%) create mode 100644 archive/pre_talos/LICENSE rename Taskfile.yml => archive/pre_talos/Taskfile.yml (100%) rename ansible.cfg => archive/pre_talos/ansible.cfg (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/inventory/group_vars/kubernetes/general.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/inventory/group_vars/kubernetes/k3s.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/inventory/group_vars/kubernetes/kube-vip.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/inventory/group_vars/kubernetes/nfs.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/inventory/group_vars/kubernetes/os.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/inventory/group_vars/kubernetes/supplemental.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/inventory/group_vars/kubernetes/vault.sops.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/inventory/group_vars/master/k3s.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/inventory/group_vars/worker/k3s.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/inventory/host_vars/.gitkeep (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/inventory/hosts.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/playbooks/cluster-installation.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/playbooks/cluster-nuke.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/playbooks/cluster-prepare.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/playbooks/cluster-reboot.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/playbooks/filesystems.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/playbooks/setup-nfs.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/playbooks/templates/calico-installation.yaml.j2 (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/playbooks/templates/custom-cilium-helmchart.yaml.j2 (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/playbooks/templates/custom-kube-vip-ds.yaml.j2 (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/playbooks/templates/custom-kube-vip-rbac.yaml.j2 (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/requirements.txt (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/requirements.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/roles/raspberrypi/handlers/main.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/roles/raspberrypi/tasks/main.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/roles/raspberrypi/tasks/prereq/Archlinux.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/roles/raspberrypi/tasks/prereq/CentOS.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/roles/raspberrypi/tasks/prereq/Debian.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/roles/raspberrypi/tasks/prereq/Raspbian.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/roles/raspberrypi/tasks/prereq/Ubuntu.yml (100%) rename {ansible => archive/pre_talos/ansible}/test-cluster/roles/raspberrypi/tasks/prereq/default.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/inventory/group_vars/kubernetes/general.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/inventory/group_vars/kubernetes/k3s.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/inventory/group_vars/kubernetes/kube-vip.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/inventory/group_vars/kubernetes/nfs.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/inventory/group_vars/kubernetes/os.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/inventory/group_vars/kubernetes/supplemental.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/inventory/group_vars/kubernetes/vault.sops.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/inventory/group_vars/master/k3s.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/inventory/group_vars/worker/k3s.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/inventory/host_vars/.gitkeep (100%) rename {ansible => archive/pre_talos/ansible}/tpi/inventory/hosts.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/playbooks/cluster-installation.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/playbooks/cluster-nuke.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/playbooks/cluster-prepare.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/playbooks/cluster-reboot.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/playbooks/filesystems.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/playbooks/setup-nfs.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/playbooks/templates/calico-installation.yaml.j2 (100%) rename {ansible => archive/pre_talos/ansible}/tpi/playbooks/templates/custom-cilium-helmchart.yaml.j2 (100%) rename {ansible => archive/pre_talos/ansible}/tpi/playbooks/templates/custom-kube-vip-ds.yaml.j2 (100%) rename {ansible => archive/pre_talos/ansible}/tpi/playbooks/templates/custom-kube-vip-rbac.yaml.j2 (100%) rename {ansible => archive/pre_talos/ansible}/tpi/requirements.txt (100%) rename {ansible => archive/pre_talos/ansible}/tpi/requirements.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/roles/raspberrypi/handlers/main.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/roles/raspberrypi/tasks/main.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/roles/raspberrypi/tasks/prereq/Archlinux.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/roles/raspberrypi/tasks/prereq/CentOS.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/roles/raspberrypi/tasks/prereq/Debian.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/roles/raspberrypi/tasks/prereq/Raspbian.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/roles/raspberrypi/tasks/prereq/Ubuntu.yml (100%) rename {ansible => archive/pre_talos/ansible}/tpi/roles/raspberrypi/tasks/prereq/default.yml (100%) rename bootstrap.sh => archive/pre_talos/bootstrap.sh (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/cert-manager/cert-manager/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/cert-manager/cert-manager/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/cert-manager/cert-manager/app/prometheusrule.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/cert-manager/cert-manager/issuers/issuers.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/cert-manager/cert-manager/issuers/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/cert-manager/cert-manager/issuers/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/cert-manager/cert-manager/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/cert-manager/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/cert-manager/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/crossplane-system/crossplane/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/crossplane-system/crossplane/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/crossplane-system/crossplane/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/crossplane-system/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/crossplane-system/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/database/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/database/mariadb/instance/backup.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/database/mariadb/instance/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/database/mariadb/instance/mariadb.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/database/mariadb/instance/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/database/mariadb/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/database/mariadb/operator/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/database/mariadb/operator/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/database/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/code-server/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/code-server/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/code-server/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/dashy/app/config/conf.yml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/dashy/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/dashy/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/dashy/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/drop/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/drop/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/drop/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/echo-server/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/echo-server/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/echo-server/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/hajimari/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/hajimari/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/hajimari/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/headscale/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/headscale/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/headscale/ks.yaml.disabled (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/jdownloader/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/jdownloader/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/jdownloader/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/jdownloader/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/kasm/app/ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/kasm/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/kasm/app/service.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/kasm/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/linkding/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/linkding/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/linkding/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/linkding/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/octoprint/app/ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/octoprint/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/octoprint/app/service.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/octoprint/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/paperless/app/helmrelease-gotenberg.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/paperless/app/helmrelease-tika.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/paperless/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/paperless/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/paperless/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/paperless/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/paperless/redis/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/paperless/redis/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/s3gw/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/s3gw/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/s3gw/ks.yaml.disabled (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/sharry/app/config/sharry.conf (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/sharry/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/sharry/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/sharry/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/smtp-relay/app/config/maddy.conf (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/smtp-relay/app/externalsecret.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/smtp-relay/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/smtp-relay/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/smtp-relay/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/webtrees/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/webtrees/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/webtrees/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/webtrees/db/cronjob.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/webtrees/db/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/webtrees/db/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/webtrees/db/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/default/webtrees/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/flux-system/addons/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/flux-system/addons/monitoring/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/flux-system/addons/monitoring/podmonitor.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/flux-system/addons/monitoring/prometheusrule.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/flux-system/addons/webhooks/github/ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/flux-system/addons/webhooks/github/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/flux-system/addons/webhooks/github/receiver.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/flux-system/addons/webhooks/github/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/flux-system/addons/webhooks/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/flux-system/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/flux-system/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/flux-system/weave-gitops/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/flux-system/weave-gitops/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/flux-system/weave-gitops/app/rbac.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/flux-system/weave-gitops/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/flux-system/weave-gitops/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/games/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/games/minecraft-server/app/backup-sa.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/games/minecraft-server/app/helmrelease-creative.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/games/minecraft-server/app/helmrelease-family.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/games/minecraft-server/app/helmrelease-insel.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/games/minecraft-server/app/helmrelease-survival.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/games/minecraft-server/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/games/minecraft-server/app/mc-backup.sh (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/games/minecraft-server/app/monitoring.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/games/minecraft-server/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/games/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/cilium/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/cilium/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/cilium/config/cilium-l2.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/cilium/config/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/cilium/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/container-object-storage-interface/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/container-object-storage-interface/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/descheduler/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/descheduler/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/descheduler/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/kube-vip/app/daemonset.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/kube-vip/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/kube-vip/app/rbac.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/kube-vip/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/kubernetes-replicator/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/kubernetes-replicator/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/kubernetes-replicator/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/kured/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/kured/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/kured/app/prometheusrule.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/kured/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/local-path-provisioner/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/local-path-provisioner/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/local-path-provisioner/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/metrics-server/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/metrics-server/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/metrics-server/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/node-problem-detector/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/node-problem-detector/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/node-problem-detector/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/reloader/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/reloader/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/kube-system/reloader/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/calibre-web/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/calibre-web/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/calibre-web/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/mediabox/app/bazarr-ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/mediabox/app/gaps-ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/mediabox/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/mediabox/app/lldap-ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/mediabox/app/notifiarr-ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/mediabox/app/prowlarr-exporter.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/mediabox/app/prowlarr-ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/mediabox/app/radarr-exporter.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/mediabox/app/radarr-ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/mediabox/app/sabnzbd-ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/mediabox/app/service.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/mediabox/app/sonar-ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/mediabox/app/sonarr-exporter.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/mediabox/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/plex-exporter/app/configmap.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/plex-exporter/app/deployment.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/plex-exporter/app/grafana-dashboard.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/plex-exporter/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/plex-exporter/app/plex-exporter-grafana-dashboard.json (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/plex-exporter/app/service-monitor.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/plex-exporter/app/service.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/plex-exporter/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/plex-trakt-sync/app/config/config.yml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/plex-trakt-sync/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/plex-trakt-sync/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/plex-trakt-sync/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/podsync/app/config/config.toml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/podsync/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/podsync/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/podsync/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/tautulli/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/tautulli/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/tautulli/exporter/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/tautulli/exporter/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/media/tautulli/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/cloudflare-ddns/app/cloudflare-ddns.sh (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/cloudflare-ddns/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/cloudflare-ddns/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/cloudflare-ddns/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/external-dns/app/dnsendpoint-crd.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/external-dns/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/external-dns/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/external-dns/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/external-dns/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/ingress-nginx/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/ingress-nginx/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/ingress-nginx/certificates/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/ingress-nginx/certificates/production.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/ingress-nginx/certificates/staging.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/ingress-nginx/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/ingressmonitorcontroller/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/ingressmonitorcontroller/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/ingressmonitorcontroller/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/ingressmonitorcontroller/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/k8s-gateway/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/k8s-gateway/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/k8s-gateway/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/metallb/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/metallb/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/metallb/config/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/metallb/config/resources.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/metallb/ks.disable (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/phpipam/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/phpipam/phpipam-db/database.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/phpipam/phpipam-db/grant.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/phpipam/phpipam-db/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/phpipam/phpipam-db/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/phpipam/phpipam-db/user.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/phpipam/phpipam-web/deployment.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/phpipam/phpipam-web/ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/phpipam/phpipam-web/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/phpipam/phpipam-web/service.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/traefik/app/helm-release.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/traefik/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/traefik/config/certificates/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/traefik/config/certificates/production.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/traefik/config/certificates/staging.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/traefik/config/dashboard/ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/traefik/config/dashboard/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/traefik/config/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/traefik/config/middlewares/authelia.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/traefik/config/middlewares/cloudflare-only.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/traefik/config/middlewares/internal-only.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/traefik/config/middlewares/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/traefik/config/serverstransport/insecureskipverify.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/traefik/config/serverstransport/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/traefik/config/tls-store/default.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/traefik/config/tls-store/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/traefik/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/vpn/app/ingressroutetcp.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/vpn/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/vpn/app/service.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/networking/vpn/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/alertmanager-discord/app/alertmanager-discord-config.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/alertmanager-discord/app/alertmanager-discord-deployment.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/alertmanager-discord/app/alertmanager-discord-service.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/alertmanager-discord/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/alertmanager-discord/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/alertmanager-discord/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/gatus/app/config/config.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/gatus/app/externalsecret.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/gatus/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/gatus/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/gatus/app/rbac.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/gatus/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/goldilocks/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/goldilocks/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/goldilocks/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/grafana/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/grafana/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/grafana/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/grafana/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/kube-prometheus-stack/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/kube-prometheus-stack/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/kube-prometheus-stack/config/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/kube-prometheus-stack/config/prometheusrules.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/kube-prometheus-stack/config/scrapeconfigs.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/kube-prometheus-stack/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/kubernetes-dashboard/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/kubernetes-dashboard/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/kubernetes-dashboard/app/rbac.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/kubernetes-dashboard/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/loki/app/configmap.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/loki/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/loki/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/loki/app/servicemonitor.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/loki/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/netdata/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/netdata/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/netdata/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/prometheus-pushgateway/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/prometheus-pushgateway/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/prometheus-pushgateway/app/prometheusrule.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/prometheus-pushgateway/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/unpoller/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/unpoller/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/unpoller/config/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/unpoller/config/prometheusrule.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/unpoller/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/vector/agent/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/vector/agent/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/vector/aggregator/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/vector/aggregator/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/vector/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/vpa/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/vpa/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/observability/vpa/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/security/external-secrets/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/security/external-secrets/operator/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/security/external-secrets/operator/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/security/external-secrets/secretstores/doppler/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/security/external-secrets/secretstores/doppler/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/security/external-secrets/secretstores/doppler/secretstore.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/security/external-secrets/secretstores/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/security/external-secrets/secretstores/onepassword/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/security/external-secrets/secretstores/onepassword/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/security/external-secrets/secretstores/onepassword/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/security/external-secrets/secretstores/onepassword/secretstore.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/security/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/security/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/csi-driver-nfs/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/csi-driver-nfs/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/csi-driver-nfs/app/storageclass.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/csi-driver-nfs/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/democratic-csi/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/democratic-csi/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/democratic-csi/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/app/helm-release.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/conf/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/conf/monitoring/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/conf/monitoring/prometheusrule.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/conf/monitoring/servicemonitor.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/conf/other/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/conf/other/systembackup.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/conf/recurringjobs/30min-snapshot.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-backup.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-cleanup.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-delete.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-trim.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/conf/recurringjobs/hourly-backup.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/conf/recurringjobs/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/conf/snap-class.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/prereq/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/longhorn/prereq/longhorn-iscsi-installation.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/snapshot-controller/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/snapshot-controller/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/snapshot-controller/app/pki.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/snapshot-controller/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/synology-csi/app/clients.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/synology-csi/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/synology-csi/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/synology-csi/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/velero/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/velero/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/velero/app/resourcepolicy.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/velero/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/velero/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/volsync/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/volsync/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/volsync/app/prometheusrule.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/storage/volsync/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/system-upgrade/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/system-upgrade/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/system-upgrade/system-upgrade-controller/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/agent.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/server.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/ubuntu.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/bootstrap/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/apps.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/config/cluster.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/config/flux.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/config/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/git/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/git/local-path-provisioner.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/git/synology-csi-chart.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/backube.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/bitnami.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/bjw-s.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/cilium.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/crossplane.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/csi-driver-nfs.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/deliveryheroio.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/democratic-csi.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/external-dns.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/external-secrets.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/fairwinds.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/grafana.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/hajimari.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/ingress-nginx.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/jetstack.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/k8s-gateway.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/kubereboot.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/kubernetes-dashboard.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/kubernetes-sigs-descheduler-charts.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/longhorn.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/mariadb-operator.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/metallb.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/metrics-server.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/minecraft-server-charts.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/minio.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/mittwald-charts.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/netdata.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/piraeus.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/prometheus-community.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/rancher.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/s3gw-charts.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/stakater.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/traefik-charts.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/vector-charts.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/vmware-charts.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/helm/weave-gitops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/repositories/oci/.gitkeep (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/vars/cluster-secrets.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/vars/cluster-settings.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/flux/vars/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/shared/gatus/check/configmap.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/shared/gatus/check/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/shared/gatus/dns-only/configmap.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/shared/gatus/dns-only/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/shared/volsync/claim.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/shared/volsync/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/test-cluster/shared/volsync/minio.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/cert-manager/cert-manager/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/cert-manager/cert-manager/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/cert-manager/cert-manager/app/prometheusrule.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/cert-manager/cert-manager/issuers/issuers.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/cert-manager/cert-manager/issuers/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/cert-manager/cert-manager/issuers/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/cert-manager/cert-manager/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/cert-manager/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/cert-manager/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/crossplane-system/crossplane/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/crossplane-system/crossplane/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/crossplane-system/crossplane/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/crossplane-system/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/crossplane-system/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/database/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/database/mariadb/instance/backup.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/database/mariadb/instance/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/database/mariadb/instance/mariadb.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/database/mariadb/instance/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/database/mariadb/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/database/mariadb/operator/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/database/mariadb/operator/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/database/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/code-server/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/code-server/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/code-server/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/dashy/app/config/conf.yml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/dashy/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/dashy/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/dashy/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/drop/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/drop/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/drop/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/echo-server/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/echo-server/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/echo-server/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/hajimari/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/hajimari/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/hajimari/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/headscale/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/headscale/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/headscale/ks.yaml.disabled (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/jdownloader/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/jdownloader/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/jdownloader/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/jdownloader/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/kasm/app/ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/kasm/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/kasm/app/service.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/kasm/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/linkding/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/linkding/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/linkding/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/linkding/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/octoprint/app/ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/octoprint/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/octoprint/app/service.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/octoprint/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/paperless/app/helmrelease-gotenberg.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/paperless/app/helmrelease-tika.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/paperless/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/paperless/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/paperless/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/paperless/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/paperless/redis/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/paperless/redis/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/s3gw/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/s3gw/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/s3gw/ks.yaml.disabled (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/sharry/app/config/sharry.conf (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/sharry/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/sharry/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/sharry/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/smtp-relay/app/config/maddy.conf (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/smtp-relay/app/externalsecret.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/smtp-relay/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/smtp-relay/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/smtp-relay/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/webtrees/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/webtrees/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/webtrees/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/webtrees/db/cronjob.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/webtrees/db/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/webtrees/db/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/webtrees/db/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/default/webtrees/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/flux-system/addons/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/flux-system/addons/monitoring/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/flux-system/addons/monitoring/podmonitor.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/flux-system/addons/monitoring/prometheusrule.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/flux-system/addons/webhooks/github/ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/flux-system/addons/webhooks/github/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/flux-system/addons/webhooks/github/receiver.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/flux-system/addons/webhooks/github/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/flux-system/addons/webhooks/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/flux-system/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/flux-system/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/flux-system/weave-gitops/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/flux-system/weave-gitops/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/flux-system/weave-gitops/app/rbac.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/flux-system/weave-gitops/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/flux-system/weave-gitops/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/games/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/games/minecraft-server/app/backup-sa.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/games/minecraft-server/app/helmrelease-creative.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/games/minecraft-server/app/helmrelease-family.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/games/minecraft-server/app/helmrelease-insel.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/games/minecraft-server/app/helmrelease-survival.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/games/minecraft-server/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/games/minecraft-server/app/mc-backup.sh (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/games/minecraft-server/app/monitoring.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/games/minecraft-server/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/games/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/cilium/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/cilium/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/cilium/config/cilium-l2.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/cilium/config/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/cilium/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/container-object-storage-interface/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/container-object-storage-interface/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/descheduler/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/descheduler/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/descheduler/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/kube-vip/app/daemonset.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/kube-vip/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/kube-vip/app/rbac.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/kube-vip/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/kubernetes-replicator/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/kubernetes-replicator/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/kubernetes-replicator/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/kured/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/kured/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/kured/app/prometheusrule.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/kured/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/local-path-provisioner/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/local-path-provisioner/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/local-path-provisioner/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/metrics-server/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/metrics-server/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/metrics-server/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/node-problem-detector/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/node-problem-detector/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/node-problem-detector/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/reloader/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/reloader/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/kube-system/reloader/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/calibre-web/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/calibre-web/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/calibre-web/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/mediabox/app/bazarr-ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/mediabox/app/gaps-ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/mediabox/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/mediabox/app/lldap-ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/mediabox/app/notifiarr-ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/mediabox/app/prowlarr-exporter.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/mediabox/app/prowlarr-ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/mediabox/app/radarr-exporter.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/mediabox/app/radarr-ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/mediabox/app/sabnzbd-ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/mediabox/app/service.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/mediabox/app/sonar-ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/mediabox/app/sonarr-exporter.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/mediabox/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/plex-exporter/app/configmap.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/plex-exporter/app/deployment.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/plex-exporter/app/grafana-dashboard.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/plex-exporter/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/plex-exporter/app/plex-exporter-grafana-dashboard.json (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/plex-exporter/app/service-monitor.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/plex-exporter/app/service.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/plex-exporter/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/plex-trakt-sync/app/config/config.yml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/plex-trakt-sync/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/plex-trakt-sync/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/plex-trakt-sync/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/podsync/app/config/config.toml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/podsync/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/podsync/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/podsync/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/tautulli/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/tautulli/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/tautulli/exporter/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/tautulli/exporter/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/media/tautulli/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/cloudflare-ddns/app/cloudflare-ddns.sh (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/cloudflare-ddns/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/cloudflare-ddns/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/cloudflare-ddns/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/external-dns/app/dnsendpoint-crd.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/external-dns/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/external-dns/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/external-dns/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/external-dns/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/ingress-nginx/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/ingress-nginx/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/ingress-nginx/certificates/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/ingress-nginx/certificates/production.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/ingress-nginx/certificates/staging.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/ingress-nginx/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/ingressmonitorcontroller/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/ingressmonitorcontroller/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/ingressmonitorcontroller/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/ingressmonitorcontroller/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/k8s-gateway/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/k8s-gateway/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/k8s-gateway/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/metallb/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/metallb/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/metallb/config/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/metallb/config/resources.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/metallb/ks.disable (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/phpipam/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/phpipam/phpipam-db/database.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/phpipam/phpipam-db/grant.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/phpipam/phpipam-db/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/phpipam/phpipam-db/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/phpipam/phpipam-db/user.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/phpipam/phpipam-web/deployment.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/phpipam/phpipam-web/ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/phpipam/phpipam-web/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/phpipam/phpipam-web/service.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/traefik/app/helm-release.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/traefik/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/traefik/config/certificates/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/traefik/config/certificates/production.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/traefik/config/certificates/staging.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/traefik/config/dashboard/ingress.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/traefik/config/dashboard/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/traefik/config/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/traefik/config/middlewares/authelia.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/traefik/config/middlewares/cloudflare-only.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/traefik/config/middlewares/internal-only.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/traefik/config/middlewares/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/traefik/config/serverstransport/insecureskipverify.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/traefik/config/serverstransport/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/traefik/config/tls-store/default.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/traefik/config/tls-store/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/traefik/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/vpn/app/ingressroutetcp.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/vpn/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/vpn/app/service.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/networking/vpn/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/alertmanager-discord/app/alertmanager-discord-config.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/alertmanager-discord/app/alertmanager-discord-deployment.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/alertmanager-discord/app/alertmanager-discord-service.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/alertmanager-discord/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/alertmanager-discord/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/alertmanager-discord/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/gatus/app/config/config.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/gatus/app/externalsecret.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/gatus/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/gatus/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/gatus/app/rbac.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/gatus/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/goldilocks/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/goldilocks/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/goldilocks/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/grafana/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/grafana/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/grafana/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/grafana/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/kube-prometheus-stack/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/kube-prometheus-stack/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/kube-prometheus-stack/config/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/kube-prometheus-stack/config/prometheusrules.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/kube-prometheus-stack/config/scrapeconfigs.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/kube-prometheus-stack/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/kubernetes-dashboard/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/kubernetes-dashboard/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/kubernetes-dashboard/app/rbac.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/kubernetes-dashboard/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/loki/app/configmap.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/loki/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/loki/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/loki/app/servicemonitor.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/loki/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/netdata/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/netdata/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/netdata/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/prometheus-pushgateway/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/prometheus-pushgateway/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/prometheus-pushgateway/app/prometheusrule.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/prometheus-pushgateway/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/unpoller/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/unpoller/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/unpoller/config/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/unpoller/config/prometheusrule.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/unpoller/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/vector/agent/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/vector/agent/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/vector/aggregator/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/vector/aggregator/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/vector/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/vpa/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/vpa/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/observability/vpa/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/security/external-secrets/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/security/external-secrets/operator/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/security/external-secrets/operator/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/security/external-secrets/secretstores/doppler/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/security/external-secrets/secretstores/doppler/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/security/external-secrets/secretstores/doppler/secretstore.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/security/external-secrets/secretstores/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/security/external-secrets/secretstores/onepassword/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/security/external-secrets/secretstores/onepassword/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/security/external-secrets/secretstores/onepassword/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/security/external-secrets/secretstores/onepassword/secretstore.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/security/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/security/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/csi-driver-nfs/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/csi-driver-nfs/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/csi-driver-nfs/app/storageclass.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/csi-driver-nfs/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/democratic-csi/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/democratic-csi/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/democratic-csi/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/app/helm-release.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/conf/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/conf/monitoring/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/conf/monitoring/prometheusrule.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/conf/monitoring/servicemonitor.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/conf/other/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/conf/other/systembackup.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/conf/recurringjobs/30min-snapshot.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/conf/recurringjobs/daily-backup.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/conf/recurringjobs/daily-cleanup.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/conf/recurringjobs/daily-delete.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/conf/recurringjobs/daily-trim.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/conf/recurringjobs/hourly-backup.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/conf/recurringjobs/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/conf/snap-class.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/prereq/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/longhorn/prereq/longhorn-iscsi-installation.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/snapshot-controller/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/snapshot-controller/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/snapshot-controller/app/pki.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/snapshot-controller/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/synology-csi/app/clients.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/synology-csi/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/synology-csi/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/synology-csi/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/velero/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/velero/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/velero/app/resourcepolicy.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/velero/app/secret.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/velero/ks.dis (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/volsync/app/helmrelease.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/volsync/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/volsync/app/prometheusrule.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/storage/volsync/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/system-upgrade/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/system-upgrade/namespace.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/system-upgrade/system-upgrade-controller/ks.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/system-upgrade/system-upgrade-controller/plans/agent.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/system-upgrade/system-upgrade-controller/plans/server.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/apps/system-upgrade/system-upgrade-controller/plans/ubuntu.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/bootstrap/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/apps.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/config/cluster.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/config/flux.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/config/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/git/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/git/local-path-provisioner.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/git/synology-csi-chart.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/backube.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/bitnami.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/bjw-s.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/cilium.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/crossplane.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/csi-driver-nfs.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/deliveryheroio.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/democratic-csi.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/external-dns.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/external-secrets.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/fairwinds.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/grafana.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/hajimari.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/ingress-nginx.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/jetstack.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/k8s-gateway.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/kubereboot.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/kubernetes-dashboard.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/kubernetes-sigs-descheduler-charts.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/longhorn.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/mariadb-operator.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/metallb.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/metrics-server.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/minecraft-server-charts.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/minio.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/mittwald-charts.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/netdata.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/piraeus.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/prometheus-community.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/rancher.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/s3gw-charts.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/stakater.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/traefik-charts.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/vector-charts.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/vmware-charts.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/helm/weave-gitops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/repositories/oci/.gitkeep (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/vars/cluster-secrets.sops.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/vars/cluster-settings.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/flux/vars/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/shared/gatus/check/configmap.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/shared/gatus/check/kustomization.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/shared/gatus/dns-only/configmap.yaml (100%) rename {kubernetes => archive/pre_talos/kubernetes}/tpi/shared/gatus/dns-only/kustomization.yaml (100%) create mode 100755 archive/pre_talos/readme.md rename {terraform => archive/pre_talos/terraform}/cloudflare/.terraform.lock.hcl (100%) rename {terraform => archive/pre_talos/terraform}/cloudflare/main.tf (100%) rename {terraform => archive/pre_talos/terraform}/cloudflare/secret.sops.yaml (100%) rename {tools => archive/pre_talos/tools}/backup.sh (100%) rename {tools => archive/pre_talos/tools}/fix-document-start.py (100%) rename {tools => archive/pre_talos/tools}/fix-yaml (100%) rename {tools => archive/pre_talos/tools}/rebuild-kustomizations (100%) rename {tools => archive/pre_talos/tools}/restore.sh (100%) create mode 100644 kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml create mode 100644 kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml create mode 100644 kubernetes/apps/cert-manager/cert-manager/issuers/issuers.yaml create mode 100644 kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml create mode 100644 kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml create mode 100644 kubernetes/apps/cert-manager/cert-manager/ks.yaml create mode 100644 kubernetes/apps/cert-manager/kustomization.yaml create mode 100644 kubernetes/apps/cert-manager/namespace.yaml create mode 100644 kubernetes/apps/crossplane-system/crossplane/app/helmrelease.yaml create mode 100644 kubernetes/apps/crossplane-system/crossplane/app/kustomization.yaml create mode 100644 kubernetes/apps/crossplane-system/crossplane/ks.yaml create mode 100644 kubernetes/apps/crossplane-system/kustomization.yaml create mode 100644 kubernetes/apps/crossplane-system/namespace.yaml create mode 100644 kubernetes/apps/database/kustomization.yaml create mode 100644 kubernetes/apps/database/mariadb/instance/backup.yaml create mode 100644 kubernetes/apps/database/mariadb/instance/kustomization.yaml create mode 100644 kubernetes/apps/database/mariadb/instance/mariadb.yaml create mode 100644 kubernetes/apps/database/mariadb/instance/secret.sops.yaml create mode 100644 kubernetes/apps/database/mariadb/ks.yaml create mode 100644 kubernetes/apps/database/mariadb/operator/helmrelease.yaml create mode 100644 kubernetes/apps/database/mariadb/operator/kustomization.yaml create mode 100644 kubernetes/apps/database/namespace.yaml create mode 100644 kubernetes/apps/default/code-server/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/code-server/app/kustomization.yaml create mode 100644 kubernetes/apps/default/code-server/ks.yaml create mode 100644 kubernetes/apps/default/dashy/app/config/conf.yml create mode 100644 kubernetes/apps/default/dashy/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/dashy/app/kustomization.yaml create mode 100644 kubernetes/apps/default/dashy/ks.yaml create mode 100644 kubernetes/apps/default/drop/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/drop/app/kustomization.yaml create mode 100644 kubernetes/apps/default/drop/ks.yaml create mode 100644 kubernetes/apps/default/echo-server/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/echo-server/app/kustomization.yaml create mode 100644 kubernetes/apps/default/echo-server/ks.yaml create mode 100644 kubernetes/apps/default/hajimari/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/hajimari/app/kustomization.yaml create mode 100644 kubernetes/apps/default/hajimari/ks.yaml create mode 100644 kubernetes/apps/default/headscale/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/headscale/app/kustomization.yaml create mode 100644 kubernetes/apps/default/headscale/ks.yaml.disabled create mode 100644 kubernetes/apps/default/jdownloader/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/jdownloader/app/kustomization.yaml create mode 100644 kubernetes/apps/default/jdownloader/app/secret.sops.yaml create mode 100644 kubernetes/apps/default/jdownloader/ks.yaml create mode 100755 kubernetes/apps/default/kasm/app/ingress.yaml create mode 100755 kubernetes/apps/default/kasm/app/kustomization.yaml create mode 100755 kubernetes/apps/default/kasm/app/service.yaml create mode 100644 kubernetes/apps/default/kasm/ks.yaml create mode 100644 kubernetes/apps/default/kustomization.yaml create mode 100644 kubernetes/apps/default/linkding/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/linkding/app/kustomization.yaml create mode 100644 kubernetes/apps/default/linkding/app/secret.sops.yaml create mode 100644 kubernetes/apps/default/linkding/ks.yaml create mode 100644 kubernetes/apps/default/namespace.yaml create mode 100755 kubernetes/apps/default/octoprint/app/ingress.yaml create mode 100755 kubernetes/apps/default/octoprint/app/kustomization.yaml create mode 100755 kubernetes/apps/default/octoprint/app/service.yaml create mode 100644 kubernetes/apps/default/octoprint/ks.yaml create mode 100644 kubernetes/apps/default/paperless/app/helmrelease-gotenberg.yaml create mode 100644 kubernetes/apps/default/paperless/app/helmrelease-tika.yaml create mode 100644 kubernetes/apps/default/paperless/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/paperless/app/kustomization.yaml create mode 100644 kubernetes/apps/default/paperless/app/secret.sops.yaml create mode 100644 kubernetes/apps/default/paperless/ks.yaml create mode 100644 kubernetes/apps/default/paperless/redis/helmrelease.yaml create mode 100644 kubernetes/apps/default/paperless/redis/kustomization.yaml create mode 100644 kubernetes/apps/default/s3gw/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/s3gw/app/kustomization.yaml create mode 100644 kubernetes/apps/default/s3gw/ks.yaml.disabled create mode 100644 kubernetes/apps/default/sharry/app/config/sharry.conf create mode 100644 kubernetes/apps/default/sharry/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/sharry/app/kustomization.yaml create mode 100644 kubernetes/apps/default/sharry/ks.yaml create mode 100644 kubernetes/apps/default/smtp-relay/app/config/maddy.conf create mode 100644 kubernetes/apps/default/smtp-relay/app/externalsecret.yaml create mode 100644 kubernetes/apps/default/smtp-relay/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/smtp-relay/app/kustomization.yaml create mode 100644 kubernetes/apps/default/smtp-relay/ks.yaml create mode 100644 kubernetes/apps/default/webtrees/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/webtrees/app/kustomization.yaml create mode 100644 kubernetes/apps/default/webtrees/app/secret.sops.yaml create mode 100644 kubernetes/apps/default/webtrees/db/cronjob.yaml create mode 100644 kubernetes/apps/default/webtrees/db/helmrelease.yaml create mode 100644 kubernetes/apps/default/webtrees/db/kustomization.yaml create mode 100644 kubernetes/apps/default/webtrees/db/secret.sops.yaml create mode 100644 kubernetes/apps/default/webtrees/ks.yaml create mode 100644 kubernetes/apps/flux-system/addons/ks.yaml create mode 100644 kubernetes/apps/flux-system/addons/monitoring/kustomization.yaml create mode 100644 kubernetes/apps/flux-system/addons/monitoring/podmonitor.yaml create mode 100644 kubernetes/apps/flux-system/addons/monitoring/prometheusrule.yaml create mode 100644 kubernetes/apps/flux-system/addons/webhooks/github/ingress.yaml create mode 100644 kubernetes/apps/flux-system/addons/webhooks/github/kustomization.yaml create mode 100644 kubernetes/apps/flux-system/addons/webhooks/github/receiver.yaml create mode 100644 kubernetes/apps/flux-system/addons/webhooks/github/secret.sops.yaml create mode 100644 kubernetes/apps/flux-system/addons/webhooks/kustomization.yaml create mode 100644 kubernetes/apps/flux-system/kustomization.yaml create mode 100644 kubernetes/apps/flux-system/namespace.yaml create mode 100644 kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml create mode 100644 kubernetes/apps/flux-system/weave-gitops/app/kustomization.yaml create mode 100644 kubernetes/apps/flux-system/weave-gitops/app/rbac.yaml create mode 100644 kubernetes/apps/flux-system/weave-gitops/app/secret.sops.yaml create mode 100644 kubernetes/apps/flux-system/weave-gitops/ks.yaml create mode 100644 kubernetes/apps/flux-system/webhooks/app/github/ingress.yaml create mode 100644 kubernetes/apps/flux-system/webhooks/app/github/kustomization.yaml create mode 100644 kubernetes/apps/flux-system/webhooks/app/github/receiver.yaml create mode 100644 kubernetes/apps/flux-system/webhooks/app/github/secret.sops.yaml create mode 100644 kubernetes/apps/flux-system/webhooks/app/kustomization.yaml create mode 100644 kubernetes/apps/flux-system/webhooks/ks.yaml create mode 100644 kubernetes/apps/games/kustomization.yaml create mode 100644 kubernetes/apps/games/minecraft-server/app/backup-sa.yaml create mode 100644 kubernetes/apps/games/minecraft-server/app/helmrelease-creative.yaml create mode 100644 kubernetes/apps/games/minecraft-server/app/helmrelease-family.yaml create mode 100644 kubernetes/apps/games/minecraft-server/app/helmrelease-insel.yaml create mode 100644 kubernetes/apps/games/minecraft-server/app/helmrelease-survival.yaml create mode 100644 kubernetes/apps/games/minecraft-server/app/kustomization.yaml create mode 100644 kubernetes/apps/games/minecraft-server/app/mc-backup.sh create mode 100755 kubernetes/apps/games/minecraft-server/app/monitoring.yaml create mode 100644 kubernetes/apps/games/minecraft-server/ks.dis create mode 100644 kubernetes/apps/games/namespace.yaml create mode 100644 kubernetes/apps/kube-system/cilium/app/helm-values.yaml create mode 100644 kubernetes/apps/kube-system/cilium/app/helmrelease.yaml create mode 100644 kubernetes/apps/kube-system/cilium/app/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml create mode 100644 kubernetes/apps/kube-system/cilium/config/cilium-l2.yaml create mode 100644 kubernetes/apps/kube-system/cilium/config/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/cilium/ks.yaml create mode 100644 kubernetes/apps/kube-system/container-object-storage-interface/app/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/container-object-storage-interface/ks.dis create mode 100644 kubernetes/apps/kube-system/coredns/app/helm-values.yaml create mode 100644 kubernetes/apps/kube-system/coredns/app/helmrelease.yaml create mode 100644 kubernetes/apps/kube-system/coredns/app/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml create mode 100644 kubernetes/apps/kube-system/coredns/ks.yaml create mode 100644 kubernetes/apps/kube-system/descheduler/app/helmrelease.yaml create mode 100644 kubernetes/apps/kube-system/descheduler/app/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/descheduler/ks.yaml create mode 100644 kubernetes/apps/kube-system/kube-vip/app/daemonset.yaml create mode 100644 kubernetes/apps/kube-system/kube-vip/app/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/kube-vip/app/rbac.yaml create mode 100644 kubernetes/apps/kube-system/kube-vip/ks.dis create mode 100644 kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yaml create mode 100644 kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml create mode 100644 kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml create mode 100644 kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml create mode 100644 kubernetes/apps/kube-system/kubernetes-replicator/app/helmrelease.yaml create mode 100644 kubernetes/apps/kube-system/kubernetes-replicator/app/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/kubernetes-replicator/ks.yaml create mode 100644 kubernetes/apps/kube-system/kured/app/helmrelease.yaml create mode 100644 kubernetes/apps/kube-system/kured/app/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/kured/app/prometheusrule.yaml create mode 100644 kubernetes/apps/kube-system/kured/ks.yaml create mode 100644 kubernetes/apps/kube-system/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/local-path-provisioner/app/helmrelease.yaml create mode 100644 kubernetes/apps/kube-system/local-path-provisioner/app/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/local-path-provisioner/ks.dis create mode 100644 kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml create mode 100644 kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/metrics-server/ks.yaml create mode 100644 kubernetes/apps/kube-system/namespace.yaml create mode 100644 kubernetes/apps/kube-system/node-problem-detector/app/helmrelease.yaml create mode 100644 kubernetes/apps/kube-system/node-problem-detector/app/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/node-problem-detector/ks.yaml create mode 100644 kubernetes/apps/kube-system/reloader/app/helmrelease.yaml create mode 100644 kubernetes/apps/kube-system/reloader/app/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/reloader/ks.yaml create mode 100644 kubernetes/apps/kube-system/spegel/app/helm-values.yaml create mode 100644 kubernetes/apps/kube-system/spegel/app/helmrelease.yaml create mode 100644 kubernetes/apps/kube-system/spegel/app/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/spegel/app/kustomizeconfig.yaml create mode 100644 kubernetes/apps/kube-system/spegel/ks.yaml create mode 100644 kubernetes/apps/media/calibre-web/app/helmrelease.yaml create mode 100644 kubernetes/apps/media/calibre-web/app/kustomization.yaml create mode 100644 kubernetes/apps/media/calibre-web/ks.yaml create mode 100644 kubernetes/apps/media/kustomization.yaml create mode 100755 kubernetes/apps/media/mediabox/app/bazarr-ingress.yaml create mode 100755 kubernetes/apps/media/mediabox/app/gaps-ingress.yaml create mode 100755 kubernetes/apps/media/mediabox/app/kustomization.yaml create mode 100644 kubernetes/apps/media/mediabox/app/lldap-ingress.yaml create mode 100755 kubernetes/apps/media/mediabox/app/notifiarr-ingress.yaml create mode 100644 kubernetes/apps/media/mediabox/app/prowlarr-exporter.yaml create mode 100755 kubernetes/apps/media/mediabox/app/prowlarr-ingress.yaml create mode 100644 kubernetes/apps/media/mediabox/app/radarr-exporter.yaml create mode 100755 kubernetes/apps/media/mediabox/app/radarr-ingress.yaml create mode 100755 kubernetes/apps/media/mediabox/app/sabnzbd-ingress.yaml create mode 100755 kubernetes/apps/media/mediabox/app/service.yaml create mode 100755 kubernetes/apps/media/mediabox/app/sonar-ingress.yaml create mode 100644 kubernetes/apps/media/mediabox/app/sonarr-exporter.yaml create mode 100644 kubernetes/apps/media/mediabox/ks.yaml create mode 100644 kubernetes/apps/media/namespace.yaml create mode 100755 kubernetes/apps/media/plex-exporter/app/configmap.yaml create mode 100755 kubernetes/apps/media/plex-exporter/app/deployment.yaml create mode 100755 kubernetes/apps/media/plex-exporter/app/grafana-dashboard.yaml create mode 100755 kubernetes/apps/media/plex-exporter/app/kustomization.yaml create mode 100755 kubernetes/apps/media/plex-exporter/app/plex-exporter-grafana-dashboard.json create mode 100755 kubernetes/apps/media/plex-exporter/app/service-monitor.yaml create mode 100755 kubernetes/apps/media/plex-exporter/app/service.yaml create mode 100644 kubernetes/apps/media/plex-exporter/ks.yaml create mode 100644 kubernetes/apps/media/plex-trakt-sync/app/config/config.yml create mode 100644 kubernetes/apps/media/plex-trakt-sync/app/helmrelease.yaml create mode 100644 kubernetes/apps/media/plex-trakt-sync/app/kustomization.yaml create mode 100644 kubernetes/apps/media/plex-trakt-sync/ks.yaml create mode 100755 kubernetes/apps/media/podsync/app/config/config.toml create mode 100644 kubernetes/apps/media/podsync/app/helmrelease.yaml create mode 100644 kubernetes/apps/media/podsync/app/kustomization.yaml create mode 100644 kubernetes/apps/media/podsync/ks.dis create mode 100644 kubernetes/apps/media/tautulli/app/helmrelease.yaml create mode 100644 kubernetes/apps/media/tautulli/app/kustomization.yaml create mode 100644 kubernetes/apps/media/tautulli/exporter/helmrelease.yaml create mode 100644 kubernetes/apps/media/tautulli/exporter/kustomization.yaml create mode 100644 kubernetes/apps/media/tautulli/ks.yaml create mode 100644 kubernetes/apps/network/echo-server/app/helmrelease.yaml create mode 100644 kubernetes/apps/network/echo-server/app/kustomization.yaml create mode 100644 kubernetes/apps/network/echo-server/ks.yaml create mode 100644 kubernetes/apps/network/external-dns/app/helmrelease.yaml create mode 100644 kubernetes/apps/network/external-dns/app/kustomization.yaml create mode 100644 kubernetes/apps/network/external-dns/app/secret.sops.yaml create mode 100644 kubernetes/apps/network/external-dns/ks.yaml create mode 100644 kubernetes/apps/network/ingress-nginx/certificates/kustomization.yaml create mode 100644 kubernetes/apps/network/ingress-nginx/certificates/production.yaml create mode 100644 kubernetes/apps/network/ingress-nginx/certificates/staging.yaml create mode 100644 kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml create mode 100644 kubernetes/apps/network/ingress-nginx/external/kustomization.yaml create mode 100644 kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml create mode 100644 kubernetes/apps/network/ingress-nginx/internal/kustomization.yaml create mode 100644 kubernetes/apps/network/ingress-nginx/ks.yaml create mode 100644 kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml create mode 100644 kubernetes/apps/network/k8s-gateway/app/kustomization.yaml create mode 100644 kubernetes/apps/network/k8s-gateway/ks.yaml create mode 100644 kubernetes/apps/network/kustomization.yaml create mode 100644 kubernetes/apps/network/namespace.yaml create mode 100755 kubernetes/apps/networking/cloudflare-ddns/app/cloudflare-ddns.sh create mode 100644 kubernetes/apps/networking/cloudflare-ddns/app/helmrelease.yaml create mode 100644 kubernetes/apps/networking/cloudflare-ddns/app/kustomization.yaml create mode 100644 kubernetes/apps/networking/cloudflare-ddns/ks.yaml create mode 100644 kubernetes/apps/networking/external-dns/app/dnsendpoint-crd.yaml create mode 100644 kubernetes/apps/networking/external-dns/app/helmrelease.yaml create mode 100644 kubernetes/apps/networking/external-dns/app/kustomization.yaml create mode 100644 kubernetes/apps/networking/external-dns/app/secret.sops.yaml create mode 100644 kubernetes/apps/networking/external-dns/ks.yaml create mode 100644 kubernetes/apps/networking/ingress-nginx/app/helmrelease.yaml create mode 100644 kubernetes/apps/networking/ingress-nginx/app/kustomization.yaml create mode 100644 kubernetes/apps/networking/ingress-nginx/certificates/kustomization.yaml create mode 100644 kubernetes/apps/networking/ingress-nginx/certificates/production.yaml create mode 100644 kubernetes/apps/networking/ingress-nginx/certificates/staging.yaml create mode 100644 kubernetes/apps/networking/ingress-nginx/ks.yaml create mode 100644 kubernetes/apps/networking/ingressmonitorcontroller/app/helmrelease.yaml create mode 100644 kubernetes/apps/networking/ingressmonitorcontroller/app/kustomization.yaml create mode 100644 kubernetes/apps/networking/ingressmonitorcontroller/app/secret.sops.yaml create mode 100644 kubernetes/apps/networking/ingressmonitorcontroller/ks.yaml create mode 100644 kubernetes/apps/networking/k8s-gateway/app/helmrelease.yaml create mode 100644 kubernetes/apps/networking/k8s-gateway/app/kustomization.yaml create mode 100644 kubernetes/apps/networking/k8s-gateway/ks.yaml create mode 100644 kubernetes/apps/networking/kustomization.yaml create mode 100644 kubernetes/apps/networking/metallb/app/helmrelease.yaml create mode 100644 kubernetes/apps/networking/metallb/app/kustomization.yaml create mode 100644 kubernetes/apps/networking/metallb/config/kustomization.yaml create mode 100644 kubernetes/apps/networking/metallb/config/resources.yaml create mode 100644 kubernetes/apps/networking/metallb/ks.disable create mode 100644 kubernetes/apps/networking/namespace.yaml create mode 100644 kubernetes/apps/networking/phpipam/ks.yaml create mode 100644 kubernetes/apps/networking/phpipam/phpipam-db/database.yaml create mode 100644 kubernetes/apps/networking/phpipam/phpipam-db/grant.yaml create mode 100644 kubernetes/apps/networking/phpipam/phpipam-db/kustomization.yaml create mode 100644 kubernetes/apps/networking/phpipam/phpipam-db/secret.sops.yaml create mode 100644 kubernetes/apps/networking/phpipam/phpipam-db/user.yaml create mode 100644 kubernetes/apps/networking/phpipam/phpipam-web/deployment.yaml create mode 100755 kubernetes/apps/networking/phpipam/phpipam-web/ingress.yaml create mode 100644 kubernetes/apps/networking/phpipam/phpipam-web/kustomization.yaml create mode 100644 kubernetes/apps/networking/phpipam/phpipam-web/service.yaml create mode 100755 kubernetes/apps/networking/traefik/app/helm-release.yaml create mode 100755 kubernetes/apps/networking/traefik/app/kustomization.yaml create mode 100644 kubernetes/apps/networking/traefik/config/certificates/kustomization.yaml create mode 100644 kubernetes/apps/networking/traefik/config/certificates/production.yaml create mode 100644 kubernetes/apps/networking/traefik/config/certificates/staging.yaml create mode 100755 kubernetes/apps/networking/traefik/config/dashboard/ingress.yaml create mode 100755 kubernetes/apps/networking/traefik/config/dashboard/kustomization.yaml create mode 100755 kubernetes/apps/networking/traefik/config/kustomization.yaml create mode 100644 kubernetes/apps/networking/traefik/config/middlewares/authelia.yaml create mode 100644 kubernetes/apps/networking/traefik/config/middlewares/cloudflare-only.yaml create mode 100644 kubernetes/apps/networking/traefik/config/middlewares/internal-only.yaml create mode 100644 kubernetes/apps/networking/traefik/config/middlewares/kustomization.yaml create mode 100755 kubernetes/apps/networking/traefik/config/serverstransport/insecureskipverify.yaml create mode 100755 kubernetes/apps/networking/traefik/config/serverstransport/kustomization.yaml create mode 100755 kubernetes/apps/networking/traefik/config/tls-store/default.yaml create mode 100755 kubernetes/apps/networking/traefik/config/tls-store/kustomization.yaml create mode 100644 kubernetes/apps/networking/traefik/ks.dis create mode 100644 kubernetes/apps/networking/vpn/app/ingressroutetcp.yaml create mode 100644 kubernetes/apps/networking/vpn/app/kustomization.yaml create mode 100644 kubernetes/apps/networking/vpn/app/service.yaml create mode 100644 kubernetes/apps/networking/vpn/ks.dis create mode 100755 kubernetes/apps/observability/alertmanager-discord/app/alertmanager-discord-config.yaml create mode 100755 kubernetes/apps/observability/alertmanager-discord/app/alertmanager-discord-deployment.yaml create mode 100755 kubernetes/apps/observability/alertmanager-discord/app/alertmanager-discord-service.yaml create mode 100755 kubernetes/apps/observability/alertmanager-discord/app/kustomization.yaml create mode 100644 kubernetes/apps/observability/alertmanager-discord/app/secret.sops.yaml create mode 100644 kubernetes/apps/observability/alertmanager-discord/ks.yaml create mode 100644 kubernetes/apps/observability/gatus/app/config/config.yaml create mode 100644 kubernetes/apps/observability/gatus/app/externalsecret.yaml create mode 100644 kubernetes/apps/observability/gatus/app/helmrelease.yaml create mode 100644 kubernetes/apps/observability/gatus/app/kustomization.yaml create mode 100644 kubernetes/apps/observability/gatus/app/rbac.yaml create mode 100644 kubernetes/apps/observability/gatus/ks.yaml create mode 100644 kubernetes/apps/observability/goldilocks/app/helmrelease.yaml create mode 100644 kubernetes/apps/observability/goldilocks/app/kustomization.yaml create mode 100644 kubernetes/apps/observability/goldilocks/ks.yaml create mode 100644 kubernetes/apps/observability/grafana/app/helmrelease.yaml create mode 100644 kubernetes/apps/observability/grafana/app/kustomization.yaml create mode 100644 kubernetes/apps/observability/grafana/app/secret.sops.yaml create mode 100644 kubernetes/apps/observability/grafana/ks.yaml create mode 100644 kubernetes/apps/observability/kube-prometheus-stack/app/helmrelease.yaml create mode 100644 kubernetes/apps/observability/kube-prometheus-stack/app/kustomization.yaml create mode 100644 kubernetes/apps/observability/kube-prometheus-stack/config/kustomization.yaml create mode 100644 kubernetes/apps/observability/kube-prometheus-stack/config/prometheusrules.yaml create mode 100644 kubernetes/apps/observability/kube-prometheus-stack/config/scrapeconfigs.yaml create mode 100644 kubernetes/apps/observability/kube-prometheus-stack/ks.yaml create mode 100644 kubernetes/apps/observability/kubernetes-dashboard/app/helmrelease.yaml create mode 100644 kubernetes/apps/observability/kubernetes-dashboard/app/kustomization.yaml create mode 100644 kubernetes/apps/observability/kubernetes-dashboard/app/rbac.yaml create mode 100644 kubernetes/apps/observability/kubernetes-dashboard/ks.yaml create mode 100644 kubernetes/apps/observability/kustomization.yaml create mode 100644 kubernetes/apps/observability/loki/app/configmap.yaml create mode 100644 kubernetes/apps/observability/loki/app/helmrelease.yaml create mode 100644 kubernetes/apps/observability/loki/app/kustomization.yaml create mode 100644 kubernetes/apps/observability/loki/app/servicemonitor.yaml create mode 100644 kubernetes/apps/observability/loki/ks.dis create mode 100644 kubernetes/apps/observability/namespace.yaml create mode 100644 kubernetes/apps/observability/netdata/app/helmrelease.yaml create mode 100644 kubernetes/apps/observability/netdata/app/kustomization.yaml create mode 100644 kubernetes/apps/observability/netdata/ks.dis create mode 100644 kubernetes/apps/observability/prometheus-operator-crds/app/helmrelease.yaml create mode 100644 kubernetes/apps/observability/prometheus-operator-crds/app/kustomization.yaml create mode 100644 kubernetes/apps/observability/prometheus-operator-crds/ks.yaml create mode 100644 kubernetes/apps/observability/prometheus-pushgateway/app/helmrelease.yaml create mode 100644 kubernetes/apps/observability/prometheus-pushgateway/app/kustomization.yaml create mode 100755 kubernetes/apps/observability/prometheus-pushgateway/app/prometheusrule.yaml create mode 100644 kubernetes/apps/observability/prometheus-pushgateway/ks.yaml create mode 100644 kubernetes/apps/observability/unpoller/app/helmrelease.yaml create mode 100644 kubernetes/apps/observability/unpoller/app/kustomization.yaml create mode 100644 kubernetes/apps/observability/unpoller/config/kustomization.yaml create mode 100644 kubernetes/apps/observability/unpoller/config/prometheusrule.yaml create mode 100644 kubernetes/apps/observability/unpoller/ks.yaml create mode 100644 kubernetes/apps/observability/vector/agent/helmrelease.yaml create mode 100644 kubernetes/apps/observability/vector/agent/kustomization.yaml create mode 100644 kubernetes/apps/observability/vector/aggregator/helmrelease.yaml create mode 100644 kubernetes/apps/observability/vector/aggregator/kustomization.yaml create mode 100644 kubernetes/apps/observability/vector/ks.yaml create mode 100644 kubernetes/apps/observability/vpa/app/helmrelease.yaml create mode 100644 kubernetes/apps/observability/vpa/app/kustomization.yaml create mode 100644 kubernetes/apps/observability/vpa/ks.yaml create mode 100644 kubernetes/apps/openebs-system/kustomization.yaml create mode 100644 kubernetes/apps/openebs-system/namespace.yaml create mode 100644 kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml create mode 100644 kubernetes/apps/openebs-system/openebs/app/kustomization.yaml create mode 100644 kubernetes/apps/openebs-system/openebs/ks.yaml create mode 100644 kubernetes/apps/security/external-secrets/ks.yaml create mode 100644 kubernetes/apps/security/external-secrets/operator/helmrelease.yaml create mode 100644 kubernetes/apps/security/external-secrets/operator/kustomization.yaml create mode 100644 kubernetes/apps/security/external-secrets/secretstores/doppler/kustomization.yaml create mode 100644 kubernetes/apps/security/external-secrets/secretstores/doppler/secret.sops.yaml create mode 100644 kubernetes/apps/security/external-secrets/secretstores/doppler/secretstore.yaml create mode 100644 kubernetes/apps/security/external-secrets/secretstores/kustomization.yaml create mode 100644 kubernetes/apps/security/external-secrets/secretstores/onepassword/helmrelease.yaml create mode 100644 kubernetes/apps/security/external-secrets/secretstores/onepassword/kustomization.yaml create mode 100644 kubernetes/apps/security/external-secrets/secretstores/onepassword/secret.sops.yaml create mode 100644 kubernetes/apps/security/external-secrets/secretstores/onepassword/secretstore.yaml create mode 100644 kubernetes/apps/security/kustomization.yaml create mode 100644 kubernetes/apps/security/namespace.yaml create mode 100644 kubernetes/apps/storage/csi-driver-nfs/app/helmrelease.yaml create mode 100755 kubernetes/apps/storage/csi-driver-nfs/app/kustomization.yaml create mode 100644 kubernetes/apps/storage/csi-driver-nfs/app/storageclass.yaml create mode 100644 kubernetes/apps/storage/csi-driver-nfs/ks.yaml create mode 100644 kubernetes/apps/storage/democratic-csi/app/helmrelease.yaml create mode 100755 kubernetes/apps/storage/democratic-csi/app/kustomization.yaml create mode 100644 kubernetes/apps/storage/democratic-csi/ks.dis create mode 100644 kubernetes/apps/storage/kustomization.yaml create mode 100644 kubernetes/apps/storage/longhorn/app/helm-release.yaml create mode 100755 kubernetes/apps/storage/longhorn/app/kustomization.yaml create mode 100755 kubernetes/apps/storage/longhorn/conf/kustomization.yaml create mode 100755 kubernetes/apps/storage/longhorn/conf/monitoring/kustomization.yaml create mode 100755 kubernetes/apps/storage/longhorn/conf/monitoring/prometheusrule.yaml create mode 100755 kubernetes/apps/storage/longhorn/conf/monitoring/servicemonitor.yaml create mode 100755 kubernetes/apps/storage/longhorn/conf/other/kustomization.yaml create mode 100644 kubernetes/apps/storage/longhorn/conf/other/systembackup.yaml create mode 100755 kubernetes/apps/storage/longhorn/conf/recurringjobs/30min-snapshot.yaml create mode 100755 kubernetes/apps/storage/longhorn/conf/recurringjobs/daily-backup.yaml create mode 100755 kubernetes/apps/storage/longhorn/conf/recurringjobs/daily-cleanup.yaml create mode 100755 kubernetes/apps/storage/longhorn/conf/recurringjobs/daily-delete.yaml create mode 100755 kubernetes/apps/storage/longhorn/conf/recurringjobs/daily-trim.yaml create mode 100755 kubernetes/apps/storage/longhorn/conf/recurringjobs/hourly-backup.yaml create mode 100755 kubernetes/apps/storage/longhorn/conf/recurringjobs/kustomization.yaml create mode 100755 kubernetes/apps/storage/longhorn/conf/snap-class.yaml create mode 100644 kubernetes/apps/storage/longhorn/ks.yaml create mode 100644 kubernetes/apps/storage/longhorn/prereq/kustomization.yaml create mode 100644 kubernetes/apps/storage/longhorn/prereq/longhorn-iscsi-installation.yaml create mode 100644 kubernetes/apps/storage/namespace.yaml create mode 100644 kubernetes/apps/storage/snapshot-controller/app/helmrelease.yaml create mode 100755 kubernetes/apps/storage/snapshot-controller/app/kustomization.yaml create mode 100644 kubernetes/apps/storage/snapshot-controller/app/pki.yaml create mode 100644 kubernetes/apps/storage/snapshot-controller/ks.yaml create mode 100644 kubernetes/apps/storage/velero/app/helmrelease.yaml create mode 100755 kubernetes/apps/storage/velero/app/kustomization.yaml create mode 100644 kubernetes/apps/storage/velero/app/resourcepolicy.yaml create mode 100644 kubernetes/apps/storage/velero/app/secret.sops.yaml create mode 100644 kubernetes/apps/storage/velero/ks.yaml create mode 100644 kubernetes/apps/storage/volsync/app/helmrelease.yaml create mode 100755 kubernetes/apps/storage/volsync/app/kustomization.yaml create mode 100644 kubernetes/apps/storage/volsync/app/prometheusrule.yaml create mode 100644 kubernetes/apps/storage/volsync/ks.yaml create mode 100644 kubernetes/bootstrap/flux/kustomization.yaml create mode 100644 kubernetes/bootstrap/helmfile.yaml create mode 100644 kubernetes/bootstrap/talos/clusterconfig/.gitignore create mode 100644 kubernetes/bootstrap/talos/talconfig.yaml create mode 100644 kubernetes/bootstrap/talos/talsecret.sops.yaml create mode 100644 kubernetes/flux/apps.yaml create mode 100644 kubernetes/flux/config/cluster.yaml create mode 100644 kubernetes/flux/config/flux.yaml create mode 100644 kubernetes/flux/config/kustomization.yaml create mode 100644 kubernetes/flux/repositories/git/kustomization.yaml create mode 100644 kubernetes/flux/repositories/git/local-path-provisioner.yaml create mode 100644 kubernetes/flux/repositories/git/synology-csi-chart.yaml create mode 100644 kubernetes/flux/repositories/helm/backube.yaml create mode 100644 kubernetes/flux/repositories/helm/bitnami.yaml create mode 100644 kubernetes/flux/repositories/helm/bjw-s.yaml create mode 100644 kubernetes/flux/repositories/helm/cilium.yaml create mode 100644 kubernetes/flux/repositories/helm/coredns.yaml create mode 100644 kubernetes/flux/repositories/helm/crossplane.yaml create mode 100644 kubernetes/flux/repositories/helm/csi-driver-nfs.yaml create mode 100644 kubernetes/flux/repositories/helm/deliveryheroio.yaml create mode 100644 kubernetes/flux/repositories/helm/democratic-csi.yaml create mode 100644 kubernetes/flux/repositories/helm/external-dns.yaml create mode 100644 kubernetes/flux/repositories/helm/external-secrets.yaml create mode 100755 kubernetes/flux/repositories/helm/fairwinds.yaml create mode 100644 kubernetes/flux/repositories/helm/grafana.yaml create mode 100644 kubernetes/flux/repositories/helm/hajimari.yaml create mode 100644 kubernetes/flux/repositories/helm/ingress-nginx.yaml create mode 100644 kubernetes/flux/repositories/helm/jetstack.yaml create mode 100644 kubernetes/flux/repositories/helm/k8s-gateway.yaml create mode 100755 kubernetes/flux/repositories/helm/kubereboot.yaml create mode 100644 kubernetes/flux/repositories/helm/kubernetes-dashboard.yaml create mode 100644 kubernetes/flux/repositories/helm/kubernetes-sigs-descheduler-charts.yaml create mode 100644 kubernetes/flux/repositories/helm/kustomization.yaml create mode 100755 kubernetes/flux/repositories/helm/longhorn.yaml create mode 100644 kubernetes/flux/repositories/helm/mariadb-operator.yaml create mode 100644 kubernetes/flux/repositories/helm/metallb.yaml create mode 100644 kubernetes/flux/repositories/helm/metrics-server.yaml create mode 100644 kubernetes/flux/repositories/helm/minecraft-server-charts.yaml create mode 100644 kubernetes/flux/repositories/helm/minio.yaml create mode 100755 kubernetes/flux/repositories/helm/mittwald-charts.yaml create mode 100644 kubernetes/flux/repositories/helm/netdata.yaml create mode 100644 kubernetes/flux/repositories/helm/openebs.yaml create mode 100644 kubernetes/flux/repositories/helm/piraeus.yaml create mode 100644 kubernetes/flux/repositories/helm/postfinance.yaml create mode 100644 kubernetes/flux/repositories/helm/prometheus-community.yaml create mode 100644 kubernetes/flux/repositories/helm/rancher.yaml create mode 100644 kubernetes/flux/repositories/helm/s3gw-charts.yaml create mode 100644 kubernetes/flux/repositories/helm/spegel.yaml create mode 100644 kubernetes/flux/repositories/helm/stakater.yaml create mode 100755 kubernetes/flux/repositories/helm/traefik-charts.yaml create mode 100644 kubernetes/flux/repositories/helm/vector-charts.yaml create mode 100644 kubernetes/flux/repositories/helm/vmware-charts.yaml create mode 100644 kubernetes/flux/repositories/helm/weave-gitops.yaml create mode 100644 kubernetes/flux/repositories/kustomization.yaml create mode 100644 kubernetes/flux/repositories/oci/kustomization.yaml create mode 100644 kubernetes/flux/vars/cluster-secrets.sops.yaml create mode 100644 kubernetes/flux/vars/cluster-settings.yaml create mode 100644 kubernetes/flux/vars/kustomization.yaml create mode 100644 kubernetes/shared/gatus/check/configmap.yaml create mode 100644 kubernetes/shared/gatus/check/kustomization.yaml create mode 100644 kubernetes/shared/gatus/dns-only/configmap.yaml create mode 100644 kubernetes/shared/gatus/dns-only/kustomization.yaml create mode 100644 kubernetes/shared/volsync/claim.yaml create mode 100644 kubernetes/shared/volsync/kustomization.yaml create mode 100644 kubernetes/shared/volsync/minio.yaml create mode 100644 makejinja.toml mode change 100755 => 100644 readme.md create mode 100644 requirements.txt create mode 100755 scripts/kubeconform.sh diff --git a/.devcontainer/ci/Dockerfile b/.devcontainer/ci/Dockerfile new file mode 100644 index 000000000..e6e945b41 --- /dev/null +++ b/.devcontainer/ci/Dockerfile @@ -0,0 +1,2 @@ +# Ref: https://github.com/devcontainers/ci/issues/191 +FROM mcr.microsoft.com/devcontainers/base:alpine diff --git a/.devcontainer/ci/devcontainer.json b/.devcontainer/ci/devcontainer.json new file mode 100644 index 000000000..2064da8c9 --- /dev/null +++ b/.devcontainer/ci/devcontainer.json @@ -0,0 +1,26 @@ +{ + "$schema": "https://raw.githubusercontent.com/devcontainers/spec/main/schemas/devContainer.schema.json", + "name": "Flux Cluster Template (CI)", + "build": { + "dockerfile": "./Dockerfile", + "context": "." + }, + "features": { + "./features": {} + }, + "customizations": { + "vscode": { + "settings": { + "terminal.integrated.profiles.linux": { + "bash": { + "path": "/usr/bin/fish" + } + }, + "terminal.integrated.defaultProfile.linux": "fish" + }, + "extensions": [ + "redhat.vscode-yaml" + ] + } + } +} diff --git a/.devcontainer/ci/features/devcontainer-feature.json b/.devcontainer/ci/features/devcontainer-feature.json new file mode 100644 index 000000000..5f771e345 --- /dev/null +++ b/.devcontainer/ci/features/devcontainer-feature.json @@ -0,0 +1,6 @@ +{ + "name": "Flux Cluster Template (Tools)", + "id": "cluster-template", + "version": "1.0.0", + "description": "Install Tools" +} diff --git a/.devcontainer/ci/features/install.sh b/.devcontainer/ci/features/install.sh new file mode 100644 index 000000000..bbb274289 --- /dev/null +++ b/.devcontainer/ci/features/install.sh @@ -0,0 +1,77 @@ +#!/usr/bin/env bash +set -e +set -o noglob + +apk add --no-cache \ + age bash bind-tools ca-certificates curl direnv gettext python3 \ + py3-pip moreutils jq git iputils openssh-client \ + starship fzf fish yq helm + +apk add --no-cache \ + --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \ + kubectl sops + +apk add --no-cache \ + --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing \ + lsd + +for app in \ + "budimanjojo/talhelper!!?as=talhelper&type=script" \ + "cilium/cilium-cli!!?as=cilium&type=script" \ + "cli/cli!!?as=gh&type=script" \ + "cloudflare/cloudflared!!?as=cloudflared&type=script" \ + "derailed/k9s!!?as=k9s&type=script" \ + "fluxcd/flux2!!?as=flux&type=script" \ + "go-task/task!!?as=task&type=script" \ + "helmfile/helmfile!!?as=helmfile&type=script" \ + "kubecolor/kubecolor!!?as=kubecolor&type=script" \ + "kubernetes-sigs/krew!!?as=krew&type=script" \ + "kubernetes-sigs/kustomize!!?as=kustomize&type=script" \ + "stern/stern!!?as=stern&type=script" \ + "siderolabs/talos!!?as=talosctl&type=script" \ + "yannh/kubeconform!!?as=kubeconform&type=script" +do + echo "=== Installing ${app} ===" + curl -fsSL "https://i.jpillora.com/${app}" | bash +done + +# Create the fish configuration directory +mkdir -p /home/vscode/.config/fish/{completions,conf.d} + +# Setup autocompletions for fish +for tool in cilium flux helm helmfile k9s kubectl kustomize talhelper talosctl; do + $tool completion fish > /home/vscode/.config/fish/completions/$tool.fish +done +gh completion --shell fish > /home/vscode/.config/fish/completions/gh.fish +stern --completion fish > /home/vscode/.config/fish/completions/stern.fish +yq shell-completion fish > /home/vscode/.config/fish/completions/yq.fish + +# Add hooks into fish +tee /home/vscode/.config/fish/conf.d/hooks.fish > /dev/null < /dev/null < /dev/null < /dev/null <- - Changes made in the ansible directory -- name: area/github - color: "72ccf3" - description: >- - Changes made in the github directory -- name: area/kubernetes - color: "72ccf3" - description: >- - Changes made in the kubernetes directory -- name: area/template - color: "72ccf3" - description: >- - Changes made in the tmpl directory -- name: area/terraform - color: "72ccf3" - description: >- - Changes made in the terraform directory +- { name: "area/bootstrap", color: "0e8a16" } +- { name: "area/github", color: "0e8a16" } +- { name: "area/kubernetes", color: "0e8a16" } +- { name: "area/taskfile", color: "0e8a16" } +# Distro +- { name: "distro/talos", color: "ffc300" } # Renovate -- name: renovate/ansible - color: "ffc300" -- name: renovate/container - color: "ffc300" -- name: renovate/github-action - color: "ffc300" -- name: renovate/github-release - color: "ffc300" -- name: renovate/helm - color: "ffc300" -- name: renovate/terraform - color: "ffc300" +- { name: "renovate/container", color: "027fa0" } +- { name: "renovate/github-action", color: "027fa0" } +- { name: "renovate/github-release", color: "027fa0" } +- { name: "renovate/helm", color: "027fa0" } # Semantic Type -- name: type/patch - color: "FFEC19" -- name: type/minor - color: "FF9800" -- name: type/major - color: "F6412D" -- name: type/break - color: "F6412D" +- { name: "type/patch", color: "ffec19" } +- { name: "type/minor", color: "ff9800" } +- { name: "type/major", color: "f6412d" } +- { name: "type/break", color: "f6412d" } # Uncategorized -- name: bug - color: "ee0701" -- name: do-not-merge - color: "ee0701" -- name: docs - color: "F4D1B7" -- name: enhancement - color: "84b6eb" -- name: broken-links - color: "7B55D7" -- name: question - color: "cc317c" -- name: community - color: "0e8a16" +- { name: "hold/upstream", color: "ee0701" } diff --git a/.github/release.yaml b/.github/release.yaml new file mode 100644 index 000000000..1598e66bf --- /dev/null +++ b/.github/release.yaml @@ -0,0 +1,4 @@ +changelog: + exclude: + authors: + - renovate diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 625f1cbbb..016654960 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -1,73 +1,203 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ - "config:base", + "config:recommended", "docker:enableMajor", ":disableRateLimiting", ":dependencyDashboard", ":semanticCommits", - ":enablePreCommit", - ":automergeDigest", - ":automergePr", - ":automergeMinor", - ":automergeLinters", - ":automergeRequireAllStatusChecks", - // "github>tuxpeople/k8s-homelab//.github/renovate/autoMerge.json5", - "github>tuxpeople/k8s-homelab//.github/renovate/commitMessage.json5", - "github>tuxpeople/k8s-homelab//.github/renovate/groups.json5", - "github>tuxpeople/k8s-homelab//.github/renovate/labels.json5", - "github>tuxpeople/k8s-homelab//.github/renovate/semanticCommits.json5", - "helpers:pinGitHubActionDigests", - "github>bjw-s/home-ops//.github/renovate/grafanaDashboards.json5" + ":automergeBranch" ], "dependencyDashboard": true, "dependencyDashboardTitle": "Renovate Dashboard 🤖", - "suppressNotifications": ["prIgnoreNotification"], + "suppressNotifications": ["prEditedNotification", "prIgnoreNotification"], "rebaseWhen": "conflicted", "schedule": ["every weekend"], - "pre-commit": { - "enabled": true - }, + "ignorePaths": ["**/*.sops.*"], "flux": { - "fileMatch": ["kubernetes/.+\\.ya?ml$"] + "fileMatch": ["(^|/)kubernetes/.+\\.ya?ml(?:\\.j2)?$"] }, "helm-values": { - "fileMatch": ["kubernetes/.+\\.ya?ml$"] + "fileMatch": ["(^|/)kubernetes/.+\\.ya?ml(?:\\.j2)?$"] + }, + "helmfile": { + "fileMatch": ["(^|/)helmfile\\.ya?ml(?:\\.j2)?$"] }, "kubernetes": { - "fileMatch": [ - "ansible/.+\\.ya?ml(\\.j2)?$", - "kubernetes/.+\\.ya?ml$" - ] + "fileMatch": ["(^|/)kubernetes/.+\\.ya?ml(?:\\.j2)?$"] + }, + "kustomize": { + "fileMatch": ["(^|/)kustomization\\.ya?ml(?:\\.j2)?$"] + }, + "pip_requirements": { + "fileMatch": ["(^|/)[\\w-]*requirements(-\\w+)?\\.(txt|pip)(?:\\.j2)?$"] }, - "regexManagers": [ + // commit message topics + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "to {{newVersion}}", + "commitMessageSuffix": "", + // package rules + "packageRules": [ + // automerge { - "description": "Process various other dependencies", - "fileMatch": [ - "ansible/.+\\.ya?ml(\\.j2)?$", - "kubernetes/.+\\.ya?ml$" - ], - "matchStrings": [ - "datasource=(?\\S+) depName=(?\\S+)( registryUrl=(?\\S+))?\n.*?\"(?.*)\"\n" - ], - "datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}" + "description": ["Auto merge Github Actions"], + "matchManagers": ["github-actions"], + "automerge": true, + "automergeType": "branch", + "ignoreTests": true, + "matchUpdateTypes": ["minor", "patch"] }, + // groups { - "description": "Process k3s and similiar dependencies", - "fileMatch": [ - "ansible/.+\\.ya?ml(\\.j2)?$", - "kubernetes/.+\\.ya?ml$" - ], - "matchStrings": [ - "datasource=(?\\S+) depName=(?\\S+)( registryUrl=(?\\S+))?\n *version: (?.*)\n" + "description": ["Flux Group"], + "groupName": "Flux", + "matchPackagePatterns": ["fluxcd"], + "matchDatasources": ["docker", "github-tags"], + "versioning": "semver", + "group": { + "commitMessageTopic": "{{{groupName}}} group" + }, + "separateMinorPatch": true + }, + { + "description": ["Talos Group"], + "groupName": "Talos", + "matchPackagePatterns": [ + "siderolabs/talosctl", + "siderolabs/installer" ], - "datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}" + "matchDatasources": ["docker"], + "group": { + "commitMessageTopic": "{{{groupName}}} group" + }, + "separateMinorPatch": true + }, + // commit message topics + { + "matchDatasources": ["helm"], + "commitMessageTopic": "chart {{depName}}" + }, + { + "matchDatasources": ["docker"], + "commitMessageTopic": "image {{depName}}" + }, + // commit messages + { + "matchDatasources": ["docker"], + "matchUpdateTypes": ["major"], + "commitMessagePrefix": "feat(container)!: " + }, + { + "matchDatasources": ["docker"], + "matchUpdateTypes": ["minor"], + "semanticCommitType": "feat", + "semanticCommitScope": "container" + }, + { + "matchDatasources": ["docker"], + "matchUpdateTypes": ["patch"], + "semanticCommitType": "fix", + "semanticCommitScope": "container" + }, + { + "matchDatasources": ["docker"], + "matchUpdateTypes": ["digest"], + "semanticCommitType": "chore", + "semanticCommitScope": "container" + }, + { + "matchDatasources": ["helm"], + "matchUpdateTypes": ["major"], + "commitMessagePrefix": "feat(helm)!: " + }, + { + "matchDatasources": ["helm"], + "matchUpdateTypes": ["minor"], + "semanticCommitType": "feat", + "semanticCommitScope": "helm" + }, + { + "matchDatasources": ["helm"], + "matchUpdateTypes": ["patch"], + "semanticCommitType": "fix", + "semanticCommitScope": "helm" + }, + { + "matchDatasources": ["github-releases", "github-tags"], + "matchUpdateTypes": ["major"], + "commitMessagePrefix": "feat(github-release)!: " + }, + { + "matchDatasources": ["github-releases", "github-tags"], + "matchUpdateTypes": ["minor"], + "semanticCommitType": "feat", + "semanticCommitScope": "github-release" + }, + { + "matchDatasources": ["github-releases", "github-tags"], + "matchUpdateTypes": ["patch"], + "semanticCommitType": "fix", + "semanticCommitScope": "github-release" + }, + { + "matchManagers": ["github-actions"], + "matchUpdateTypes": ["major"], + "commitMessagePrefix": "feat(github-action)!: " + }, + { + "matchManagers": ["github-actions"], + "matchUpdateTypes": ["minor"], + "semanticCommitType": "feat", + "semanticCommitScope": "github-action" + }, + { + "matchManagers": ["github-actions"], + "matchUpdateTypes": ["patch"], + "semanticCommitType": "fix", + "semanticCommitScope": "github-action" + }, + // labels + { + "matchUpdateTypes": ["major"], + "labels": ["type/major"] + }, + { + "matchUpdateTypes": ["minor"], + "labels": ["type/minor"] + }, + { + "matchUpdateTypes": ["patch"], + "labels": ["type/patch"] + }, + { + "matchDatasources": ["docker"], + "addLabels": ["renovate/container"] + }, + { + "matchDatasources": ["helm"], + "addLabels": ["renovate/helm"] + }, + { + "matchDatasources": ["github-releases", "github-tags"], + "addLabels": ["renovate/github-release"] + }, + { + "matchManagers": ["github-actions"], + "addLabels": ["renovate/github-action"] } ], - "packageRules": [ + // custom managers + "customManagers": [ { - "packagePatterns": ["^ghcr.io\\/linuxserver\\/"], - "versionScheme": "regex:^(?v?\\d+)\\.(?\\d+)\\.(?\\d+)*$" + "customType": "regex", + "description": ["Process custom dependencies"], + "fileMatch": ["(^|/)kubernetes/.+\\.ya?ml(?:\\.j2)?$"], + "matchStrings": [ + // # renovate: datasource=helm depName=cilium repository=https://helm.cilium.io + // version: 1.15.1 + "datasource=(?\\S+) depName=(?\\S+)( repository=(?\\S+))?\\n.+: (&\\S+\\s)?(?\\S+)" + ], + "datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}" } ] } diff --git a/.github/tests/config-talos.yaml b/.github/tests/config-talos.yaml new file mode 100644 index 000000000..1136e99a2 --- /dev/null +++ b/.github/tests/config-talos.yaml @@ -0,0 +1,44 @@ +--- +skip_tests: true + +boostrap_talos: + schematic_id: "376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba" +bootstrap_node_network: 10.10.10.0/24 +bootstrap_node_default_gateway: 10.10.10.1 +bootstrap_node_inventory: + - name: k8s-controller-0 + address: 10.10.10.100 + controller: true + disk: fake + mac_addr: fake + - name: k8s-worker-0 + address: 10.10.10.101 + controller: false + disk: fake + mac_addr: fake +bootstrap_dns_servers: ["1.1.1.1", "1.0.0.1"] +bootstrap_ntp_servers: ["time.cloudflare.com"] +bootstrap_pod_network: 10.69.0.0/16 +bootstrap_service_network: 10.96.0.0/16 +bootstrap_controller_vip: 10.10.10.254 +bootstrap_tls_sans: ["fake"] +bootstrap_sops_age_pubkey: $BOOTSTRAP_AGE_PUBLIC_KEY +bootstrap_bgp: + enabled: false +bootstrap_github_address: https://github.com/onedr0p/cluster-template +bootstrap_github_branch: main +bootstrap_github_webhook_token: fake +bootstrap_cloudflare: + enabled: true + domain: fake + token: take + acme: + email: fake@example.com + production: false + tunnel: + account_id: fake + id: fake + secret: fake + ingress_vip: 10.10.10.252 + ingress_vip: 10.10.10.251 + gateway_vip: 10.10.10.253 diff --git a/.github/workflows/devcontainer.yaml b/.github/workflows/devcontainer.yaml new file mode 100644 index 000000000..9582cfa34 --- /dev/null +++ b/.github/workflows/devcontainer.yaml @@ -0,0 +1,58 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: "devcontainer" + +on: + workflow_dispatch: + push: + branches: ["main"] + paths: [".devcontainer/ci/**"] + pull_request: + branches: ["main"] + paths: [".devcontainer/ci/**"] + schedule: + - cron: "0 0 * * *" + +concurrency: + group: ${{ github.workflow }}-${{ github.event.number || github.ref }} + cancel-in-progress: true + +jobs: + devcontainer: + if: ${{ github.repository == 'onedr0p/cluster-template' }} + name: publish + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + platforms: linux/amd64 #,linux/arm64 + + - if: ${{ github.event_name != 'pull_request' }} + name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push + uses: devcontainers/ci@v0.3 + env: + BUILDX_NO_DEFAULT_ATTESTATIONS: true + with: + imageName: ghcr.io/${{ github.repository }}/devcontainer + # cacheFrom: ghcr.io/${{ github.repository }}/devcontainer + imageTag: base,latest + platform: linux/amd64 #,linux/arm64 + configFile: .devcontainer/ci/devcontainer.json + push: ${{ github.event_name == 'pull_request' && 'never' || 'always' }} diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml new file mode 100644 index 000000000..58b53e92b --- /dev/null +++ b/.github/workflows/e2e.yaml @@ -0,0 +1,91 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: "e2e" + +on: + workflow_dispatch: + pull_request: + branches: ["main"] + +concurrency: + group: ${{ github.workflow }}-${{ github.event.number || github.ref }} + cancel-in-progress: true + +jobs: + configure: + if: ${{ github.repository == 'onedr0p/cluster-template' }} + name: configure + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + config-files: + - talos + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Homebrew + id: setup-homebrew + uses: Homebrew/actions/setup-homebrew@master + + - name: Setup Python + uses: actions/setup-python@v5 + id: setup-python + with: + python-version: "3.11" # minimum supported version + + - name: Cache homebrew packages + if: ${{ github.event_name == 'pull_request' }} + uses: actions/cache@v4 + id: cache-homebrew-packages + with: + key: homebrew-${{ runner.os }}-${{ steps.setup-homebrew.outputs.gems-hash }}-${{ hashFiles('.taskfiles/Workstation/Brewfile') }} + path: /home/linuxbrew/.linuxbrew + + - name: Cache venv + if: ${{ github.event_name == 'pull_request' }} + uses: actions/cache@v4 + with: + key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('requirements.txt', 'requirements.yaml') }} + path: .venv + + - name: Setup Workflow Tools + if: ${{ github.event_name == 'pull_request' && steps.cache-homebrew-packages.outputs.cache-hit != 'true' }} + shell: bash + run: brew install go-task + + - name: Run Workstation Brew tasks + if: ${{ github.event_name == 'pull_request' && steps.cache-homebrew-packages.outputs.cache-hit != 'true' }} + shell: bash + run: task workstation:brew + + - name: Run Workstation venv tasks + shell: bash + run: task workstation:venv + + - name: Run Workstation direnv tasks + shell: bash + run: task workstation:direnv + + - name: Run Sops Age key task + shell: bash + run: task sops:age-keygen + + - name: Run init tasks + shell: bash + run: | + task init + cp ./.github/tests/config-${{ matrix.config-files }}.yaml ./config.yaml + export BOOTSTRAP_AGE_PUBLIC_KEY=$(sed -n 's/# public key: //gp' age.key) + envsubst < ./config.yaml | sponge ./config.yaml + + - name: Run configure task + shell: bash + run: task configure --yes + + - name: Run repo clean and reset tasks + shell: bash + run: | + task repository:clean + task repository:reset --yes diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml new file mode 100644 index 000000000..7548800f3 --- /dev/null +++ b/.github/workflows/flux-diff.yaml @@ -0,0 +1,68 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: "Flux Diff" + +on: + pull_request: + branches: ["main"] + paths: ["kubernetes/**"] + +concurrency: + group: ${{ github.workflow }}-${{ github.event.number || github.ref }} + cancel-in-progress: true + +jobs: + flux-diff: + name: Flux Diff + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + strategy: + matrix: + paths: ["kubernetes"] + resources: ["helmrelease", "kustomization"] + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + path: pull + + - name: Checkout Default Branch + uses: actions/checkout@v4 + with: + ref: "${{ github.event.repository.default_branch }}" + path: default + + - name: Diff Resources + uses: docker://ghcr.io/allenporter/flux-local:main + with: + args: >- + diff ${{ matrix.resources }} + --unified 6 + --path /github/workspace/pull/${{ matrix.paths }}/flux + --path-orig /github/workspace/default/${{ matrix.paths }}/flux + --strip-attrs "helm.sh/chart,checksum/config,app.kubernetes.io/version,chart" + --limit-bytes 10000 + --all-namespaces + --sources "home-kubernetes" + --output-file diff.patch + + - name: Generate Diff + id: diff + run: | + cat diff.patch + echo "diff<> $GITHUB_OUTPUT + cat diff.patch >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + - if: ${{ steps.diff.outputs.diff != '' }} + name: Add comment + uses: mshick/add-pr-comment@v2 + with: + message-id: "${{ github.event.pull_request.number }}/${{ matrix.paths }}/${{ matrix.resources }}" + message-failure: Diff was not successful + message: | + ```diff + ${{ steps.diff.outputs.diff }} + ``` diff --git a/.github/workflows/kubeconform.yaml b/.github/workflows/kubeconform.yaml new file mode 100644 index 000000000..58a63cc17 --- /dev/null +++ b/.github/workflows/kubeconform.yaml @@ -0,0 +1,29 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: "Kubeconform" + +on: + pull_request: + branches: ["main"] + paths: ["kubernetes/**"] + +env: + KUBERNETES_DIR: ./kubernetes + +jobs: + kubeconform: + name: Kubeconform + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Homebrew + uses: Homebrew/actions/setup-homebrew@master + + - name: Setup Workflow Tools + run: brew install fluxcd/tap/flux kubeconform kustomize + + - name: Run kubeconform + shell: bash + run: bash ./scripts/kubeconform.sh ${{ env.KUBERNETES_DIR }} diff --git a/.github/workflows/label-sync.yaml b/.github/workflows/label-sync.yaml new file mode 100644 index 000000000..90804e0af --- /dev/null +++ b/.github/workflows/label-sync.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: "Label Sync" + +on: + workflow_dispatch: + push: + branches: ["main"] + paths: [".github/labels.yaml"] + +jobs: + label-sync: + name: Label Sync + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Sync Labels + uses: EndBug/label-sync@v2 + with: + config-file: .github/labels.yaml + delete-other-labels: true diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml new file mode 100644 index 000000000..d658c1d96 --- /dev/null +++ b/.github/workflows/labeler.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: "Labeler" + +on: + workflow_dispatch: + pull_request_target: + branches: ["main"] + +jobs: + labeler: + name: Labeler + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + steps: + - name: Labeler + uses: actions/labeler@v5 + with: + configuration-path: .github/labeler.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b11059102..ff8eabe44 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,16 +1,44 @@ --- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: "Release" on: workflow_dispatch: schedule: - - cron: "0 0 * * 0" + - cron: "0 0 1 * *" jobs: release: + if: ${{ github.repository == 'onedr0p/cluster-template' }} + name: Release runs-on: ubuntu-latest steps: - - name: Publish Latest Release - uses: ivangabriele/publish-latest-release@df1a4afd8aea9d1f0ba5ebeb89452aeac7bca0a9 # renovate: tag=v3 + - name: Checkout + uses: actions/checkout@v4 + + - name: Create Release + shell: bash env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + run: | + # Retrieve previous release tag + previous_tag="$(gh release list --limit 1 | awk '{ print $1 }')" + previous_major="${previous_tag%%\.*}" + previous_minor="${previous_tag#*.}" + previous_minor="${previous_minor%.*}" + previous_patch="${previous_tag##*.}" + # Determine next release tag + next_major_minor="$(date +'%Y').$(date +'%-m')" + if [[ "${previous_major}.${previous_minor}" == "${next_major_minor}" ]]; then + echo "Month release already exists for year, incrementing patch number by 1" + next_patch="$((previous_patch + 1))" + else + echo "Month release does not exist for year, setting patch number to 0" + next_patch="0" + fi + # Create release + release_tag="${next_major_minor}.${next_patch}" + gh release create "${release_tag}" \ + --repo="${GITHUB_REPOSITORY}" \ + --title="${release_tag}" \ + --generate-notes diff --git a/.gitignore b/.gitignore index dbfdbbace..4f71d416f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,20 +1,26 @@ # Trash .DS_Store Thumbs.db -pv-migrate.log # k8s -kubeconfig* -# vscode-sops +kubeconfig +talosconfig .decrypted~*.yaml .config.env *.agekey *.pub *.key +# Private +.private +.bin # Ansible -xanmanning.k3s* -# Terraform -.terraform -.terraform.tfstate* -terraform.tfstate* -test -test.yml +.venv* +# Taskfile +.task +# Brew +Brewfile.lock.json +# intellij +.idea +# wiki +wiki +# Bootstrap +/config.yaml diff --git a/.sops.yaml b/.sops.yaml index 3b73b2c34..d1164eb3f 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,15 +1,12 @@ --- creation_rules: - - path_regex: kubernetes/.*\.sops\.ya?ml - encrypted_regex: "^(data|stringData)$" - key_groups: - - age: - - age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w - - path_regex: ansible/.*\.sops\.ya?ml + - # IMPORTANT: This rule MUST be above the others + path_regex: talos/.*\.sops\.ya?ml key_groups: - age: - - age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w - - path_regex: terraform/.*\.sops\.ya?ml + - "age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w" + - path_regex: kubernetes/.*\.sops\.ya?ml + encrypted_regex: "^(data|stringData)$" key_groups: - age: - - age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + - "age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w" diff --git a/.taskfiles/Flux/Taskfile.yaml b/.taskfiles/Flux/Taskfile.yaml new file mode 100644 index 000000000..0dce3c53b --- /dev/null +++ b/.taskfiles/Flux/Taskfile.yaml @@ -0,0 +1,70 @@ +--- +# yaml-language-server: $schema=https://taskfile.dev/schema.json +version: "3" + +vars: + CLUSTER_SECRET_SOPS_FILE: "{{.KUBERNETES_DIR}}/flux/vars/cluster-secrets.sops.yaml" + CLUSTER_SETTINGS_FILE: "{{.KUBERNETES_DIR}}/flux/vars/cluster-settings.yaml" + GITHUB_DEPLOY_KEY_FILE: "{{.KUBERNETES_DIR}}/bootstrap/flux/github-deploy-key.sops.yaml" + +tasks: + + bootstrap: + desc: Bootstrap Flux into a Kubernetes cluster + cmds: + - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --kustomize {{.KUBERNETES_DIR}}/bootstrap/flux + - cat {{.AGE_FILE}} | kubectl -n flux-system create secret generic sops-age --from-file=age.agekey=/dev/stdin + - sops --decrypt {{.CLUSTER_SECRET_SOPS_FILE}} | kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename - + - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename {{.CLUSTER_SETTINGS_FILE}} + - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --kustomize {{.KUBERNETES_DIR}}/flux/config + preconditions: + - msg: Missing kubeconfig + sh: test -f {{.KUBECONFIG_FILE}} + - msg: Missing Sops Age key file + sh: test -f {{.AGE_FILE}} + + apply: + desc: Apply a Flux Kustomization resource for a cluster + summary: | + Args: + path: Path under apps containing the Flux Kustomization resource (ks.yaml) (required) + ns: Namespace the Flux Kustomization exists in (default: flux-system) + cmd: | + flux --kubeconfig {{.KUBECONFIG_FILE}} build ks $(basename {{.path}}) \ + --namespace {{.ns}} \ + --kustomization-file {{.KUBERNETES_DIR}}/apps/{{.path}}/ks.yaml \ + --path {{.KUBERNETES_DIR}}/apps/{{.path}} \ + {{- if contains "not found" .ks }}--dry-run \{{ end }} + | \ + kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side \ + --field-manager=kustomize-controller -f - + requires: + vars: ["path"] + vars: + ns: '{{.ns | default "flux-system"}}' + ks: + sh: flux --kubeconfig {{.KUBECONFIG_FILE}} --namespace {{.ns}} get kustomizations $(basename {{.path}}) 2>&1 + preconditions: + - msg: Missing kubeconfig + sh: test -f {{.KUBECONFIG_FILE}} + - msg: Missing Flux Kustomization for app {{.path}} + sh: test -f {{.KUBERNETES_DIR}}/apps/{{.path}}/ks.yaml + + reconcile: + desc: Force update Flux to pull in changes from your Git repository + cmd: flux --kubeconfig {{.KUBECONFIG_FILE}} reconcile --namespace flux-system kustomization cluster --with-source + preconditions: + - msg: Missing kubeconfig + sh: test -f {{.KUBECONFIG_FILE}} + + github-deploy-key: + cmds: + - kubectl create namespace flux-system --dry-run=client -o yaml | kubectl --kubeconfig {{.KUBECONFIG_FILE}} apply --filename - + - sops --decrypt {{.GITHUB_DEPLOY_KEY_FILE}} | kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename - + preconditions: + - msg: Missing kubeconfig + sh: test -f {{.KUBECONFIG_FILE}} + - msg: Missing Sops Age key file + sh: test -f {{.AGE_FILE}} + - msg: Missing Github deploy key file + sh: test -f {{.GITHUB_DEPLOY_KEY_FILE}} diff --git a/.taskfiles/Kubernetes/Taskfile.yaml b/.taskfiles/Kubernetes/Taskfile.yaml new file mode 100644 index 000000000..872746e69 --- /dev/null +++ b/.taskfiles/Kubernetes/Taskfile.yaml @@ -0,0 +1,36 @@ +--- +# yaml-language-server: $schema=https://taskfile.dev/schema.json +version: "3" + +vars: + KUBECONFORM_SCRIPT: "{{.SCRIPTS_DIR}}/kubeconform.sh" + +tasks: + + resources: + desc: Gather common resources in your cluster, useful when asking for support + cmds: + - for: { var: resource } + cmd: kubectl get {{.ITEM}} {{.CLI_ARGS | default "-A"}} + vars: + resource: >- + nodes + gitrepositories + kustomizations + helmrepositories + helmreleases + certificates + certificaterequests + ingresses + pods + + kubeconform: + desc: Validate Kubernetes manifests with kubeconform + cmd: bash {{.KUBECONFORM_SCRIPT}} {{.KUBERNETES_DIR}} + preconditions: + - msg: Missing kubeconform script + sh: test -f {{.KUBECONFORM_SCRIPT}} + + .reset: + internal: true + cmd: rm -rf {{.KUBERNETES_DIR}} diff --git a/.taskfiles/Repository/Taskfile.yaml b/.taskfiles/Repository/Taskfile.yaml new file mode 100644 index 000000000..9e6bae366 --- /dev/null +++ b/.taskfiles/Repository/Taskfile.yaml @@ -0,0 +1,43 @@ +--- +# yaml-language-server: $schema=https://taskfile.dev/schema.json +version: "3" + +tasks: + + clean: + desc: Clean files and directories no longer needed after cluster bootstrap + cmds: + - mkdir -p {{.PRIVATE_DIR}} + # Clean up CI + - rm -rf {{.ROOT_DIR}}/.github/tests + - rm -rf {{.ROOT_DIR}}/.github/workflows/e2e.yaml + # Clean up devcontainer + - rm -rf {{.ROOT_DIR}}/.devcontainer/ci + - rm -rf {{.ROOT_DIR}}/.github/workflows/devcontainer.yaml + # Move bootstrap directory to gitignored directory + - mv {{.BOOTSTRAP_DIR}} {{.PRIVATE_DIR}}/bootstrap-{{now | date "150405"}} + - mv {{.MAKEJINJA_CONFIG_FILE}} {{.PRIVATE_DIR}}/makejinja-{{now | date "150405"}}.toml + # Update renovate.json5 + - sed -i {{if eq OS "darwin"}}''{{end}} 's/(..\.j2)\?//g' {{.ROOT_DIR}}/.github/renovate.json5 + preconditions: + - msg: Missing bootstrap directory + sh: test -d {{.BOOTSTRAP_DIR}} + - msg: Missing Renovate config file + sh: test -f {{.ROOT_DIR}}/.github/renovate.json5 + + reset: + desc: Reset templated configuration files + prompt: Reset templated configuration files... continue? + cmds: + - task: :kubernetes:.reset + - task: :sops:.reset + - task: :talos:.reset + + force-reset: + desc: Reset repo back to HEAD + prompt: Reset repo back to HEAD... continue? + cmds: + - task: reset + - git reset --hard HEAD + - git clean -f -d + - git pull origin main diff --git a/.taskfiles/Sops/Taskfile.yaml b/.taskfiles/Sops/Taskfile.yaml new file mode 100644 index 000000000..7880a0056 --- /dev/null +++ b/.taskfiles/Sops/Taskfile.yaml @@ -0,0 +1,36 @@ +--- +# yaml-language-server: $schema=https://taskfile.dev/schema.json +version: "3" + +tasks: + + age-keygen: + desc: Initialize Age Key for Sops + cmd: age-keygen --output {{.AGE_FILE}} + status: ["test -f {{.AGE_FILE}}"] + + encrypt: + desc: Encrypt all Kubernetes SOPS secrets + cmds: + - for: { var: file } + task: .encrypt-file + vars: + file: "{{.ITEM}}" + vars: + file: + sh: find "{{.KUBERNETES_DIR}}" -type f -name "*.sops.*" -exec grep -L "ENC\[AES256_GCM" {} \; + + .encrypt-file: + internal: true + cmd: sops --encrypt --in-place {{.file}} + requires: + vars: ["file"] + preconditions: + - msg: Missing Sops config file + sh: test -f {{.SOPS_CONFIG_FILE}} + - msg: Missing Sops Age key file + sh: test -f {{.AGE_FILE}} + + .reset: + internal: true + cmd: rm -rf {{.SOPS_CONFIG_FILE}} diff --git a/.taskfiles/Talos/Taskfile.yaml b/.taskfiles/Talos/Taskfile.yaml new file mode 100644 index 000000000..b39cca563 --- /dev/null +++ b/.taskfiles/Talos/Taskfile.yaml @@ -0,0 +1,95 @@ +--- +# yaml-language-server: $schema=https://taskfile.dev/schema.json +version: "3" + +vars: + TALHELPER_CLUSTER_DIR: "{{.KUBERNETES_DIR}}/bootstrap/talos/clusterconfig" + TALHELPER_SECRET_FILE: "{{.KUBERNETES_DIR}}/bootstrap/talos/talsecret.sops.yaml" + TALHELPER_CONFIG_FILE: "{{.KUBERNETES_DIR}}/bootstrap/talos/talconfig.yaml" + HELMFILE_FILE: "{{.KUBERNETES_DIR}}/bootstrap/helmfile.yaml" + TALOSCONFIG_FILE: "{{.TALHELPER_CLUSTER_DIR}}/talosconfig" + +env: + TALOSCONFIG: "{{.TALOSCONFIG_FILE}}" + +tasks: + + bootstrap: + desc: Bootstrap the Talos cluster + cmds: + - | + if [ ! -f "{{.TALHELPER_SECRET_FILE}}" ]; then + talhelper gensecret > {{.TALHELPER_SECRET_FILE}} + sops --encrypt --in-place {{.TALHELPER_SECRET_FILE}} + fi + - talhelper genconfig --config-file {{.TALHELPER_CONFIG_FILE}} --secret-file {{.TALHELPER_SECRET_FILE}} --out-dir {{.TALHELPER_CLUSTER_DIR}} + - talhelper gencommand apply --config-file {{.TALHELPER_CONFIG_FILE}} --out-dir {{.TALHELPER_CLUSTER_DIR}} --extra-flags="--insecure" | bash + - until talhelper gencommand bootstrap --config-file {{.TALHELPER_CONFIG_FILE}} --out-dir {{.TALHELPER_CLUSTER_DIR}} | bash; do sleep 10; done + - task: fetch-kubeconfig + - task: install-helm-apps + - talosctl health --server=false + preconditions: + - msg: Missing talhelper config file + sh: test -f {{.TALHELPER_CONFIG_FILE}} + - msg: Missing Sops config file + sh: test -f {{.SOPS_CONFIG_FILE}} + - msg: Missing Sops Age key file + sh: test -f {{.AGE_FILE}} + + fetch-kubeconfig: + desc: Fetch kubeconfig + cmd: until talhelper gencommand kubeconfig --config-file {{.TALHELPER_CONFIG_FILE}} --out-dir {{.TALHELPER_CLUSTER_DIR}} --extra-flags="{{.ROOT_DIR}} --force" | bash; do sleep 10; done + preconditions: + - msg: Missing talhelper config file + sh: test -f {{.TALHELPER_CONFIG_FILE}} + + install-helm-apps: + desc: Bootstrap core apps needed for Talos + cmds: + - until kubectl --kubeconfig {{.KUBECONFIG_FILE}} wait --for=condition=Ready=False nodes --all --timeout=600s; do sleep 10; done + - helmfile --kubeconfig {{.KUBECONFIG_FILE}} --file {{.HELMFILE_FILE}} apply --skip-diff-on-install --suppress-diff + - until kubectl --kubeconfig {{.KUBECONFIG_FILE}} wait --for=condition=Ready nodes --all --timeout=600s; do sleep 10; done + preconditions: + - msg: Missing kubeconfig + sh: test -f {{.KUBECONFIG_FILE}} + - msg: Missing helmfile + sh: test -f {{.HELMFILE_FILE}} + + upgrade: + desc: Upgrade Talos on a node + cmds: + - talosctl --nodes {{.node}} upgrade --image {{.image}} --wait=true --timeout=10m --preserve=true --reboot-mode={{.mode}} + - talosctl --nodes {{.node}} health --wait-timeout=10m --server=false + vars: + mode: '{{.mode | default "default"}}' + requires: + vars: ["node", "image"] + preconditions: + - msg: Missing talosconfig + sh: test -f {{.TALOSCONFIG_FILE}} + - msg: Unable to retrieve Talos config + sh: talosctl config info >/dev/null 2>&1 + - msg: Node not found + sh: talosctl --nodes {{.node}} get machineconfig >/dev/null 2>&1 + + upgrade-k8s: + desc: Upgrade Kubernetes across the cluster + cmd: talosctl --nodes {{.controller}} upgrade-k8s --to {{.to}} + requires: + vars: ["controller", "to"] + preconditions: + - msg: Missing talosconfig + sh: test -f {{.TALOSCONFIG_FILE}} + - msg: Unable to retrieve Talos config + sh: talosctl config info >/dev/null 2>&1 + - msg: Node not found + sh: talosctl --nodes {{.controller}} get machineconfig >/dev/null 2>&1 + + nuke: + desc: Resets nodes back to maintenance mode + prompt: This will destroy your cluster and reset the nodes back to maintenance mode... continue? + cmd: talhelper gencommand reset --config-file {{.TALHELPER_CONFIG_FILE}} --out-dir {{.TALHELPER_CLUSTER_DIR}} --extra-flags="--reboot {{- if eq .CLI_FORCE false }} --system-labels-to-wipe STATE --system-labels-to-wipe EPHEMERAL{{ end }} --graceful=false --wait=false" | bash + + .reset: + internal: true + cmd: rm -rf {{.TALHELPER_CLUSTER_DIR}} {{.TALHELPER_SECRET_FILE}} {{.TALHELPER_CONFIG_FILE}} diff --git a/.taskfiles/Workstation/Archfile b/.taskfiles/Workstation/Archfile new file mode 100644 index 000000000..b1ad3160c --- /dev/null +++ b/.taskfiles/Workstation/Archfile @@ -0,0 +1,17 @@ +age +cloudflared-bin +direnv +flux-bin +go-task +go-yq +helm +helmfile +jq +kubeconform +kubectl-bin +kustomize +moreutils +sops +stern-bin +talhelper-bin +talosctl diff --git a/.taskfiles/Workstation/Brewfile b/.taskfiles/Workstation/Brewfile new file mode 100644 index 000000000..59688345b --- /dev/null +++ b/.taskfiles/Workstation/Brewfile @@ -0,0 +1,20 @@ +tap "fluxcd/tap" +tap "go-task/tap" +tap "siderolabs/tap" +brew "age" +brew "cloudflared" +brew "direnv" +brew "fluxcd/tap/flux" +brew "go-task/tap/go-task" +brew "helm" +brew "helmfile" +brew "jq" +brew "kubeconform" +brew "kubernetes-cli" +brew "kustomize" +brew "moreutils" +brew "sops" +brew "stern" +brew "talhelper" +brew "talosctl" +brew "yq" diff --git a/.taskfiles/Workstation/Taskfile.yaml b/.taskfiles/Workstation/Taskfile.yaml new file mode 100644 index 000000000..09f309f6c --- /dev/null +++ b/.taskfiles/Workstation/Taskfile.yaml @@ -0,0 +1,71 @@ +--- +# yaml-language-server: $schema=https://taskfile.dev/schema.json +version: "3" + +vars: + ARCHFILE: "{{.ROOT_DIR}}/.taskfiles/Workstation/Archfile" + BREWFILE: "{{.ROOT_DIR}}/.taskfiles/Workstation/Brewfile" + GENERIC_BIN_DIR: "{{.ROOT_DIR}}/.bin" + +tasks: + + direnv: + desc: Run direnv hooks + cmd: direnv allow . + status: + - "[[ $(direnv status --json | jq '.state.foundRC.allowed') == 0 ]]" + - "[[ $(direnv status --json | jq '.state.loadedRC.allowed') == 0 ]]" + + venv: + desc: Set up virtual environment + cmds: + - "{{.PYTHON_BIN}} -m venv {{.VIRTUAL_ENV}}" + - '{{.VIRTUAL_ENV}}/bin/python3 -m pip install --upgrade pip setuptools wheel' + - '{{.VIRTUAL_ENV}}/bin/python3 -m pip install --upgrade --requirement "{{.PIP_REQUIREMENTS_FILE}}"' + sources: + - "{{.PIP_REQUIREMENTS_FILE}}" + generates: + - "{{.VIRTUAL_ENV}}/pyvenv.cfg" + preconditions: + - { msg: "Missing Pip requirements file", sh: "test -f {{.PIP_REQUIREMENTS_FILE}}" } + + brew: + desc: Install workstation dependencies with Brew + cmd: brew bundle --file {{.BREWFILE}} + preconditions: + - { msg: "Missing Homebrew", sh: "command -v brew" } + - { msg: "Missing Brewfile", sh: "test -f {{.BREWFILE}}" } + + arch: + desc: Install Arch workstation dependencies with Paru Or Yay + cmd: "{{.helper}} -Syu --needed --noconfirm --noprogressbar $(cat {{.ARCHFILE}} | xargs)" + vars: + helper: + sh: "command -v yay || command -v paru" + preconditions: + - { msg: "Missing Archfile", sh: "test -f {{.ARCHFILE}}" } + + generic-linux: + desc: Install CLI tools into the projects .bin directory using curl + dir: "{{.GENERIC_BIN_DIR}}" + platforms: ["linux/amd64", "linux/arm64"] + cmds: + - for: + - budimanjojo/talhelper?as=talhelper&type=script + - cloudflare/cloudflared?as=cloudflared&type=script + - FiloSottile/age?as=age&type=script + - fluxcd/flux2?as=flux&type=script + - getsops/sops?as=sops&type=script + - helmfile/helmfile?as=helmfile&type=script + - jqlang/jq?as=jq&type=script + - kubernetes-sigs/kustomize?as=kustomize&type=script + - siderolabs/talos?as=talosctl&type=script + - yannh/kubeconform?as=kubeconform&type=script + - mikefarah/yq?as=yq&type=script + cmd: curl -fsSL "https://i.jpillora.com/{{.ITEM}}" | bash + - cmd: curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + platforms: ["linux/amd64"] + - cmd: curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/arm64/kubectl" + platforms: ["linux/arm64"] + - cmd: chmod +x kubectl + - cmd: curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | USE_SUDO="false" HELM_INSTALL_DIR="." bash diff --git a/.vscode/extensions.json b/.vscode/extensions.json index fc5e1a3d6..f4312e64e 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -3,12 +3,12 @@ "albert.TabOut", "britesnow.vscode-toggle-quotes", "fcrespo82.markdown-table-formatter", + "mikestead.dotenv", "mitchdenny.ecdc", - "redhat.ansible", "signageos.signageos-vscode-sops", "will-stone.in-any-case", "EditorConfig.editorconfig", - "HashiCorp.terraform", "PKief.material-icon-theme", + "Gruntfuggly.todo-tree" ] } diff --git a/.vscode/settings.json b/.vscode/settings.json index 3e4cc7fa7..579ebc393 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,21 +1,16 @@ { "files.associations": { "*.json5": "jsonc", - "**/ansible/**/*.yml": "ansible", - "**/ansible/**/*.sops.yml": "yaml", - "**/ansible/**/inventory/**/*.yml": "yaml", - "**/terraform/**/*.tf": "terraform", - "**/kubernetes/**/*.sops.toml": "plaintext" + "./kubernetes/**/*.sops.toml": "plaintext" }, + "sops.defaults.ageKeyFile": "age.key", "yaml.schemas": { - "ansible": "ansible/*.yml", - "Kubernetes": "kubernetes/*.yaml" + "Kubernetes": "./kubernetes/*.yaml" }, - "editor.bracketPairColorization.enabled": true, - "editor.guides.bracketPairs": true, - "editor.guides.bracketPairsHorizontal": true, - "editor.guides.highlightActiveBracketPair": true, - "editor.hover.delay": 1500, - "files.trimTrailingWhitespace": true, - "ansible.python.interpreterPath": "/opt/homebrew/bin/python3", + "vs-kubernetes": { + "vs-kubernetes.kubeconfig": "./kubeconfig", + "vs-kubernetes.knownKubeconfigs": [ + "./kubeconfig" + ] + } } diff --git a/LICENSE b/LICENSE index 38d60cac8..ab784eded 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2023 onedr0p +Copyright (c) 2024 onedr0p Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md new file mode 100644 index 000000000..852d986dc --- /dev/null +++ b/README.md @@ -0,0 +1,412 @@ +# ⛵ Cluster Template + +Welcome to my opinionated and extensible template for deploying a single Kubernetes cluster. The goal of this project is to make it easier for people interested in using Kubernetes to deploy a cluster at home on bare-metal or VMs. + +At a high level this project makes use of [makejinja](https://github.com/mirkolenz/makejinja) to read in a [configuration file](./config.sample.yaml) which renders out templates that will allow you to install and manage your Kubernetes cluster with. + +## ✨ Features + +The features included will depend on the type of configuration you want to use. There are currently **2 different types** of **configurations** available with this template. + +1. **"Flux cluster"** - a Kubernetes cluster deployed on-top of [Talos Linux](https://github.com/siderolabs/talos) with an opinionated implementation of [Flux](https://github.com/fluxcd/flux2) using [GitHub](https://github.com/) as the Git provider and [sops](https://github.com/getsops/sops) to manage secrets. + + - **Required:** Some knowledge of [Containers](https://opencontainers.org/), [YAML](https://yaml.org/), and [Git](https://git-scm.com/). + - **Components:** [flux](https://github.com/fluxcd/flux2), [Cilium](https://github.com/cilium/cilium),[cert-manager](https://github.com/cert-manager/cert-manager), [spegel](https://github.com/spegel-org/spegel), [reloader](https://github.com/stakater/Reloader), and [openebs](https://github.com/openebs/openebs). + +2. **"Flux cluster with Cloudflare"** - An addition to "**Flux cluster**" that provides DNS and SSL with [Cloudflare](https://www.cloudflare.com/). [Cloudflare Tunnel](https://www.cloudflare.com/products/tunnel/) is also included to provide external access to certain applications deployed in your cluster. + + - **Required:** A Cloudflare account with a domain managed in your Cloudflare account. + - **Components:** [ingress-nginx](https://github.com/kubernetes/ingress-nginx/), [external-dns](https://github.com/kubernetes-sigs/external-dns) and [cloudflared](https://github.com/cloudflare/cloudflared). + +**Other features include:** + +- A [Renovate](https://www.mend.io/renovate)-ready repository with pull request diffs provided by [flux-local](https://github.com/allenporter/flux-local) +- Integrated [GitHub Actions](https://github.com/features/actions) with helpful workflows. + +## 💻 Machine Preparation + +### System requirements + +> [!NOTE] +> 1. The included behaviour of Talos is that all nodes are able to run workloads, **including** the controller nodes. **Worker nodes** are therefore **optional**. +> 2. Do you have 3 or more nodes? It is highly recommended to make 3 of them controller nodes for a highly available control plane. +> 3. Running the cluster on Proxmox VE? My thoughts and recommendations about that are documented [here](https://onedr0p.github.io/home-ops/notes/proxmox-considerations.html). + +| Role | Cores | Memory | System Disk | +|---------|----------|---------------|---------------------------| +| Control | 4 _(6*)_ | 8GB _(24GB*)_ | 120GB _(500GB*)_ SSD/NVMe | +| Worker | 4 _(6*)_ | 8GB _(24GB*)_ | 120GB _(500GB*)_ SSD/NVMe | +| _\* recommended_ | + +1. Head over to and follow the instructions which will eventually lead you to download a Talos Linux iso file (or for SBCs the `.raw.xz`). Make sure to note the schematic ID you will need this later on. + +2. Flash the iso or raw file to a USB drive and boot to Talos on your nodes with it. + +3. Continue on to 🚀 [**Getting Started**](#-getting-started) + +## 🚀 Getting Started + +Once you have installed Talos on your nodes, there are six stages to getting a Flux-managed cluster up and runnning. + +> [!NOTE] +> For all stages below the commands **MUST** be ran on your personal workstation within your repository directory + +### 🎉 Stage 1: Create a Git repository + +1. Create a new **public** repository by clicking the big green "Use this template" button at the top of this page. + +2. Clone **your new repo** to you local workstation and `cd` into it. + +3. Continue on to 🌱 [**Stage 2**](#-stage-2-setup-your-local-workstation-environment) + +### 🌱 Stage 2: Setup your local workstation + +You have two different options for setting up your local workstation. + +- First option is using a `devcontainer` which requires you to have Docker and VSCode installed. This method is the fastest to get going because all the required CLI tools are provided for you in my [devcontainer](https://github.com/onedr0p/cluster-template/pkgs/container/cluster-template%2Fdevcontainer) image. +- The second option is setting up the CLI tools directly on your workstation. + +#### Devcontainer method + +1. Start Docker and open your repository in VSCode. There will be a pop-up asking you to use the `devcontainer`, click the button to start using it. + +2. Continue on to 🔧 [**Stage 3**](#-stage-3-bootstrap-configuration) + +#### Non-devcontainer method + +1. Install the most recent version of [task](https://taskfile.dev/), see the [installation docs](https://taskfile.dev/installation/) for other supported platforms. + + ```sh + # Homebrew + brew install go-task + # or, Arch + pacman -S --noconfirm go-task && ln -sf /usr/bin/go-task /usr/local/bin/task + ``` + +2. Install the most recent version of [direnv](https://direnv.net/), see the [installation docs](https://direnv.net/docs/installation.html) for other supported platforms. + + ```sh + # Homebrew + brew install direnv + # or, Arch + pacman -S --noconfirm direnv + ``` + +3. [Hook `direnv` into your preferred shell](https://direnv.net/docs/hook.html), then run: + + ```sh + task workstation:direnv + ``` + + 📍 _**Verify** that `direnv` is setup properly by opening a new terminal and `cd`ing into your repository. You should see something like:_ + + ```sh + cd /path/to/repo + direnv: loading /path/to/repo/.envrc + direnv: export +ANSIBLE_COLLECTIONS_PATH ... +VIRTUAL_ENV ~PATH + ``` + +4. Install the additional **required** CLI tools + + 📍 _**Not using Homebrew or ArchLinux?** Try using the generic Linux task below, if that fails check out the [Brewfile](.taskfiles/Workstation/Brewfile)/[Archfile](.taskfiles/Workstation/Archfile) for what CLI tools needed and install them._ + + ```sh + # Homebrew + task workstation:brew + # or, Arch with yay/paru + task workstation:arch + # or, Generic Linux (YMMV, this pulls binaires in to ./bin) + task workstation:generic-linux + ``` + +5. Setup a Python virual environment by running the following task command. + + 📍 _This commands requires Python 3.11+ to be installed._ + + ```sh + task workstation:venv + ``` + +6. Continue on to 🔧 [**Stage 3**](#-stage-3-bootstrap-configuration) + +### 🔧 Stage 3: Bootstrap configuration + +> [!NOTE] +> The [config.sample.yaml](./config.sample.yaml) file contains config that is **vital** to the bootstrap process. + +1. Generate the `config.yaml` from the [config.sample.yaml](./config.sample.yaml) configuration file. + + ```sh + task init + ``` + +2. Fill out the `config.yaml` configuration file using the comments in that file as a guide. + +3. Run the following command which will generate all the files needed to continue. + + ```sh + task configure + ``` + +4. Push you changes to git + + 📍 _**Verify** all the `./kubernetes/**/*.sops.*` files are **encrypted** with SOPS_ + + ```sh + git add -A + git commit -m "Initial commit :rocket:" + git push + ``` + +### ⛵ Stage 4: Install Kubernetes + +1. Deploy your cluster and bootstrap it. This generates secrets, generates the config files for your nodes and applies them. It bootstraps the cluster afterwards, fetches the kubeconfig file and installs Cilium and kubelet-csr-approver. It finishes with some health checks. + + ```sh + task talos:bootstrap + ``` + +2. ⚠️ It might take a while for the cluster to be setup (10+ minutes is normal), during which time you will see a variety of error messages like: "couldn't get current server API group list," "error: no matching resources found", etc. This is a normal. If this step gets interrupted, e.g. by pressing Ctrl + C, you likely will need to [nuke the cluster](#-Nuke) before trying again. + +#### Cluster validation + +1. The `kubeconfig` for interacting with your cluster should have been created in the root of your repository. + +2. Verify the nodes are online + + 📍 _If this command **fails** you likely haven't configured `direnv` as [mentioned previously](#non-devcontainer-method) in the guide._ + + ```sh + kubectl get nodes -o wide + # NAME STATUS ROLES AGE VERSION + # k8s-0 Ready control-plane,etcd,master 1h v1.30.1 + # k8s-1 Ready worker 1h v1.30.1 + ``` + +3. Continue on to 🔹 [**Stage 6**](#-stage-6-install-flux-in-your-cluster) + +### 🔹 Stage 6: Install Flux in your cluster + +1. Verify Flux can be installed + + ```sh + flux check --pre + # ► checking prerequisites + # ✔ kubectl 1.30.1 >=1.18.0-0 + # ✔ Kubernetes 1.30.1 >=1.16.0-0 + # ✔ prerequisites checks passed + ``` + +2. Install Flux and sync the cluster to the Git repository + + 📍 _Run `task flux:github-deploy-key` first if using a private repository._ + + ```sh + task flux:bootstrap + # namespace/flux-system configured + # customresourcedefinition.apiextensions.k8s.io/alerts.notification.toolkit.fluxcd.io created + # ... + ``` + +1. Verify Flux components are running in the cluster + + ```sh + kubectl -n flux-system get pods -o wide + # NAME READY STATUS RESTARTS AGE + # helm-controller-5bbd94c75-89sb4 1/1 Running 0 1h + # kustomize-controller-7b67b6b77d-nqc67 1/1 Running 0 1h + # notification-controller-7c46575844-k4bvr 1/1 Running 0 1h + # source-controller-7d6875bcb4-zqw9f 1/1 Running 0 1h + ``` + +### 🎤 Verification Steps + +_Mic check, 1, 2_ - In a few moments applications should be lighting up like Christmas in July 🎄 + +1. Output all the common resources in your cluster. + + 📍 _Feel free to use the provided [kubernetes tasks](.taskfiles/Kubernetes/Taskfile.yaml) for validation of cluster resources or continue to get familiar with the `kubectl` and `flux` CLI tools._ + + ```sh + task kubernetes:resources + ``` + +2. ⚠️ It might take `cert-manager` awhile to generate certificates, this is normal so be patient. + +3. 🏆 **Congratulations** if all goes smooth you will have a Kubernetes cluster managed by Flux and your Git repository is driving the state of your cluster. + +4. 🧠 Now it's time to pause and go get some motel motor oil ☕ and admire you made it this far! + +## 📣 Flux w/ Cloudflare post installation + +#### 🌐 Public DNS + +The `external-dns` application created in the `networking` namespace will handle creating public DNS records. By default, `echo-server` and the `flux-webhook` are the only subdomains reachable from the public internet. In order to make additional applications public you must set set the correct ingress class name and ingress annotations like in the HelmRelease for `echo-server`. + +#### 🏠 Home DNS + +`k8s_gateway` will provide DNS resolution to external Kubernetes resources (i.e. points of entry to the cluster) from any device that uses your home DNS server. For this to work, your home DNS server must be configured to forward DNS queries for `${bootstrap_cloudflare.domain}` to `${bootstrap_cloudflare.gateway_vip}` instead of the upstream DNS server(s) it normally uses. This is a form of **split DNS** (aka split-horizon DNS / conditional forwarding). + +> [!TIP] +> Below is how to configure a Pi-hole for split DNS. Other platforms should be similar. +> 1. Apply this file on the Pihole server while substituting the variables +> ```sh +> # /etc/dnsmasq.d/99-k8s-gateway-forward.conf +> server=/${bootstrap_cloudflare.domain}/${bootstrap_cloudflare.gateway_vip} +> ``` +> 2. Restart dnsmasq on the server. +> 3. Query an internal-only subdomain from your workstation (any `internal` class ingresses): `dig @${home-dns-server-ip} echo-server-internal.${bootstrap_cloudflare.domain}`. It should resolve to `${bootstrap_cloudflare.ingress_vip}`. + +If you're having trouble with DNS be sure to check out these two GitHub discussions: [Internal DNS](https://github.com/onedr0p/cluster-template/discussions/719) and [Pod DNS resolution broken](https://github.com/onedr0p/cluster-template/discussions/635). + +... Nothing working? That is expected, this is DNS after all! + +#### 📜 Certificates + +By default this template will deploy a wildcard certificate using the Let's Encrypt **staging environment**, which prevents you from getting rate-limited by the Let's Encrypt production servers if your cluster doesn't deploy properly (for example due to a misconfiguration). Once you are sure you will keep the cluster up for more than a few hours be sure to switch to the production servers as outlined in `config.yaml`. + +📍 _You will need a production certificate to reach internet-exposed applications through `cloudflared`._ + +#### 🪝 Github Webhook + +By default Flux will periodically check your git repository for changes. In order to have Flux reconcile on `git push` you must configure Github to send `push` events to Flux. + +> [!NOTE] +> This will only work after you have switched over certificates to the Let's Encrypt Production servers. + +1. Obtain the webhook path + + 📍 _Hook id and path should look like `/hook/12ebd1e363c641dc3c2e430ecf3cee2b3c7a5ac9e1234506f6f5f3ce1230e123`_ + + ```sh + kubectl -n flux-system get receiver github-receiver -o jsonpath='{.status.webhookPath}' + ``` + +2. Piece together the full URL with the webhook path appended + + ```text + https://flux-webhook.${bootstrap_cloudflare.domain}/hook/12ebd1e363c641dc3c2e430ecf3cee2b3c7a5ac9e1234506f6f5f3ce1230e123 + ``` + +3. Navigate to the settings of your repository on Github, under "Settings/Webhooks" press the "Add webhook" button. Fill in the webhook url and your `bootstrap_github_webhook_token` secret and save. + +## 💥 Nuke + +There might be a situation where you want to destroy your Kubernetes cluster. The following command will reset your nodes back to maintenance mode, append `--force` to completely format your the Talos installation. Either way the nodes should reboot after the command has run. + +```sh +task talos:nuke +``` + +## 🤖 Renovate + +[Renovate](https://www.mend.io/renovate) is a tool that automates dependency management. It is designed to scan your repository around the clock and open PRs for out-of-date dependencies it finds. Common dependencies it can discover are Helm charts, container images, GitHub Actions, Ansible roles... even Flux itself! Merging a PR will cause Flux to apply the update to your cluster. + +To enable Renovate, click the 'Configure' button over at their [Github app page](https://github.com/apps/renovate) and select your repository. Renovate creates a "Dependency Dashboard" as an issue in your repository, giving an overview of the status of all updates. The dashboard has interactive checkboxes that let you do things like advance scheduling or reattempt update PRs you closed without merging. + +The base Renovate configuration in your repository can be viewed at [.github/renovate.json5](./.github/renovate.json5). By default it is scheduled to be active with PRs every weekend, but you can [change the schedule to anything you want](https://docs.renovatebot.com/presets-schedule), or remove it if you want Renovate to open PRs right away. + +## 🐛 Debugging + +Below is a general guide on trying to debug an issue with an resource or application. For example, if a workload/resource is not showing up or a pod has started but in a `CrashLoopBackOff` or `Pending` state. + +1. Start by checking all Flux Kustomizations & Git Repository & OCI Repository and verify they are healthy. + + ```sh + flux get sources oci -A + flux get sources git -A + flux get ks -A + ``` + +2. Then check all the Flux Helm Releases and verify they are healthy. + + ```sh + flux get hr -A + ``` + +3. Then check the if the pod is present. + + ```sh + kubectl -n get pods -o wide + ``` + +4. Then check the logs of the pod if its there. + + ```sh + kubectl -n logs -f + # or + stern -n + ``` + +5. If a resource exists try to describe it to see what problems it might have. + + ```sh + kubectl -n describe + ``` + +6. Check the namespace events + + ```sh + kubectl -n get events --sort-by='.metadata.creationTimestamp' + ``` + +Resolving problems that you have could take some tweaking of your YAML manifests in order to get things working, other times it could be a external factor like permissions on NFS. If you are unable to figure out your problem see the help section below. + +## ⬆️ Upgrading Talos and Kubernetes + +### Manual + +```sh +# Upgrade Talos to a newer version +# NOTE: This needs to be run once on every node +task talos:upgrade node=? image=? +# e.g. +# task talos:upgrade node=192.168.42.10 image=factory.talos.dev/installer/${schematic_id}:v1.7.4 +``` + +```sh +# Upgrade Kubernetes to a newer version +# NOTE: This only needs to be run once against a controller node +task talos:upgrade-k8s controller=? to=? +# e.g. +# task talos:upgrade-k8s controller=192.168.42.10 to=1.30.1 +``` + +## 👉 Help + +- Make a post in this repository's Github [Discussions](https://github.com/onedr0p/cluster-template/discussions). +- Start a thread in the `#support` or `#cluster-template` channels in the [Home Operations](https://discord.gg/home-operations) Discord server. + +## ❔ What's next + +The cluster is your oyster (or something like that). Below are some optional considerations you might want to review. + +### Ship it + +To browse or get ideas on applications people are running, community member [@whazor](https://github.com/whazor) created [Kubesearch](https://kubesearch.dev) as a creative way to search Flux HelmReleases across Github and Gitlab. + +### Storage + +The included CSI (openebs in local-hostpath mode) is a great start for storage but soon you might find you need more features like replicated block storage, or to connect to a NFS/SMB/iSCSI server. If you need any of those features be sure to check out the projects like [rook-ceph](https://github.com/rook/rook), [longhorn](https://github.com/longhorn/longhorn), [openebs](https://github.com/openebs/openebs), [democratic-csi](https://github.com/democratic-csi/democratic-csi), [csi-driver-nfs](https://github.com/kubernetes-csi/csi-driver-nfs), +and [synology-csi](https://github.com/SynologyOpenSource/synology-csi). + +## 🙌 Related Projects + +If this repo is too hot to handle or too cold to hold check out these following projects. + +- [khuedoan/homelab](https://github.com/khuedoan/homelab) - _Modern self-hosting framework, fully automated from empty disk to operating services with a single command._ +- [danmanners/aws-argo-cluster-template](https://github.com/danmanners/aws-argo-cluster-template) - _A community opinionated template for deploying Kubernetes clusters on-prem and in AWS using Pulumi, SOPS, Sealed Secrets, GitHub Actions, Renovate, Cilium and more!_ +- [ricsanfre/pi-cluster](https://github.com/ricsanfre/pi-cluster) - _Pi Kubernetes Cluster. Homelab kubernetes cluster automated with Ansible and ArgoCD_ +- [techno-tim/k3s-ansible](https://github.com/techno-tim/k3s-ansible) - _The easiest way to bootstrap a self-hosted High Availability Kubernetes cluster. A fully automated HA k3s etcd install with kube-vip, MetalLB, and more_ + +## ⭐ Stargazers + +
+ +[![Star History Chart](https://api.star-history.com/svg?repos=onedr0p/cluster-template&type=Date)](https://star-history.com/#onedr0p/cluster-template&Date) + +
+ +## 🤝 Thanks + +Big shout out to all the contributors, sponsors and everyone else who has helped on this project. diff --git a/Taskfile.yaml b/Taskfile.yaml new file mode 100644 index 000000000..c812b9db0 --- /dev/null +++ b/Taskfile.yaml @@ -0,0 +1,92 @@ +--- +# yaml-language-server: $schema=https://taskfile.dev/schema.json +version: "3" + +vars: + # Directories + BOOTSTRAP_DIR: "{{.ROOT_DIR}}/bootstrap" + KUBERNETES_DIR: "{{.ROOT_DIR}}/kubernetes" + PRIVATE_DIR: "{{.ROOT_DIR}}/.private" + SCRIPTS_DIR: "{{.ROOT_DIR}}/scripts" + # Files + AGE_FILE: "{{.ROOT_DIR}}/age.key" + BOOTSTRAP_CONFIG_FILE: "{{.ROOT_DIR}}/config.yaml" + KUBECONFIG_FILE: "{{.ROOT_DIR}}/kubeconfig" + MAKEJINJA_CONFIG_FILE: "{{.ROOT_DIR}}/makejinja.toml" + PIP_REQUIREMENTS_FILE: "{{.ROOT_DIR}}/requirements.txt" + SOPS_CONFIG_FILE: "{{.ROOT_DIR}}/.sops.yaml" + # Binaries + PYTHON_BIN: python3 + +env: + KUBECONFIG: "{{.KUBECONFIG_FILE}}" + PYTHONDONTWRITEBYTECODE: "1" + SOPS_AGE_KEY_FILE: "{{.AGE_FILE}}" + VIRTUAL_ENV: "{{.ROOT_DIR}}/.venv" + +includes: + kubernetes: .taskfiles/Kubernetes + flux: .taskfiles/Flux + repository: .taskfiles/Repository + talos: .taskfiles/Talos + sops: .taskfiles/Sops + workstation: .taskfiles/Workstation + user: + taskfile: .taskfiles/User + optional: true + +tasks: + + default: task --list + + init: + desc: Initialize configuration files + cmds: + - cp -n {{.BOOTSTRAP_CONFIG_FILE | replace ".yaml" ".sample.yaml"}} {{.BOOTSTRAP_CONFIG_FILE}} + - cmd: echo === Configuration file copied === + - cmd: echo Proceed with updating the configuration files... + - cmd: echo {{.BOOTSTRAP_CONFIG_FILE}} + status: + - test -f {{.BOOTSTRAP_CONFIG_FILE}} + silent: true + + configure: + desc: Configure repository from bootstrap vars + prompt: Any conflicting config in the kubernetes directory will be overwritten... continue? + deps: ["workstation:direnv", "workstation:venv", "sops:age-keygen", "init"] + cmds: + - task: .template + - task: sops:encrypt + - task: .validate + + .template: + internal: true + cmd: "{{.VIRTUAL_ENV}}/bin/makejinja" + preconditions: + - msg: Missing virtual environment + sh: test -d {{.VIRTUAL_ENV}} + - msg: Missing Makejinja config file + sh: test -f {{.MAKEJINJA_CONFIG_FILE}} + - msg: Missing Makejinja plugin file + sh: test -f {{.BOOTSTRAP_DIR}}/scripts/plugin.py + - msg: Missing bootstrap config file + sh: test -f {{.BOOTSTRAP_CONFIG_FILE}} + + .validate: + internal: true + cmds: + - task: kubernetes:kubeconform + - cmd: echo === Done rendering and validating YAML === + - cmd: | + if [[ $KUBECONFIG != "{{.KUBECONFIG_FILE}}" ]]; then + echo WARNING: KUBECONFIG is not set to the expected value, this may cause conflicts. + fi + - cmd: | + if [[ $SOPS_AGE_KEY_FILE != "{{.AGE_FILE}}" ]]; then + echo WARNING: SOPS_AGE_KEY_FILE is not set to the expected value, this may cause conflicts. + fi + - cmd: | + if test -f ~/.config/sops/age/keys.txt; then + echo WARNING: SOPS Age key found in home directory, this may cause conflicts. + fi + silent: true diff --git a/archive/pre_talos/.editorconfig b/archive/pre_talos/.editorconfig new file mode 100644 index 000000000..547304ee3 --- /dev/null +++ b/archive/pre_talos/.editorconfig @@ -0,0 +1,18 @@ +# editorconfig.org +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true + +[Makefile] +indent_style = space +indent_size = 4 + +[*.{bash,sh}] +indent_style = space +indent_size = 4 diff --git a/archive/pre_talos/.envrc b/archive/pre_talos/.envrc new file mode 100644 index 000000000..76c51a414 --- /dev/null +++ b/archive/pre_talos/.envrc @@ -0,0 +1,6 @@ +#shellcheck disable=SC2148,SC2155 +export KUBECONFIG=$(expand_path ./kubeconfig) +export ANSIBLE_CONFIG=$(expand_path ./ansible.cfg) +export ANSIBLE_HOST_KEY_CHECKING="False" +export K8S_AUTH_KUBECONFIG=$(expand_path ./kubeconfig) +export SOPS_AGE_KEY_FILE=$(expand_path ~/.config/sops/age/keys.txt) diff --git a/archive/pre_talos/.gitattributes b/archive/pre_talos/.gitattributes new file mode 100644 index 000000000..07392c5ca --- /dev/null +++ b/archive/pre_talos/.gitattributes @@ -0,0 +1,5 @@ +* text=auto eol=lf +*.yml.j2 linguist-language=YAML +*.yaml.j2 linguist-language=YAML +*.sops.* diff=sopsdiffer +*.sops.toml linguist-language=JSON diff --git a/archive/pre_talos/.github/labeler.yaml b/archive/pre_talos/.github/labeler.yaml new file mode 100644 index 000000000..acf21e746 --- /dev/null +++ b/archive/pre_talos/.github/labeler.yaml @@ -0,0 +1,16 @@ +--- +area/ansible: + - changed-files: + - any-glob-to-any-file: "ansible/**/*" +area/github: + - changed-files: + - any-glob-to-any-file: ".github/**/*" +area/kubernetes: + - changed-files: + - any-glob-to-any-file: "kubernetes/**/*" +area/terraform: + - changed-files: + - any-glob-to-any-file: "terraform/**/*" +area/templates: + - changed-files: + - any-glob-to-any-file: "tmpl/**/*" diff --git a/archive/pre_talos/.github/labels.yaml b/archive/pre_talos/.github/labels.yaml new file mode 100644 index 000000000..def5eb19d --- /dev/null +++ b/archive/pre_talos/.github/labels.yaml @@ -0,0 +1,59 @@ +--- +# Area +- name: area/ansible + color: "72ccf3" + description: >- + Changes made in the ansible directory +- name: area/github + color: "72ccf3" + description: >- + Changes made in the github directory +- name: area/kubernetes + color: "72ccf3" + description: >- + Changes made in the kubernetes directory +- name: area/template + color: "72ccf3" + description: >- + Changes made in the tmpl directory +- name: area/terraform + color: "72ccf3" + description: >- + Changes made in the terraform directory +# Renovate +- name: renovate/ansible + color: "ffc300" +- name: renovate/container + color: "ffc300" +- name: renovate/github-action + color: "ffc300" +- name: renovate/github-release + color: "ffc300" +- name: renovate/helm + color: "ffc300" +- name: renovate/terraform + color: "ffc300" +# Semantic Type +- name: type/patch + color: "FFEC19" +- name: type/minor + color: "FF9800" +- name: type/major + color: "F6412D" +- name: type/break + color: "F6412D" +# Uncategorized +- name: bug + color: "ee0701" +- name: do-not-merge + color: "ee0701" +- name: docs + color: "F4D1B7" +- name: enhancement + color: "84b6eb" +- name: broken-links + color: "7B55D7" +- name: question + color: "cc317c" +- name: community + color: "0e8a16" diff --git a/.github/release-drafter.yaml b/archive/pre_talos/.github/release-drafter.yaml similarity index 100% rename from .github/release-drafter.yaml rename to archive/pre_talos/.github/release-drafter.yaml diff --git a/archive/pre_talos/.github/renovate.json5 b/archive/pre_talos/.github/renovate.json5 new file mode 100644 index 000000000..625f1cbbb --- /dev/null +++ b/archive/pre_talos/.github/renovate.json5 @@ -0,0 +1,73 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base", + "docker:enableMajor", + ":disableRateLimiting", + ":dependencyDashboard", + ":semanticCommits", + ":enablePreCommit", + ":automergeDigest", + ":automergePr", + ":automergeMinor", + ":automergeLinters", + ":automergeRequireAllStatusChecks", + // "github>tuxpeople/k8s-homelab//.github/renovate/autoMerge.json5", + "github>tuxpeople/k8s-homelab//.github/renovate/commitMessage.json5", + "github>tuxpeople/k8s-homelab//.github/renovate/groups.json5", + "github>tuxpeople/k8s-homelab//.github/renovate/labels.json5", + "github>tuxpeople/k8s-homelab//.github/renovate/semanticCommits.json5", + "helpers:pinGitHubActionDigests", + "github>bjw-s/home-ops//.github/renovate/grafanaDashboards.json5" + ], + "dependencyDashboard": true, + "dependencyDashboardTitle": "Renovate Dashboard 🤖", + "suppressNotifications": ["prIgnoreNotification"], + "rebaseWhen": "conflicted", + "schedule": ["every weekend"], + "pre-commit": { + "enabled": true + }, + "flux": { + "fileMatch": ["kubernetes/.+\\.ya?ml$"] + }, + "helm-values": { + "fileMatch": ["kubernetes/.+\\.ya?ml$"] + }, + "kubernetes": { + "fileMatch": [ + "ansible/.+\\.ya?ml(\\.j2)?$", + "kubernetes/.+\\.ya?ml$" + ] + }, + "regexManagers": [ + { + "description": "Process various other dependencies", + "fileMatch": [ + "ansible/.+\\.ya?ml(\\.j2)?$", + "kubernetes/.+\\.ya?ml$" + ], + "matchStrings": [ + "datasource=(?\\S+) depName=(?\\S+)( registryUrl=(?\\S+))?\n.*?\"(?.*)\"\n" + ], + "datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}" + }, + { + "description": "Process k3s and similiar dependencies", + "fileMatch": [ + "ansible/.+\\.ya?ml(\\.j2)?$", + "kubernetes/.+\\.ya?ml$" + ], + "matchStrings": [ + "datasource=(?\\S+) depName=(?\\S+)( registryUrl=(?\\S+))?\n *version: (?.*)\n" + ], + "datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}" + } + ], + "packageRules": [ + { + "packagePatterns": ["^ghcr.io\\/linuxserver\\/"], + "versionScheme": "regex:^(?v?\\d+)\\.(?\\d+)\\.(?\\d+)*$" + } + ] +} diff --git a/.github/renovate/autoMerge.json5 b/archive/pre_talos/.github/renovate/autoMerge.json5 similarity index 100% rename from .github/renovate/autoMerge.json5 rename to archive/pre_talos/.github/renovate/autoMerge.json5 diff --git a/.github/renovate/commitMessage.json5 b/archive/pre_talos/.github/renovate/commitMessage.json5 similarity index 100% rename from .github/renovate/commitMessage.json5 rename to archive/pre_talos/.github/renovate/commitMessage.json5 diff --git a/.github/renovate/groups.json5 b/archive/pre_talos/.github/renovate/groups.json5 similarity index 100% rename from .github/renovate/groups.json5 rename to archive/pre_talos/.github/renovate/groups.json5 diff --git a/.github/renovate/labels.json5 b/archive/pre_talos/.github/renovate/labels.json5 similarity index 100% rename from .github/renovate/labels.json5 rename to archive/pre_talos/.github/renovate/labels.json5 diff --git a/.github/renovate/semanticCommits.json5 b/archive/pre_talos/.github/renovate/semanticCommits.json5 similarity index 100% rename from .github/renovate/semanticCommits.json5 rename to archive/pre_talos/.github/renovate/semanticCommits.json5 diff --git a/.github/workflows/auto-assign-issues.yaml b/archive/pre_talos/.github/workflows/auto-assign-issues.yaml similarity index 100% rename from .github/workflows/auto-assign-issues.yaml rename to archive/pre_talos/.github/workflows/auto-assign-issues.yaml diff --git a/.github/workflows/flux-tests.yaml b/archive/pre_talos/.github/workflows/flux-tests.yaml similarity index 100% rename from .github/workflows/flux-tests.yaml rename to archive/pre_talos/.github/workflows/flux-tests.yaml diff --git a/.github/workflows/link-check.yaml b/archive/pre_talos/.github/workflows/link-check.yaml similarity index 100% rename from .github/workflows/link-check.yaml rename to archive/pre_talos/.github/workflows/link-check.yaml diff --git a/.github/workflows/meta-labeler.yaml b/archive/pre_talos/.github/workflows/meta-labeler.yaml similarity index 100% rename from .github/workflows/meta-labeler.yaml rename to archive/pre_talos/.github/workflows/meta-labeler.yaml diff --git a/.github/workflows/meta-sync-labels.yaml b/archive/pre_talos/.github/workflows/meta-sync-labels.yaml similarity index 100% rename from .github/workflows/meta-sync-labels.yaml rename to archive/pre_talos/.github/workflows/meta-sync-labels.yaml diff --git a/.github/workflows/release-drafter.yaml b/archive/pre_talos/.github/workflows/release-drafter.yaml similarity index 100% rename from .github/workflows/release-drafter.yaml rename to archive/pre_talos/.github/workflows/release-drafter.yaml diff --git a/archive/pre_talos/.github/workflows/release.yaml b/archive/pre_talos/.github/workflows/release.yaml new file mode 100644 index 000000000..b11059102 --- /dev/null +++ b/archive/pre_talos/.github/workflows/release.yaml @@ -0,0 +1,16 @@ +--- +name: "Release" + +on: + workflow_dispatch: + schedule: + - cron: "0 0 * * 0" + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Publish Latest Release + uses: ivangabriele/publish-latest-release@df1a4afd8aea9d1f0ba5ebeb89452aeac7bca0a9 # renovate: tag=v3 + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/archive/pre_talos/.gitignore b/archive/pre_talos/.gitignore new file mode 100644 index 000000000..dbfdbbace --- /dev/null +++ b/archive/pre_talos/.gitignore @@ -0,0 +1,20 @@ +# Trash +.DS_Store +Thumbs.db +pv-migrate.log +# k8s +kubeconfig* +# vscode-sops +.decrypted~*.yaml +.config.env +*.agekey +*.pub +*.key +# Ansible +xanmanning.k3s* +# Terraform +.terraform +.terraform.tfstate* +terraform.tfstate* +test +test.yml diff --git a/.lycheeignore b/archive/pre_talos/.lycheeignore similarity index 100% rename from .lycheeignore rename to archive/pre_talos/.lycheeignore diff --git a/.pre-commit-config.yaml b/archive/pre_talos/.pre-commit-config.yaml similarity index 100% rename from .pre-commit-config.yaml rename to archive/pre_talos/.pre-commit-config.yaml diff --git a/archive/pre_talos/.sops.yaml b/archive/pre_talos/.sops.yaml new file mode 100644 index 000000000..3b73b2c34 --- /dev/null +++ b/archive/pre_talos/.sops.yaml @@ -0,0 +1,15 @@ +--- +creation_rules: + - path_regex: kubernetes/.*\.sops\.ya?ml + encrypted_regex: "^(data|stringData)$" + key_groups: + - age: + - age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + - path_regex: ansible/.*\.sops\.ya?ml + key_groups: + - age: + - age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + - path_regex: terraform/.*\.sops\.ya?ml + key_groups: + - age: + - age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w diff --git a/.taskfiles/AnsibleTasks.yml b/archive/pre_talos/.taskfiles/AnsibleTasks.yml similarity index 100% rename from .taskfiles/AnsibleTasks.yml rename to archive/pre_talos/.taskfiles/AnsibleTasks.yml diff --git a/.taskfiles/ClusterTasks.yml b/archive/pre_talos/.taskfiles/ClusterTasks.yml similarity index 100% rename from .taskfiles/ClusterTasks.yml rename to archive/pre_talos/.taskfiles/ClusterTasks.yml diff --git a/.taskfiles/PrecommitTasks.yml b/archive/pre_talos/.taskfiles/PrecommitTasks.yml similarity index 100% rename from .taskfiles/PrecommitTasks.yml rename to archive/pre_talos/.taskfiles/PrecommitTasks.yml diff --git a/.taskfiles/TerraformTasks.yml b/archive/pre_talos/.taskfiles/TerraformTasks.yml similarity index 100% rename from .taskfiles/TerraformTasks.yml rename to archive/pre_talos/.taskfiles/TerraformTasks.yml diff --git a/archive/pre_talos/.vscode/extensions.json b/archive/pre_talos/.vscode/extensions.json new file mode 100644 index 000000000..fc5e1a3d6 --- /dev/null +++ b/archive/pre_talos/.vscode/extensions.json @@ -0,0 +1,14 @@ +{ + "recommendations": [ + "albert.TabOut", + "britesnow.vscode-toggle-quotes", + "fcrespo82.markdown-table-formatter", + "mitchdenny.ecdc", + "redhat.ansible", + "signageos.signageos-vscode-sops", + "will-stone.in-any-case", + "EditorConfig.editorconfig", + "HashiCorp.terraform", + "PKief.material-icon-theme", + ] +} diff --git a/archive/pre_talos/.vscode/settings.json b/archive/pre_talos/.vscode/settings.json new file mode 100644 index 000000000..3e4cc7fa7 --- /dev/null +++ b/archive/pre_talos/.vscode/settings.json @@ -0,0 +1,21 @@ +{ + "files.associations": { + "*.json5": "jsonc", + "**/ansible/**/*.yml": "ansible", + "**/ansible/**/*.sops.yml": "yaml", + "**/ansible/**/inventory/**/*.yml": "yaml", + "**/terraform/**/*.tf": "terraform", + "**/kubernetes/**/*.sops.toml": "plaintext" + }, + "yaml.schemas": { + "ansible": "ansible/*.yml", + "Kubernetes": "kubernetes/*.yaml" + }, + "editor.bracketPairColorization.enabled": true, + "editor.guides.bracketPairs": true, + "editor.guides.bracketPairsHorizontal": true, + "editor.guides.highlightActiveBracketPair": true, + "editor.hover.delay": 1500, + "files.trimTrailingWhitespace": true, + "ansible.python.interpreterPath": "/opt/homebrew/bin/python3", +} diff --git a/.yamllint.yaml b/archive/pre_talos/.yamllint.yaml similarity index 100% rename from .yamllint.yaml rename to archive/pre_talos/.yamllint.yaml diff --git a/archive/pre_talos/LICENSE b/archive/pre_talos/LICENSE new file mode 100644 index 000000000..38d60cac8 --- /dev/null +++ b/archive/pre_talos/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2023 onedr0p + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/Taskfile.yml b/archive/pre_talos/Taskfile.yml similarity index 100% rename from Taskfile.yml rename to archive/pre_talos/Taskfile.yml diff --git a/ansible.cfg b/archive/pre_talos/ansible.cfg similarity index 100% rename from ansible.cfg rename to archive/pre_talos/ansible.cfg diff --git a/ansible/test-cluster/inventory/group_vars/kubernetes/general.yml b/archive/pre_talos/ansible/test-cluster/inventory/group_vars/kubernetes/general.yml similarity index 100% rename from ansible/test-cluster/inventory/group_vars/kubernetes/general.yml rename to archive/pre_talos/ansible/test-cluster/inventory/group_vars/kubernetes/general.yml diff --git a/ansible/test-cluster/inventory/group_vars/kubernetes/k3s.yml b/archive/pre_talos/ansible/test-cluster/inventory/group_vars/kubernetes/k3s.yml similarity index 100% rename from ansible/test-cluster/inventory/group_vars/kubernetes/k3s.yml rename to archive/pre_talos/ansible/test-cluster/inventory/group_vars/kubernetes/k3s.yml diff --git a/ansible/test-cluster/inventory/group_vars/kubernetes/kube-vip.yml b/archive/pre_talos/ansible/test-cluster/inventory/group_vars/kubernetes/kube-vip.yml similarity index 100% rename from ansible/test-cluster/inventory/group_vars/kubernetes/kube-vip.yml rename to archive/pre_talos/ansible/test-cluster/inventory/group_vars/kubernetes/kube-vip.yml diff --git a/ansible/test-cluster/inventory/group_vars/kubernetes/nfs.yml b/archive/pre_talos/ansible/test-cluster/inventory/group_vars/kubernetes/nfs.yml similarity index 100% rename from ansible/test-cluster/inventory/group_vars/kubernetes/nfs.yml rename to archive/pre_talos/ansible/test-cluster/inventory/group_vars/kubernetes/nfs.yml diff --git a/ansible/test-cluster/inventory/group_vars/kubernetes/os.yml b/archive/pre_talos/ansible/test-cluster/inventory/group_vars/kubernetes/os.yml similarity index 100% rename from ansible/test-cluster/inventory/group_vars/kubernetes/os.yml rename to archive/pre_talos/ansible/test-cluster/inventory/group_vars/kubernetes/os.yml diff --git a/ansible/test-cluster/inventory/group_vars/kubernetes/supplemental.yml b/archive/pre_talos/ansible/test-cluster/inventory/group_vars/kubernetes/supplemental.yml similarity index 100% rename from ansible/test-cluster/inventory/group_vars/kubernetes/supplemental.yml rename to archive/pre_talos/ansible/test-cluster/inventory/group_vars/kubernetes/supplemental.yml diff --git a/ansible/test-cluster/inventory/group_vars/kubernetes/vault.sops.yml b/archive/pre_talos/ansible/test-cluster/inventory/group_vars/kubernetes/vault.sops.yml similarity index 100% rename from ansible/test-cluster/inventory/group_vars/kubernetes/vault.sops.yml rename to archive/pre_talos/ansible/test-cluster/inventory/group_vars/kubernetes/vault.sops.yml diff --git a/ansible/test-cluster/inventory/group_vars/master/k3s.yml b/archive/pre_talos/ansible/test-cluster/inventory/group_vars/master/k3s.yml similarity index 100% rename from ansible/test-cluster/inventory/group_vars/master/k3s.yml rename to archive/pre_talos/ansible/test-cluster/inventory/group_vars/master/k3s.yml diff --git a/ansible/test-cluster/inventory/group_vars/worker/k3s.yml b/archive/pre_talos/ansible/test-cluster/inventory/group_vars/worker/k3s.yml similarity index 100% rename from ansible/test-cluster/inventory/group_vars/worker/k3s.yml rename to archive/pre_talos/ansible/test-cluster/inventory/group_vars/worker/k3s.yml diff --git a/ansible/test-cluster/inventory/host_vars/.gitkeep b/archive/pre_talos/ansible/test-cluster/inventory/host_vars/.gitkeep similarity index 100% rename from ansible/test-cluster/inventory/host_vars/.gitkeep rename to archive/pre_talos/ansible/test-cluster/inventory/host_vars/.gitkeep diff --git a/ansible/test-cluster/inventory/hosts.yml b/archive/pre_talos/ansible/test-cluster/inventory/hosts.yml similarity index 100% rename from ansible/test-cluster/inventory/hosts.yml rename to archive/pre_talos/ansible/test-cluster/inventory/hosts.yml diff --git a/ansible/test-cluster/playbooks/cluster-installation.yml b/archive/pre_talos/ansible/test-cluster/playbooks/cluster-installation.yml similarity index 100% rename from ansible/test-cluster/playbooks/cluster-installation.yml rename to archive/pre_talos/ansible/test-cluster/playbooks/cluster-installation.yml diff --git a/ansible/test-cluster/playbooks/cluster-nuke.yml b/archive/pre_talos/ansible/test-cluster/playbooks/cluster-nuke.yml similarity index 100% rename from ansible/test-cluster/playbooks/cluster-nuke.yml rename to archive/pre_talos/ansible/test-cluster/playbooks/cluster-nuke.yml diff --git a/ansible/test-cluster/playbooks/cluster-prepare.yml b/archive/pre_talos/ansible/test-cluster/playbooks/cluster-prepare.yml similarity index 100% rename from ansible/test-cluster/playbooks/cluster-prepare.yml rename to archive/pre_talos/ansible/test-cluster/playbooks/cluster-prepare.yml diff --git a/ansible/test-cluster/playbooks/cluster-reboot.yml b/archive/pre_talos/ansible/test-cluster/playbooks/cluster-reboot.yml similarity index 100% rename from ansible/test-cluster/playbooks/cluster-reboot.yml rename to archive/pre_talos/ansible/test-cluster/playbooks/cluster-reboot.yml diff --git a/ansible/test-cluster/playbooks/filesystems.yml b/archive/pre_talos/ansible/test-cluster/playbooks/filesystems.yml similarity index 100% rename from ansible/test-cluster/playbooks/filesystems.yml rename to archive/pre_talos/ansible/test-cluster/playbooks/filesystems.yml diff --git a/ansible/test-cluster/playbooks/setup-nfs.yml b/archive/pre_talos/ansible/test-cluster/playbooks/setup-nfs.yml similarity index 100% rename from ansible/test-cluster/playbooks/setup-nfs.yml rename to archive/pre_talos/ansible/test-cluster/playbooks/setup-nfs.yml diff --git a/ansible/test-cluster/playbooks/templates/calico-installation.yaml.j2 b/archive/pre_talos/ansible/test-cluster/playbooks/templates/calico-installation.yaml.j2 similarity index 100% rename from ansible/test-cluster/playbooks/templates/calico-installation.yaml.j2 rename to archive/pre_talos/ansible/test-cluster/playbooks/templates/calico-installation.yaml.j2 diff --git a/ansible/test-cluster/playbooks/templates/custom-cilium-helmchart.yaml.j2 b/archive/pre_talos/ansible/test-cluster/playbooks/templates/custom-cilium-helmchart.yaml.j2 similarity index 100% rename from ansible/test-cluster/playbooks/templates/custom-cilium-helmchart.yaml.j2 rename to archive/pre_talos/ansible/test-cluster/playbooks/templates/custom-cilium-helmchart.yaml.j2 diff --git a/ansible/test-cluster/playbooks/templates/custom-kube-vip-ds.yaml.j2 b/archive/pre_talos/ansible/test-cluster/playbooks/templates/custom-kube-vip-ds.yaml.j2 similarity index 100% rename from ansible/test-cluster/playbooks/templates/custom-kube-vip-ds.yaml.j2 rename to archive/pre_talos/ansible/test-cluster/playbooks/templates/custom-kube-vip-ds.yaml.j2 diff --git a/ansible/test-cluster/playbooks/templates/custom-kube-vip-rbac.yaml.j2 b/archive/pre_talos/ansible/test-cluster/playbooks/templates/custom-kube-vip-rbac.yaml.j2 similarity index 100% rename from ansible/test-cluster/playbooks/templates/custom-kube-vip-rbac.yaml.j2 rename to archive/pre_talos/ansible/test-cluster/playbooks/templates/custom-kube-vip-rbac.yaml.j2 diff --git a/ansible/test-cluster/requirements.txt b/archive/pre_talos/ansible/test-cluster/requirements.txt similarity index 100% rename from ansible/test-cluster/requirements.txt rename to archive/pre_talos/ansible/test-cluster/requirements.txt diff --git a/ansible/test-cluster/requirements.yml b/archive/pre_talos/ansible/test-cluster/requirements.yml similarity index 100% rename from ansible/test-cluster/requirements.yml rename to archive/pre_talos/ansible/test-cluster/requirements.yml diff --git a/ansible/test-cluster/roles/raspberrypi/handlers/main.yml b/archive/pre_talos/ansible/test-cluster/roles/raspberrypi/handlers/main.yml similarity index 100% rename from ansible/test-cluster/roles/raspberrypi/handlers/main.yml rename to archive/pre_talos/ansible/test-cluster/roles/raspberrypi/handlers/main.yml diff --git a/ansible/test-cluster/roles/raspberrypi/tasks/main.yml b/archive/pre_talos/ansible/test-cluster/roles/raspberrypi/tasks/main.yml similarity index 100% rename from ansible/test-cluster/roles/raspberrypi/tasks/main.yml rename to archive/pre_talos/ansible/test-cluster/roles/raspberrypi/tasks/main.yml diff --git a/ansible/test-cluster/roles/raspberrypi/tasks/prereq/Archlinux.yml b/archive/pre_talos/ansible/test-cluster/roles/raspberrypi/tasks/prereq/Archlinux.yml similarity index 100% rename from ansible/test-cluster/roles/raspberrypi/tasks/prereq/Archlinux.yml rename to archive/pre_talos/ansible/test-cluster/roles/raspberrypi/tasks/prereq/Archlinux.yml diff --git a/ansible/test-cluster/roles/raspberrypi/tasks/prereq/CentOS.yml b/archive/pre_talos/ansible/test-cluster/roles/raspberrypi/tasks/prereq/CentOS.yml similarity index 100% rename from ansible/test-cluster/roles/raspberrypi/tasks/prereq/CentOS.yml rename to archive/pre_talos/ansible/test-cluster/roles/raspberrypi/tasks/prereq/CentOS.yml diff --git a/ansible/test-cluster/roles/raspberrypi/tasks/prereq/Debian.yml b/archive/pre_talos/ansible/test-cluster/roles/raspberrypi/tasks/prereq/Debian.yml similarity index 100% rename from ansible/test-cluster/roles/raspberrypi/tasks/prereq/Debian.yml rename to archive/pre_talos/ansible/test-cluster/roles/raspberrypi/tasks/prereq/Debian.yml diff --git a/ansible/test-cluster/roles/raspberrypi/tasks/prereq/Raspbian.yml b/archive/pre_talos/ansible/test-cluster/roles/raspberrypi/tasks/prereq/Raspbian.yml similarity index 100% rename from ansible/test-cluster/roles/raspberrypi/tasks/prereq/Raspbian.yml rename to archive/pre_talos/ansible/test-cluster/roles/raspberrypi/tasks/prereq/Raspbian.yml diff --git a/ansible/test-cluster/roles/raspberrypi/tasks/prereq/Ubuntu.yml b/archive/pre_talos/ansible/test-cluster/roles/raspberrypi/tasks/prereq/Ubuntu.yml similarity index 100% rename from ansible/test-cluster/roles/raspberrypi/tasks/prereq/Ubuntu.yml rename to archive/pre_talos/ansible/test-cluster/roles/raspberrypi/tasks/prereq/Ubuntu.yml diff --git a/ansible/test-cluster/roles/raspberrypi/tasks/prereq/default.yml b/archive/pre_talos/ansible/test-cluster/roles/raspberrypi/tasks/prereq/default.yml similarity index 100% rename from ansible/test-cluster/roles/raspberrypi/tasks/prereq/default.yml rename to archive/pre_talos/ansible/test-cluster/roles/raspberrypi/tasks/prereq/default.yml diff --git a/ansible/tpi/inventory/group_vars/kubernetes/general.yml b/archive/pre_talos/ansible/tpi/inventory/group_vars/kubernetes/general.yml similarity index 100% rename from ansible/tpi/inventory/group_vars/kubernetes/general.yml rename to archive/pre_talos/ansible/tpi/inventory/group_vars/kubernetes/general.yml diff --git a/ansible/tpi/inventory/group_vars/kubernetes/k3s.yml b/archive/pre_talos/ansible/tpi/inventory/group_vars/kubernetes/k3s.yml similarity index 100% rename from ansible/tpi/inventory/group_vars/kubernetes/k3s.yml rename to archive/pre_talos/ansible/tpi/inventory/group_vars/kubernetes/k3s.yml diff --git a/ansible/tpi/inventory/group_vars/kubernetes/kube-vip.yml b/archive/pre_talos/ansible/tpi/inventory/group_vars/kubernetes/kube-vip.yml similarity index 100% rename from ansible/tpi/inventory/group_vars/kubernetes/kube-vip.yml rename to archive/pre_talos/ansible/tpi/inventory/group_vars/kubernetes/kube-vip.yml diff --git a/ansible/tpi/inventory/group_vars/kubernetes/nfs.yml b/archive/pre_talos/ansible/tpi/inventory/group_vars/kubernetes/nfs.yml similarity index 100% rename from ansible/tpi/inventory/group_vars/kubernetes/nfs.yml rename to archive/pre_talos/ansible/tpi/inventory/group_vars/kubernetes/nfs.yml diff --git a/ansible/tpi/inventory/group_vars/kubernetes/os.yml b/archive/pre_talos/ansible/tpi/inventory/group_vars/kubernetes/os.yml similarity index 100% rename from ansible/tpi/inventory/group_vars/kubernetes/os.yml rename to archive/pre_talos/ansible/tpi/inventory/group_vars/kubernetes/os.yml diff --git a/ansible/tpi/inventory/group_vars/kubernetes/supplemental.yml b/archive/pre_talos/ansible/tpi/inventory/group_vars/kubernetes/supplemental.yml similarity index 100% rename from ansible/tpi/inventory/group_vars/kubernetes/supplemental.yml rename to archive/pre_talos/ansible/tpi/inventory/group_vars/kubernetes/supplemental.yml diff --git a/ansible/tpi/inventory/group_vars/kubernetes/vault.sops.yml b/archive/pre_talos/ansible/tpi/inventory/group_vars/kubernetes/vault.sops.yml similarity index 100% rename from ansible/tpi/inventory/group_vars/kubernetes/vault.sops.yml rename to archive/pre_talos/ansible/tpi/inventory/group_vars/kubernetes/vault.sops.yml diff --git a/ansible/tpi/inventory/group_vars/master/k3s.yml b/archive/pre_talos/ansible/tpi/inventory/group_vars/master/k3s.yml similarity index 100% rename from ansible/tpi/inventory/group_vars/master/k3s.yml rename to archive/pre_talos/ansible/tpi/inventory/group_vars/master/k3s.yml diff --git a/ansible/tpi/inventory/group_vars/worker/k3s.yml b/archive/pre_talos/ansible/tpi/inventory/group_vars/worker/k3s.yml similarity index 100% rename from ansible/tpi/inventory/group_vars/worker/k3s.yml rename to archive/pre_talos/ansible/tpi/inventory/group_vars/worker/k3s.yml diff --git a/ansible/tpi/inventory/host_vars/.gitkeep b/archive/pre_talos/ansible/tpi/inventory/host_vars/.gitkeep similarity index 100% rename from ansible/tpi/inventory/host_vars/.gitkeep rename to archive/pre_talos/ansible/tpi/inventory/host_vars/.gitkeep diff --git a/ansible/tpi/inventory/hosts.yml b/archive/pre_talos/ansible/tpi/inventory/hosts.yml similarity index 100% rename from ansible/tpi/inventory/hosts.yml rename to archive/pre_talos/ansible/tpi/inventory/hosts.yml diff --git a/ansible/tpi/playbooks/cluster-installation.yml b/archive/pre_talos/ansible/tpi/playbooks/cluster-installation.yml similarity index 100% rename from ansible/tpi/playbooks/cluster-installation.yml rename to archive/pre_talos/ansible/tpi/playbooks/cluster-installation.yml diff --git a/ansible/tpi/playbooks/cluster-nuke.yml b/archive/pre_talos/ansible/tpi/playbooks/cluster-nuke.yml similarity index 100% rename from ansible/tpi/playbooks/cluster-nuke.yml rename to archive/pre_talos/ansible/tpi/playbooks/cluster-nuke.yml diff --git a/ansible/tpi/playbooks/cluster-prepare.yml b/archive/pre_talos/ansible/tpi/playbooks/cluster-prepare.yml similarity index 100% rename from ansible/tpi/playbooks/cluster-prepare.yml rename to archive/pre_talos/ansible/tpi/playbooks/cluster-prepare.yml diff --git a/ansible/tpi/playbooks/cluster-reboot.yml b/archive/pre_talos/ansible/tpi/playbooks/cluster-reboot.yml similarity index 100% rename from ansible/tpi/playbooks/cluster-reboot.yml rename to archive/pre_talos/ansible/tpi/playbooks/cluster-reboot.yml diff --git a/ansible/tpi/playbooks/filesystems.yml b/archive/pre_talos/ansible/tpi/playbooks/filesystems.yml similarity index 100% rename from ansible/tpi/playbooks/filesystems.yml rename to archive/pre_talos/ansible/tpi/playbooks/filesystems.yml diff --git a/ansible/tpi/playbooks/setup-nfs.yml b/archive/pre_talos/ansible/tpi/playbooks/setup-nfs.yml similarity index 100% rename from ansible/tpi/playbooks/setup-nfs.yml rename to archive/pre_talos/ansible/tpi/playbooks/setup-nfs.yml diff --git a/ansible/tpi/playbooks/templates/calico-installation.yaml.j2 b/archive/pre_talos/ansible/tpi/playbooks/templates/calico-installation.yaml.j2 similarity index 100% rename from ansible/tpi/playbooks/templates/calico-installation.yaml.j2 rename to archive/pre_talos/ansible/tpi/playbooks/templates/calico-installation.yaml.j2 diff --git a/ansible/tpi/playbooks/templates/custom-cilium-helmchart.yaml.j2 b/archive/pre_talos/ansible/tpi/playbooks/templates/custom-cilium-helmchart.yaml.j2 similarity index 100% rename from ansible/tpi/playbooks/templates/custom-cilium-helmchart.yaml.j2 rename to archive/pre_talos/ansible/tpi/playbooks/templates/custom-cilium-helmchart.yaml.j2 diff --git a/ansible/tpi/playbooks/templates/custom-kube-vip-ds.yaml.j2 b/archive/pre_talos/ansible/tpi/playbooks/templates/custom-kube-vip-ds.yaml.j2 similarity index 100% rename from ansible/tpi/playbooks/templates/custom-kube-vip-ds.yaml.j2 rename to archive/pre_talos/ansible/tpi/playbooks/templates/custom-kube-vip-ds.yaml.j2 diff --git a/ansible/tpi/playbooks/templates/custom-kube-vip-rbac.yaml.j2 b/archive/pre_talos/ansible/tpi/playbooks/templates/custom-kube-vip-rbac.yaml.j2 similarity index 100% rename from ansible/tpi/playbooks/templates/custom-kube-vip-rbac.yaml.j2 rename to archive/pre_talos/ansible/tpi/playbooks/templates/custom-kube-vip-rbac.yaml.j2 diff --git a/ansible/tpi/requirements.txt b/archive/pre_talos/ansible/tpi/requirements.txt similarity index 100% rename from ansible/tpi/requirements.txt rename to archive/pre_talos/ansible/tpi/requirements.txt diff --git a/ansible/tpi/requirements.yml b/archive/pre_talos/ansible/tpi/requirements.yml similarity index 100% rename from ansible/tpi/requirements.yml rename to archive/pre_talos/ansible/tpi/requirements.yml diff --git a/ansible/tpi/roles/raspberrypi/handlers/main.yml b/archive/pre_talos/ansible/tpi/roles/raspberrypi/handlers/main.yml similarity index 100% rename from ansible/tpi/roles/raspberrypi/handlers/main.yml rename to archive/pre_talos/ansible/tpi/roles/raspberrypi/handlers/main.yml diff --git a/ansible/tpi/roles/raspberrypi/tasks/main.yml b/archive/pre_talos/ansible/tpi/roles/raspberrypi/tasks/main.yml similarity index 100% rename from ansible/tpi/roles/raspberrypi/tasks/main.yml rename to archive/pre_talos/ansible/tpi/roles/raspberrypi/tasks/main.yml diff --git a/ansible/tpi/roles/raspberrypi/tasks/prereq/Archlinux.yml b/archive/pre_talos/ansible/tpi/roles/raspberrypi/tasks/prereq/Archlinux.yml similarity index 100% rename from ansible/tpi/roles/raspberrypi/tasks/prereq/Archlinux.yml rename to archive/pre_talos/ansible/tpi/roles/raspberrypi/tasks/prereq/Archlinux.yml diff --git a/ansible/tpi/roles/raspberrypi/tasks/prereq/CentOS.yml b/archive/pre_talos/ansible/tpi/roles/raspberrypi/tasks/prereq/CentOS.yml similarity index 100% rename from ansible/tpi/roles/raspberrypi/tasks/prereq/CentOS.yml rename to archive/pre_talos/ansible/tpi/roles/raspberrypi/tasks/prereq/CentOS.yml diff --git a/ansible/tpi/roles/raspberrypi/tasks/prereq/Debian.yml b/archive/pre_talos/ansible/tpi/roles/raspberrypi/tasks/prereq/Debian.yml similarity index 100% rename from ansible/tpi/roles/raspberrypi/tasks/prereq/Debian.yml rename to archive/pre_talos/ansible/tpi/roles/raspberrypi/tasks/prereq/Debian.yml diff --git a/ansible/tpi/roles/raspberrypi/tasks/prereq/Raspbian.yml b/archive/pre_talos/ansible/tpi/roles/raspberrypi/tasks/prereq/Raspbian.yml similarity index 100% rename from ansible/tpi/roles/raspberrypi/tasks/prereq/Raspbian.yml rename to archive/pre_talos/ansible/tpi/roles/raspberrypi/tasks/prereq/Raspbian.yml diff --git a/ansible/tpi/roles/raspberrypi/tasks/prereq/Ubuntu.yml b/archive/pre_talos/ansible/tpi/roles/raspberrypi/tasks/prereq/Ubuntu.yml similarity index 100% rename from ansible/tpi/roles/raspberrypi/tasks/prereq/Ubuntu.yml rename to archive/pre_talos/ansible/tpi/roles/raspberrypi/tasks/prereq/Ubuntu.yml diff --git a/ansible/tpi/roles/raspberrypi/tasks/prereq/default.yml b/archive/pre_talos/ansible/tpi/roles/raspberrypi/tasks/prereq/default.yml similarity index 100% rename from ansible/tpi/roles/raspberrypi/tasks/prereq/default.yml rename to archive/pre_talos/ansible/tpi/roles/raspberrypi/tasks/prereq/default.yml diff --git a/bootstrap.sh b/archive/pre_talos/bootstrap.sh similarity index 100% rename from bootstrap.sh rename to archive/pre_talos/bootstrap.sh diff --git a/kubernetes/test-cluster/apps/cert-manager/cert-manager/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/cert-manager/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/cert-manager/cert-manager/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/cert-manager/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/cert-manager/cert-manager/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/cert-manager/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/cert-manager/cert-manager/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/cert-manager/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/cert-manager/cert-manager/app/prometheusrule.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/cert-manager/app/prometheusrule.yaml similarity index 100% rename from kubernetes/test-cluster/apps/cert-manager/cert-manager/app/prometheusrule.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/cert-manager/app/prometheusrule.yaml diff --git a/kubernetes/test-cluster/apps/cert-manager/cert-manager/issuers/issuers.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/cert-manager/issuers/issuers.yaml similarity index 100% rename from kubernetes/test-cluster/apps/cert-manager/cert-manager/issuers/issuers.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/cert-manager/issuers/issuers.yaml diff --git a/kubernetes/test-cluster/apps/cert-manager/cert-manager/issuers/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/cert-manager/issuers/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/cert-manager/cert-manager/issuers/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/cert-manager/issuers/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/cert-manager/cert-manager/issuers/secret.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/cert-manager/issuers/secret.sops.yaml similarity index 100% rename from kubernetes/test-cluster/apps/cert-manager/cert-manager/issuers/secret.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/cert-manager/issuers/secret.sops.yaml diff --git a/kubernetes/test-cluster/apps/cert-manager/cert-manager/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/cert-manager/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/cert-manager/cert-manager/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/cert-manager/ks.yaml diff --git a/kubernetes/test-cluster/apps/cert-manager/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/cert-manager/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/cert-manager/namespace.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/namespace.yaml similarity index 100% rename from kubernetes/test-cluster/apps/cert-manager/namespace.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/cert-manager/namespace.yaml diff --git a/kubernetes/test-cluster/apps/crossplane-system/crossplane/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/crossplane-system/crossplane/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/crossplane-system/crossplane/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/crossplane-system/crossplane/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/crossplane-system/crossplane/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/crossplane-system/crossplane/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/crossplane-system/crossplane/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/crossplane-system/crossplane/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/crossplane-system/crossplane/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/crossplane-system/crossplane/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/crossplane-system/crossplane/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/crossplane-system/crossplane/ks.yaml diff --git a/kubernetes/test-cluster/apps/crossplane-system/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/crossplane-system/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/crossplane-system/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/crossplane-system/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/crossplane-system/namespace.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/crossplane-system/namespace.yaml similarity index 100% rename from kubernetes/test-cluster/apps/crossplane-system/namespace.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/crossplane-system/namespace.yaml diff --git a/kubernetes/test-cluster/apps/database/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/database/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/database/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/database/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/database/mariadb/instance/backup.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/database/mariadb/instance/backup.yaml similarity index 100% rename from kubernetes/test-cluster/apps/database/mariadb/instance/backup.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/database/mariadb/instance/backup.yaml diff --git a/kubernetes/test-cluster/apps/database/mariadb/instance/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/database/mariadb/instance/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/database/mariadb/instance/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/database/mariadb/instance/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/database/mariadb/instance/mariadb.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/database/mariadb/instance/mariadb.yaml similarity index 100% rename from kubernetes/test-cluster/apps/database/mariadb/instance/mariadb.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/database/mariadb/instance/mariadb.yaml diff --git a/kubernetes/test-cluster/apps/database/mariadb/instance/secret.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/database/mariadb/instance/secret.sops.yaml similarity index 100% rename from kubernetes/test-cluster/apps/database/mariadb/instance/secret.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/database/mariadb/instance/secret.sops.yaml diff --git a/kubernetes/test-cluster/apps/database/mariadb/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/database/mariadb/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/database/mariadb/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/database/mariadb/ks.yaml diff --git a/kubernetes/test-cluster/apps/database/mariadb/operator/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/database/mariadb/operator/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/database/mariadb/operator/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/database/mariadb/operator/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/database/mariadb/operator/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/database/mariadb/operator/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/database/mariadb/operator/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/database/mariadb/operator/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/database/namespace.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/database/namespace.yaml similarity index 100% rename from kubernetes/test-cluster/apps/database/namespace.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/database/namespace.yaml diff --git a/kubernetes/test-cluster/apps/default/code-server/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/code-server/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/code-server/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/code-server/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/default/code-server/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/code-server/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/code-server/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/code-server/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/code-server/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/code-server/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/code-server/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/code-server/ks.yaml diff --git a/kubernetes/test-cluster/apps/default/dashy/app/config/conf.yml b/archive/pre_talos/kubernetes/test-cluster/apps/default/dashy/app/config/conf.yml similarity index 100% rename from kubernetes/test-cluster/apps/default/dashy/app/config/conf.yml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/dashy/app/config/conf.yml diff --git a/kubernetes/test-cluster/apps/default/dashy/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/dashy/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/dashy/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/dashy/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/default/dashy/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/dashy/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/dashy/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/dashy/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/dashy/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/dashy/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/dashy/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/dashy/ks.yaml diff --git a/kubernetes/test-cluster/apps/default/drop/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/drop/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/drop/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/drop/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/default/drop/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/drop/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/drop/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/drop/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/drop/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/drop/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/drop/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/drop/ks.yaml diff --git a/kubernetes/test-cluster/apps/default/echo-server/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/echo-server/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/echo-server/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/echo-server/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/default/echo-server/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/echo-server/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/echo-server/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/echo-server/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/echo-server/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/echo-server/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/echo-server/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/echo-server/ks.yaml diff --git a/kubernetes/test-cluster/apps/default/hajimari/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/hajimari/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/hajimari/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/hajimari/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/default/hajimari/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/hajimari/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/hajimari/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/hajimari/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/hajimari/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/hajimari/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/hajimari/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/hajimari/ks.yaml diff --git a/kubernetes/test-cluster/apps/default/headscale/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/headscale/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/headscale/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/headscale/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/default/headscale/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/headscale/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/headscale/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/headscale/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/headscale/ks.yaml.disabled b/archive/pre_talos/kubernetes/test-cluster/apps/default/headscale/ks.yaml.disabled similarity index 100% rename from kubernetes/test-cluster/apps/default/headscale/ks.yaml.disabled rename to archive/pre_talos/kubernetes/test-cluster/apps/default/headscale/ks.yaml.disabled diff --git a/kubernetes/test-cluster/apps/default/jdownloader/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/jdownloader/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/jdownloader/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/jdownloader/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/default/jdownloader/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/jdownloader/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/jdownloader/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/jdownloader/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/jdownloader/app/secret.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/jdownloader/app/secret.sops.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/jdownloader/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/jdownloader/app/secret.sops.yaml diff --git a/kubernetes/test-cluster/apps/default/jdownloader/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/jdownloader/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/jdownloader/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/jdownloader/ks.yaml diff --git a/kubernetes/test-cluster/apps/default/kasm/app/ingress.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/kasm/app/ingress.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/kasm/app/ingress.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/kasm/app/ingress.yaml diff --git a/kubernetes/test-cluster/apps/default/kasm/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/kasm/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/kasm/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/kasm/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/kasm/app/service.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/kasm/app/service.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/kasm/app/service.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/kasm/app/service.yaml diff --git a/kubernetes/test-cluster/apps/default/kasm/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/kasm/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/kasm/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/kasm/ks.yaml diff --git a/kubernetes/test-cluster/apps/default/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/linkding/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/linkding/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/linkding/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/linkding/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/default/linkding/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/linkding/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/linkding/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/linkding/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/linkding/app/secret.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/linkding/app/secret.sops.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/linkding/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/linkding/app/secret.sops.yaml diff --git a/kubernetes/test-cluster/apps/default/linkding/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/linkding/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/linkding/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/linkding/ks.yaml diff --git a/kubernetes/test-cluster/apps/default/namespace.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/namespace.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/namespace.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/namespace.yaml diff --git a/kubernetes/test-cluster/apps/default/octoprint/app/ingress.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/octoprint/app/ingress.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/octoprint/app/ingress.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/octoprint/app/ingress.yaml diff --git a/kubernetes/test-cluster/apps/default/octoprint/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/octoprint/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/octoprint/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/octoprint/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/octoprint/app/service.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/octoprint/app/service.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/octoprint/app/service.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/octoprint/app/service.yaml diff --git a/kubernetes/test-cluster/apps/default/octoprint/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/octoprint/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/octoprint/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/octoprint/ks.yaml diff --git a/kubernetes/test-cluster/apps/default/paperless/app/helmrelease-gotenberg.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/paperless/app/helmrelease-gotenberg.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/paperless/app/helmrelease-gotenberg.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/paperless/app/helmrelease-gotenberg.yaml diff --git a/kubernetes/test-cluster/apps/default/paperless/app/helmrelease-tika.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/paperless/app/helmrelease-tika.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/paperless/app/helmrelease-tika.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/paperless/app/helmrelease-tika.yaml diff --git a/kubernetes/test-cluster/apps/default/paperless/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/paperless/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/paperless/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/paperless/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/default/paperless/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/paperless/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/paperless/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/paperless/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/paperless/app/secret.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/paperless/app/secret.sops.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/paperless/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/paperless/app/secret.sops.yaml diff --git a/kubernetes/test-cluster/apps/default/paperless/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/paperless/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/paperless/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/paperless/ks.yaml diff --git a/kubernetes/test-cluster/apps/default/paperless/redis/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/paperless/redis/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/paperless/redis/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/paperless/redis/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/default/paperless/redis/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/paperless/redis/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/paperless/redis/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/paperless/redis/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/s3gw/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/s3gw/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/s3gw/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/s3gw/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/default/s3gw/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/s3gw/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/s3gw/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/s3gw/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/s3gw/ks.yaml.disabled b/archive/pre_talos/kubernetes/test-cluster/apps/default/s3gw/ks.yaml.disabled similarity index 100% rename from kubernetes/test-cluster/apps/default/s3gw/ks.yaml.disabled rename to archive/pre_talos/kubernetes/test-cluster/apps/default/s3gw/ks.yaml.disabled diff --git a/kubernetes/test-cluster/apps/default/sharry/app/config/sharry.conf b/archive/pre_talos/kubernetes/test-cluster/apps/default/sharry/app/config/sharry.conf similarity index 100% rename from kubernetes/test-cluster/apps/default/sharry/app/config/sharry.conf rename to archive/pre_talos/kubernetes/test-cluster/apps/default/sharry/app/config/sharry.conf diff --git a/kubernetes/test-cluster/apps/default/sharry/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/sharry/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/sharry/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/sharry/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/default/sharry/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/sharry/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/sharry/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/sharry/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/sharry/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/sharry/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/sharry/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/sharry/ks.yaml diff --git a/kubernetes/test-cluster/apps/default/smtp-relay/app/config/maddy.conf b/archive/pre_talos/kubernetes/test-cluster/apps/default/smtp-relay/app/config/maddy.conf similarity index 100% rename from kubernetes/test-cluster/apps/default/smtp-relay/app/config/maddy.conf rename to archive/pre_talos/kubernetes/test-cluster/apps/default/smtp-relay/app/config/maddy.conf diff --git a/kubernetes/test-cluster/apps/default/smtp-relay/app/externalsecret.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/smtp-relay/app/externalsecret.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/smtp-relay/app/externalsecret.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/smtp-relay/app/externalsecret.yaml diff --git a/kubernetes/test-cluster/apps/default/smtp-relay/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/smtp-relay/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/smtp-relay/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/smtp-relay/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/default/smtp-relay/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/smtp-relay/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/smtp-relay/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/smtp-relay/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/smtp-relay/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/smtp-relay/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/smtp-relay/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/smtp-relay/ks.yaml diff --git a/kubernetes/test-cluster/apps/default/webtrees/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/webtrees/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/webtrees/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/webtrees/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/default/webtrees/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/webtrees/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/webtrees/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/webtrees/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/webtrees/app/secret.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/webtrees/app/secret.sops.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/webtrees/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/webtrees/app/secret.sops.yaml diff --git a/kubernetes/test-cluster/apps/default/webtrees/db/cronjob.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/webtrees/db/cronjob.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/webtrees/db/cronjob.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/webtrees/db/cronjob.yaml diff --git a/kubernetes/test-cluster/apps/default/webtrees/db/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/webtrees/db/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/webtrees/db/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/webtrees/db/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/default/webtrees/db/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/webtrees/db/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/webtrees/db/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/webtrees/db/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/default/webtrees/db/secret.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/webtrees/db/secret.sops.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/webtrees/db/secret.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/webtrees/db/secret.sops.yaml diff --git a/kubernetes/test-cluster/apps/default/webtrees/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/default/webtrees/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/default/webtrees/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/default/webtrees/ks.yaml diff --git a/kubernetes/test-cluster/apps/flux-system/addons/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/flux-system/addons/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/ks.yaml diff --git a/kubernetes/test-cluster/apps/flux-system/addons/monitoring/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/monitoring/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/flux-system/addons/monitoring/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/monitoring/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/flux-system/addons/monitoring/podmonitor.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/monitoring/podmonitor.yaml similarity index 100% rename from kubernetes/test-cluster/apps/flux-system/addons/monitoring/podmonitor.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/monitoring/podmonitor.yaml diff --git a/kubernetes/test-cluster/apps/flux-system/addons/monitoring/prometheusrule.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/monitoring/prometheusrule.yaml similarity index 100% rename from kubernetes/test-cluster/apps/flux-system/addons/monitoring/prometheusrule.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/monitoring/prometheusrule.yaml diff --git a/kubernetes/test-cluster/apps/flux-system/addons/webhooks/github/ingress.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/webhooks/github/ingress.yaml similarity index 100% rename from kubernetes/test-cluster/apps/flux-system/addons/webhooks/github/ingress.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/webhooks/github/ingress.yaml diff --git a/kubernetes/test-cluster/apps/flux-system/addons/webhooks/github/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/webhooks/github/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/flux-system/addons/webhooks/github/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/webhooks/github/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/flux-system/addons/webhooks/github/receiver.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/webhooks/github/receiver.yaml similarity index 100% rename from kubernetes/test-cluster/apps/flux-system/addons/webhooks/github/receiver.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/webhooks/github/receiver.yaml diff --git a/kubernetes/test-cluster/apps/flux-system/addons/webhooks/github/secret.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/webhooks/github/secret.sops.yaml similarity index 100% rename from kubernetes/test-cluster/apps/flux-system/addons/webhooks/github/secret.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/webhooks/github/secret.sops.yaml diff --git a/kubernetes/test-cluster/apps/flux-system/addons/webhooks/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/webhooks/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/flux-system/addons/webhooks/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/flux-system/addons/webhooks/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/flux-system/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/flux-system/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/flux-system/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/flux-system/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/flux-system/namespace.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/flux-system/namespace.yaml similarity index 100% rename from kubernetes/test-cluster/apps/flux-system/namespace.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/flux-system/namespace.yaml diff --git a/kubernetes/test-cluster/apps/flux-system/weave-gitops/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/flux-system/weave-gitops/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/flux-system/weave-gitops/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/flux-system/weave-gitops/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/flux-system/weave-gitops/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/flux-system/weave-gitops/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/flux-system/weave-gitops/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/flux-system/weave-gitops/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/flux-system/weave-gitops/app/rbac.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/flux-system/weave-gitops/app/rbac.yaml similarity index 100% rename from kubernetes/test-cluster/apps/flux-system/weave-gitops/app/rbac.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/flux-system/weave-gitops/app/rbac.yaml diff --git a/kubernetes/test-cluster/apps/flux-system/weave-gitops/app/secret.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/flux-system/weave-gitops/app/secret.sops.yaml similarity index 100% rename from kubernetes/test-cluster/apps/flux-system/weave-gitops/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/flux-system/weave-gitops/app/secret.sops.yaml diff --git a/kubernetes/test-cluster/apps/flux-system/weave-gitops/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/flux-system/weave-gitops/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/flux-system/weave-gitops/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/flux-system/weave-gitops/ks.yaml diff --git a/kubernetes/test-cluster/apps/games/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/games/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/games/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/games/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/games/minecraft-server/app/backup-sa.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/app/backup-sa.yaml similarity index 100% rename from kubernetes/test-cluster/apps/games/minecraft-server/app/backup-sa.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/app/backup-sa.yaml diff --git a/kubernetes/test-cluster/apps/games/minecraft-server/app/helmrelease-creative.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/app/helmrelease-creative.yaml similarity index 100% rename from kubernetes/test-cluster/apps/games/minecraft-server/app/helmrelease-creative.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/app/helmrelease-creative.yaml diff --git a/kubernetes/test-cluster/apps/games/minecraft-server/app/helmrelease-family.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/app/helmrelease-family.yaml similarity index 100% rename from kubernetes/test-cluster/apps/games/minecraft-server/app/helmrelease-family.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/app/helmrelease-family.yaml diff --git a/kubernetes/test-cluster/apps/games/minecraft-server/app/helmrelease-insel.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/app/helmrelease-insel.yaml similarity index 100% rename from kubernetes/test-cluster/apps/games/minecraft-server/app/helmrelease-insel.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/app/helmrelease-insel.yaml diff --git a/kubernetes/test-cluster/apps/games/minecraft-server/app/helmrelease-survival.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/app/helmrelease-survival.yaml similarity index 100% rename from kubernetes/test-cluster/apps/games/minecraft-server/app/helmrelease-survival.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/app/helmrelease-survival.yaml diff --git a/kubernetes/test-cluster/apps/games/minecraft-server/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/games/minecraft-server/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/games/minecraft-server/app/mc-backup.sh b/archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/app/mc-backup.sh similarity index 100% rename from kubernetes/test-cluster/apps/games/minecraft-server/app/mc-backup.sh rename to archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/app/mc-backup.sh diff --git a/kubernetes/test-cluster/apps/games/minecraft-server/app/monitoring.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/app/monitoring.yaml similarity index 100% rename from kubernetes/test-cluster/apps/games/minecraft-server/app/monitoring.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/app/monitoring.yaml diff --git a/kubernetes/test-cluster/apps/games/minecraft-server/ks.dis b/archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/ks.dis similarity index 100% rename from kubernetes/test-cluster/apps/games/minecraft-server/ks.dis rename to archive/pre_talos/kubernetes/test-cluster/apps/games/minecraft-server/ks.dis diff --git a/kubernetes/test-cluster/apps/games/namespace.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/games/namespace.yaml similarity index 100% rename from kubernetes/test-cluster/apps/games/namespace.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/games/namespace.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/cilium/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/cilium/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/cilium/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/cilium/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/cilium/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/cilium/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/cilium/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/cilium/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/cilium/config/cilium-l2.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/cilium/config/cilium-l2.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/cilium/config/cilium-l2.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/cilium/config/cilium-l2.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/cilium/config/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/cilium/config/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/cilium/config/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/cilium/config/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/cilium/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/cilium/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/cilium/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/cilium/ks.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/container-object-storage-interface/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/container-object-storage-interface/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/container-object-storage-interface/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/container-object-storage-interface/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/container-object-storage-interface/ks.dis b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/container-object-storage-interface/ks.dis similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/container-object-storage-interface/ks.dis rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/container-object-storage-interface/ks.dis diff --git a/kubernetes/test-cluster/apps/kube-system/descheduler/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/descheduler/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/descheduler/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/descheduler/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/descheduler/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/descheduler/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/descheduler/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/descheduler/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/descheduler/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/descheduler/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/descheduler/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/descheduler/ks.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/kube-vip/app/daemonset.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kube-vip/app/daemonset.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/kube-vip/app/daemonset.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kube-vip/app/daemonset.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/kube-vip/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kube-vip/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/kube-vip/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kube-vip/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/kube-vip/app/rbac.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kube-vip/app/rbac.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/kube-vip/app/rbac.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kube-vip/app/rbac.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/kube-vip/ks.dis b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kube-vip/ks.dis similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/kube-vip/ks.dis rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kube-vip/ks.dis diff --git a/kubernetes/test-cluster/apps/kube-system/kubernetes-replicator/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kubernetes-replicator/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/kubernetes-replicator/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kubernetes-replicator/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/kubernetes-replicator/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kubernetes-replicator/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/kubernetes-replicator/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kubernetes-replicator/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/kubernetes-replicator/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kubernetes-replicator/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/kubernetes-replicator/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kubernetes-replicator/ks.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/kured/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kured/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/kured/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kured/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/kured/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kured/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/kured/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kured/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/kured/app/prometheusrule.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kured/app/prometheusrule.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/kured/app/prometheusrule.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kured/app/prometheusrule.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/kured/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kured/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/kured/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kured/ks.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/local-path-provisioner/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/local-path-provisioner/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/local-path-provisioner/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/local-path-provisioner/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/local-path-provisioner/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/local-path-provisioner/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/local-path-provisioner/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/local-path-provisioner/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/local-path-provisioner/ks.dis b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/local-path-provisioner/ks.dis similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/local-path-provisioner/ks.dis rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/local-path-provisioner/ks.dis diff --git a/kubernetes/test-cluster/apps/kube-system/metrics-server/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/metrics-server/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/metrics-server/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/metrics-server/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/metrics-server/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/metrics-server/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/metrics-server/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/metrics-server/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/metrics-server/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/metrics-server/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/metrics-server/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/metrics-server/ks.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/namespace.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/namespace.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/namespace.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/namespace.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/node-problem-detector/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/node-problem-detector/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/node-problem-detector/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/node-problem-detector/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/node-problem-detector/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/node-problem-detector/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/node-problem-detector/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/node-problem-detector/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/node-problem-detector/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/node-problem-detector/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/node-problem-detector/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/node-problem-detector/ks.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/reloader/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/reloader/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/reloader/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/reloader/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/reloader/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/reloader/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/reloader/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/reloader/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/kube-system/reloader/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/kube-system/reloader/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/kube-system/reloader/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/kube-system/reloader/ks.yaml diff --git a/kubernetes/test-cluster/apps/media/calibre-web/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/calibre-web/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/calibre-web/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/calibre-web/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/media/calibre-web/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/calibre-web/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/calibre-web/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/calibre-web/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/media/calibre-web/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/calibre-web/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/calibre-web/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/calibre-web/ks.yaml diff --git a/kubernetes/test-cluster/apps/media/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/media/mediabox/app/bazarr-ingress.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/bazarr-ingress.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/mediabox/app/bazarr-ingress.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/bazarr-ingress.yaml diff --git a/kubernetes/test-cluster/apps/media/mediabox/app/gaps-ingress.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/gaps-ingress.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/mediabox/app/gaps-ingress.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/gaps-ingress.yaml diff --git a/kubernetes/test-cluster/apps/media/mediabox/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/mediabox/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/media/mediabox/app/lldap-ingress.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/lldap-ingress.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/mediabox/app/lldap-ingress.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/lldap-ingress.yaml diff --git a/kubernetes/test-cluster/apps/media/mediabox/app/notifiarr-ingress.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/notifiarr-ingress.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/mediabox/app/notifiarr-ingress.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/notifiarr-ingress.yaml diff --git a/kubernetes/test-cluster/apps/media/mediabox/app/prowlarr-exporter.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/prowlarr-exporter.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/mediabox/app/prowlarr-exporter.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/prowlarr-exporter.yaml diff --git a/kubernetes/test-cluster/apps/media/mediabox/app/prowlarr-ingress.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/prowlarr-ingress.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/mediabox/app/prowlarr-ingress.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/prowlarr-ingress.yaml diff --git a/kubernetes/test-cluster/apps/media/mediabox/app/radarr-exporter.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/radarr-exporter.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/mediabox/app/radarr-exporter.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/radarr-exporter.yaml diff --git a/kubernetes/test-cluster/apps/media/mediabox/app/radarr-ingress.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/radarr-ingress.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/mediabox/app/radarr-ingress.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/radarr-ingress.yaml diff --git a/kubernetes/test-cluster/apps/media/mediabox/app/sabnzbd-ingress.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/sabnzbd-ingress.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/mediabox/app/sabnzbd-ingress.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/sabnzbd-ingress.yaml diff --git a/kubernetes/test-cluster/apps/media/mediabox/app/service.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/service.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/mediabox/app/service.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/service.yaml diff --git a/kubernetes/test-cluster/apps/media/mediabox/app/sonar-ingress.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/sonar-ingress.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/mediabox/app/sonar-ingress.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/sonar-ingress.yaml diff --git a/kubernetes/test-cluster/apps/media/mediabox/app/sonarr-exporter.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/sonarr-exporter.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/mediabox/app/sonarr-exporter.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/app/sonarr-exporter.yaml diff --git a/kubernetes/test-cluster/apps/media/mediabox/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/mediabox/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/mediabox/ks.yaml diff --git a/kubernetes/test-cluster/apps/media/namespace.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/namespace.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/namespace.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/namespace.yaml diff --git a/kubernetes/test-cluster/apps/media/plex-exporter/app/configmap.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/plex-exporter/app/configmap.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/plex-exporter/app/configmap.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/plex-exporter/app/configmap.yaml diff --git a/kubernetes/test-cluster/apps/media/plex-exporter/app/deployment.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/plex-exporter/app/deployment.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/plex-exporter/app/deployment.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/plex-exporter/app/deployment.yaml diff --git a/kubernetes/test-cluster/apps/media/plex-exporter/app/grafana-dashboard.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/plex-exporter/app/grafana-dashboard.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/plex-exporter/app/grafana-dashboard.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/plex-exporter/app/grafana-dashboard.yaml diff --git a/kubernetes/test-cluster/apps/media/plex-exporter/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/plex-exporter/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/plex-exporter/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/plex-exporter/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/media/plex-exporter/app/plex-exporter-grafana-dashboard.json b/archive/pre_talos/kubernetes/test-cluster/apps/media/plex-exporter/app/plex-exporter-grafana-dashboard.json similarity index 100% rename from kubernetes/test-cluster/apps/media/plex-exporter/app/plex-exporter-grafana-dashboard.json rename to archive/pre_talos/kubernetes/test-cluster/apps/media/plex-exporter/app/plex-exporter-grafana-dashboard.json diff --git a/kubernetes/test-cluster/apps/media/plex-exporter/app/service-monitor.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/plex-exporter/app/service-monitor.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/plex-exporter/app/service-monitor.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/plex-exporter/app/service-monitor.yaml diff --git a/kubernetes/test-cluster/apps/media/plex-exporter/app/service.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/plex-exporter/app/service.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/plex-exporter/app/service.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/plex-exporter/app/service.yaml diff --git a/kubernetes/test-cluster/apps/media/plex-exporter/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/plex-exporter/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/plex-exporter/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/plex-exporter/ks.yaml diff --git a/kubernetes/test-cluster/apps/media/plex-trakt-sync/app/config/config.yml b/archive/pre_talos/kubernetes/test-cluster/apps/media/plex-trakt-sync/app/config/config.yml similarity index 100% rename from kubernetes/test-cluster/apps/media/plex-trakt-sync/app/config/config.yml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/plex-trakt-sync/app/config/config.yml diff --git a/kubernetes/test-cluster/apps/media/plex-trakt-sync/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/plex-trakt-sync/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/plex-trakt-sync/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/plex-trakt-sync/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/media/plex-trakt-sync/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/plex-trakt-sync/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/plex-trakt-sync/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/plex-trakt-sync/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/media/plex-trakt-sync/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/plex-trakt-sync/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/plex-trakt-sync/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/plex-trakt-sync/ks.yaml diff --git a/kubernetes/test-cluster/apps/media/podsync/app/config/config.toml b/archive/pre_talos/kubernetes/test-cluster/apps/media/podsync/app/config/config.toml similarity index 100% rename from kubernetes/test-cluster/apps/media/podsync/app/config/config.toml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/podsync/app/config/config.toml diff --git a/kubernetes/test-cluster/apps/media/podsync/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/podsync/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/podsync/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/podsync/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/media/podsync/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/podsync/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/podsync/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/podsync/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/media/podsync/ks.dis b/archive/pre_talos/kubernetes/test-cluster/apps/media/podsync/ks.dis similarity index 100% rename from kubernetes/test-cluster/apps/media/podsync/ks.dis rename to archive/pre_talos/kubernetes/test-cluster/apps/media/podsync/ks.dis diff --git a/kubernetes/test-cluster/apps/media/tautulli/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/tautulli/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/tautulli/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/tautulli/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/media/tautulli/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/tautulli/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/tautulli/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/tautulli/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/media/tautulli/exporter/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/tautulli/exporter/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/tautulli/exporter/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/tautulli/exporter/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/media/tautulli/exporter/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/tautulli/exporter/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/tautulli/exporter/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/tautulli/exporter/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/media/tautulli/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/media/tautulli/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/media/tautulli/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/media/tautulli/ks.yaml diff --git a/kubernetes/test-cluster/apps/networking/cloudflare-ddns/app/cloudflare-ddns.sh b/archive/pre_talos/kubernetes/test-cluster/apps/networking/cloudflare-ddns/app/cloudflare-ddns.sh similarity index 100% rename from kubernetes/test-cluster/apps/networking/cloudflare-ddns/app/cloudflare-ddns.sh rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/cloudflare-ddns/app/cloudflare-ddns.sh diff --git a/kubernetes/test-cluster/apps/networking/cloudflare-ddns/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/cloudflare-ddns/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/cloudflare-ddns/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/cloudflare-ddns/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/networking/cloudflare-ddns/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/cloudflare-ddns/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/cloudflare-ddns/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/cloudflare-ddns/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/cloudflare-ddns/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/cloudflare-ddns/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/cloudflare-ddns/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/cloudflare-ddns/ks.yaml diff --git a/kubernetes/test-cluster/apps/networking/external-dns/app/dnsendpoint-crd.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/external-dns/app/dnsendpoint-crd.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/external-dns/app/dnsendpoint-crd.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/external-dns/app/dnsendpoint-crd.yaml diff --git a/kubernetes/test-cluster/apps/networking/external-dns/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/external-dns/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/external-dns/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/external-dns/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/networking/external-dns/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/external-dns/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/external-dns/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/external-dns/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/external-dns/app/secret.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/external-dns/app/secret.sops.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/external-dns/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/external-dns/app/secret.sops.yaml diff --git a/kubernetes/test-cluster/apps/networking/external-dns/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/external-dns/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/external-dns/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/external-dns/ks.yaml diff --git a/kubernetes/test-cluster/apps/networking/ingress-nginx/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/ingress-nginx/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/ingress-nginx/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/ingress-nginx/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/networking/ingress-nginx/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/ingress-nginx/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/ingress-nginx/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/ingress-nginx/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/ingress-nginx/certificates/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/ingress-nginx/certificates/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/ingress-nginx/certificates/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/ingress-nginx/certificates/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/ingress-nginx/certificates/production.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/ingress-nginx/certificates/production.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/ingress-nginx/certificates/production.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/ingress-nginx/certificates/production.yaml diff --git a/kubernetes/test-cluster/apps/networking/ingress-nginx/certificates/staging.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/ingress-nginx/certificates/staging.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/ingress-nginx/certificates/staging.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/ingress-nginx/certificates/staging.yaml diff --git a/kubernetes/test-cluster/apps/networking/ingress-nginx/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/ingress-nginx/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/ingress-nginx/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/ingress-nginx/ks.yaml diff --git a/kubernetes/test-cluster/apps/networking/ingressmonitorcontroller/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/ingressmonitorcontroller/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/ingressmonitorcontroller/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/ingressmonitorcontroller/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/networking/ingressmonitorcontroller/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/ingressmonitorcontroller/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/ingressmonitorcontroller/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/ingressmonitorcontroller/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/ingressmonitorcontroller/app/secret.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/ingressmonitorcontroller/app/secret.sops.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/ingressmonitorcontroller/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/ingressmonitorcontroller/app/secret.sops.yaml diff --git a/kubernetes/test-cluster/apps/networking/ingressmonitorcontroller/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/ingressmonitorcontroller/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/ingressmonitorcontroller/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/ingressmonitorcontroller/ks.yaml diff --git a/kubernetes/test-cluster/apps/networking/k8s-gateway/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/k8s-gateway/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/k8s-gateway/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/k8s-gateway/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/networking/k8s-gateway/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/k8s-gateway/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/k8s-gateway/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/k8s-gateway/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/k8s-gateway/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/k8s-gateway/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/k8s-gateway/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/k8s-gateway/ks.yaml diff --git a/kubernetes/test-cluster/apps/networking/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/metallb/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/metallb/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/metallb/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/metallb/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/networking/metallb/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/metallb/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/metallb/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/metallb/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/metallb/config/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/metallb/config/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/metallb/config/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/metallb/config/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/metallb/config/resources.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/metallb/config/resources.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/metallb/config/resources.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/metallb/config/resources.yaml diff --git a/kubernetes/test-cluster/apps/networking/metallb/ks.disable b/archive/pre_talos/kubernetes/test-cluster/apps/networking/metallb/ks.disable similarity index 100% rename from kubernetes/test-cluster/apps/networking/metallb/ks.disable rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/metallb/ks.disable diff --git a/kubernetes/test-cluster/apps/networking/namespace.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/namespace.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/namespace.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/namespace.yaml diff --git a/kubernetes/test-cluster/apps/networking/phpipam/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/phpipam/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/ks.yaml diff --git a/kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/database.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/database.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/database.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/database.yaml diff --git a/kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/grant.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/grant.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/grant.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/grant.yaml diff --git a/kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/secret.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/secret.sops.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/secret.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/secret.sops.yaml diff --git a/kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/user.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/user.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/user.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-db/user.yaml diff --git a/kubernetes/test-cluster/apps/networking/phpipam/phpipam-web/deployment.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-web/deployment.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/phpipam/phpipam-web/deployment.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-web/deployment.yaml diff --git a/kubernetes/test-cluster/apps/networking/phpipam/phpipam-web/ingress.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-web/ingress.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/phpipam/phpipam-web/ingress.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-web/ingress.yaml diff --git a/kubernetes/test-cluster/apps/networking/phpipam/phpipam-web/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-web/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/phpipam/phpipam-web/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-web/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/phpipam/phpipam-web/service.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-web/service.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/phpipam/phpipam-web/service.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/phpipam/phpipam-web/service.yaml diff --git a/kubernetes/test-cluster/apps/networking/traefik/app/helm-release.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/app/helm-release.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/traefik/app/helm-release.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/app/helm-release.yaml diff --git a/kubernetes/test-cluster/apps/networking/traefik/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/traefik/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/traefik/config/certificates/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/certificates/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/traefik/config/certificates/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/certificates/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/traefik/config/certificates/production.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/certificates/production.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/traefik/config/certificates/production.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/certificates/production.yaml diff --git a/kubernetes/test-cluster/apps/networking/traefik/config/certificates/staging.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/certificates/staging.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/traefik/config/certificates/staging.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/certificates/staging.yaml diff --git a/kubernetes/test-cluster/apps/networking/traefik/config/dashboard/ingress.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/dashboard/ingress.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/traefik/config/dashboard/ingress.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/dashboard/ingress.yaml diff --git a/kubernetes/test-cluster/apps/networking/traefik/config/dashboard/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/dashboard/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/traefik/config/dashboard/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/dashboard/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/traefik/config/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/traefik/config/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/traefik/config/middlewares/authelia.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/middlewares/authelia.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/traefik/config/middlewares/authelia.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/middlewares/authelia.yaml diff --git a/kubernetes/test-cluster/apps/networking/traefik/config/middlewares/cloudflare-only.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/middlewares/cloudflare-only.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/traefik/config/middlewares/cloudflare-only.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/middlewares/cloudflare-only.yaml diff --git a/kubernetes/test-cluster/apps/networking/traefik/config/middlewares/internal-only.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/middlewares/internal-only.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/traefik/config/middlewares/internal-only.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/middlewares/internal-only.yaml diff --git a/kubernetes/test-cluster/apps/networking/traefik/config/middlewares/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/middlewares/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/traefik/config/middlewares/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/middlewares/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/traefik/config/serverstransport/insecureskipverify.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/serverstransport/insecureskipverify.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/traefik/config/serverstransport/insecureskipverify.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/serverstransport/insecureskipverify.yaml diff --git a/kubernetes/test-cluster/apps/networking/traefik/config/serverstransport/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/serverstransport/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/traefik/config/serverstransport/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/serverstransport/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/traefik/config/tls-store/default.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/tls-store/default.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/traefik/config/tls-store/default.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/tls-store/default.yaml diff --git a/kubernetes/test-cluster/apps/networking/traefik/config/tls-store/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/tls-store/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/traefik/config/tls-store/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/config/tls-store/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/traefik/ks.dis b/archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/ks.dis similarity index 100% rename from kubernetes/test-cluster/apps/networking/traefik/ks.dis rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/traefik/ks.dis diff --git a/kubernetes/test-cluster/apps/networking/vpn/app/ingressroutetcp.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/vpn/app/ingressroutetcp.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/vpn/app/ingressroutetcp.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/vpn/app/ingressroutetcp.yaml diff --git a/kubernetes/test-cluster/apps/networking/vpn/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/vpn/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/vpn/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/vpn/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/networking/vpn/app/service.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/networking/vpn/app/service.yaml similarity index 100% rename from kubernetes/test-cluster/apps/networking/vpn/app/service.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/vpn/app/service.yaml diff --git a/kubernetes/test-cluster/apps/networking/vpn/ks.dis b/archive/pre_talos/kubernetes/test-cluster/apps/networking/vpn/ks.dis similarity index 100% rename from kubernetes/test-cluster/apps/networking/vpn/ks.dis rename to archive/pre_talos/kubernetes/test-cluster/apps/networking/vpn/ks.dis diff --git a/kubernetes/test-cluster/apps/observability/alertmanager-discord/app/alertmanager-discord-config.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/alertmanager-discord/app/alertmanager-discord-config.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/alertmanager-discord/app/alertmanager-discord-config.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/alertmanager-discord/app/alertmanager-discord-config.yaml diff --git a/kubernetes/test-cluster/apps/observability/alertmanager-discord/app/alertmanager-discord-deployment.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/alertmanager-discord/app/alertmanager-discord-deployment.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/alertmanager-discord/app/alertmanager-discord-deployment.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/alertmanager-discord/app/alertmanager-discord-deployment.yaml diff --git a/kubernetes/test-cluster/apps/observability/alertmanager-discord/app/alertmanager-discord-service.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/alertmanager-discord/app/alertmanager-discord-service.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/alertmanager-discord/app/alertmanager-discord-service.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/alertmanager-discord/app/alertmanager-discord-service.yaml diff --git a/kubernetes/test-cluster/apps/observability/alertmanager-discord/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/alertmanager-discord/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/alertmanager-discord/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/alertmanager-discord/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/observability/alertmanager-discord/app/secret.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/alertmanager-discord/app/secret.sops.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/alertmanager-discord/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/alertmanager-discord/app/secret.sops.yaml diff --git a/kubernetes/test-cluster/apps/observability/alertmanager-discord/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/alertmanager-discord/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/alertmanager-discord/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/alertmanager-discord/ks.yaml diff --git a/kubernetes/test-cluster/apps/observability/gatus/app/config/config.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/gatus/app/config/config.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/gatus/app/config/config.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/gatus/app/config/config.yaml diff --git a/kubernetes/test-cluster/apps/observability/gatus/app/externalsecret.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/gatus/app/externalsecret.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/gatus/app/externalsecret.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/gatus/app/externalsecret.yaml diff --git a/kubernetes/test-cluster/apps/observability/gatus/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/gatus/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/gatus/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/gatus/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/observability/gatus/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/gatus/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/gatus/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/gatus/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/observability/gatus/app/rbac.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/gatus/app/rbac.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/gatus/app/rbac.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/gatus/app/rbac.yaml diff --git a/kubernetes/test-cluster/apps/observability/gatus/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/gatus/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/gatus/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/gatus/ks.yaml diff --git a/kubernetes/test-cluster/apps/observability/goldilocks/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/goldilocks/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/goldilocks/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/goldilocks/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/observability/goldilocks/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/goldilocks/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/goldilocks/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/goldilocks/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/observability/goldilocks/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/goldilocks/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/goldilocks/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/goldilocks/ks.yaml diff --git a/kubernetes/test-cluster/apps/observability/grafana/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/grafana/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/grafana/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/grafana/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/observability/grafana/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/grafana/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/grafana/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/grafana/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/observability/grafana/app/secret.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/grafana/app/secret.sops.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/grafana/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/grafana/app/secret.sops.yaml diff --git a/kubernetes/test-cluster/apps/observability/grafana/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/grafana/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/grafana/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/grafana/ks.yaml diff --git a/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/kube-prometheus-stack/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/kube-prometheus-stack/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/config/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/config/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/kube-prometheus-stack/config/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/config/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/config/prometheusrules.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/config/prometheusrules.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/kube-prometheus-stack/config/prometheusrules.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/config/prometheusrules.yaml diff --git a/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/config/scrapeconfigs.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/config/scrapeconfigs.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/kube-prometheus-stack/config/scrapeconfigs.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/config/scrapeconfigs.yaml diff --git a/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/kube-prometheus-stack/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/kube-prometheus-stack/ks.yaml diff --git a/kubernetes/test-cluster/apps/observability/kubernetes-dashboard/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/kubernetes-dashboard/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/kubernetes-dashboard/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/kubernetes-dashboard/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/observability/kubernetes-dashboard/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/kubernetes-dashboard/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/kubernetes-dashboard/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/kubernetes-dashboard/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/observability/kubernetes-dashboard/app/rbac.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/kubernetes-dashboard/app/rbac.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/kubernetes-dashboard/app/rbac.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/kubernetes-dashboard/app/rbac.yaml diff --git a/kubernetes/test-cluster/apps/observability/kubernetes-dashboard/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/kubernetes-dashboard/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/kubernetes-dashboard/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/kubernetes-dashboard/ks.yaml diff --git a/kubernetes/test-cluster/apps/observability/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/observability/loki/app/configmap.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/loki/app/configmap.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/loki/app/configmap.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/loki/app/configmap.yaml diff --git a/kubernetes/test-cluster/apps/observability/loki/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/loki/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/loki/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/loki/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/observability/loki/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/loki/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/loki/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/loki/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/observability/loki/app/servicemonitor.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/loki/app/servicemonitor.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/loki/app/servicemonitor.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/loki/app/servicemonitor.yaml diff --git a/kubernetes/test-cluster/apps/observability/loki/ks.dis b/archive/pre_talos/kubernetes/test-cluster/apps/observability/loki/ks.dis similarity index 100% rename from kubernetes/test-cluster/apps/observability/loki/ks.dis rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/loki/ks.dis diff --git a/kubernetes/test-cluster/apps/observability/namespace.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/namespace.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/namespace.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/namespace.yaml diff --git a/kubernetes/test-cluster/apps/observability/netdata/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/netdata/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/netdata/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/netdata/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/observability/netdata/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/netdata/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/netdata/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/netdata/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/observability/netdata/ks.dis b/archive/pre_talos/kubernetes/test-cluster/apps/observability/netdata/ks.dis similarity index 100% rename from kubernetes/test-cluster/apps/observability/netdata/ks.dis rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/netdata/ks.dis diff --git a/kubernetes/test-cluster/apps/observability/prometheus-pushgateway/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/prometheus-pushgateway/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/prometheus-pushgateway/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/prometheus-pushgateway/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/observability/prometheus-pushgateway/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/prometheus-pushgateway/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/prometheus-pushgateway/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/prometheus-pushgateway/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/observability/prometheus-pushgateway/app/prometheusrule.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/prometheus-pushgateway/app/prometheusrule.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/prometheus-pushgateway/app/prometheusrule.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/prometheus-pushgateway/app/prometheusrule.yaml diff --git a/kubernetes/test-cluster/apps/observability/prometheus-pushgateway/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/prometheus-pushgateway/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/prometheus-pushgateway/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/prometheus-pushgateway/ks.yaml diff --git a/kubernetes/test-cluster/apps/observability/unpoller/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/unpoller/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/unpoller/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/unpoller/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/observability/unpoller/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/unpoller/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/unpoller/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/unpoller/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/observability/unpoller/config/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/unpoller/config/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/unpoller/config/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/unpoller/config/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/observability/unpoller/config/prometheusrule.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/unpoller/config/prometheusrule.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/unpoller/config/prometheusrule.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/unpoller/config/prometheusrule.yaml diff --git a/kubernetes/test-cluster/apps/observability/unpoller/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/unpoller/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/unpoller/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/unpoller/ks.yaml diff --git a/kubernetes/test-cluster/apps/observability/vector/agent/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/vector/agent/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/vector/agent/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/vector/agent/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/observability/vector/agent/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/vector/agent/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/vector/agent/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/vector/agent/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/observability/vector/aggregator/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/vector/aggregator/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/vector/aggregator/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/vector/aggregator/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/observability/vector/aggregator/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/vector/aggregator/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/vector/aggregator/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/vector/aggregator/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/observability/vector/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/vector/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/vector/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/vector/ks.yaml diff --git a/kubernetes/test-cluster/apps/observability/vpa/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/vpa/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/vpa/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/vpa/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/observability/vpa/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/vpa/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/vpa/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/vpa/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/observability/vpa/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/observability/vpa/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/observability/vpa/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/observability/vpa/ks.yaml diff --git a/kubernetes/test-cluster/apps/security/external-secrets/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/security/external-secrets/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/ks.yaml diff --git a/kubernetes/test-cluster/apps/security/external-secrets/operator/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/operator/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/security/external-secrets/operator/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/operator/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/security/external-secrets/operator/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/operator/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/security/external-secrets/operator/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/operator/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/security/external-secrets/secretstores/doppler/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/secretstores/doppler/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/security/external-secrets/secretstores/doppler/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/secretstores/doppler/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/security/external-secrets/secretstores/doppler/secret.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/secretstores/doppler/secret.sops.yaml similarity index 100% rename from kubernetes/test-cluster/apps/security/external-secrets/secretstores/doppler/secret.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/secretstores/doppler/secret.sops.yaml diff --git a/kubernetes/test-cluster/apps/security/external-secrets/secretstores/doppler/secretstore.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/secretstores/doppler/secretstore.yaml similarity index 100% rename from kubernetes/test-cluster/apps/security/external-secrets/secretstores/doppler/secretstore.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/secretstores/doppler/secretstore.yaml diff --git a/kubernetes/test-cluster/apps/security/external-secrets/secretstores/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/secretstores/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/security/external-secrets/secretstores/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/secretstores/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/security/external-secrets/secretstores/onepassword/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/secretstores/onepassword/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/security/external-secrets/secretstores/onepassword/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/secretstores/onepassword/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/security/external-secrets/secretstores/onepassword/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/secretstores/onepassword/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/security/external-secrets/secretstores/onepassword/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/secretstores/onepassword/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/security/external-secrets/secretstores/onepassword/secret.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/secretstores/onepassword/secret.sops.yaml similarity index 100% rename from kubernetes/test-cluster/apps/security/external-secrets/secretstores/onepassword/secret.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/secretstores/onepassword/secret.sops.yaml diff --git a/kubernetes/test-cluster/apps/security/external-secrets/secretstores/onepassword/secretstore.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/secretstores/onepassword/secretstore.yaml similarity index 100% rename from kubernetes/test-cluster/apps/security/external-secrets/secretstores/onepassword/secretstore.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/security/external-secrets/secretstores/onepassword/secretstore.yaml diff --git a/kubernetes/test-cluster/apps/security/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/security/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/security/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/security/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/security/namespace.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/security/namespace.yaml similarity index 100% rename from kubernetes/test-cluster/apps/security/namespace.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/security/namespace.yaml diff --git a/kubernetes/test-cluster/apps/storage/csi-driver-nfs/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/csi-driver-nfs/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/csi-driver-nfs/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/csi-driver-nfs/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/storage/csi-driver-nfs/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/csi-driver-nfs/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/csi-driver-nfs/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/csi-driver-nfs/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/storage/csi-driver-nfs/app/storageclass.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/csi-driver-nfs/app/storageclass.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/csi-driver-nfs/app/storageclass.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/csi-driver-nfs/app/storageclass.yaml diff --git a/kubernetes/test-cluster/apps/storage/csi-driver-nfs/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/csi-driver-nfs/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/csi-driver-nfs/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/csi-driver-nfs/ks.yaml diff --git a/kubernetes/test-cluster/apps/storage/democratic-csi/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/democratic-csi/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/democratic-csi/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/democratic-csi/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/storage/democratic-csi/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/democratic-csi/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/democratic-csi/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/democratic-csi/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/storage/democratic-csi/ks.dis b/archive/pre_talos/kubernetes/test-cluster/apps/storage/democratic-csi/ks.dis similarity index 100% rename from kubernetes/test-cluster/apps/storage/democratic-csi/ks.dis rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/democratic-csi/ks.dis diff --git a/kubernetes/test-cluster/apps/storage/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/app/helm-release.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/app/helm-release.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/app/helm-release.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/app/helm-release.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/conf/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/conf/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/conf/monitoring/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/monitoring/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/conf/monitoring/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/monitoring/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/conf/monitoring/prometheusrule.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/monitoring/prometheusrule.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/conf/monitoring/prometheusrule.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/monitoring/prometheusrule.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/conf/monitoring/servicemonitor.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/monitoring/servicemonitor.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/conf/monitoring/servicemonitor.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/monitoring/servicemonitor.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/conf/other/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/other/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/conf/other/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/other/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/conf/other/systembackup.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/other/systembackup.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/conf/other/systembackup.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/other/systembackup.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/30min-snapshot.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/30min-snapshot.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/30min-snapshot.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/30min-snapshot.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-backup.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-backup.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-backup.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-backup.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-cleanup.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-cleanup.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-cleanup.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-cleanup.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-delete.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-delete.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-delete.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-delete.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-trim.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-trim.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-trim.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/daily-trim.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/hourly-backup.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/hourly-backup.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/hourly-backup.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/hourly-backup.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/recurringjobs/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/conf/snap-class.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/snap-class.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/conf/snap-class.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/conf/snap-class.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/ks.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/prereq/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/prereq/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/prereq/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/prereq/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/storage/longhorn/prereq/longhorn-iscsi-installation.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/prereq/longhorn-iscsi-installation.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/longhorn/prereq/longhorn-iscsi-installation.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/longhorn/prereq/longhorn-iscsi-installation.yaml diff --git a/kubernetes/test-cluster/apps/storage/namespace.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/namespace.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/namespace.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/namespace.yaml diff --git a/kubernetes/test-cluster/apps/storage/snapshot-controller/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/snapshot-controller/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/snapshot-controller/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/snapshot-controller/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/storage/snapshot-controller/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/snapshot-controller/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/snapshot-controller/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/snapshot-controller/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/storage/snapshot-controller/app/pki.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/snapshot-controller/app/pki.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/snapshot-controller/app/pki.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/snapshot-controller/app/pki.yaml diff --git a/kubernetes/test-cluster/apps/storage/snapshot-controller/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/snapshot-controller/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/snapshot-controller/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/snapshot-controller/ks.yaml diff --git a/kubernetes/test-cluster/apps/storage/synology-csi/app/clients.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/synology-csi/app/clients.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/synology-csi/app/clients.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/synology-csi/app/clients.yaml diff --git a/kubernetes/test-cluster/apps/storage/synology-csi/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/synology-csi/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/synology-csi/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/synology-csi/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/storage/synology-csi/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/synology-csi/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/synology-csi/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/synology-csi/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/storage/synology-csi/ks.dis b/archive/pre_talos/kubernetes/test-cluster/apps/storage/synology-csi/ks.dis similarity index 100% rename from kubernetes/test-cluster/apps/storage/synology-csi/ks.dis rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/synology-csi/ks.dis diff --git a/kubernetes/test-cluster/apps/storage/velero/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/velero/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/velero/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/velero/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/storage/velero/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/velero/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/velero/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/velero/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/storage/velero/app/resourcepolicy.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/velero/app/resourcepolicy.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/velero/app/resourcepolicy.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/velero/app/resourcepolicy.yaml diff --git a/kubernetes/test-cluster/apps/storage/velero/app/secret.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/velero/app/secret.sops.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/velero/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/velero/app/secret.sops.yaml diff --git a/kubernetes/test-cluster/apps/storage/velero/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/velero/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/velero/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/velero/ks.yaml diff --git a/kubernetes/test-cluster/apps/storage/volsync/app/helmrelease.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/volsync/app/helmrelease.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/volsync/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/volsync/app/helmrelease.yaml diff --git a/kubernetes/test-cluster/apps/storage/volsync/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/volsync/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/volsync/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/volsync/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/storage/volsync/app/prometheusrule.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/volsync/app/prometheusrule.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/volsync/app/prometheusrule.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/volsync/app/prometheusrule.yaml diff --git a/kubernetes/test-cluster/apps/storage/volsync/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/storage/volsync/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/storage/volsync/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/storage/volsync/ks.yaml diff --git a/kubernetes/test-cluster/apps/system-upgrade/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/system-upgrade/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/system-upgrade/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/system-upgrade/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/system-upgrade/namespace.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/system-upgrade/namespace.yaml similarity index 100% rename from kubernetes/test-cluster/apps/system-upgrade/namespace.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/system-upgrade/namespace.yaml diff --git a/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/ks.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/ks.yaml similarity index 100% rename from kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/ks.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/ks.yaml diff --git a/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/agent.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/agent.yaml similarity index 100% rename from kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/agent.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/agent.yaml diff --git a/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml diff --git a/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/server.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/server.yaml similarity index 100% rename from kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/server.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/server.yaml diff --git a/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/ubuntu.yaml b/archive/pre_talos/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/ubuntu.yaml similarity index 100% rename from kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/ubuntu.yaml rename to archive/pre_talos/kubernetes/test-cluster/apps/system-upgrade/system-upgrade-controller/plans/ubuntu.yaml diff --git a/kubernetes/test-cluster/bootstrap/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/bootstrap/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/bootstrap/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/bootstrap/kustomization.yaml diff --git a/kubernetes/test-cluster/flux/apps.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/apps.yaml similarity index 100% rename from kubernetes/test-cluster/flux/apps.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/apps.yaml diff --git a/kubernetes/test-cluster/flux/config/cluster.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/config/cluster.yaml similarity index 100% rename from kubernetes/test-cluster/flux/config/cluster.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/config/cluster.yaml diff --git a/kubernetes/test-cluster/flux/config/flux.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/config/flux.yaml similarity index 100% rename from kubernetes/test-cluster/flux/config/flux.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/config/flux.yaml diff --git a/kubernetes/test-cluster/flux/config/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/config/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/flux/config/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/config/kustomization.yaml diff --git a/kubernetes/test-cluster/flux/repositories/git/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/git/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/git/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/git/kustomization.yaml diff --git a/kubernetes/test-cluster/flux/repositories/git/local-path-provisioner.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/git/local-path-provisioner.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/git/local-path-provisioner.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/git/local-path-provisioner.yaml diff --git a/kubernetes/test-cluster/flux/repositories/git/synology-csi-chart.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/git/synology-csi-chart.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/git/synology-csi-chart.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/git/synology-csi-chart.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/backube.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/backube.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/backube.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/backube.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/bitnami.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/bitnami.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/bitnami.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/bitnami.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/bjw-s.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/bjw-s.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/bjw-s.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/bjw-s.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/cilium.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/cilium.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/cilium.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/cilium.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/crossplane.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/crossplane.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/crossplane.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/crossplane.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/csi-driver-nfs.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/csi-driver-nfs.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/csi-driver-nfs.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/csi-driver-nfs.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/deliveryheroio.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/deliveryheroio.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/deliveryheroio.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/deliveryheroio.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/democratic-csi.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/democratic-csi.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/democratic-csi.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/democratic-csi.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/external-dns.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/external-dns.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/external-dns.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/external-dns.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/external-secrets.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/external-secrets.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/external-secrets.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/external-secrets.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/fairwinds.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/fairwinds.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/fairwinds.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/fairwinds.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/grafana.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/grafana.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/grafana.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/grafana.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/hajimari.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/hajimari.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/hajimari.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/hajimari.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/ingress-nginx.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/ingress-nginx.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/ingress-nginx.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/ingress-nginx.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/jetstack.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/jetstack.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/jetstack.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/jetstack.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/k8s-gateway.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/k8s-gateway.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/k8s-gateway.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/k8s-gateway.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/kubereboot.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/kubereboot.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/kubereboot.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/kubereboot.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/kubernetes-dashboard.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/kubernetes-dashboard.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/kubernetes-dashboard.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/kubernetes-dashboard.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/kubernetes-sigs-descheduler-charts.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/kubernetes-sigs-descheduler-charts.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/kubernetes-sigs-descheduler-charts.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/kubernetes-sigs-descheduler-charts.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/kustomization.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/longhorn.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/longhorn.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/longhorn.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/longhorn.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/mariadb-operator.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/mariadb-operator.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/mariadb-operator.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/mariadb-operator.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/metallb.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/metallb.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/metallb.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/metallb.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/metrics-server.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/metrics-server.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/metrics-server.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/metrics-server.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/minecraft-server-charts.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/minecraft-server-charts.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/minecraft-server-charts.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/minecraft-server-charts.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/minio.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/minio.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/minio.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/minio.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/mittwald-charts.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/mittwald-charts.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/mittwald-charts.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/mittwald-charts.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/netdata.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/netdata.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/netdata.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/netdata.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/piraeus.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/piraeus.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/piraeus.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/piraeus.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/prometheus-community.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/prometheus-community.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/prometheus-community.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/prometheus-community.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/rancher.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/rancher.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/rancher.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/rancher.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/s3gw-charts.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/s3gw-charts.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/s3gw-charts.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/s3gw-charts.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/stakater.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/stakater.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/stakater.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/stakater.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/traefik-charts.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/traefik-charts.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/traefik-charts.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/traefik-charts.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/vector-charts.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/vector-charts.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/vector-charts.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/vector-charts.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/vmware-charts.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/vmware-charts.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/vmware-charts.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/vmware-charts.yaml diff --git a/kubernetes/test-cluster/flux/repositories/helm/weave-gitops.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/weave-gitops.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/helm/weave-gitops.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/helm/weave-gitops.yaml diff --git a/kubernetes/test-cluster/flux/repositories/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/flux/repositories/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/kustomization.yaml diff --git a/kubernetes/test-cluster/flux/repositories/oci/.gitkeep b/archive/pre_talos/kubernetes/test-cluster/flux/repositories/oci/.gitkeep similarity index 100% rename from kubernetes/test-cluster/flux/repositories/oci/.gitkeep rename to archive/pre_talos/kubernetes/test-cluster/flux/repositories/oci/.gitkeep diff --git a/kubernetes/test-cluster/flux/vars/cluster-secrets.sops.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/vars/cluster-secrets.sops.yaml similarity index 100% rename from kubernetes/test-cluster/flux/vars/cluster-secrets.sops.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/vars/cluster-secrets.sops.yaml diff --git a/kubernetes/test-cluster/flux/vars/cluster-settings.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/vars/cluster-settings.yaml similarity index 100% rename from kubernetes/test-cluster/flux/vars/cluster-settings.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/vars/cluster-settings.yaml diff --git a/kubernetes/test-cluster/flux/vars/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/flux/vars/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/flux/vars/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/flux/vars/kustomization.yaml diff --git a/kubernetes/test-cluster/shared/gatus/check/configmap.yaml b/archive/pre_talos/kubernetes/test-cluster/shared/gatus/check/configmap.yaml similarity index 100% rename from kubernetes/test-cluster/shared/gatus/check/configmap.yaml rename to archive/pre_talos/kubernetes/test-cluster/shared/gatus/check/configmap.yaml diff --git a/kubernetes/test-cluster/shared/gatus/check/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/shared/gatus/check/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/shared/gatus/check/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/shared/gatus/check/kustomization.yaml diff --git a/kubernetes/test-cluster/shared/gatus/dns-only/configmap.yaml b/archive/pre_talos/kubernetes/test-cluster/shared/gatus/dns-only/configmap.yaml similarity index 100% rename from kubernetes/test-cluster/shared/gatus/dns-only/configmap.yaml rename to archive/pre_talos/kubernetes/test-cluster/shared/gatus/dns-only/configmap.yaml diff --git a/kubernetes/test-cluster/shared/gatus/dns-only/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/shared/gatus/dns-only/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/shared/gatus/dns-only/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/shared/gatus/dns-only/kustomization.yaml diff --git a/kubernetes/test-cluster/shared/volsync/claim.yaml b/archive/pre_talos/kubernetes/test-cluster/shared/volsync/claim.yaml similarity index 100% rename from kubernetes/test-cluster/shared/volsync/claim.yaml rename to archive/pre_talos/kubernetes/test-cluster/shared/volsync/claim.yaml diff --git a/kubernetes/test-cluster/shared/volsync/kustomization.yaml b/archive/pre_talos/kubernetes/test-cluster/shared/volsync/kustomization.yaml similarity index 100% rename from kubernetes/test-cluster/shared/volsync/kustomization.yaml rename to archive/pre_talos/kubernetes/test-cluster/shared/volsync/kustomization.yaml diff --git a/kubernetes/test-cluster/shared/volsync/minio.yaml b/archive/pre_talos/kubernetes/test-cluster/shared/volsync/minio.yaml similarity index 100% rename from kubernetes/test-cluster/shared/volsync/minio.yaml rename to archive/pre_talos/kubernetes/test-cluster/shared/volsync/minio.yaml diff --git a/kubernetes/tpi/apps/cert-manager/cert-manager/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/cert-manager/cert-manager/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/cert-manager/cert-manager/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/cert-manager/cert-manager/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/cert-manager/cert-manager/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/cert-manager/cert-manager/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/cert-manager/cert-manager/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/cert-manager/cert-manager/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/cert-manager/cert-manager/app/prometheusrule.yaml b/archive/pre_talos/kubernetes/tpi/apps/cert-manager/cert-manager/app/prometheusrule.yaml similarity index 100% rename from kubernetes/tpi/apps/cert-manager/cert-manager/app/prometheusrule.yaml rename to archive/pre_talos/kubernetes/tpi/apps/cert-manager/cert-manager/app/prometheusrule.yaml diff --git a/kubernetes/tpi/apps/cert-manager/cert-manager/issuers/issuers.yaml b/archive/pre_talos/kubernetes/tpi/apps/cert-manager/cert-manager/issuers/issuers.yaml similarity index 100% rename from kubernetes/tpi/apps/cert-manager/cert-manager/issuers/issuers.yaml rename to archive/pre_talos/kubernetes/tpi/apps/cert-manager/cert-manager/issuers/issuers.yaml diff --git a/kubernetes/tpi/apps/cert-manager/cert-manager/issuers/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/cert-manager/cert-manager/issuers/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/cert-manager/cert-manager/issuers/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/cert-manager/cert-manager/issuers/kustomization.yaml diff --git a/kubernetes/tpi/apps/cert-manager/cert-manager/issuers/secret.sops.yaml b/archive/pre_talos/kubernetes/tpi/apps/cert-manager/cert-manager/issuers/secret.sops.yaml similarity index 100% rename from kubernetes/tpi/apps/cert-manager/cert-manager/issuers/secret.sops.yaml rename to archive/pre_talos/kubernetes/tpi/apps/cert-manager/cert-manager/issuers/secret.sops.yaml diff --git a/kubernetes/tpi/apps/cert-manager/cert-manager/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/cert-manager/cert-manager/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/cert-manager/cert-manager/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/cert-manager/cert-manager/ks.yaml diff --git a/kubernetes/tpi/apps/cert-manager/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/cert-manager/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/cert-manager/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/cert-manager/kustomization.yaml diff --git a/kubernetes/tpi/apps/cert-manager/namespace.yaml b/archive/pre_talos/kubernetes/tpi/apps/cert-manager/namespace.yaml similarity index 100% rename from kubernetes/tpi/apps/cert-manager/namespace.yaml rename to archive/pre_talos/kubernetes/tpi/apps/cert-manager/namespace.yaml diff --git a/kubernetes/tpi/apps/crossplane-system/crossplane/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/crossplane-system/crossplane/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/crossplane-system/crossplane/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/crossplane-system/crossplane/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/crossplane-system/crossplane/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/crossplane-system/crossplane/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/crossplane-system/crossplane/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/crossplane-system/crossplane/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/crossplane-system/crossplane/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/crossplane-system/crossplane/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/crossplane-system/crossplane/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/crossplane-system/crossplane/ks.yaml diff --git a/kubernetes/tpi/apps/crossplane-system/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/crossplane-system/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/crossplane-system/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/crossplane-system/kustomization.yaml diff --git a/kubernetes/tpi/apps/crossplane-system/namespace.yaml b/archive/pre_talos/kubernetes/tpi/apps/crossplane-system/namespace.yaml similarity index 100% rename from kubernetes/tpi/apps/crossplane-system/namespace.yaml rename to archive/pre_talos/kubernetes/tpi/apps/crossplane-system/namespace.yaml diff --git a/kubernetes/tpi/apps/database/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/database/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/database/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/database/kustomization.yaml diff --git a/kubernetes/tpi/apps/database/mariadb/instance/backup.yaml b/archive/pre_talos/kubernetes/tpi/apps/database/mariadb/instance/backup.yaml similarity index 100% rename from kubernetes/tpi/apps/database/mariadb/instance/backup.yaml rename to archive/pre_talos/kubernetes/tpi/apps/database/mariadb/instance/backup.yaml diff --git a/kubernetes/tpi/apps/database/mariadb/instance/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/database/mariadb/instance/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/database/mariadb/instance/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/database/mariadb/instance/kustomization.yaml diff --git a/kubernetes/tpi/apps/database/mariadb/instance/mariadb.yaml b/archive/pre_talos/kubernetes/tpi/apps/database/mariadb/instance/mariadb.yaml similarity index 100% rename from kubernetes/tpi/apps/database/mariadb/instance/mariadb.yaml rename to archive/pre_talos/kubernetes/tpi/apps/database/mariadb/instance/mariadb.yaml diff --git a/kubernetes/tpi/apps/database/mariadb/instance/secret.sops.yaml b/archive/pre_talos/kubernetes/tpi/apps/database/mariadb/instance/secret.sops.yaml similarity index 100% rename from kubernetes/tpi/apps/database/mariadb/instance/secret.sops.yaml rename to archive/pre_talos/kubernetes/tpi/apps/database/mariadb/instance/secret.sops.yaml diff --git a/kubernetes/tpi/apps/database/mariadb/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/database/mariadb/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/database/mariadb/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/database/mariadb/ks.yaml diff --git a/kubernetes/tpi/apps/database/mariadb/operator/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/database/mariadb/operator/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/database/mariadb/operator/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/database/mariadb/operator/helmrelease.yaml diff --git a/kubernetes/tpi/apps/database/mariadb/operator/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/database/mariadb/operator/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/database/mariadb/operator/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/database/mariadb/operator/kustomization.yaml diff --git a/kubernetes/tpi/apps/database/namespace.yaml b/archive/pre_talos/kubernetes/tpi/apps/database/namespace.yaml similarity index 100% rename from kubernetes/tpi/apps/database/namespace.yaml rename to archive/pre_talos/kubernetes/tpi/apps/database/namespace.yaml diff --git a/kubernetes/tpi/apps/default/code-server/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/code-server/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/default/code-server/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/code-server/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/default/code-server/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/code-server/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/code-server/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/code-server/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/code-server/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/code-server/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/default/code-server/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/code-server/ks.yaml diff --git a/kubernetes/tpi/apps/default/dashy/app/config/conf.yml b/archive/pre_talos/kubernetes/tpi/apps/default/dashy/app/config/conf.yml similarity index 100% rename from kubernetes/tpi/apps/default/dashy/app/config/conf.yml rename to archive/pre_talos/kubernetes/tpi/apps/default/dashy/app/config/conf.yml diff --git a/kubernetes/tpi/apps/default/dashy/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/dashy/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/default/dashy/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/dashy/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/default/dashy/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/dashy/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/dashy/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/dashy/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/dashy/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/dashy/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/default/dashy/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/dashy/ks.yaml diff --git a/kubernetes/tpi/apps/default/drop/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/drop/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/default/drop/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/drop/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/default/drop/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/drop/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/drop/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/drop/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/drop/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/drop/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/default/drop/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/drop/ks.yaml diff --git a/kubernetes/tpi/apps/default/echo-server/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/echo-server/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/default/echo-server/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/echo-server/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/default/echo-server/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/echo-server/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/echo-server/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/echo-server/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/echo-server/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/echo-server/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/default/echo-server/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/echo-server/ks.yaml diff --git a/kubernetes/tpi/apps/default/hajimari/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/hajimari/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/default/hajimari/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/hajimari/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/default/hajimari/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/hajimari/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/hajimari/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/hajimari/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/hajimari/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/hajimari/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/default/hajimari/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/hajimari/ks.yaml diff --git a/kubernetes/tpi/apps/default/headscale/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/headscale/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/default/headscale/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/headscale/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/default/headscale/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/headscale/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/headscale/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/headscale/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/headscale/ks.yaml.disabled b/archive/pre_talos/kubernetes/tpi/apps/default/headscale/ks.yaml.disabled similarity index 100% rename from kubernetes/tpi/apps/default/headscale/ks.yaml.disabled rename to archive/pre_talos/kubernetes/tpi/apps/default/headscale/ks.yaml.disabled diff --git a/kubernetes/tpi/apps/default/jdownloader/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/jdownloader/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/default/jdownloader/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/jdownloader/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/default/jdownloader/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/jdownloader/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/jdownloader/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/jdownloader/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/jdownloader/app/secret.sops.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/jdownloader/app/secret.sops.yaml similarity index 100% rename from kubernetes/tpi/apps/default/jdownloader/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/jdownloader/app/secret.sops.yaml diff --git a/kubernetes/tpi/apps/default/jdownloader/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/jdownloader/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/default/jdownloader/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/jdownloader/ks.yaml diff --git a/kubernetes/tpi/apps/default/kasm/app/ingress.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/kasm/app/ingress.yaml similarity index 100% rename from kubernetes/tpi/apps/default/kasm/app/ingress.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/kasm/app/ingress.yaml diff --git a/kubernetes/tpi/apps/default/kasm/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/kasm/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/kasm/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/kasm/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/kasm/app/service.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/kasm/app/service.yaml similarity index 100% rename from kubernetes/tpi/apps/default/kasm/app/service.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/kasm/app/service.yaml diff --git a/kubernetes/tpi/apps/default/kasm/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/kasm/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/default/kasm/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/kasm/ks.yaml diff --git a/kubernetes/tpi/apps/default/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/linkding/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/linkding/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/default/linkding/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/linkding/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/default/linkding/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/linkding/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/linkding/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/linkding/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/linkding/app/secret.sops.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/linkding/app/secret.sops.yaml similarity index 100% rename from kubernetes/tpi/apps/default/linkding/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/linkding/app/secret.sops.yaml diff --git a/kubernetes/tpi/apps/default/linkding/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/linkding/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/default/linkding/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/linkding/ks.yaml diff --git a/kubernetes/tpi/apps/default/namespace.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/namespace.yaml similarity index 100% rename from kubernetes/tpi/apps/default/namespace.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/namespace.yaml diff --git a/kubernetes/tpi/apps/default/octoprint/app/ingress.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/octoprint/app/ingress.yaml similarity index 100% rename from kubernetes/tpi/apps/default/octoprint/app/ingress.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/octoprint/app/ingress.yaml diff --git a/kubernetes/tpi/apps/default/octoprint/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/octoprint/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/octoprint/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/octoprint/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/octoprint/app/service.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/octoprint/app/service.yaml similarity index 100% rename from kubernetes/tpi/apps/default/octoprint/app/service.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/octoprint/app/service.yaml diff --git a/kubernetes/tpi/apps/default/octoprint/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/octoprint/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/default/octoprint/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/octoprint/ks.yaml diff --git a/kubernetes/tpi/apps/default/paperless/app/helmrelease-gotenberg.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/paperless/app/helmrelease-gotenberg.yaml similarity index 100% rename from kubernetes/tpi/apps/default/paperless/app/helmrelease-gotenberg.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/paperless/app/helmrelease-gotenberg.yaml diff --git a/kubernetes/tpi/apps/default/paperless/app/helmrelease-tika.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/paperless/app/helmrelease-tika.yaml similarity index 100% rename from kubernetes/tpi/apps/default/paperless/app/helmrelease-tika.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/paperless/app/helmrelease-tika.yaml diff --git a/kubernetes/tpi/apps/default/paperless/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/paperless/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/default/paperless/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/paperless/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/default/paperless/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/paperless/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/paperless/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/paperless/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/paperless/app/secret.sops.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/paperless/app/secret.sops.yaml similarity index 100% rename from kubernetes/tpi/apps/default/paperless/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/paperless/app/secret.sops.yaml diff --git a/kubernetes/tpi/apps/default/paperless/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/paperless/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/default/paperless/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/paperless/ks.yaml diff --git a/kubernetes/tpi/apps/default/paperless/redis/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/paperless/redis/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/default/paperless/redis/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/paperless/redis/helmrelease.yaml diff --git a/kubernetes/tpi/apps/default/paperless/redis/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/paperless/redis/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/paperless/redis/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/paperless/redis/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/s3gw/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/s3gw/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/default/s3gw/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/s3gw/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/default/s3gw/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/s3gw/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/s3gw/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/s3gw/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/s3gw/ks.yaml.disabled b/archive/pre_talos/kubernetes/tpi/apps/default/s3gw/ks.yaml.disabled similarity index 100% rename from kubernetes/tpi/apps/default/s3gw/ks.yaml.disabled rename to archive/pre_talos/kubernetes/tpi/apps/default/s3gw/ks.yaml.disabled diff --git a/kubernetes/tpi/apps/default/sharry/app/config/sharry.conf b/archive/pre_talos/kubernetes/tpi/apps/default/sharry/app/config/sharry.conf similarity index 100% rename from kubernetes/tpi/apps/default/sharry/app/config/sharry.conf rename to archive/pre_talos/kubernetes/tpi/apps/default/sharry/app/config/sharry.conf diff --git a/kubernetes/tpi/apps/default/sharry/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/sharry/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/default/sharry/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/sharry/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/default/sharry/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/sharry/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/sharry/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/sharry/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/sharry/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/sharry/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/default/sharry/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/sharry/ks.yaml diff --git a/kubernetes/tpi/apps/default/smtp-relay/app/config/maddy.conf b/archive/pre_talos/kubernetes/tpi/apps/default/smtp-relay/app/config/maddy.conf similarity index 100% rename from kubernetes/tpi/apps/default/smtp-relay/app/config/maddy.conf rename to archive/pre_talos/kubernetes/tpi/apps/default/smtp-relay/app/config/maddy.conf diff --git a/kubernetes/tpi/apps/default/smtp-relay/app/externalsecret.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/smtp-relay/app/externalsecret.yaml similarity index 100% rename from kubernetes/tpi/apps/default/smtp-relay/app/externalsecret.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/smtp-relay/app/externalsecret.yaml diff --git a/kubernetes/tpi/apps/default/smtp-relay/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/smtp-relay/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/default/smtp-relay/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/smtp-relay/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/default/smtp-relay/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/smtp-relay/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/smtp-relay/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/smtp-relay/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/smtp-relay/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/smtp-relay/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/default/smtp-relay/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/smtp-relay/ks.yaml diff --git a/kubernetes/tpi/apps/default/webtrees/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/webtrees/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/default/webtrees/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/webtrees/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/default/webtrees/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/webtrees/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/webtrees/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/webtrees/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/webtrees/app/secret.sops.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/webtrees/app/secret.sops.yaml similarity index 100% rename from kubernetes/tpi/apps/default/webtrees/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/webtrees/app/secret.sops.yaml diff --git a/kubernetes/tpi/apps/default/webtrees/db/cronjob.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/webtrees/db/cronjob.yaml similarity index 100% rename from kubernetes/tpi/apps/default/webtrees/db/cronjob.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/webtrees/db/cronjob.yaml diff --git a/kubernetes/tpi/apps/default/webtrees/db/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/webtrees/db/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/default/webtrees/db/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/webtrees/db/helmrelease.yaml diff --git a/kubernetes/tpi/apps/default/webtrees/db/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/webtrees/db/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/default/webtrees/db/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/webtrees/db/kustomization.yaml diff --git a/kubernetes/tpi/apps/default/webtrees/db/secret.sops.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/webtrees/db/secret.sops.yaml similarity index 100% rename from kubernetes/tpi/apps/default/webtrees/db/secret.sops.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/webtrees/db/secret.sops.yaml diff --git a/kubernetes/tpi/apps/default/webtrees/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/default/webtrees/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/default/webtrees/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/default/webtrees/ks.yaml diff --git a/kubernetes/tpi/apps/flux-system/addons/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/flux-system/addons/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/ks.yaml diff --git a/kubernetes/tpi/apps/flux-system/addons/monitoring/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/monitoring/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/flux-system/addons/monitoring/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/monitoring/kustomization.yaml diff --git a/kubernetes/tpi/apps/flux-system/addons/monitoring/podmonitor.yaml b/archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/monitoring/podmonitor.yaml similarity index 100% rename from kubernetes/tpi/apps/flux-system/addons/monitoring/podmonitor.yaml rename to archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/monitoring/podmonitor.yaml diff --git a/kubernetes/tpi/apps/flux-system/addons/monitoring/prometheusrule.yaml b/archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/monitoring/prometheusrule.yaml similarity index 100% rename from kubernetes/tpi/apps/flux-system/addons/monitoring/prometheusrule.yaml rename to archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/monitoring/prometheusrule.yaml diff --git a/kubernetes/tpi/apps/flux-system/addons/webhooks/github/ingress.yaml b/archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/webhooks/github/ingress.yaml similarity index 100% rename from kubernetes/tpi/apps/flux-system/addons/webhooks/github/ingress.yaml rename to archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/webhooks/github/ingress.yaml diff --git a/kubernetes/tpi/apps/flux-system/addons/webhooks/github/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/webhooks/github/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/flux-system/addons/webhooks/github/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/webhooks/github/kustomization.yaml diff --git a/kubernetes/tpi/apps/flux-system/addons/webhooks/github/receiver.yaml b/archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/webhooks/github/receiver.yaml similarity index 100% rename from kubernetes/tpi/apps/flux-system/addons/webhooks/github/receiver.yaml rename to archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/webhooks/github/receiver.yaml diff --git a/kubernetes/tpi/apps/flux-system/addons/webhooks/github/secret.sops.yaml b/archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/webhooks/github/secret.sops.yaml similarity index 100% rename from kubernetes/tpi/apps/flux-system/addons/webhooks/github/secret.sops.yaml rename to archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/webhooks/github/secret.sops.yaml diff --git a/kubernetes/tpi/apps/flux-system/addons/webhooks/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/webhooks/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/flux-system/addons/webhooks/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/flux-system/addons/webhooks/kustomization.yaml diff --git a/kubernetes/tpi/apps/flux-system/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/flux-system/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/flux-system/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/flux-system/kustomization.yaml diff --git a/kubernetes/tpi/apps/flux-system/namespace.yaml b/archive/pre_talos/kubernetes/tpi/apps/flux-system/namespace.yaml similarity index 100% rename from kubernetes/tpi/apps/flux-system/namespace.yaml rename to archive/pre_talos/kubernetes/tpi/apps/flux-system/namespace.yaml diff --git a/kubernetes/tpi/apps/flux-system/weave-gitops/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/flux-system/weave-gitops/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/flux-system/weave-gitops/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/flux-system/weave-gitops/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/flux-system/weave-gitops/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/flux-system/weave-gitops/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/flux-system/weave-gitops/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/flux-system/weave-gitops/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/flux-system/weave-gitops/app/rbac.yaml b/archive/pre_talos/kubernetes/tpi/apps/flux-system/weave-gitops/app/rbac.yaml similarity index 100% rename from kubernetes/tpi/apps/flux-system/weave-gitops/app/rbac.yaml rename to archive/pre_talos/kubernetes/tpi/apps/flux-system/weave-gitops/app/rbac.yaml diff --git a/kubernetes/tpi/apps/flux-system/weave-gitops/app/secret.sops.yaml b/archive/pre_talos/kubernetes/tpi/apps/flux-system/weave-gitops/app/secret.sops.yaml similarity index 100% rename from kubernetes/tpi/apps/flux-system/weave-gitops/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/tpi/apps/flux-system/weave-gitops/app/secret.sops.yaml diff --git a/kubernetes/tpi/apps/flux-system/weave-gitops/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/flux-system/weave-gitops/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/flux-system/weave-gitops/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/flux-system/weave-gitops/ks.yaml diff --git a/kubernetes/tpi/apps/games/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/games/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/games/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/games/kustomization.yaml diff --git a/kubernetes/tpi/apps/games/minecraft-server/app/backup-sa.yaml b/archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/app/backup-sa.yaml similarity index 100% rename from kubernetes/tpi/apps/games/minecraft-server/app/backup-sa.yaml rename to archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/app/backup-sa.yaml diff --git a/kubernetes/tpi/apps/games/minecraft-server/app/helmrelease-creative.yaml b/archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/app/helmrelease-creative.yaml similarity index 100% rename from kubernetes/tpi/apps/games/minecraft-server/app/helmrelease-creative.yaml rename to archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/app/helmrelease-creative.yaml diff --git a/kubernetes/tpi/apps/games/minecraft-server/app/helmrelease-family.yaml b/archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/app/helmrelease-family.yaml similarity index 100% rename from kubernetes/tpi/apps/games/minecraft-server/app/helmrelease-family.yaml rename to archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/app/helmrelease-family.yaml diff --git a/kubernetes/tpi/apps/games/minecraft-server/app/helmrelease-insel.yaml b/archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/app/helmrelease-insel.yaml similarity index 100% rename from kubernetes/tpi/apps/games/minecraft-server/app/helmrelease-insel.yaml rename to archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/app/helmrelease-insel.yaml diff --git a/kubernetes/tpi/apps/games/minecraft-server/app/helmrelease-survival.yaml b/archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/app/helmrelease-survival.yaml similarity index 100% rename from kubernetes/tpi/apps/games/minecraft-server/app/helmrelease-survival.yaml rename to archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/app/helmrelease-survival.yaml diff --git a/kubernetes/tpi/apps/games/minecraft-server/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/games/minecraft-server/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/games/minecraft-server/app/mc-backup.sh b/archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/app/mc-backup.sh similarity index 100% rename from kubernetes/tpi/apps/games/minecraft-server/app/mc-backup.sh rename to archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/app/mc-backup.sh diff --git a/kubernetes/tpi/apps/games/minecraft-server/app/monitoring.yaml b/archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/app/monitoring.yaml similarity index 100% rename from kubernetes/tpi/apps/games/minecraft-server/app/monitoring.yaml rename to archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/app/monitoring.yaml diff --git a/kubernetes/tpi/apps/games/minecraft-server/ks.dis b/archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/ks.dis similarity index 100% rename from kubernetes/tpi/apps/games/minecraft-server/ks.dis rename to archive/pre_talos/kubernetes/tpi/apps/games/minecraft-server/ks.dis diff --git a/kubernetes/tpi/apps/games/namespace.yaml b/archive/pre_talos/kubernetes/tpi/apps/games/namespace.yaml similarity index 100% rename from kubernetes/tpi/apps/games/namespace.yaml rename to archive/pre_talos/kubernetes/tpi/apps/games/namespace.yaml diff --git a/kubernetes/tpi/apps/kube-system/cilium/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/cilium/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/cilium/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/cilium/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/kube-system/cilium/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/cilium/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/cilium/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/cilium/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/kube-system/cilium/config/cilium-l2.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/cilium/config/cilium-l2.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/cilium/config/cilium-l2.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/cilium/config/cilium-l2.yaml diff --git a/kubernetes/tpi/apps/kube-system/cilium/config/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/cilium/config/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/cilium/config/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/cilium/config/kustomization.yaml diff --git a/kubernetes/tpi/apps/kube-system/cilium/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/cilium/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/cilium/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/cilium/ks.yaml diff --git a/kubernetes/tpi/apps/kube-system/container-object-storage-interface/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/container-object-storage-interface/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/container-object-storage-interface/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/container-object-storage-interface/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/kube-system/container-object-storage-interface/ks.dis b/archive/pre_talos/kubernetes/tpi/apps/kube-system/container-object-storage-interface/ks.dis similarity index 100% rename from kubernetes/tpi/apps/kube-system/container-object-storage-interface/ks.dis rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/container-object-storage-interface/ks.dis diff --git a/kubernetes/tpi/apps/kube-system/descheduler/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/descheduler/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/descheduler/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/descheduler/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/kube-system/descheduler/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/descheduler/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/descheduler/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/descheduler/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/kube-system/descheduler/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/descheduler/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/descheduler/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/descheduler/ks.yaml diff --git a/kubernetes/tpi/apps/kube-system/kube-vip/app/daemonset.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/kube-vip/app/daemonset.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/kube-vip/app/daemonset.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/kube-vip/app/daemonset.yaml diff --git a/kubernetes/tpi/apps/kube-system/kube-vip/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/kube-vip/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/kube-vip/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/kube-vip/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/kube-system/kube-vip/app/rbac.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/kube-vip/app/rbac.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/kube-vip/app/rbac.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/kube-vip/app/rbac.yaml diff --git a/kubernetes/tpi/apps/kube-system/kube-vip/ks.dis b/archive/pre_talos/kubernetes/tpi/apps/kube-system/kube-vip/ks.dis similarity index 100% rename from kubernetes/tpi/apps/kube-system/kube-vip/ks.dis rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/kube-vip/ks.dis diff --git a/kubernetes/tpi/apps/kube-system/kubernetes-replicator/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/kubernetes-replicator/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/kubernetes-replicator/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/kubernetes-replicator/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/kube-system/kubernetes-replicator/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/kubernetes-replicator/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/kubernetes-replicator/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/kubernetes-replicator/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/kube-system/kubernetes-replicator/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/kubernetes-replicator/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/kubernetes-replicator/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/kubernetes-replicator/ks.yaml diff --git a/kubernetes/tpi/apps/kube-system/kured/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/kured/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/kured/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/kured/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/kube-system/kured/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/kured/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/kured/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/kured/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/kube-system/kured/app/prometheusrule.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/kured/app/prometheusrule.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/kured/app/prometheusrule.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/kured/app/prometheusrule.yaml diff --git a/kubernetes/tpi/apps/kube-system/kured/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/kured/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/kured/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/kured/ks.yaml diff --git a/kubernetes/tpi/apps/kube-system/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/kustomization.yaml diff --git a/kubernetes/tpi/apps/kube-system/local-path-provisioner/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/local-path-provisioner/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/local-path-provisioner/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/local-path-provisioner/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/kube-system/local-path-provisioner/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/local-path-provisioner/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/local-path-provisioner/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/local-path-provisioner/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/kube-system/local-path-provisioner/ks.dis b/archive/pre_talos/kubernetes/tpi/apps/kube-system/local-path-provisioner/ks.dis similarity index 100% rename from kubernetes/tpi/apps/kube-system/local-path-provisioner/ks.dis rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/local-path-provisioner/ks.dis diff --git a/kubernetes/tpi/apps/kube-system/metrics-server/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/metrics-server/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/metrics-server/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/metrics-server/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/kube-system/metrics-server/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/metrics-server/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/metrics-server/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/metrics-server/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/kube-system/metrics-server/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/metrics-server/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/metrics-server/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/metrics-server/ks.yaml diff --git a/kubernetes/tpi/apps/kube-system/namespace.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/namespace.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/namespace.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/namespace.yaml diff --git a/kubernetes/tpi/apps/kube-system/node-problem-detector/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/node-problem-detector/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/node-problem-detector/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/node-problem-detector/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/kube-system/node-problem-detector/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/node-problem-detector/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/node-problem-detector/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/node-problem-detector/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/kube-system/node-problem-detector/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/node-problem-detector/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/node-problem-detector/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/node-problem-detector/ks.yaml diff --git a/kubernetes/tpi/apps/kube-system/reloader/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/reloader/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/reloader/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/reloader/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/kube-system/reloader/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/reloader/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/reloader/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/reloader/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/kube-system/reloader/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/kube-system/reloader/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/kube-system/reloader/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/kube-system/reloader/ks.yaml diff --git a/kubernetes/tpi/apps/media/calibre-web/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/calibre-web/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/media/calibre-web/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/calibre-web/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/media/calibre-web/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/calibre-web/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/media/calibre-web/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/calibre-web/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/media/calibre-web/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/calibre-web/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/media/calibre-web/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/calibre-web/ks.yaml diff --git a/kubernetes/tpi/apps/media/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/media/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/kustomization.yaml diff --git a/kubernetes/tpi/apps/media/mediabox/app/bazarr-ingress.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/bazarr-ingress.yaml similarity index 100% rename from kubernetes/tpi/apps/media/mediabox/app/bazarr-ingress.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/bazarr-ingress.yaml diff --git a/kubernetes/tpi/apps/media/mediabox/app/gaps-ingress.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/gaps-ingress.yaml similarity index 100% rename from kubernetes/tpi/apps/media/mediabox/app/gaps-ingress.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/gaps-ingress.yaml diff --git a/kubernetes/tpi/apps/media/mediabox/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/media/mediabox/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/media/mediabox/app/lldap-ingress.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/lldap-ingress.yaml similarity index 100% rename from kubernetes/tpi/apps/media/mediabox/app/lldap-ingress.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/lldap-ingress.yaml diff --git a/kubernetes/tpi/apps/media/mediabox/app/notifiarr-ingress.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/notifiarr-ingress.yaml similarity index 100% rename from kubernetes/tpi/apps/media/mediabox/app/notifiarr-ingress.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/notifiarr-ingress.yaml diff --git a/kubernetes/tpi/apps/media/mediabox/app/prowlarr-exporter.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/prowlarr-exporter.yaml similarity index 100% rename from kubernetes/tpi/apps/media/mediabox/app/prowlarr-exporter.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/prowlarr-exporter.yaml diff --git a/kubernetes/tpi/apps/media/mediabox/app/prowlarr-ingress.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/prowlarr-ingress.yaml similarity index 100% rename from kubernetes/tpi/apps/media/mediabox/app/prowlarr-ingress.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/prowlarr-ingress.yaml diff --git a/kubernetes/tpi/apps/media/mediabox/app/radarr-exporter.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/radarr-exporter.yaml similarity index 100% rename from kubernetes/tpi/apps/media/mediabox/app/radarr-exporter.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/radarr-exporter.yaml diff --git a/kubernetes/tpi/apps/media/mediabox/app/radarr-ingress.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/radarr-ingress.yaml similarity index 100% rename from kubernetes/tpi/apps/media/mediabox/app/radarr-ingress.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/radarr-ingress.yaml diff --git a/kubernetes/tpi/apps/media/mediabox/app/sabnzbd-ingress.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/sabnzbd-ingress.yaml similarity index 100% rename from kubernetes/tpi/apps/media/mediabox/app/sabnzbd-ingress.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/sabnzbd-ingress.yaml diff --git a/kubernetes/tpi/apps/media/mediabox/app/service.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/service.yaml similarity index 100% rename from kubernetes/tpi/apps/media/mediabox/app/service.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/service.yaml diff --git a/kubernetes/tpi/apps/media/mediabox/app/sonar-ingress.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/sonar-ingress.yaml similarity index 100% rename from kubernetes/tpi/apps/media/mediabox/app/sonar-ingress.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/sonar-ingress.yaml diff --git a/kubernetes/tpi/apps/media/mediabox/app/sonarr-exporter.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/sonarr-exporter.yaml similarity index 100% rename from kubernetes/tpi/apps/media/mediabox/app/sonarr-exporter.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/mediabox/app/sonarr-exporter.yaml diff --git a/kubernetes/tpi/apps/media/mediabox/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/mediabox/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/media/mediabox/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/mediabox/ks.yaml diff --git a/kubernetes/tpi/apps/media/namespace.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/namespace.yaml similarity index 100% rename from kubernetes/tpi/apps/media/namespace.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/namespace.yaml diff --git a/kubernetes/tpi/apps/media/plex-exporter/app/configmap.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/plex-exporter/app/configmap.yaml similarity index 100% rename from kubernetes/tpi/apps/media/plex-exporter/app/configmap.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/plex-exporter/app/configmap.yaml diff --git a/kubernetes/tpi/apps/media/plex-exporter/app/deployment.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/plex-exporter/app/deployment.yaml similarity index 100% rename from kubernetes/tpi/apps/media/plex-exporter/app/deployment.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/plex-exporter/app/deployment.yaml diff --git a/kubernetes/tpi/apps/media/plex-exporter/app/grafana-dashboard.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/plex-exporter/app/grafana-dashboard.yaml similarity index 100% rename from kubernetes/tpi/apps/media/plex-exporter/app/grafana-dashboard.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/plex-exporter/app/grafana-dashboard.yaml diff --git a/kubernetes/tpi/apps/media/plex-exporter/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/plex-exporter/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/media/plex-exporter/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/plex-exporter/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/media/plex-exporter/app/plex-exporter-grafana-dashboard.json b/archive/pre_talos/kubernetes/tpi/apps/media/plex-exporter/app/plex-exporter-grafana-dashboard.json similarity index 100% rename from kubernetes/tpi/apps/media/plex-exporter/app/plex-exporter-grafana-dashboard.json rename to archive/pre_talos/kubernetes/tpi/apps/media/plex-exporter/app/plex-exporter-grafana-dashboard.json diff --git a/kubernetes/tpi/apps/media/plex-exporter/app/service-monitor.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/plex-exporter/app/service-monitor.yaml similarity index 100% rename from kubernetes/tpi/apps/media/plex-exporter/app/service-monitor.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/plex-exporter/app/service-monitor.yaml diff --git a/kubernetes/tpi/apps/media/plex-exporter/app/service.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/plex-exporter/app/service.yaml similarity index 100% rename from kubernetes/tpi/apps/media/plex-exporter/app/service.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/plex-exporter/app/service.yaml diff --git a/kubernetes/tpi/apps/media/plex-exporter/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/plex-exporter/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/media/plex-exporter/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/plex-exporter/ks.yaml diff --git a/kubernetes/tpi/apps/media/plex-trakt-sync/app/config/config.yml b/archive/pre_talos/kubernetes/tpi/apps/media/plex-trakt-sync/app/config/config.yml similarity index 100% rename from kubernetes/tpi/apps/media/plex-trakt-sync/app/config/config.yml rename to archive/pre_talos/kubernetes/tpi/apps/media/plex-trakt-sync/app/config/config.yml diff --git a/kubernetes/tpi/apps/media/plex-trakt-sync/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/plex-trakt-sync/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/media/plex-trakt-sync/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/plex-trakt-sync/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/media/plex-trakt-sync/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/plex-trakt-sync/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/media/plex-trakt-sync/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/plex-trakt-sync/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/media/plex-trakt-sync/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/plex-trakt-sync/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/media/plex-trakt-sync/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/plex-trakt-sync/ks.yaml diff --git a/kubernetes/tpi/apps/media/podsync/app/config/config.toml b/archive/pre_talos/kubernetes/tpi/apps/media/podsync/app/config/config.toml similarity index 100% rename from kubernetes/tpi/apps/media/podsync/app/config/config.toml rename to archive/pre_talos/kubernetes/tpi/apps/media/podsync/app/config/config.toml diff --git a/kubernetes/tpi/apps/media/podsync/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/podsync/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/media/podsync/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/podsync/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/media/podsync/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/podsync/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/media/podsync/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/podsync/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/media/podsync/ks.dis b/archive/pre_talos/kubernetes/tpi/apps/media/podsync/ks.dis similarity index 100% rename from kubernetes/tpi/apps/media/podsync/ks.dis rename to archive/pre_talos/kubernetes/tpi/apps/media/podsync/ks.dis diff --git a/kubernetes/tpi/apps/media/tautulli/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/tautulli/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/media/tautulli/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/tautulli/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/media/tautulli/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/tautulli/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/media/tautulli/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/tautulli/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/media/tautulli/exporter/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/tautulli/exporter/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/media/tautulli/exporter/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/tautulli/exporter/helmrelease.yaml diff --git a/kubernetes/tpi/apps/media/tautulli/exporter/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/tautulli/exporter/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/media/tautulli/exporter/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/tautulli/exporter/kustomization.yaml diff --git a/kubernetes/tpi/apps/media/tautulli/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/media/tautulli/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/media/tautulli/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/media/tautulli/ks.yaml diff --git a/kubernetes/tpi/apps/networking/cloudflare-ddns/app/cloudflare-ddns.sh b/archive/pre_talos/kubernetes/tpi/apps/networking/cloudflare-ddns/app/cloudflare-ddns.sh similarity index 100% rename from kubernetes/tpi/apps/networking/cloudflare-ddns/app/cloudflare-ddns.sh rename to archive/pre_talos/kubernetes/tpi/apps/networking/cloudflare-ddns/app/cloudflare-ddns.sh diff --git a/kubernetes/tpi/apps/networking/cloudflare-ddns/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/cloudflare-ddns/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/cloudflare-ddns/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/cloudflare-ddns/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/networking/cloudflare-ddns/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/cloudflare-ddns/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/cloudflare-ddns/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/cloudflare-ddns/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/cloudflare-ddns/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/cloudflare-ddns/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/cloudflare-ddns/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/cloudflare-ddns/ks.yaml diff --git a/kubernetes/tpi/apps/networking/external-dns/app/dnsendpoint-crd.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/external-dns/app/dnsendpoint-crd.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/external-dns/app/dnsendpoint-crd.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/external-dns/app/dnsendpoint-crd.yaml diff --git a/kubernetes/tpi/apps/networking/external-dns/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/external-dns/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/external-dns/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/external-dns/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/networking/external-dns/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/external-dns/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/external-dns/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/external-dns/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/external-dns/app/secret.sops.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/external-dns/app/secret.sops.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/external-dns/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/external-dns/app/secret.sops.yaml diff --git a/kubernetes/tpi/apps/networking/external-dns/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/external-dns/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/external-dns/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/external-dns/ks.yaml diff --git a/kubernetes/tpi/apps/networking/ingress-nginx/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/ingress-nginx/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/ingress-nginx/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/ingress-nginx/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/networking/ingress-nginx/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/ingress-nginx/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/ingress-nginx/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/ingress-nginx/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/ingress-nginx/certificates/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/ingress-nginx/certificates/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/ingress-nginx/certificates/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/ingress-nginx/certificates/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/ingress-nginx/certificates/production.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/ingress-nginx/certificates/production.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/ingress-nginx/certificates/production.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/ingress-nginx/certificates/production.yaml diff --git a/kubernetes/tpi/apps/networking/ingress-nginx/certificates/staging.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/ingress-nginx/certificates/staging.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/ingress-nginx/certificates/staging.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/ingress-nginx/certificates/staging.yaml diff --git a/kubernetes/tpi/apps/networking/ingress-nginx/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/ingress-nginx/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/ingress-nginx/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/ingress-nginx/ks.yaml diff --git a/kubernetes/tpi/apps/networking/ingressmonitorcontroller/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/ingressmonitorcontroller/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/ingressmonitorcontroller/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/ingressmonitorcontroller/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/networking/ingressmonitorcontroller/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/ingressmonitorcontroller/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/ingressmonitorcontroller/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/ingressmonitorcontroller/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/ingressmonitorcontroller/app/secret.sops.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/ingressmonitorcontroller/app/secret.sops.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/ingressmonitorcontroller/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/ingressmonitorcontroller/app/secret.sops.yaml diff --git a/kubernetes/tpi/apps/networking/ingressmonitorcontroller/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/ingressmonitorcontroller/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/ingressmonitorcontroller/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/ingressmonitorcontroller/ks.yaml diff --git a/kubernetes/tpi/apps/networking/k8s-gateway/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/k8s-gateway/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/k8s-gateway/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/k8s-gateway/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/networking/k8s-gateway/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/k8s-gateway/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/k8s-gateway/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/k8s-gateway/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/k8s-gateway/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/k8s-gateway/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/k8s-gateway/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/k8s-gateway/ks.yaml diff --git a/kubernetes/tpi/apps/networking/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/metallb/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/metallb/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/metallb/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/metallb/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/networking/metallb/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/metallb/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/metallb/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/metallb/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/metallb/config/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/metallb/config/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/metallb/config/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/metallb/config/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/metallb/config/resources.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/metallb/config/resources.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/metallb/config/resources.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/metallb/config/resources.yaml diff --git a/kubernetes/tpi/apps/networking/metallb/ks.disable b/archive/pre_talos/kubernetes/tpi/apps/networking/metallb/ks.disable similarity index 100% rename from kubernetes/tpi/apps/networking/metallb/ks.disable rename to archive/pre_talos/kubernetes/tpi/apps/networking/metallb/ks.disable diff --git a/kubernetes/tpi/apps/networking/namespace.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/namespace.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/namespace.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/namespace.yaml diff --git a/kubernetes/tpi/apps/networking/phpipam/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/phpipam/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/ks.yaml diff --git a/kubernetes/tpi/apps/networking/phpipam/phpipam-db/database.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-db/database.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/phpipam/phpipam-db/database.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-db/database.yaml diff --git a/kubernetes/tpi/apps/networking/phpipam/phpipam-db/grant.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-db/grant.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/phpipam/phpipam-db/grant.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-db/grant.yaml diff --git a/kubernetes/tpi/apps/networking/phpipam/phpipam-db/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-db/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/phpipam/phpipam-db/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-db/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/phpipam/phpipam-db/secret.sops.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-db/secret.sops.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/phpipam/phpipam-db/secret.sops.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-db/secret.sops.yaml diff --git a/kubernetes/tpi/apps/networking/phpipam/phpipam-db/user.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-db/user.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/phpipam/phpipam-db/user.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-db/user.yaml diff --git a/kubernetes/tpi/apps/networking/phpipam/phpipam-web/deployment.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-web/deployment.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/phpipam/phpipam-web/deployment.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-web/deployment.yaml diff --git a/kubernetes/tpi/apps/networking/phpipam/phpipam-web/ingress.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-web/ingress.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/phpipam/phpipam-web/ingress.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-web/ingress.yaml diff --git a/kubernetes/tpi/apps/networking/phpipam/phpipam-web/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-web/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/phpipam/phpipam-web/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-web/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/phpipam/phpipam-web/service.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-web/service.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/phpipam/phpipam-web/service.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/phpipam/phpipam-web/service.yaml diff --git a/kubernetes/tpi/apps/networking/traefik/app/helm-release.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/traefik/app/helm-release.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/traefik/app/helm-release.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/traefik/app/helm-release.yaml diff --git a/kubernetes/tpi/apps/networking/traefik/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/traefik/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/traefik/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/traefik/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/traefik/config/certificates/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/certificates/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/traefik/config/certificates/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/certificates/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/traefik/config/certificates/production.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/certificates/production.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/traefik/config/certificates/production.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/certificates/production.yaml diff --git a/kubernetes/tpi/apps/networking/traefik/config/certificates/staging.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/certificates/staging.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/traefik/config/certificates/staging.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/certificates/staging.yaml diff --git a/kubernetes/tpi/apps/networking/traefik/config/dashboard/ingress.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/dashboard/ingress.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/traefik/config/dashboard/ingress.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/dashboard/ingress.yaml diff --git a/kubernetes/tpi/apps/networking/traefik/config/dashboard/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/dashboard/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/traefik/config/dashboard/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/dashboard/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/traefik/config/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/traefik/config/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/traefik/config/middlewares/authelia.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/middlewares/authelia.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/traefik/config/middlewares/authelia.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/middlewares/authelia.yaml diff --git a/kubernetes/tpi/apps/networking/traefik/config/middlewares/cloudflare-only.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/middlewares/cloudflare-only.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/traefik/config/middlewares/cloudflare-only.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/middlewares/cloudflare-only.yaml diff --git a/kubernetes/tpi/apps/networking/traefik/config/middlewares/internal-only.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/middlewares/internal-only.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/traefik/config/middlewares/internal-only.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/middlewares/internal-only.yaml diff --git a/kubernetes/tpi/apps/networking/traefik/config/middlewares/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/middlewares/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/traefik/config/middlewares/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/middlewares/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/traefik/config/serverstransport/insecureskipverify.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/serverstransport/insecureskipverify.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/traefik/config/serverstransport/insecureskipverify.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/serverstransport/insecureskipverify.yaml diff --git a/kubernetes/tpi/apps/networking/traefik/config/serverstransport/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/serverstransport/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/traefik/config/serverstransport/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/serverstransport/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/traefik/config/tls-store/default.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/tls-store/default.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/traefik/config/tls-store/default.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/tls-store/default.yaml diff --git a/kubernetes/tpi/apps/networking/traefik/config/tls-store/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/tls-store/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/traefik/config/tls-store/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/traefik/config/tls-store/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/traefik/ks.dis b/archive/pre_talos/kubernetes/tpi/apps/networking/traefik/ks.dis similarity index 100% rename from kubernetes/tpi/apps/networking/traefik/ks.dis rename to archive/pre_talos/kubernetes/tpi/apps/networking/traefik/ks.dis diff --git a/kubernetes/tpi/apps/networking/vpn/app/ingressroutetcp.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/vpn/app/ingressroutetcp.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/vpn/app/ingressroutetcp.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/vpn/app/ingressroutetcp.yaml diff --git a/kubernetes/tpi/apps/networking/vpn/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/vpn/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/vpn/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/vpn/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/networking/vpn/app/service.yaml b/archive/pre_talos/kubernetes/tpi/apps/networking/vpn/app/service.yaml similarity index 100% rename from kubernetes/tpi/apps/networking/vpn/app/service.yaml rename to archive/pre_talos/kubernetes/tpi/apps/networking/vpn/app/service.yaml diff --git a/kubernetes/tpi/apps/networking/vpn/ks.dis b/archive/pre_talos/kubernetes/tpi/apps/networking/vpn/ks.dis similarity index 100% rename from kubernetes/tpi/apps/networking/vpn/ks.dis rename to archive/pre_talos/kubernetes/tpi/apps/networking/vpn/ks.dis diff --git a/kubernetes/tpi/apps/observability/alertmanager-discord/app/alertmanager-discord-config.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/alertmanager-discord/app/alertmanager-discord-config.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/alertmanager-discord/app/alertmanager-discord-config.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/alertmanager-discord/app/alertmanager-discord-config.yaml diff --git a/kubernetes/tpi/apps/observability/alertmanager-discord/app/alertmanager-discord-deployment.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/alertmanager-discord/app/alertmanager-discord-deployment.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/alertmanager-discord/app/alertmanager-discord-deployment.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/alertmanager-discord/app/alertmanager-discord-deployment.yaml diff --git a/kubernetes/tpi/apps/observability/alertmanager-discord/app/alertmanager-discord-service.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/alertmanager-discord/app/alertmanager-discord-service.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/alertmanager-discord/app/alertmanager-discord-service.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/alertmanager-discord/app/alertmanager-discord-service.yaml diff --git a/kubernetes/tpi/apps/observability/alertmanager-discord/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/alertmanager-discord/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/alertmanager-discord/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/alertmanager-discord/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/observability/alertmanager-discord/app/secret.sops.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/alertmanager-discord/app/secret.sops.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/alertmanager-discord/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/alertmanager-discord/app/secret.sops.yaml diff --git a/kubernetes/tpi/apps/observability/alertmanager-discord/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/alertmanager-discord/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/alertmanager-discord/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/alertmanager-discord/ks.yaml diff --git a/kubernetes/tpi/apps/observability/gatus/app/config/config.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/gatus/app/config/config.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/gatus/app/config/config.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/gatus/app/config/config.yaml diff --git a/kubernetes/tpi/apps/observability/gatus/app/externalsecret.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/gatus/app/externalsecret.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/gatus/app/externalsecret.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/gatus/app/externalsecret.yaml diff --git a/kubernetes/tpi/apps/observability/gatus/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/gatus/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/gatus/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/gatus/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/observability/gatus/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/gatus/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/gatus/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/gatus/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/observability/gatus/app/rbac.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/gatus/app/rbac.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/gatus/app/rbac.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/gatus/app/rbac.yaml diff --git a/kubernetes/tpi/apps/observability/gatus/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/gatus/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/gatus/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/gatus/ks.yaml diff --git a/kubernetes/tpi/apps/observability/goldilocks/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/goldilocks/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/goldilocks/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/goldilocks/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/observability/goldilocks/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/goldilocks/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/goldilocks/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/goldilocks/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/observability/goldilocks/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/goldilocks/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/goldilocks/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/goldilocks/ks.yaml diff --git a/kubernetes/tpi/apps/observability/grafana/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/grafana/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/grafana/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/grafana/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/observability/grafana/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/grafana/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/grafana/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/grafana/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/observability/grafana/app/secret.sops.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/grafana/app/secret.sops.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/grafana/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/grafana/app/secret.sops.yaml diff --git a/kubernetes/tpi/apps/observability/grafana/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/grafana/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/grafana/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/grafana/ks.yaml diff --git a/kubernetes/tpi/apps/observability/kube-prometheus-stack/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/kube-prometheus-stack/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/kube-prometheus-stack/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/kube-prometheus-stack/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/observability/kube-prometheus-stack/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/kube-prometheus-stack/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/kube-prometheus-stack/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/kube-prometheus-stack/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/observability/kube-prometheus-stack/config/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/kube-prometheus-stack/config/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/kube-prometheus-stack/config/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/kube-prometheus-stack/config/kustomization.yaml diff --git a/kubernetes/tpi/apps/observability/kube-prometheus-stack/config/prometheusrules.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/kube-prometheus-stack/config/prometheusrules.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/kube-prometheus-stack/config/prometheusrules.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/kube-prometheus-stack/config/prometheusrules.yaml diff --git a/kubernetes/tpi/apps/observability/kube-prometheus-stack/config/scrapeconfigs.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/kube-prometheus-stack/config/scrapeconfigs.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/kube-prometheus-stack/config/scrapeconfigs.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/kube-prometheus-stack/config/scrapeconfigs.yaml diff --git a/kubernetes/tpi/apps/observability/kube-prometheus-stack/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/kube-prometheus-stack/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/kube-prometheus-stack/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/kube-prometheus-stack/ks.yaml diff --git a/kubernetes/tpi/apps/observability/kubernetes-dashboard/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/kubernetes-dashboard/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/kubernetes-dashboard/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/kubernetes-dashboard/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/observability/kubernetes-dashboard/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/kubernetes-dashboard/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/kubernetes-dashboard/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/kubernetes-dashboard/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/observability/kubernetes-dashboard/app/rbac.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/kubernetes-dashboard/app/rbac.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/kubernetes-dashboard/app/rbac.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/kubernetes-dashboard/app/rbac.yaml diff --git a/kubernetes/tpi/apps/observability/kubernetes-dashboard/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/kubernetes-dashboard/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/kubernetes-dashboard/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/kubernetes-dashboard/ks.yaml diff --git a/kubernetes/tpi/apps/observability/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/kustomization.yaml diff --git a/kubernetes/tpi/apps/observability/loki/app/configmap.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/loki/app/configmap.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/loki/app/configmap.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/loki/app/configmap.yaml diff --git a/kubernetes/tpi/apps/observability/loki/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/loki/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/loki/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/loki/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/observability/loki/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/loki/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/loki/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/loki/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/observability/loki/app/servicemonitor.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/loki/app/servicemonitor.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/loki/app/servicemonitor.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/loki/app/servicemonitor.yaml diff --git a/kubernetes/tpi/apps/observability/loki/ks.dis b/archive/pre_talos/kubernetes/tpi/apps/observability/loki/ks.dis similarity index 100% rename from kubernetes/tpi/apps/observability/loki/ks.dis rename to archive/pre_talos/kubernetes/tpi/apps/observability/loki/ks.dis diff --git a/kubernetes/tpi/apps/observability/namespace.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/namespace.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/namespace.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/namespace.yaml diff --git a/kubernetes/tpi/apps/observability/netdata/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/netdata/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/netdata/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/netdata/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/observability/netdata/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/netdata/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/netdata/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/netdata/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/observability/netdata/ks.dis b/archive/pre_talos/kubernetes/tpi/apps/observability/netdata/ks.dis similarity index 100% rename from kubernetes/tpi/apps/observability/netdata/ks.dis rename to archive/pre_talos/kubernetes/tpi/apps/observability/netdata/ks.dis diff --git a/kubernetes/tpi/apps/observability/prometheus-pushgateway/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/prometheus-pushgateway/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/prometheus-pushgateway/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/prometheus-pushgateway/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/observability/prometheus-pushgateway/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/prometheus-pushgateway/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/prometheus-pushgateway/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/prometheus-pushgateway/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/observability/prometheus-pushgateway/app/prometheusrule.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/prometheus-pushgateway/app/prometheusrule.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/prometheus-pushgateway/app/prometheusrule.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/prometheus-pushgateway/app/prometheusrule.yaml diff --git a/kubernetes/tpi/apps/observability/prometheus-pushgateway/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/prometheus-pushgateway/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/prometheus-pushgateway/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/prometheus-pushgateway/ks.yaml diff --git a/kubernetes/tpi/apps/observability/unpoller/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/unpoller/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/unpoller/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/unpoller/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/observability/unpoller/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/unpoller/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/unpoller/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/unpoller/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/observability/unpoller/config/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/unpoller/config/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/unpoller/config/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/unpoller/config/kustomization.yaml diff --git a/kubernetes/tpi/apps/observability/unpoller/config/prometheusrule.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/unpoller/config/prometheusrule.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/unpoller/config/prometheusrule.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/unpoller/config/prometheusrule.yaml diff --git a/kubernetes/tpi/apps/observability/unpoller/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/unpoller/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/unpoller/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/unpoller/ks.yaml diff --git a/kubernetes/tpi/apps/observability/vector/agent/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/vector/agent/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/vector/agent/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/vector/agent/helmrelease.yaml diff --git a/kubernetes/tpi/apps/observability/vector/agent/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/vector/agent/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/vector/agent/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/vector/agent/kustomization.yaml diff --git a/kubernetes/tpi/apps/observability/vector/aggregator/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/vector/aggregator/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/vector/aggregator/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/vector/aggregator/helmrelease.yaml diff --git a/kubernetes/tpi/apps/observability/vector/aggregator/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/vector/aggregator/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/vector/aggregator/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/vector/aggregator/kustomization.yaml diff --git a/kubernetes/tpi/apps/observability/vector/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/vector/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/vector/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/vector/ks.yaml diff --git a/kubernetes/tpi/apps/observability/vpa/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/vpa/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/vpa/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/vpa/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/observability/vpa/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/vpa/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/vpa/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/vpa/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/observability/vpa/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/observability/vpa/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/observability/vpa/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/observability/vpa/ks.yaml diff --git a/kubernetes/tpi/apps/security/external-secrets/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/security/external-secrets/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/ks.yaml diff --git a/kubernetes/tpi/apps/security/external-secrets/operator/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/operator/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/security/external-secrets/operator/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/operator/helmrelease.yaml diff --git a/kubernetes/tpi/apps/security/external-secrets/operator/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/operator/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/security/external-secrets/operator/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/operator/kustomization.yaml diff --git a/kubernetes/tpi/apps/security/external-secrets/secretstores/doppler/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/secretstores/doppler/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/security/external-secrets/secretstores/doppler/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/secretstores/doppler/kustomization.yaml diff --git a/kubernetes/tpi/apps/security/external-secrets/secretstores/doppler/secret.sops.yaml b/archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/secretstores/doppler/secret.sops.yaml similarity index 100% rename from kubernetes/tpi/apps/security/external-secrets/secretstores/doppler/secret.sops.yaml rename to archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/secretstores/doppler/secret.sops.yaml diff --git a/kubernetes/tpi/apps/security/external-secrets/secretstores/doppler/secretstore.yaml b/archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/secretstores/doppler/secretstore.yaml similarity index 100% rename from kubernetes/tpi/apps/security/external-secrets/secretstores/doppler/secretstore.yaml rename to archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/secretstores/doppler/secretstore.yaml diff --git a/kubernetes/tpi/apps/security/external-secrets/secretstores/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/secretstores/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/security/external-secrets/secretstores/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/secretstores/kustomization.yaml diff --git a/kubernetes/tpi/apps/security/external-secrets/secretstores/onepassword/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/secretstores/onepassword/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/security/external-secrets/secretstores/onepassword/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/secretstores/onepassword/helmrelease.yaml diff --git a/kubernetes/tpi/apps/security/external-secrets/secretstores/onepassword/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/secretstores/onepassword/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/security/external-secrets/secretstores/onepassword/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/secretstores/onepassword/kustomization.yaml diff --git a/kubernetes/tpi/apps/security/external-secrets/secretstores/onepassword/secret.sops.yaml b/archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/secretstores/onepassword/secret.sops.yaml similarity index 100% rename from kubernetes/tpi/apps/security/external-secrets/secretstores/onepassword/secret.sops.yaml rename to archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/secretstores/onepassword/secret.sops.yaml diff --git a/kubernetes/tpi/apps/security/external-secrets/secretstores/onepassword/secretstore.yaml b/archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/secretstores/onepassword/secretstore.yaml similarity index 100% rename from kubernetes/tpi/apps/security/external-secrets/secretstores/onepassword/secretstore.yaml rename to archive/pre_talos/kubernetes/tpi/apps/security/external-secrets/secretstores/onepassword/secretstore.yaml diff --git a/kubernetes/tpi/apps/security/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/security/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/security/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/security/kustomization.yaml diff --git a/kubernetes/tpi/apps/security/namespace.yaml b/archive/pre_talos/kubernetes/tpi/apps/security/namespace.yaml similarity index 100% rename from kubernetes/tpi/apps/security/namespace.yaml rename to archive/pre_talos/kubernetes/tpi/apps/security/namespace.yaml diff --git a/kubernetes/tpi/apps/storage/csi-driver-nfs/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/csi-driver-nfs/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/csi-driver-nfs/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/csi-driver-nfs/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/storage/csi-driver-nfs/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/csi-driver-nfs/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/csi-driver-nfs/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/csi-driver-nfs/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/storage/csi-driver-nfs/app/storageclass.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/csi-driver-nfs/app/storageclass.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/csi-driver-nfs/app/storageclass.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/csi-driver-nfs/app/storageclass.yaml diff --git a/kubernetes/tpi/apps/storage/csi-driver-nfs/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/csi-driver-nfs/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/csi-driver-nfs/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/csi-driver-nfs/ks.yaml diff --git a/kubernetes/tpi/apps/storage/democratic-csi/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/democratic-csi/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/democratic-csi/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/democratic-csi/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/storage/democratic-csi/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/democratic-csi/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/democratic-csi/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/democratic-csi/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/storage/democratic-csi/ks.dis b/archive/pre_talos/kubernetes/tpi/apps/storage/democratic-csi/ks.dis similarity index 100% rename from kubernetes/tpi/apps/storage/democratic-csi/ks.dis rename to archive/pre_talos/kubernetes/tpi/apps/storage/democratic-csi/ks.dis diff --git a/kubernetes/tpi/apps/storage/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/kustomization.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/app/helm-release.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/app/helm-release.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/app/helm-release.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/app/helm-release.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/conf/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/conf/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/kustomization.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/conf/monitoring/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/monitoring/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/conf/monitoring/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/monitoring/kustomization.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/conf/monitoring/prometheusrule.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/monitoring/prometheusrule.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/conf/monitoring/prometheusrule.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/monitoring/prometheusrule.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/conf/monitoring/servicemonitor.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/monitoring/servicemonitor.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/conf/monitoring/servicemonitor.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/monitoring/servicemonitor.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/conf/other/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/other/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/conf/other/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/other/kustomization.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/conf/other/systembackup.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/other/systembackup.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/conf/other/systembackup.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/other/systembackup.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/30min-snapshot.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/30min-snapshot.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/30min-snapshot.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/30min-snapshot.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/daily-backup.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/daily-backup.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/daily-backup.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/daily-backup.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/daily-cleanup.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/daily-cleanup.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/daily-cleanup.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/daily-cleanup.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/daily-delete.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/daily-delete.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/daily-delete.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/daily-delete.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/daily-trim.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/daily-trim.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/daily-trim.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/daily-trim.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/hourly-backup.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/hourly-backup.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/hourly-backup.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/hourly-backup.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/recurringjobs/kustomization.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/conf/snap-class.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/snap-class.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/conf/snap-class.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/conf/snap-class.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/ks.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/prereq/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/prereq/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/prereq/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/prereq/kustomization.yaml diff --git a/kubernetes/tpi/apps/storage/longhorn/prereq/longhorn-iscsi-installation.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/prereq/longhorn-iscsi-installation.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/longhorn/prereq/longhorn-iscsi-installation.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/longhorn/prereq/longhorn-iscsi-installation.yaml diff --git a/kubernetes/tpi/apps/storage/namespace.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/namespace.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/namespace.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/namespace.yaml diff --git a/kubernetes/tpi/apps/storage/snapshot-controller/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/snapshot-controller/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/snapshot-controller/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/snapshot-controller/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/storage/snapshot-controller/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/snapshot-controller/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/snapshot-controller/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/snapshot-controller/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/storage/snapshot-controller/app/pki.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/snapshot-controller/app/pki.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/snapshot-controller/app/pki.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/snapshot-controller/app/pki.yaml diff --git a/kubernetes/tpi/apps/storage/snapshot-controller/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/snapshot-controller/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/snapshot-controller/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/snapshot-controller/ks.yaml diff --git a/kubernetes/tpi/apps/storage/synology-csi/app/clients.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/synology-csi/app/clients.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/synology-csi/app/clients.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/synology-csi/app/clients.yaml diff --git a/kubernetes/tpi/apps/storage/synology-csi/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/synology-csi/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/synology-csi/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/synology-csi/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/storage/synology-csi/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/synology-csi/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/synology-csi/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/synology-csi/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/storage/synology-csi/ks.dis b/archive/pre_talos/kubernetes/tpi/apps/storage/synology-csi/ks.dis similarity index 100% rename from kubernetes/tpi/apps/storage/synology-csi/ks.dis rename to archive/pre_talos/kubernetes/tpi/apps/storage/synology-csi/ks.dis diff --git a/kubernetes/tpi/apps/storage/velero/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/velero/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/velero/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/velero/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/storage/velero/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/velero/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/velero/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/velero/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/storage/velero/app/resourcepolicy.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/velero/app/resourcepolicy.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/velero/app/resourcepolicy.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/velero/app/resourcepolicy.yaml diff --git a/kubernetes/tpi/apps/storage/velero/app/secret.sops.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/velero/app/secret.sops.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/velero/app/secret.sops.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/velero/app/secret.sops.yaml diff --git a/kubernetes/tpi/apps/storage/velero/ks.dis b/archive/pre_talos/kubernetes/tpi/apps/storage/velero/ks.dis similarity index 100% rename from kubernetes/tpi/apps/storage/velero/ks.dis rename to archive/pre_talos/kubernetes/tpi/apps/storage/velero/ks.dis diff --git a/kubernetes/tpi/apps/storage/volsync/app/helmrelease.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/volsync/app/helmrelease.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/volsync/app/helmrelease.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/volsync/app/helmrelease.yaml diff --git a/kubernetes/tpi/apps/storage/volsync/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/volsync/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/volsync/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/volsync/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/storage/volsync/app/prometheusrule.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/volsync/app/prometheusrule.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/volsync/app/prometheusrule.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/volsync/app/prometheusrule.yaml diff --git a/kubernetes/tpi/apps/storage/volsync/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/storage/volsync/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/storage/volsync/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/storage/volsync/ks.yaml diff --git a/kubernetes/tpi/apps/system-upgrade/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/system-upgrade/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/system-upgrade/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/system-upgrade/kustomization.yaml diff --git a/kubernetes/tpi/apps/system-upgrade/namespace.yaml b/archive/pre_talos/kubernetes/tpi/apps/system-upgrade/namespace.yaml similarity index 100% rename from kubernetes/tpi/apps/system-upgrade/namespace.yaml rename to archive/pre_talos/kubernetes/tpi/apps/system-upgrade/namespace.yaml diff --git a/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml diff --git a/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/ks.yaml b/archive/pre_talos/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/ks.yaml similarity index 100% rename from kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/ks.yaml rename to archive/pre_talos/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/ks.yaml diff --git a/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/plans/agent.yaml b/archive/pre_talos/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/plans/agent.yaml similarity index 100% rename from kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/plans/agent.yaml rename to archive/pre_talos/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/plans/agent.yaml diff --git a/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml similarity index 100% rename from kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml diff --git a/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/plans/server.yaml b/archive/pre_talos/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/plans/server.yaml similarity index 100% rename from kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/plans/server.yaml rename to archive/pre_talos/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/plans/server.yaml diff --git a/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/plans/ubuntu.yaml b/archive/pre_talos/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/plans/ubuntu.yaml similarity index 100% rename from kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/plans/ubuntu.yaml rename to archive/pre_talos/kubernetes/tpi/apps/system-upgrade/system-upgrade-controller/plans/ubuntu.yaml diff --git a/kubernetes/tpi/bootstrap/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/bootstrap/kustomization.yaml similarity index 100% rename from kubernetes/tpi/bootstrap/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/bootstrap/kustomization.yaml diff --git a/kubernetes/tpi/flux/apps.yaml b/archive/pre_talos/kubernetes/tpi/flux/apps.yaml similarity index 100% rename from kubernetes/tpi/flux/apps.yaml rename to archive/pre_talos/kubernetes/tpi/flux/apps.yaml diff --git a/kubernetes/tpi/flux/config/cluster.yaml b/archive/pre_talos/kubernetes/tpi/flux/config/cluster.yaml similarity index 100% rename from kubernetes/tpi/flux/config/cluster.yaml rename to archive/pre_talos/kubernetes/tpi/flux/config/cluster.yaml diff --git a/kubernetes/tpi/flux/config/flux.yaml b/archive/pre_talos/kubernetes/tpi/flux/config/flux.yaml similarity index 100% rename from kubernetes/tpi/flux/config/flux.yaml rename to archive/pre_talos/kubernetes/tpi/flux/config/flux.yaml diff --git a/kubernetes/tpi/flux/config/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/flux/config/kustomization.yaml similarity index 100% rename from kubernetes/tpi/flux/config/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/flux/config/kustomization.yaml diff --git a/kubernetes/tpi/flux/repositories/git/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/git/kustomization.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/git/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/git/kustomization.yaml diff --git a/kubernetes/tpi/flux/repositories/git/local-path-provisioner.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/git/local-path-provisioner.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/git/local-path-provisioner.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/git/local-path-provisioner.yaml diff --git a/kubernetes/tpi/flux/repositories/git/synology-csi-chart.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/git/synology-csi-chart.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/git/synology-csi-chart.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/git/synology-csi-chart.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/backube.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/backube.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/backube.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/backube.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/bitnami.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/bitnami.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/bitnami.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/bitnami.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/bjw-s.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/bjw-s.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/bjw-s.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/bjw-s.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/cilium.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/cilium.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/cilium.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/cilium.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/crossplane.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/crossplane.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/crossplane.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/crossplane.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/csi-driver-nfs.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/csi-driver-nfs.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/csi-driver-nfs.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/csi-driver-nfs.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/deliveryheroio.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/deliveryheroio.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/deliveryheroio.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/deliveryheroio.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/democratic-csi.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/democratic-csi.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/democratic-csi.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/democratic-csi.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/external-dns.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/external-dns.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/external-dns.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/external-dns.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/external-secrets.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/external-secrets.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/external-secrets.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/external-secrets.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/fairwinds.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/fairwinds.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/fairwinds.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/fairwinds.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/grafana.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/grafana.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/grafana.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/grafana.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/hajimari.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/hajimari.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/hajimari.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/hajimari.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/ingress-nginx.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/ingress-nginx.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/ingress-nginx.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/ingress-nginx.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/jetstack.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/jetstack.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/jetstack.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/jetstack.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/k8s-gateway.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/k8s-gateway.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/k8s-gateway.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/k8s-gateway.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/kubereboot.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/kubereboot.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/kubereboot.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/kubereboot.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/kubernetes-dashboard.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/kubernetes-dashboard.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/kubernetes-dashboard.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/kubernetes-dashboard.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/kubernetes-sigs-descheduler-charts.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/kubernetes-sigs-descheduler-charts.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/kubernetes-sigs-descheduler-charts.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/kubernetes-sigs-descheduler-charts.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/kustomization.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/kustomization.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/longhorn.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/longhorn.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/longhorn.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/longhorn.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/mariadb-operator.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/mariadb-operator.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/mariadb-operator.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/mariadb-operator.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/metallb.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/metallb.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/metallb.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/metallb.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/metrics-server.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/metrics-server.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/metrics-server.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/metrics-server.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/minecraft-server-charts.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/minecraft-server-charts.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/minecraft-server-charts.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/minecraft-server-charts.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/minio.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/minio.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/minio.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/minio.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/mittwald-charts.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/mittwald-charts.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/mittwald-charts.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/mittwald-charts.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/netdata.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/netdata.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/netdata.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/netdata.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/piraeus.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/piraeus.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/piraeus.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/piraeus.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/prometheus-community.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/prometheus-community.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/prometheus-community.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/prometheus-community.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/rancher.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/rancher.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/rancher.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/rancher.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/s3gw-charts.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/s3gw-charts.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/s3gw-charts.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/s3gw-charts.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/stakater.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/stakater.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/stakater.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/stakater.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/traefik-charts.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/traefik-charts.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/traefik-charts.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/traefik-charts.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/vector-charts.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/vector-charts.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/vector-charts.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/vector-charts.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/vmware-charts.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/vmware-charts.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/vmware-charts.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/vmware-charts.yaml diff --git a/kubernetes/tpi/flux/repositories/helm/weave-gitops.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/helm/weave-gitops.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/helm/weave-gitops.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/helm/weave-gitops.yaml diff --git a/kubernetes/tpi/flux/repositories/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/flux/repositories/kustomization.yaml similarity index 100% rename from kubernetes/tpi/flux/repositories/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/flux/repositories/kustomization.yaml diff --git a/kubernetes/tpi/flux/repositories/oci/.gitkeep b/archive/pre_talos/kubernetes/tpi/flux/repositories/oci/.gitkeep similarity index 100% rename from kubernetes/tpi/flux/repositories/oci/.gitkeep rename to archive/pre_talos/kubernetes/tpi/flux/repositories/oci/.gitkeep diff --git a/kubernetes/tpi/flux/vars/cluster-secrets.sops.yaml b/archive/pre_talos/kubernetes/tpi/flux/vars/cluster-secrets.sops.yaml similarity index 100% rename from kubernetes/tpi/flux/vars/cluster-secrets.sops.yaml rename to archive/pre_talos/kubernetes/tpi/flux/vars/cluster-secrets.sops.yaml diff --git a/kubernetes/tpi/flux/vars/cluster-settings.yaml b/archive/pre_talos/kubernetes/tpi/flux/vars/cluster-settings.yaml similarity index 100% rename from kubernetes/tpi/flux/vars/cluster-settings.yaml rename to archive/pre_talos/kubernetes/tpi/flux/vars/cluster-settings.yaml diff --git a/kubernetes/tpi/flux/vars/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/flux/vars/kustomization.yaml similarity index 100% rename from kubernetes/tpi/flux/vars/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/flux/vars/kustomization.yaml diff --git a/kubernetes/tpi/shared/gatus/check/configmap.yaml b/archive/pre_talos/kubernetes/tpi/shared/gatus/check/configmap.yaml similarity index 100% rename from kubernetes/tpi/shared/gatus/check/configmap.yaml rename to archive/pre_talos/kubernetes/tpi/shared/gatus/check/configmap.yaml diff --git a/kubernetes/tpi/shared/gatus/check/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/shared/gatus/check/kustomization.yaml similarity index 100% rename from kubernetes/tpi/shared/gatus/check/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/shared/gatus/check/kustomization.yaml diff --git a/kubernetes/tpi/shared/gatus/dns-only/configmap.yaml b/archive/pre_talos/kubernetes/tpi/shared/gatus/dns-only/configmap.yaml similarity index 100% rename from kubernetes/tpi/shared/gatus/dns-only/configmap.yaml rename to archive/pre_talos/kubernetes/tpi/shared/gatus/dns-only/configmap.yaml diff --git a/kubernetes/tpi/shared/gatus/dns-only/kustomization.yaml b/archive/pre_talos/kubernetes/tpi/shared/gatus/dns-only/kustomization.yaml similarity index 100% rename from kubernetes/tpi/shared/gatus/dns-only/kustomization.yaml rename to archive/pre_talos/kubernetes/tpi/shared/gatus/dns-only/kustomization.yaml diff --git a/archive/pre_talos/readme.md b/archive/pre_talos/readme.md new file mode 100755 index 000000000..d75e4ea10 --- /dev/null +++ b/archive/pre_talos/readme.md @@ -0,0 +1,27 @@ + + +# My home Kubernetes cluster :sailboat: +_... managed by Flux and serviced with RenovateBot_ :robot: + +
+
+
+ +[![k3s](https://img.shields.io/badge/v1.25.5-orange?style=for-the-badge)](https://k3s.io/) +[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white&style=for-the-badge)](https://github.com/pre-commit/pre-commit) +[![renovate](https://img.shields.io/badge/renovate-enabled-green?style=for-the-badge&logo=data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjUgNSAzNzAgMzcwIj48Y2lyY2xlIGN4PSIxODkiIGN5PSIxOTAiIHI9IjE4NCIgZmlsbD0iI2ZlMiIvPjxwYXRoIGZpbGw9IiM4YmIiIGQ9Ik0yNTEgMjU2bC0zOC0zOGExNyAxNyAwIDAxMC0yNGw1Ni01NmMyLTIgMi02IDAtN2wtMjAtMjFhNSA1IDAgMDAtNyAwbC0xMyAxMi05LTggMTMtMTNhMTcgMTcgMCAwMTI0IDBsMjEgMjFjNyA3IDcgMTcgMCAyNGwtNTYgNTdhNSA1IDAgMDAwIDdsMzggMzh6Ii8+PHBhdGggZmlsbD0iI2Q1MSIgZD0iTTMwMCAyODhsLTggOGMtNCA0LTExIDQtMTYgMGwtNDYtNDZjLTUtNS01LTEyIDAtMTZsOC04YzQtNCAxMS00IDE1IDBsNDcgNDdjNCA0IDQgMTEgMCAxNXoiLz48cGF0aCBmaWxsPSIjYjMwIiBkPSJNMjg1IDI1OGw3IDdjNCA0IDQgMTEgMCAxNWwtOCA4Yy00IDQtMTEgNC0xNiAwbC02LTdjNCA1IDExIDUgMTUgMGw4LTdjNC01IDQtMTIgMC0xNnoiLz48cGF0aCBmaWxsPSIjYTMwIiBkPSJNMjkxIDI2NGw4IDhjNCA0IDQgMTEgMCAxNmwtOCA3Yy00IDUtMTEgNS0xNSAwbC05LThjNSA1IDEyIDUgMTYgMGw4LThjNC00IDQtMTEgMC0xNXoiLz48cGF0aCBmaWxsPSIjZTYyIiBkPSJNMjYwIDIzM2wtNC00Yy02LTYtMTctNi0yMyAwLTcgNy03IDE3IDAgMjRsNCA0Yy00LTUtNC0xMSAwLTE2bDgtOGM0LTQgMTEtNCAxNSAweiIvPjxwYXRoIGZpbGw9IiNiNDAiIGQ9Ik0yODQgMzA0Yy00IDAtOC0xLTExLTRsLTQ3LTQ3Yy02LTYtNi0xNiAwLTIybDgtOGM2LTYgMTYtNiAyMiAwbDQ3IDQ2YzYgNyA2IDE3IDAgMjNsLTggOGMtMyAzLTcgNC0xMSA0em0tMzktNzZjLTEgMC0zIDAtNCAybC04IDdjLTIgMy0yIDcgMCA5bDQ3IDQ3YTYgNiAwIDAwOSAwbDctOGMzLTIgMy02IDAtOWwtNDYtNDZjLTItMi0zLTItNS0yeiIvPjxwYXRoIGZpbGw9IiMxY2MiIGQ9Ik0xNTIgMTEzbDE4LTE4IDE4IDE4LTE4IDE4em0xLTM1bDE4LTE4IDE4IDE4LTE4IDE4em0tOTAgODlsMTgtMTggMTggMTgtMTggMTh6bTM1LTM2bDE4LTE4IDE4IDE4LTE4IDE4eiIvPjxwYXRoIGZpbGw9IiMxZGQiIGQ9Ik0xMzQgMTMxbDE4LTE4IDE4IDE4LTE4IDE4em0tMzUgMzZsMTgtMTggMTggMTgtMTggMTh6Ii8+PHBhdGggZmlsbD0iIzJiYiIgZD0iTTExNiAxNDlsMTgtMTggMTggMTgtMTggMTh6bTU0LTU0bDE4LTE4IDE4IDE4LTE4IDE4em0tODkgOTBsMTgtMTggMTggMTgtMTggMTh6bTEzOS04NWwyMyAyM2M0IDQgNCAxMSAwIDE2TDE0MiAyNDBjLTQgNC0xMSA0LTE1IDBsLTI0LTI0Yy00LTQtNC0xMSAwLTE1bDEwMS0xMDFjNS01IDEyLTUgMTYgMHoiLz48cGF0aCBmaWxsPSIjM2VlIiBkPSJNMTM0IDk1bDE4LTE4IDE4IDE4LTE4IDE4em0tNTQgMThsMTgtMTcgMTggMTctMTggMTh6bTU1LTUzbDE4LTE4IDE4IDE4LTE4IDE4em05MyA0OGwtOC04Yy00LTUtMTEtNS0xNiAwTDEwMyAyMDFjLTQgNC00IDExIDAgMTVsOCA4Yy00LTQtNC0xMSAwLTE1bDEwMS0xMDFjNS00IDEyLTQgMTYgMHoiLz48cGF0aCBmaWxsPSIjOWVlIiBkPSJNMjcgMTMxbDE4LTE4IDE4IDE4LTE4IDE4em01NC01M2wxOC0xOCAxOCAxOC0xOCAxOHoiLz48cGF0aCBmaWxsPSIjMGFhIiBkPSJNMjMwIDExMGwxMyAxM2M0IDQgNCAxMSAwIDE2TDE0MiAyNDBjLTQgNC0xMSA0LTE1IDBsLTEzLTEzYzQgNCAxMSA0IDE1IDBsMTAxLTEwMWM1LTUgNS0xMSAwLTE2eiIvPjxwYXRoIGZpbGw9IiMxYWIiIGQ9Ik0xMzQgMjQ4Yy00IDAtOC0yLTExLTVsLTIzLTIzYTE2IDE2IDAgMDEwLTIzTDIwMSA5NmExNiAxNiAwIDAxMjIgMGwyNCAyNGM2IDYgNiAxNiAwIDIyTDE0NiAyNDNjLTMgMy03IDUtMTIgNXptNzgtMTQ3bC00IDItMTAxIDEwMWE2IDYgMCAwMDAgOWwyMyAyM2E2IDYgMCAwMDkgMGwxMDEtMTAxYTYgNiAwIDAwMC05bC0yNC0yMy00LTJ6Ii8+PC9zdmc+)](https://github.com/renovatebot/renovate) +[![GitHub stars](https://img.shields.io/github/stars/tuxpeople/k8s-homelab?color=green&style=flat-square)](https://github.com/tuxpeople/k8s-homelab/stargazers) +[![GitHub issues](https://img.shields.io/github/issues/tuxpeople/k8s-homelab?style=flat-square)](https://github.com/tuxpeople/k8s-homelab/issues) +[![GitHub last commit](https://img.shields.io/github/last-commit/tuxpeople/k8s-homelab?color=purple&style=flat-square)](https://github.com/tuxpeople/k8s-homelab/commits/master) + +--- + +## :book:  Overview + +This repository _is_ my home Kubernetes cluster in a declarative state. [Flux](https://github.com/fluxcd/flux2) watches my [cluster](./kubernetes/) folder and makes the changes to my cluster based on the YAML manifests. + +Feel free to open a [Github issue](https://github.com/tuxpeople/k8s-homelab/issues/new/choose) if you have any questions. + +This repository ispired by many other here on Github. Most of them are based on the [k8s-at-home/template-cluster-k3s](https://github.com/k8s-at-home/template-cluster-k3s) repository. + +To see more like this repo, take a look at their [curated list](https://github.com/k8s-at-home/awesome-k8s-homelab). diff --git a/terraform/cloudflare/.terraform.lock.hcl b/archive/pre_talos/terraform/cloudflare/.terraform.lock.hcl similarity index 100% rename from terraform/cloudflare/.terraform.lock.hcl rename to archive/pre_talos/terraform/cloudflare/.terraform.lock.hcl diff --git a/terraform/cloudflare/main.tf b/archive/pre_talos/terraform/cloudflare/main.tf similarity index 100% rename from terraform/cloudflare/main.tf rename to archive/pre_talos/terraform/cloudflare/main.tf diff --git a/terraform/cloudflare/secret.sops.yaml b/archive/pre_talos/terraform/cloudflare/secret.sops.yaml similarity index 100% rename from terraform/cloudflare/secret.sops.yaml rename to archive/pre_talos/terraform/cloudflare/secret.sops.yaml diff --git a/tools/backup.sh b/archive/pre_talos/tools/backup.sh similarity index 100% rename from tools/backup.sh rename to archive/pre_talos/tools/backup.sh diff --git a/tools/fix-document-start.py b/archive/pre_talos/tools/fix-document-start.py similarity index 100% rename from tools/fix-document-start.py rename to archive/pre_talos/tools/fix-document-start.py diff --git a/tools/fix-yaml b/archive/pre_talos/tools/fix-yaml similarity index 100% rename from tools/fix-yaml rename to archive/pre_talos/tools/fix-yaml diff --git a/tools/rebuild-kustomizations b/archive/pre_talos/tools/rebuild-kustomizations similarity index 100% rename from tools/rebuild-kustomizations rename to archive/pre_talos/tools/rebuild-kustomizations diff --git a/tools/restore.sh b/archive/pre_talos/tools/restore.sh similarity index 100% rename from tools/restore.sh rename to archive/pre_talos/tools/restore.sh diff --git a/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml b/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml new file mode 100644 index 000000000..b72a878df --- /dev/null +++ b/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cert-manager +spec: + interval: 30m + chart: + spec: + chart: cert-manager + version: v1.14.5 + sourceRef: + kind: HelmRepository + name: jetstack + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + values: + installCRDs: true + dns01RecursiveNameservers: https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query + dns01RecursiveNameserversOnly: true + prometheus: + enabled: true + servicemonitor: + enabled: true diff --git a/kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml b/kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml new file mode 100644 index 000000000..5dd7baca7 --- /dev/null +++ b/kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/issuers.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/issuers.yaml new file mode 100644 index 000000000..1cf7148ac --- /dev/null +++ b/kubernetes/apps/cert-manager/cert-manager/issuers/issuers.yaml @@ -0,0 +1,39 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-production +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: "${SECRET_ACME_EMAIL}" + privateKeySecretRef: + name: letsencrypt-production + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: cert-manager-secret + key: api-token + selector: + dnsZones: + - "${SECRET_DOMAIN}" +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + server: https://acme-staging-v02.api.letsencrypt.org/directory + email: "${SECRET_ACME_EMAIL}" + privateKeySecretRef: + name: letsencrypt-staging + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: cert-manager-secret + key: api-token + selector: + dnsZones: + - "${SECRET_DOMAIN}" diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml new file mode 100644 index 000000000..17754be63 --- /dev/null +++ b/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./secret.sops.yaml + - ./issuers.yaml diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml new file mode 100644 index 000000000..d6e912db6 --- /dev/null +++ b/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cert-manager-secret +stringData: + api-token: ENC[AES256_GCM,data:VJUXT7glRPYVD7EFg+QkiEqQlZynJCbbdGLaZFkBnI8ZbClw2oR6aw==,iv:awla7SRSqqktwXR5DKo+/AcYEZON55MllQBpON0cydI=,tag:cL8OY46PfZxUBBcw9BCv8A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjZ3dnOC9ELzVOVGZucXFj + TklYNm5OYTRiYlRudnUxTGsxL1RGOGJMckRVCjZMT09vTmhSSWUvTnREOEY0bjdI + aG94enBZZGJjc25rT2NCOU5QNTIxNFEKLS0tIE9FN1VLdWxURkwrRmVZZzA3YzZO + OVpyT2IyUVZidHNjd0VneDZtbUFGbGMKxJ2ptdtw3vxABnU8jD6SEf2mk3cz0AVr + CeIzW1ADcDFNTwzELD+wnHtF1Mk0jB48rHbZQnIfppAerrlAxx5NoQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-05T07:10:13Z" + mac: ENC[AES256_GCM,data:jyqy9742V9vKWC83qw3VZk5s0stSwa11Hq0C24jzsKDl77ruaGTlyyOr90gGHfZ2w5G7RG0VAVer2tN52IjNNba9yMXkCT7SYxwfsVIH8wBi7tKfcEgH09XEm1kM9f2YjEXFBndBuPDdDCZlpQ8MSyiuqHQGfDv8s7f1YXQsyx8=,iv:eNrcKNrL235TfNEXWrDMMcArPDPvKQMrOBfpwTk3Jas=,tag:AWjphpmsyFNWtQppyAv3Zg==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 diff --git a/kubernetes/apps/cert-manager/cert-manager/ks.yaml b/kubernetes/apps/cert-manager/cert-manager/ks.yaml new file mode 100644 index 000000000..04f818d63 --- /dev/null +++ b/kubernetes/apps/cert-manager/cert-manager/ks.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app cert-manager + namespace: flux-system +spec: + targetNamespace: cert-manager + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/cert-manager/cert-manager/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app cert-manager-issuers + namespace: flux-system +spec: + targetNamespace: cert-manager + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: cert-manager + path: ./kubernetes/apps/cert-manager/cert-manager/issuers + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/cert-manager/kustomization.yaml b/kubernetes/apps/cert-manager/kustomization.yaml new file mode 100644 index 000000000..a0a3e5edf --- /dev/null +++ b/kubernetes/apps/cert-manager/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./namespace.yaml + - ./cert-manager/ks.yaml diff --git a/kubernetes/apps/cert-manager/namespace.yaml b/kubernetes/apps/cert-manager/namespace.yaml new file mode 100644 index 000000000..ed788350f --- /dev/null +++ b/kubernetes/apps/cert-manager/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager + labels: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/kubernetes/apps/crossplane-system/crossplane/app/helmrelease.yaml b/kubernetes/apps/crossplane-system/crossplane/app/helmrelease.yaml new file mode 100644 index 000000000..4bc322a1a --- /dev/null +++ b/kubernetes/apps/crossplane-system/crossplane/app/helmrelease.yaml @@ -0,0 +1,31 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: crossplane +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: crossplane + version: 1.16.0 + sourceRef: + kind: HelmRepository + name: crossplane + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: diff --git a/kubernetes/apps/crossplane-system/crossplane/app/kustomization.yaml b/kubernetes/apps/crossplane-system/crossplane/app/kustomization.yaml new file mode 100644 index 000000000..17cbc72b2 --- /dev/null +++ b/kubernetes/apps/crossplane-system/crossplane/app/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/crossplane-system/crossplane/ks.yaml b/kubernetes/apps/crossplane-system/crossplane/ks.yaml new file mode 100644 index 000000000..bbc8eb37e --- /dev/null +++ b/kubernetes/apps/crossplane-system/crossplane/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app crossplane + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: crossplane-system + path: ./kubernetes/apps/crossplane-system/crossplane/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/crossplane-system/kustomization.yaml b/kubernetes/apps/crossplane-system/kustomization.yaml new file mode 100644 index 000000000..7e1b66a33 --- /dev/null +++ b/kubernetes/apps/crossplane-system/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - crossplane/ks.yaml diff --git a/kubernetes/apps/crossplane-system/namespace.yaml b/kubernetes/apps/crossplane-system/namespace.yaml new file mode 100644 index 000000000..a87f56686 --- /dev/null +++ b/kubernetes/apps/crossplane-system/namespace.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: crossplane-system + annotations: + volsync.backube/privileged-movers: "true" + labels: + kustomize.toolkit.fluxcd.io/prune: disabled + goldilocks.fairwinds.com/enabled: "true" diff --git a/kubernetes/apps/database/kustomization.yaml b/kubernetes/apps/database/kustomization.yaml new file mode 100644 index 000000000..f39066466 --- /dev/null +++ b/kubernetes/apps/database/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - mariadb/ks.yaml diff --git a/kubernetes/apps/database/mariadb/instance/backup.yaml b/kubernetes/apps/database/mariadb/instance/backup.yaml new file mode 100644 index 000000000..96c323e66 --- /dev/null +++ b/kubernetes/apps/database/mariadb/instance/backup.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Backup +metadata: + name: mariadb +spec: + mariaDbRef: + name: mariadb + schedule: + cron: 1 * * * * + maxRetention: 336h # 14 days + storage: + volume: + nfs: + server: 10.20.30.40 + path: /volume2/data/backup/kubernetes/mariadb + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 300m + memory: 512Mi diff --git a/kubernetes/apps/database/mariadb/instance/kustomization.yaml b/kubernetes/apps/database/mariadb/instance/kustomization.yaml new file mode 100644 index 000000000..64b375a28 --- /dev/null +++ b/kubernetes/apps/database/mariadb/instance/kustomization.yaml @@ -0,0 +1,9 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: database +resources: + - ./backup.yaml + - ./mariadb.yaml + - ./secret.sops.yaml diff --git a/kubernetes/apps/database/mariadb/instance/mariadb.yaml b/kubernetes/apps/database/mariadb/instance/mariadb.yaml new file mode 100644 index 000000000..cc90793b6 --- /dev/null +++ b/kubernetes/apps/database/mariadb/instance/mariadb.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb +spec: + rootPasswordSecretKeyRef: + name: mariadb + key: root-password + generate: false + image: mariadb:11.4.2 + port: 3306 + replicas: 2 + replication: + enabled: true + env: + - name: TZ + value: ${TIMEZONE} + storage: + size: 10Gi + volumeClaimTemplate: + storageClassName: ${MAIN_SC} + resources: + requests: + storage: 10Gi + accessModes: + - ReadWriteOnce + resources: + requests: + cpu: 35m + memory: 145M + limits: + cpu: 500m + memory: 750M + metrics: + enabled: true + exporter: + image: prom/mysqld-exporter:v0.15.1 + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 300m + memory: 512Mi + serviceMonitor: + interval: 10s + scrapeTimeout: 10s + myCnf: | + [mariadb] + bind-address=* + default_storage_engine=InnoDB + binlog_format=row + innodb_autoinc_lock_mode=2 + max_allowed_packet=256M diff --git a/kubernetes/apps/database/mariadb/instance/secret.sops.yaml b/kubernetes/apps/database/mariadb/instance/secret.sops.yaml new file mode 100644 index 000000000..a88d6ad60 --- /dev/null +++ b/kubernetes/apps/database/mariadb/instance/secret.sops.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mariadb +stringData: + root-password: ENC[AES256_GCM,data:N1uQpqU2V2BkkqcFMEgC51vAqms=,iv:Xslmbas8w8BzcwwUlgeta8E4Q6qehGfYtQHhBjC/iuE=,tag:zwMfOAQUB37OzXbJh/kihw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMHRiSW44elUrTCsrdW5B + dHdsUUNmT2x2MUtYcXU3bTNmbnRVaUxYR0JBCkEyUUlwSXRGR0RWSnUzVzhzdjBn + TjJMTHg2WUlFZU5wRnBtdGt2RlZjR0EKLS0tIGRwd1ZUcG9CdTNiZnJBd21qd3pH + Z1p2UjNzNVlqMDdmbnJ2VzNLbnpSRDgKqOXGIMGh+guklWK6HD2aJY7dvWlYeqh+ + 70H8dXdrNQ65dwkj+pQEdupfSMuaG69tg2RvIz17jKNKr7k6BDmQHA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-20T13:40:05Z" + mac: ENC[AES256_GCM,data:4OxMM7TladwUERv3/Aq6EaV7eLt6kIcM7XOlW96JIMSzl7LuPnAYMwOXPebTIe532lERljSnLbkGqZZ6uy40Oxdbmx7YXCCLnyWPUe2A6FmEtFgIqYvsFvczvs2/DvqMiGxDnE4EOz5itJ8Rk7uSsf246QgJzp9qX6PeDaPp9aU=,iv:kjAsvAHIr97syCpgmBZ5CxPd+e7joGQ3UeVtzbvKfMU=,tag:W1Olml5j+XQgppOZUuT1+g==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 diff --git a/kubernetes/apps/database/mariadb/ks.yaml b/kubernetes/apps/database/mariadb/ks.yaml new file mode 100644 index 000000000..4cb0ef85f --- /dev/null +++ b/kubernetes/apps/database/mariadb/ks.yaml @@ -0,0 +1,45 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app mariadb-operator + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: database + path: ./kubernetes/apps/database/mariadb/operator + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app mariadb-instance + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: database + dependsOn: + - name: ${STORAGE_KUST} + - name: mariadb-operator + path: ./kubernetes/apps/database/mariadb/instance + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/database/mariadb/operator/helmrelease.yaml b/kubernetes/apps/database/mariadb/operator/helmrelease.yaml new file mode 100644 index 000000000..ce4643a4a --- /dev/null +++ b/kubernetes/apps/database/mariadb/operator/helmrelease.yaml @@ -0,0 +1,43 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app mariadb-operator + namespace: database +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: mariadb-operator + version: 0.28.1 + sourceRef: + kind: HelmRepository + name: mariadb-operator + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + metrics: + enabled: true + serviceMonitor: + enabled: true + webhook: + enabled: true + cert: + certManager: + enabled: true + serviceMonitor: + enabled: true diff --git a/kubernetes/apps/database/mariadb/operator/kustomization.yaml b/kubernetes/apps/database/mariadb/operator/kustomization.yaml new file mode 100644 index 000000000..e6b86c521 --- /dev/null +++ b/kubernetes/apps/database/mariadb/operator/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: database +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/database/namespace.yaml b/kubernetes/apps/database/namespace.yaml new file mode 100644 index 000000000..e66ba0c58 --- /dev/null +++ b/kubernetes/apps/database/namespace.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: database + annotations: + volsync.backube/privileged-movers: "true" + labels: + kustomize.toolkit.fluxcd.io/prune: disabled + goldilocks.fairwinds.com/enabled: "true" diff --git a/kubernetes/apps/default/code-server/app/helmrelease.yaml b/kubernetes/apps/default/code-server/app/helmrelease.yaml new file mode 100644 index 000000000..d1007682d --- /dev/null +++ b/kubernetes/apps/default/code-server/app/helmrelease.yaml @@ -0,0 +1,95 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: code-server + namespace: default +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + app: + replicas: 1 + strategy: Recreate + containers: + main: + image: + repository: ghcr.io/linuxserver/code-server + tag: 4.89.1 + env: + TZ: ${TIMEZONE} + PUID: 911 + PGID: 911 + PROXY_DOMAIN: code.${SECRET_DOMAIN} + PASSWORD: ${CODESERVER_PASSWORD} + DOCKER_MODS: linuxserver/mods:universal-git|linuxserver/mods:code-server-shellcheck|linuxserver/mods:code-server-terraform + DEFAULT_WORKSPACE: /config/workspace + # DOCKER_MODS: "linuxserver/mods:code-server-docker|linuxserver/mods:code-server-python3|linuxserver/mods:code-server-shellcheck|linuxserver/mods:code-server-terraform|linuxserver/mods:universal-git|linuxserver/mods:universal-tshoot|linuxserver/mods:universal-package-install" + # INSTALL_PACKAGES: "rsync|git|nginx" + # INSTALL_PIP_PACKAGES: "apprise" + # probes: + # liveness: + # enabled: true + # readiness: + # enabled: true + # startup: + # enabled: true + service: + app: + controller: app + ports: + http: + port: &port 8443 + ingress: + app: + enabled: true + className: nginx-default + annotations: + kubernetes.io/ingress.class: nginx-default + # external-dns/is-public: "true" + # external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET} + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_DOMAIN}" + paths: + - path: / + pathType: Prefix + service: + identifier: app + port: *port + tls: + - hosts: + - *host + secretName: ${SECRET_DOMAIN/./-}-production-tls + persistence: + config: + enabled: true + type: persistentVolumeClaim + accessMode: ReadWriteOnce + size: 5Gi + storageClass: ${MAIN_SC} + globalMounts: + - path: /config +# docker run --entrypoint /bin/sleep docker.io/fluxcd/flux-cli:v0.37.0 inf diff --git a/kubernetes/apps/default/code-server/app/kustomization.yaml b/kubernetes/apps/default/code-server/app/kustomization.yaml new file mode 100644 index 000000000..5b48b4e26 --- /dev/null +++ b/kubernetes/apps/default/code-server/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/default/code-server/ks.yaml b/kubernetes/apps/default/code-server/ks.yaml new file mode 100644 index 000000000..5a26f4a2b --- /dev/null +++ b/kubernetes/apps/default/code-server/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app code-server + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: default + dependsOn: + - name: ${STORAGE_KUST} + path: ./kubernetes/apps/default/code-server/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/default/dashy/app/config/conf.yml b/kubernetes/apps/default/dashy/app/config/conf.yml new file mode 100644 index 000000000..5df0753d4 --- /dev/null +++ b/kubernetes/apps/default/dashy/app/config/conf.yml @@ -0,0 +1,22 @@ +pageInfo: + title: Home Lab +sections: # An array of sections + - name: Example Section + icon: far fa-rocket + items: + - title: GitHub + description: Dashy source code and docs + icon: fab fa-github + url: https://github.com/Lissy93/dashy + - title: Issues + description: View open issues, or raise a new one + icon: fas fa-bug + url: https://github.com/Lissy93/dashy/issues + - name: Local Services + items: + - title: Firewall + icon: favicon + url: http://192.168.1.1/ + - title: Game Server + icon: https://i.ibb.co/710B3Yc/space-invader-x256.png + url: http://192.168.130.1/ diff --git a/kubernetes/apps/default/dashy/app/helmrelease.yaml b/kubernetes/apps/default/dashy/app/helmrelease.yaml new file mode 100644 index 000000000..9e4cf817f --- /dev/null +++ b/kubernetes/apps/default/dashy/app/helmrelease.yaml @@ -0,0 +1,106 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app dashy + namespace: default +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + app: + annotations: + reloader.stakater.com/auto: "true" + containers: + main: + image: + repository: ghcr.io/lissy93/dashy + tag: 3.1.0 + env: + TZ: ${TIMEZONE} + GID: 1000 + UID: 1000 + NODE_ENV: production + resources: + requests: + cpu: 5m + memory: 10Mi + limits: + memory: 2Gi + service: + app: + controller: app + ports: + http: + port: &port 80 + ingress: + app: + enabled: true + className: nginx-default + annotations: + external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET} + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: https://auth.${SECRET_DOMAIN}/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: | + proxy_set_header X-Forwarded-Method $request_method; + proxy_set_header X-Forwarded-Scheme $scheme; + hajimari.io/icon: file-arrow-up-down-outline + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_DOMAIN}" + paths: + - path: / + pathType: Prefix + service: + identifier: app + port: *port + tls: + - hosts: + - *host + secretName: ${SECRET_DOMAIN/./-}-production-tls + persistence: + config: + enabled: true + type: secret + name: dashy-secret + globalMounts: + - path: /app/public/conf.yml + subPath: conf.yml + readOnly: true + data: + enabled: true + type: persistentVolumeClaim + accessMode: ReadWriteOnce + size: 5Gi + storageClass: ${MAIN_SC} + advancedMounts: + app: + main: + - subPath: "icons" + path: "/app/public/item-icons" + - subPath: "backgrounds" + path: "/app/public/backgrounds" diff --git a/kubernetes/apps/default/dashy/app/kustomization.yaml b/kubernetes/apps/default/dashy/app/kustomization.yaml new file mode 100644 index 000000000..2b731b0bc --- /dev/null +++ b/kubernetes/apps/default/dashy/app/kustomization.yaml @@ -0,0 +1,13 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./helmrelease.yaml +secretGenerator: + - name: dashy-secret + files: + - conf.yml=./config/conf.yml +generatorOptions: + disableNameSuffixHash: true diff --git a/kubernetes/apps/default/dashy/ks.yaml b/kubernetes/apps/default/dashy/ks.yaml new file mode 100644 index 000000000..b12baa9b3 --- /dev/null +++ b/kubernetes/apps/default/dashy/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app dashy + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: default + dependsOn: + - name: ${STORAGE_KUST} + path: ./kubernetes/apps/default/dashy/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/default/drop/app/helmrelease.yaml b/kubernetes/apps/default/drop/app/helmrelease.yaml new file mode 100644 index 000000000..bbc54a05e --- /dev/null +++ b/kubernetes/apps/default/drop/app/helmrelease.yaml @@ -0,0 +1,79 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app drop + namespace: default +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + app: + containers: + main: + image: + repository: lscr.io/linuxserver/pwndrop + tag: 1.0.1-ls61 + resources: + requests: + cpu: 5m + memory: 10Mi + limits: + memory: 50Mi + env: + TZ: ${TIMEZONE} + service: + app: + controller: app + ports: + http: + port: &port 8080 + ingress: + app: + enabled: true + className: nginx-default + annotations: + external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET} + hajimari.io/icon: file-arrow-up-down-outline + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_DOMAIN}" + paths: + - path: / + pathType: Prefix + service: + identifier: app + port: *port + tls: + - hosts: + - *host + secretName: ${SECRET_DOMAIN/./-}-production-tls + persistence: + config: + enabled: true + type: persistentVolumeClaim + accessMode: ReadWriteOnce + size: 5Gi + storageClass: ${MAIN_SC} diff --git a/kubernetes/apps/default/drop/app/kustomization.yaml b/kubernetes/apps/default/drop/app/kustomization.yaml new file mode 100644 index 000000000..5b48b4e26 --- /dev/null +++ b/kubernetes/apps/default/drop/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/default/drop/ks.yaml b/kubernetes/apps/default/drop/ks.yaml new file mode 100644 index 000000000..2ab7cba87 --- /dev/null +++ b/kubernetes/apps/default/drop/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app drop + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: default + dependsOn: + - name: ${STORAGE_KUST} + path: ./kubernetes/apps/default/drop/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/default/echo-server/app/helmrelease.yaml b/kubernetes/apps/default/echo-server/app/helmrelease.yaml new file mode 100644 index 000000000..fd776aecb --- /dev/null +++ b/kubernetes/apps/default/echo-server/app/helmrelease.yaml @@ -0,0 +1,99 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app echo-server + namespace: default +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/common-3.1.0/charts/library/common/values.schema.json + controllers: + app: + replicas: 1 + strategy: RollingUpdate + containers: + main: + image: + repository: docker.io/jmalloc/echo-server + tag: 0.3.6 + env: + PORT: &port 8080 + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /health + port: *port + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + startup: + enabled: false + resources: + requests: + cpu: 5m + memory: 10M + limits: + memory: 50M + pod: + securityContext: + runAsUser: 568 + runAsGroup: 568 + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: *app + ingress: + app: + enabled: true + className: nginx-default + annotations: + hajimari.io/icon: video-input-antenna + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_DOMAIN}" + paths: + - path: / + pathType: Prefix + service: + identifier: app + port: *port + tls: + - hosts: + - *host + service: + app: + controller: app + ports: + http: + port: *port diff --git a/kubernetes/apps/default/echo-server/app/kustomization.yaml b/kubernetes/apps/default/echo-server/app/kustomization.yaml new file mode 100644 index 000000000..31975ac58 --- /dev/null +++ b/kubernetes/apps/default/echo-server/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./helmrelease.yaml + - ../../../../shared/gatus/check diff --git a/kubernetes/apps/default/echo-server/ks.yaml b/kubernetes/apps/default/echo-server/ks.yaml new file mode 100644 index 000000000..f707d720c --- /dev/null +++ b/kubernetes/apps/default/echo-server/ks.yaml @@ -0,0 +1,24 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app echo-server + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: default + path: ./kubernetes/apps/default/echo-server/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app diff --git a/kubernetes/apps/default/hajimari/app/helmrelease.yaml b/kubernetes/apps/default/hajimari/app/helmrelease.yaml new file mode 100644 index 000000000..2c4b5fcb2 --- /dev/null +++ b/kubernetes/apps/default/hajimari/app/helmrelease.yaml @@ -0,0 +1,76 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: hajimari + namespace: default +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: hajimari + version: 2.0.2 + sourceRef: + kind: HelmRepository + name: hajimari + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + hajimari: + title: Apps + darkTheme: espresso + alwaysTargetBlank: true + showGreeting: false + showAppGroups: false + showAppStatus: false + showBookmarkGroups: false + showGlobalBookmarks: false + showAppUrls: false + defaultEnable: true + namespaceSelector: + matchNames: + - default + - flux-system + - kube-system + - media + - monitoring + - networking + - storage + ingress: + app: + enabled: true + ingressClassName: nginx-default + annotations: + hajimari.io/enable: "false" + hosts: + - host: &host hajimari.${SECRET_DOMAIN} + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + podAnnotations: + configmap.reloader.stakater.com/reload: hajimari-settings + persistence: + data: + enabled: true + type: emptyDir + resources: + requests: + cpu: 5m + memory: 10Mi diff --git a/kubernetes/apps/default/hajimari/app/kustomization.yaml b/kubernetes/apps/default/hajimari/app/kustomization.yaml new file mode 100644 index 000000000..5b48b4e26 --- /dev/null +++ b/kubernetes/apps/default/hajimari/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/default/hajimari/ks.yaml b/kubernetes/apps/default/hajimari/ks.yaml new file mode 100644 index 000000000..f4593b0b9 --- /dev/null +++ b/kubernetes/apps/default/hajimari/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app hajimari + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: default + path: ./kubernetes/apps/default/hajimari/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/default/headscale/app/helmrelease.yaml b/kubernetes/apps/default/headscale/app/helmrelease.yaml new file mode 100644 index 000000000..98411f208 --- /dev/null +++ b/kubernetes/apps/default/headscale/app/helmrelease.yaml @@ -0,0 +1,360 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app headscale + namespace: default +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + app: + containers: + main: + image: + repository: ghcr.io/juanfont/headscale + tag: 0.23.0 + command: ["headscale", "serve"] + env: + TZ: ${TIMEZONE} + service: + app: + enabled: true + controller: app + # type: LoadBalancer + # externalTrafficPolicy: Cluster + ports: + http: + enabled: true + port: 443 + targetPort: 8080 + protocol: HTTPS + relay: + enabled: true + port: 3478 + protocol: UDP + metrics: + enabled: true + port: 9090 + protocol: TCP + persistence: + config: + enabled: true + type: configMap + name: "headscale-config" + advancedMounts: + app: + main: + - subPath: "config.yaml" + path: "/etc/headscale/config.yaml" + readOnly: true + configMaps: + config: + enabled: true + data: + config.yaml: |- + server_url: https://vpn.${SECET_DOMAIN}:443 + listen_addr: 0.0.0.0:8080 + metrics_listen_addr: 0.0.0.0:9090 + grpc_listen_addr: 127.0.0.1:50443 + grpc_allow_insecure: false + noise: + private_key_path: /etc/headscale/noise.key + # List of IP prefixes to allocate tailaddresses from. + # Each prefix consists of either an IPv4 or IPv6 address, + # and the associated prefix length, delimited by a slash. + # It must be within IP ranges supported by the Tailscale + # client - i.e., subnets of 100.64.0.0/10 and fd7a:115c:a1e0::/48. + # See below: + # IPv6: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#LL81C52-L81C71 + # IPv4: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#L33 + # Any other range is NOT supported, and it will cause unexpected issues. + ip_prefixes: + - fd7a:115c:a1e0::/48 + - 100.64.0.0/10 + + # DERP is a relay system that Tailscale uses when a direct + # connection cannot be established. + # https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp + # + # headscale needs a list of DERP servers that can be presented + # to the clients. + derp: + server: + # If enabled, runs the embedded DERP server and merges it into the rest of the DERP config + # The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place + enabled: false + + # Region ID to use for the embedded DERP server. + # The local DERP prevails if the region ID collides with other region ID coming from + # the regular DERP config. + region_id: 999 + + # Region code and name are displayed in the Tailscale UI to identify a DERP region + region_code: "headscale" + region_name: "Headscale Embedded DERP" + + # Listens over UDP at the configured address for STUN connections - to help with NAT traversal. + # When the embedded DERP server is enabled stun_listen_addr MUST be defined. + # + # For more details on how this works, check this great article: https://tailscale.com/blog/how-tailscale-works/ + stun_listen_addr: "0.0.0.0:3478" + + # Private key used to encrypt the traffic between headscale DERP + # and Tailscale clients. + # The private key file will be autogenerated if it's missing. + # + private_key_path: /var/lib/headscale/derp_server_private.key + + # List of externally available DERP maps encoded in JSON + urls: + - https://controlplane.tailscale.com/derpmap/default + + # Locally available DERP map files encoded in YAML + # + # This option is mostly interesting for people hosting + # their own DERP servers: + # https://tailscale.com/kb/1118/custom-derp-servers/ + # + # paths: + # - /etc/headscale/derp-example.yaml + paths: [] + + # If enabled, a worker will be set up to periodically + # refresh the given sources and update the derpmap + # will be set up. + auto_update_enabled: true + + # How often should we check for DERP updates? + update_frequency: 24h + + # Disables the automatic check for headscale updates on startup + disable_check_updates: false + + # Time before an inactive ephemeral node is deleted? + ephemeral_node_inactivity_timeout: 30m + + # Period to check for node updates within the tailnet. A value too low will severely affect + # CPU consumption of Headscale. A value too high (over 60s) will cause problems + # for the nodes, as they won't get updates or keep alive messages frequently enough. + # In case of doubts, do not touch the default 10s. + node_update_check_interval: 10s + + # SQLite config + db_type: sqlite3 + + # For production: + db_path: /var/lib/headscale/db.sqlite + + # # Postgres config + # If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank. + # db_type: postgres + # db_host: localhost + # db_port: 5432 + # db_name: headscale + # db_user: foo + # db_pass: bar + + # If other 'sslmode' is required instead of 'require(true)' and 'disabled(false)', set the 'sslmode' you need + # in the 'db_ssl' field. Refers to https://www.postgresql.org/docs/current/libpq-ssl.html Table 34.1. + # db_ssl: false + + ### TLS configuration + # + ## Let's encrypt / ACME + # + # headscale supports automatically requesting and setting up + # TLS for a domain with Let's Encrypt. + # + # URL to ACME directory + acme_url: https://acme-v02.api.letsencrypt.org/directory + + # Email to register with ACME provider + acme_email: "" + + # Domain name to request a TLS certificate for: + tls_letsencrypt_hostname: "" + + # Path to store certificates and metadata needed by + # letsencrypt + # For production: + tls_letsencrypt_cache_dir: /var/lib/headscale/cache + + # Type of ACME challenge to use, currently supported types: + # HTTP-01 or TLS-ALPN-01 + # See [docs/tls.md](docs/tls.md) for more information + tls_letsencrypt_challenge_type: HTTP-01 + # When HTTP-01 challenge is chosen, letsencrypt must set up a + # verification endpoint, and it will be listening on: + # :http = port 80 + tls_letsencrypt_listen: ":http" + + ## Use already defined certificates: + tls_cert_path: "" + tls_key_path: "" + + log: + # Output formatting for logs: text or json + format: text + level: info + + # Path to a file containg ACL policies. + # ACLs can be defined as YAML or HUJSON. + # https://tailscale.com/kb/1018/acls/ + acl_policy_path: "" + + ## DNS + # + # headscale supports Tailscale's DNS configuration and MagicDNS. + # Please have a look to their KB to better understand the concepts: + # + # - https://tailscale.com/kb/1054/dns/ + # - https://tailscale.com/kb/1081/magicdns/ + # - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/ + # + dns_config: + # Whether to prefer using Headscale provided DNS or use local. + override_local_dns: true + + # List of DNS servers to expose to clients. + nameservers: + - 1.1.1.1 + + # NextDNS (see https://tailscale.com/kb/1218/nextdns/). + # "abc123" is example NextDNS ID, replace with yours. + # + # With metadata sharing: + # nameservers: + # - https://dns.nextdns.io/abc123 + # + # Without metadata sharing: + # nameservers: + # - 2a07:a8c0::ab:c123 + # - 2a07:a8c1::ab:c123 + + # Split DNS (see https://tailscale.com/kb/1054/dns/), + # list of search domains and the DNS to query for each one. + # + # restricted_nameservers: + # foo.bar.com: + # - 1.1.1.1 + # darp.headscale.net: + # - 1.1.1.1 + # - 8.8.8.8 + + # Search domains to inject. + domains: [] + + # Extra DNS records + # so far only A-records are supported (on the tailscale side) + # See https://github.com/juanfont/headscale/blob/main/docs/dns-records.md#Limitations + # extra_records: + # - name: "grafana.myvpn.example.com" + # type: "A" + # value: "100.64.0.3" + # + # # you can also put it in one line + # - { name: "prometheus.myvpn.example.com", type: "A", value: "100.64.0.3" } + + # Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/). + # Only works if there is at least a nameserver defined. + magic_dns: true + + # Defines the base domain to create the hostnames for MagicDNS. + # `base_domain` must be a FQDNs, without the trailing dot. + # The FQDN of the hosts will be + # `hostname.user.base_domain` (e.g., _myhost.myuser.example.com_). + base_domain: example.com + + # Unix socket used for the CLI to connect without authentication + # Note: for production you will want to set this to something like: + unix_socket: /var/run/headscale/headscale.sock + unix_socket_permission: "0770" + # + # headscale supports experimental OpenID connect support, + # it is still being tested and might have some bugs, please + # help us test it. + # OpenID Connect + # oidc: + # only_start_if_oidc_is_available: true + # issuer: "https://your-oidc.issuer.com/path" + # client_id: "your-oidc-client-id" + # client_secret: "your-oidc-client-secret" + # # Alternatively, set `client_secret_path` to read the secret from the file. + # # It resolves environment variables, making integration to systemd's + # # `LoadCredential` straightforward: + # client_secret_path: "${CREDENTIALS_DIRECTORY}/oidc_client_secret" + # # client_secret and client_secret_path are mutually exclusive. + # + # # The amount of time from a node is authenticated with OpenID until it + # # expires and needs to reauthenticate. + # # Setting the value to "0" will mean no expiry. + # expiry: 180d + # + # # Use the expiry from the token received from OpenID when the user logged + # # in, this will typically lead to frequent need to reauthenticate and should + # # only been enabled if you know what you are doing. + # # Note: enabling this will cause `oidc.expiry` to be ignored. + # use_expiry_from_token: false + # + # # Customize the scopes used in the OIDC flow, defaults to "openid", "profile" and "email" and add custom query + # # parameters to the Authorize Endpoint request. Scopes default to "openid", "profile" and "email". + # + # scope: ["openid", "profile", "email", "custom"] + # extra_params: + # domain_hint: example.com + # + # # List allowed principal domains and/or users. If an authenticated user's domain is not in this list, the + # # authentication request will be rejected. + # + # allowed_domains: + # - example.com + # # Note: Groups from keycloak have a leading '/' + # allowed_groups: + # - /headscale + # allowed_users: + # - alice@example.com + # + # # If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed. + # # This will transform `first-name.last-name@example.com` to the user `first-name.last-name` + # # If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following + # user: `first-name.last-name.example.com` + # + # strip_email_domain: true + + # Logtail configuration + # Logtail is Tailscales logging and auditing infrastructure, it allows the control panel + # to instruct tailscale nodes to log their activity to a remote server. + logtail: + # Enable logtail for this headscales clients. + # As there is currently no support for overriding the log server in headscale, this is + # disabled by default. Enabling this will make your clients send logs to Tailscale Inc. + enabled: false + + # Enabling this option makes devices prefer a random port for WireGuard traffic over the + # default static port 41641. This option is intended as a workaround for some buggy + # firewall devices. See https://tailscale.com/kb/1181/firewalls/ for more information. + randomize_client_port: false diff --git a/kubernetes/apps/default/headscale/app/kustomization.yaml b/kubernetes/apps/default/headscale/app/kustomization.yaml new file mode 100644 index 000000000..5b48b4e26 --- /dev/null +++ b/kubernetes/apps/default/headscale/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/default/headscale/ks.yaml.disabled b/kubernetes/apps/default/headscale/ks.yaml.disabled new file mode 100644 index 000000000..81ef8919f --- /dev/null +++ b/kubernetes/apps/default/headscale/ks.yaml.disabled @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app headscale + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: default + dependsOn: + - name: csi-driver-nfs + path: ./kubernetes/apps/default/headscale/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/default/jdownloader/app/helmrelease.yaml b/kubernetes/apps/default/jdownloader/app/helmrelease.yaml new file mode 100644 index 000000000..e7dbc7bdf --- /dev/null +++ b/kubernetes/apps/default/jdownloader/app/helmrelease.yaml @@ -0,0 +1,88 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app jdownloader + namespace: default +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + app: + containers: + main: + image: + repository: registry.eighty-three.me/tuxpeople/jdownloader-headless + tag: pr-71 + pullPolicy: Always + resources: + requests: + cpu: 150m + memory: 250Mi + limits: + memory: 1750Mi + env: + TZ: ${TIMEZONE} + PUID: 100 + PGID: 101 + MYJD_DEVICE_NAME: Test + XDG_DOWNLOAD_DIR: /downloads + envFrom: + - secretRef: + name: jd-secret + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + defaultPodOptions: + securityContext: + runAsUser: 100 + runAsGroup: 101 + fsGroup: 101 + service: + app: + controller: app + ports: + http: + port: &port 3129 + persistence: + data: + enabled: true + type: persistentVolumeClaim + accessMode: ReadWriteOnce + size: 1Gi + storageClass: ${MAIN_SC} + globalMounts: + - path: /opt/JDownloader/cfg + downloads: + enabled: true + type: persistentVolumeClaim + accessMode: ReadWriteOnce + size: 1Gi + storageClass: ${MAIN_SC} diff --git a/kubernetes/apps/default/jdownloader/app/kustomization.yaml b/kubernetes/apps/default/jdownloader/app/kustomization.yaml new file mode 100644 index 000000000..174d4b6e6 --- /dev/null +++ b/kubernetes/apps/default/jdownloader/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./helmrelease.yaml + - ./secret.sops.yaml diff --git a/kubernetes/apps/default/jdownloader/app/secret.sops.yaml b/kubernetes/apps/default/jdownloader/app/secret.sops.yaml new file mode 100644 index 000000000..986f7255f --- /dev/null +++ b/kubernetes/apps/default/jdownloader/app/secret.sops.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Secret +metadata: + name: jd-secret +stringData: + MYJD_USER: ENC[AES256_GCM,data:ywLz3AvyJY7gIQpkW5bkIze3+Ko=,iv:iBF6e4RkJi6MqjgQI0D0qRR96UymH5v19tHG09DsJW8=,tag:7sJ0idlF0I9MfT+GWHgmmQ==,type:str] + MYJD_PASSWORD: ENC[AES256_GCM,data:lDC5wCvupHPX6ten8cAZCJfoOcA=,iv:bWuMxWkZ6IsrPXDGhu9S1TEJ9SOHdaYhouWh0Mk3vCo=,tag:9fvfpc28NkyihheVmc2FzA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPOGRIQmNTZDJaNUpDbWVq + bkwvbklvbkRpVE9RQytkeUNWamFsWUFzRzJBCk1qek5ueFBWYUF4NmptRTBqekxr + VXZDazhreHB6UnhGNXZzMTZwV0xxWkkKLS0tIERUQkhOUEhDellUWjNZRU9WU1Z0 + bWZUWDR1SUwvVnJ1SDAydXV6YS9Db3cKEygUxkjdTZjA9y7i0CHSGdfCrgGOXhp3 + 6+67/ce4guTnhNIxux7dOARTg3gjp4lVAbR4SZFkAbEIMOq1JU63aQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-20T16:10:53Z" + mac: ENC[AES256_GCM,data:zMK943Zt/uMdwb4xTSD/lAj0jRcZz68HSA262tfwI6mcT7B/THw2aDAaBUYVyNIdJsLRyNbvxYqA2V46xSgRvok0TOP67XTVIXRkcEqSRWtq69Dq0UeH2TKN+HnoUigTe3h2OamXHSTaKyTcY73rEOm1NwEX+Q0Msg7ganPTqYs=,iv:8cdYis7+SqxqTVPqPG69qrjTgz1LWzcCVbfvEQz+9eo=,tag:FPS+pxUtkDs2r+djd6J5OQ==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 diff --git a/kubernetes/apps/default/jdownloader/ks.yaml b/kubernetes/apps/default/jdownloader/ks.yaml new file mode 100644 index 000000000..7e13c81f8 --- /dev/null +++ b/kubernetes/apps/default/jdownloader/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app jdownloader + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: default + dependsOn: + - name: ${STORAGE_KUST} + path: ./kubernetes/apps/default/jdownloader/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/default/kasm/app/ingress.yaml b/kubernetes/apps/default/kasm/app/ingress.yaml new file mode 100755 index 000000000..6e9a42565 --- /dev/null +++ b/kubernetes/apps/default/kasm/app/ingress.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kasm + annotations: + external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET} + external-dns/is-public: "true" + hajimari.io/enable: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + nginx.ingress.kubernetes.io/proxy-ssl-verify: "off" + # hajimari.io/icon: printer-3d-nozzle + # nginx.ingress.kubernetes.io/auth-method: GET + # nginx.ingress.kubernetes.io/auth-url: https://auth.${SECRET_DOMAIN}/api/verify + # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_DOMAIN}?rm=$request_method + # nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + # nginx.ingress.kubernetes.io/auth-snippet: | + # proxy_set_header X-Forwarded-Method $request_method; + # proxy_set_header X-Forwarded-Scheme $scheme; +spec: + ingressClassName: nginx-default + tls: + - secretName: ${SECRET_DOMAIN/./-}-production-tls + hosts: + - kasm.${SECRET_DOMAIN} + rules: + - host: kasm.${SECRET_DOMAIN} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kasm + port: + number: 443 diff --git a/kubernetes/apps/default/kasm/app/kustomization.yaml b/kubernetes/apps/default/kasm/app/kustomization.yaml new file mode 100755 index 000000000..7e2c2a136 --- /dev/null +++ b/kubernetes/apps/default/kasm/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ingress.yaml + - service.yaml diff --git a/kubernetes/apps/default/kasm/app/service.yaml b/kubernetes/apps/default/kasm/app/service.yaml new file mode 100755 index 000000000..b686313d0 --- /dev/null +++ b/kubernetes/apps/default/kasm/app/service.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: kasm + # annotations: + # traefik.ingress.kubernetes.io/service.serversscheme: https + # traefik.ingress.kubernetes.io/service.serverstransport: networking-insecureskipverify@kubernetescrd +spec: + externalName: kasm.vm.tdeutsch.ch + ports: + - name: https + port: 443 + protocol: TCP + targetPort: 443 + sessionAffinity: None + type: ExternalName diff --git a/kubernetes/apps/default/kasm/ks.yaml b/kubernetes/apps/default/kasm/ks.yaml new file mode 100644 index 000000000..e7d1ea182 --- /dev/null +++ b/kubernetes/apps/default/kasm/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app kasm + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: default + path: ./kubernetes/apps/default/kasm/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml new file mode 100644 index 000000000..16dd1369f --- /dev/null +++ b/kubernetes/apps/default/kustomization.yaml @@ -0,0 +1,19 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - code-server/ks.yaml + - dashy/ks.yaml + - drop/ks.yaml + - echo-server/ks.yaml + - hajimari/ks.yaml + - jdownloader/ks.yaml + - kasm/ks.yaml + - linkding/ks.yaml + - octoprint/ks.yaml + - paperless/ks.yaml + - sharry/ks.yaml + - smtp-relay/ks.yaml + - webtrees/ks.yaml diff --git a/kubernetes/apps/default/linkding/app/helmrelease.yaml b/kubernetes/apps/default/linkding/app/helmrelease.yaml new file mode 100644 index 000000000..36a06a699 --- /dev/null +++ b/kubernetes/apps/default/linkding/app/helmrelease.yaml @@ -0,0 +1,199 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app linkding + namespace: default +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + app: + annotations: + reloader.stakater.com/auto: "true" + pod: + enableServiceLinks: false + containers: + main: + image: + repository: sissbruecker/linkding + tag: 1.30.0 + resources: + requests: + cpu: 12m + memory: 64M + limits: + memory: 256M + env: + TZ: ${TIMEZONE} + LD_SUPERUSER_NAME: tdeutsch + LD_ENABLE_AUTH_PROXY: "True" + LD_AUTH_PROXY_USERNAME_HEADER: "HTTP_REMOTE_USER" + LD_AUTH_PROXY_LOGOUT_URL: "https://auth.eighty-three.me/" + # to use a db see https://github.com/bjw-s/home-ops/blob/main/kubernetes/apps/selfhosted/linkding/app/helmrelease.yaml + litestream: &ls + image: + repository: "docker.io/litestream/litestream" + tag: "0.3.13" + args: ["replicate"] + env: &lsenv + LITESTREAM_ACCESS_KEY_ID: + valueFrom: + secretKeyRef: + name: "linkding-secrets" + key: "litestream-minio-id" + LITESTREAM_SECRET_ACCESS_KEY: + valueFrom: + secretKeyRef: + name: "linkding-secrets" + key: "litestream-minio-key" + MINIO_ENDPOINT: + valueFrom: + secretKeyRef: + name: "linkding-secrets" + key: "litestream-minio-endpoint" + MINIO_BUCKET: + valueFrom: + secretKeyRef: + name: "linkding-secrets" + key: "litestream-minio-bucket" + AGE_PUBKEY: + valueFrom: + secretKeyRef: + name: "linkding-secrets" + key: "litestream-age-pubkey" + resources: + requests: + cpu: 10m + memory: 128Mi + limits: + memory: 1024Mi + initContainers: + 01-litestream-restore: + <<: *ls + args: + [ + "restore", + "-if-db-not-exists", + "-if-replica-exists", + "/etc/linkding/data/db.sqlite3", + ] + env: + <<: *lsenv + AGE_SECRET: + valueFrom: + secretKeyRef: + name: "linkding-secrets" + key: "litestream-age-secret" + service: + app: + controller: app + ports: + http: + port: &port 9090 + ingress: + app: + enabled: true + className: nginx-default + annotations: + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: https://auth.${SECRET_DOMAIN}/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: | + proxy_set_header X-Forwarded-Method $request_method; + proxy_set_header X-Forwarded-Scheme $scheme; + external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET} + hajimari.io/icon: "mdi:link-variant" + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_DOMAIN}" + paths: + - path: / + pathType: Prefix + service: + identifier: app + port: *port + tls: + - hosts: + - *host + secretName: ${SECRET_DOMAIN/./-}-production-tls + persistence: + data: + enabled: true + type: persistentVolumeClaim + accessMode: ReadWriteOnce + size: 5Gi + storageClass: ${MAIN_SC} + globalMounts: + - path: /etc/linkding/data + config: + enabled: true + type: configMap + name: "linkding-config" + advancedMounts: + app: + litestream: + - &lsmnt + subPath: "litestream-replicate" + path: "/etc/litestream.yml" + readOnly: true + 01-litestream-restore: + - <<: *lsmnt + subPath: "litestream-restore" + configMaps: + config: + enabled: true + data: + litestream-replicate: | + dbs: + - path: /etc/linkding/data/db.sqlite3 + replicas: + - name: "minio" + type: "s3" + endpoint: "$${MINIO_ENDPOINT}" + bucket: "$${MINIO_BUCKET}" + path: "linkding" + force-path-style: true + retention: 168h + validation-interval: 24h + age: + recipients: + - $${AGE_PUBKEY} + litestream-restore: | + dbs: + - path: /etc/linkding/data/db.sqlite3 + replicas: + - name: "minio" + type: "s3" + endpoint: "$${MINIO_ENDPOINT}" + bucket: "$${MINIO_BUCKET}" + path: "linkding" + force-path-style: true + retention: 168h + validation-interval: 24h + age: + identities: + - $${AGE_SECRET} diff --git a/kubernetes/apps/default/linkding/app/kustomization.yaml b/kubernetes/apps/default/linkding/app/kustomization.yaml new file mode 100644 index 000000000..174d4b6e6 --- /dev/null +++ b/kubernetes/apps/default/linkding/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./helmrelease.yaml + - ./secret.sops.yaml diff --git a/kubernetes/apps/default/linkding/app/secret.sops.yaml b/kubernetes/apps/default/linkding/app/secret.sops.yaml new file mode 100644 index 000000000..f05ca8b02 --- /dev/null +++ b/kubernetes/apps/default/linkding/app/secret.sops.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Secret +metadata: + name: linkding-secrets +stringData: + litestream-minio-id: ENC[AES256_GCM,data:ud9LFBs=,iv:hVipzugG9Q61W0Rcn62so7LV3FrnX+TL9A7klTD9cG4=,tag:A2cm3erKIVcjQfqKUSLU+Q==,type:str] + litestream-minio-key: ENC[AES256_GCM,data:1lAwQSSp1hVk6Ad6C1SW4shhavzgZJKb6J3SJ4yv,iv:lhChELZSXxyoY0agEfn6s9Ebku9yv+aB08/EtKyn4cw=,tag:A75dhlq69dh2JqKYNJSAUg==,type:str] + litestream-minio-endpoint: ENC[AES256_GCM,data:AzTpxJJfSVNs7/rQe4lKFqTp6AfsRd1zCWKU1/4Rwh/p,iv:3ErXLDAH/KnencwwzyP62ueaeds1oqhKsQr6TBkYbOs=,tag:8x6A6egYrQSYqQyWb6rl7Q==,type:str] + litestream-minio-bucket: ENC[AES256_GCM,data:joCSx9jgHSmnCA==,iv:Ylo+VYU2XgS+h9G1jiDumliW54XZuh6cckfJCocRDcw=,tag:eB4kkv3zzm9qNiNsgpBoeQ==,type:str] + litestream-age-pubkey: ENC[AES256_GCM,data:MIkqI2p6zDNYsXKkFWZ3lQ6l8CC7OpumRo8f6qnNrKGviS9U0n40l3ZY6L3DgVvbWHa8MRAqOFLARSyEQvk=,iv:aw8qRHZqwaRsPui9cyDHvZXwEDW9UXNZM4cX+Ws5QLg=,tag:s7sT66GOr1L0+4H1UrHcmQ==,type:str] + litestream-age-secret: ENC[AES256_GCM,data:2q1TDMMDKpA3PtkERg5kMltNM7TVDzc66JacWOmJlMYIQGkuRisMU+L/hfXBqRtDXZwU6cxnfhxskkD1TALrPDsOZia3LGx5mxw=,iv:E6f5PqARy61vvVZY2gnv0lIT3qZ4Fq8yGOmUbUm2QVE=,tag:g2AeaRk4EZTKRFh3usNRBA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPOGRIQmNTZDJaNUpDbWVq + bkwvbklvbkRpVE9RQytkeUNWamFsWUFzRzJBCk1qek5ueFBWYUF4NmptRTBqekxr + VXZDazhreHB6UnhGNXZzMTZwV0xxWkkKLS0tIERUQkhOUEhDellUWjNZRU9WU1Z0 + bWZUWDR1SUwvVnJ1SDAydXV6YS9Db3cKEygUxkjdTZjA9y7i0CHSGdfCrgGOXhp3 + 6+67/ce4guTnhNIxux7dOARTg3gjp4lVAbR4SZFkAbEIMOq1JU63aQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-02-18T14:59:17Z" + mac: ENC[AES256_GCM,data:XY1weL+kV0bFfbarws/k/FMpoeVZIj1ydDYHIHccx1+qWndVVejqmmxtOvrYEnGPHtUyQX/T2pIz3pWaYU9HH+V4lcvQHO4LioCYTX7C4dcD/dVzEzcB3G1okNWZfOxDxnFYhf2TWfQYguB1HkxmoJFReaNrpqwULTI5R//cWM0=,iv:GVT4Y2KIqhbQZbmTplD7RanJHckxYpLEjSPoX+DXrQc=,tag:TMrQiF/sk7Ozecr3qCCk5A==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 diff --git a/kubernetes/apps/default/linkding/ks.yaml b/kubernetes/apps/default/linkding/ks.yaml new file mode 100644 index 000000000..b988dc122 --- /dev/null +++ b/kubernetes/apps/default/linkding/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app linkding + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: default + dependsOn: + - name: ${STORAGE_KUST} + path: ./kubernetes/apps/default/linkding/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/default/namespace.yaml b/kubernetes/apps/default/namespace.yaml new file mode 100644 index 000000000..5802cfa77 --- /dev/null +++ b/kubernetes/apps/default/namespace.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: default + annotations: + volsync.backube/privileged-movers: "true" + labels: + kustomize.toolkit.fluxcd.io/prune: disabled + goldilocks.fairwinds.com/enabled: "true" diff --git a/kubernetes/apps/default/octoprint/app/ingress.yaml b/kubernetes/apps/default/octoprint/app/ingress.yaml new file mode 100755 index 000000000..3b7bab9cc --- /dev/null +++ b/kubernetes/apps/default/octoprint/app/ingress.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: octoprint + annotations: + external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET} + external-dns/is-public: "true" + hajimari.io/enable: "true" + hajimari.io/icon: printer-3d-nozzle + # nginx.ingress.kubernetes.io/auth-method: GET + # nginx.ingress.kubernetes.io/auth-url: https://auth.${SECRET_DOMAIN}/api/verify + # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_DOMAIN}?rm=$request_method + # nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + # nginx.ingress.kubernetes.io/auth-snippet: | + # proxy_set_header X-Forwarded-Method $request_method; + # proxy_set_header X-Forwarded-Scheme $scheme; +spec: + ingressClassName: nginx-default + tls: + - secretName: ${SECRET_DOMAIN/./-}-production-tls + hosts: + - print.${SECRET_DOMAIN} + rules: + - host: print.${SECRET_DOMAIN} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: octoprint + port: + number: 80 diff --git a/kubernetes/apps/default/octoprint/app/kustomization.yaml b/kubernetes/apps/default/octoprint/app/kustomization.yaml new file mode 100755 index 000000000..7e2c2a136 --- /dev/null +++ b/kubernetes/apps/default/octoprint/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ingress.yaml + - service.yaml diff --git a/kubernetes/apps/default/octoprint/app/service.yaml b/kubernetes/apps/default/octoprint/app/service.yaml new file mode 100755 index 000000000..5f6664ab9 --- /dev/null +++ b/kubernetes/apps/default/octoprint/app/service.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: octoprint +spec: + externalName: octopi.home + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + sessionAffinity: None + type: ExternalName diff --git a/kubernetes/apps/default/octoprint/ks.yaml b/kubernetes/apps/default/octoprint/ks.yaml new file mode 100644 index 000000000..94197df7b --- /dev/null +++ b/kubernetes/apps/default/octoprint/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app octoprint + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: default + path: ./kubernetes/apps/default/octoprint/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/default/paperless/app/helmrelease-gotenberg.yaml b/kubernetes/apps/default/paperless/app/helmrelease-gotenberg.yaml new file mode 100644 index 000000000..90182ae5d --- /dev/null +++ b/kubernetes/apps/default/paperless/app/helmrelease-gotenberg.yaml @@ -0,0 +1,48 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: paperless-gotenberg +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + app: + annotations: + reloader.stakater.com/auto: "true" + containers: + main: + image: + repository: docker.io/gotenberg/gotenberg + tag: 8.5.1 + env: + DISABLE_GOOGLE_CHROME: "1" + service: + app: + controller: app + ports: + http: + port: 3000 diff --git a/kubernetes/apps/default/paperless/app/helmrelease-tika.yaml b/kubernetes/apps/default/paperless/app/helmrelease-tika.yaml new file mode 100644 index 000000000..e062f3399 --- /dev/null +++ b/kubernetes/apps/default/paperless/app/helmrelease-tika.yaml @@ -0,0 +1,46 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: paperless-tika +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + app: + annotations: + reloader.stakater.com/auto: "true" + containers: + main: + image: + repository: ghcr.io/paperless-ngx/tika + tag: 2.9.1-full + service: + app: + controller: app + ports: + http: + port: 9998 diff --git a/kubernetes/apps/default/paperless/app/helmrelease.yaml b/kubernetes/apps/default/paperless/app/helmrelease.yaml new file mode 100644 index 000000000..853f5d35c --- /dev/null +++ b/kubernetes/apps/default/paperless/app/helmrelease.yaml @@ -0,0 +1,146 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: paperless +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + app: + annotations: + reloader.stakater.com/auto: "true" + containers: + main: + image: + repository: ghcr.io/paperless-ngx/paperless-ngx + tag: 2.9.0 + env: + PAPERLESS_SECRET_KEY: + valueFrom: + secretKeyRef: + name: paperless-secret + key: PAPERLESS_SECRET_KEY + PAPERLESS_URL: https://{{ .Release.Name }}.${SECRET_DOMAIN} + PAPERLESS_PORT: "8080" + PAPERLESS_TIME_ZONE: ${TIMEZONE} + PAPERLESS_WEBSERVER_WORKERS: "1" + PAPERLESS_TASK_WORKERS: "1" + PAPERLESS_TIKA_ENABLED: "1" + PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://paperless-gotenberg:3000 + PAPERLESS_TIKA_ENDPOINT: http://paperless-tika:9998 + PAPERLESS_FILENAME_FORMAT: + "{created_year}/{correspondent}/{created_year}-{created_month}-{created_day} + {title}" + # Configure Remote User auth + PAPERLESS_ENABLE_HTTP_REMOTE_USER: "true" + # Configure folders + PAPERLESS_CONSUMPTION_DIR: /nfs/consume + PAPERLESS_DATA_DIR: /nfs/data + PAPERLESS_EXPORT_DIR: /nfs/export + PAPERLESS_MEDIA_ROOT: /nfs/media + # Configure folder importer + PAPERLESS_CONSUMER_POLLING: "60" + PAPERLESS_CONSUMER_RECURSIVE: "true" + PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS: "true" + # Configure OCR + PAPERLESS_OCR_LANGUAGES: deu eng + PAPERLESS_OCR_LANGUAGE: deu+eng + PAPERLESS_OCR_MODE: skip + PAPERLESS_OCR_USER_ARGS: '{"invalidate_digital_signatures": true}' + #PAPERLESS_OCR_SKIP_ARCHIVE_FILE: with_text + # Configure redis integration + PAPERLESS_REDIS: redis://paperless-redis:6379 + # Configure admin user + PAPERLESS_ADMIN_USER: + valueFrom: + secretKeyRef: + name: paperless-secret + key: PAPERLESS_ADMIN_USER + PAPERLESS_ADMIN_PASSWORD: + valueFrom: + secretKeyRef: + name: paperless-secret + key: PAPERLESS_ADMIN_PASSWORD + resources: + requests: + cpu: 500m + memory: 700M + limits: + memory: 2000M + service: + app: + controller: app + ports: + http: + port: &port 8080 + ingress: + app: + enabled: true + className: nginx-default + annotations: + hajimari.io/icon: material-symbols:scanner-outline + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: https://auth.${SECRET_DOMAIN}/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: | + proxy_set_header X-Forwarded-Method $request_method; + proxy_set_header X-Forwarded-Scheme $scheme; + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_DOMAIN}" + paths: + - path: / + pathType: Prefix + service: + identifier: app + port: http + tls: + - hosts: + - *host + secretName: ${SECRET_DOMAIN/./-}-production-tls + public: + enabled: true + className: nginx-default + annotations: + external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET} + hosts: + - host: &host2 "documents.${SECRET_CH_DOMAIN}" + paths: + - path: /share + pathType: Prefix + service: + identifier: app + port: http + tls: + - hosts: + - *host2 + secretName: ${SECRET_CH_DOMAIN/./-}-production-tls + persistence: + nfs: + type: nfs + server: 10.20.30.40 + path: /volume2/scanner diff --git a/kubernetes/apps/default/paperless/app/kustomization.yaml b/kubernetes/apps/default/paperless/app/kustomization.yaml new file mode 100644 index 000000000..35816c6f3 --- /dev/null +++ b/kubernetes/apps/default/paperless/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./secret.sops.yaml + - ./helmrelease.yaml + - ./helmrelease-gotenberg.yaml + - ./helmrelease-tika.yaml diff --git a/kubernetes/apps/default/paperless/app/secret.sops.yaml b/kubernetes/apps/default/paperless/app/secret.sops.yaml new file mode 100644 index 000000000..96d7b5dd7 --- /dev/null +++ b/kubernetes/apps/default/paperless/app/secret.sops.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Secret +metadata: + name: paperless-secret +stringData: + PAPERLESS_ADMIN_USER: ENC[AES256_GCM,data:jwQRqR7sCy0=,iv:EiS5flZ7udBl43sMMinuBk19/rt611QxZOameKLxk+0=,tag:svdAj6UPnXYu4EnLnEntQg==,type:str] + PAPERLESS_ADMIN_PASSWORD: ENC[AES256_GCM,data:KOjXQVEjwD8G7wTOB7RjTAZIANUawJboywmq8mER/6x/XCYMrLj8Dtrype+H0o76lTQ=,iv:SYFJZ6rwgAtqZ07RA2ccEZJ/1GmevOVprsXUmbdIEKk=,tag:gaU5UYXlCYDuNlXFGrgbzg==,type:str] + PAPERLESS_SECRET_KEY: ENC[AES256_GCM,data:hIAQGN3TBy+aQRPZHJ91fIi0/ZlnzmUZJqpdGW7RcSEDEB+DsRWZGw==,iv:6rDWsj8ahc9tQnpjzSzVGPInsGVe323X7HCGg6TbOG8=,tag:46lD4l4Clx7+3WD2dA8QIg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPOGRIQmNTZDJaNUpDbWVq + bkwvbklvbkRpVE9RQytkeUNWamFsWUFzRzJBCk1qek5ueFBWYUF4NmptRTBqekxr + VXZDazhreHB6UnhGNXZzMTZwV0xxWkkKLS0tIERUQkhOUEhDellUWjNZRU9WU1Z0 + bWZUWDR1SUwvVnJ1SDAydXV6YS9Db3cKEygUxkjdTZjA9y7i0CHSGdfCrgGOXhp3 + 6+67/ce4guTnhNIxux7dOARTg3gjp4lVAbR4SZFkAbEIMOq1JU63aQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-12T10:36:29Z" + mac: ENC[AES256_GCM,data:M+XOPvMJJK0GIRtE7iFhK854sVTgH+QFzkgYma6UyXUeaQhXqyF1T0Ecs/fmBzpjQNrVVKhmgvREc7zOICHGXmPC6qs+WxXuNKNnWpnZhJm/8UdsuDFUW2ew9CahZZKAUDKKL/J56ND/GfKg6bGpMde+j1XuEOAVM4Z2B51j8Ho=,iv:CC523CMBJbMKq1fQ5yTyEYuIxiHOq+DURdHVsuOidlM=,tag:Hiw79sOFXOEgn6pd76pgXA==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 diff --git a/kubernetes/apps/default/paperless/ks.yaml b/kubernetes/apps/default/paperless/ks.yaml new file mode 100644 index 000000000..e3f9f91d6 --- /dev/null +++ b/kubernetes/apps/default/paperless/ks.yaml @@ -0,0 +1,45 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app paperless-redis + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: default + path: ./kubernetes/apps/default/paperless/redis + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app paperless + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: default + dependsOn: + - name: paperless-redis + - name: ingress-nginx + path: ./kubernetes/apps/default/paperless/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/default/paperless/redis/helmrelease.yaml b/kubernetes/apps/default/paperless/redis/helmrelease.yaml new file mode 100644 index 000000000..df027e440 --- /dev/null +++ b/kubernetes/apps/default/paperless/redis/helmrelease.yaml @@ -0,0 +1,51 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: paperless-redis +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + app: + containers: + main: + image: + repository: public.ecr.aws/docker/library/redis + tag: 7.2.5 + resources: + requests: + cpu: 5m + memory: 32M + limits: + memory: 32M + service: + app: + controller: app + ports: + redis: + enabled: true + port: 6379 diff --git a/kubernetes/apps/default/paperless/redis/kustomization.yaml b/kubernetes/apps/default/paperless/redis/kustomization.yaml new file mode 100644 index 000000000..5dd7baca7 --- /dev/null +++ b/kubernetes/apps/default/paperless/redis/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/default/s3gw/app/helmrelease.yaml b/kubernetes/apps/default/s3gw/app/helmrelease.yaml new file mode 100644 index 000000000..1a7d7d8ea --- /dev/null +++ b/kubernetes/apps/default/s3gw/app/helmrelease.yaml @@ -0,0 +1,38 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app s3gw + namespace: default +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: s3gw + version: 0.23.0 + sourceRef: + kind: HelmRepository + name: s3gw-charts + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + publicDomain: s3gw.${SECRET_DOMAIN} + ui: + publicDomain: s3gw-ui.${SECRET_DOMAIN} + storageClass: + name: s3gw + create: true diff --git a/kubernetes/apps/default/s3gw/app/kustomization.yaml b/kubernetes/apps/default/s3gw/app/kustomization.yaml new file mode 100644 index 000000000..5b48b4e26 --- /dev/null +++ b/kubernetes/apps/default/s3gw/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/default/s3gw/ks.yaml.disabled b/kubernetes/apps/default/s3gw/ks.yaml.disabled new file mode 100644 index 000000000..201bc7669 --- /dev/null +++ b/kubernetes/apps/default/s3gw/ks.yaml.disabled @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app s3gw + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: default + path: ./kubernetes/apps/default/s3gw/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/default/sharry/app/config/sharry.conf b/kubernetes/apps/default/sharry/app/config/sharry.conf new file mode 100644 index 000000000..155b9eb5f --- /dev/null +++ b/kubernetes/apps/default/sharry/app/config/sharry.conf @@ -0,0 +1,67 @@ +sharry.restserver { + base-url = "https://sharry.${SECRET_DOMAIN}" + bind { + address = "0.0.0.0" + port = "9090" + } +# How files are stored. +files { + # The id of an enabled store from the `stores` array that should + # be used. + default-store = "filesystem" + stores = { + filesystem = + { enabled = true + type = "file-system" + directory = "/data" + # If true, empty directories that can be left behind after deleting + # a file are removed as well. + clean-empty-dirs = true + } + } + } + backend { + signup { + mode = "closed" + } + auth { + fixed { + enabled = false # set to true to enable this auth provider + user = "admin" + password = "admin" + order = 10 + } + oauth = [ + { + enabled = true + id = "authelia" + name = "Homelab Account" + icon = "fas fa-address-book" + scope = "profile openid email", + authorize-url = "https://auth.${SECRET_DOMAIN}/api/oidc/authorization" + token-url = "https://auth.${SECRET_DOMAIN}/api/oidc/token" + user-url = "https://auth.${SECRET_DOMAIN}/api/oidc/userinfo" + user-id-key = "preferred_username" + client-id = "sharry" + client-secret = "${SECRET_OIDC_CLIENT_SECRET_SHARRY}" + } + ] + } + } + # Configures logging + logging { + # The format for the log messages. Can be one of: + # Json, Logfmt, Fancy or Plain + format = "Fancy" + + # The minimum level to log. From lowest to highest: + # Trace, Debug, Info, Warn, Error + minimum-level = "Info" + + # Override the log level of specific loggers + levels = { + "sharry.restserver.oauth.CodeFlow" = "Trace" + "sharry.restserver.routes.LoginRoutes" = "Trace" + } + } +} diff --git a/kubernetes/apps/default/sharry/app/helmrelease.yaml b/kubernetes/apps/default/sharry/app/helmrelease.yaml new file mode 100644 index 000000000..38010409d --- /dev/null +++ b/kubernetes/apps/default/sharry/app/helmrelease.yaml @@ -0,0 +1,88 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app sharry + namespace: default +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + sharry: + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + args: + - /opt/sharry.conf + env: + TZ: ${TIMEZONE} + image: + repository: eikek0/sharry + tag: v1.13.2 + resources: + requests: + cpu: 50m + memory: 250Mi + limits: + memory: 1Gi + service: + app: + controller: *app + ports: + http: + port: 9090 + ingress: + app: + enabled: true + className: nginx-default + annotations: + external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET} + hajimari.io/icon: file-arrow-up-down-outline + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_DOMAIN}" + paths: + - path: / + service: + identifier: app + port: http + tls: + - hosts: + - *host + secretName: ${SECRET_DOMAIN/./-}-production-tls + persistence: + config-file: + globalMounts: + - path: /opt/sharry.conf + subPath: sharry.conf + name: *app + type: configMap + data: + enabled: true + type: persistentVolumeClaim + accessMode: ReadWriteOnce + size: 10Gi + storageClass: ${MAIN_SC} diff --git a/kubernetes/apps/default/sharry/app/kustomization.yaml b/kubernetes/apps/default/sharry/app/kustomization.yaml new file mode 100644 index 000000000..21bda8c97 --- /dev/null +++ b/kubernetes/apps/default/sharry/app/kustomization.yaml @@ -0,0 +1,18 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: +- ./helmrelease.yaml +configMapGenerator: +- files: + - ./config/sharry.conf + name: sharry +generatorOptions: + disableNameSuffixHash: true +labels: +- includeSelectors: true + pairs: + app.kubernetes.io/instance: sharry + app.kubernetes.io/name: sharry diff --git a/kubernetes/apps/default/sharry/ks.yaml b/kubernetes/apps/default/sharry/ks.yaml new file mode 100644 index 000000000..935ad4e19 --- /dev/null +++ b/kubernetes/apps/default/sharry/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app sharry + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: default + dependsOn: + - name: ${STORAGE_KUST} + path: ./kubernetes/apps/default/sharry/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/default/smtp-relay/app/config/maddy.conf b/kubernetes/apps/default/smtp-relay/app/config/maddy.conf new file mode 100644 index 000000000..7004b3c84 --- /dev/null +++ b/kubernetes/apps/default/smtp-relay/app/config/maddy.conf @@ -0,0 +1,24 @@ +state_dir /cache/state +runtime_dir /cache/run + +openmetrics tcp://0.0.0.0:{env:SMTP_RELAY_METRICS_PORT} { } + +tls off +hostname {env:SMTP_RELAY_HOSTNAME} + +smtp tcp://0.0.0.0:{env:SMTP_RELAY_SMTP_PORT} { + default_source { + deliver_to &remote_queue + } +} + +target.queue remote_queue { + target &remote_smtp +} + +target.smtp remote_smtp { + attempt_starttls yes + require_tls yes + auth plain {env:SMTP_RELAY_USERNAME} {env:SMTP_RELAY_PASSWORD} + targets tls://{env:SMTP_RELAY_SERVER}:{env:SMTP_RELAY_SERVER_PORT} +} diff --git a/kubernetes/apps/default/smtp-relay/app/externalsecret.yaml b/kubernetes/apps/default/smtp-relay/app/externalsecret.yaml new file mode 100644 index 000000000..96eba21c1 --- /dev/null +++ b/kubernetes/apps/default/smtp-relay/app/externalsecret.yaml @@ -0,0 +1,22 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: smtp-relay +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword + target: + name: smtp-relay-secret + template: + engineVersion: v2 + data: + SMTP_RELAY_HOSTNAME: "{{ .SMTP_RELAY_HOSTNAME }}" + SMTP_RELAY_SERVER: "{{ .SMTP_RELAY_SERVER }}" + SMTP_RELAY_USERNAME: "{{ .SMTP_RELAY_USERNAME }}" + SMTP_RELAY_PASSWORD: "{{ .SMTP_RELAY_PASSWORD }}" + dataFrom: + - extract: + key: smtp-relay diff --git a/kubernetes/apps/default/smtp-relay/app/helmrelease.yaml b/kubernetes/apps/default/smtp-relay/app/helmrelease.yaml new file mode 100644 index 000000000..c4310a087 --- /dev/null +++ b/kubernetes/apps/default/smtp-relay/app/helmrelease.yaml @@ -0,0 +1,109 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app smtp-relay + namespace: default +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + smtp-relay: + replicas: 1 + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: ghcr.io/foxcpp/maddy + tag: 0.7.1 + env: + SMTP_RELAY_SMTP_PORT: &port 25 + SMTP_RELAY_METRICS_PORT: &metricsPort 8080 + SMTP_RELAY_SERVER_PORT: 465 + envFrom: + - secretRef: + name: smtp-relay-secret + probes: + liveness: + enabled: true + readiness: + enabled: true + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + cpu: 10m + limits: + memory: 128Mi + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + seccompProfile: { type: RuntimeDefault } + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: *app + service: + app: + controller: smtp-relay + type: LoadBalancer + annotations: + io.cilium/lb-ipam-ips: ${CILIUM_LB_SMTP_ADDR} + ports: + http: + primary: true + port: *metricsPort + smtp: + port: *port + serviceMonitor: + app: + serviceName: smtp-relay + endpoints: + - port: http + scheme: http + path: /metrics + interval: 1m + scrapeTimeout: 10s + persistence: + config: + type: configMap + name: smtp-relay-configmap + globalMounts: + - path: /data/maddy.conf + subPath: maddy.conf + readOnly: true + cache: + type: emptyDir + globalMounts: + - path: /cache diff --git a/kubernetes/apps/default/smtp-relay/app/kustomization.yaml b/kubernetes/apps/default/smtp-relay/app/kustomization.yaml new file mode 100644 index 000000000..65f6edd76 --- /dev/null +++ b/kubernetes/apps/default/smtp-relay/app/kustomization.yaml @@ -0,0 +1,13 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml + - ./externalsecret.yaml +configMapGenerator: + - name: smtp-relay-configmap + files: + - maddy.conf=./config/maddy.conf +generatorOptions: + disableNameSuffixHash: true diff --git a/kubernetes/apps/default/smtp-relay/ks.yaml b/kubernetes/apps/default/smtp-relay/ks.yaml new file mode 100644 index 000000000..ae3db591a --- /dev/null +++ b/kubernetes/apps/default/smtp-relay/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app smtp-relay + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: default + dependsOn: + - name: external-secrets-secretstores + path: ./kubernetes/apps/default/smtp-relay/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/default/webtrees/app/helmrelease.yaml b/kubernetes/apps/default/webtrees/app/helmrelease.yaml new file mode 100644 index 000000000..b29253979 --- /dev/null +++ b/kubernetes/apps/default/webtrees/app/helmrelease.yaml @@ -0,0 +1,139 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: webtrees + namespace: default +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + dependsOn: + - name: webtrees-db + values: + controllers: + app: + strategy: Recreate + initContainers: + 01-init-modules: + image: + repository: busybox + pullPolicy: Always + tag: latest + command: [ + sh, + -c, + cd /var/www/html/modules_v4/; wget https://github.com/JesseWebDotCom/webtrees-theme-modern/releases/download/0.0.9/webtrees-theme-modern.0.0.9.zip + -O /tmp/webtrees-theme-modern.0.0.9.zip; unzip /tmp/webtrees-theme-modern.0.0.9.zip; + rm -f /tmp/webtrees-theme-modern.0.0.9.zip, + ] + containers: + main: + image: + repository: docker.io/dtjs48jkt/webtrees + tag: 2.1.20 + env: + DISABLE_SSL: "TRUE" + PRETTYURLSl: "TRUE" + ENABLE_REMOTE_USER: "TRUE" + HEADER_AUTH_VAR: Remote-User + PORT: "80" + BASE_URL: https://{{ .Release.Name }}.${SECRET_DOMAIN} + DB_HOST: webtrees-db-mariadb + DB_NAME: webtrees + DB_USER: webtrees + DB_PASSWORD: + valueFrom: + secretKeyRef: + name: mariadb-secret + key: mariadb-password + WT_ADMINPW: + valueFrom: + secretKeyRef: + name: webtrees-admin-pass + key: password + # probes: + # liveness: &probes + # enabled: true + # custom: true + # spec: + # httpGet: + # path: / + # port: *port + # initialDelaySeconds: 0 + # periodSeconds: 10 + # timeoutSeconds: 1 + # failureThreshold: 3 + # readiness: *probes + resources: + requests: + cpu: 5m + memory: 10Mi + limits: + memory: 500Mi + service: + app: + controller: app + ports: + http: + port: &port 80 + ingress: + app: + annotations: + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: https://auth.${SECRET_DOMAIN}/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: | + proxy_set_header X-Forwarded-Method $request_method; + proxy_set_header X-Forwarded-Scheme $scheme; + enabled: true + className: nginx-default + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_DOMAIN}" + paths: + - path: / + pathType: Prefix + service: + identifier: app + port: *port + tls: + - hosts: + - *host + persistence: + data: + enabled: true + type: persistentVolumeClaim + accessMode: ReadWriteOnce + size: 5Gi + storageClass: ${MAIN_SC} + globalMounts: + - path: /var/www/html/data + subPath: data + modules: + enabled: true + type: emptyDir + globalMounts: + - path: /var/www/html/modules_v4 + subPath: modules_v4 diff --git a/kubernetes/apps/default/webtrees/app/kustomization.yaml b/kubernetes/apps/default/webtrees/app/kustomization.yaml new file mode 100644 index 000000000..09604b858 --- /dev/null +++ b/kubernetes/apps/default/webtrees/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./helmrelease.yaml + - secret.sops.yaml diff --git a/kubernetes/apps/default/webtrees/app/secret.sops.yaml b/kubernetes/apps/default/webtrees/app/secret.sops.yaml new file mode 100644 index 000000000..121d33319 --- /dev/null +++ b/kubernetes/apps/default/webtrees/app/secret.sops.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Secret +metadata: + name: webtrees-admin-pass +stringData: + password: ENC[AES256_GCM,data:6BRzjNC+WOZpG8s3,iv:UIpZKleh3hLQb9fPtjA8jz+YhD7e/Un7aOCoGQM0vzE=,tag:YJkW1/1Ea78JyF1q6qa66g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPOGRIQmNTZDJaNUpDbWVq + bkwvbklvbkRpVE9RQytkeUNWamFsWUFzRzJBCk1qek5ueFBWYUF4NmptRTBqekxr + VXZDazhreHB6UnhGNXZzMTZwV0xxWkkKLS0tIERUQkhOUEhDellUWjNZRU9WU1Z0 + bWZUWDR1SUwvVnJ1SDAydXV6YS9Db3cKEygUxkjdTZjA9y7i0CHSGdfCrgGOXhp3 + 6+67/ce4guTnhNIxux7dOARTg3gjp4lVAbR4SZFkAbEIMOq1JU63aQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-06T12:03:59Z" + mac: ENC[AES256_GCM,data:HgqRShiHLjWGG5qDgUQPe9Xu69YItk7i/g1qsYXm0XZcsgel/yu9YhhyxFyGcLOnS4W2c+jvvGfddExtZ2APVgenQfyGjhVCFkP7wkNCODkqR2c2xjnwoiHyyNGvHXazausdd/iILXjxIzUTe1oz8fxIGOocRAfpXt6HMCemRyk=,iv:69nAetjFY58TwI461MW28HbGC0raR9UidRc2+Uc+mxE=,tag:OEPsGnt9267aBPc+Ow+HEA==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/kubernetes/apps/default/webtrees/db/cronjob.yaml b/kubernetes/apps/default/webtrees/db/cronjob.yaml new file mode 100644 index 000000000..c6064194b --- /dev/null +++ b/kubernetes/apps/default/webtrees/db/cronjob.yaml @@ -0,0 +1,53 @@ +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: webtrees-db-mariadb +spec: + suspend: false + schedule: "@daily" + concurrencyPolicy: Forbid + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 1 + jobTemplate: + spec: + template: + spec: + containers: + - name: alpine + image: alpine + env: + - name: DATABASES + value: webtrees + - name: MARIADB_HOST + value: webtrees-db-mariadb + - name: MARIADB_USER + value: root + - name: MYSQL_PWD + valueFrom: + secretKeyRef: + name: mariadb-secret + key: mariadb-root-password + command: + - /bin/sh + args: + - -c + - | + set -xe + DATE=$(date +%Y-%m-%d) + apk update + apk add mysql-client py-pip + mkdir -p /var/nfs/webtrees-db/$DATE + cd /var/nfs/webtrees-db + for DATABASE in $${DATABASES}; do + mysqldump -h $MARIADB_HOST -u $MARIADB_USER $DATABASE | gzip > $DATE/$DATABASE.sql.gz + done + volumeMounts: + - name: nfs-vol + mountPath: /var/nfs + restartPolicy: OnFailure + volumes: + - name: nfs-vol + nfs: + server: 10.20.30.40 + path: /volume2/data/backup/kubernetes diff --git a/kubernetes/apps/default/webtrees/db/helmrelease.yaml b/kubernetes/apps/default/webtrees/db/helmrelease.yaml new file mode 100644 index 000000000..5f3f2eb10 --- /dev/null +++ b/kubernetes/apps/default/webtrees/db/helmrelease.yaml @@ -0,0 +1,46 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: webtrees-db + namespace: default +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: mariadb + version: 18.2.0 + sourceRef: + kind: HelmRepository + name: bitnami + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + auth: + existingSecret: mariadb-secret + database: webtrees + username: webtrees + primary: + extraEnvVars: + - name: TZ + value: ${TIMEZONE} + - name: MYSQL_PASSWORD + value: $(MARIADB_ROOT_PASSWORD) + volumePermissions: + enabled: true + global: + storageClass: ${MAIN_SC} diff --git a/kubernetes/apps/default/webtrees/db/kustomization.yaml b/kubernetes/apps/default/webtrees/db/kustomization.yaml new file mode 100644 index 000000000..30f1560f9 --- /dev/null +++ b/kubernetes/apps/default/webtrees/db/kustomization.yaml @@ -0,0 +1,9 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./helmrelease.yaml + - cronjob.yaml + - secret.sops.yaml diff --git a/kubernetes/apps/default/webtrees/db/secret.sops.yaml b/kubernetes/apps/default/webtrees/db/secret.sops.yaml new file mode 100644 index 000000000..b04a00975 --- /dev/null +++ b/kubernetes/apps/default/webtrees/db/secret.sops.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mariadb-secret +stringData: + mariadb-password: ENC[AES256_GCM,data:nNPB9rKCgg4TEt9T8KFk66wKV+bYkgNZSiZ/JB3U,iv:FTmlo2rrVvxsvlaMnwq4Uruu3C67TNBiPzNVmrkuqbU=,tag:PWPeoUwZN56egnCj3uUmmA==,type:str] + mariadb-root-password: ENC[AES256_GCM,data:A/wBQqbSJlEHngKw94VmFIqT7fI28q83L+Mwa/mP,iv:D6wGpLfhv2VYiZUa6SM7v/W5PL3mPwrp++DaRAUOJu4=,tag:q/L53cb3liEuLfa/IPS1Sw==,type:str] + mariadb-replication-password: ENC[AES256_GCM,data:vq/nUN/L3av+AUsJg1rs/7O7pUtbrLPXGrUS99Sr,iv:YshZjFEDUI2uejrUn+TtBoLmpfdJGJerYwat1H1XDFM=,tag:sO7py4jmlg0L/jPUQMU73g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPOGRIQmNTZDJaNUpDbWVq + bkwvbklvbkRpVE9RQytkeUNWamFsWUFzRzJBCk1qek5ueFBWYUF4NmptRTBqekxr + VXZDazhreHB6UnhGNXZzMTZwV0xxWkkKLS0tIERUQkhOUEhDellUWjNZRU9WU1Z0 + bWZUWDR1SUwvVnJ1SDAydXV6YS9Db3cKEygUxkjdTZjA9y7i0CHSGdfCrgGOXhp3 + 6+67/ce4guTnhNIxux7dOARTg3gjp4lVAbR4SZFkAbEIMOq1JU63aQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-06T17:00:15Z" + mac: ENC[AES256_GCM,data:H1Q4WDW2gkYUtqEARPCNEG0rNMI+ZZtIAoHYH7KSbi/s0esBFzRzPF6f6L1tU+C+Phhd73IKlmUY7XkkjZIZSsCMZh/X/gMlFIH9T7HZsCV8XhmXWPXwfXN1+HQp2wA6UxVq24BGV0r2ZXJmy5+HSanf90XGyRTPUlgmUE2j59A=,iv:R75EhMLD70DOjAmIBywChsl+bFvkC9Rp7ihUc6H2PAQ=,tag:km4UxZ1ZFwAHiBsH9nbrDg==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/kubernetes/apps/default/webtrees/ks.yaml b/kubernetes/apps/default/webtrees/ks.yaml new file mode 100644 index 000000000..9fff9f0e8 --- /dev/null +++ b/kubernetes/apps/default/webtrees/ks.yaml @@ -0,0 +1,47 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app webtrees + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: default + dependsOn: + - name: ${STORAGE_KUST} + - name: webtrees-db + path: ./kubernetes/apps/default/webtrees/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app webtrees-db + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: default + dependsOn: + - name: ${STORAGE_KUST} + path: ./kubernetes/apps/default/webtrees/db + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/flux-system/addons/ks.yaml b/kubernetes/apps/flux-system/addons/ks.yaml new file mode 100644 index 000000000..6c503da7b --- /dev/null +++ b/kubernetes/apps/flux-system/addons/ks.yaml @@ -0,0 +1,44 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app flux-webhooks + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: flux-system + path: ./kubernetes/apps/flux-system/addons/webhooks + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app flux-monitoring + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: flux-system + dependsOn: + - name: kube-prometheus-stack + path: ./kubernetes/apps/flux-system/addons/monitoring + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/flux-system/addons/monitoring/kustomization.yaml b/kubernetes/apps/flux-system/addons/monitoring/kustomization.yaml new file mode 100644 index 000000000..247c03744 --- /dev/null +++ b/kubernetes/apps/flux-system/addons/monitoring/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: flux-system +resources: + - ./podmonitor.yaml + - ./prometheusrule.yaml diff --git a/kubernetes/apps/flux-system/addons/monitoring/podmonitor.yaml b/kubernetes/apps/flux-system/addons/monitoring/podmonitor.yaml new file mode 100644 index 000000000..8d09c127e --- /dev/null +++ b/kubernetes/apps/flux-system/addons/monitoring/podmonitor.yaml @@ -0,0 +1,32 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/podmonitor_v1.json +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: flux-system + namespace: flux-system + labels: + app.kubernetes.io/part-of: flux + app.kubernetes.io/component: monitoring +spec: + namespaceSelector: + matchNames: + - flux-system + selector: + matchExpressions: + - key: app + operator: In + values: + - helm-controller + - source-controller + - kustomize-controller + - notification-controller + - image-automation-controller + - image-reflector-controller + podMetricsEndpoints: + - port: http-prom + relabelings: + # Ref: https://github.com/prometheus-operator/prometheus-operator/issues/4816 + - sourceLabels: [__meta_kubernetes_pod_phase] + action: keep + regex: Running diff --git a/kubernetes/apps/flux-system/addons/monitoring/prometheusrule.yaml b/kubernetes/apps/flux-system/addons/monitoring/prometheusrule.yaml new file mode 100644 index 000000000..4257e56de --- /dev/null +++ b/kubernetes/apps/flux-system/addons/monitoring/prometheusrule.yaml @@ -0,0 +1,32 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/prometheusrule_v1.json +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: flux-rules + namespace: flux-system +spec: + groups: + - name: flux.rules + rules: + - alert: FluxComponentAbsent + annotations: + summary: Flux component has disappeared from Prometheus target discovery. + expr: | + absent(up{job=~".*flux-system.*"} == 1) + for: 15m + labels: + severity: critical + - alert: FluxReconciliationFailure + annotations: + summary: >- + {{ $labels.kind }} {{ $labels.namespace }}/{{ $labels.name }} reconciliation + has been failing for more than 15 minutes. + expr: | + max(gotk_reconcile_condition{status="False",type="Ready"}) by (namespace, name, kind) + + + on(namespace, name, kind) (max(gotk_reconcile_condition{status="Deleted"}) + by (namespace, name, kind)) * 2 == 1 + for: 15m + labels: + severity: critical diff --git a/kubernetes/apps/flux-system/addons/webhooks/github/ingress.yaml b/kubernetes/apps/flux-system/addons/webhooks/github/ingress.yaml new file mode 100644 index 000000000..a618c4eb1 --- /dev/null +++ b/kubernetes/apps/flux-system/addons/webhooks/github/ingress.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: flux-webhook + namespace: flux-system + annotations: + external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET} + hajimari.io/enable: "false" +spec: + ingressClassName: nginx-default + rules: + - host: &host flux-webhook.${SECRET_DOMAIN} + http: + paths: + - path: /hook/ + pathType: Prefix + backend: + service: + name: webhook-receiver + port: + number: 80 + tls: + - hosts: + - *host diff --git a/kubernetes/apps/flux-system/addons/webhooks/github/kustomization.yaml b/kubernetes/apps/flux-system/addons/webhooks/github/kustomization.yaml new file mode 100644 index 000000000..5461805cb --- /dev/null +++ b/kubernetes/apps/flux-system/addons/webhooks/github/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./secret.sops.yaml + - ./ingress.yaml + - ./receiver.yaml diff --git a/kubernetes/apps/flux-system/addons/webhooks/github/receiver.yaml b/kubernetes/apps/flux-system/addons/webhooks/github/receiver.yaml new file mode 100644 index 000000000..539938f37 --- /dev/null +++ b/kubernetes/apps/flux-system/addons/webhooks/github/receiver.yaml @@ -0,0 +1,27 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/receiver_v1.json +apiVersion: notification.toolkit.fluxcd.io/v1 +kind: Receiver +metadata: + name: github-receiver + namespace: flux-system +spec: + type: github + events: + - ping + - push + secretRef: + name: github-webhook-token-secret + resources: + - apiVersion: source.toolkit.fluxcd.io/v1 + kind: GitRepository + name: k8s-homelab + namespace: flux-system + - apiVersion: kustomize.toolkit.fluxcd.io/v1 + kind: Kustomization + name: cluster + namespace: flux-system + - apiVersion: kustomize.toolkit.fluxcd.io/v1 + kind: Kustomization + name: cluster-apps + namespace: flux-system diff --git a/kubernetes/apps/flux-system/addons/webhooks/github/secret.sops.yaml b/kubernetes/apps/flux-system/addons/webhooks/github/secret.sops.yaml new file mode 100644 index 000000000..b562b05c9 --- /dev/null +++ b/kubernetes/apps/flux-system/addons/webhooks/github/secret.sops.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Secret +metadata: + name: github-webhook-token-secret + namespace: flux-system +stringData: + token: ENC[AES256_GCM,data:McF5xuPC6L4D6y8g/HrqSsNRLCy619V0wbfth0NZ3QxLMS0DTfN0FA==,iv:+EpxHwfcYq8WiSux2kaG2YWDxTLRZWi+sucPv7KU7kM=,tag:xisWLDvWCY6LMCFVKTnEDA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5S2pObnRxYktkL0U5cnVN + ZW1ITng4Y0l3a0hxenhVaWZoZGdLSEw3MUUwCnE5WlB2Mll3ZXNrMTJsNG5ibTla + Z0FnS2x4SFJOb3pRS25KdldtT3VhRHcKLS0tIERreS96cEVqenVDeFVLSDRaVXN1 + Mnc2MHFEcjUrVnlYeDhvdndTOHFQVDgK6isR4z6XxWv3nfgK/j2ciCWgBcYOk9+h + TGl2VveQqiDOvkvcIcZk5if+umc9xMGdWUV0/l/BPua/YTXrH4dtgA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-06-22T20:19:21Z" + mac: ENC[AES256_GCM,data:ZIuU6g3xQJbRqZ/f8nRf5gvzLLimX6x9HrpRTPIVkK8zIGk/TsrhqXWUFyucZPUfCYIa4mzQ/mtzBi1joRly32ubpdX2J830DOv5qpERX6OC8uAHDobvAqeeP5v5klj3dMPcwnd+rSuguaKtOQ4BIYCM9X3H0jorXqmvkdikoxs=,iv:Imze6rJ1iQ0CSjFjlg0DCHQQRaqJnT1AVc5vaHF1JQs=,tag:6R+FZX4VcfzTbicrv2CPLw==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/kubernetes/apps/flux-system/addons/webhooks/kustomization.yaml b/kubernetes/apps/flux-system/addons/webhooks/kustomization.yaml new file mode 100644 index 000000000..08c1780f0 --- /dev/null +++ b/kubernetes/apps/flux-system/addons/webhooks/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./github diff --git a/kubernetes/apps/flux-system/kustomization.yaml b/kubernetes/apps/flux-system/kustomization.yaml new file mode 100644 index 000000000..10587f8c9 --- /dev/null +++ b/kubernetes/apps/flux-system/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./namespace.yaml + - ./webhooks/ks.yaml diff --git a/kubernetes/apps/flux-system/namespace.yaml b/kubernetes/apps/flux-system/namespace.yaml new file mode 100644 index 000000000..b48db4521 --- /dev/null +++ b/kubernetes/apps/flux-system/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: flux-system + labels: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml b/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml new file mode 100644 index 000000000..517e26a13 --- /dev/null +++ b/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml @@ -0,0 +1,79 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: weave-gitops + namespace: flux-system +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: weave-gitops + version: 4.0.36 + sourceRef: + kind: HelmRepository + name: weave-gitops + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + envVars: + - name: WEAVE_GITOPS_FEATURE_TENANCY + value: "true" + - name: WEAVE_GITOPS_FEATURE_CLUSTER + value: "true" + - name: WEAVE_GITOPS_FEATURE_TELEMETRY + value: "true" + - name: WEAVE_GITOPS_FEATURE_OIDC_BUTTON_LABEL + value: "Login with Homelab Account" + additionalArgs: + - --auth-methods=oidc + adminUser: + create: true + createSecret: false + username: admin + ingress: + enabled: true + className: nginx-default + annotations: + hajimari.io/icon: sawtooth-wave + hosts: + - host: &host gitops.${SECRET_DOMAIN} + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + networkPolicy: + create: false + metrics: + enabled: true + logLevel: info + rbac: + create: true + #impersonationResourceNames: ["tdeutsch"] + additionalRules: + - apiGroups: + - "infra.contrib.fluxcd.io" + resources: + - "terraforms" + verbs: + - "get" + - "list" + - "patch" + podAnnotations: + secret.reloader.stakater.com/reload: auto diff --git a/kubernetes/apps/flux-system/weave-gitops/app/kustomization.yaml b/kubernetes/apps/flux-system/weave-gitops/app/kustomization.yaml new file mode 100644 index 000000000..b052c4752 --- /dev/null +++ b/kubernetes/apps/flux-system/weave-gitops/app/kustomization.yaml @@ -0,0 +1,9 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: flux-system +resources: + - ./secret.sops.yaml + - ./helmrelease.yaml + - ./rbac.yaml diff --git a/kubernetes/apps/flux-system/weave-gitops/app/rbac.yaml b/kubernetes/apps/flux-system/weave-gitops/app/rbac.yaml new file mode 100644 index 000000000..639c8be31 --- /dev/null +++ b/kubernetes/apps/flux-system/weave-gitops/app/rbac.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: wego-admin-oidc +subjects: + - name: applications_weave_gitops + apiGroup: rbac.authorization.k8s.io + kind: Group +roleRef: + name: wego-admin-cluster-role + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole diff --git a/kubernetes/apps/flux-system/weave-gitops/app/secret.sops.yaml b/kubernetes/apps/flux-system/weave-gitops/app/secret.sops.yaml new file mode 100644 index 000000000..263f40594 --- /dev/null +++ b/kubernetes/apps/flux-system/weave-gitops/app/secret.sops.yaml @@ -0,0 +1,62 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cluster-user-auth +type: Opaque +stringData: + username: ENC[AES256_GCM,data:aHlxRYU=,iv:60reJkyMOYEeWMgCo7Zx8/gqmex8P9Awk7efxED1Ljg=,tag:vrDIIzGoiiT6ZtrQ0owwLA==,type:str] + password: ENC[AES256_GCM,data:bcfEbqN59hOZK1v2e7Rz4OCelTJfwn3/ipL/J0BVW5iJwfkrdK12YyI2a+nftfQ+oP4xfwTOydyGMqaG,iv:7h9l+4IG/yVzxT0XhF6WZBFEdAp2HP5Qf22h515sr+w=,tag:oYzU2vdKennNs8AyLGvI6Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnSXhrY3B1NEQxeXhDT2Zu + dk9pbHdFbUdiaFZSclhYcnBvU2pJV3BJSENjCmxQSXB3Z0l2Rm5KWlRXR2dEeGF1 + MzFhYzNlejlJeXFBakNmbDRwM3ZzL28KLS0tIHJKbTdBQVlXeU9wMkxmbStHOVkz + MmpVU3VvMnZPVkxMbE8rODJoWjZ2ancKjyVxWUYsgUCNuqFmk08gBCn8odPWWgLO + yn5cRcqN/F/pwIOH6OcFIApcq1zb4rp/r5PevMrkWur+Kk/BIfS2pA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-11T15:22:59Z" + mac: ENC[AES256_GCM,data:XEt81r5Zw4Uc21TN4cjw6O5NEZ4i+72NtoplCeUgkvlZb+VDRfjB75ruY1xxjQunS93BEceR/va/IfKfDCHSAw4xPq+gYOKP/R2cViCJBD21s8+wLyFGJcf4XTHHjEhTxddepjfstwZgwxkf1iHO4d6fd6ha+kt/RSMs//Cqx2s=,iv:1sQ//wjgOJkNmKjxdzLk8MglIarBiyKKHc97vrDh6as=,tag:lcWJJsUR/leCg17Rf/CbgA==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 +--- +apiVersion: v1 +kind: Secret +metadata: + name: oidc-auth +type: Opaque +stringData: + issuerURL: ENC[AES256_GCM,data:Hx4B45J4TYgWCF04oRpfv0TYYCxcUyIxea/plUw=,iv:/KzQdvuuG5bSnq+cJJY3tQZ9dPV4YH7wDsX/ZkuZhjU=,tag:j7Z15/zu0JpMs1uBc7gsBQ==,type:str] + clientID: ENC[AES256_GCM,data:dNo1AVjgnhYh1qO6,iv:Qf+X/2CV8uhEgHtPSd8pPTdKWVPGnAOzUS95TlrV+Eg=,tag:JA+eCkMMrccff/rtUBEgtA==,type:str] + clientSecret: ENC[AES256_GCM,data:8kwh8WF/kljnun8D7GWXY1r4pIfbH0fv3RjuivShXfX3mkJO9IEac9Czx7lczoMhjv72P1KlzGdHT8sF1jySZ7xL+9bDLWed,iv:hiNPXCtvg0jbDyUsv0+AkPG1VhHNukusR27ydiwVxIA=,tag:R7xNIx5a390Cz6A9QgV+uw==,type:str] + redirectURL: ENC[AES256_GCM,data:LDSv6y/cJUbAtGOTMIg0SyrZX0JpxjIBVq1vvw18avnNpC8fbFVADGo3uCdV5Dc=,iv:7SghsWeT9+GlCplHd58YiaVxLUSTzGSHxa0W4Bg1IFA=,tag:XVeJAh+GD9/HsDom4KDcxA==,type:str] + customScopes: ENC[AES256_GCM,data:VQ6U1ZVwiepyzOhqzQBaSAzE1lf1DTT/LS+Z,iv:Z16ePw40l9fiz5YlGn0obbpesJtA1bLyN8w3V/nkxyA=,tag:2dta/VACAzwarQfiEWu3MA==,type:str] + claimGroups: ENC[AES256_GCM,data:azv0dCCR,iv:LMYSgkHn4rnhJV1K0tceTboxioyzQMuYnK8hd5US5FQ=,tag:kdsHP//dWyannFmc6gNrEw==,type:str] + claimUsername: ENC[AES256_GCM,data:CNfMjcRTy3YAbW/8QRmnoccH,iv:G7Ezf1bQj1/1TI89YGmM8mT7wYpFZBN4EvniuLD6ySM=,tag:ysJHiM6qZjp9jkGuOiaqdQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnSXhrY3B1NEQxeXhDT2Zu + dk9pbHdFbUdiaFZSclhYcnBvU2pJV3BJSENjCmxQSXB3Z0l2Rm5KWlRXR2dEeGF1 + MzFhYzNlejlJeXFBakNmbDRwM3ZzL28KLS0tIHJKbTdBQVlXeU9wMkxmbStHOVkz + MmpVU3VvMnZPVkxMbE8rODJoWjZ2ancKjyVxWUYsgUCNuqFmk08gBCn8odPWWgLO + yn5cRcqN/F/pwIOH6OcFIApcq1zb4rp/r5PevMrkWur+Kk/BIfS2pA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-11T15:22:59Z" + mac: ENC[AES256_GCM,data:XEt81r5Zw4Uc21TN4cjw6O5NEZ4i+72NtoplCeUgkvlZb+VDRfjB75ruY1xxjQunS93BEceR/va/IfKfDCHSAw4xPq+gYOKP/R2cViCJBD21s8+wLyFGJcf4XTHHjEhTxddepjfstwZgwxkf1iHO4d6fd6ha+kt/RSMs//Cqx2s=,iv:1sQ//wjgOJkNmKjxdzLk8MglIarBiyKKHc97vrDh6as=,tag:lcWJJsUR/leCg17Rf/CbgA==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 diff --git a/kubernetes/apps/flux-system/weave-gitops/ks.yaml b/kubernetes/apps/flux-system/weave-gitops/ks.yaml new file mode 100644 index 000000000..34924e1af --- /dev/null +++ b/kubernetes/apps/flux-system/weave-gitops/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app weave-gitops + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: flux-system + path: ./kubernetes/apps/flux-system/weave-gitops/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/flux-system/webhooks/app/github/ingress.yaml b/kubernetes/apps/flux-system/webhooks/app/github/ingress.yaml new file mode 100644 index 000000000..f73d24145 --- /dev/null +++ b/kubernetes/apps/flux-system/webhooks/app/github/ingress.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: flux-webhook + annotations: + external-dns.alpha.kubernetes.io/target: "talos-test.${SECRET_DOMAIN}" +spec: + ingressClassName: external + rules: + - host: "flux-webhook-test.${SECRET_DOMAIN}" + http: + paths: + - path: /hook/ + pathType: Prefix + backend: + service: + name: webhook-receiver + port: + number: 80 diff --git a/kubernetes/apps/flux-system/webhooks/app/github/kustomization.yaml b/kubernetes/apps/flux-system/webhooks/app/github/kustomization.yaml new file mode 100644 index 000000000..786e654a5 --- /dev/null +++ b/kubernetes/apps/flux-system/webhooks/app/github/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./secret.sops.yaml + - ./ingress.yaml + - ./receiver.yaml diff --git a/kubernetes/apps/flux-system/webhooks/app/github/receiver.yaml b/kubernetes/apps/flux-system/webhooks/app/github/receiver.yaml new file mode 100644 index 000000000..d178f1c3c --- /dev/null +++ b/kubernetes/apps/flux-system/webhooks/app/github/receiver.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: notification.toolkit.fluxcd.io/v1 +kind: Receiver +metadata: + name: github-receiver +spec: + type: github + events: + - ping + - push + secretRef: + name: github-webhook-token-secret + resources: + - apiVersion: source.toolkit.fluxcd.io/v1 + kind: GitRepository + name: k8s-homelab + namespace: flux-system + - apiVersion: kustomize.toolkit.fluxcd.io/v1 + kind: Kustomization + name: cluster + namespace: flux-system + - apiVersion: kustomize.toolkit.fluxcd.io/v1 + kind: Kustomization + name: cluster-apps + namespace: flux-system diff --git a/kubernetes/apps/flux-system/webhooks/app/github/secret.sops.yaml b/kubernetes/apps/flux-system/webhooks/app/github/secret.sops.yaml new file mode 100644 index 000000000..b3840b3ce --- /dev/null +++ b/kubernetes/apps/flux-system/webhooks/app/github/secret.sops.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Secret +metadata: + name: github-webhook-token-secret +stringData: + token: ENC[AES256_GCM,data:Hq3sq3Bx2lA9lR3VTrp/wFRu0H0Z2L0KYhuJ9pyQstLReBP0mEsXvA==,iv:+3DogYobxrJFSb/i4UWqBhOPskPK4Vl4rqDWZDqz3fI=,tag:IO24BiAZWX1fx6KAIY8NXg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHcEVWaElXSk5SMlZkbXhi + bzh1SnBkbkNOR29xUkcvUXRHaVF4L0lmQkdVClpPaW5vK1JLNFhyWWZQVTJLN1o0 + MnUrVng3Rm9ud01EOVlOdUhLQ1MvRHMKLS0tIElVTGJocEZwalRPZ1NaK2N3OVJU + OFNsS2ZWRU56dDJHVnMzVjVuMmZ0RmsKrkfd95lbclnJ7lVXJtKwDZ0MpM4yZk0B + C5lyghqbiSMl1khr8JdHdmTI2rQ3rdYAc4rRAy43RXMcumwF6NRHNA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-05T07:10:13Z" + mac: ENC[AES256_GCM,data:Ljc4MTq1ASyo3W1OLXTqs9bqabmp+40adrS6FKd1hxPcBYag4GM9hdt5yoHZ7qyirRpcOh4Ayd3sSEkCc9MT/p5wdLtLbnu0fjlx0lzVUK6X5e2hbilA67aHlyY2qFdCDSeiTiqLlVjQ+id9ZmgJ5myrjM0G86EUhhbA7baA6Bk=,iv:Ny+YRpcOZFZLmBJv+fUPDmc5u8oBzyXYHK2kd0lgTCU=,tag:B7/DORfbGSZBOKSX2427YQ==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 diff --git a/kubernetes/apps/flux-system/webhooks/app/kustomization.yaml b/kubernetes/apps/flux-system/webhooks/app/kustomization.yaml new file mode 100644 index 000000000..ccd8b3eb8 --- /dev/null +++ b/kubernetes/apps/flux-system/webhooks/app/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./github diff --git a/kubernetes/apps/flux-system/webhooks/ks.yaml b/kubernetes/apps/flux-system/webhooks/ks.yaml new file mode 100644 index 000000000..afa7b0e84 --- /dev/null +++ b/kubernetes/apps/flux-system/webhooks/ks.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app flux-webhooks + namespace: flux-system +spec: + targetNamespace: flux-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/flux-system/webhooks/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/games/kustomization.yaml b/kubernetes/apps/games/kustomization.yaml new file mode 100644 index 000000000..34e5e87c5 --- /dev/null +++ b/kubernetes/apps/games/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + # - minecraft-server/ks.yaml diff --git a/kubernetes/apps/games/minecraft-server/app/backup-sa.yaml b/kubernetes/apps/games/minecraft-server/app/backup-sa.yaml new file mode 100644 index 000000000..2a7b72429 --- /dev/null +++ b/kubernetes/apps/games/minecraft-server/app/backup-sa.yaml @@ -0,0 +1,29 @@ +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: backup-role +rules: + - apiGroups: [""] + resources: ["services", "pods", "pods/log"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["create"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: backup-sa +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: backup-role-binding +subjects: + - kind: ServiceAccount + name: backup-sa +roleRef: + kind: Role + name: backup-role + apiGroup: "" diff --git a/kubernetes/apps/games/minecraft-server/app/helmrelease-creative.yaml b/kubernetes/apps/games/minecraft-server/app/helmrelease-creative.yaml new file mode 100644 index 000000000..ecd29a5d0 --- /dev/null +++ b/kubernetes/apps/games/minecraft-server/app/helmrelease-creative.yaml @@ -0,0 +1,111 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app minecraft-server-creative +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: minecraft-bedrock + version: 2.8.0 + sourceRef: + kind: HelmRepository + name: minecraft-server-charts + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + persistence: + storageClass: ${MAIN_SC} + dataDir: + enabled: true + Size: 5Gi + resources: + requests: + cpu: 750m + memory: 750Mi + limits: + memory: 3Gi + livenessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 5 + failureThreshold: 10 + readinessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 5 + failureThreshold: 10 + startupProbe: + enabled: true + failureThreshold: 120 + periodSeconds: 10 + initialDelaySeconds: 120 + extraEnv: + ENABLE_AUTOPAUSE: false + TZ: ${TIMEZONE} + minecraftServer: + eula: "TRUE" + version: LATEST + enableLanVisibility: false + serviceType: LoadBalancer + loadBalancerIP: ${CILIUM_LB_MINECRAFT1_ADDR} + externalTrafficPolicy: Cluster + onlineMode: false + gameMode: survival + # The world is ticked this many chunks away from any player. + tickDistance: 4 + # Max view distance (in chunks). + viewDistance: 10 + difficulty: peaceful + icon: https://www.freeiconspng.com/uploads/minecraft-server-icon-13.png + serverName: Thomas' Creative Server + levelName: world + # memory: 2048M + enableSSH: true + rcon: + enabled: false + extraVolumes: + - volumeMounts: + volumes: + - name: nfs + nfs: + server: 10.20.30.40 + path: /volume2/data/backup/kubernetes/mc-backup/minecraft-server-creative + postRenderers: + # Instruct helm-controller to use built-in "kustomize" post renderer. + - kustomize: + patchesJson6902: + - patch: + - op: add + path: /spec/template/spec/containers/- + value: + image: registry.eighty-three.me/tuxpeople/bedrockifier:rolling + imagePullPolicy: Always + name: backup + resources: {} + env: + - name: TZ + value: ${TIMEZONE} + volumeMounts: + - mountPath: /data + name: datadir + - mountPath: /backups + name: nfs + target: + kind: Deployment + name: minecraft-server-creative-minecraft-bedrock diff --git a/kubernetes/apps/games/minecraft-server/app/helmrelease-family.yaml b/kubernetes/apps/games/minecraft-server/app/helmrelease-family.yaml new file mode 100644 index 000000000..54bdc254a --- /dev/null +++ b/kubernetes/apps/games/minecraft-server/app/helmrelease-family.yaml @@ -0,0 +1,161 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app family-server +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: minecraft-bedrock + version: 2.8.0 + sourceRef: + kind: HelmRepository + name: minecraft-server-charts + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + persistence: + storageClass: csi-nfs + dataDir: + enabled: true + Size: 5Gi + resources: + requests: + cpu: 750m + memory: 750Mi + limits: + memory: 3Gi + livenessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 5 + failureThreshold: 10 + readinessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 5 + failureThreshold: 10 + startupProbe: + enabled: true + failureThreshold: 120 + periodSeconds: 10 + initialDelaySeconds: 120 + extraEnv: + ENABLE_AUTOPAUSE: false + BACKUP_NAME: *app + TZ: ${TIMEZONE} + podAnnotations: + configmap.reloader.stakater.com/reload: mc-backup-configmap + minecraftServer: + eula: "TRUE" + version: LATEST + enableLanVisibility: false + serviceType: LoadBalancer + loadBalancerIP: ${CILIUM_LB_MINECRAFT3_ADDR} + externalTrafficPolicy: Cluster + gameMode: survival + icon: https://www.freeiconspng.com/uploads/minecraft-server-icon-13.png + serverName: Thomas' Family Server + levelName: *app + # memory: 2048M + rcon: + enabled: false + extraVolumes: + - volumeMounts: + - name: nfs + mountPath: /backup/minecraft_backup + - name: mc-backup-volume + mountPath: /scripts/mc-backup.sh + subPath: mc-backup.sh + defaultMode: 0744 + readOnly: true + volumes: + - name: nfs + nfs: + server: 10.20.30.40 + path: /volume2/data/backup/kubernetes/minecraft_backup + - name: mc-backup-volume + configMap: + name: mc-backup-configmap + extraDeploy: + - | + apiVersion: batch/v1 + kind: CronJob + metadata: + name: {{ template "minecraft.fullname" . }}-backup + annotations: + kustomize.toolkit.fluxcd.io/substitute: disabled + spec: + schedule: "@hourly" + concurrencyPolicy: Forbid + successfulJobsHistoryLimit: 3 + failedJobsHistoryLimit: 3 + jobTemplate: + spec: + activeDeadlineSeconds: 60 + template: + spec: + serviceAccountName: backup-sa + containers: + - name: backup + image: registry.eighty-three.me/tuxpeople/kubernetes-kubectl:1.29.2 + command: + - /bin/bash + args: + - -c + - | + kubectl exec svc/{{ template "minecraft.fullname" . }} -- /usr/bin/bash -c "bash /scripts/mc-backup.sh" + echo "Convert backups to .mcworld files" + BASEDIR="/backup/minecraft_backup" + cd $BASEDIR + for ARCHIVE in $(find . -type f -name *.tar.gz); do + MYDIR=$(dirname $ARCHIVE) + MYNAME=$(basename $ARCHIVE .tar.gz) + cd $MYDIR + tar xzf $MYNAME.tar.gz && zip $MYNAME.mcworld $(tar tf $MYNAME.tar.gz | grep -v '\./$') && rm -rf -- $(tar tf $MYNAME.tar.gz | grep -v '\./$') + touch -r $MYNAME.tar.gz $MYNAME.mcworld + rm -f $MYNAME.tar.gz + stat --format="Created mcworld file: '%n', size: %s bytes" "$MYNAME.mcworld" + cd $BASEDIR + done + volumeMounts: + - name: nfs + mountPath: /backup/minecraft_backup + restartPolicy: OnFailure + volumes: + - name: nfs + nfs: + server: 10.20.30.40 + path: /volume2/data/backup/kubernetes/minecraft_backup + + # postRenderers: + # # Instruct helm-controller to use built-in "kustomize" post renderer. + # - kustomize: + # patchesJson6902: + # - patch: + # - op: add + # path: /spec/template/spec/containers/- + # value: + # image: itzg/mc-monitor:0.12.3 + # args: ["status-bedrock --host localhost"] + # imagePullPolicy: IfNotPresent + # name: mc-monitor + # resources: {} + # target: + # kind: Deployment + # name: minecraft-server-family-minecraft-bedrock diff --git a/kubernetes/apps/games/minecraft-server/app/helmrelease-insel.yaml b/kubernetes/apps/games/minecraft-server/app/helmrelease-insel.yaml new file mode 100644 index 000000000..00bace26c --- /dev/null +++ b/kubernetes/apps/games/minecraft-server/app/helmrelease-insel.yaml @@ -0,0 +1,151 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app minecraft-server-insel +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: minecraft-bedrock + version: 2.8.0 + sourceRef: + kind: HelmRepository + name: minecraft-server-charts + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + persistence: + storageClass: ${MAIN_SC} + dataDir: + enabled: true + Size: 5Gi + resources: + requests: + cpu: 750m + memory: 750Mi + limits: + memory: 3Gi + livenessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 5 + failureThreshold: 10 + readinessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 5 + failureThreshold: 10 + startupProbe: + enabled: true + failureThreshold: 120 + periodSeconds: 10 + initialDelaySeconds: 120 + extraEnv: + ENABLE_AUTOPAUSE: false + TZ: ${TIMEZONE} + # podAnnotations: + # configmap.reloader.stakater.com/reload: mc-backup-configmap + minecraftServer: + eula: "TRUE" + version: LATEST + enableLanVisibility: false + levelSeed: "-1671764914" + serviceType: LoadBalancer + loadBalancerIP: ${CILIUM_LB_MINECRAFT4_ADDR} + externalTrafficPolicy: Cluster + onlineMode: false + gameMode: creative + # The world is ticked this many chunks away from any player. + tickDistance: 8 + # Max view distance (in chunks). + viewDistance: 10 + difficulty: peaceful + icon: https://www.freeiconspng.com/uploads/minecraft-server-icon-13.png + serverName: Thomas' Insel Server + levelName: insel + # memory: 2048M + enableSSH: true + rcon: + enabled: false + extraVolumes: + - volumeMounts: + volumes: + - name: nfs + nfs: + server: 10.20.30.40 + path: /volume2/data/backup/kubernetes/mc-backup/test + - name: backup-config + configMap: + name: minecraft-server-insel-backup + extraDeploy: + - | + apiVersion: v1 + kind: ConfigMap + metadata: + name: minecraft-server-insel-backup + data: + config.yml: | + schedule: + onPlayerLogin: true + onPlayerLogout: true + minInterval: 1h + startupDelay: 5m + + trim: + trimDays: 2 + keepDays: 14 + minKeep: 2 + + containers: + bedrock: + - name: minecraft-server-insel + # The hostname here is the name of the service in the compose YML. + ssh: 127.0.0.1:2222 + # itzg writes out the password as yaml to the root of /data + passwordFile: /data/.remote-console.yaml + worlds: + - /data/worlds/insel + loggingLevel: debug + postRenderers: + # Instruct helm-controller to use built-in "kustomize" post renderer. + - kustomize: + patchesJson6902: + - patch: + - op: add + path: /spec/template/spec/containers/- + value: + image: registry.eighty-three.me/tuxpeople/bedrockifier:rolling + imagePullPolicy: Always + name: backup + resources: {} + env: + - name: TZ + value: ${TIMEZONE} + volumeMounts: + - mountPath: /data + name: datadir + - mountPath: /backups + name: nfs + - name: backup-config + mountPath: /backups/config.yml + subPath: config.yml + defaultMode: 0444 + readOnly: true + target: + kind: Deployment + name: minecraft-server-insel-minecraft-bedrock diff --git a/kubernetes/apps/games/minecraft-server/app/helmrelease-survival.yaml b/kubernetes/apps/games/minecraft-server/app/helmrelease-survival.yaml new file mode 100644 index 000000000..54b26a471 --- /dev/null +++ b/kubernetes/apps/games/minecraft-server/app/helmrelease-survival.yaml @@ -0,0 +1,143 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app minecraft-server-survival +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: minecraft-bedrock + version: 2.8.0 + sourceRef: + kind: HelmRepository + name: minecraft-server-charts + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + persistence: + storageClass: ${MAIN_SC} + dataDir: + enabled: true + Size: 5Gi + resources: + limits: + memory: 2Gi + livenessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 5 + failureThreshold: 10 + readinessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 5 + failureThreshold: 10 + startupProbe: + enabled: true + failureThreshold: 120 + periodSeconds: 10 + initialDelaySeconds: 120 + extraEnv: + ENABLE_AUTOPAUSE: false + BACKUP_NAME: *app + TZ: ${TIMEZONE} + podAnnotations: + configmap.reloader.stakater.com/reload: mc-backup-configmap + minecraftServer: + eula: "TRUE" + version: LATEST + enableLanVisibility: false + serviceType: LoadBalancer + loadBalancerIP: ${CILIUM_LB_MINECRAFT2_ADDR} + externalTrafficPolicy: Cluster + gameMode: survival + # One of: peaceful, easy, normal, and hard + difficulty: peaceful + icon: https://www.freeiconspng.com/uploads/minecraft-server-icon-13.png + serverName: Thomas' Survival Server + levelName: world + # memory: 2048M + rcon: + enabled: false + extraVolumes: + - volumeMounts: + - name: nfs + mountPath: /backup/minecraft_backup + - name: mc-backup-volume + mountPath: /scripts/mc-backup.sh + subPath: mc-backup.sh + defaultMode: 0744 + readOnly: true + volumes: + - name: nfs + nfs: + server: 10.20.30.40 + path: /volume2/data/backup/kubernetes/minecraft_backup + - name: mc-backup-volume + configMap: + name: mc-backup-configmap + extraDeploy: + - |- + apiVersion: batch/v1 + kind: CronJob + metadata: + name: {{ template "minecraft.fullname" . }}-backup + annotations: + kustomize.toolkit.fluxcd.io/substitute: disabled + spec: + schedule: "@hourly" + concurrencyPolicy: Forbid + successfulJobsHistoryLimit: 3 + failedJobsHistoryLimit: 3 + jobTemplate: + spec: + activeDeadlineSeconds: 60 + template: + spec: + serviceAccountName: backup-sa + containers: + - name: backup + image: registry.eighty-three.me/tuxpeople/kubernetes-kubectl:1.29.2 + command: + - /bin/bash + args: + - -c + - | + kubectl exec svc/{{ template "minecraft.fullname" . }} -- /usr/bin/bash -c "bash /scripts/mc-backup.sh" + echo "Convert backups to .mcworld files" + BASEDIR="/backup/minecraft_backup" + cd $BASEDIR + for ARCHIVE in $(find . -type f -name *.tar.gz); do + MYDIR=$(dirname $ARCHIVE) + MYNAME=$(basename $ARCHIVE .tar.gz) + cd $MYDIR + tar xzf $MYNAME.tar.gz && zip $MYNAME.mcworld $(tar tf $MYNAME.tar.gz | grep -v '\./$') && rm -rf -- $(tar tf $MYNAME.tar.gz | grep -v '\./$') + touch -r $MYNAME.tar.gz $MYNAME.mcworld + rm -f $MYNAME.tar.gz + stat --format="Created mcworld file: '%n', size: %s bytes" "$MYNAME.mcworld" + cd $BASEDIR + done + volumeMounts: + - name: nfs + mountPath: /backup/minecraft_backup + restartPolicy: OnFailure + volumes: + - name: nfs + nfs: + server: 10.20.30.40 + path: /volume2/data/backup/kubernetes/minecraft_backup diff --git a/kubernetes/apps/games/minecraft-server/app/kustomization.yaml b/kubernetes/apps/games/minecraft-server/app/kustomization.yaml new file mode 100644 index 000000000..e8cc726ed --- /dev/null +++ b/kubernetes/apps/games/minecraft-server/app/kustomization.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: games +resources: + - ./helmrelease-creative.yaml + # - ./helmrelease-family.yaml + # - ./helmrelease-survival.yaml + - ./helmrelease-insel.yaml + - ./monitoring.yaml + - ./backup-sa.yaml + +configMapGenerator: + - name: mc-backup-configmap + files: + - ./mc-backup.sh +generatorOptions: + disableNameSuffixHash: true + annotations: + kustomize.toolkit.fluxcd.io/substitute: disabled diff --git a/kubernetes/apps/games/minecraft-server/app/mc-backup.sh b/kubernetes/apps/games/minecraft-server/app/mc-backup.sh new file mode 100644 index 000000000..96c913291 --- /dev/null +++ b/kubernetes/apps/games/minecraft-server/app/mc-backup.sh @@ -0,0 +1,159 @@ +#!//usr/bin/bash +# based on https://github.com/mikenye/docker-minecraft_bedrock_server/blob/main/rootfs/usr/local/bin/run_backup + +# bonus features on, needed to find the Minecraft server PID +shopt -s extglob + +# assure this is a Bedrock image +if [ -f /opt/bedrock-entry.sh ] ; then + SERVER_TYPE="bedrock_server" +else + echo "Currently only Bedrock is supported" + exit 1 +fi + +# Set defaults if not given via ENV vars +[ -z "${BACKUP_FOLDER}" ] && BACKUP_FOLDER="/backup/minecraft_backup" +[ -z "${BACKUP_NAME}" ] && BACKUP_NAME="$(hostname)" + +# Set some variables +DATA_DIR="/data" +SERVER_PID=$(echo `grep -l ${SERVER_TYPE} /proc/+([0-9])/cmdline` | cut -d'/' -f3) +BACKUP_DATETIME=$(date +%Y%m%d-%H%M%S) +BACKUP_DIR="${BACKUP_FOLDER}/${BACKUP_NAME:-$(hostname)}" + +# Some checks +[ -z "${SERVER_PID}" ] && exit 1 +[ -z "${BACKUP_DIR}" ] && exit 1 + +sendcommand(){ + echo "$@" > /proc/${SERVER_PID}/fd/0 + if [ $? -eq 0 ]; then + echo "Successfully sent command $@ to server" + else + echo "Sending command $@ to server failed." + fi +} + +# Ready, steady, go! +echo "Starting with the backup" + +# Cleanup old temp files +rm -f /tmp/mc-backup.* + +# create temporary file for server output +TMPFILE=$(mktemp /tmp/mc-backup.XXXXXX) + +# Write the stdout of the pocess into the temporary file +# Start it as background process +cat /proc/${SERVER_PID}/fd/1 > ${TMPFILE} || exit 1 & + +# Save cat PID and all childs, to kill it later +# Kudos: https://unix.stackexchange.com/a/124131 +pid=$! +CAT_PID=$(grep -l "PPid.*$$" /proc/*/status | grep -o "[0-9]*" + for PROC in $(cat /proc/$pid/task/*/children); do + CAT_PID="$PROC $CAT_PID $(cat /proc/$PROC/task/*/children)" + done + printf '%s ' $CAT_PID) + +# Start backup with performing a save resume in case of previously failed backup +sendcommand save resume || exit 1 + +# Little break, just in case +sleep 5 + +# Trigger a backup by writing save hold into server's stdin +echo "Placing server into 'save hold'..." +sendcommand save hold || exit 1 + +# Continously wait for backup to be ready using save query every 2 seconds and read the console's reaction +echo "Repeatedly querying the server to see if the files are ready for backup..." +EXITCODE=1 +while [ "${EXITCODE}" -ne "0" ]; do + sendcommand save query || exit 1 + grep "Data saved. Files are now ready to be copied." ${TMPFILE} > /dev/null 2>&1 + EXITCODE=$? + sleep 2 +done + +echo "Server is now in 'save hold', performing backup..." + +# Little break, just in case +sleep 2 + +# Get files needed for backup +FILES_TO_BACKUP=$(grep -a -A 1 "Data saved. Files are now ready to be copied." ${TMPFILE} | tail -1 | cut -d "]" -f 2- | sed 's/^ *//g') + +# Kill background process to listen to the stdout of the server, as we do not longer need it +kill $CAT_PID >/dev/null 2>&1 + +# delete temp file +rm ${TMPFILE} + +# Set inter-field separator +IFS=',' + +# Prepare array +read -ra BACKUP_LIST <<< "$FILES_TO_BACKUP" + +# checks +[ -z "${BACKUP_LIST}" ] && exit 1 + +# Loop through the list of files +for i in "${BACKUP_LIST[@]}"; do + + i=$(echo "$i" | sed 's/^ *//g' | sed 's/\r//g') + + # For each entry given, get the path, file and offset + WORLD_DIR=$(echo "$i" | cut -d '/' -f 1) + WORLD_FILE=$(basename "$(echo "$i" | cut -d ':' -f 1)") + WORLD_FILE_OFFSET=$(echo "$i" | cut -d ':' -f 2) + + # Create backup directory + BACKUP_DESTINATION="${BACKUP_DIR}/${WORLD_DIR}/${BACKUP_DATETIME}" + mkdir -p "${BACKUP_DESTINATION}" + + # Copy specified backup files into backup dir & truncate files to specified offset + cd "${DATA_DIR}/worlds/${WORLD_DIR}" || exit 1 + find . \ + -type f \ + -name "${WORLD_FILE}" \ + -print0 | while read -r -d $'\0' file + do + # shellcheck disable=SC2001 + file=$(echo "${file}" | sed "s|^\./||") + mkdir -p "$(dirname "${BACKUP_DESTINATION}/${file}")" + cp "./${file}" "${BACKUP_DESTINATION}/${file}" + truncate -s "$WORLD_FILE_OFFSET" "${BACKUP_DESTINATION}/${file}" + done + + # Also copy settings, whitelist and permissions for this point in time + # cp "${DATA_DIR}/server.properties" "${BACKUP_DESTINATION}/server.properties" + # cp "${DATA_DIR}/whitelist.json" "${BACKUP_DESTINATION}/whitelist.json" + # cp "${DATA_DIR}/permissions.json" "${BACKUP_DESTINATION}/permissions.json" + +done + +# Release system from backup +echo "Releasing server from 'save hold'..." +sendcommand save resume || exit 1 + +# Compress backup +echo "Compressing backup..." +cd "${BACKUP_DIR}/${WORLD_DIR}" || exit 1 +tar -C "${BACKUP_DATETIME}" -czvf "${BACKUP_DATETIME}.tar.gz" . | stdbuf -o0 awk '{print " + " $0}' + +# Delete old backups +echo "Deleting older backups" +ls -tp | grep -v '/$' | tail -n +6 | tr '\n' '\0' | xargs -0 rm -- + +# Clean up files now they're compressed +echo "Removing temporary files..." +rm -r "${BACKUP_DIR}/${WORLD_DIR}/${BACKUP_DATETIME}" + +# Show backup file info +stat --format="Created backup file: '%n', size: %s bytes" "${BACKUP_DIR}/${WORLD_DIR}/${BACKUP_DATETIME}.tar.gz" + +# Finished +echo "Backup Finished" diff --git a/kubernetes/apps/games/minecraft-server/app/monitoring.yaml b/kubernetes/apps/games/minecraft-server/app/monitoring.yaml new file mode 100755 index 000000000..3cb8a4c59 --- /dev/null +++ b/kubernetes/apps/games/minecraft-server/app/monitoring.yaml @@ -0,0 +1,709 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mc-monitor + labels: + app: mc-monitor +spec: + replicas: 1 + template: + metadata: + name: mc-monitor + labels: + app: mc-monitor + spec: + containers: + - name: main + image: itzg/mc-monitor + env: + - name: DEBUG + value: "true" + - name: EXPORT_BEDROCK_SERVERS + value: minecraft-server-creative-minecraft-bedrock,minecraft-server-survival-minecraft-bedrock + args: + - export-for-prometheus + restartPolicy: Always + selector: + matchLabels: + app: mc-monitor +--- +apiVersion: v1 +kind: Service +metadata: + name: mc-monitor + labels: + app: mc-monitor +spec: + selector: + app: mc-monitor + ports: + - name: monitoring + port: 8080 +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: mc-monitor + labels: + app: mc-monitor +spec: + selector: + matchLabels: + app: mc-monitor + endpoints: + - port: monitoring + interval: 30s + scrapeTimeout: 10s + path: /metrics +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: minecraft-dashboard + labels: + grafana_dashboard: "1" + app: mc-monitor + annotations: + grafana_folder: Games +data: + minecraft-dashboard.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 3, + "panels": [], + "title": "Overall Status", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "color-background" + }, + "inspect": false + }, + "mappings": [ + { + "options": { + "0": { + "color": "dark-red", + "index": 0, + "text": "Unealthy" + }, + "1": { + "color": "dark-green", + "index": 1, + "text": "Healthy" + } + }, + "type": "value" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 24, + "x": 0, + "y": 1 + }, + "id": 8, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "10.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "disableTextWrap": false, + "editorMode": "code", + "exemplar": false, + "expr": "max(minecraft_status_healthy) by (server_edition, server_version, server_host)", + "format": "table", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": true, + "legendFormat": "", + "range": false, + "refId": "A", + "useBackend": false + } + ], + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "indexByName": { + "Time": 1, + "Value": 0, + "server_edition": 2, + "server_host": 4, + "server_port": 5, + "server_version": 3 + }, + "renameByName": { + "Value": "Health", + "server_edition": "Edition", + "server_host": "Server", + "server_version": "Version" + } + } + }, + { + "id": "convertFieldType", + "options": { + "conversions": [ + { + "destinationType": "string", + "targetField": "Healthy" + } + ], + "fields": {} + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 6 + }, + "id": 4, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "minecraft_status_players_online_count", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{server_host}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Number of players currently online", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 6 + }, + "id": 5, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "minecraft_status_response_time_seconds", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{server_host}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Amount of time it took for server to respond", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 14 + }, + "id": 2, + "panels": [], + "repeat": "server_name", + "repeatDirection": "h", + "title": "Status of $server_name", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 15 + }, + "id": 6, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "minecraft_status_players_online_count{server_host=\"$server_name\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "Number of players currently online", + "range": true, + "refId": "A", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "minecraft_status_players_max_count{server_host=\"$server_name\"}", + "fullMetaSearch": false, + "hide": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "Maximum number of players allowed by the server", + "range": true, + "refId": "B", + "useBackend": false + } + ], + "title": "Players online", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 15 + }, + "id": 7, + "options": { + "legend": { + "calcs": [ + "max", + "min", + "mean" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "minecraft_status_response_time_seconds{server_host=\"$server_name\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "Amount of time it took for server to respond", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Server response time", + "type": "timeseries" + } + ], + "refresh": "", + "schemaVersion": 38, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": true, + "text": [ + "minecraft-server-creative-minecraft-bedrock", + "minecraft-server-survival-minecraft-bedrock" + ], + "value": [ + "minecraft-server-creative-minecraft-bedrock", + "minecraft-server-survival-minecraft-bedrock" + ] + }, + "definition": "label_values(minecraft_status_healthy,server_host)", + "hide": 0, + "includeAll": true, + "label": "Minecraft Server", + "multi": true, + "name": "server_name", + "options": [], + "query": { + "query": "label_values(minecraft_status_healthy,server_host)", + "refId": "PrometheusVariableQueryEditor-VariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Minecraft Servers", + "version": 0, + "weekStart": "" + } diff --git a/kubernetes/apps/games/minecraft-server/ks.dis b/kubernetes/apps/games/minecraft-server/ks.dis new file mode 100644 index 000000000..f212b5764 --- /dev/null +++ b/kubernetes/apps/games/minecraft-server/ks.dis @@ -0,0 +1,25 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app minecraft-server + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: games + dependsOn: + - name: csi-driver-nfs + - name: cilium-config + - name: ${STORAGE_KUST} + path: ./kubernetes/apps/games/minecraft-server/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/games/namespace.yaml b/kubernetes/apps/games/namespace.yaml new file mode 100644 index 000000000..e6b443387 --- /dev/null +++ b/kubernetes/apps/games/namespace.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: games + annotations: + volsync.backube/privileged-movers: "true" + labels: + kustomize.toolkit.fluxcd.io/prune: disabled + goldilocks.fairwinds.com/enabled: "true" diff --git a/kubernetes/apps/kube-system/cilium/app/helm-values.yaml b/kubernetes/apps/kube-system/cilium/app/helm-values.yaml new file mode 100644 index 000000000..cadf78a6d --- /dev/null +++ b/kubernetes/apps/kube-system/cilium/app/helm-values.yaml @@ -0,0 +1,57 @@ +--- +autoDirectNodeRoutes: true +bpf: + masquerade: false +cgroup: + automount: + enabled: false + hostRoot: /sys/fs/cgroup +cluster: + id: 1 + name: talos-test +cni: + exclusive: false +containerRuntime: + integration: containerd +# NOTE: devices might need to be set if you have more than one active NIC on your hosts +# devices: eno+ eth+ +endpointRoutes: + enabled: true +hubble: + enabled: false +ipam: + mode: kubernetes +ipv4NativeRoutingCIDR: 10.69.0.0/16 +k8sServiceHost: 127.0.0.1 +k8sServicePort: 7445 +kubeProxyReplacement: true +kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256 +l2announcements: + enabled: true +loadBalancer: + algorithm: maglev + mode: snat +localRedirectPolicy: true +operator: + replicas: 1 + rollOutPods: true +rollOutCiliumPods: true +routingMode: native +securityContext: + capabilities: + ciliumAgent: + - CHOWN + - KILL + - NET_ADMIN + - NET_RAW + - IPC_LOCK + - SYS_ADMIN + - SYS_RESOURCE + - DAC_OVERRIDE + - FOWNER + - SETGID + - SETUID + cleanCiliumState: + - NET_ADMIN + - SYS_ADMIN + - SYS_RESOURCE diff --git a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml new file mode 100644 index 000000000..28186781e --- /dev/null +++ b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml @@ -0,0 +1,74 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cilium +spec: + interval: 30m + chart: + spec: + chart: cilium + version: 1.15.5 + sourceRef: + kind: HelmRepository + name: cilium + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + valuesFrom: + - kind: ConfigMap + name: cilium-helm-values + values: + hubble: + enabled: true + metrics: + enabled: + - dns:query + - drop + - tcp + - flow + - port-distribution + - icmp + - http + serviceMonitor: + enabled: true + dashboards: + enabled: true + annotations: + grafana_folder: Cilium + relay: + enabled: true + rollOutPods: true + prometheus: + serviceMonitor: + enabled: true + ui: + enabled: true + rollOutPods: true + ingress: + enabled: true + className: internal + hosts: ["hubble-test.${SECRET_DOMAIN}"] + operator: + prometheus: + enabled: true + serviceMonitor: + enabled: true + dashboards: + enabled: true + annotations: + grafana_folder: Cilium + prometheus: + enabled: true + serviceMonitor: + enabled: true + trustCRDsExist: true + dashboards: + enabled: true + annotations: + grafana_folder: Cilium diff --git a/kubernetes/apps/kube-system/cilium/app/kustomization.yaml b/kubernetes/apps/kube-system/cilium/app/kustomization.yaml new file mode 100644 index 000000000..b4f3860b0 --- /dev/null +++ b/kubernetes/apps/kube-system/cilium/app/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml +configMapGenerator: + - name: cilium-helm-values + files: + - values.yaml=./helm-values.yaml +configurations: + - kustomizeconfig.yaml diff --git a/kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml b/kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml new file mode 100644 index 000000000..58f92ba15 --- /dev/null +++ b/kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml @@ -0,0 +1,7 @@ +--- +nameReference: + - kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease diff --git a/kubernetes/apps/kube-system/cilium/config/cilium-l2.yaml b/kubernetes/apps/kube-system/cilium/config/cilium-l2.yaml new file mode 100644 index 000000000..5ccd4679a --- /dev/null +++ b/kubernetes/apps/kube-system/cilium/config/cilium-l2.yaml @@ -0,0 +1,26 @@ +--- +# https://docs.cilium.io/en/latest/network/l2-announcements +apiVersion: cilium.io/v2alpha1 +kind: CiliumL2AnnouncementPolicy +metadata: + name: l2-policy +spec: + loadBalancerIPs: true + externalIPs: true + # NOTE: interfaces might need to be set if you have more than one active NIC on your hosts + interfaces: + - ^eno[0-9]+ + - ^eth[0-9]+ + - ^ens[0-9]+ + nodeSelector: + matchLabels: + kubernetes.io/os: linux +--- +apiVersion: cilium.io/v2alpha1 +kind: CiliumLoadBalancerIPPool +metadata: + name: l2-pool +spec: + allowFirstLastIPs: "Yes" + blocks: + - cidr: "${CILIUM_LB_RANGE}" diff --git a/kubernetes/apps/kube-system/cilium/config/kustomization.yaml b/kubernetes/apps/kube-system/cilium/config/kustomization.yaml new file mode 100644 index 000000000..f68996538 --- /dev/null +++ b/kubernetes/apps/kube-system/cilium/config/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./cilium-l2.yaml diff --git a/kubernetes/apps/kube-system/cilium/ks.yaml b/kubernetes/apps/kube-system/cilium/ks.yaml new file mode 100644 index 000000000..dbcf6bbbd --- /dev/null +++ b/kubernetes/apps/kube-system/cilium/ks.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app cilium + namespace: flux-system +spec: + targetNamespace: kube-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/kube-system/cilium/app + prune: false # never should be deleted + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app cilium-config + namespace: flux-system +spec: + targetNamespace: kube-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: cilium + path: ./kubernetes/apps/kube-system/cilium/config + prune: false # never should be deleted + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/kube-system/container-object-storage-interface/app/kustomization.yaml b/kubernetes/apps/kube-system/container-object-storage-interface/app/kustomization.yaml new file mode 100644 index 000000000..dacc5199a --- /dev/null +++ b/kubernetes/apps/kube-system/container-object-storage-interface/app/kustomization.yaml @@ -0,0 +1,11 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +resources: + - https://github.com/kubernetes-sigs/container-object-storage-interface-api + - https://github.com/kubernetes-sigs/container-object-storage-interface-controller +images: + - name: gcr.io/k8s-staging-sig-storage/objectstorage-controller + newTag: v20240502-v0.1.2-alpha1-8-g7e7b773 diff --git a/kubernetes/apps/kube-system/container-object-storage-interface/ks.dis b/kubernetes/apps/kube-system/container-object-storage-interface/ks.dis new file mode 100644 index 000000000..aca7ea43a --- /dev/null +++ b/kubernetes/apps/kube-system/container-object-storage-interface/ks.dis @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app container-object-storage-interface + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: kube-system + path: ./kubernetes/apps/kube-system/container-object-storage-interface/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/kube-system/coredns/app/helm-values.yaml b/kubernetes/apps/kube-system/coredns/app/helm-values.yaml new file mode 100644 index 000000000..22da02986 --- /dev/null +++ b/kubernetes/apps/kube-system/coredns/app/helm-values.yaml @@ -0,0 +1,50 @@ +--- +fullnameOverride: coredns +k8sAppLabelOverride: kube-dns +serviceAccount: + create: true +service: + name: kube-dns + clusterIP: "10.96.0.10" +servers: + - zones: + - zone: . + scheme: dns:// + use_tcp: true + port: 53 + plugins: + - name: errors + - name: health + configBlock: |- + lameduck 5s + - name: ready + - name: log + configBlock: |- + class error + - name: prometheus + parameters: 0.0.0.0:9153 + - name: kubernetes + parameters: cluster.local in-addr.arpa ip6.arpa + configBlock: |- + pods insecure + fallthrough in-addr.arpa ip6.arpa + - name: forward + parameters: . /etc/resolv.conf + - name: cache + parameters: 30 + - name: loop + - name: reload + - name: loadbalance +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists +tolerations: + - key: CriticalAddonsOnly + operator: Exists + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule diff --git a/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml b/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml new file mode 100644 index 000000000..eb6cd2f9a --- /dev/null +++ b/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: coredns +spec: + interval: 30m + chart: + spec: + chart: coredns + version: 1.30.0 + sourceRef: + kind: HelmRepository + name: coredns + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + valuesFrom: + - kind: ConfigMap + name: coredns-helm-values diff --git a/kubernetes/apps/kube-system/coredns/app/kustomization.yaml b/kubernetes/apps/kube-system/coredns/app/kustomization.yaml new file mode 100644 index 000000000..691355b56 --- /dev/null +++ b/kubernetes/apps/kube-system/coredns/app/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml +configMapGenerator: + - name: coredns-helm-values + files: + - values.yaml=./helm-values.yaml +configurations: + - kustomizeconfig.yaml diff --git a/kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml b/kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml new file mode 100644 index 000000000..58f92ba15 --- /dev/null +++ b/kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml @@ -0,0 +1,7 @@ +--- +nameReference: + - kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease diff --git a/kubernetes/apps/kube-system/coredns/ks.yaml b/kubernetes/apps/kube-system/coredns/ks.yaml new file mode 100644 index 000000000..cec4bfef0 --- /dev/null +++ b/kubernetes/apps/kube-system/coredns/ks.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app coredns + namespace: flux-system +spec: + targetNamespace: kube-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/kube-system/coredns/app + prune: false # never should be deleted + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/kube-system/descheduler/app/helmrelease.yaml b/kubernetes/apps/kube-system/descheduler/app/helmrelease.yaml new file mode 100644 index 000000000..6f34bef02 --- /dev/null +++ b/kubernetes/apps/kube-system/descheduler/app/helmrelease.yaml @@ -0,0 +1,104 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: descheduler + namespace: kube-system +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: descheduler + version: 0.30.0 + sourceRef: + kind: HelmRepository + name: kubernetes-sigs-descheduler-charts + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + replicas: 1 + kind: Deployment + deschedulerPolicyAPIVersion: descheduler/v1alpha2 + deschedulerPolicy: + profiles: + - name: ProfileName + pluginConfig: + - name: DefaultEvictor + args: + evictSystemCriticalPods: true + evictFailedBarePods: true + evictLocalStoragePods: true + - name: RemovePodsHavingTooManyRestarts + args: + podRestartThreshold: 5 + includingInitContainers: true + - name: RemovePodsViolatingTopologySpreadConstraint + args: + constraints: + - DoNotSchedule + - name: PodLifeTime + args: + states: + - Pending + - PodInitializing + - ContainerCreating + maxPodLifeTimeSeconds: 300 + - name: RemoveFailedPods + args: + excludeOwnerKinds: + - Job + includingInitContainers: true + minPodLifetimeSeconds: 300 + - name: RemoveDuplicates + args: + namespaces: + exclude: + - k10 + - name: RemovePodsViolatingNodeTaints + - name: RemovePodsViolatingNodeAffinity + args: + nodeAffinityType: + - requiredDuringSchedulingIgnoredDuringExecution + - name: RemovePodsViolatingInterPodAntiAffinity + - name: LowNodeUtilization + args: + thresholds: + cpu: 20 + memory: 20 + targetThresholds: + cpu: 80 + memory: 80 + plugins: + balance: + enabled: + - RemoveDuplicates + - LowNodeUtilization + - RemovePodsViolatingTopologySpreadConstraint + deschedule: + enabled: + - PodLifeTime + - RemoveFailedPods + - RemovePodsViolatingNodeTaints + - RemovePodsViolatingNodeAffinity + - RemovePodsHavingTooManyRestarts + - RemovePodsViolatingInterPodAntiAffinity + service: + enabled: true + serviceMonitor: + enabled: true + # leaderElection: + # enabled: true diff --git a/kubernetes/apps/kube-system/descheduler/app/kustomization.yaml b/kubernetes/apps/kube-system/descheduler/app/kustomization.yaml new file mode 100644 index 000000000..a09cef314 --- /dev/null +++ b/kubernetes/apps/kube-system/descheduler/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/kube-system/descheduler/ks.yaml b/kubernetes/apps/kube-system/descheduler/ks.yaml new file mode 100644 index 000000000..360ff7d9b --- /dev/null +++ b/kubernetes/apps/kube-system/descheduler/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app descheduler + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: kube-system + path: ./kubernetes/apps/kube-system/descheduler/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/kube-system/kube-vip/app/daemonset.yaml b/kubernetes/apps/kube-system/kube-vip/app/daemonset.yaml new file mode 100644 index 000000000..bd403c35b --- /dev/null +++ b/kubernetes/apps/kube-system/kube-vip/app/daemonset.yaml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kube-vip + namespace: kube-system + labels: + app.kubernetes.io/name: kube-vip +spec: + selector: + matchLabels: + app.kubernetes.io/name: kube-vip + template: + metadata: + labels: + app.kubernetes.io/name: kube-vip + spec: + containers: + - name: kube-vip + image: ghcr.io/kube-vip/kube-vip:v0.8.0 + imagePullPolicy: IfNotPresent + args: ["manager"] + env: + - name: address + value: "${KUBE_VIP_ADDR}" + - name: vip_arp + value: "true" + - name: lb_enable + value: "true" + - name: port + value: "6443" + - name: vip_cidr + value: "32" + - name: cp_enable + value: "true" + - name: cp_namespace + value: kube-system + - name: vip_ddns + value: "false" + - name: svc_enable + value: "false" + - name: vip_leaderelection + value: "true" + - name: vip_leaseduration + value: "15" + - name: vip_renewdeadline + value: "10" + - name: vip_retryperiod + value: "2" + - name: prometheus_server + value: :2112 + securityContext: + capabilities: + add: ["NET_ADMIN", "NET_RAW", "SYS_TIME"] + hostAliases: + - hostnames: + - kubernetes + ip: 127.0.0.1 + hostNetwork: true + serviceAccountName: kube-vip + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists diff --git a/kubernetes/apps/kube-system/kube-vip/app/kustomization.yaml b/kubernetes/apps/kube-system/kube-vip/app/kustomization.yaml new file mode 100644 index 000000000..1217ed4e7 --- /dev/null +++ b/kubernetes/apps/kube-system/kube-vip/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./rbac.yaml + - ./daemonset.yaml diff --git a/kubernetes/apps/kube-system/kube-vip/app/rbac.yaml b/kubernetes/apps/kube-system/kube-vip/app/rbac.yaml new file mode 100644 index 000000000..99916d3e9 --- /dev/null +++ b/kubernetes/apps/kube-system/kube-vip/app/rbac.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kube-vip + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + name: system:kube-vip-role +rules: + - apiGroups: [""] + resources: ["services/status"] + verbs: ["update"] + - apiGroups: [""] + resources: ["services", "endpoints"] + verbs: ["list", "get", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list", "get", "watch", "update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["list", "get", "watch", "update", "create"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["list", "get", "watch", "update"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:kube-vip-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:kube-vip-role +subjects: + - kind: ServiceAccount + name: kube-vip + namespace: kube-system diff --git a/kubernetes/apps/kube-system/kube-vip/ks.dis b/kubernetes/apps/kube-system/kube-vip/ks.dis new file mode 100644 index 000000000..50f674356 --- /dev/null +++ b/kubernetes/apps/kube-system/kube-vip/ks.dis @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app kube-vip + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: kube-system + path: ./kubernetes/apps/kube-system/kube-vip/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yaml b/kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yaml new file mode 100644 index 000000000..67bd17346 --- /dev/null +++ b/kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yaml @@ -0,0 +1,3 @@ +--- +providerRegex: ^(talos-test01|talos-test02|talos-test03|talos-test04)$ +bypassDnsResolution: true diff --git a/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml b/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml new file mode 100644 index 000000000..0c14465d2 --- /dev/null +++ b/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: kubelet-csr-approver +spec: + interval: 30m + chart: + spec: + chart: kubelet-csr-approver + version: 1.2.1 + sourceRef: + kind: HelmRepository + name: postfinance + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + valuesFrom: + - kind: ConfigMap + name: kubelet-csr-approver-helm-values + values: + metrics: + enable: true + serviceMonitor: + enabled: true diff --git a/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml b/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml new file mode 100644 index 000000000..30dddafcb --- /dev/null +++ b/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml +configMapGenerator: + - name: kubelet-csr-approver-helm-values + files: + - values.yaml=./helm-values.yaml +configurations: + - kustomizeconfig.yaml diff --git a/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml b/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml new file mode 100644 index 000000000..58f92ba15 --- /dev/null +++ b/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml @@ -0,0 +1,7 @@ +--- +nameReference: + - kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease diff --git a/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml b/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml new file mode 100644 index 000000000..936bac645 --- /dev/null +++ b/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app kubelet-csr-approver + namespace: flux-system +spec: + targetNamespace: kube-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/kube-system/kubelet-csr-approver/app + prune: false # never should be deleted + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/kube-system/kubernetes-replicator/app/helmrelease.yaml b/kubernetes/apps/kube-system/kubernetes-replicator/app/helmrelease.yaml new file mode 100644 index 000000000..f554b24b3 --- /dev/null +++ b/kubernetes/apps/kube-system/kubernetes-replicator/app/helmrelease.yaml @@ -0,0 +1,31 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app kubernetes-replicator +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: *app + version: 2.9.2 + sourceRef: + kind: HelmRepository + name: mittwald-charts + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: diff --git a/kubernetes/apps/kube-system/kubernetes-replicator/app/kustomization.yaml b/kubernetes/apps/kube-system/kubernetes-replicator/app/kustomization.yaml new file mode 100644 index 000000000..a09cef314 --- /dev/null +++ b/kubernetes/apps/kube-system/kubernetes-replicator/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/kube-system/kubernetes-replicator/ks.yaml b/kubernetes/apps/kube-system/kubernetes-replicator/ks.yaml new file mode 100644 index 000000000..798296234 --- /dev/null +++ b/kubernetes/apps/kube-system/kubernetes-replicator/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app kubernetes-replicator + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: kube-system + path: ./kubernetes/apps/kube-system/kubernetes-replicator/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/kube-system/kured/app/helmrelease.yaml b/kubernetes/apps/kube-system/kured/app/helmrelease.yaml new file mode 100644 index 000000000..4fbc5f0eb --- /dev/null +++ b/kubernetes/apps/kube-system/kured/app/helmrelease.yaml @@ -0,0 +1,43 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: kured + namespace: &namespace kube-system +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: kured + version: 5.4.5 + sourceRef: + kind: HelmRepository + name: kubereboot + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + updateStrategy: RollingUpdate + configuration: + timeZone: ${TIMEZONE} + notifyUrl: ${SECRET_ALERT_MANAGER_DISCORD_WEBHOOK} + messageTemplateDrain: Draining node %s + messageTemplateReboot: Rebooted node %s + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + metrics: + create: true diff --git a/kubernetes/apps/kube-system/kured/app/kustomization.yaml b/kubernetes/apps/kube-system/kured/app/kustomization.yaml new file mode 100644 index 000000000..ffab534ad --- /dev/null +++ b/kubernetes/apps/kube-system/kured/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +resources: + - ./helmrelease.yaml + - ./prometheusrule.yaml diff --git a/kubernetes/apps/kube-system/kured/app/prometheusrule.yaml b/kubernetes/apps/kube-system/kured/app/prometheusrule.yaml new file mode 100644 index 000000000..7f61bfc86 --- /dev/null +++ b/kubernetes/apps/kube-system/kured/app/prometheusrule.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + prometheus: kube-prometheus-stack-prometheus + role: alert-rules + name: kured-rules + namespace: kube-system +spec: + groups: + - name: kured.rules + rules: + - alert: RebootRequired + annotations: + description: Node(s) require a manual reboot + summary: Reboot daemon has failed to do so for 24 hours + expr: max(kured_reboot_required) != 0 + for: 24h + labels: + severity: warning + - alert: RebootScheduled + annotations: + description: Node Reboot Scheduled + summary: Node {{$labels.node}} has been scheduled to reboot + expr: kured_reboot_required > 0 + for: 5m + labels: + severity: warning diff --git a/kubernetes/apps/kube-system/kured/ks.yaml b/kubernetes/apps/kube-system/kured/ks.yaml new file mode 100644 index 000000000..a6a2c3e29 --- /dev/null +++ b/kubernetes/apps/kube-system/kured/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app kured + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: kube-system + path: ./kubernetes/apps/kube-system/kured/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/kube-system/kustomization.yaml b/kubernetes/apps/kube-system/kustomization.yaml new file mode 100644 index 000000000..7a71f70fd --- /dev/null +++ b/kubernetes/apps/kube-system/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./namespace.yaml + - ./cilium/ks.yaml + - ./coredns/ks.yaml + - ./metrics-server/ks.yaml + - ./reloader/ks.yaml + - ./kubelet-csr-approver/ks.yaml + - ./spegel/ks.yaml diff --git a/kubernetes/apps/kube-system/local-path-provisioner/app/helmrelease.yaml b/kubernetes/apps/kube-system/local-path-provisioner/app/helmrelease.yaml new file mode 100644 index 000000000..7d0c49461 --- /dev/null +++ b/kubernetes/apps/kube-system/local-path-provisioner/app/helmrelease.yaml @@ -0,0 +1,76 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: local-path-provisioner + namespace: kube-system +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: ./deploy/chart/local-path-provisioner + sourceRef: + kind: GitRepository + name: local-path-provisioner + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + helperImage: + repository: public.ecr.aws/docker/library/busybox + tag: latest + storageClass: + defaultClass: false + nodePathMap: + - node: DEFAULT_PATH_FOR_NON_LISTED_NODES + paths: [/var/lib/rancher/k3s/storage] + # NOTE: Do not enable Flux variable substitution on this HelmRelease + configmap: + setup: |- + #!/bin/sh + while getopts "m:s:p:" opt + do + case $opt in + p) + absolutePath=$OPTARG + ;; + s) + sizeInBytes=$OPTARG + ;; + m) + volMode=$OPTARG + ;; + esac + done + mkdir -m 0777 -p ${absolutePath} + chmod 701 ${absolutePath}/.. + teardown: |- + #!/bin/sh + while getopts "m:s:p:" opt + do + case $opt in + p) + absolutePath=$OPTARG + ;; + s) + sizeInBytes=$OPTARG + ;; + m) + volMode=$OPTARG + ;; + esac + done + rm -rf ${absolutePath} diff --git a/kubernetes/apps/kube-system/local-path-provisioner/app/kustomization.yaml b/kubernetes/apps/kube-system/local-path-provisioner/app/kustomization.yaml new file mode 100644 index 000000000..a09cef314 --- /dev/null +++ b/kubernetes/apps/kube-system/local-path-provisioner/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/kube-system/local-path-provisioner/ks.dis b/kubernetes/apps/kube-system/local-path-provisioner/ks.dis new file mode 100644 index 000000000..fda008748 --- /dev/null +++ b/kubernetes/apps/kube-system/local-path-provisioner/ks.dis @@ -0,0 +1,19 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app csi-driver-nfs + namespace: flux-system + labels: + substitution.flux.home.arpa/disabled: 'true' +spec: + path: ./kubernetes/apps/kube-system/local-path-provisioner/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml b/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml new file mode 100644 index 000000000..60298df66 --- /dev/null +++ b/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: metrics-server +spec: + interval: 30m + chart: + spec: + chart: metrics-server + version: 3.12.1 + sourceRef: + kind: HelmRepository + name: metrics-server + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + values: + args: + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + - --metric-resolution=15s + metrics: + enabled: true + serviceMonitor: + enabled: true diff --git a/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml b/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml new file mode 100644 index 000000000..5dd7baca7 --- /dev/null +++ b/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/kube-system/metrics-server/ks.yaml b/kubernetes/apps/kube-system/metrics-server/ks.yaml new file mode 100644 index 000000000..090b2ae73 --- /dev/null +++ b/kubernetes/apps/kube-system/metrics-server/ks.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app metrics-server + namespace: flux-system +spec: + targetNamespace: kube-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/kube-system/metrics-server/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/kube-system/namespace.yaml b/kubernetes/apps/kube-system/namespace.yaml new file mode 100644 index 000000000..5eeb2c918 --- /dev/null +++ b/kubernetes/apps/kube-system/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: kube-system + labels: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/kubernetes/apps/kube-system/node-problem-detector/app/helmrelease.yaml b/kubernetes/apps/kube-system/node-problem-detector/app/helmrelease.yaml new file mode 100644 index 000000000..f53f48914 --- /dev/null +++ b/kubernetes/apps/kube-system/node-problem-detector/app/helmrelease.yaml @@ -0,0 +1,37 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: node-problem-detector + namespace: &namespace kube-system +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: node-problem-detector + version: 2.3.13 + sourceRef: + kind: HelmRepository + name: deliveryheroio + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + metrics: + serviceMonitor: + enabled: true + image: + tag: v0.8.13 diff --git a/kubernetes/apps/kube-system/node-problem-detector/app/kustomization.yaml b/kubernetes/apps/kube-system/node-problem-detector/app/kustomization.yaml new file mode 100644 index 000000000..a09cef314 --- /dev/null +++ b/kubernetes/apps/kube-system/node-problem-detector/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/kube-system/node-problem-detector/ks.yaml b/kubernetes/apps/kube-system/node-problem-detector/ks.yaml new file mode 100644 index 000000000..be0b5e194 --- /dev/null +++ b/kubernetes/apps/kube-system/node-problem-detector/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app node-problem-detector + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: kube-system + path: ./kubernetes/apps/kube-system/node-problem-detector/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/kube-system/reloader/app/helmrelease.yaml b/kubernetes/apps/kube-system/reloader/app/helmrelease.yaml new file mode 100644 index 000000000..2b63a3b13 --- /dev/null +++ b/kubernetes/apps/kube-system/reloader/app/helmrelease.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: reloader +spec: + interval: 30m + chart: + spec: + chart: reloader + version: 1.0.101 + sourceRef: + kind: HelmRepository + name: stakater + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + values: + fullnameOverride: reloader + reloader: + readOnlyRootFileSystem: true + podMonitor: + enabled: true + namespace: "{{ .Release.Namespace }}" diff --git a/kubernetes/apps/kube-system/reloader/app/kustomization.yaml b/kubernetes/apps/kube-system/reloader/app/kustomization.yaml new file mode 100644 index 000000000..5dd7baca7 --- /dev/null +++ b/kubernetes/apps/kube-system/reloader/app/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/kube-system/reloader/ks.yaml b/kubernetes/apps/kube-system/reloader/ks.yaml new file mode 100644 index 000000000..6f9458dc1 --- /dev/null +++ b/kubernetes/apps/kube-system/reloader/ks.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app reloader + namespace: flux-system +spec: + targetNamespace: kube-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/kube-system/reloader/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/kube-system/spegel/app/helm-values.yaml b/kubernetes/apps/kube-system/spegel/app/helm-values.yaml new file mode 100644 index 000000000..a4185ae36 --- /dev/null +++ b/kubernetes/apps/kube-system/spegel/app/helm-values.yaml @@ -0,0 +1,7 @@ +--- +spegel: + containerdSock: /run/containerd/containerd.sock + containerdRegistryConfigPath: /etc/cri/conf.d/hosts +service: + registry: + hostPort: 29999 diff --git a/kubernetes/apps/kube-system/spegel/app/helmrelease.yaml b/kubernetes/apps/kube-system/spegel/app/helmrelease.yaml new file mode 100644 index 000000000..4200fa89b --- /dev/null +++ b/kubernetes/apps/kube-system/spegel/app/helmrelease.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: spegel +spec: + interval: 30m + chart: + spec: + chart: spegel + version: v0.0.22 + sourceRef: + kind: HelmRepository + name: spegel + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + valuesFrom: + - kind: ConfigMap + name: spegel-helm-values + values: + serviceMonitor: + enabled: true diff --git a/kubernetes/apps/kube-system/spegel/app/kustomization.yaml b/kubernetes/apps/kube-system/spegel/app/kustomization.yaml new file mode 100644 index 000000000..1e1aa1d17 --- /dev/null +++ b/kubernetes/apps/kube-system/spegel/app/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml +configMapGenerator: + - name: spegel-helm-values + files: + - values.yaml=./helm-values.yaml +configurations: + - kustomizeconfig.yaml diff --git a/kubernetes/apps/kube-system/spegel/app/kustomizeconfig.yaml b/kubernetes/apps/kube-system/spegel/app/kustomizeconfig.yaml new file mode 100644 index 000000000..58f92ba15 --- /dev/null +++ b/kubernetes/apps/kube-system/spegel/app/kustomizeconfig.yaml @@ -0,0 +1,7 @@ +--- +nameReference: + - kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease diff --git a/kubernetes/apps/kube-system/spegel/ks.yaml b/kubernetes/apps/kube-system/spegel/ks.yaml new file mode 100644 index 000000000..cb9f37ed4 --- /dev/null +++ b/kubernetes/apps/kube-system/spegel/ks.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app spegel + namespace: flux-system +spec: + targetNamespace: kube-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/kube-system/spegel/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/media/calibre-web/app/helmrelease.yaml b/kubernetes/apps/media/calibre-web/app/helmrelease.yaml new file mode 100644 index 000000000..307ba1084 --- /dev/null +++ b/kubernetes/apps/media/calibre-web/app/helmrelease.yaml @@ -0,0 +1,115 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app calibre-web + namespace: media +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + global: + nameOverride: *app + controllers: + app: + strategy: Recreate + annotations: + reloader.stakater.com/auto: "true" + containers: + main: + image: + repository: ghcr.io/linuxserver/calibre-web + tag: 0.6.20-ls229 + env: + TZ: ${TIMEZONE} + PUID: 1000 + PGID: 1000 + DOCKER_MODS: linuxserver/mods:universal-calibre + CACHE_DIR: /cache + resources: + requests: + cpu: 5m + memory: 100Mi + limits: + memory: 500Mi + initContainers: + update-volume-permission: + image: + repository: busybox + tag: 1.36.1 + command: [sh, -c, chown -R 1000:1000 /config] + securityContext: + runAsUser: 0 + service: + app: + controller: app + ports: + http: + port: &port 8083 + ingress: + app: + enabled: true + className: nginx-default + annotations: + # nginx.ingress.kubernetes.io/auth-method: GET + # nginx.ingress.kubernetes.io/auth-url: https://auth.${SECRET_DOMAIN}/api/verify + # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_DOMAIN}?rm=$request_method + # nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + # nginx.ingress.kubernetes.io/auth-snippet: | + # proxy_set_header X-Forwarded-Method $request_method; + # proxy_set_header X-Forwarded-Scheme $scheme; + hajimari.io/icon: bookshelf + hosts: + - host: &host books.${SECRET_DOMAIN} + paths: + - path: / + pathType: Prefix + service: + identifier: app + port: *port + tls: + - hosts: + - *host + persistence: + config: + enabled: true + type: persistentVolumeClaim + accessMode: ReadWriteOnce + size: 5Gi + storageClass: ${MAIN_SC} + globalMounts: + - path: /config + data: + enabled: true + type: nfs + server: 10.20.30.40 + path: /volume2/data + globalMounts: + - path: /data + readOnly: true + cache: + type: emptyDir + globalMounts: + - path: /cache diff --git a/kubernetes/apps/media/calibre-web/app/kustomization.yaml b/kubernetes/apps/media/calibre-web/app/kustomization.yaml new file mode 100644 index 000000000..94f7a6174 --- /dev/null +++ b/kubernetes/apps/media/calibre-web/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: media +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/media/calibre-web/ks.yaml b/kubernetes/apps/media/calibre-web/ks.yaml new file mode 100644 index 000000000..7041b2b0b --- /dev/null +++ b/kubernetes/apps/media/calibre-web/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app calibre-web + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: media + dependsOn: + - name: ${STORAGE_KUST} + path: ./kubernetes/apps/media/calibre-web/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/media/kustomization.yaml b/kubernetes/apps/media/kustomization.yaml new file mode 100644 index 000000000..4c8803f58 --- /dev/null +++ b/kubernetes/apps/media/kustomization.yaml @@ -0,0 +1,11 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - calibre-web/ks.yaml + - mediabox/ks.yaml + - plex-exporter/ks.yaml + - plex-trakt-sync/ks.yaml + - tautulli/ks.yaml diff --git a/kubernetes/apps/media/mediabox/app/bazarr-ingress.yaml b/kubernetes/apps/media/mediabox/app/bazarr-ingress.yaml new file mode 100755 index 000000000..df0781b7e --- /dev/null +++ b/kubernetes/apps/media/mediabox/app/bazarr-ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: bazarr + annotations: + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: https://auth.${SECRET_DOMAIN}/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: | + proxy_set_header X-Forwarded-Method $request_method; + proxy_set_header X-Forwarded-Scheme $scheme; + hajimari.io/enable: "true" + hajimari.io/icon: chart-bar +spec: + ingressClassName: nginx-default + tls: + - secretName: ${SECRET_DOMAIN/./-}-production-tls + hosts: + - bazarr.${SECRET_DOMAIN} + rules: + - host: bazarr.${SECRET_DOMAIN} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: mediabox + port: + name: bazarr diff --git a/kubernetes/apps/media/mediabox/app/gaps-ingress.yaml b/kubernetes/apps/media/mediabox/app/gaps-ingress.yaml new file mode 100755 index 000000000..531bf2e23 --- /dev/null +++ b/kubernetes/apps/media/mediabox/app/gaps-ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: gaps + annotations: + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: https://auth.${SECRET_DOMAIN}/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: | + proxy_set_header X-Forwarded-Method $request_method; + proxy_set_header X-Forwarded-Scheme $scheme; + hajimari.io/enable: "true" + hajimari.io/icon: filmstrip +spec: + ingressClassName: nginx-default + tls: + - secretName: ${SECRET_DOMAIN/./-}-production-tls + hosts: + - gaps.${SECRET_DOMAIN} + rules: + - host: gaps.${SECRET_DOMAIN} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: mediabox + port: + name: gaps diff --git a/kubernetes/apps/media/mediabox/app/kustomization.yaml b/kubernetes/apps/media/mediabox/app/kustomization.yaml new file mode 100755 index 000000000..81b11bf87 --- /dev/null +++ b/kubernetes/apps/media/mediabox/app/kustomization.yaml @@ -0,0 +1,18 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: media +resources: + - bazarr-ingress.yaml + - gaps-ingress.yaml + - lldap-ingress.yaml + - sabnzbd-ingress.yaml + - prowlarr-ingress.yaml + - radarr-ingress.yaml + - service.yaml + - sonar-ingress.yaml + - notifiarr-ingress.yaml + - radarr-exporter.yaml + - sonarr-exporter.yaml + - prowlarr-exporter.yaml diff --git a/kubernetes/apps/media/mediabox/app/lldap-ingress.yaml b/kubernetes/apps/media/mediabox/app/lldap-ingress.yaml new file mode 100644 index 000000000..9711b8efc --- /dev/null +++ b/kubernetes/apps/media/mediabox/app/lldap-ingress.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: lldap + annotations: + hajimari.io/enable: "true" + hajimari.io/icon: account-group +spec: + ingressClassName: nginx-default + tls: + - secretName: ${SECRET_DOMAIN/./-}-production-tls + hosts: + - lldap.${SECRET_DOMAIN} + rules: + - host: lldap.${SECRET_DOMAIN} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: mediabox + port: + name: lldap diff --git a/kubernetes/apps/media/mediabox/app/notifiarr-ingress.yaml b/kubernetes/apps/media/mediabox/app/notifiarr-ingress.yaml new file mode 100755 index 000000000..b6e4a4222 --- /dev/null +++ b/kubernetes/apps/media/mediabox/app/notifiarr-ingress.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: notifiarr + annotations: + external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET} + external-dns/is-public: "true" + hajimari.io/enable: "true" + hajimari.io/icon: filmstrip +spec: + ingressClassName: nginx-default + tls: + - secretName: ${SECRET_DOMAIN/./-}-production-tls + hosts: + - notifiarr.${SECRET_DOMAIN} + rules: + - host: notifiarr.${SECRET_DOMAIN} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: mediabox + port: + name: notifiarr diff --git a/kubernetes/apps/media/mediabox/app/prowlarr-exporter.yaml b/kubernetes/apps/media/mediabox/app/prowlarr-exporter.yaml new file mode 100644 index 000000000..6fac16ba1 --- /dev/null +++ b/kubernetes/apps/media/mediabox/app/prowlarr-exporter.yaml @@ -0,0 +1,884 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: prowlarr-exporter + namespace: media + labels: + app.kubernetes.io/name: prowlarr-exporter + app.kubernetes.io/instance: prowlarr-exporter +spec: + clusterIP: None + selector: + app.kubernetes.io/name: prowlarr-exporter + app.kubernetes.io/instance: prowlarr-exporter + ports: + - name: monitoring + port: 9707 +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: prowlarr-exporter + namespace: media + labels: + app.kubernetes.io/name: prowlarr-exporter + app.kubernetes.io/instance: prowlarr-exporter +spec: + selector: + matchLabels: + app.kubernetes.io/name: prowlarr-exporter + app.kubernetes.io/instance: prowlarr-exporter + endpoints: + - port: monitoring + interval: 4m + scrapeTimeout: 90s + path: /metrics +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: prowlarr-exporter + namespace: media + labels: + app.kubernetes.io/name: prowlarr-exporter + app.kubernetes.io/instance: prowlarr-exporter + annotations: + fluxcd.io/ignore: "false" + fluxcd.io/automated: "true" +spec: + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app.kubernetes.io/name: prowlarr-exporter + app.kubernetes.io/instance: prowlarr-exporter + template: + metadata: + labels: + app.kubernetes.io/name: prowlarr-exporter + app.kubernetes.io/instance: prowlarr-exporter + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: monitoring + spec: + containers: + - name: prowlarr-exporter + image: ghcr.io/onedr0p/exportarr:v2.0.1 + imagePullPolicy: Always + args: + - prowlarr + env: + - name: PORT + value: "9707" + - name: URL + value: ${SECRET_PROWLARR_URL} + - name: APIKEY + value: ${SECRET_PROWLARR_API_KEY} + - name: ENABLE_EPISODE_QUALITY_METRICS + value: "true" + - name: ADDITIONALMETRICS + value: "true" + - name: UNKNOWNQUEUEITEMS + value: "true" + ports: + - name: monitoring + containerPort: 9707 + livenessProbe: + httpGet: + path: /healthz + port: monitoring + failureThreshold: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /healthz + port: monitoring + failureThreshold: 5 + periodSeconds: 10 + resources: + requests: + cpu: 5m + memory: 10Mi + limits: + cpu: 500m + memory: 256Mi +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: prowlarr-exporter-dashboard + labels: + grafana_dashboard: "1" + app: plex-exporter + namespace: media + annotations: + grafana_folder: Apps +data: + prowlarr-exporter-dashboard.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 273, + "iteration": 1617623061759, + "links": [], + "panels": [ + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "Online", + "to": "", + "type": 1, + "value": "1" + }, + { + "from": "", + "id": 2, + "operator": "", + "text": "Offline", + "to": "", + "type": 1, + "value": "null" + }, + { + "from": "", + "id": 3, + "operator": "", + "text": "Offline", + "to": "", + "type": 1, + "value": "0" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 7, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["last"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sonarr_system_status{job=\"$instance\"}", + "format": "time_series", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "status", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 7, + "x": 7, + "y": 0 + }, + "id": 5, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sonarr_episode_missing_total{job=\"$instance\"}", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "missing ep", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 14, + "y": 0 + }, + "id": 16, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sonarr_queue_total{job=\"$instance\"}", + "format": "time_series", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "in queue", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 4, + "x": 18, + "y": 0 + }, + "id": 4, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sonarr_system_health_issues{job=\"$instance\"}", + "format": "time_series", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "health issues", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 7, + "x": 0, + "y": 4 + }, + "id": 6, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sonarr_series_total{job=\"$instance\"}", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "series", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 7, + "x": 7, + "y": 4 + }, + "id": 10, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sonarr_series_filesize_bytes{job=\"$instance\"}", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "size", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "decimals": 0, + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 14, + "y": 4 + }, + "id": 8, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["last"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sum(increase(sonarr_episode_downloaded_total{job=\"$instance\"}[30d]))", + "format": "time_series", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "d/l past month", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 7, + "x": 0, + "y": 8 + }, + "id": 17, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sonarr_series_monitored_total{job=\"$instance\"}", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "monitored", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "decimals": 0, + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 14, + "y": 8 + }, + "id": 7, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["last"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sum(increase(sonarr_episode_downloaded_total{job=\"$instance\"}[7d]))", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "d/ past week", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 11, + "w": 22, + "x": 0, + "y": 12 + }, + "id": 13, + "options": { + "displayMode": "gradient", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "showUnfilled": true, + "text": { + "titleSize": 10, + "valueSize": 10 + } + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sort_desc(sum(sonarr_episode_quality_total{job=\"$instance\"}) by (quality))", + "format": "time_series", + "instant": true, + "interval": "", + "legendFormat": "{{quality}}", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "qualities", + "type": "bargauge" + }, + { + "datasource": "Loki", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "h": 11, + "w": 22, + "x": 0, + "y": 23 + }, + "id": 15, + "options": { + "dedupStrategy": "none", + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": true + }, + "targets": [ + { + "expr": "{app_kubernetes_io_name=\"prowlarr\"} !~ \"Sending HTTP request to http://localhost:8989\"", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "log", + "type": "logs" + } + ], + "refresh": "1m", + "schemaVersion": 27, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "current": { + "selected": true, + "text": "media/prowlarr", + "value": "media/prowlarr" + }, + "datasource": null, + "definition": "label_values(sonarr_system_status, job)", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Instance", + "multi": false, + "name": "instance", + "options": [ + { + "selected": true, + "text": "media/prowlarr", + "value": "media/prowlarr" + } + ], + "query": { + "query": "label_values(sonarr_system_status, job)", + "refId": "StandardVariableQuery" + }, + "refresh": 0, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-2d", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "prowlarr", + "uid": "A8iPsdsjZd", + "version": 8 + } diff --git a/kubernetes/apps/media/mediabox/app/prowlarr-ingress.yaml b/kubernetes/apps/media/mediabox/app/prowlarr-ingress.yaml new file mode 100755 index 000000000..cb12f1fae --- /dev/null +++ b/kubernetes/apps/media/mediabox/app/prowlarr-ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: prowlarr + annotations: + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: https://auth.${SECRET_DOMAIN}/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: | + proxy_set_header X-Forwarded-Method $request_method; + proxy_set_header X-Forwarded-Scheme $scheme; + hajimari.io/enable: "true" + hajimari.io/icon: plex +spec: + ingressClassName: nginx-default + tls: + - secretName: ${SECRET_DOMAIN/./-}-production-tls + hosts: + - prowlarr.${SECRET_DOMAIN} + rules: + - host: prowlarr.${SECRET_DOMAIN} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: mediabox + port: + name: prowlarr diff --git a/kubernetes/apps/media/mediabox/app/radarr-exporter.yaml b/kubernetes/apps/media/mediabox/app/radarr-exporter.yaml new file mode 100644 index 000000000..1d7424549 --- /dev/null +++ b/kubernetes/apps/media/mediabox/app/radarr-exporter.yaml @@ -0,0 +1,942 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: radarr-exporter + namespace: media + labels: + app.kubernetes.io/name: radarr-exporter + app.kubernetes.io/instance: radarr-exporter +spec: + clusterIP: None + selector: + app.kubernetes.io/name: radarr-exporter + app.kubernetes.io/instance: radarr-exporter + ports: + - name: monitoring + port: 9708 +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: radarr-exporter + namespace: media + labels: + app.kubernetes.io/name: radarr-exporter + app.kubernetes.io/instance: radarr-exporter +spec: + selector: + matchLabels: + app.kubernetes.io/name: radarr-exporter + app.kubernetes.io/instance: radarr-exporter + endpoints: + - port: monitoring + interval: 4m + scrapeTimeout: 90s + path: /metrics +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: radarr-exporter + namespace: media + labels: + app.kubernetes.io/name: radarr-exporter + app.kubernetes.io/instance: radarr-exporter +spec: + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app.kubernetes.io/name: radarr-exporter + app.kubernetes.io/instance: radarr-exporter + template: + metadata: + labels: + app.kubernetes.io/name: radarr-exporter + app.kubernetes.io/instance: radarr-exporter + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: monitoring + spec: + containers: + - name: radarr-exporter + image: ghcr.io/onedr0p/exportarr:v2.0.1 + imagePullPolicy: Always + args: + - radarr + env: + - name: PORT + value: "9708" + - name: URL + value: ${SECRET_RADARR_URL} + - name: APIKEY + value: ${SECRET_RADARR_API_KEY} + - name: ADDITIONALMETRICS + value: "true" + - name: UNKNOWNQUEUEITEMS + value: "true" + ports: + - name: monitoring + containerPort: 9708 + livenessProbe: + httpGet: + path: /healthz + port: monitoring + failureThreshold: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /healthz + port: monitoring + failureThreshold: 5 + periodSeconds: 10 + resources: + requests: + cpu: 5m + memory: 10Mi + limits: + cpu: 500m + memory: 256Mi +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: radarr-exporter-dashboard + labels: + grafana_dashboard: "1" + app: radarr-exporter + namespace: media + annotations: + grafana_folder: Apps +data: + radarr-exporter-dashboard.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 272, + "iteration": 1617623062689, + "links": [], + "panels": [ + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "Online", + "to": "", + "type": 1, + "value": "1" + }, + { + "from": "", + "id": 2, + "operator": "", + "text": "Offline", + "to": "", + "type": 1, + "value": "null" + }, + { + "from": "", + "id": 3, + "operator": "", + "text": "Offline", + "to": "", + "type": 1, + "value": "0" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(255, 194, 48)", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 7, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["last"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "radarr_system_status{job=\"$instance\"}", + "format": "time_series", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "status", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(255, 194, 48)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 7, + "x": 7, + "y": 0 + }, + "id": 5, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "radarr_movie_missing_total{job=\"$instance\"}", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "missing", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(255, 194, 48)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 14, + "y": 0 + }, + "id": 16, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "radarr_queue_total{job=\"$instance\"}", + "format": "time_series", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "in queue", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(255, 194, 48)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 4, + "x": 18, + "y": 0 + }, + "id": 4, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "radarr_system_health_issues{job=\"$instance\"}", + "format": "time_series", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "health issues", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(255, 194, 48)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 7, + "x": 0, + "y": 4 + }, + "id": 6, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "radarr_movie_total{job=\"$instance\"}", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "movies", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(255, 194, 48)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 7, + "x": 7, + "y": 4 + }, + "id": 3, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["last"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "radarr_movie_wanted_total{job=\"$instance\"}", + "format": "time_series", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "wanted", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "decimals": 0, + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(255, 194, 48)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 14, + "y": 4 + }, + "id": 8, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["last"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sum(increase(radarr_movie_downloaded_total{job=\"$instance\"}[30d]))", + "format": "time_series", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "d/l past month", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(255, 194, 48)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 7, + "x": 0, + "y": 8 + }, + "id": 17, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "radarr_movie_monitored_total{job=\"$instance\"}", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "monitored", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(255, 194, 48)", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 7, + "x": 7, + "y": 8 + }, + "id": 10, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "radarr_movie_filesize_total{job=\"$instance\"}", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "size", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "decimals": 0, + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(255, 194, 48)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 14, + "y": 8 + }, + "id": 7, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["last"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sum(increase(radarr_movie_downloaded_total{job=\"$instance\"}[7d]))", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "d/ past week", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(255, 194, 48)", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 11, + "w": 22, + "x": 0, + "y": 12 + }, + "id": 13, + "options": { + "displayMode": "gradient", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "showUnfilled": true, + "text": { + "titleSize": 10, + "valueSize": 10 + } + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sort_desc(sum(radarr_movie_quality_total{job=\"$instance\"}) by (quality))", + "format": "time_series", + "instant": true, + "interval": "", + "legendFormat": "{{quality}}", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "qualities", + "type": "bargauge" + }, + { + "datasource": "Loki", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "h": 11, + "w": 22, + "x": 0, + "y": 23 + }, + "id": 15, + "options": { + "dedupStrategy": "none", + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": true + }, + "targets": [ + { + "expr": "{app_kubernetes_io_name=\"radarr\"} !~ \"Sending HTTP request to http://localhost:7878\"", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "log", + "type": "logs" + } + ], + "refresh": "1m", + "schemaVersion": 27, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "current": { + "selected": false, + "text": "media/radarr", + "value": "media/radarr" + }, + "datasource": null, + "definition": "label_values(radarr_system_status, job)", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Instance", + "multi": false, + "name": "instance", + "options": [ + { + "selected": true, + "text": "media/radarr", + "value": "media/radarr" + } + ], + "query": { + "query": "label_values(radarr_system_status, job)", + "refId": "StandardVariableQuery" + }, + "refresh": 0, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-2d", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Radarr", + "uid": "A8iPssjZk", + "version": 18 + } diff --git a/kubernetes/apps/media/mediabox/app/radarr-ingress.yaml b/kubernetes/apps/media/mediabox/app/radarr-ingress.yaml new file mode 100755 index 000000000..a5a8ba202 --- /dev/null +++ b/kubernetes/apps/media/mediabox/app/radarr-ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: radarr + annotations: + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: https://auth.${SECRET_DOMAIN}/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: | + proxy_set_header X-Forwarded-Method $request_method; + proxy_set_header X-Forwarded-Scheme $scheme; + hajimari.io/enable: "true" + hajimari.io/icon: filmstrip +spec: + ingressClassName: nginx-default + tls: + - secretName: ${SECRET_DOMAIN/./-}-production-tls + hosts: + - radarr.${SECRET_DOMAIN} + rules: + - host: radarr.${SECRET_DOMAIN} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: mediabox + port: + name: radarr diff --git a/kubernetes/apps/media/mediabox/app/sabnzbd-ingress.yaml b/kubernetes/apps/media/mediabox/app/sabnzbd-ingress.yaml new file mode 100755 index 000000000..37a57bf66 --- /dev/null +++ b/kubernetes/apps/media/mediabox/app/sabnzbd-ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: sabnzbd + annotations: + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: https://auth.${SECRET_DOMAIN}/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: | + proxy_set_header X-Forwarded-Method $request_method; + proxy_set_header X-Forwarded-Scheme $scheme; + hajimari.io/enable: "true" + hajimari.io/icon: cloud-download +spec: + ingressClassName: nginx-default + tls: + - secretName: ${SECRET_DOMAIN/./-}-production-tls + hosts: + - sabnzbd.${SECRET_DOMAIN} + rules: + - host: sabnzbd.${SECRET_DOMAIN} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: mediabox + port: + name: sabnzbd diff --git a/kubernetes/apps/media/mediabox/app/service.yaml b/kubernetes/apps/media/mediabox/app/service.yaml new file mode 100755 index 000000000..616954b4c --- /dev/null +++ b/kubernetes/apps/media/mediabox/app/service.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: mediabox +spec: + externalName: thiazi.home + ports: + - name: sonarr + port: 8989 + protocol: TCP + targetPort: 8989 + - name: radarr + port: 7878 + protocol: TCP + targetPort: 7878 + - name: prowlarr + port: 9696 + protocol: TCP + targetPort: 9696 + - name: sabnzbd + port: 8080 + protocol: TCP + targetPort: 8080 + - name: gaps + port: 8484 + protocol: TCP + targetPort: 8484 + - name: bazarr + port: 6767 + protocol: TCP + targetPort: 6767 + - name: notifiarr + port: 5454 + protocol: TCP + targetPort: 5454 + - name: lldap + port: 17170 + protocol: TCP + targetPort: 17170 + sessionAffinity: None + type: ExternalName diff --git a/kubernetes/apps/media/mediabox/app/sonar-ingress.yaml b/kubernetes/apps/media/mediabox/app/sonar-ingress.yaml new file mode 100755 index 000000000..4b991cf24 --- /dev/null +++ b/kubernetes/apps/media/mediabox/app/sonar-ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: sonarr + annotations: + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: https://auth.${SECRET_DOMAIN}/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: | + proxy_set_header X-Forwarded-Method $request_method; + proxy_set_header X-Forwarded-Scheme $scheme; + hajimari.io/enable: "true" + hajimari.io/icon: television-box +spec: + ingressClassName: nginx-default + tls: + - secretName: ${SECRET_DOMAIN/./-}-production-tls + hosts: + - sonarr.${SECRET_DOMAIN} + rules: + - host: sonarr.${SECRET_DOMAIN} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: mediabox + port: + name: sonarr diff --git a/kubernetes/apps/media/mediabox/app/sonarr-exporter.yaml b/kubernetes/apps/media/mediabox/app/sonarr-exporter.yaml new file mode 100644 index 000000000..dc770f967 --- /dev/null +++ b/kubernetes/apps/media/mediabox/app/sonarr-exporter.yaml @@ -0,0 +1,884 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: sonarr-exporter + namespace: media + labels: + app.kubernetes.io/name: sonarr-exporter + app.kubernetes.io/instance: sonarr-exporter +spec: + clusterIP: None + selector: + app.kubernetes.io/name: sonarr-exporter + app.kubernetes.io/instance: sonarr-exporter + ports: + - name: monitoring + port: 9707 +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: sonarr-exporter + namespace: media + labels: + app.kubernetes.io/name: sonarr-exporter + app.kubernetes.io/instance: sonarr-exporter +spec: + selector: + matchLabels: + app.kubernetes.io/name: sonarr-exporter + app.kubernetes.io/instance: sonarr-exporter + endpoints: + - port: monitoring + interval: 4m + scrapeTimeout: 90s + path: /metrics +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: sonarr-exporter + namespace: media + labels: + app.kubernetes.io/name: sonarr-exporter + app.kubernetes.io/instance: sonarr-exporter + annotations: + fluxcd.io/ignore: "false" + fluxcd.io/automated: "true" +spec: + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app.kubernetes.io/name: sonarr-exporter + app.kubernetes.io/instance: sonarr-exporter + template: + metadata: + labels: + app.kubernetes.io/name: sonarr-exporter + app.kubernetes.io/instance: sonarr-exporter + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: monitoring + spec: + containers: + - name: sonarr-exporter + image: ghcr.io/onedr0p/exportarr:v2.0.1 + imagePullPolicy: Always + args: + - sonarr + env: + - name: PORT + value: "9707" + - name: URL + value: ${SECRET_SONARR_URL} + - name: APIKEY + value: ${SECRET_SONARR_API_KEY} + - name: ENABLE_EPISODE_QUALITY_METRICS + value: "true" + - name: ADDITIONALMETRICS + value: "true" + - name: UNKNOWNQUEUEITEMS + value: "true" + ports: + - name: monitoring + containerPort: 9707 + livenessProbe: + httpGet: + path: /healthz + port: monitoring + failureThreshold: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /healthz + port: monitoring + failureThreshold: 5 + periodSeconds: 10 + resources: + requests: + cpu: 5m + memory: 10Mi + limits: + cpu: 500m + memory: 256Mi +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: sonarr-exporter-dashboard + labels: + grafana_dashboard: "1" + app: plex-exporter + namespace: media + annotations: + grafana_folder: Apps +data: + sonarr-exporter-dashboard.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 273, + "iteration": 1617623061759, + "links": [], + "panels": [ + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "Online", + "to": "", + "type": 1, + "value": "1" + }, + { + "from": "", + "id": 2, + "operator": "", + "text": "Offline", + "to": "", + "type": 1, + "value": "null" + }, + { + "from": "", + "id": 3, + "operator": "", + "text": "Offline", + "to": "", + "type": 1, + "value": "0" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 7, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["last"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sonarr_system_status{job=\"$instance\"}", + "format": "time_series", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "status", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 7, + "x": 7, + "y": 0 + }, + "id": 5, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sonarr_episode_missing_total{job=\"$instance\"}", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "missing ep", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 14, + "y": 0 + }, + "id": 16, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sonarr_queue_total{job=\"$instance\"}", + "format": "time_series", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "in queue", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 4, + "x": 18, + "y": 0 + }, + "id": 4, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sonarr_system_health_issues{job=\"$instance\"}", + "format": "time_series", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "health issues", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 7, + "x": 0, + "y": 4 + }, + "id": 6, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sonarr_series_total{job=\"$instance\"}", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "series", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 7, + "x": 7, + "y": 4 + }, + "id": 10, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sonarr_series_filesize_bytes{job=\"$instance\"}", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "size", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "decimals": 0, + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 14, + "y": 4 + }, + "id": 8, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["last"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sum(increase(sonarr_episode_downloaded_total{job=\"$instance\"}[30d]))", + "format": "time_series", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "d/l past month", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 7, + "x": 0, + "y": 8 + }, + "id": 17, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sonarr_series_monitored_total{job=\"$instance\"}", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "monitored", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "decimals": 0, + "mappings": [ + { + "from": "", + "id": 1, + "operator": "", + "text": "0", + "to": "", + "type": 1, + "value": "null" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 14, + "y": 8 + }, + "id": 7, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["last"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sum(increase(sonarr_episode_downloaded_total{job=\"$instance\"}[7d]))", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "d/ past week", + "type": "stat" + }, + { + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgb(33, 147, 181)", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 11, + "w": 22, + "x": 0, + "y": 12 + }, + "id": 13, + "options": { + "displayMode": "gradient", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "showUnfilled": true, + "text": { + "titleSize": 10, + "valueSize": 10 + } + }, + "pluginVersion": "7.5.2", + "targets": [ + { + "expr": "sort_desc(sum(sonarr_episode_quality_total{job=\"$instance\"}) by (quality))", + "format": "time_series", + "instant": true, + "interval": "", + "legendFormat": "{{quality}}", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "qualities", + "type": "bargauge" + }, + { + "datasource": "Loki", + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "h": 11, + "w": 22, + "x": 0, + "y": 23 + }, + "id": 15, + "options": { + "dedupStrategy": "none", + "showLabels": false, + "showTime": false, + "sortOrder": "Descending", + "wrapLogMessage": true + }, + "targets": [ + { + "expr": "{app_kubernetes_io_name=\"sonarr\"} !~ \"Sending HTTP request to http://localhost:8989\"", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "log", + "type": "logs" + } + ], + "refresh": "1m", + "schemaVersion": 27, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "current": { + "selected": true, + "text": "media/sonarr", + "value": "media/sonarr" + }, + "datasource": null, + "definition": "label_values(sonarr_system_status, job)", + "description": null, + "error": null, + "hide": 0, + "includeAll": false, + "label": "Instance", + "multi": false, + "name": "instance", + "options": [ + { + "selected": true, + "text": "media/sonarr", + "value": "media/sonarr" + } + ], + "query": { + "query": "label_values(sonarr_system_status, job)", + "refId": "StandardVariableQuery" + }, + "refresh": 0, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-2d", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Sonarr", + "uid": "A8iPssjZd", + "version": 8 + } diff --git a/kubernetes/apps/media/mediabox/ks.yaml b/kubernetes/apps/media/mediabox/ks.yaml new file mode 100644 index 000000000..91fa2bfed --- /dev/null +++ b/kubernetes/apps/media/mediabox/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app mediabox + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: media + path: ./kubernetes/apps/media/mediabox/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/media/namespace.yaml b/kubernetes/apps/media/namespace.yaml new file mode 100644 index 000000000..a1370a2ae --- /dev/null +++ b/kubernetes/apps/media/namespace.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: media + annotations: + volsync.backube/privileged-movers: "true" + labels: + kustomize.toolkit.fluxcd.io/prune: disabled + goldilocks.fairwinds.com/enabled: "true" diff --git a/kubernetes/apps/media/plex-exporter/app/configmap.yaml b/kubernetes/apps/media/plex-exporter/app/configmap.yaml new file mode 100755 index 000000000..a6120bd31 --- /dev/null +++ b/kubernetes/apps/media/plex-exporter/app/configmap.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +data: + config.json: | + { + "exporter": { + "port": 9567 + }, + "server": { + "address": "plex.home", + "port": 32400, + "token": "${SECRET_PLEXTOKEN}" + } + } +kind: ConfigMap +metadata: + labels: + app: plex-exporter + name: plex-exporter-config diff --git a/kubernetes/apps/media/plex-exporter/app/deployment.yaml b/kubernetes/apps/media/plex-exporter/app/deployment.yaml new file mode 100755 index 000000000..512cdc9e0 --- /dev/null +++ b/kubernetes/apps/media/plex-exporter/app/deployment.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + reloader.stakater.com/auto: "true" + labels: + app: plex-exporter + name: plex-exporter +spec: + replicas: 1 + selector: + matchLabels: + app: plex-exporter + template: + metadata: + labels: + app: plex-exporter + spec: + containers: + - image: registry.eighty-three.me/tuxpeople/plex-exporter:nightly + command: + - /plex_exporter + args: + - --config + - /config.json + imagePullPolicy: Always + name: plex-exporter + ports: + - containerPort: 9567 + protocol: TCP + resources: + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 500m + memory: 500Mi + volumeMounts: + - mountPath: /config.json + name: plex-exporter-config + subPath: config.json + volumes: + - configMap: + items: + - key: config.json + mode: 420 + path: config.json + name: plex-exporter-config + name: plex-exporter-config diff --git a/kubernetes/apps/media/plex-exporter/app/grafana-dashboard.yaml b/kubernetes/apps/media/plex-exporter/app/grafana-dashboard.yaml new file mode 100755 index 000000000..737b49d4e --- /dev/null +++ b/kubernetes/apps/media/plex-exporter/app/grafana-dashboard.yaml @@ -0,0 +1,477 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: plex-exporter-dashboard + labels: + grafana_dashboard: '1' + app: plex-exporter + namespace: media + annotations: + grafana_folder: Apps +data: + plex-exporter-dashboard.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "gnetId": null, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 6, + "y": 0 + }, + "id": 12, + "options": { + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "pluginVersion": "8.2.1", + "targets": [ + { + "exemplar": true, + "expr": "sum(plex_transcode_sessions_active_count) by (container)", + "interval": "", + "legendFormat": "Plex sessions", + "refId": "A" + }, + { + "exemplar": true, + "expr": "sum(plex_transcode_sessions_active_count) by (container)", + "hide": false, + "interval": "", + "legendFormat": "Transcoding sessions", + "refId": "B" + } + ], + "title": "Current usage", + "type": "gauge" + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 14, + "panels": [], + "title": "Sessions history", + "type": "row" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 9 + }, + "id": 8, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "sum(plex_transcode_sessions_active_count) by (container)", + "interval": "", + "legendFormat": "Active plex sessions", + "refId": "A" + } + ], + "title": "Active plex sessions", + "type": "timeseries" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 9 + }, + "id": 10, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "sum(plex_transcode_sessions_active_count) by (container)", + "interval": "", + "legendFormat": "Active transcode sessions", + "refId": "A" + } + ], + "title": "Active transcode sessions", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 6, + "panels": [], + "title": "Library content", + "type": "row" + }, + { + "datasource": null, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 18 + }, + "id": 4, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "plex_media_server_library_media_count{type=\"show\"}", + "interval": "", + "legendFormat": "Library \"{{name}}\"", + "refId": "A" + } + ], + "title": "Numbers of TV shows", + "type": "timeseries" + }, + { + "datasource": null, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 18 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "plex_media_server_library_media_count{type=\"movie\"}", + "interval": "", + "legendFormat": "Library \"{{name}}\"", + "refId": "A" + } + ], + "title": "Numbers of movies", + "type": "timeseries" + } + ], + "schemaVersion": 31, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Plex Dashboard", + "uid": null, + "version": 0 + } diff --git a/kubernetes/apps/media/plex-exporter/app/kustomization.yaml b/kubernetes/apps/media/plex-exporter/app/kustomization.yaml new file mode 100755 index 000000000..e7fdf10f9 --- /dev/null +++ b/kubernetes/apps/media/plex-exporter/app/kustomization.yaml @@ -0,0 +1,11 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: media +resources: + - configmap.yaml + - deployment.yaml + - service.yaml + - service-monitor.yaml + - grafana-dashboard.yaml diff --git a/kubernetes/apps/media/plex-exporter/app/plex-exporter-grafana-dashboard.json b/kubernetes/apps/media/plex-exporter/app/plex-exporter-grafana-dashboard.json new file mode 100755 index 000000000..c7dcb5f10 --- /dev/null +++ b/kubernetes/apps/media/plex-exporter/app/plex-exporter-grafana-dashboard.json @@ -0,0 +1,464 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "gnetId": null, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 6, + "y": 0 + }, + "id": 12, + "options": { + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "text": {} + }, + "pluginVersion": "8.2.1", + "targets": [ + { + "exemplar": true, + "expr": "sum(plex_transcode_sessions_active_count) by (container)", + "interval": "", + "legendFormat": "Plex sessions", + "refId": "A" + }, + { + "exemplar": true, + "expr": "sum(plex_transcode_sessions_active_count) by (container)", + "hide": false, + "interval": "", + "legendFormat": "Transcoding sessions", + "refId": "B" + } + ], + "title": "Current usage", + "type": "gauge" + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 14, + "panels": [], + "title": "Sessions history", + "type": "row" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 9 + }, + "id": 8, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "sum(plex_transcode_sessions_active_count) by (container)", + "interval": "", + "legendFormat": "Active plex sessions", + "refId": "A" + } + ], + "title": "Active plex sessions", + "type": "timeseries" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 9 + }, + "id": 10, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "sum(plex_transcode_sessions_active_count) by (container)", + "interval": "", + "legendFormat": "Active transcode sessions", + "refId": "A" + } + ], + "title": "Active transcode sessions", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 6, + "panels": [], + "title": "Library content", + "type": "row" + }, + { + "datasource": null, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 18 + }, + "id": 4, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "plex_media_server_library_media_count{type=\"show\"}", + "interval": "", + "legendFormat": "Library \"{{name}}\"", + "refId": "A" + } + ], + "title": "Numbers of TV shows", + "type": "timeseries" + }, + { + "datasource": null, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 18 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "plex_media_server_library_media_count{type=\"movie\"}", + "interval": "", + "legendFormat": "Library \"{{name}}\"", + "refId": "A" + } + ], + "title": "Numbers of movies", + "type": "timeseries" + } + ], + "schemaVersion": 31, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Plex Dashboard", + "uid": null, + "version": 0 +} diff --git a/kubernetes/apps/media/plex-exporter/app/service-monitor.yaml b/kubernetes/apps/media/plex-exporter/app/service-monitor.yaml new file mode 100755 index 000000000..aeb22449d --- /dev/null +++ b/kubernetes/apps/media/plex-exporter/app/service-monitor.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: prometheus-plex-exporter + labels: + release: prometheus +spec: + jobLabel: plex-exporter + selector: + matchExpressions: + - {key: app, operator: In, values: [plex-exporter]} + namespaceSelector: + matchNames: + - media + endpoints: + - port: metrics + interval: 30s diff --git a/kubernetes/apps/media/plex-exporter/app/service.yaml b/kubernetes/apps/media/plex-exporter/app/service.yaml new file mode 100755 index 000000000..821916b21 --- /dev/null +++ b/kubernetes/apps/media/plex-exporter/app/service.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: plex-exporter + name: plex-exporter-svc +spec: + ports: + - name: metrics + port: 9567 + protocol: TCP + targetPort: 9567 + selector: + app: plex-exporter + type: ClusterIP diff --git a/kubernetes/apps/media/plex-exporter/ks.yaml b/kubernetes/apps/media/plex-exporter/ks.yaml new file mode 100644 index 000000000..6d6ffab67 --- /dev/null +++ b/kubernetes/apps/media/plex-exporter/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app plex-exporter + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: media + path: ./kubernetes/apps/media/plex-exporter/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/media/plex-trakt-sync/app/config/config.yml b/kubernetes/apps/media/plex-trakt-sync/app/config/config.yml new file mode 100644 index 000000000..07de0ad3b --- /dev/null +++ b/kubernetes/apps/media/plex-trakt-sync/app/config/config.yml @@ -0,0 +1,34 @@ +cache: + path: $PTS_CACHE_DIR/trakt_cache + +excluded-libraries: + - Privat + +config: + dotenv_override: true + +logging: + append: false + debug: false + filename: plextraktsync.log + +sync: + plex_to_trakt: + collection: false + ratings: false + watched_status: true + trakt_to_plex: + liked_lists: false + ratings: false + watched_status: true + watchlist: false + +watch: + add_collection: false + remove_collection: false + scrobble_threshold: 90 + username_filter: true + +xbmc-providers: + movies: imdb + shows: tvdb diff --git a/kubernetes/apps/media/plex-trakt-sync/app/helmrelease.yaml b/kubernetes/apps/media/plex-trakt-sync/app/helmrelease.yaml new file mode 100644 index 000000000..4d9eeb4ad --- /dev/null +++ b/kubernetes/apps/media/plex-trakt-sync/app/helmrelease.yaml @@ -0,0 +1,132 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: plex-trakt-sync + namespace: media +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + app: + strategy: Recreate + annotations: + reloader.stakater.com/auto: "true" + + pod: + enableServiceLinks: false + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + + containers: + main: + image: + repository: ghcr.io/taxel/plextraktsync + tag: 0.30.10 + args: + - watch + env: + PLEX_BASEURL: http://10.20.30.40:32400 + PLEX_LOCALURL: http://10.20.30.40:32400 + PLEX_TOKEN: ${SECRET_PLEXTOKEN} + PLEX_USERNAME: ${SECRET_ACME_EMAIL} + TRAKT_USERNAME: ${SECRET_ACME_EMAIL} + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + resources: + requests: + cpu: 5m + memory: 101M + limits: + memory: 101M + + cronjob: + type: cronjob + cronjob: + concurrencyPolicy: Forbid + schedule: "@daily" + annotations: + reloader.stakater.com/auto: "true" + + pod: + enableServiceLinks: false + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + + containers: + main: + image: + repository: ghcr.io/taxel/plextraktsync + tag: 0.30.10 + args: + - sync + env: + PLEX_BASEURL: http://10.20.30.40:32400 + PLEX_LOCALURL: http://10.20.30.40:32400 + PLEX_TOKEN: ${SECRET_PLEXTOKEN} + PLEX_USERNAME: ${SECRET_ACME_EMAIL} + TRAKT_USERNAME: ${SECRET_ACME_EMAIL} + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + resources: + requests: + cpu: 5m + memory: 101M + limits: + memory: 101M + + persistence: + config-yaml: + type: configMap + name: plex-tract-sync-configmap + globalMounts: + - path: /app/config/config.yml + subPath: config.yml + readOnly: true + config-pv: + enabled: true + type: persistentVolumeClaim + accessMode: ReadWriteOnce + size: 5Gi + storageClass: ${MAIN_SC} + globalMounts: + - path: /app/config diff --git a/kubernetes/apps/media/plex-trakt-sync/app/kustomization.yaml b/kubernetes/apps/media/plex-trakt-sync/app/kustomization.yaml new file mode 100644 index 000000000..c93f583aa --- /dev/null +++ b/kubernetes/apps/media/plex-trakt-sync/app/kustomization.yaml @@ -0,0 +1,20 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: media +resources: +- ./helmrelease.yaml +configMapGenerator: +- files: + - ./config/config.yml + name: plex-tract-sync-configmap +generatorOptions: + annotations: + kustomize.toolkit.fluxcd.io/substitute: disabled + disableNameSuffixHash: true +labels: +- includeSelectors: true + pairs: + app.kubernetes.io/instance: plex-trakt-sync + app.kubernetes.io/name: plex-trakt-sync diff --git a/kubernetes/apps/media/plex-trakt-sync/ks.yaml b/kubernetes/apps/media/plex-trakt-sync/ks.yaml new file mode 100644 index 000000000..facb90940 --- /dev/null +++ b/kubernetes/apps/media/plex-trakt-sync/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app plex-trakt-sync + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: media + dependsOn: + - name: ${STORAGE_KUST} + path: ./kubernetes/apps/media/plex-trakt-sync/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/media/podsync/app/config/config.toml b/kubernetes/apps/media/podsync/app/config/config.toml new file mode 100755 index 000000000..8c847e85f --- /dev/null +++ b/kubernetes/apps/media/podsync/app/config/config.toml @@ -0,0 +1,110 @@ +[server] +port = 8080 +hostname = "https://podsync.${SECRET_DOMAIN}" + +[storage] + [storage.local] + data_dir = "/data" + +[database] +badger = { truncate = true, file_io = true } + +[tokens] +youtube = "${SECRET_YOUTUBE_TOKEN}" + +[feeds] + [feeds.DevOpsToolkit] + url = "https://www.youtube.com/playlist?list=UUfz8x0lVzJpb_dgWm9kPVrw" + update_period = "8h" + format = "video" + quality = "high" + page_size = 15 + clean = { keep_last = 15 } + + [feeds.TechWorldWithNana] + url = "https://www.youtube.com/channel/UCdngmbVKX1Tgre699-XLlUA" + update_period = "8h" + format = "video" + quality = "high" + page_size = 15 + clean = { keep_last = 15 } + + [feeds.bares] + url = "https://www.youtube.com/channel/UC53bIpnef1pwAx69ERmmOLA" + update_period = "8h" + format = "video" + quality = "high" + page_size = 10 + clean = { keep_last = 10 } + + [feeds.headlock_breaking] + url = "https://www.youtube.com/channel/UC4A1tkY5mw9MWYa9SnDi3CQ" + filters = { title = "(B|b)(R|r)(E|e)(A|a)(K|k)(I|i)(N|n)(G|g)" } + custom = { title = "Headlock Breaking News" } + update_period = "6h" + format = "audio" + quality = "high" + page_size = 5 + clean = { keep_last = 5 } + + [feeds.lffs] + url = "https://www.youtube.com/playlist?list=PLDLU7Rp1Fecmx3mjQJU97rn5gfV8NH8AW" + update_period = "9h" + format = "video" + quality = "high" + page_size = 5 + clean = { keep_last = 5 } + + [feeds.mytowatch] + url = "https://youtube.com/playlist?list=PL7qBQ0Mi2xAp-alNW5mJ7z4X9Zko9rpWJ" + update_period = "7h" + format = "video" + quality = "high" + page_size = 30 + clean = { keep_last = 30 } + + [feeds.oralsessions] + url = "https://www.youtube.com/playlist?list=PLquP20HDxBb19HgiRawKoiTkHtHT473qG" + custom = { title = "The Sessions x AEW" } + update_period = "12h" + format = "video" + quality = "high" + page_size = 5 + clean = { keep_last = 5 } + + [feeds.spotfight_others] + url = "https://www.youtube.com/channel/UCROVkXXxpp_wisE7YyrTYyQ" + filters = { not_title = "(HAUPTKAMPF|Review)" } + custom = { title = "Spotfight Alles Andere" } + update_period = "12h" + format = "video" + quality = "high" + page_size = 15 + clean = { keep_last = 5 } + + [feeds.spotfightnews] + url = "https://www.youtube.com/channel/UCdsHMu1VHhZ8SlrdUQa457w" + update_period = "1h" + format = "audio" + quality = "high" + page_size = 13 + clean = { keep_last = 13 } + + [feeds.yt_fotografieren] + url = "https://www.youtube.com/playlist?list=PL7qBQ0Mi2xApoNGSCObcehoOnw9S2YTpc" + update_period = "7h" + format = "video" + quality = "high" + page_size = 30 + clean = { keep_last = 30 } + + [feeds.yt_kubernetes] + url = "https://www.youtube.com/playlist?list=PL7qBQ0Mi2xApcBPl9Ve3RVBD6CgQKaDY4" + update_period = "5h" + format = "video" + quality = "high" + page_size = 30 + clean = { keep_last = 30 } + +[downloader] +self_update = true diff --git a/kubernetes/apps/media/podsync/app/helmrelease.yaml b/kubernetes/apps/media/podsync/app/helmrelease.yaml new file mode 100644 index 000000000..e360141cb --- /dev/null +++ b/kubernetes/apps/media/podsync/app/helmrelease.yaml @@ -0,0 +1,113 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app podsync +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + global: + nameOverride: *app + controllers: + app: + strategy: Recreate + annotations: + reloader.stakater.com/auto: "true" + containers: + main: + image: + repository: registry.eighty-three.me/tuxpeople/podsync + tag: v2.7.0 + env: + TZ: ${TIMEZONE} + resources: + requests: + cpu: 5m + memory: 60Mi + limits: + memory: 500Mi + probes: + liveness: + enabled: true + custom: true + spec: + httpGet: + path: / + port: &port 8080 + readiness: + enabled: true + custom: true + spec: + httpGet: + path: / + port: *port + startup: + enabled: true + custom: true + spec: + httpGet: + path: / + port: *port + # defaultPodOptions: + # securityContext: + # runAsUser: 1026 + # runAsGroup: 100 + service: + app: + ports: + http: + port: *port + ingress: + app: + enabled: true + ingressClassName: nginx-default + annotations: + external-dns/is-public: "true" + external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET} + hosts: + - host: &host podsync.${SECRET_DOMAIN} + paths: + - path: / + pathType: Prefix + service: + identifier: app + port: *port + tls: + - hosts: + - ${SECRET_DOMAIN/./-}-production-tls + persistence: + config-toml: + type: configMap + name: podsync-configmap + globalMounts: + - path: /app/config.toml + subPath: config.toml + readOnly: true + data: + enabled: true + type: nfs + server: 10.20.30.40 + path: /volume2/data/media/podcasts diff --git a/kubernetes/apps/media/podsync/app/kustomization.yaml b/kubernetes/apps/media/podsync/app/kustomization.yaml new file mode 100644 index 000000000..2d1c823d7 --- /dev/null +++ b/kubernetes/apps/media/podsync/app/kustomization.yaml @@ -0,0 +1,12 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml +configMapGenerator: + - name: podsync-configmap + files: + - ./config/config.toml +generatorOptions: + disableNameSuffixHash: true diff --git a/kubernetes/apps/media/podsync/ks.dis b/kubernetes/apps/media/podsync/ks.dis new file mode 100644 index 000000000..86af7a447 --- /dev/null +++ b/kubernetes/apps/media/podsync/ks.dis @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app podsync + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: media + path: ./kubernetes/apps/media/podsync/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/media/tautulli/app/helmrelease.yaml b/kubernetes/apps/media/tautulli/app/helmrelease.yaml new file mode 100644 index 000000000..c0e42eaec --- /dev/null +++ b/kubernetes/apps/media/tautulli/app/helmrelease.yaml @@ -0,0 +1,114 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: tautulli + namespace: media +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + app: + annotations: + reloader.stakater.com/auto: "true" + containers: + main: + image: + repository: ghcr.io/onedr0p/tautulli + tag: 2.13.4@sha256:633a57b2f8634feb67811064ec3fa52f40a70641be927fdfda6f5d91ebbd5d73 + env: + TZ: ${TIMEZONE} + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /status + port: &port 8181 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + startup: + enabled: false + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 512Mi + jbops: + image: + repository: registry.k8s.io/git-sync/git-sync + tag: v4.2.3 + env: + GITSYNC_REPO: https://github.com/blacktwin/JBOPS + GITSYNC_REF: master + GITSYNC_PERIOD: 24h + GITSYNC_ROOT: /add-ons + resources: + requests: + cpu: 10m + memory: 10M + limits: + memory: 128M + pod: + securityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + service: + app: + controller: app + ports: + http: + port: *port + ingress: + app: + enabled: true + className: nginx-default + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_DOMAIN}" + paths: + - path: / + service: + identifier: app + port: *port + tls: + - hosts: + - *host + persistence: + config: + enabled: true + type: persistentVolumeClaim + accessMode: ReadWriteOnce + size: 5Gi + storageClass: ${MAIN_SC} + add-ons: + type: emptyDir diff --git a/kubernetes/apps/media/tautulli/app/kustomization.yaml b/kubernetes/apps/media/tautulli/app/kustomization.yaml new file mode 100644 index 000000000..c629c3c09 --- /dev/null +++ b/kubernetes/apps/media/tautulli/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: media +resources: + - ./helmrelease.yaml + # - ../../../../shared/volsync diff --git a/kubernetes/apps/media/tautulli/exporter/helmrelease.yaml b/kubernetes/apps/media/tautulli/exporter/helmrelease.yaml new file mode 100644 index 000000000..ee9dab5b9 --- /dev/null +++ b/kubernetes/apps/media/tautulli/exporter/helmrelease.yaml @@ -0,0 +1,76 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: tautulli-exporter +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + app: + annotations: + reloader.stakater.com/auto: "true" + containers: + main: + image: + repository: registry.eighty-three.me/tuxpeople/tautulli-exporter + tag: 0.1.0 + env: + SERVE_PORT: &port 9487 + TAUTULLI_URI: ${SECRET_TAUTULLI_URL} + TAUTULLI_API_KEY: ${SECRET_TAUTULLI_API_KEY} + resources: + requests: + cpu: 5m + memory: 36M + limits: + memory: 128M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + pod: + securityContext: + runAsUser: 568 + runAsGroup: 568 + runAsNonRoot: true + service: + app: + controller: app + ports: + http: + port: *port + serviceMonitor: + main: + serviceName: main + endpoints: + - port: metrics + scheme: http + path: /metrics + interval: 1m + scrapeTimeout: 10s diff --git a/kubernetes/apps/media/tautulli/exporter/kustomization.yaml b/kubernetes/apps/media/tautulli/exporter/kustomization.yaml new file mode 100644 index 000000000..94f7a6174 --- /dev/null +++ b/kubernetes/apps/media/tautulli/exporter/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: media +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/media/tautulli/ks.yaml b/kubernetes/apps/media/tautulli/ks.yaml new file mode 100644 index 000000000..58bdaf470 --- /dev/null +++ b/kubernetes/apps/media/tautulli/ks.yaml @@ -0,0 +1,50 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app tautulli + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: media + dependsOn: + - name: ${STORAGE_KUST} + path: ./kubernetes/apps/media/tautulli/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app + VOLSYNC_CAPACITY: 5Gi +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app tautulli-exporter + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: media + dependsOn: + - name: tautulli + path: ./kubernetes/apps/media/tautulli/exporter + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/network/echo-server/app/helmrelease.yaml b/kubernetes/apps/network/echo-server/app/helmrelease.yaml new file mode 100644 index 000000000..342946e3e --- /dev/null +++ b/kubernetes/apps/network/echo-server/app/helmrelease.yaml @@ -0,0 +1,91 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: echo-server +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + values: + controllers: + echo-server: + strategy: RollingUpdate + containers: + app: + image: + repository: ghcr.io/mendhak/http-https-echo + tag: 33 + env: + HTTP_PORT: &port 8080 + LOG_WITHOUT_NEWLINE: true + LOG_IGNORE_PATH: /healthz + PROMETHEUS_ENABLED: true + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /healthz + port: *port + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + cpu: 10m + limits: + memory: 64Mi + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + seccompProfile: { type: RuntimeDefault } + service: + app: + controller: echo-server + ports: + http: + port: *port + serviceMonitor: + app: + serviceName: echo-server + endpoints: + - port: http + scheme: http + path: /metrics + interval: 1m + scrapeTimeout: 10s + ingress: + app: + className: external + annotations: + external-dns.alpha.kubernetes.io/target: "talos-test.${SECRET_DOMAIN}" + hosts: + - host: "{{ .Release.Name }}-test.${SECRET_DOMAIN}" + paths: + - path: / + service: + identifier: app + port: http diff --git a/kubernetes/apps/network/echo-server/app/kustomization.yaml b/kubernetes/apps/network/echo-server/app/kustomization.yaml new file mode 100644 index 000000000..5dd7baca7 --- /dev/null +++ b/kubernetes/apps/network/echo-server/app/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/network/echo-server/ks.yaml b/kubernetes/apps/network/echo-server/ks.yaml new file mode 100644 index 000000000..73aef89b6 --- /dev/null +++ b/kubernetes/apps/network/echo-server/ks.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app echo-server + namespace: flux-system +spec: + targetNamespace: network + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/network/echo-server/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/network/external-dns/app/helmrelease.yaml b/kubernetes/apps/network/external-dns/app/helmrelease.yaml new file mode 100644 index 000000000..f9b23788e --- /dev/null +++ b/kubernetes/apps/network/external-dns/app/helmrelease.yaml @@ -0,0 +1,48 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app external-dns +spec: + interval: 30m + chart: + spec: + chart: external-dns + version: 1.14.4 + sourceRef: + kind: HelmRepository + name: external-dns + namespace: flux-system + install: + crds: CreateReplace + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + crds: CreateReplace + remediation: + strategy: rollback + retries: 3 + values: + fullnameOverride: *app + provider: cloudflare + env: + - name: CF_API_TOKEN + valueFrom: + secretKeyRef: + name: external-dns-secret + key: api-token + extraArgs: + - --ingress-class=external + - --cloudflare-proxied + - --crd-source-apiversion=externaldns.k8s.io/v1alpha1 + - --crd-source-kind=DNSEndpoint + policy: sync + sources: ["crd", "ingress"] + txtPrefix: k8s. + txtOwnerId: default + domainFilters: ["${SECRET_DOMAIN}"] + serviceMonitor: + enabled: true + podAnnotations: + secret.reloader.stakater.com/reload: external-dns-secret diff --git a/kubernetes/apps/network/external-dns/app/kustomization.yaml b/kubernetes/apps/network/external-dns/app/kustomization.yaml new file mode 100644 index 000000000..95bf4747f --- /dev/null +++ b/kubernetes/apps/network/external-dns/app/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./secret.sops.yaml + - ./helmrelease.yaml diff --git a/kubernetes/apps/network/external-dns/app/secret.sops.yaml b/kubernetes/apps/network/external-dns/app/secret.sops.yaml new file mode 100644 index 000000000..44457690a --- /dev/null +++ b/kubernetes/apps/network/external-dns/app/secret.sops.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Secret +metadata: + name: external-dns-secret +stringData: + api-token: ENC[AES256_GCM,data:a4TExZ5VL9UN0gKdfk7Ow/hSpuQGIjmWIiv7E8E2zuBLS5Am+3dpzw==,iv:ECaqXxk9lDFdr5hdAXw/IsthACgL0qt2EAI7UNEPjQc=,tag:5Uxrm4yV8Mmx9wo25PygKg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkRHdxd2tmUXRDSS9ydFZC + R0M0d0JIckF1cUtnNTZudFQvRERRYjlUNVg0CmVzZlYzSDVjWjZuQ3ZOU3NuSEdM + bzZtUmFET0gzSnBhU3NDWVlYTVMrUjQKLS0tIHJRWkwyMUU0QS9RV2JQOE5md2hR + S3cwVmc5bnpDajV4YzRwSEd6bVpSbTgK/OU52lOCx8XHQHFNocDUP4bkkAY6/zzx + 5WCAhjkNhh3OREGcf0fpCPjuztTd5qldVuT05/nG0ea97WwbrpUUrw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-05T07:21:18Z" + mac: ENC[AES256_GCM,data:w0oIYq5NVixXwLOl3gC0s4GdH5fwjDHmM4NoITqIqE/SiDT2EVLp02c4b9rTxKKMsa4IEPpsHW98C/0u4pFHaiAW4MTH8WEHLIlx1r8f12/XrdXxjNsPSArK8W3qlSk99OcRGnddPo75RkDdMzOHEOCV8WcC8fs7JZA9GnxSJO8=,iv:xbON1ZFZwnjUclSAv4F0afebOuOws7jAiH6hgyPZ3jw=,tag:w+i4lycd9owPL4dzIrCZGA==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 diff --git a/kubernetes/apps/network/external-dns/ks.yaml b/kubernetes/apps/network/external-dns/ks.yaml new file mode 100644 index 000000000..56b8ed00d --- /dev/null +++ b/kubernetes/apps/network/external-dns/ks.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app external-dns + namespace: flux-system +spec: + targetNamespace: network + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/network/external-dns/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/network/ingress-nginx/certificates/kustomization.yaml b/kubernetes/apps/network/ingress-nginx/certificates/kustomization.yaml new file mode 100644 index 000000000..e7892580d --- /dev/null +++ b/kubernetes/apps/network/ingress-nginx/certificates/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./staging.yaml diff --git a/kubernetes/apps/network/ingress-nginx/certificates/production.yaml b/kubernetes/apps/network/ingress-nginx/certificates/production.yaml new file mode 100644 index 000000000..b5afdf419 --- /dev/null +++ b/kubernetes/apps/network/ingress-nginx/certificates/production.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: "${SECRET_DOMAIN/./-}-production" +spec: + secretName: "${SECRET_DOMAIN/./-}-production-tls" + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + commonName: "${SECRET_DOMAIN}" + dnsNames: + - "${SECRET_DOMAIN}" + - "*.${SECRET_DOMAIN}" diff --git a/kubernetes/apps/network/ingress-nginx/certificates/staging.yaml b/kubernetes/apps/network/ingress-nginx/certificates/staging.yaml new file mode 100644 index 000000000..9c8694251 --- /dev/null +++ b/kubernetes/apps/network/ingress-nginx/certificates/staging.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: "${SECRET_DOMAIN/./-}-staging" +spec: + secretName: "${SECRET_DOMAIN/./-}-staging-tls" + issuerRef: + name: letsencrypt-staging + kind: ClusterIssuer + commonName: "${SECRET_DOMAIN}" + dnsNames: + - "${SECRET_DOMAIN}" + - "*.${SECRET_DOMAIN}" diff --git a/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml b/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml new file mode 100644 index 000000000..ed86fbfa1 --- /dev/null +++ b/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml @@ -0,0 +1,75 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: ingress-nginx-external +spec: + interval: 30m + chart: + spec: + chart: ingress-nginx + version: 4.10.1 + sourceRef: + kind: HelmRepository + name: ingress-nginx + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + dependsOn: + - name: cloudflared + namespace: network + values: + fullnameOverride: ingress-nginx-external + controller: + service: + annotations: + external-dns.alpha.kubernetes.io/hostname: "talos-test.${SECRET_DOMAIN}" + io.cilium/lb-ipam-ips: "192.168.13.7" + externalTrafficPolicy: Cluster + ingressClassResource: + name: external + default: false + controllerValue: k8s.io/external + admissionWebhooks: + objectSelector: + matchExpressions: + - key: ingress-class + operator: In + values: ["external"] + config: + client-body-buffer-size: 100M + client-body-timeout: 120 + client-header-timeout: 120 + enable-brotli: "true" + enable-real-ip: "true" + hsts-max-age: 31449600 + keep-alive-requests: 10000 + keep-alive: 120 + log-format-escape-json: "true" + log-format-upstream: > + {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", + "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, + "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", + "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", + "http_user_agent": "$http_user_agent"} + proxy-body-size: 0 + proxy-buffer-size: 16k + ssl-protocols: TLSv1.3 TLSv1.2 + metrics: + enabled: true + serviceMonitor: + enabled: true + namespaceSelector: + any: true + extraArgs: + default-ssl-certificate: "network/${SECRET_DOMAIN/./-}-staging-tls" + resources: + requests: + cpu: 100m + limits: + memory: 500Mi diff --git a/kubernetes/apps/network/ingress-nginx/external/kustomization.yaml b/kubernetes/apps/network/ingress-nginx/external/kustomization.yaml new file mode 100644 index 000000000..5dd7baca7 --- /dev/null +++ b/kubernetes/apps/network/ingress-nginx/external/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml b/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml new file mode 100644 index 000000000..0a8bfb884 --- /dev/null +++ b/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml @@ -0,0 +1,72 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: ingress-nginx-internal + namespace: network +spec: + interval: 30m + chart: + spec: + chart: ingress-nginx + version: 4.10.1 + sourceRef: + kind: HelmRepository + name: ingress-nginx + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + values: + fullnameOverride: ingress-nginx-internal + controller: + service: + annotations: + io.cilium/lb-ipam-ips: "192.168.13.9" + externalTrafficPolicy: Cluster + ingressClassResource: + name: internal + default: true + controllerValue: k8s.io/internal + admissionWebhooks: + objectSelector: + matchExpressions: + - key: ingress-class + operator: In + values: ["internal"] + config: + client-body-buffer-size: 100M + client-body-timeout: 120 + client-header-timeout: 120 + enable-brotli: "true" + enable-real-ip: "true" + hsts-max-age: 31449600 + keep-alive-requests: 10000 + keep-alive: 120 + log-format-escape-json: "true" + log-format-upstream: > + {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", + "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, + "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", + "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", + "http_user_agent": "$http_user_agent"} + proxy-body-size: 0 + proxy-buffer-size: 16k + ssl-protocols: TLSv1.3 TLSv1.2 + metrics: + enabled: true + serviceMonitor: + enabled: true + namespaceSelector: + any: true + extraArgs: + default-ssl-certificate: "network/${SECRET_DOMAIN/./-}-staging-tls" + resources: + requests: + cpu: 100m + limits: + memory: 500Mi diff --git a/kubernetes/apps/network/ingress-nginx/internal/kustomization.yaml b/kubernetes/apps/network/ingress-nginx/internal/kustomization.yaml new file mode 100644 index 000000000..5dd7baca7 --- /dev/null +++ b/kubernetes/apps/network/ingress-nginx/internal/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/network/ingress-nginx/ks.yaml b/kubernetes/apps/network/ingress-nginx/ks.yaml new file mode 100644 index 000000000..570f91947 --- /dev/null +++ b/kubernetes/apps/network/ingress-nginx/ks.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app ingress-nginx-certificates + namespace: flux-system +spec: + targetNamespace: network + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: cert-manager-issuers + path: ./kubernetes/apps/network/ingress-nginx/certificates + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app ingress-nginx-internal + namespace: flux-system +spec: + targetNamespace: network + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: ingress-nginx-certificates + path: ./kubernetes/apps/network/ingress-nginx/internal + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app ingress-nginx-external + namespace: flux-system +spec: + targetNamespace: network + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: ingress-nginx-certificates + path: ./kubernetes/apps/network/ingress-nginx/external + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml b/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml new file mode 100644 index 000000000..aa0a5af03 --- /dev/null +++ b/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: k8s-gateway +spec: + interval: 30m + chart: + spec: + chart: k8s-gateway + version: 2.4.0 + sourceRef: + kind: HelmRepository + name: k8s-gateway + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + values: + fullnameOverride: k8s-gateway + domain: "${SECRET_DOMAIN}" + ttl: 1 + service: + type: LoadBalancer + port: 53 + annotations: + io.cilium/lb-ipam-ips: "192.168.13.8" + externalTrafficPolicy: Cluster + watchedResources: ["Ingress", "Service"] diff --git a/kubernetes/apps/network/k8s-gateway/app/kustomization.yaml b/kubernetes/apps/network/k8s-gateway/app/kustomization.yaml new file mode 100644 index 000000000..5dd7baca7 --- /dev/null +++ b/kubernetes/apps/network/k8s-gateway/app/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/network/k8s-gateway/ks.yaml b/kubernetes/apps/network/k8s-gateway/ks.yaml new file mode 100644 index 000000000..2d4c643f2 --- /dev/null +++ b/kubernetes/apps/network/k8s-gateway/ks.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app k8s-gateway + namespace: flux-system +spec: + targetNamespace: network + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/network/k8s-gateway/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/network/kustomization.yaml b/kubernetes/apps/network/kustomization.yaml new file mode 100644 index 000000000..da3781caa --- /dev/null +++ b/kubernetes/apps/network/kustomization.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./namespace.yaml + - ./echo-server/ks.yaml + - ./external-dns/ks.yaml + - ./ingress-nginx/ks.yaml + - ./k8s-gateway/ks.yaml diff --git a/kubernetes/apps/network/namespace.yaml b/kubernetes/apps/network/namespace.yaml new file mode 100644 index 000000000..4d78d7b11 --- /dev/null +++ b/kubernetes/apps/network/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: network + labels: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/kubernetes/apps/networking/cloudflare-ddns/app/cloudflare-ddns.sh b/kubernetes/apps/networking/cloudflare-ddns/app/cloudflare-ddns.sh new file mode 100755 index 000000000..ab2c59e1a --- /dev/null +++ b/kubernetes/apps/networking/cloudflare-ddns/app/cloudflare-ddns.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +set -x +set -o nounset +set -o errexit + +current_ipv4="$(curl -s https://ipv4.icanhazip.com/)" +zone_id=$(curl -s -X GET \ + "https://api.cloudflare.com/client/v4/zones?name=${CLOUDFLARE_RECORD_NAME#*.}&status=active" \ + -H "Authorization: Bearer ${CLOUDFLARE_APIKEY}" \ + -H "Content-Type: application/json" \ + | jq --raw-output ".result[0] | .id" +) +record_ipv4=$(curl -s -X GET \ + "https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records?name=${CLOUDFLARE_RECORD_NAME}&type=A" \ + -H "Authorization: Bearer ${CLOUDFLARE_APIKEY}" \ + -H "Content-Type: application/json" \ +) +old_ip4=$(echo "$record_ipv4" | jq --raw-output '.result[0] | .content') +if [[ "${current_ipv4}" == "${old_ip4}" ]]; then + printf "%s - IP Address '%s' has not changed" "$(date -u)" "${current_ipv4}" + exit 0 +fi +record_ipv4_identifier="$(echo "$record_ipv4" | jq --raw-output '.result[0] | .id')" +update_ipv4=$(curl -s -X PUT \ + "https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_ipv4_identifier}" \ + -H "Authorization: Bearer ${CLOUDFLARE_APIKEY}" \ + -H "Content-Type: application/json" \ + --data "{\"id\":\"${zone_id}\",\"type\":\"A\",\"proxied\":true,\"name\":\"${CLOUDFLARE_RECORD_NAME}\",\"content\":\"${current_ipv4}\"}" \ +) +if [[ "$(echo "$update_ipv4" | jq --raw-output '.success')" == "true" ]]; then + printf "%s - Success - IP Address '%s' has been updated" "$(date -u)" "${current_ipv4}" + exit 0 +else + printf "%s - Yikes - Updating IP Address '%s' has failed" "$(date -u)" "${current_ipv4}" + exit 1 +fi diff --git a/kubernetes/apps/networking/cloudflare-ddns/app/helmrelease.yaml b/kubernetes/apps/networking/cloudflare-ddns/app/helmrelease.yaml new file mode 100644 index 000000000..23842425d --- /dev/null +++ b/kubernetes/apps/networking/cloudflare-ddns/app/helmrelease.yaml @@ -0,0 +1,74 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cloudflare-ddns + namespace: networking +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + app: + type: cronjob + cronjob: + concurrencyPolicy: Forbid + schedule: "@hourly" + containers: + main: + image: + repository: ghcr.io/onedr0p/kubernetes-kubectl + tag: 1.29.2@sha256:6324f99979877f3ded7647f4efa4df6d73f11bb9d8302dc81ab4a5d38e406867 + command: [/bin/bash, /app/cloudflare-ddns.sh] + env: + CLOUDFLARE_APIKEY: + valueFrom: + secretKeyRef: + name: external-dns-secret + key: api-token + CLOUDFLARE_EMAIL: ${SECRET_ACME_EMAIL} + CLOUDFLARE_RECORD_NAME: ${SECRET_DNS_TARGET} + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + resources: + requests: + cpu: 5m + memory: 10Mi + limits: + memory: 256Mi + persistence: + config: + type: configMap + name: cloudflare-ddns-configmap + defaultMode: 0775 + globalMounts: + - path: /app/cloudflare-ddns.sh + subPath: cloudflare-ddns.sh + readOnly: true diff --git a/kubernetes/apps/networking/cloudflare-ddns/app/kustomization.yaml b/kubernetes/apps/networking/cloudflare-ddns/app/kustomization.yaml new file mode 100644 index 000000000..de467c84d --- /dev/null +++ b/kubernetes/apps/networking/cloudflare-ddns/app/kustomization.yaml @@ -0,0 +1,15 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: networking +resources: + - ./helmrelease.yaml +configMapGenerator: + - name: cloudflare-ddns-configmap + files: + - ./cloudflare-ddns.sh +generatorOptions: + disableNameSuffixHash: true + annotations: + kustomize.toolkit.fluxcd.io/substitute: disabled diff --git a/kubernetes/apps/networking/cloudflare-ddns/ks.yaml b/kubernetes/apps/networking/cloudflare-ddns/ks.yaml new file mode 100644 index 000000000..6eb8aaf20 --- /dev/null +++ b/kubernetes/apps/networking/cloudflare-ddns/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app cloudflare-ddns + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: networking + path: ./kubernetes/apps/networking/cloudflare-ddns/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/networking/external-dns/app/dnsendpoint-crd.yaml b/kubernetes/apps/networking/external-dns/app/dnsendpoint-crd.yaml new file mode 100644 index 000000000..3a46468e1 --- /dev/null +++ b/kubernetes/apps/networking/external-dns/app/dnsendpoint-crd.yaml @@ -0,0 +1,104 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/external-dns/pull/2007 + creationTimestamp: + name: dnsendpoints.externaldns.k8s.io +spec: + group: externaldns.k8s.io + names: + kind: DNSEndpoint + listKind: DNSEndpointList + plural: dnsendpoints + singular: dnsendpoint + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DNSEndpointSpec defines the desired state of DNSEndpoint + properties: + endpoints: + items: + description: Endpoint is a high-level way of a connection between + a service and an IP + properties: + dnsName: + description: The hostname of the DNS record + type: string + labels: + additionalProperties: + type: string + description: Labels stores labels defined for the Endpoint + type: object + providerSpecific: + description: ProviderSpecific stores provider specific config + items: + description: ProviderSpecificProperty holds the name and + value of a configuration which is specific to individual + DNS providers + properties: + name: + type: string + value: + type: string + type: object + type: array + recordTTL: + description: TTL for the record + format: int64 + type: integer + recordType: + description: RecordType type of record, e.g. CNAME, A, SRV, + TXT etc + type: string + setIdentifier: + description: Identifier to distinguish multiple records with + the same name and type (e.g. Route53 records with routing + policies other than 'simple') + type: string + targets: + description: The targets the DNS record points to + items: + type: string + type: array + type: object + type: array + type: object + status: + description: DNSEndpointStatus defines the observed state of DNSEndpoint + properties: + observedGeneration: + description: The generation observed by the external-dns controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: '' + plural: '' + conditions: [] + storedVersions: [] diff --git a/kubernetes/apps/networking/external-dns/app/helmrelease.yaml b/kubernetes/apps/networking/external-dns/app/helmrelease.yaml new file mode 100644 index 000000000..89f2465ba --- /dev/null +++ b/kubernetes/apps/networking/external-dns/app/helmrelease.yaml @@ -0,0 +1,54 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app external-dns + namespace: networking +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: external-dns + version: 1.14.4 + sourceRef: + kind: HelmRepository + name: external-dns + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + fullnameOverride: *app + provider: cloudflare + env: + - name: CF_API_TOKEN + valueFrom: + secretKeyRef: + name: external-dns-secret + key: api-token + extraArgs: + - --annotation-filter=external-dns.alpha.kubernetes.io/target + - --cloudflare-proxied + - --crd-source-apiversion=externaldns.k8s.io/v1alpha1 + - --crd-source-kind=DNSEndpoint + policy: sync + sources: [crd, ingress] + txtPrefix: k8s. + txtOwnerId: default + domainFilters: ["${SECRET_DOMAIN}", "${SECRET_CH_DOMAIN}"] + serviceMonitor: + enabled: true + podAnnotations: + secret.reloader.stakater.com/reload: external-dns-secret diff --git a/kubernetes/apps/networking/external-dns/app/kustomization.yaml b/kubernetes/apps/networking/external-dns/app/kustomization.yaml new file mode 100644 index 000000000..74db0048a --- /dev/null +++ b/kubernetes/apps/networking/external-dns/app/kustomization.yaml @@ -0,0 +1,9 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: networking +resources: + - ./dnsendpoint-crd.yaml + - ./secret.sops.yaml + - ./helmrelease.yaml diff --git a/kubernetes/apps/networking/external-dns/app/secret.sops.yaml b/kubernetes/apps/networking/external-dns/app/secret.sops.yaml new file mode 100644 index 000000000..3a0fff6d0 --- /dev/null +++ b/kubernetes/apps/networking/external-dns/app/secret.sops.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Secret +metadata: + name: external-dns-secret + namespace: networking +stringData: + api-token: ENC[AES256_GCM,data:BTOQTi18y/smkkO25jF4Ds+F0xRGfYN5nvipDgJRA9m9afuatjzYWA==,iv:LCZgXkqO5jy6ljzZoyB41zag7azA7Tfzt9KuUznDlW0=,tag:rXigVxkk3309iQ8LQ0UyJA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMHRiSW44elUrTCsrdW5B + dHdsUUNmT2x2MUtYcXU3bTNmbnRVaUxYR0JBCkEyUUlwSXRGR0RWSnUzVzhzdjBn + TjJMTHg2WUlFZU5wRnBtdGt2RlZjR0EKLS0tIGRwd1ZUcG9CdTNiZnJBd21qd3pH + Z1p2UjNzNVlqMDdmbnJ2VzNLbnpSRDgKqOXGIMGh+guklWK6HD2aJY7dvWlYeqh+ + 70H8dXdrNQ65dwkj+pQEdupfSMuaG69tg2RvIz17jKNKr7k6BDmQHA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-06-18T16:15:31Z" + mac: ENC[AES256_GCM,data:pyM/iF8oHHG5AFoBno0O7xjh6vYGbC65miEN8uA9FsWo5EQoOyVcbF6lz3BnNmZ3LgRrKt2e0h4LYEqhKCNOc90t+CJjQVc7UHlhHAf03cnmvJF8xulnXV1Uadk4q7r0LZSVC5fpxfbauwhVCN9ghooDOMRmHkA1Ow2fgK7ZTH8=,iv:dE0gpum++qez1z6X7y3IV4XCte5H/r5NvAeLsmk5dPQ=,tag:YV5JKB31VD/ibvIHGQKLWQ==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/kubernetes/apps/networking/external-dns/ks.yaml b/kubernetes/apps/networking/external-dns/ks.yaml new file mode 100644 index 000000000..57a669989 --- /dev/null +++ b/kubernetes/apps/networking/external-dns/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app external-dns + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: networking + path: ./kubernetes/apps/networking/external-dns/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/networking/ingress-nginx/app/helmrelease.yaml b/kubernetes/apps/networking/ingress-nginx/app/helmrelease.yaml new file mode 100644 index 000000000..bb3a1c2b0 --- /dev/null +++ b/kubernetes/apps/networking/ingress-nginx/app/helmrelease.yaml @@ -0,0 +1,91 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: ingress-nginx-default + namespace: network +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: ingress-nginx + version: 4.10.1 + sourceRef: + kind: HelmRepository + name: ingress-nginx + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + fullnameOverride: ingress-nginx-default + controller: + replicaCount: 1 + service: + annotations: + io.cilium/lb-ipam-ips: "${CILIUM_LB_INGRESS_ADDR}" + externalTrafficPolicy: Cluster + ingressClassResource: + name: nginx-default + default: true + controllerValue: k8s.io/nginx-default + admissionWebhooks: + objectSelector: + matchExpressions: + - key: ingress-class + operator: In + values: ["nginx-default"] + config: + client-body-buffer-size: 100M + client-body-timeout: 120 + client-header-timeout: 120 + enable-brotli: "true" + enable-real-ip: "true" + hsts-max-age: 31449600 + keep-alive-requests: 10000 + keep-alive: 120 + log-format-escape-json: "true" + log-format-upstream: > + {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", + "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, + "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", + "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", + "http_user_agent": "$http_user_agent"} + proxy-body-size: 0 + proxy-buffer-size: 16k + ssl-protocols: TLSv1.3 TLSv1.2 + metrics: + enabled: true + serviceMonitor: + enabled: true + namespaceSelector: + any: true + extraArgs: + default-ssl-certificate: "network/${SECRET_DOMAIN/./-}-production-tls" + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx-default + app.kubernetes.io/component: controller + resources: + requests: + cpu: 100m + limits: + memory: 500Mi + defaultBackend: + enabled: false diff --git a/kubernetes/apps/networking/ingress-nginx/app/kustomization.yaml b/kubernetes/apps/networking/ingress-nginx/app/kustomization.yaml new file mode 100644 index 000000000..5dd7baca7 --- /dev/null +++ b/kubernetes/apps/networking/ingress-nginx/app/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/networking/ingress-nginx/certificates/kustomization.yaml b/kubernetes/apps/networking/ingress-nginx/certificates/kustomization.yaml new file mode 100644 index 000000000..1d75559df --- /dev/null +++ b/kubernetes/apps/networking/ingress-nginx/certificates/kustomization.yaml @@ -0,0 +1,11 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./staging.yaml + # NOTE: Once you are able to verify the the staging certificate is valid uncomment out the + # certificate resource below and update the ingress-nginx helm chart with new production + # certificate name. This is to prevent you from getting rate-limited on configuration that might + # not be valid on bootstrap. No need to comment out the staging certificate they can coexist. + - ./production.yaml diff --git a/kubernetes/apps/networking/ingress-nginx/certificates/production.yaml b/kubernetes/apps/networking/ingress-nginx/certificates/production.yaml new file mode 100644 index 000000000..26cc3cc04 --- /dev/null +++ b/kubernetes/apps/networking/ingress-nginx/certificates/production.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: ${SECRET_DOMAIN/./-}-production + namespace: networking +spec: + secretName: ${SECRET_DOMAIN/./-}-production-tls + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + secretTemplate: + annotations: + replicator.v1.mittwald.de/replicate-to: ".*" + commonName: ${SECRET_DOMAIN} + dnsNames: + - ${SECRET_DOMAIN} + - "*.${SECRET_DOMAIN}" +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: ${SECRET_CH_DOMAIN/./-}-production + namespace: networking +spec: + secretName: ${SECRET_CH_DOMAIN/./-}-production-tls + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + secretTemplate: + annotations: + replicator.v1.mittwald.de/replicate-to: ".*" + commonName: ${SECRET_CH_DOMAIN} + dnsNames: + - ${SECRET_CH_DOMAIN} + - "*.${SECRET_CH_DOMAIN}" diff --git a/kubernetes/apps/networking/ingress-nginx/certificates/staging.yaml b/kubernetes/apps/networking/ingress-nginx/certificates/staging.yaml new file mode 100644 index 000000000..4f71eeeba --- /dev/null +++ b/kubernetes/apps/networking/ingress-nginx/certificates/staging.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: ${SECRET_DOMAIN/./-}-staging + namespace: networking +spec: + secretName: ${SECRET_DOMAIN/./-}-staging-tls + issuerRef: + name: letsencrypt-staging + kind: ClusterIssuer + secretTemplate: + annotations: + replicator.v1.mittwald.de/replicate-to: ".*" + commonName: ${SECRET_DOMAIN} + dnsNames: + - ${SECRET_DOMAIN} + - "*.${SECRET_DOMAIN}" +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: ${SECRET_CH_DOMAIN/./-}-staging + namespace: networking +spec: + secretName: ${SECRET_CH_DOMAIN/./-}-staging-tls + issuerRef: + name: letsencrypt-staging + kind: ClusterIssuer + secretTemplate: + annotations: + replicator.v1.mittwald.de/replicate-to: ".*" + commonName: ${SECRET_CH_DOMAIN} + dnsNames: + - ${SECRET_CH_DOMAIN} + - "*.${SECRET_CH_DOMAIN}" diff --git a/kubernetes/apps/networking/ingress-nginx/ks.yaml b/kubernetes/apps/networking/ingress-nginx/ks.yaml new file mode 100644 index 000000000..1ceec2e51 --- /dev/null +++ b/kubernetes/apps/networking/ingress-nginx/ks.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app ingress-nginx-certificates + namespace: flux-system +spec: + targetNamespace: networking + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: cert-manager-issuers + path: ./kubernetes/apps/networking/ingress-nginx/certificates + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app ingress-nginx + namespace: flux-system +spec: + targetNamespace: networking + commonMetadata: + labels: + app.kubernetes.io/name: *app + # dependsOn: + # - name: ingress-nginx-certificates + path: ./kubernetes/apps/networking/ingress-nginx/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/networking/ingressmonitorcontroller/app/helmrelease.yaml b/kubernetes/apps/networking/ingressmonitorcontroller/app/helmrelease.yaml new file mode 100644 index 000000000..4b9a22050 --- /dev/null +++ b/kubernetes/apps/networking/ingressmonitorcontroller/app/helmrelease.yaml @@ -0,0 +1,37 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app ingressmonitorcontroller + namespace: networking +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: ingressmonitorcontroller + version: 2.1.58 + sourceRef: + kind: HelmRepository + name: stakater + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + fullnameOverride: *app + serviceMonitor: + enabled: true + podAnnotations: + secret.reloader.stakater.com/reload: imc-config diff --git a/kubernetes/apps/networking/ingressmonitorcontroller/app/kustomization.yaml b/kubernetes/apps/networking/ingressmonitorcontroller/app/kustomization.yaml new file mode 100644 index 000000000..a6a058c0f --- /dev/null +++ b/kubernetes/apps/networking/ingressmonitorcontroller/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: networking +resources: + - ./secret.sops.yaml + - ./helmrelease.yaml diff --git a/kubernetes/apps/networking/ingressmonitorcontroller/app/secret.sops.yaml b/kubernetes/apps/networking/ingressmonitorcontroller/app/secret.sops.yaml new file mode 100644 index 000000000..cdf7f31bf --- /dev/null +++ b/kubernetes/apps/networking/ingressmonitorcontroller/app/secret.sops.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Secret +metadata: + name: imc-config + namespace: networking +stringData: + config.yaml: ENC[AES256_GCM,data:kO/mNOoehwyA6UfMS52UBjpblHr/WPSbTtcIkjF4UTEJVWe1NT6CF1y8M4+ncJXh8jXPIV5NOMZnJQhPLxstVzSw0+9twIkWU8jaMgXLzDiRAfrb2a8qou+5B9up6LRdR2JAv86fV4iPeunjYLwrkCkfxfMy7vqZr0TNSOoCJbbKekDxxTVF4caFPFXuP9B0mVVlS6wn9mQdRsW6hdIO7DxhHQU2bzoOo1B1mZV3lZkQ8du7xvVeHLiBfYc3MA==,iv:2cBj6kvz6Oppehn5hhzE7qgZlDj1r2/RKdPUpxARWxQ=,tag:wYh3vCQKJ77Ra+yuyMw8fg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2YzQyNCs2M0lVbE1XL1Nv + amlvb0JKd1BRLzJ6Q1IwVTd3bHQrSnlSWmtRClR6UE1obE03NlVTN05VRVp0Y3J3 + NFNIZU9tY0tIanUyK1JFRXQzRktJZkkKLS0tIHRRaWROL1MralNkcjVNZkZNOG9n + OU55UzVQcnI5cU5FcVpuK3hLcWpRWDgKrxZHExl2wGDxk4b9BFgPeF589Wjb+IVd + 3nagGDBSdAl2CB7WkVH+hZlvw29YgRqde8T71wVYYQhbRGJvaC+nQQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-03T18:57:46Z" + mac: ENC[AES256_GCM,data:MrOrF4GQqhh7bAz9fSUU5lAzJCCJXIRC5MnvWf3gUO/i6DSaQlnT9wghrdPQx1W3bFwbR7JxSkG51WXA4Qf3lcclPeO7V2FVtxtS9erQHdaRdRxZ+GmtrrhbYgnFhgsnZLZ50kbv+XRd7YPw9TarVzbI/Rfn4acoTjZ9eArBFMw=,iv:PgrKis5yZTvm7G8BWdirbjiSnIpmid19C5hS9vEoE6M=,tag:KWjqAmUxvyAqWJS9+ccgOA==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/kubernetes/apps/networking/ingressmonitorcontroller/ks.yaml b/kubernetes/apps/networking/ingressmonitorcontroller/ks.yaml new file mode 100644 index 000000000..1e109d71b --- /dev/null +++ b/kubernetes/apps/networking/ingressmonitorcontroller/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app ingressmonitorcontroller + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: networking + path: ./kubernetes/apps/networking/ingressmonitorcontroller/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/networking/k8s-gateway/app/helmrelease.yaml b/kubernetes/apps/networking/k8s-gateway/app/helmrelease.yaml new file mode 100644 index 000000000..0aed30c8a --- /dev/null +++ b/kubernetes/apps/networking/k8s-gateway/app/helmrelease.yaml @@ -0,0 +1,59 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: k8s-gateway + namespace: networking +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: k8s-gateway + version: 2.4.0 + sourceRef: + kind: HelmRepository + name: k8s-gateway + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + fullnameOverride: k8s-gateway + domain: ${SECRET_DOMAIN} + ttl: 1 + fallthrough: + enabled: true + service: + type: LoadBalancer + port: 53 + annotations: + io.cilium/lb-ipam-ips: ${CILIUM_LB_K8S_GATEWAY_ADDR} + externalTrafficPolicy: Cluster + extraZonePlugins: + - name: log + - name: errors + - name: health + configBlock: |- + lameduck 5s + - name: ready + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . tls://1.1.1.1 tls://1.0.0.1 + configBlock: |- + tls_servername cloudflare-dns.com + - name: loop + - name: reload + - name: loadbalance diff --git a/kubernetes/apps/networking/k8s-gateway/app/kustomization.yaml b/kubernetes/apps/networking/k8s-gateway/app/kustomization.yaml new file mode 100644 index 000000000..4d56b7868 --- /dev/null +++ b/kubernetes/apps/networking/k8s-gateway/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: networking +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/networking/k8s-gateway/ks.yaml b/kubernetes/apps/networking/k8s-gateway/ks.yaml new file mode 100644 index 000000000..42f64f4b0 --- /dev/null +++ b/kubernetes/apps/networking/k8s-gateway/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app k8s-gateway + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: networking + dependsOn: + - name: cilium-config + path: ./kubernetes/apps/networking/k8s-gateway/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/networking/kustomization.yaml b/kubernetes/apps/networking/kustomization.yaml new file mode 100644 index 000000000..c27edd8c8 --- /dev/null +++ b/kubernetes/apps/networking/kustomization.yaml @@ -0,0 +1,12 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - cloudflare-ddns/ks.yaml + - external-dns/ks.yaml + - ingress-nginx/ks.yaml + - ingressmonitorcontroller/ks.yaml + - k8s-gateway/ks.yaml + - phpipam/ks.yaml diff --git a/kubernetes/apps/networking/metallb/app/helmrelease.yaml b/kubernetes/apps/networking/metallb/app/helmrelease.yaml new file mode 100644 index 000000000..121a9d039 --- /dev/null +++ b/kubernetes/apps/networking/metallb/app/helmrelease.yaml @@ -0,0 +1,34 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: metallb + namespace: networking +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: metallb + version: 0.14.5 + sourceRef: + kind: HelmRepository + name: metallb + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + crds: + enabled: true diff --git a/kubernetes/apps/networking/metallb/app/kustomization.yaml b/kubernetes/apps/networking/metallb/app/kustomization.yaml new file mode 100644 index 000000000..4d56b7868 --- /dev/null +++ b/kubernetes/apps/networking/metallb/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: networking +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/networking/metallb/config/kustomization.yaml b/kubernetes/apps/networking/metallb/config/kustomization.yaml new file mode 100644 index 000000000..98a14fbb4 --- /dev/null +++ b/kubernetes/apps/networking/metallb/config/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: networking +resources: + - resources.yaml diff --git a/kubernetes/apps/networking/metallb/config/resources.yaml b/kubernetes/apps/networking/metallb/config/resources.yaml new file mode 100644 index 000000000..cb9955447 --- /dev/null +++ b/kubernetes/apps/networking/metallb/config/resources.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: metallb.io/v1beta1 +kind: L2Advertisement +metadata: + name: l2-ip + namespace: networking +spec: + ipAddressPools: + - default-pool +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: default-pool + namespace: networking +spec: + addresses: + - ${CILIUM_LB_RANGE} diff --git a/kubernetes/apps/networking/metallb/ks.disable b/kubernetes/apps/networking/metallb/ks.disable new file mode 100644 index 000000000..cc5f089d9 --- /dev/null +++ b/kubernetes/apps/networking/metallb/ks.disable @@ -0,0 +1,44 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app metallb + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: networking + path: ./kubernetes/apps/networking/metallb/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app metallb-config + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: networking + dependsOn: + - name: metallb + path: ./kubernetes/apps/networking/metallb/config + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/networking/namespace.yaml b/kubernetes/apps/networking/namespace.yaml new file mode 100644 index 000000000..638db8c13 --- /dev/null +++ b/kubernetes/apps/networking/namespace.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: networking + annotations: + volsync.backube/privileged-movers: "true" + labels: + kustomize.toolkit.fluxcd.io/prune: disabled + goldilocks.fairwinds.com/enabled: "true" diff --git a/kubernetes/apps/networking/phpipam/ks.yaml b/kubernetes/apps/networking/phpipam/ks.yaml new file mode 100644 index 000000000..bd1c9b6f9 --- /dev/null +++ b/kubernetes/apps/networking/phpipam/ks.yaml @@ -0,0 +1,46 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app phpipam-db + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: networking + dependsOn: + - name: mariadb-instance + path: ./kubernetes/apps/networking/phpipam/phpipam-db + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app phpipam-web + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: networking + dependsOn: + - name: phpipam-db + path: ./kubernetes/apps/networking/phpipam/phpipam-web + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/networking/phpipam/phpipam-db/database.yaml b/kubernetes/apps/networking/phpipam/phpipam-db/database.yaml new file mode 100644 index 000000000..dee849310 --- /dev/null +++ b/kubernetes/apps/networking/phpipam/phpipam-db/database.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Database +metadata: + name: phpipam +spec: + mariaDbRef: + name: mariadb + namespace: database + characterSet: utf8 + collate: utf8_general_ci + requeueInterval: 30s + retryInterval: 5s diff --git a/kubernetes/apps/networking/phpipam/phpipam-db/grant.yaml b/kubernetes/apps/networking/phpipam/phpipam-db/grant.yaml new file mode 100644 index 000000000..7c393647e --- /dev/null +++ b/kubernetes/apps/networking/phpipam/phpipam-db/grant.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Grant +metadata: + name: phpipam +spec: + mariaDbRef: + name: mariadb + namespace: database + privileges: + - "ALL" + database: "phpipam" + table: "*" + username: phpipam + grantOption: true + host: "%" + requeueInterval: 30s + retryInterval: 5s diff --git a/kubernetes/apps/networking/phpipam/phpipam-db/kustomization.yaml b/kubernetes/apps/networking/phpipam/phpipam-db/kustomization.yaml new file mode 100644 index 000000000..59ef76507 --- /dev/null +++ b/kubernetes/apps/networking/phpipam/phpipam-db/kustomization.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: networking +resources: + - database.yaml + - grant.yaml + - secret.sops.yaml + - user.yaml diff --git a/kubernetes/apps/networking/phpipam/phpipam-db/secret.sops.yaml b/kubernetes/apps/networking/phpipam/phpipam-db/secret.sops.yaml new file mode 100644 index 000000000..8ed38e047 --- /dev/null +++ b/kubernetes/apps/networking/phpipam/phpipam-db/secret.sops.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Secret +metadata: + name: phpipam-secret +stringData: + mariadb-password: ENC[AES256_GCM,data:/lfB2EHc345jfsAm8Ipsfnz0NF49bw==,iv:WaHrzA3CNh6UzHFhYjLBoJ0ybCfwI53V7SlB+BCZs7g=,tag:gSOJbhq/cAC9GE9vbX6O+w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMHRiSW44elUrTCsrdW5B + dHdsUUNmT2x2MUtYcXU3bTNmbnRVaUxYR0JBCkEyUUlwSXRGR0RWSnUzVzhzdjBn + TjJMTHg2WUlFZU5wRnBtdGt2RlZjR0EKLS0tIGRwd1ZUcG9CdTNiZnJBd21qd3pH + Z1p2UjNzNVlqMDdmbnJ2VzNLbnpSRDgKqOXGIMGh+guklWK6HD2aJY7dvWlYeqh+ + 70H8dXdrNQ65dwkj+pQEdupfSMuaG69tg2RvIz17jKNKr7k6BDmQHA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-20T15:28:01Z" + mac: ENC[AES256_GCM,data:IHgG0EN/CGFY05PyqCMuAFf4RpOyQzFOTe/7pWPezA8sL1jW8dONdj6ymvCLPm4o9ft5IIj9kFfbV+X8mbTqOlaRRDBBaW6oCCeoMlneEF+++RopESNYA8BWxeXRS+gTG0baeFCEkipg/Z+uMKwE1401od6+EtPMv9WdouWzLk0=,iv:HKGONslpD/jbh2Il839D7jrk1p/6D+cGUI4bqQ8BAjI=,tag:bkWeUrpLV8q1FTWKnK9HPw==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 diff --git a/kubernetes/apps/networking/phpipam/phpipam-db/user.yaml b/kubernetes/apps/networking/phpipam/phpipam-db/user.yaml new file mode 100644 index 000000000..c99f54dcd --- /dev/null +++ b/kubernetes/apps/networking/phpipam/phpipam-db/user.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: User +metadata: + name: phpipam +spec: + mariaDbRef: + name: mariadb + namespace: database + passwordSecretKeyRef: + name: phpipam-secret + key: mariadb-password + # This field is immutable and defaults to 10 + maxUserConnections: 20 + host: "%" + requeueInterval: 30s + retryInterval: 5s diff --git a/kubernetes/apps/networking/phpipam/phpipam-web/deployment.yaml b/kubernetes/apps/networking/phpipam/phpipam-web/deployment.yaml new file mode 100644 index 000000000..773e63f43 --- /dev/null +++ b/kubernetes/apps/networking/phpipam/phpipam-web/deployment.yaml @@ -0,0 +1,82 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phpipam-www + labels: + app: phpipam + component: www +spec: + replicas: 1 + selector: + matchLabels: + app: phpipam + component: www + template: + metadata: + labels: + app: phpipam + component: www + spec: + containers: + - name: phpipam-www + image: phpipam/phpipam-www:1.5x + imagePullPolicy: Always + ports: + - containerPort: 80 + protocol: TCP + env: + - name: TZ + value: ${TIMEZONE} + - name: IPAM_DATABASE_WEBHOST + value: '%' + - name: IPAM_DATABASE_NAME + value: phpipam + - name: IPAM_DATABASE_USER + value: phpipam + - name: IPAM_DATABASE_PASS + valueFrom: + secretKeyRef: + name: phpipam-secret + key: mariadb-password + - name: IPAM_DATABASE_HOST + value: mariadb-primary.database.svc.cluster.local +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phpipam-cron + labels: + app: phpipam + component: cron +spec: + replicas: 1 + selector: + matchLabels: + app: phpipam + component: cron + template: + metadata: + labels: + app: phpipam + component: cron + spec: + containers: + - name: phpipam-cron + image: phpipam/phpipam-cron:1.5x + env: + - name: TZ + value: ${TIMEZONE} + - name: SCAN_INTERVAL + value: 1h + - name: IPAM_DATABASE_NAME + value: phpipamdb + - name: IPAM_DATABASE_USER + value: phpipam + - name: IPAM_DATABASE_PASS + valueFrom: + secretKeyRef: + name: phpipam-secret + key: mariadb-password + - name: IPAM_DATABASE_HOST + value: phpipam-db-mariadb diff --git a/kubernetes/apps/networking/phpipam/phpipam-web/ingress.yaml b/kubernetes/apps/networking/phpipam/phpipam-web/ingress.yaml new file mode 100755 index 000000000..a25b94fe2 --- /dev/null +++ b/kubernetes/apps/networking/phpipam/phpipam-web/ingress.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + labels: + app: phpipam + name: phpipam + annotations: + hajimari.io/enable: "true" +spec: + tls: + - secretName: ${SECRET_DOMAIN/./-}-production-tls + hosts: + - phpipam.${SECRET_DOMAIN} + rules: + - host: phpipam.${SECRET_DOMAIN} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: phpipam + port: + number: 80 diff --git a/kubernetes/apps/networking/phpipam/phpipam-web/kustomization.yaml b/kubernetes/apps/networking/phpipam/phpipam-web/kustomization.yaml new file mode 100644 index 000000000..477e68c8c --- /dev/null +++ b/kubernetes/apps/networking/phpipam/phpipam-web/kustomization.yaml @@ -0,0 +1,9 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: networking +resources: + - ingress.yaml + - service.yaml + - deployment.yaml diff --git a/kubernetes/apps/networking/phpipam/phpipam-web/service.yaml b/kubernetes/apps/networking/phpipam/phpipam-web/service.yaml new file mode 100644 index 000000000..65c78f103 --- /dev/null +++ b/kubernetes/apps/networking/phpipam/phpipam-web/service.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: phpipam +spec: + selector: + app: phpipam + component: www + type: ClusterIP + ports: + - protocol: TCP + port: 80 + targetPort: 80 diff --git a/kubernetes/apps/networking/traefik/app/helm-release.yaml b/kubernetes/apps/networking/traefik/app/helm-release.yaml new file mode 100755 index 000000000..5db192f95 --- /dev/null +++ b/kubernetes/apps/networking/traefik/app/helm-release.yaml @@ -0,0 +1,106 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: traefik +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: traefik + version: 28.2.0 + sourceRef: + kind: HelmRepository + name: traefik-charts + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + env: + - name: TZ + value: ${TIMEZONE} + deployment: + kind: Deployment + replicas: 1 + service: + enabled: true + type: LoadBalancer + spec: + loadBalancerIP: ${CILIUM_LB_INGRESS_ADDR} + externalTrafficPolicy: Cluster + logs: + general: + format: json + level: DEBUG + access: + enabled: true + format: json + ingressClass: + enabled: true + isDefaultClass: true + fallbackApiVersion: v1 + ingressRoute: + dashboard: + enabled: false + providers: + kubernetesCRD: + enabled: true + allowCrossNamespace: true + globalArguments: + - --api.insecure=true + - --serverstransport.insecureskipverify=true + - --providers.kubernetesingress.ingressclass=traefik + - --metrics.prometheus=true + - --metrics.prometheus.entryPoint=metrics + - --entryPoints.websecure.forwardedHeaders.trustedIPs=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12,fe80::/10 + # - "--entryPoints.websecure.forwardedHeaders.trustedIPs=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/13,104.24.0.0/14,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32" + additionalArguments: + - --providers.kubernetesingress.ingressendpoint.ip=${CILIUM_LB_INGRESS_ADDR} + - --providers.kubernetesingress.allowexternalnameservices=true + - --providers.kubernetescrd.allowexternalnameservices=true + ports: + traefik: + expose: + default: true + web: + redirectTo: + port: websecure + websecure: + tls: + enabled: true + options: default + metrics: + expose: + default: true + metrics: + prometheus: + entryPoint: metrics + service: + enabled: true + tlsOptions: + default: + minVersion: VersionTLS12 + maxVersion: VersionTLS13 + # sniStrict: true # TODO + pilot: + enabled: false + resources: + requests: + memory: 100Mi + cpu: 500m + limits: + memory: 500Mi + cpu: 500m diff --git a/kubernetes/apps/networking/traefik/app/kustomization.yaml b/kubernetes/apps/networking/traefik/app/kustomization.yaml new file mode 100755 index 000000000..52b714f5a --- /dev/null +++ b/kubernetes/apps/networking/traefik/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: networking +resources: + - helm-release.yaml diff --git a/kubernetes/apps/networking/traefik/config/certificates/kustomization.yaml b/kubernetes/apps/networking/traefik/config/certificates/kustomization.yaml new file mode 100644 index 000000000..1d75559df --- /dev/null +++ b/kubernetes/apps/networking/traefik/config/certificates/kustomization.yaml @@ -0,0 +1,11 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./staging.yaml + # NOTE: Once you are able to verify the the staging certificate is valid uncomment out the + # certificate resource below and update the ingress-nginx helm chart with new production + # certificate name. This is to prevent you from getting rate-limited on configuration that might + # not be valid on bootstrap. No need to comment out the staging certificate they can coexist. + - ./production.yaml diff --git a/kubernetes/apps/networking/traefik/config/certificates/production.yaml b/kubernetes/apps/networking/traefik/config/certificates/production.yaml new file mode 100644 index 000000000..26cc3cc04 --- /dev/null +++ b/kubernetes/apps/networking/traefik/config/certificates/production.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: ${SECRET_DOMAIN/./-}-production + namespace: networking +spec: + secretName: ${SECRET_DOMAIN/./-}-production-tls + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + secretTemplate: + annotations: + replicator.v1.mittwald.de/replicate-to: ".*" + commonName: ${SECRET_DOMAIN} + dnsNames: + - ${SECRET_DOMAIN} + - "*.${SECRET_DOMAIN}" +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: ${SECRET_CH_DOMAIN/./-}-production + namespace: networking +spec: + secretName: ${SECRET_CH_DOMAIN/./-}-production-tls + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + secretTemplate: + annotations: + replicator.v1.mittwald.de/replicate-to: ".*" + commonName: ${SECRET_CH_DOMAIN} + dnsNames: + - ${SECRET_CH_DOMAIN} + - "*.${SECRET_CH_DOMAIN}" diff --git a/kubernetes/apps/networking/traefik/config/certificates/staging.yaml b/kubernetes/apps/networking/traefik/config/certificates/staging.yaml new file mode 100644 index 000000000..4f71eeeba --- /dev/null +++ b/kubernetes/apps/networking/traefik/config/certificates/staging.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: ${SECRET_DOMAIN/./-}-staging + namespace: networking +spec: + secretName: ${SECRET_DOMAIN/./-}-staging-tls + issuerRef: + name: letsencrypt-staging + kind: ClusterIssuer + secretTemplate: + annotations: + replicator.v1.mittwald.de/replicate-to: ".*" + commonName: ${SECRET_DOMAIN} + dnsNames: + - ${SECRET_DOMAIN} + - "*.${SECRET_DOMAIN}" +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: ${SECRET_CH_DOMAIN/./-}-staging + namespace: networking +spec: + secretName: ${SECRET_CH_DOMAIN/./-}-staging-tls + issuerRef: + name: letsencrypt-staging + kind: ClusterIssuer + secretTemplate: + annotations: + replicator.v1.mittwald.de/replicate-to: ".*" + commonName: ${SECRET_CH_DOMAIN} + dnsNames: + - ${SECRET_CH_DOMAIN} + - "*.${SECRET_CH_DOMAIN}" diff --git a/kubernetes/apps/networking/traefik/config/dashboard/ingress.yaml b/kubernetes/apps/networking/traefik/config/dashboard/ingress.yaml new file mode 100755 index 000000000..b58b0c3ce --- /dev/null +++ b/kubernetes/apps/networking/traefik/config/dashboard/ingress.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: traefik-dashboard + annotations: + traefik.ingress.kubernetes.io/router.tls: "true" + external-dns/is-public: "true" + external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET} + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: https://auth.${SECRET_DOMAIN}/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: | + proxy_set_header X-Forwarded-Method $request_method; + proxy_set_header X-Forwarded-Scheme $scheme; + hajimari.io/enable: "true" + hajimari.io/icon: web + hajimari.io/appName: traefik +spec: + tls: + - hosts: + - traefik.${SECRET_DOMAIN} + secretName: ${SECRET_DOMAIN/./-}-production-tls + rules: + - host: traefik.${SECRET_DOMAIN} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: traefik + port: + number: 9000 diff --git a/kubernetes/apps/networking/traefik/config/dashboard/kustomization.yaml b/kubernetes/apps/networking/traefik/config/dashboard/kustomization.yaml new file mode 100755 index 000000000..3c994ad48 --- /dev/null +++ b/kubernetes/apps/networking/traefik/config/dashboard/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ingress.yaml diff --git a/kubernetes/apps/networking/traefik/config/kustomization.yaml b/kubernetes/apps/networking/traefik/config/kustomization.yaml new file mode 100755 index 000000000..63c0a7190 --- /dev/null +++ b/kubernetes/apps/networking/traefik/config/kustomization.yaml @@ -0,0 +1,11 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: networking +resources: + - certificates + - tls-store + - dashboard + - middlewares + - serverstransport diff --git a/kubernetes/apps/networking/traefik/config/middlewares/authelia.yaml b/kubernetes/apps/networking/traefik/config/middlewares/authelia.yaml new file mode 100644 index 000000000..ba1e83d3f --- /dev/null +++ b/kubernetes/apps/networking/traefik/config/middlewares/authelia.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: forwardauth-authelia +spec: + forwardAuth: + address: https://auth.${SECRET_DOMAIN}/api/verify?rd=https%3A%2F%2Fauth.${SECRET_DOMAIN}%2F + trustForwardHeader: true + authResponseHeaders: + - Remote-User + - Remote-Name + - Remote-Email + - Remote-Groups diff --git a/kubernetes/apps/networking/traefik/config/middlewares/cloudflare-only.yaml b/kubernetes/apps/networking/traefik/config/middlewares/cloudflare-only.yaml new file mode 100644 index 000000000..0c8d0a1a7 --- /dev/null +++ b/kubernetes/apps/networking/traefik/config/middlewares/cloudflare-only.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: cloudflare-ips +spec: + # https://www.cloudflare.com/ips/ + ipWhiteList: + sourceRange: + - 173.245.48.0/20 + - 103.21.244.0/22 + - 103.22.200.0/22 + - 103.31.4.0/22 + - 141.101.64.0/18 + - 108.162.192.0/18 + - 190.93.240.0/20 + - 188.114.96.0/20 + - 197.234.240.0/22 + - 198.41.128.0/17 + - 162.158.0.0/15 + - 104.16.0.0/13 + - 104.24.0.0/14 + - 172.64.0.0/13 + - 131.0.72.0/22 + - 2400:cb00::/32 + - 2606:4700::/32 + - 2803:f800::/32 + - 2405:b500::/32 + - 2405:8100::/32 + - 2a06:98c0::/29 + - 2c0f:f248::/32 + # include rfc1918 ranges since traefik chains do not support OR operations + # https://github.com/traefik/traefik/issues/6007 + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: cloudflare-only +spec: + chain: + middlewares: + - name: cloudflare-ips diff --git a/kubernetes/apps/networking/traefik/config/middlewares/internal-only.yaml b/kubernetes/apps/networking/traefik/config/middlewares/internal-only.yaml new file mode 100644 index 000000000..dcab2e2c7 --- /dev/null +++ b/kubernetes/apps/networking/traefik/config/middlewares/internal-only.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: internal-ips +spec: + ipWhiteList: + sourceRange: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: internal-only +spec: + chain: + middlewares: + - name: internal-ips diff --git a/kubernetes/apps/networking/traefik/config/middlewares/kustomization.yaml b/kubernetes/apps/networking/traefik/config/middlewares/kustomization.yaml new file mode 100644 index 000000000..c8bc2bc1c --- /dev/null +++ b/kubernetes/apps/networking/traefik/config/middlewares/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - cloudflare-only.yaml + - internal-only.yaml + - authelia.yaml diff --git a/kubernetes/apps/networking/traefik/config/serverstransport/insecureskipverify.yaml b/kubernetes/apps/networking/traefik/config/serverstransport/insecureskipverify.yaml new file mode 100755 index 000000000..837904b85 --- /dev/null +++ b/kubernetes/apps/networking/traefik/config/serverstransport/insecureskipverify.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: ServersTransport +metadata: + name: insecureskipverify +spec: + insecureSkipVerify: true diff --git a/kubernetes/apps/networking/traefik/config/serverstransport/kustomization.yaml b/kubernetes/apps/networking/traefik/config/serverstransport/kustomization.yaml new file mode 100755 index 000000000..ad8fabebf --- /dev/null +++ b/kubernetes/apps/networking/traefik/config/serverstransport/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - insecureskipverify.yaml diff --git a/kubernetes/apps/networking/traefik/config/tls-store/default.yaml b/kubernetes/apps/networking/traefik/config/tls-store/default.yaml new file mode 100755 index 000000000..9f3f22e4b --- /dev/null +++ b/kubernetes/apps/networking/traefik/config/tls-store/default.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: TLSStore +metadata: + name: default +spec: + defaultCertificate: + secretName: ${SECRET_DOMAIN/./-}-production-tls diff --git a/kubernetes/apps/networking/traefik/config/tls-store/kustomization.yaml b/kubernetes/apps/networking/traefik/config/tls-store/kustomization.yaml new file mode 100755 index 000000000..5d4e84abc --- /dev/null +++ b/kubernetes/apps/networking/traefik/config/tls-store/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - default.yaml diff --git a/kubernetes/apps/networking/traefik/ks.dis b/kubernetes/apps/networking/traefik/ks.dis new file mode 100644 index 000000000..7f03a42dd --- /dev/null +++ b/kubernetes/apps/networking/traefik/ks.dis @@ -0,0 +1,46 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app traefik + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: cilium-config + targetNamespace: networking + path: ./kubernetes/apps/networking/traefik/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app traefik-config + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: networking + dependsOn: + - name: ingress-nginx + path: ./kubernetes/apps/networking/traefik/config + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/networking/vpn/app/ingressroutetcp.yaml b/kubernetes/apps/networking/vpn/app/ingressroutetcp.yaml new file mode 100644 index 000000000..7e2e9ccad --- /dev/null +++ b/kubernetes/apps/networking/vpn/app/ingressroutetcp.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRouteTCP +metadata: + name: sftpgo-sftp + labels: + public: "true" +spec: + entryPoints: + - websecure + routes: + - match: HostSNI(`*`) + services: + - name: vpn + port: 8888 diff --git a/kubernetes/apps/networking/vpn/app/kustomization.yaml b/kubernetes/apps/networking/vpn/app/kustomization.yaml new file mode 100644 index 000000000..aa8104444 --- /dev/null +++ b/kubernetes/apps/networking/vpn/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: networking +resources: + - ./ingressroutetcp.yaml + - ./service.yaml diff --git a/kubernetes/apps/networking/vpn/app/service.yaml b/kubernetes/apps/networking/vpn/app/service.yaml new file mode 100644 index 000000000..ef5b005ee --- /dev/null +++ b/kubernetes/apps/networking/vpn/app/service.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: vpn +spec: + externalName: vpn.eighty-three.me + sessionAffinity: None + type: ExternalName + ports: + - name: vpn + port: 8888 + protocol: TCP + targetPort: 8888 diff --git a/kubernetes/apps/networking/vpn/ks.dis b/kubernetes/apps/networking/vpn/ks.dis new file mode 100644 index 000000000..d833667b5 --- /dev/null +++ b/kubernetes/apps/networking/vpn/ks.dis @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app vpn + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: networking + dependsOn: + - name: ingress-nginx + path: ./kubernetes/apps/networking/vpn/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/observability/alertmanager-discord/app/alertmanager-discord-config.yaml b/kubernetes/apps/observability/alertmanager-discord/app/alertmanager-discord-config.yaml new file mode 100755 index 000000000..7a5c2bbd5 --- /dev/null +++ b/kubernetes/apps/observability/alertmanager-discord/app/alertmanager-discord-config.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: monitoring.coreos.com/v1alpha1 +kind: AlertmanagerConfig +metadata: + name: discord + namespace: observability + labels: + alertmanagerConfig: discord +spec: + route: + groupBy: + - alertname + groupInterval: 10s + groupWait: 1s + repeatInterval: 30s + receiver: discord + routes: + - matchers: + - namespace: "*" + receivers: + - name: discord + webhookConfigs: + - url: http://alertmanager-discord:9094 diff --git a/kubernetes/apps/observability/alertmanager-discord/app/alertmanager-discord-deployment.yaml b/kubernetes/apps/observability/alertmanager-discord/app/alertmanager-discord-deployment.yaml new file mode 100755 index 000000000..10e9f3bed --- /dev/null +++ b/kubernetes/apps/observability/alertmanager-discord/app/alertmanager-discord-deployment.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alertmanager-discord + namespace: observability +spec: + selector: + matchLabels: + app: alertmanager-discord + template: + metadata: + labels: + app: alertmanager-discord + spec: + containers: + - image: registry.eighty-three.me/tuxpeople/alertmanager-discord:rolling + imagePullPolicy: Always + name: main + ports: + - containerPort: 9094 + name: http + resources: + requests: + cpu: 10m + memory: 10Mi + limits: + cpu: 20m + memory: 40Mi + env: + - name: DISCORD_WEBHOOK + valueFrom: + secretKeyRef: + key: address + name: discord-webhook diff --git a/kubernetes/apps/observability/alertmanager-discord/app/alertmanager-discord-service.yaml b/kubernetes/apps/observability/alertmanager-discord/app/alertmanager-discord-service.yaml new file mode 100755 index 000000000..4fcf93148 --- /dev/null +++ b/kubernetes/apps/observability/alertmanager-discord/app/alertmanager-discord-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: alertmanager-discord + name: alertmanager-discord + namespace: observability +spec: + ports: + - name: http + port: 9094 + targetPort: http + selector: + app: alertmanager-discord diff --git a/kubernetes/apps/observability/alertmanager-discord/app/kustomization.yaml b/kubernetes/apps/observability/alertmanager-discord/app/kustomization.yaml new file mode 100755 index 000000000..ed65e12b3 --- /dev/null +++ b/kubernetes/apps/observability/alertmanager-discord/app/kustomization.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: observability +resources: + - secret.sops.yaml + # - alertmanager-discord-config.yaml + - alertmanager-discord-deployment.yaml + - alertmanager-discord-service.yaml diff --git a/kubernetes/apps/observability/alertmanager-discord/app/secret.sops.yaml b/kubernetes/apps/observability/alertmanager-discord/app/secret.sops.yaml new file mode 100644 index 000000000..555de01fb --- /dev/null +++ b/kubernetes/apps/observability/alertmanager-discord/app/secret.sops.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Secret +metadata: + name: discord-webhook + namespace: observability +stringData: + address: ENC[AES256_GCM,data:TZfqRT14xU3ekXeBH/OQpRikpDIAiypc1HEj+C3lfmuE+iy0HTGmj1u15hpTlBzFMU0Xt2UtBsn3H8/7y0aBpip2ZRbMt1sb8/mIaYTFBviAKoJoqSrq2J4btXZ7+e3Tarw/3davIwKJ4JJkKDv0P/FpLMlgevjA,iv:Oqk28iujqcY4RbJtZGryIedEY63h1eHIU0LbStmyR+Q=,tag:3K9kTp28I+Z04gRgOq3YiQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPOGRIQmNTZDJaNUpDbWVq + bkwvbklvbkRpVE9RQytkeUNWamFsWUFzRzJBCk1qek5ueFBWYUF4NmptRTBqekxr + VXZDazhreHB6UnhGNXZzMTZwV0xxWkkKLS0tIERUQkhOUEhDellUWjNZRU9WU1Z0 + bWZUWDR1SUwvVnJ1SDAydXV6YS9Db3cKEygUxkjdTZjA9y7i0CHSGdfCrgGOXhp3 + 6+67/ce4guTnhNIxux7dOARTg3gjp4lVAbR4SZFkAbEIMOq1JU63aQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-06-28T19:55:44Z" + mac: ENC[AES256_GCM,data:yMsh0wsWa4Ng/RMsb/dDgsuags9dlvNMu4do7lh7RCmwRY6AKblJhAMEAQ22G4XSdafuJvOu40TAHEZUipW0ZEXDRLMw7A6DkxdKi/1fL3BTmysLjg/lyAYBM8te8ueCQ7V2refSnXpHIIpDWIXAqsaZLrAluGIrSA1uJ7UHWcI=,iv:+Lf7ynNmSkUP4F+CeNLPHbmysjsKdpQhuoV5ob71w08=,tag:Q02RySxsf2RMKFi9IRtrng==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/kubernetes/apps/observability/alertmanager-discord/ks.yaml b/kubernetes/apps/observability/alertmanager-discord/ks.yaml new file mode 100644 index 000000000..dc6654acc --- /dev/null +++ b/kubernetes/apps/observability/alertmanager-discord/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app alertmanager-discord + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: observability + path: ./kubernetes/apps/observability/alertmanager-discord/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/observability/gatus/app/config/config.yaml b/kubernetes/apps/observability/gatus/app/config/config.yaml new file mode 100644 index 000000000..3516f633d --- /dev/null +++ b/kubernetes/apps/observability/gatus/app/config/config.yaml @@ -0,0 +1,47 @@ +--- +# Note: Gatus vars should be escaped with $${VAR_NAME} to avoid interpolation by Flux +web: + port: $${CUSTOM_WEB_PORT} +metrics: true +debug: true +storage: + type: sqlite + path: /data/data.db +ui: + title: Status | Gatus + header: Status +connectivity: + checker: + target: 1.1.1.1:53 + interval: 1m +alerting: + discord: + webhook-url: $${GATUS_DISCORD_WEBHOOK} + default-alert: + # description: "health check failed" + send-on-resolved: true + failure-threshold: 2 + success-threshold: 2 +endpoints: + - name: status + group: external + url: https://status.${SECRET_DOMAIN} + interval: 1m + ui: + hide-hostname: true + hide-url: true + client: + dns-resolver: tcp://1.1.1.1:53 + conditions: + - "[STATUS] == 200" + - name: flux-webhook + group: external + url: https://flux-webhook.${SECRET_DOMAIN} + interval: 1m + ui: + hide-hostname: true + hide-url: true + client: + dns-resolver: tcp://1.1.1.1:53 + conditions: + - "[STATUS] == 404" diff --git a/kubernetes/apps/observability/gatus/app/externalsecret.yaml b/kubernetes/apps/observability/gatus/app/externalsecret.yaml new file mode 100644 index 000000000..3aee670df --- /dev/null +++ b/kubernetes/apps/observability/gatus/app/externalsecret.yaml @@ -0,0 +1,19 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: gatus-discord-webhook +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword + target: + name: gatus-discord-webhook-secret + template: + engineVersion: v2 + data: + GATUS_DISCORD_WEBHOOK: "{{ .WEBHOOK }}" + dataFrom: + - extract: + key: gatus-discord-webhook diff --git a/kubernetes/apps/observability/gatus/app/helmrelease.yaml b/kubernetes/apps/observability/gatus/app/helmrelease.yaml new file mode 100644 index 000000000..04f8c9eba --- /dev/null +++ b/kubernetes/apps/observability/gatus/app/helmrelease.yaml @@ -0,0 +1,135 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: gatus +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + gatus: + annotations: + reloader.stakater.com/auto: "true" + initContainers: + init-config: + image: + repository: ghcr.io/kiwigrid/k8s-sidecar + tag: 1.27.2 + env: + FOLDER: /config + LABEL: gatus.io/enabled + NAMESPACE: ALL + RESOURCE: both + UNIQUE_FILENAMES: true + METHOD: WATCH + restartPolicy: Always + resources: &resources + requests: + cpu: 10m + limits: + memory: 256Mi + containers: + app: + image: + repository: ghcr.io/twin/gatus + tag: v5.11.0 + env: + TZ: Europe/Zurich + GATUS_CONFIG_PATH: /config + GATUS_DELAY_START_SECONDS: 5 + CUSTOM_WEB_PORT: &port 80 + envFrom: + - secretRef: + name: gatus-discord-webhook-secret + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /health + port: *port + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: *resources + service: + app: + controller: gatus + ports: + http: + port: *port + serviceMonitor: + app: + serviceName: gatus + endpoints: + - port: http + scheme: http + path: /metrics + interval: 1m + scrapeTimeout: 10s + ingress: + app: + className: nginx-default + annotations: + external-dns/is-public: "true" + external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET} + hosts: + - host: &host "status.${SECRET_DOMAIN}" + paths: + - path: / + service: + identifier: app + port: http + tls: + - hosts: + - *host + secretName: ${SECRET_DOMAIN/./-}-production-tls + serviceAccount: + create: true + name: gatus + persistence: + config: + type: emptyDir + config-file: + type: configMap + name: gatus-configmap + globalMounts: + - path: /config/config.yaml + subPath: config.yaml + readOnly: true + data: + type: emptyDir + defaultPodOptions: + dnsConfig: + options: + - { name: ndots, value: "1" } diff --git a/kubernetes/apps/observability/gatus/app/kustomization.yaml b/kubernetes/apps/observability/gatus/app/kustomization.yaml new file mode 100644 index 000000000..d15eaef7a --- /dev/null +++ b/kubernetes/apps/observability/gatus/app/kustomization.yaml @@ -0,0 +1,14 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./rbac.yaml + - ./helmrelease.yaml + - ./externalsecret.yaml +configMapGenerator: + - name: gatus-configmap + files: + - config.yaml=./config/config.yaml +generatorOptions: + disableNameSuffixHash: true diff --git a/kubernetes/apps/observability/gatus/app/rbac.yaml b/kubernetes/apps/observability/gatus/app/rbac.yaml new file mode 100644 index 000000000..0f12c439b --- /dev/null +++ b/kubernetes/apps/observability/gatus/app/rbac.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gatus +rules: + - apiGroups: [""] + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gatus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gatus +subjects: + - kind: ServiceAccount + name: gatus + namespace: observability diff --git a/kubernetes/apps/observability/gatus/ks.yaml b/kubernetes/apps/observability/gatus/ks.yaml new file mode 100644 index 000000000..9d1a45c8d --- /dev/null +++ b/kubernetes/apps/observability/gatus/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app gatus + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: external-secrets-secretstores + targetNamespace: observability + path: ./kubernetes/apps/observability/gatus/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/observability/goldilocks/app/helmrelease.yaml b/kubernetes/apps/observability/goldilocks/app/helmrelease.yaml new file mode 100644 index 000000000..4a0e80cc0 --- /dev/null +++ b/kubernetes/apps/observability/goldilocks/app/helmrelease.yaml @@ -0,0 +1,60 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: goldilocks + namespace: observability +spec: + interval: 30m + timeout: 15m + chart: + spec: + chart: goldilocks + version: 8.0.1 + sourceRef: + kind: HelmRepository + name: fairwinds + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controller: + resources: + requests: + cpu: 25m + memory: 50Mi + limits: + cpu: 500m + memory: 200Mi + dashboard: + replicaCount: 1 + ingress: + enabled: true + ingressClassName: nginx-default + hosts: + - host: &host goldilocks.${SECRET_DOMAIN} + paths: + - path: / + type: Prefix + tls: + - hosts: + - *host + resources: + requests: + cpu: 25m + memory: 50Mi + limits: + cpu: 500m + memory: 200Mi diff --git a/kubernetes/apps/observability/goldilocks/app/kustomization.yaml b/kubernetes/apps/observability/goldilocks/app/kustomization.yaml new file mode 100644 index 000000000..1a892146a --- /dev/null +++ b/kubernetes/apps/observability/goldilocks/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: observability +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/observability/goldilocks/ks.yaml b/kubernetes/apps/observability/goldilocks/ks.yaml new file mode 100644 index 000000000..8eed5c0f7 --- /dev/null +++ b/kubernetes/apps/observability/goldilocks/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app goldilocks + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: vpa + targetNamespace: observability + path: ./kubernetes/apps/observability/goldilocks/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/observability/grafana/app/helmrelease.yaml b/kubernetes/apps/observability/grafana/app/helmrelease.yaml new file mode 100644 index 000000000..544a03627 --- /dev/null +++ b/kubernetes/apps/observability/grafana/app/helmrelease.yaml @@ -0,0 +1,277 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: grafana + namespace: observability +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: grafana + version: 7.3.11 + sourceRef: + kind: HelmRepository + name: grafana + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + assertNoLeakedSecrets: false + admin: + existingSecret: grafana-admin-secret + env: + GF_EXPLORE_ENABLED: true + GF_SERVER_ROOT_URL: https://grafana.${SECRET_DOMAIN} + grafana.ini: + analytics: + check_for_updates: false + check_for_plugin_updates: false + auth: + signout_redirect_url: https://auth.${SECRET_DOMAIN}/logout + oauth_auto_login: false + auth.generic_oauth: + enabled: true + name: Homelab Account + icon: signin + client_id: grafana + client_secret: ${SECRET_OIDC_CLIENT_SECRET_GRAFANA} + scopes: openid profile email groups + empty_scopes: false + auth_url: https://auth.${SECRET_DOMAIN}/api/oidc/authorization + token_url: https://auth.${SECRET_DOMAIN}/api/oidc/token + api_url: https://auth.${SECRET_DOMAIN}/api/oidc/userinfo + login_attribute_path: preferred_username + groups_attribute_path: groups + name_attribute_path: name + use_pkce: true + auth.generic_oauth.group_mapping: + role_attribute_path: | + contains(groups[*], 'applications_grafana_admins') && 'Admin' || contains(groups[*], 'applications_grafana') && 'Viewer' + org_id: 1 + auth.basic: + enabled: false + # disable_login_form: false + auth.anonymous: + enabled: false + org_name: Homelab + org_id: 1 + org_role: Viewer + dashboardProviders: + dashboardproviders.yaml: + apiVersion: 1 + providers: + - name: default + orgId: 1 + folder: "" + type: file + disableDeletion: false + editable: true + options: + path: /var/lib/grafana/dashboards/default + - name: unpoller + orgId: 1 + folder: "unpoller" + type: file + disableDeletion: false + editable: true + options: + path: /var/lib/grafana/dashboards/unpoller + - name: apps + orgId: 1 + folder: "apps" + type: file + disableDeletion: false + editable: true + options: + path: /var/lib/grafana/dashboards/apps + - name: kubernetes + orgId: 1 + folder: "kubernetes" + type: file + disableDeletion: false + editable: true + options: + path: /var/lib/grafana/dashboards/kubernetes + datasources: + datasources.yaml: + apiVersion: 1 + datasources: + - name: Prometheus + type: prometheus + access: proxy + url: http://kube-prometheus-stack-prometheus.observability.svc.cluster.local:9090 + isDefault: true + - name: Loki + type: loki + access: proxy + url: http://loki-read.observability.svc.cluster.local:3100 + - name: Alertmanager + type: alertmanager + uid: alertmanager + access: proxy + url: http://alertmanager-operated.observability.svc.cluster.local:9093 + jsonData: + implementation: prometheus + dashboards: + default: + alertmanager-alerts: + # renovate: dashboardName="OPEN ALERTS OF ALERTMANAGER" + gnetId: 12947 + revision: 1 + datasource: Alertmanager + external-dns: + # renovate: dashboardName="External DNS" + gnetId: 15038 + revision: 3 + datasource: Prometheus + node-exporter-full: + # renovate: dashboardName="Node Exporter Full" + gnetId: 1860 + revision: 37 + datasource: Prometheus + cert-manager: + url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/cert-manager/dashboards/cert-manager.json + datasource: Prometheus + flux-cluster: + url: https://raw.githubusercontent.com/fluxcd/flux2-monitoring-example/main/monitoring/configs/dashboards/cluster.json + datasource: Prometheus + flux-control-plane: + url: https://raw.githubusercontent.com/fluxcd/flux2-monitoring-example/main/monitoring/configs/dashboards/control-plane.json + datasource: Prometheus + external-secrets: + url: https://raw.githubusercontent.com/external-secrets/external-secrets/main/docs/snippets/dashboard.json + datasource: Prometheus + node-feature-discovery: + url: https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/master/examples/grafana-dashboard.json + datasource: Prometheus + miniflux: + url: https://raw.githubusercontent.com/miniflux/v2/main/contrib/grafana/dashboard.json + datasource: Prometheus + unpoller: + unifi-insights: + # renovate: dashboardName="UniFi-Poller: Client Insights - Prometheus" + gnetId: 11315 + revision: 9 + datasource: Prometheus + unifi-network-sites: + # renovate: dashboardName="UniFi-Poller: Network Sites - Prometheus" + gnetId: 11311 + revision: 5 + datasource: Prometheus + unifi-usw: + # renovate: dashboardName="UniFi-Poller: USW Insights - Prometheus" + gnetId: 11312 + revision: 9 + datasource: + - name: "DS_PROMETHEUS" + value: Prometheus + unifi-uap: + # renovate: dashboardName="UniFi-Poller: UAP Insights - Prometheus" + gnetId: 11314 + revision: 10 + datasource: + - name: "DS_PROMETHEUS" + value: Prometheus + apps: + octoprint: + url: https://raw.githubusercontent.com/tg44/OctoPrint-prometheus-Exporter/master/extras/octoprint-grafana.json + datasource: Prometheus + minio: + # renovate: dashboardName="MinIO Dashboard" + gnetId: 13502 + revision: 26 + datasource: Prometheus + sonarrv3: + # renovate: dashboardName="Sonarr v3" + gnetId: 12530 + revision: 2 + datasource: Prometheus + radarrv3: + # renovate: dashboardName="Radarr v3" + gnetId: 12896 + revision: 1 + datasource: Prometheus + mysql-overview: + # renovate: dashboardName="MySQL Overview" + gnetId: 7362 + revision: 5 + datasource: Prometheus + mysql-quickstart: + # renovate: dashboardName="MySQL Exporter Quickstart and Dashboard" + gnetId: 14057 + revision: 1 + datasource: Prometheus + kubernetes: + kubernetes-api-server: + # renovate: dashboardName="Kubernetes / System / API Server" + gnetId: 15761 + revision: 16 + datasource: Prometheus + kubernetes-coredns: + # renovate: dashboardName="Kubernetes / System / CoreDNS" + gnetId: 15762 + revision: 18 + datasource: Prometheus + kubernetes-global: + # renovate: dashboardName="Kubernetes / Views / Global" + gnetId: 15757 + revision: 37 + datasource: Prometheus + kubernetes-namespaces: + # renovate: dashboardName="Kubernetes / Views / Namespaces" + gnetId: 15758 + revision: 34 + datasource: Prometheus + kubernetes-nodes: + # renovate: dashboardName="Kubernetes / Views / Nodes" + gnetId: 15759 + revision: 29 + datasource: Prometheus + kubernetes-pods: + # renovate: dashboardName="Kubernetes / Views / Pods" + gNetId: 15760 + revision: 21 + datasource: Prometheus + kubernetes-volumes: + # renovate: dashboardName="K8s / Storage / Volumes / Cluster" + gnetId: 11454 + revision: 14 + datasource: Prometheus + sidecar: + dashboards: + enabled: true + searchNamespace: ALL + datasources: + enabled: true + searchNamespace: ALL + serviceMonitor: + enabled: true + ingress: + enabled: true + ingressClassName: nginx-default + annotations: + hajimari.io/icon: simple-icons:grafana + hosts: + - &host grafana.${SECRET_DOMAIN} + tls: + - hosts: + - *host + persistence: + enabled: true + storageClassName: ${MAIN_SC} + testFramework: + enabled: false diff --git a/kubernetes/apps/observability/grafana/app/kustomization.yaml b/kubernetes/apps/observability/grafana/app/kustomization.yaml new file mode 100644 index 000000000..4b5bd041c --- /dev/null +++ b/kubernetes/apps/observability/grafana/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: observability +resources: + - ./secret.sops.yaml + - ./helmrelease.yaml diff --git a/kubernetes/apps/observability/grafana/app/secret.sops.yaml b/kubernetes/apps/observability/grafana/app/secret.sops.yaml new file mode 100644 index 000000000..066445646 --- /dev/null +++ b/kubernetes/apps/observability/grafana/app/secret.sops.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Secret +metadata: + name: grafana-admin-secret + namespace: observability +stringData: + admin-user: ENC[AES256_GCM,data:WpkjQPM=,iv:BAmU/q1wHuAuKXssANqwK6Ol8qNV7zmpuXxFw44nyXQ=,tag:nh7u1f3KLkft5DdymPwtTQ==,type:str] + admin-password: ENC[AES256_GCM,data:mYNyxe1vR2/FiIeW,iv:PTIj5Fs9RCfuT/y59aaaPhSLh559Fqk8wQ67o9TR6AA=,tag:VCmrtXlyFWCKkoG+Fx/QsQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPOGRIQmNTZDJaNUpDbWVq + bkwvbklvbkRpVE9RQytkeUNWamFsWUFzRzJBCk1qek5ueFBWYUF4NmptRTBqekxr + VXZDazhreHB6UnhGNXZzMTZwV0xxWkkKLS0tIERUQkhOUEhDellUWjNZRU9WU1Z0 + bWZUWDR1SUwvVnJ1SDAydXV6YS9Db3cKEygUxkjdTZjA9y7i0CHSGdfCrgGOXhp3 + 6+67/ce4guTnhNIxux7dOARTg3gjp4lVAbR4SZFkAbEIMOq1JU63aQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-06-18T16:15:31Z" + mac: ENC[AES256_GCM,data:N1GKYclxKIy02s9NhS0sdOS2pFrSJsaKykpn5MM7smh4vVg0DHdGsRiHkCJwXlZ8i6ZtSxiLXK4to1rWbEcKzAYda/yzhfqKOaf8AGXNgf6C9+pHfFERzkZuzp/ReHUjz2N6Hfb/HXK4qH/f2u/SpkXXw9jiqOpfNWleYf+g23k=,iv:FH0nWaol27eD5uzLes8qe8XPR37jtS357nFV5zvDEsQ=,tag:WD78hpikxYUDfvNdE6A37Q==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/kubernetes/apps/observability/grafana/ks.yaml b/kubernetes/apps/observability/grafana/ks.yaml new file mode 100644 index 000000000..5730e7439 --- /dev/null +++ b/kubernetes/apps/observability/grafana/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app grafana + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: observability + dependsOn: + - name: ${STORAGE_KUST} + path: ./kubernetes/apps/observability/grafana/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/observability/kube-prometheus-stack/app/helmrelease.yaml b/kubernetes/apps/observability/kube-prometheus-stack/app/helmrelease.yaml new file mode 100644 index 000000000..3c155a19b --- /dev/null +++ b/kubernetes/apps/observability/kube-prometheus-stack/app/helmrelease.yaml @@ -0,0 +1,453 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: kube-prometheus-stack + namespace: observability +spec: + interval: 30m + timeout: 15m + chart: + spec: + chart: kube-prometheus-stack + version: 59.1.0 + sourceRef: + kind: HelmRepository + name: prometheus-community + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + cleanPrometheusOperatorObjectNames: true + alertmanager: + enabled: true + config: + global: + slack_api_url: ${SECRET_ALERT_MANAGER_DISCORD_WEBHOOK} + resolve_timeout: 5m + # smtp_smarthost: smtp.gmail.com:587 + # smtp_auth_username: you@gmail.com + # smtp_auth_password: yourapppassword # https://support.google.com/mail/answer/185833?hl=en-GB + # smtp_auth_identity: you@gmail.com + route: + group_by: + - alertname + - job + group_wait: 30s + group_interval: 5m + repeat_interval: 6h + receiver: discord + routes: + - receiver: "null" + match: + alertname: InfoInhibitor + - receiver: "null" + match: + alertname: CPUThrottlingHigh + - receiver: DeadMansSnitch + repeat_interval: 30m + match: + alertname: Watchdog + - receiver: discord + matchers: + - severity = "critical" + continue: true + # - receiver: discord + # group_wait: 10s + # match_re: + # issue: Portworx* + # continue: true + receivers: + - name: "null" + - name: email + email_configs: + - send_resolved: true + to: ${SECRET_ACME_EMAIL} + from: prometheus@tuxpeople.org + smarthost: smtp.utils.svc.cluster.local:25 + require_tls: false + - name: DeadMansSnitch + webhook_configs: + - url: https://nosnch.in/c15491ac44 + send_resolved: false + - name: discord + webhook_configs: + - send_resolved: true + url: http://alertmanager-discord:9094 + # title: |- + # [{{ .Status | toUpper }}{{ if eq .Status "firing" }}:{{ .Alerts.Firing | len }}{{ end }}] {{ if ne .CommonAnnotations.summary ""}}{{ .CommonAnnotations.summary }}{{ else }}{{ .CommonLabels.alertname }}{{ end }} + # text: >- + # {{ range .Alerts -}} + # **Alert:** {{ .Annotations.title }}{{ if .Labels.severity }} - `{{ .Labels.severity }}`{{ end }} + # **Description:** {{ if ne .Annotations.description ""}}{{ .Annotations.description }}{{else}}N/A{{ end }} + # **Details:** + # {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}` + # {{ end }} + # {{ end }} + # - name: discord + # webhook_configs: + # - send_resolved: true + # url: 'http://alertmanager-discord:9094' + # Inhibition rules allow to mute a set of alerts given that another alert is firing. + # We use this to mute any warning-level notifications if the same alert is already critical. + inhibit_rules: + - source_matchers: + - severity = "critical" + target_matchers: + - severity = "warning" + equal: + - alertname + - namespace + alertmanagerSpec: + replicas: 1 + podAntiAffinity: hard + storage: + volumeClaimTemplate: + spec: + storageClassName: csi-nfs + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + resources: + limits: + cpu: 500m + memory: 400Mi + requests: + cpu: 5m + memory: 50Mi + # priorityClassName: high-priority + alertmanagerConfigSelector: + matchLabels: + alertmanagerConfig: homelab + ingress: + enabled: true + pathType: Prefix + ingressClassName: nginx-default + annotations: + external-dns/is-public: "true" + external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET} + hajimari.io/enable: "true" + hajimari.io/appName: Alertmanager + hajimari.io/icon: mdi:alert-decagram-outline + tls: + - secretName: ${SECRET_DOMAIN/./-}-production-tls + hosts: + - alertmanager.${SECRET_DOMAIN} + hosts: + - alertmanager.${SECRET_DOMAIN} + grafana: + enabled: false + forceDeployDashboards: true + sidecar: + dashboards: + multicluster: + etcd: + enabled: true + kubeStateMetrics: + enabled: true + kube-state-metrics: + metricLabelsAllowlist: + - pods=[*] + - deployments=[*] + - persistentvolumeclaims=[*] + prometheus: + monitor: + enabled: true + relabelings: + - action: replace + regex: (.*) + replacement: $1 + sourceLabels: [__meta_kubernetes_pod_node_name] + targetLabel: kubernetes_node + kubelet: + enabled: true + serviceMonitor: + metricRelabelings: + # Remove duplicate metrics + - sourceLabels: [__name__] + regex: (apiserver_audit|apiserver_client|apiserver_delegated|apiserver_envelope|apiserver_storage|apiserver_webhooks|authentication_token|cadvisor_version|container_blkio|container_cpu|container_fs|container_last|container_memory|container_network|container_oom|container_processes|container|csi_operations|disabled_metric|get_token|go|hidden_metric|kubelet_certificate|kubelet_cgroup|kubelet_container|kubelet_containers|kubelet_cpu|kubelet_device|kubelet_graceful|kubelet_http|kubelet_lifecycle|kubelet_managed|kubelet_node|kubelet_pleg|kubelet_pod|kubelet_run|kubelet_running|kubelet_runtime|kubelet_server|kubelet_started|kubelet_volume|kubernetes_build|kubernetes_feature|machine_cpu|machine_memory|machine_nvm|machine_scrape|node_namespace|plugin_manager|prober_probe|process_cpu|process_max|process_open|process_resident|process_start|process_virtual|registered_metric|rest_client|scrape_duration|scrape_samples|scrape_series|storage_operation|volume_manager|volume_operation|workqueue)_(.+) + action: keep + - sourceLabels: [node] + targetLabel: instance + action: replace + kubeApiServer: + enabled: true + serviceMonitor: + metricRelabelings: + # Remove duplicate metrics + - sourceLabels: [__name__] + regex: (aggregator_openapi|aggregator_unavailable|apiextensions_openapi|apiserver_admission|apiserver_audit|apiserver_cache|apiserver_cel|apiserver_client|apiserver_crd|apiserver_current|apiserver_envelope|apiserver_flowcontrol|apiserver_init|apiserver_kube|apiserver_longrunning|apiserver_request|apiserver_requested|apiserver_response|apiserver_selfrequest|apiserver_storage|apiserver_terminated|apiserver_tls|apiserver_watch|apiserver_webhooks|authenticated_user|authentication|disabled_metric|etcd_bookmark|etcd_lease|etcd_request|field_validation|get_token|go|grpc_client|hidden_metric|kube_apiserver|kubernetes_build|kubernetes_feature|node_authorizer|pod_security|process_cpu|process_max|process_open|process_resident|process_start|process_virtual|registered_metric|rest_client|scrape_duration|scrape_samples|scrape_series|serviceaccount_legacy|serviceaccount_stale|serviceaccount_valid|watch_cache|workqueue)_(.+) + action: keep + # Remove high cardinality metrics + - sourceLabels: [__name__] + regex: (apiserver|etcd|rest_client)_request(|_sli|_slo)_duration_seconds_bucket + action: drop + - sourceLabels: [__name__] + regex: (apiserver_response_sizes_bucket|apiserver_watch_events_sizes_bucket) + action: drop + kubeControllerManager: + enabled: true + endpoints: &cp + - 192.168.8.111 + - 192.168.8.112 + - 192.168.8.113 + serviceMonitor: + metricRelabelings: + # Remove duplicate metrics + - sourceLabels: [__name__] + regex: (apiserver_audit|apiserver_client|apiserver_delegated|apiserver_envelope|apiserver_storage|apiserver_webhooks|attachdetach_controller|authenticated_user|authentication|cronjob_controller|disabled_metric|endpoint_slice|ephemeral_volume|garbagecollector_controller|get_token|go|hidden_metric|job_controller|kubernetes_build|kubernetes_feature|leader_election|node_collector|node_ipam|process_cpu|process_max|process_open|process_resident|process_start|process_virtual|pv_collector|registered_metric|replicaset_controller|rest_client|retroactive_storageclass|root_ca|running_managed|scrape_duration|scrape_samples|scrape_series|service_controller|storage_count|storage_operation|ttl_after|volume_operation|workqueue)_(.+) + action: keep + kubeEtcd: + enabled: true + endpoints: *cp + kubeProxy: + enabled: false # Disabled because eBPF + kubeScheduler: + enabled: true + endpoints: *cp + serviceMonitor: + metricRelabelings: + # Remove duplicate metrics + - sourceLabels: [__name__] + regex: (apiserver_audit|apiserver_client|apiserver_delegated|apiserver_envelope|apiserver_storage|apiserver_webhooks|authenticated_user|authentication|disabled_metric|go|hidden_metric|kubernetes_build|kubernetes_feature|leader_election|process_cpu|process_max|process_open|process_resident|process_start|process_virtual|registered_metric|rest_client|scheduler|scrape_duration|scrape_samples|scrape_series|workqueue)_(.+) + action: keep + prometheus: + extraFlags: + - --web.enable-lifecycle + ingress: + enabled: true + ingressClassName: nginx-default + annotations: + hajimari.io/appName: Prometheus + hajimari.io/icon: simple-icons:prometheus + nginx.ingress.kubernetes.io/ssl-redirect: "false" + pathType: Prefix + hosts: + - &host prometheus.${SECRET_DOMAIN} + tls: + - hosts: + - *host + prometheusSpec: + ruleSelectorNilUsesHelmValues: false + serviceMonitorSelectorNilUsesHelmValues: false + podMonitorSelectorNilUsesHelmValues: false + probeSelectorNilUsesHelmValues: false + enableAdminAPI: true + walCompression: true + retentionSize: 8GB + storageSpec: + volumeClaimTemplate: + spec: + storageClassName: csi-nfs + resources: + requests: + storage: 10Gi + # additionalScrapeConfigs: + # - job_name: node-exporter + # scrape_interval: 1m + # scrape_timeout: 30s + # honor_timestamps: true + # # basic_auth: + # # username: randomuser + # # password: examplepassword + # static_configs: + # - targets: # k3s-node1 + # - 192.168.8.111:9100 + # labels: + # node: "k3s-node1" + # - targets: # k3s-node2 + # - 192.168.8.112:9100 + # labels: + # node: "k3s-node2" + # - targets: # k3s-node3 + # - 192.168.8.113:9100 + # labels: + # node: "k3s-node3" + # - targets: # k3s-node4 + # - 192.168.8.114:9100 + # labels: + # node: "k3s-node4" + # - targets: # NAS + # - 10.20.30.40:9100 + # labels: + # node: "nas" + # - targets: # laptop2 + # - laptop2.home:9100 + # labels: + # node: "laptop-work" + prometheus-node-exporter: + extraArgs: + - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+|boot/firmware)($|/) + # # From archive + # prometheus-node-exporter: + # fullnameOverride: node-exporter + # prometheus: + # monitor: + # enabled: true + # relabelings: + # - action: replace + # regex: (.*) + # replacement: $1 + # sourceLabels: + # - __meta_kubernetes_pod_node_name + # targetLabel: kubernetes_node + # prometheusOperator: + # prometheusConfigReloader: + # resources: + # requests: + # cpu: 100m + # memory: 50Mi + # limits: + # cpu: 200m + # memory: 100Mi + # prometheus: + # enabled: true + # persistentVolume: + # enabled: true + # size: 10Gi + # thanosService: + # enabled: true + # thanosServiceMonitor: + # enabled: true + # prometheusSpec: + # replicas: 1 + # externalLabels: + # cluster: homelab + # thanos: + # image: quay.io/thanos/thanos:v0.31.0 + # objectStorageConfig: + # name: thanos-objstore-secret + # key: objstore.yml + # retention: 12h + # retentionSize: 10GB + # podAntiAffinity: hard + # replicaExternalLabelName: __replica__ + # scrapeInterval: 1m + # ruleSelectorNilUsesHelmValues: false + # serviceMonitorSelectorNilUsesHelmValues: false + # podMonitorSelectorNilUsesHelmValues: false + # probeSelectorNilUsesHelmValues: false + # enableAdminAPI: true + # walCompression: true + # disableCompaction: true + # storageSpec: + # volumeClaimTemplate: + # spec: + # storageClassName: csi-nfs + # resources: + # requests: + # storage: 10Gi + # resources: + # requests: + # cpu: 10m + # memory: 2000Mi + # limits: + # memory: 8000Mi + # additionalScrapeConfigs: + # # - job_name: minio + # # honor_timestamps: true + # # metrics_path: /minio/v2/metrics/cluster + # # static_configs: + # # - targets: + # # - "minio.domain.com:9000" + # - job_name: octoprint + # scrape_interval: 1m + # metrics_path: /plugin/prometheus_exporter/metrics + # params: + # apikey: + # - ${SECRET_OCTOPRINTAPI} + # static_configs: + # - targets: + # - octopi.home:80 + # - job_name: speedtest-exporter + # scrape_interval: 1m + # scrape_timeout: 30s + # static_configs: + # - targets: + # - speedtest-exporter:9090 + # - job_name: minio-job + # bearer_token: ${SECRET_MINIO_BEARERTOKEN} + # metrics_path: /minio/v2/metrics/cluster + # scheme: http + # static_configs: + # - targets: + # - minio.lab.tdeutsch.ch:9091 + # - job_name: mystrom-exporter + # scrape_interval: 1m + # metrics_path: /device + # honor_labels: true + # static_configs: + # - targets: + # - 10.20.30.33 + # labels: + # alias: 3D Drucker + # relabel_configs: + # - source_labels: + # - __address__ + # target_label: __param_target + # - target_label: __address__ + # replacement: mystrom-3dprinter:9452 + # - job_name: prometheus-pushgateway + # scrape_interval: 1m + # scrape_timeout: 30s + # honor_labels: true + # static_configs: + # - targets: + # - prometheus-pushgateway:9091 + # - job_name: wireguard-exporter + # scrape_interval: 1m + # scrape_timeout: 30s + # metrics_path: /metrics + # static_configs: + # - targets: + # - 10.20.30.1:9586 + # - job_name: node-exporter + # scrape_interval: 1m + # scrape_timeout: 30s + # honor_timestamps: true + # # basic_auth: + # # username: randomuser + # # password: examplepassword + # static_configs: + # - targets: # k3s-node01 + # - 192.168.8.111:9100 + # - targets: # k3s-node02 + # - 192.168.8.112:9100 + # - targets: # k3s-node03 + # - 192.168.8.113:9100 + # - targets: # NAS + # - 10.20.30.40:9100 + # ingress: + # enabled: true + # pathType: Prefix + # ingressClassName: nginx-default + # annotations: + # nginx.ingress.kubernetes.io/auth-method: 'GET' + nginx.ingress.kubernetes.io/auth-url: "https://auth.${SECRET_DOMAIN}/api/authz/auth-request" + nginx.ingress.kubernetes.io/auth-signin: "https://auth.${SECRET_DOMAIN}?rm=$request_method" + nginx.ingress.kubernetes.io/auth-response-headers: "Remote-User,Remote-Name,Remote-Groups,Remote-Email" + # hajimari.io/enable: "true" + # hajimari.io/appName: Prometheus + # hajimari.io/icon: mdi:fire + # external-dns/is-public: "true" + # external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET} + # tls: + # - secretName: ${SECRET_DOMAIN/./-}-production-tls + # hosts: + # - prometheus.${SECRET_DOMAIN} + # hosts: + # - prometheus.${SECRET_DOMAIN} diff --git a/kubernetes/apps/observability/kube-prometheus-stack/app/kustomization.yaml b/kubernetes/apps/observability/kube-prometheus-stack/app/kustomization.yaml new file mode 100644 index 000000000..1a892146a --- /dev/null +++ b/kubernetes/apps/observability/kube-prometheus-stack/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: observability +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/observability/kube-prometheus-stack/config/kustomization.yaml b/kubernetes/apps/observability/kube-prometheus-stack/config/kustomization.yaml new file mode 100644 index 000000000..4c6652242 --- /dev/null +++ b/kubernetes/apps/observability/kube-prometheus-stack/config/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: observability +resources: + - ./prometheusrules.yaml + - ./scrapeconfigs.yaml diff --git a/kubernetes/apps/observability/kube-prometheus-stack/config/prometheusrules.yaml b/kubernetes/apps/observability/kube-prometheus-stack/config/prometheusrules.yaml new file mode 100644 index 000000000..ae12afd86 --- /dev/null +++ b/kubernetes/apps/observability/kube-prometheus-stack/config/prometheusrules.yaml @@ -0,0 +1,26 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: homebrew-rules +spec: + groups: + - name: homebrew + rules: + - alert: homebrew_outdated_formulas + expr: | + homebrew_outdated_formulaes > 0 + for: 5m + labels: + severity: critical + annotations: + description: "There are upgradeable Homebrew formulas on {{$labels.instance}}" + summary: "Homebrew formulas can be upgraded" + - alert: homebrew_outdated_casks + expr: | + homebrew_outdated_casks > 0 + for: 5m + labels: + severity: critical + annotations: + description: "There are upgradeable Homebrew casks on {{$labels.instance}}" + summary: "Homebrew casks can be upgraded" diff --git a/kubernetes/apps/observability/kube-prometheus-stack/config/scrapeconfigs.yaml b/kubernetes/apps/observability/kube-prometheus-stack/config/scrapeconfigs.yaml new file mode 100644 index 000000000..29e3b104d --- /dev/null +++ b/kubernetes/apps/observability/kube-prometheus-stack/config/scrapeconfigs.yaml @@ -0,0 +1,35 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/scrapeconfig_v1alpha1.json +apiVersion: monitoring.coreos.com/v1alpha1 +kind: ScrapeConfig +metadata: + name: &name weatherstation +spec: + staticConfigs: + - targets: + - weatherstation.home:80 + metricsPath: /metrics + relabelings: + - action: replace + targetLabel: job + replacement: *name +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/scrapeconfig_v1alpha1.json +apiVersion: monitoring.coreos.com/v1alpha1 +kind: ScrapeConfig +metadata: + name: &name node-exporter +spec: + staticConfigs: + - targets: + - diskstation:9100 + - test-cluster-node01:9100 + - test-cluster-node02:9100 + - test-cluster-node03:9100 + - test-cluster-node04:9100 + - laptop2:9100 + metricsPath: /metrics + relabelings: + - action: replace + targetLabel: job + replacement: *name diff --git a/kubernetes/apps/observability/kube-prometheus-stack/ks.yaml b/kubernetes/apps/observability/kube-prometheus-stack/ks.yaml new file mode 100644 index 000000000..4fc850cd1 --- /dev/null +++ b/kubernetes/apps/observability/kube-prometheus-stack/ks.yaml @@ -0,0 +1,47 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app kube-prometheus-stack + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: observability + dependsOn: + - name: csi-driver-nfs + - name: alertmanager-discord + path: ./kubernetes/apps/observability/kube-prometheus-stack/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app kube-prometheus-config + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: observability + dependsOn: + - name: kube-prometheus-stack + path: ./kubernetes/apps/observability/kube-prometheus-stack/config + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/observability/kubernetes-dashboard/app/helmrelease.yaml b/kubernetes/apps/observability/kubernetes-dashboard/app/helmrelease.yaml new file mode 100644 index 000000000..218b0217f --- /dev/null +++ b/kubernetes/apps/observability/kubernetes-dashboard/app/helmrelease.yaml @@ -0,0 +1,59 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: kubernetes-dashboard + namespace: observability +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: kubernetes-dashboard + version: 7.4.0 + sourceRef: + kind: HelmRepository + name: kubernetes-dashboard + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + env: + TZ: ${TIMEZONE} + extraArgs: + - --enable-skip-login + - --disable-settings-authorizer + - --enable-insecure-login + - --token-ttl=43200 + ingress: + enabled: true + className: nginx-default + annotations: + cert-manager.io/cluster-issuer: letsencrypt-staging + hajimari.io/icon: mdi:kubernetes + hosts: + - &host kubernetes.${SECRET_DOMAIN} + tls: + - hosts: + - *host + secretName: kubernetes-dashboard-tls + metricsScraper: + enabled: true + serviceMonitor: + enabled: false + nginx: + enabled: false + cert-manager: + enabled: false diff --git a/kubernetes/apps/observability/kubernetes-dashboard/app/kustomization.yaml b/kubernetes/apps/observability/kubernetes-dashboard/app/kustomization.yaml new file mode 100644 index 000000000..2a52e3f34 --- /dev/null +++ b/kubernetes/apps/observability/kubernetes-dashboard/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: observability +resources: + - ./rbac.yaml + - ./helmrelease.yaml diff --git a/kubernetes/apps/observability/kubernetes-dashboard/app/rbac.yaml b/kubernetes/apps/observability/kubernetes-dashboard/app/rbac.yaml new file mode 100644 index 000000000..5286622fe --- /dev/null +++ b/kubernetes/apps/observability/kubernetes-dashboard/app/rbac.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubernetes-dashboard + namespace: observability + labels: + app.kubernetes.io/managed-by: Helm + annotations: + meta.helm.sh/release-name: kubernetes-dashboard + meta.helm.sh/release-namespace: observability +secrets: + - name: kubernetes-dashboard +--- +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: kubernetes-dashboard + namespace: observability + labels: + app.kubernetes.io/managed-by: Helm + annotations: + meta.helm.sh/release-name: kubernetes-dashboard + meta.helm.sh/release-namespace: observability + kubernetes.io/service-account.name: kubernetes-dashboard +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:kubernetes-dashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: kubernetes-dashboard + namespace: observability diff --git a/kubernetes/apps/observability/kubernetes-dashboard/ks.yaml b/kubernetes/apps/observability/kubernetes-dashboard/ks.yaml new file mode 100644 index 000000000..3ca1af9f5 --- /dev/null +++ b/kubernetes/apps/observability/kubernetes-dashboard/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app kubernetes-dashboard + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: observability + path: ./kubernetes/apps/observability/kubernetes-dashboard/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/observability/kustomization.yaml b/kubernetes/apps/observability/kustomization.yaml new file mode 100644 index 000000000..b487454be --- /dev/null +++ b/kubernetes/apps/observability/kustomization.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./namespace.yaml + - ./alertmanager-discord/ks.yaml + - ./kube-prometheus-stack/ks.yaml + - ./kubernetes-dashboard/ks.yaml + - ./vpa/ks.yaml + - ./grafana/ks.yaml + - ./goldilocks/ks.yaml + - ./prometheus-operator-crds/ks.yaml + - ./gatus/ks.yaml + - ./vector/ks.yaml + - ./unpoller/ks.yaml + - ./prometheus-pushgateway/ks.yaml diff --git a/kubernetes/apps/observability/loki/app/configmap.yaml b/kubernetes/apps/observability/loki/app/configmap.yaml new file mode 100644 index 000000000..66571dee5 --- /dev/null +++ b/kubernetes/apps/observability/loki/app/configmap.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: loki-alerting-rules +data: + loki-alerting-rules.yaml: |- + groups: + # + # SMART Failures + # + - name: smart-failure + rules: + - alert: SmartFailures + expr: | + sum by (hostname) (count_over_time({hostname=~".+"} | json | _SYSTEMD_UNIT = "smartmontools.service" !~ "(?i)previous self-test completed without error" !~ "(?i)Prefailure" |~ "(?i)(error|fail)"[2m])) > 0 + for: 2m + labels: + severity: critical + category: logs + annotations: + summary: "SMART has reported failures on host {{ $labels.hostname }}" + # + # *arr + # + - name: arr + rules: + - alert: ArrDatabaseIsLocked + expr: | + sum by (app) (count_over_time({app=~".*arr"} |~ "(?i)database is locked"[2m])) > 0 + for: 2m + labels: + severity: critical + category: logs + annotations: + summary: "{{ $labels.app }} is experiencing locked database issues" + - alert: ArrDatabaseIsMalformed + expr: | + sum by (app) (count_over_time({app=~".*arr"} |~ "(?i)database disk image is malformed"[2m])) > 0 + for: 2m + labels: + severity: critical + category: logs + annotations: + summary: "{{ $labels.app }} is experiencing malformed database disk image issues" diff --git a/kubernetes/apps/observability/loki/app/helmrelease.yaml b/kubernetes/apps/observability/loki/app/helmrelease.yaml new file mode 100644 index 000000000..2367a818e --- /dev/null +++ b/kubernetes/apps/observability/loki/app/helmrelease.yaml @@ -0,0 +1,224 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: loki +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: loki + version: 6.6.2 + sourceRef: + kind: HelmRepository + name: grafana + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + loki: + structuredConfig: + auth_enabled: false + + server: + log_level: info + http_listen_port: 3100 + grpc_listen_port: 9095 + + memberlist: + join_members: [loki-memberlist] + + limits_config: + retention_period: 60d + enforce_metric_name: false + reject_old_samples: true + reject_old_samples_max_age: 168h + max_cache_freshness_per_query: 10m + split_queries_by_interval: 15m + ingestion_rate_mb: 50 + ingestion_burst_size_mb: 1000 + per_stream_rate_limit: 5MB + per_stream_rate_limit_burst: 20MB + + shard_streams: + enabled: true + + schema_config: + configs: + - from: "2022-01-11" + store: boltdb-shipper + object_store: s3 + schema: v12 + index: + prefix: loki_index_ + period: 24h + + common: + path_prefix: /var/loki + replication_factor: 3 + storage: + s3: + bucketnames: loki + region: us-east-1 + access_key_id: ${SECRET_MINIO_ACCESSKEY} + secret_access_key: ${SECRET_MINIO_SECRETKEY} + endpoint: http://minio.lab.tdeutsch.ch:9091 + s3forcepathstyle: true + insecure: true + ring: + kvstore: + store: memberlist + + ruler: + enable_api: true + enable_alertmanager_v2: true + alertmanager_url: http://kube-prometheus-stack-alertmanager:9093 + storage: + type: local + local: + directory: /rules + rule_path: /tmp/scratch + ring: + kvstore: + store: memberlist + + distributor: + ring: + kvstore: + store: memberlist + + compactor: + working_directory: /var/loki/boltdb-shipper-compactor + shared_store: s3 + compaction_interval: 10m + retention_enabled: true + retention_delete_delay: 2h + retention_delete_worker_count: 150 + + ingester: + max_chunk_age: 1h + lifecycler: + ring: + kvstore: + store: memberlist + + analytics: + reporting_enabled: false + + gateway: + enabled: true + replicas: 1 + affinity: | + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchLabels: + {{- include "loki.gatewaySelectorLabels" . | nindent 12 }} + topologyKey: kubernetes.io/hostname + ingress: + enabled: true + ingressClassName: nginx-default + hosts: + - host: loki.${SECRET_DOMAIN} + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - loki.${SECRET_DOMAIN} + + write: + replicas: 1 + affinity: | + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchLabels: + {{- include "loki.writeSelectorLabels" . | nindent 12 }} + topologyKey: kubernetes.io/hostname + persistence: + size: 10Gi + storageClass: csi-nfs + tolerations: + - key: arm + operator: Exists + + read: + replicas: 1 + affinity: | + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchLabels: + {{- include "loki.readSelectorLabels" . | nindent 12 }} + topologyKey: kubernetes.io/hostname + persistence: + size: 10Gi + storageClass: csi-nfs + extraVolumeMounts: + - name: rules + mountPath: /rules + extraVolumes: + - name: rules + emptyDir: {} + tolerations: + - key: arm + operator: Exists + + backend: + replicas: 1 + persistence: + storageClass: csi-nfs + extraVolumeMounts: + - name: rules + mountPath: /rules/fake + - name: scratch + mountPath: /tmp/scratch + extraVolumes: + - name: rules + # emptyDir: {} + configMap: + name: loki-alerting-rules + - name: scratch + emptyDir: {} + + monitoring: + dashboards: + enabled: true + annotations: + kustomize.toolkit.fluxcd.io/substitute: disabled + grafana_folder: Loki + labels: + grafana_dashboard: "true" + rules: + enabled: false + serviceMonitor: + enabled: true + selfMonitoring: + enabled: false + lokiCanary: + enabled: false + grafanaAgent: + installOperator: false + lokiCanary: + enabled: false + test: + enabled: false diff --git a/kubernetes/apps/observability/loki/app/kustomization.yaml b/kubernetes/apps/observability/loki/app/kustomization.yaml new file mode 100644 index 000000000..fad204084 --- /dev/null +++ b/kubernetes/apps/observability/loki/app/kustomization.yaml @@ -0,0 +1,9 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: observability +resources: + - configmap.yaml + - helmrelease.yaml + - servicemonitor.yaml diff --git a/kubernetes/apps/observability/loki/app/servicemonitor.yaml b/kubernetes/apps/observability/loki/app/servicemonitor.yaml new file mode 100644 index 000000000..00da69ec7 --- /dev/null +++ b/kubernetes/apps/observability/loki/app/servicemonitor.yaml @@ -0,0 +1,20 @@ +# --- +# apiVersion: monitoring.coreos.com/v1 +# kind: ServiceMonitor +# metadata: +# name: &app loki +# namespace: logs +# labels: &labels +# app.kubernetes.io/component: read +# app.kubernetes.io/instance: *app +# app.kubernetes.io/name: *app +# spec: +# selector: +# matchLabels: +# <<: *labels +# endpoints: +# - port: "3100" +# scheme: http +# path: /metrics +# interval: 2m +# scrapeTimeout: 30s diff --git a/kubernetes/apps/observability/loki/ks.dis b/kubernetes/apps/observability/loki/ks.dis new file mode 100644 index 000000000..76f2ebc76 --- /dev/null +++ b/kubernetes/apps/observability/loki/ks.dis @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app loki + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: observability + dependsOn: + - name: csi-driver-nfs + path: ./kubernetes/apps/observability/loki/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/observability/namespace.yaml b/kubernetes/apps/observability/namespace.yaml new file mode 100644 index 000000000..ce3a5bd22 --- /dev/null +++ b/kubernetes/apps/observability/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: observability + labels: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/kubernetes/apps/observability/netdata/app/helmrelease.yaml b/kubernetes/apps/observability/netdata/app/helmrelease.yaml new file mode 100644 index 000000000..5e661a34a --- /dev/null +++ b/kubernetes/apps/observability/netdata/app/helmrelease.yaml @@ -0,0 +1,68 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: netdata + namespace: observability +spec: + interval: 30m + timeout: 15m + chart: + spec: + chart: netdata + version: 3.7.90 + sourceRef: + kind: HelmRepository + name: netdata + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx-default + path: / + pathType: Prefix + hosts: + - &host netdata.${SECRET_DOMAIN} + tls: + - secretName: "${SECRET_DOMAIN/./-}-production-tls" + hosts: + - *host + env: + TZ: ${TIMEZONE} + child: + configs: + sonarr-exporter: + enabled: true + path: /etc/netdata/go.d/sonarr-exporter.conf + data: | + update_every: 1 + autodetection_retry: 0 + jobs: + - url: http://sonarr-exporter.media.svc.cluster.local:9707/metrics + # parent: + # enabled: true + # alarms: + # storageclass: "${MAIN_SC}" + # database: + # storageclass: "${MAIN_SC}" + + # child: + # enabled: false + + # k8sState: + # enabled: false diff --git a/kubernetes/apps/observability/netdata/app/kustomization.yaml b/kubernetes/apps/observability/netdata/app/kustomization.yaml new file mode 100644 index 000000000..1a892146a --- /dev/null +++ b/kubernetes/apps/observability/netdata/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: observability +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/observability/netdata/ks.dis b/kubernetes/apps/observability/netdata/ks.dis new file mode 100644 index 000000000..65f21f00a --- /dev/null +++ b/kubernetes/apps/observability/netdata/ks.dis @@ -0,0 +1,24 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app netdata + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: ${STORAGE_KUST} + - name: vpa + targetNamespace: observability + path: ./kubernetes/apps/observability/netdata/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/observability/prometheus-operator-crds/app/helmrelease.yaml b/kubernetes/apps/observability/prometheus-operator-crds/app/helmrelease.yaml new file mode 100644 index 000000000..1a8e3442f --- /dev/null +++ b/kubernetes/apps/observability/prometheus-operator-crds/app/helmrelease.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: prometheus-operator-crds +spec: + interval: 30m + chart: + spec: + chart: prometheus-operator-crds + version: 12.0.0 + sourceRef: + kind: HelmRepository + name: prometheus-community + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 diff --git a/kubernetes/apps/observability/prometheus-operator-crds/app/kustomization.yaml b/kubernetes/apps/observability/prometheus-operator-crds/app/kustomization.yaml new file mode 100644 index 000000000..5dd7baca7 --- /dev/null +++ b/kubernetes/apps/observability/prometheus-operator-crds/app/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/observability/prometheus-operator-crds/ks.yaml b/kubernetes/apps/observability/prometheus-operator-crds/ks.yaml new file mode 100644 index 000000000..19ed2ef9e --- /dev/null +++ b/kubernetes/apps/observability/prometheus-operator-crds/ks.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app prometheus-operator-crds + namespace: flux-system +spec: + targetNamespace: observability + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/observability/prometheus-operator-crds/app + prune: false # never should be deleted + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/observability/prometheus-pushgateway/app/helmrelease.yaml b/kubernetes/apps/observability/prometheus-pushgateway/app/helmrelease.yaml new file mode 100644 index 000000000..885883560 --- /dev/null +++ b/kubernetes/apps/observability/prometheus-pushgateway/app/helmrelease.yaml @@ -0,0 +1,46 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: prometheus-pushgateway + namespace: observability +spec: + interval: 30m + timeout: 15m + chart: + spec: + chart: prometheus-pushgateway + version: 2.12.0 + sourceRef: + kind: HelmRepository + name: prometheus-community + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + fullnameOverride: prometheus-pushgateway + ingress: + enabled: true + annotations: + hajimari.io/enable: "true" + hajimari.io/appName: Prometheus Pushgateway + hajimari.io/icon: mdi:fire + ingressClassName: nginx-default + tls: + - secretName: ${SECRET_DOMAIN/./-}-production-tls + hosts: + - prometheus-pushgateway.int.${SECRET_DOMAIN} + hosts: + - prometheus-pushgateway.int.${SECRET_DOMAIN} diff --git a/kubernetes/apps/observability/prometheus-pushgateway/app/kustomization.yaml b/kubernetes/apps/observability/prometheus-pushgateway/app/kustomization.yaml new file mode 100644 index 000000000..5c55d0019 --- /dev/null +++ b/kubernetes/apps/observability/prometheus-pushgateway/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: observability +resources: + - ./helmrelease.yaml + - ./prometheusrule.yaml diff --git a/kubernetes/apps/observability/prometheus-pushgateway/app/prometheusrule.yaml b/kubernetes/apps/observability/prometheus-pushgateway/app/prometheusrule.yaml new file mode 100755 index 000000000..c72770ecf --- /dev/null +++ b/kubernetes/apps/observability/prometheus-pushgateway/app/prometheusrule.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + prometheus: k8s + role: alert-rules + name: pushgateway-rules + namespace: monitoring +spec: + groups: + - name: pushgateway.rules + rules: + - alert: PushgatewayDown + expr: up{job="pushgateway"} != 1 + for: 10m + labels: + severity: page + annotations: + summary: A Pushgateway is down + - alert: PushesDelayed + expr: time() - push_time_seconds{job="indoorclimate"} > 1800 + for: 5m + labels: + severity: critical + annotations: + summary: Pushgateway pushers are delayed + - alert: InconsistentMetrics + expr: rate(pushgateway_http_requests_total{code="400",handler="push",job="pushgateway"}[2m]) + > 0 + for: 5m + labels: + severity: critical + annotations: + summary: Someone is continuously trying to push inconsistent metrics to + the Pushgateway diff --git a/kubernetes/apps/observability/prometheus-pushgateway/ks.yaml b/kubernetes/apps/observability/prometheus-pushgateway/ks.yaml new file mode 100644 index 000000000..1c517f319 --- /dev/null +++ b/kubernetes/apps/observability/prometheus-pushgateway/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app prometheus-pushgateway + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: observability + dependsOn: + - name: kube-prometheus-stack + path: ./kubernetes/apps/observability/prometheus-pushgateway/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/observability/unpoller/app/helmrelease.yaml b/kubernetes/apps/observability/unpoller/app/helmrelease.yaml new file mode 100644 index 000000000..1aae5b4e8 --- /dev/null +++ b/kubernetes/apps/observability/unpoller/app/helmrelease.yaml @@ -0,0 +1,85 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: unpoller + namespace: observability +spec: + interval: 30m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + dependsOn: + - name: kube-prometheus-stack + namespace: observability + values: + controllers: + unpoller: + containers: + app: + image: + repository: ghcr.io/unpoller/unpoller + tag: v2.11.2 + env: + TZ: Europe/Zurich + UP_UNIFI_DEFAULT_ROLE: sky + UP_UNIFI_DEFAULT_URL: https://10.20.30.1 + UP_UNIFI_DEFAULT_VERIFY_SSL: false + UP_UNIFI_DEFAULT_USER: unifipoller + UP_UNIFI_DEFAULT_PASS: Unifi4Poller + UP_INFLUXDB_DISABLE: true + probes: + liveness: + enabled: true + readiness: + enabled: true + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + cpu: 10m + limits: + memory: 128Mi + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + seccompProfile: { type: RuntimeDefault } + service: + app: + controller: unpoller + ports: + http: + port: 9130 + serviceMonitor: + app: + serviceName: unpoller + endpoints: + - port: http + scheme: http + path: /metrics + interval: 2m # Unifi API only polls at 2m intervals + scrapeTimeout: 10s diff --git a/kubernetes/apps/observability/unpoller/app/kustomization.yaml b/kubernetes/apps/observability/unpoller/app/kustomization.yaml new file mode 100644 index 000000000..1a892146a --- /dev/null +++ b/kubernetes/apps/observability/unpoller/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: observability +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/observability/unpoller/config/kustomization.yaml b/kubernetes/apps/observability/unpoller/config/kustomization.yaml new file mode 100644 index 000000000..724e004e2 --- /dev/null +++ b/kubernetes/apps/observability/unpoller/config/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: observability +resources: + - ./prometheusrule.yaml diff --git a/kubernetes/apps/observability/unpoller/config/prometheusrule.yaml b/kubernetes/apps/observability/unpoller/config/prometheusrule.yaml new file mode 100644 index 000000000..000bbd6fa --- /dev/null +++ b/kubernetes/apps/observability/unpoller/config/prometheusrule.yaml @@ -0,0 +1,104 @@ +--- +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: unifi-rules +spec: + groups: + - name: unpoller-high-memory + rules: + - alert: UnPollerMemoryUsage + annotations: + summary: ">95% memory usage on {{$labels.name}} for the last 15 minutes." + expr: unpoller_device_memory_utilization_ratio >= 0.95 + for: 15m + labels: + severity: critical + - alert: UnPollerCPUUsage + annotations: + summary: ">95% cpu usage on {{$labels.name}} for the last 15 minutes." + expr: unpoller_device_cpu_utilization_ratio >= 0.95 + for: 15m + labels: + severity: critical + - alert: UnPollerLoad5 + annotations: + summary: "Load 5 > 2 on {{$labels.name}} for the last 15 minutes." + expr: unpoller_device_load_average_5 >= 2 + for: 15m + labels: + severity: critical + - alert: UnPollerAbsent + annotations: + description: UnPoller has disappeared from Prometheus service discovery. + summary: UnPoller is down. + expr: | + absent(up{job=~".*unpoller.*"} == 1) + for: 5m + labels: + severity: critical + - alert: unpoller_device_upgradable + annotations: + summary: "Device {{$labels.name}} is upgradeable" + expr: unpoller_device_upgradable >= 1 + for: 15m + labels: + severity: critical + - alert: UnPollerUplinkLatency + annotations: + summary: "Uplink latency > 0.01 on {{$labels.name}} for the last 5 minutes." + expr: unpoller_device_uplink_latency_seconds >= 0.01 + for: 5m + labels: + severity: critical + - alert: UnPollerSpeedtestLatency + annotations: + summary: "Speedtest latency > 0.01 on {{$labels.name}} for the last 5 minutes." + expr: unpoller_device_speedtest_latency_seconds >= 0.01 + for: 5m + labels: + severity: critical + - alert: UnPollerSpeedtestUpload + annotations: + summary: "Speedtest Upload < 200 on {{$labels.name}} for the last 15 minutes." + expr: unpoller_device_speedtest_upload <= 200 + for: 15m + labels: + severity: warning + - alert: UnPollerSpeedtestDownload + annotations: + summary: "Speedtest download < 200 on {{$labels.name}} for the last 15 minutes." + expr: unpoller_device_speedtest_download <= 200 + for: 15m + labels: + severity: warning + - alert: UnPollerWANtransmitDrops + annotations: + summary: "Increasing transmitting drops on WAN interface on {{$labels.name}} for the last 15 minutes." + expr: delta(unpoller_device_wan_transmit_dropped_total[15m]) > 0 + labels: + severity: warning + - alert: UnPollerWANtransmitErrors + annotations: + summary: "Increasing transmitting errors on WAN interface on {{$labels.name}} for the last 15 minutes." + expr: delta(unpoller_device_wan_transmit_errors_total[15m]) > 0 + labels: + severity: warning + - alert: UnPollerWANReceiveDrops + annotations: + summary: "Increasing receiving drops on WAN interface on {{$labels.name}} for the last 15 minutes." + expr: delta(unpoller_device_wan_receive_dropped_total[15m]) > 0 + labels: + severity: warning + - alert: UnPollerWANReceiveErrors + annotations: + summary: "Increasing receiving errors on WAN interface on {{$labels.name}} for the last 15 minutes." + expr: delta(unpoller_device_wan_receive_errors_total[15m]) > 0 + labels: + severity: warning + - alert: UnPollerDeviceRebooted + annotations: + summary: "Device {{$labels.name}} has been rebooted in the last 24 hours." + expr: delta(unpoller_device_uptime_seconds[24h]) < 0 + labels: + severity: warning diff --git a/kubernetes/apps/observability/unpoller/ks.yaml b/kubernetes/apps/observability/unpoller/ks.yaml new file mode 100644 index 000000000..ac621ed2a --- /dev/null +++ b/kubernetes/apps/observability/unpoller/ks.yaml @@ -0,0 +1,44 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app unpoller + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: observability + path: ./kubernetes/apps/observability/unpoller/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app unpoller-config + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: unpoller + targetNamespace: observability + path: ./kubernetes/apps/observability/unpoller/config + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/observability/vector/agent/helmrelease.yaml b/kubernetes/apps/observability/vector/agent/helmrelease.yaml new file mode 100644 index 000000000..fea1ffc4e --- /dev/null +++ b/kubernetes/apps/observability/vector/agent/helmrelease.yaml @@ -0,0 +1,85 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: vector-agent +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: vector + version: 0.33.0 + sourceRef: + kind: HelmRepository + name: vector-charts + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + image: + repository: timberio/vector + tag: 0.38.0-debian + role: Agent + customConfig: + data_dir: /vector-data-dir + api: + enabled: false + sources: + journal_logs: + type: journald + journal_directory: /var/log/journal + kubernetes_logs: + type: kubernetes_logs + pod_annotation_fields: + container_image: container_image + container_name: container_name + pod_annotations: pod_annotations + pod_labels: pod_labels + pod_name: pod_name + vector_metrics: + type: internal_metrics + sinks: + loki_journal: + type: vector + compression: true + inputs: + - journal_logs + address: vector-aggregator:6000 + version: "2" + loki_kubernetes: + type: vector + compression: true + inputs: + - kubernetes_logs + address: vector-aggregator:6010 + version: "2" + prom_exporter: + type: prometheus_exporter + inputs: + - vector_metrics + address: 0.0.0.0:9090 + service: + enabled: false + podMonitor: + enabled: true + securityContext: + privileged: true + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + - key: node-role.kubernetes.io/master + operator: Exists diff --git a/kubernetes/apps/observability/vector/agent/kustomization.yaml b/kubernetes/apps/observability/vector/agent/kustomization.yaml new file mode 100644 index 000000000..25423e7cf --- /dev/null +++ b/kubernetes/apps/observability/vector/agent/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: observability +resources: + - helmrelease.yaml diff --git a/kubernetes/apps/observability/vector/aggregator/helmrelease.yaml b/kubernetes/apps/observability/vector/aggregator/helmrelease.yaml new file mode 100644 index 000000000..c567cc6bb --- /dev/null +++ b/kubernetes/apps/observability/vector/aggregator/helmrelease.yaml @@ -0,0 +1,119 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: vector-aggregator +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: vector + version: 0.33.0 + sourceRef: + kind: HelmRepository + name: vector-charts + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + image: + repository: timberio/vector + tag: 0.38.0-debian + role: Stateless-Aggregator + customConfig: + data_dir: /vector-data-dir + api: + enabled: true + address: 0.0.0.0:8686 + sources: + journal_logs: + type: vector + address: 0.0.0.0:6000 + version: "2" + kubernetes_logs: + type: vector + address: 0.0.0.0:6010 + version: "2" + vector_metrics: + type: internal_metrics + syslog: + type: syslog + address: 0.0.0.0:9000 + mode: tcp + transforms: + kubernetes_logs_remap: + type: remap + inputs: + - kubernetes_logs + source: | + # Standardize 'app' index + .custom_app_name = .pod_labels."app.kubernetes.io/name" || .pod_labels.app || .pod_labels."k8s-app" || "unknown" + sinks: + loki_journal: + type: loki + inputs: + - journal_logs + endpoint: http://loki-gateway.observability.svc.cluster.local:80 + encoding: + codec: json + batch: + max_bytes: 2049000 + out_of_order_action: accept + remove_label_fields: true + remove_timestamp: true + labels: + hostname: >- + {{`{{ host }}`}} + loki_kubernetes: + type: loki + inputs: + - kubernetes_logs_remap + endpoint: http://loki-gateway.observability.svc.cluster.local:80 + encoding: + codec: json + batch: + max_bytes: 2049000 + out_of_order_action: accept + remove_label_fields: true + remove_timestamp: true + labels: + app: >- + {{`{{ custom_app_name }}`}} + namespace: >- + {{`{{ kubernetes.pod_namespace }}`}} + node: >- + {{`{{ kubernetes.pod_node_name }}`}} + prom_exporter: + type: prometheus_exporter + inputs: + - vector_metrics + address: 0.0.0.0:9090 + service: + enabled: true + type: LoadBalancer + annotations: + io.cilium/lb-ipam-ips: ${CILIUM_LB_VECTOR_ADDR} + podMonitor: + enabled: true + # postRenderers: + # - kustomize: + # patchesJson6902: + # - target: + # kind: Service + # name: vector-aggregator + # patch: + # - op: replace + # path: /spec/externalTrafficPolicy + # value: Cluster diff --git a/kubernetes/apps/observability/vector/aggregator/kustomization.yaml b/kubernetes/apps/observability/vector/aggregator/kustomization.yaml new file mode 100644 index 000000000..25423e7cf --- /dev/null +++ b/kubernetes/apps/observability/vector/aggregator/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: observability +resources: + - helmrelease.yaml diff --git a/kubernetes/apps/observability/vector/ks.yaml b/kubernetes/apps/observability/vector/ks.yaml new file mode 100644 index 000000000..341706dc0 --- /dev/null +++ b/kubernetes/apps/observability/vector/ks.yaml @@ -0,0 +1,47 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app vector-aggregator + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: cilium-config + targetNamespace: observability + path: ./kubernetes/apps/observability/vector/aggregator + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app vector-agent + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: observability + dependsOn: + - name: vector-aggregator + - name: cilium-config + path: ./kubernetes/apps/observability/vector/agent + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/observability/vpa/app/helmrelease.yaml b/kubernetes/apps/observability/vpa/app/helmrelease.yaml new file mode 100644 index 000000000..7b60dfe0f --- /dev/null +++ b/kubernetes/apps/observability/vpa/app/helmrelease.yaml @@ -0,0 +1,51 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: vpa + namespace: observability +spec: + interval: 30m + timeout: 15m + chart: + spec: + chart: vpa + version: 4.4.6 + sourceRef: + kind: HelmRepository + name: fairwinds + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + recommender: + enabled: true + image: + repository: registry.k8s.io/autoscaling/vpa-recommender + tag: 1.1.2 + resources: + requests: + cpu: 10m + memory: 100M + limits: + memory: 200M + extraArgs: + v: "4" + pod-recommendation-min-cpu-millicores: 15 + pod-recommendation-min-memory-mb: 61 + updater: + enabled: false + admissionController: + enabled: false diff --git a/kubernetes/apps/observability/vpa/app/kustomization.yaml b/kubernetes/apps/observability/vpa/app/kustomization.yaml new file mode 100644 index 000000000..1a892146a --- /dev/null +++ b/kubernetes/apps/observability/vpa/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: observability +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/observability/vpa/ks.yaml b/kubernetes/apps/observability/vpa/ks.yaml new file mode 100644 index 000000000..8d69635ba --- /dev/null +++ b/kubernetes/apps/observability/vpa/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app vpa + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: observability + path: ./kubernetes/apps/observability/vpa/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/openebs-system/kustomization.yaml b/kubernetes/apps/openebs-system/kustomization.yaml new file mode 100644 index 000000000..9cd8d4e4f --- /dev/null +++ b/kubernetes/apps/openebs-system/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./namespace.yaml + - ./openebs/ks.yaml diff --git a/kubernetes/apps/openebs-system/namespace.yaml b/kubernetes/apps/openebs-system/namespace.yaml new file mode 100644 index 000000000..f173c6c9c --- /dev/null +++ b/kubernetes/apps/openebs-system/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: openebs-system + labels: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml b/kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml new file mode 100644 index 000000000..975bff303 --- /dev/null +++ b/kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: openebs +spec: + interval: 30m + chart: + spec: + chart: openebs + version: 4.0.1 + sourceRef: + kind: HelmRepository + name: openebs + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + values: + engines: + local: + lvm: + enabled: false + zfs: + enabled: false + replicated: + mayastor: + enabled: false + openebs-crds: + csi: + volumeSnapshots: + enabled: false + localpv-provisioner: + localpv: + image: + registry: quay.io/ + hostpathClass: + enabled: true + name: openebs-hostpath + isDefaultClass: false + basePath: /var/openebs/local diff --git a/kubernetes/apps/openebs-system/openebs/app/kustomization.yaml b/kubernetes/apps/openebs-system/openebs/app/kustomization.yaml new file mode 100644 index 000000000..5dd7baca7 --- /dev/null +++ b/kubernetes/apps/openebs-system/openebs/app/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/openebs-system/openebs/ks.yaml b/kubernetes/apps/openebs-system/openebs/ks.yaml new file mode 100644 index 000000000..531f679ed --- /dev/null +++ b/kubernetes/apps/openebs-system/openebs/ks.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app openebs + namespace: flux-system +spec: + targetNamespace: openebs-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/openebs-system/openebs/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/security/external-secrets/ks.yaml b/kubernetes/apps/security/external-secrets/ks.yaml new file mode 100644 index 000000000..50347699e --- /dev/null +++ b/kubernetes/apps/security/external-secrets/ks.yaml @@ -0,0 +1,44 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app external-secrets-operator + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: security + path: ./kubernetes/apps/security/external-secrets/operator + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app external-secrets-secretstores + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/security/external-secrets/secretstores + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + dependsOn: + - name: external-secrets-operator + targetNamespace: security + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/security/external-secrets/operator/helmrelease.yaml b/kubernetes/apps/security/external-secrets/operator/helmrelease.yaml new file mode 100644 index 000000000..8e43e9eb7 --- /dev/null +++ b/kubernetes/apps/security/external-secrets/operator/helmrelease.yaml @@ -0,0 +1,40 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: external-secrets +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: external-secrets + version: 0.9.18 + sourceRef: + kind: HelmRepository + name: external-secrets + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + installCRDs: true + serviceMonitor: + enabled: true + webhook: + serviceMonitor: + enabled: true + certController: + serviceMonitor: + enabled: true diff --git a/kubernetes/apps/security/external-secrets/operator/kustomization.yaml b/kubernetes/apps/security/external-secrets/operator/kustomization.yaml new file mode 100644 index 000000000..17cbc72b2 --- /dev/null +++ b/kubernetes/apps/security/external-secrets/operator/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/security/external-secrets/secretstores/doppler/kustomization.yaml b/kubernetes/apps/security/external-secrets/secretstores/doppler/kustomization.yaml new file mode 100644 index 000000000..0508dd04e --- /dev/null +++ b/kubernetes/apps/security/external-secrets/secretstores/doppler/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./secret.sops.yaml + - ./secretstore.yaml diff --git a/kubernetes/apps/security/external-secrets/secretstores/doppler/secret.sops.yaml b/kubernetes/apps/security/external-secrets/secretstores/doppler/secret.sops.yaml new file mode 100644 index 000000000..cf5608600 --- /dev/null +++ b/kubernetes/apps/security/external-secrets/secretstores/doppler/secret.sops.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +stringData: + dopplerToken: ENC[AES256_GCM,data:g2iEL/9pvyVXWUkVYJYIEj3nmCZCaP2kMYqRmAfLPKgghoodu5CaaXENdIQIiUQ4GtUxDq08CXfyJs19mQ==,iv:6Y2p6v0szMQSGySlXKWNxf5gPIpPR1mHGhf4IV0JJl0=,tag:nDV7xs8vpmEKrixm/xrxHA==,type:str] +kind: Secret +metadata: + name: doppler-token-auth-api +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ek9hRUJHbk5OSVRtSkND + dWNZbG9uVlIzaUR0ekYrcFZScFEvQXo1aEFFCjlrR1lFSVlQWER2VmNYUkFhT21m + TXdZSkUrcm1ZUHQ0aEJ4SWwyZTdaWkkKLS0tIENVS09zaHRLYk55Mnl3bjE0eWNU + Z0RwQ3I5QXMvZWhzQW9hVW9nTE45YzgKlxbbjqihW8qoqWhrLCtzxfAMpXLRYzH7 + oq2Lab8rwhppqD28tiGknY61q82x/SaZNphYoXEAZKWEMKYo3lpX3A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-05-16T17:01:55Z" + mac: ENC[AES256_GCM,data:QE7nolYJJMAVdB3ZNaNCx6GyhigrcTlbglmGk857ojP02MS7WNcVpI64RbcG2HkGKjYpQiZ1QPRz5vKooSPQj7NNtzjpr9D6ChksVuEIC5x/8kotv5WmJAdYI7z8OGzJRM/XC8B8rqKOmEck1/zGU95/BYY3uA7hlJZ7/LpwmXA=,iv:mHbJ6vpICHAjPh/snpPjkDzWOp1/qH+rJ3wP8zlVExo=,tag:KHoJmvkufrMnPS3lm67Pmg==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/kubernetes/apps/security/external-secrets/secretstores/doppler/secretstore.yaml b/kubernetes/apps/security/external-secrets/secretstores/doppler/secretstore.yaml new file mode 100644 index 000000000..794cb3079 --- /dev/null +++ b/kubernetes/apps/security/external-secrets/secretstores/doppler/secretstore.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: doppler-auth-api +spec: + provider: + doppler: + auth: + secretRef: + dopplerToken: + name: doppler-token-auth-api + namespace: security + key: dopplerToken diff --git a/kubernetes/apps/security/external-secrets/secretstores/kustomization.yaml b/kubernetes/apps/security/external-secrets/secretstores/kustomization.yaml new file mode 100644 index 000000000..a41e314e2 --- /dev/null +++ b/kubernetes/apps/security/external-secrets/secretstores/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: security +resources: + - ./onepassword + - ./doppler diff --git a/kubernetes/apps/security/external-secrets/secretstores/onepassword/helmrelease.yaml b/kubernetes/apps/security/external-secrets/secretstores/onepassword/helmrelease.yaml new file mode 100644 index 000000000..222a005b7 --- /dev/null +++ b/kubernetes/apps/security/external-secrets/secretstores/onepassword/helmrelease.yaml @@ -0,0 +1,143 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: onepassword-connect +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: app-template + version: 3.2.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controllers: + onepassword-connect: + strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" + containers: + api: + image: + repository: docker.io/1password/connect-api + tag: 1.7.2 + env: + XDG_DATA_HOME: &configDir /config + OP_HTTP_PORT: &apiPort 80 + OP_BUS_PORT: 11220 + OP_BUS_PEERS: localhost:11221 + OP_SESSION: + valueFrom: + secretKeyRef: + name: onepassword-connect-secret + key: 1password-credentials.json + probes: + liveness: + enabled: true + custom: true + spec: + httpGet: + path: /heartbeat + port: *apiPort + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 3 + readiness: + enabled: true + custom: true + spec: + httpGet: + path: /health + port: *apiPort + initialDelaySeconds: 15 + securityContext: &securityContext + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: &resources + requests: + cpu: 10m + limits: + memory: 256M + sync: + image: + repository: docker.io/1password/connect-sync + tag: 1.7.2 + env: + XDG_DATA_HOME: *configDir + OP_HTTP_PORT: &syncPort 8081 + OP_BUS_PORT: 11221 + OP_BUS_PEERS: localhost:11220 + OP_SESSION: + valueFrom: + secretKeyRef: + name: onepassword-connect-secret + key: 1password-credentials.json + probes: + liveness: + enabled: true + custom: true + spec: + httpGet: + path: /heartbeat + port: *syncPort + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 3 + readiness: + enabled: true + custom: true + spec: + httpGet: + path: /health + port: *syncPort + initialDelaySeconds: 15 + securityContext: *securityContext + resources: *resources + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 999 + runAsGroup: 999 + fsGroup: 999 + fsGroupChangePolicy: OnRootMismatch + seccompProfile: { type: RuntimeDefault } + service: + app: + controller: onepassword-connect + ports: + http: + port: *apiPort + ingress: + app: + className: nginx-default + hosts: + - host: "{{ .Release.Name }}.${SECRET_DOMAIN}" + paths: + - path: / + service: + identifier: app + port: http + persistence: + config: + type: emptyDir + globalMounts: + - path: *configDir diff --git a/kubernetes/apps/security/external-secrets/secretstores/onepassword/kustomization.yaml b/kubernetes/apps/security/external-secrets/secretstores/onepassword/kustomization.yaml new file mode 100644 index 000000000..8bd89645f --- /dev/null +++ b/kubernetes/apps/security/external-secrets/secretstores/onepassword/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml + - ./secret.sops.yaml + - ./secretstore.yaml diff --git a/kubernetes/apps/security/external-secrets/secretstores/onepassword/secret.sops.yaml b/kubernetes/apps/security/external-secrets/secretstores/onepassword/secret.sops.yaml new file mode 100644 index 000000000..faba09623 --- /dev/null +++ b/kubernetes/apps/security/external-secrets/secretstores/onepassword/secret.sops.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: v1 +stringData: + token: ENC[AES256_GCM,data:+yrrku0u+7eZfc5shry6J1CYtmNS/17TVqIpTmscy80KauEv+YA8/uu1KnWaQWWv1663FnfI8qXM12PNCSbHd0wLVRUT26YcnkEFx5lo+EbCJAiFXrJyMafWbn6OskRoWdQq7TodOQtjvYXsvzGEJ6IsUZz0JdAcBAohL0DkIiql97F4sGnXXWGRpZhvk6lkQDbWaX+djVAFjAfx2W+N5glzK8ESWX/nSBOnpTfPVosmL3aROA92ER7eQnuZgrz5HnHRuXwEtFIuPf9ykLc75bKxP6xlV6pQV30db5hGc1MISgUiqIIn9PDnMBG2H8Xj67+EsVRMzx5L1U/1yd0Lu8szZxvbR/6YlYyWfmkqG9Js7bYlfJg0xjJZE4sWaqF4TeWlJSmkpSvmL+zJ2/2pCWZTo4Op1ZfGRPaBxz+0kRIMdAbv3HZDBQiuD7mdSNvizbzQ/NYLod5N8aBRawDidLKMqGZZbN70bi2191OxQiJhFyA25trlTcmfZbw0cF6lSfPzS46NcoRl8F35O4jr+/pljbDcEoGuXJaKCxxWCn/e94re8hqLds8dEsqdevo93ahX18hGYLal5qDi0gXTZDgtC+q9mUB3xvgCNAge2DL/+vgZeAL+vYcp+Q2niIh6irWX9t+HAu13T4t18m0azfjgr2YDSyJoxdcj1ZHvt0Oy1m1Wd16ribw2LtcD+zRRreQMRIrEXpY1IN+gx2bMwWNWzku3d9pgAlkXyIx27V2kUNCJOY0kf5qJPyM5f+kaInFGoTgg8F1GLt27IxOW07WbjJXO/MabOs5h1jHF5QwY5//+nFGhdAqyr8KK922bnCBkW18OcxA+bkNH8kkqQbNR,iv:ifaiUGf2JGE26wItSPGtrkenPZQuM5omE8RXyml2qqY=,tag:WZyuZU0K4WJnJXVWL+27fg==,type:str] + 1password-credentials.json: ENC[AES256_GCM,data:0EpilwcQQ1mbuWBnopgRNT4Ra2ifVW4ddx9tBzWEM3Z5JkukOvToAiHUVDSYMFmn7mcu/E5Af4EXy4sQ80DVNkXv4YFLKsWtVD0Pjsm3dpLolQ8uAxhtuiTTF+KFkRA3s125pV/+KmTJ/A5NiTTeEtMBd8O1m01Sus3xVJS9fAlP/sY6/CBut4NGzdLTSTDNWZOJZfvK9lI9J40GT87JiGnhydHOU3WzwuHjjsm4IavgZC/BEAfvbpIzmEaPCMYYtD2SbwfUpJVh97EeBiNxpd8UO8RUStoUlvFLwqgipYCntfQRNhfFRoT19crYvhp83XRtk1v9H+75gJrS2AXZJ/niIBHZs9sSxpwbgqDJGBz/b7Nh0ShYdK0urJL4a6KT1NhbGCnbCqetb+0fki+XkynoafK15ihhHRqoJ0tNNn1/sSghVnfFUmc7gemXoxDpLWh2OmNNkwvs9eKDJlj4Ow1tXPswoUU6dXLNQfTtfU25SUkI5AQs3juwq+YJRTxTqFqf7AlsiKEMOBaHZnX8sa8FnIgpO5plFfApFmfhyGG6xDQxmEd6e3EUFSRDJvKW9+xy2Jwedl5LRyxwT2BAUZUVDIAU5foy4ktFRY+Ajb2PoqryqymV0R8B3gp86fJGNn0dj3U49BkLYDORvIjVU71NBGodCJxqVVbf1ZsgjD8U0vdvBknY1SpoLqXtCtbwzqMJHdaiza7T80X4IRNjJ1Kwb357GTLU81CE2Du9vmUw1+f6GKzqSEVgThHkdEnSX8LOMl6ZHQPU0k11vsnJ+7JCyNEs/8BEgoeBR9D9Cq8FUJQIndSb+Inj/YOZTBSekkHpqAvgzOmmmz74nC8e+CGJ2aEE5av3tagLLuVoOh2/iJtt1Qsz9YmogLmr9QP5GMBzfWceD8E74tcwWnPjLM6rZB5FIvyIPS3uKtcWZedkXHqYApzx8ebGCG7eMjJKoAzTSqeu1QTbNRv6BUdGWXfwH8sld+UtDFrOWa3KMgrYhisJyfDSPqMh/H6VgrmTxKYPt8NUYNLB+yAXt5jIb2Tb1jJm1cpmsCY+zjH4PBP78ri7YDI0BW9c2ZUSzBDSrBLbezz64u5AsURTM9rRFgvn+kJhtxOvJUm+MlSuioOZkI7NtwdN1xM67ntUrB+S8jz3VL52EK8ORA5mUPBIFAhXuTFqVqFMiuzs1LghNATjPEiigUukheGcx271otKVGn/9isko0hQpY33ZC9FTTWOhXZve/bpLaH8d8esonyca/nAOySO9WCb8/8mWEBv2uCDmngBsVbvN890s5XzK8VhUYLOF7xfRckCOqaBhVE8naKAqs9EcIHn5jaktiVkoGmaxs/7mFvqSVAMf8FbL95sWHw93JseNZmi2Im9vyfKqjwDl4XEi6Xbjhiev8zJOCdijW84UiwA1SUrmOkcBdGtRLi1TCsCQ4xiU51mC+qLnRg9KsfKj+4YlVDh6EAE+RfKwBJ6S75OeTrOTyGdN17f7ClvV20xlIUPJ0nkmIYk956uP9uTJS7m5esaEpgVv2Amr14gkITpsuY0brUba6MnUo68+w2lgV0amhGgR6RR79obKFICEpHn5NhfsvefyNcQTaEnGEy41HBrs0F//5xW4llZih8dEZPFoW12S1pIk1zcTRWHM8t9dJCB/M3UX8up+yKgW/uXgLorXk4fP5c2Zu5elXwkQa+Yey5MJuehtWnoF+eQORN8DCmfXVjb4XA0HyTjIySLh06ZUpRqdpAICPN//ZcV3HS+nxUEYSaHZqphwXaoYznPXDus3F6zAxUQLeE2rjJgPXDTeRUjiorw5WAo+viZlBa4RtD75akx3VAgUh88x6kfeocC+owsG0UfHG/ORO2Ce/u3rTYWO9vyD7pY6HS7jh4HAJP4x/RyVU/KMpUVw/dZx2XcegLN85z5WbsOVZ7Y7RwxU,iv:gtpdjyDGb0AKJ2S1snA1sESeqkesi8dLfIyTxEbw+TU=,tag:1u/yu3VIS4HHaGtqqJzquA==,type:str] +kind: Secret +metadata: + name: onepassword-connect-secret +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJVk5jeUQwT2oyMjlSV0t6 + NkpDWjlCaUFXdE9FeVl0bzh2M3Nia012TzJVCjlYUjlPMmVPdHdpT3hBTFRTQ0Y4 + KzFOSzFVQ2V2OEV4ZXdyQnNKYk1VRHcKLS0tIHVrdU51UHN2RWFyeTErQXdjdkwx + UzRycXl5SUhMNUx0a1F4VW16VndnaUkKln0lFslzjCU1LXVD86qytL/eSLPVYlGQ + eUf9aohlG+anEDqY2h/U3hIGnrrWaNEVteI8eXTNvO6AdnVa07RkSg== + -----END AGE ENCRYPTED FILE----- + lastmodified: '2023-03-03T20:04:50Z' + mac: ENC[AES256_GCM,data:aOBJcLG3gEPinMemD2faHVavdRe1fQf2tTgp7PlnOn1GgNvcFDu3FTbLCARU69l0AePrQrCq63qiNmO7N2k2a0l5sYPWDPvL2trJazwCoO9uNo0Dmw+DENMXszY+N2YuZRXBEiRzWITK9rqCCHiaSBRiJ6BICFkSGyYoPr6Pin4=,iv:se/PlganuFOf42TKInen2hyBTnBvOaJoTVNd3jeQttE=,tag:A3+M6q5+9cnbRSt1FOi9Cg==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/kubernetes/apps/security/external-secrets/secretstores/onepassword/secretstore.yaml b/kubernetes/apps/security/external-secrets/secretstores/onepassword/secretstore.yaml new file mode 100644 index 000000000..b9550d9fa --- /dev/null +++ b/kubernetes/apps/security/external-secrets/secretstores/onepassword/secretstore.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: onepassword +spec: + provider: + onepassword: + connectHost: http://onepassword-connect:80 + vaults: + Homelab: 1 + auth: + secretRef: + connectTokenSecretRef: + name: onepassword-connect-secret + namespace: security + key: token diff --git a/kubernetes/apps/security/kustomization.yaml b/kubernetes/apps/security/kustomization.yaml new file mode 100644 index 000000000..22114c80f --- /dev/null +++ b/kubernetes/apps/security/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - external-secrets/ks.yaml diff --git a/kubernetes/apps/security/namespace.yaml b/kubernetes/apps/security/namespace.yaml new file mode 100644 index 000000000..f4fbd83a3 --- /dev/null +++ b/kubernetes/apps/security/namespace.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: security + annotations: + volsync.backube/privileged-movers: "true" + labels: + kustomize.toolkit.fluxcd.io/prune: disabled + goldilocks.fairwinds.com/enabled: "true" diff --git a/kubernetes/apps/storage/csi-driver-nfs/app/helmrelease.yaml b/kubernetes/apps/storage/csi-driver-nfs/app/helmrelease.yaml new file mode 100644 index 000000000..69b4592da --- /dev/null +++ b/kubernetes/apps/storage/csi-driver-nfs/app/helmrelease.yaml @@ -0,0 +1,33 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app csi-driver-nfs +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: csi-driver-nfs + version: v4.7.0 + sourceRef: + kind: HelmRepository + name: csi-driver-nfs + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + externalSnapshotter: + enabled: false diff --git a/kubernetes/apps/storage/csi-driver-nfs/app/kustomization.yaml b/kubernetes/apps/storage/csi-driver-nfs/app/kustomization.yaml new file mode 100755 index 000000000..9ca3ec68e --- /dev/null +++ b/kubernetes/apps/storage/csi-driver-nfs/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml + - ./storageclass.yaml diff --git a/kubernetes/apps/storage/csi-driver-nfs/app/storageclass.yaml b/kubernetes/apps/storage/csi-driver-nfs/app/storageclass.yaml new file mode 100644 index 000000000..cfd8789c5 --- /dev/null +++ b/kubernetes/apps/storage/csi-driver-nfs/app/storageclass.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: "csi-nfs" +provisioner: nfs.csi.k8s.io +parameters: + server: "10.20.30.40" + share: "/volume2/kubernetes" +reclaimPolicy: Delete +volumeBindingMode: Immediate +mountOptions: ["hard", "noatime"] diff --git a/kubernetes/apps/storage/csi-driver-nfs/ks.yaml b/kubernetes/apps/storage/csi-driver-nfs/ks.yaml new file mode 100644 index 000000000..bfc1ac1e1 --- /dev/null +++ b/kubernetes/apps/storage/csi-driver-nfs/ks.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app csi-driver-nfs + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: snapshot-controller + targetNamespace: storage + path: ./kubernetes/apps/storage/csi-driver-nfs/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/storage/democratic-csi/app/helmrelease.yaml b/kubernetes/apps/storage/democratic-csi/app/helmrelease.yaml new file mode 100644 index 000000000..eb1830f6f --- /dev/null +++ b/kubernetes/apps/storage/democratic-csi/app/helmrelease.yaml @@ -0,0 +1,69 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app democratic-csi +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: democratic-csi + version: 0.14.6 + sourceRef: + kind: HelmRepository + name: democratic-csi + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controller: + externalResizer: + enabled: false + csiDriver: + name: "nfs" + storageClasses: + - name: nfs + defaultClass: false + reclaimPolicy: Delete + volumeBindingMode: Immediate + allowVolumeExpansion: false + parameters: + fsType: nfs + detachedVolumesFromSnapshots: "false" + mountOptions: + - noatime + - nfsvers=4 + secrets: + provisioner-secret: + controller-publish-secret: + node-stage-secret: + node-publish-secret: + controller-expand-secret: + volumeSnapshotClasses: + - name: nfs + annotations: + k10.kasten.io/is-snapshot-class: "true" + parameters: + detachedSnapshots: "true" + driver: + config: + driver: nfs-client + instance_id: + nfs: + shareHost: 10.20.30.40 + shareBasePath: "/data/nfs" + # shareHost:shareBasePath should be mounted at this location in the controller container + controllerBasePath: "/volume2/kubernetes/democratic-csi" diff --git a/kubernetes/apps/storage/democratic-csi/app/kustomization.yaml b/kubernetes/apps/storage/democratic-csi/app/kustomization.yaml new file mode 100755 index 000000000..17cbc72b2 --- /dev/null +++ b/kubernetes/apps/storage/democratic-csi/app/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/storage/democratic-csi/ks.dis b/kubernetes/apps/storage/democratic-csi/ks.dis new file mode 100644 index 000000000..047388a1b --- /dev/null +++ b/kubernetes/apps/storage/democratic-csi/ks.dis @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app democratic-csi + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: snapshot-controller + targetNamespace: storage + path: ./kubernetes/apps/storage/democratic-csi/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/storage/kustomization.yaml b/kubernetes/apps/storage/kustomization.yaml new file mode 100644 index 000000000..cde0bc622 --- /dev/null +++ b/kubernetes/apps/storage/kustomization.yaml @@ -0,0 +1,11 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - csi-driver-nfs/ks.yaml + - longhorn/ks.yaml + - snapshot-controller/ks.yaml + - velero/ks.yaml + - volsync/ks.yaml diff --git a/kubernetes/apps/storage/longhorn/app/helm-release.yaml b/kubernetes/apps/storage/longhorn/app/helm-release.yaml new file mode 100644 index 000000000..8c2452dcd --- /dev/null +++ b/kubernetes/apps/storage/longhorn/app/helm-release.yaml @@ -0,0 +1,90 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app longhorn +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: longhorn + version: 1.6.2 + sourceRef: + kind: HelmRepository + name: longhorn + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + persistence: + defaultClass: true + defaultClassReplicaCount: 2 + defaultFsType: ext4 + reclaimPolicy: Delete + # recurringJobs: + # enable: true + # jobList: + # '[{"name":"daily", "task":"backup", "cron":"0 6 * * ?", "retain":3,"labels": + # {"interval":"daily"}}]' + defaultSettings: + backupstorePollInterval: 300 + backupTarget: nfs://10.20.30.40:/volume2/data/backup/kubernetes/longhorn-backup + snapshotDataIntegrity: "fast-check" + defaultDataPath: /var/lib/longhorn + defaultDataLocality: best-effort + replicaAutoBalance: best-effort + staleReplicaTimeout: "30" + defaultReplicaCount: 2 + defaultLonghornStaticStorageClass: longhorn + createDefaultDiskLabeledNodes: false + nodeDownPodDeletionPolicy: delete-both-statefulset-and-deployment-pod + concurrentAutomaticEngineUpgradePerNodeLimit: 1 + storageMinimalAvailablePercentage: 10 + StorageOverProvisioningPercentage: 110 + # taintToleration: "node-role.kubernetes.io/master=true:NoSchedule" + # upgradeChecker: true + ingress: + enabled: true + ingressClassName: nginx-default + host: longhorn.${SECRET_DOMAIN} + tlsSecret: ${SECRET_DOMAIN/./-}-production-tls + tls: true + path: / + annotations: + hajimari.io/enable: "true" + hajimari.io/icon: cow + hajimari.io/appName: Longhorn + hajimari.io/group: "storage" + # hajimari.io/targetBlank: "true" + # hajimari.io/info: "Storage" + # longhornManager: + # tolerations: + # - key: node-role.kubernetes.io/master + # operator: Equal + # value: "true" + # effect: NoSchedule + # longhornDriver: + # tolerations: + # - key: node-role.kubernetes.io/master + # operator: Equal + # value: "true" + # effect: NoSchedule + # longhornUI: + # tolerations: + # - key: node-role.kubernetes.io/master + # operator: Equal + # value: "true" + # effect: NoSchedule diff --git a/kubernetes/apps/storage/longhorn/app/kustomization.yaml b/kubernetes/apps/storage/longhorn/app/kustomization.yaml new file mode 100755 index 000000000..064fe80f3 --- /dev/null +++ b/kubernetes/apps/storage/longhorn/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: storage +resources: + - helm-release.yaml diff --git a/kubernetes/apps/storage/longhorn/conf/kustomization.yaml b/kubernetes/apps/storage/longhorn/conf/kustomization.yaml new file mode 100755 index 000000000..f4fff2aa2 --- /dev/null +++ b/kubernetes/apps/storage/longhorn/conf/kustomization.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: storage +resources: + - monitoring + - other + - recurringjobs + - snap-class.yaml diff --git a/kubernetes/apps/storage/longhorn/conf/monitoring/kustomization.yaml b/kubernetes/apps/storage/longhorn/conf/monitoring/kustomization.yaml new file mode 100755 index 000000000..425e1e1c1 --- /dev/null +++ b/kubernetes/apps/storage/longhorn/conf/monitoring/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: longhorn-system +resources: + - prometheusrule.yaml + - servicemonitor.yaml diff --git a/kubernetes/apps/storage/longhorn/conf/monitoring/prometheusrule.yaml b/kubernetes/apps/storage/longhorn/conf/monitoring/prometheusrule.yaml new file mode 100755 index 000000000..5f1296b4b --- /dev/null +++ b/kubernetes/apps/storage/longhorn/conf/monitoring/prometheusrule.yaml @@ -0,0 +1,110 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: longhorn-rules + namespace: monitoring +spec: + groups: + - name: longhorn.rules + rules: + - alert: LonghornVolumeActualSpaceUsedWarning + annotations: + description: + The actual space used by Longhorn volume {{$labels.volume}} on {{$labels.node}} is at {{$value}}% capacity for + more than 5 minutes. + summary: The actual used space of Longhorn volume is over 90% of the capacity. + expr: (longhorn_volume_actual_size_bytes / longhorn_volume_capacity_bytes) * 100 > 90 + for: 5m + labels: + issue: The actual used space of Longhorn volume {{$labels.volume}} on {{$labels.node}} is high. + severity: warning + - alert: LonghornVolumeStatusCritical + annotations: + description: + Longhorn volume {{$labels.volume}} on {{$labels.node}} is Fault for + more than 2 minutes. + summary: Longhorn volume {{$labels.volume}} is Fault + expr: longhorn_volume_robustness == 3 + for: 5m + labels: + issue: Longhorn volume {{$labels.volume}} is Fault. + severity: critical + - alert: LonghornVolumeStatusWarning + annotations: + description: + Longhorn volume {{$labels.volume}} on {{$labels.node}} is Degraded for + more than 5 minutes. + summary: Longhorn volume {{$labels.volume}} is Degraded + expr: longhorn_volume_robustness == 2 + for: 5m + labels: + issue: Longhorn volume {{$labels.volume}} is Degraded. + severity: warning + - alert: LonghornNodeStorageWarning + annotations: + description: + The used storage of node {{$labels.node}} is at {{$value}}% capacity for + more than 5 minutes. + summary: The used storage of node is over 70% of the capacity. + expr: (longhorn_node_storage_usage_bytes / longhorn_node_storage_capacity_bytes) * 100 > 70 + for: 5m + labels: + issue: The used storage of node {{$labels.node}} is high. + severity: warning + - alert: LonghornDiskStorageWarning + annotations: + description: + The used storage of disk {{$labels.disk}} on node {{$labels.node}} is at {{$value}}% capacity for + more than 5 minutes. + summary: The used storage of disk is over 70% of the capacity. + expr: (longhorn_disk_usage_bytes / longhorn_disk_capacity_bytes) * 100 > 70 + for: 5m + labels: + issue: The used storage of disk {{$labels.disk}} on node {{$labels.node}} is high. + severity: warning + - alert: LonghornNodeDown + annotations: + description: There are {{$value}} Longhorn nodes which have been offline for more than 5 minutes. + summary: Longhorn nodes is offline + expr: (avg(longhorn_node_count_total) or on() vector(0)) - (count(longhorn_node_status{condition="ready"} == 1) or on() vector(0)) > 0 + for: 5m + labels: + issue: There are {{$value}} Longhorn nodes are offline + severity: warning + - alert: LonghornIntanceManagerCPUUsageWarning + annotations: + description: + Longhorn instance manager {{$labels.instance_manager}} on {{$labels.node}} has CPU Usage / CPU request is {{$value}}% for + more than 5 minutes. + summary: Longhorn instance manager {{$labels.instance_manager}} on {{$labels.node}} has CPU Usage / CPU request is over 300%. + expr: (longhorn_instance_manager_cpu_usage_millicpu/longhorn_instance_manager_cpu_requests_millicpu) * 100 > 300 + for: 5m + labels: + issue: Longhorn instance manager {{$labels.instance_manager}} on {{$labels.node}} consumes 3 times the CPU request. + severity: warning + - alert: LonghornNodeCPUUsageWarning + annotations: + description: + Longhorn node {{$labels.node}} has CPU Usage / CPU capacity is {{$value}}% for + more than 5 minutes. + summary: Longhorn node {{$labels.node}} experiences high CPU pressure for more than 5m. + expr: (longhorn_node_cpu_usage_millicpu / longhorn_node_cpu_capacity_millicpu) * 100 > 90 + for: 5m + labels: + issue: Longhorn node {{$labels.node}} experiences high CPU pressure. + severity: warning + - alert: LonghornVolumeBackupStuck + expr: count by (volume) (longhorn_backup_state < 2) + for: 8h + labels: + severity: warning + annotations: + description: There are {{$value}} longhorn backups of a volume {{$labels.volume}} stuck for at least 8h. + summary: Longhorn backups stuck. + - alert: LonghornVolumeBackupError + expr: count by (volume) (longhorn_backup_state > 3) + labels: + severity: warning + annotations: + description: There are {{$value}} longhorn backups of a volume {{$labels.volume}} which failed to complete. + summary: Longhorn backups failed. diff --git a/kubernetes/apps/storage/longhorn/conf/monitoring/servicemonitor.yaml b/kubernetes/apps/storage/longhorn/conf/monitoring/servicemonitor.yaml new file mode 100755 index 000000000..b670f9d73 --- /dev/null +++ b/kubernetes/apps/storage/longhorn/conf/monitoring/servicemonitor.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: longhorn-prometheus-servicemonitor + labels: + name: longhorn-prometheus-servicemonitor +spec: + selector: + matchLabels: + app: longhorn-manager + namespaceSelector: + matchNames: + - longhorn-system + endpoints: + - port: manager diff --git a/kubernetes/apps/storage/longhorn/conf/other/kustomization.yaml b/kubernetes/apps/storage/longhorn/conf/other/kustomization.yaml new file mode 100755 index 000000000..df2944207 --- /dev/null +++ b/kubernetes/apps/storage/longhorn/conf/other/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: longhorn-system +resources: + - systembackup.yaml diff --git a/kubernetes/apps/storage/longhorn/conf/other/systembackup.yaml b/kubernetes/apps/storage/longhorn/conf/other/systembackup.yaml new file mode 100644 index 000000000..7dab0e9b2 --- /dev/null +++ b/kubernetes/apps/storage/longhorn/conf/other/systembackup.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: longhorn.io/v1beta2 +kind: SystemBackup +metadata: + name: system +spec: + volumeBackupPolicy: if-not-present diff --git a/kubernetes/apps/storage/longhorn/conf/recurringjobs/30min-snapshot.yaml b/kubernetes/apps/storage/longhorn/conf/recurringjobs/30min-snapshot.yaml new file mode 100755 index 000000000..e510408de --- /dev/null +++ b/kubernetes/apps/storage/longhorn/conf/recurringjobs/30min-snapshot.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: longhorn.io/v1beta1 +kind: RecurringJob +metadata: + name: 30min-snapshot +spec: + name: 30min-snapshot + concurrency: 2 + cron: 0/30 * * * * + groups: + - normal + retain: 4 + task: snapshot diff --git a/kubernetes/apps/storage/longhorn/conf/recurringjobs/daily-backup.yaml b/kubernetes/apps/storage/longhorn/conf/recurringjobs/daily-backup.yaml new file mode 100755 index 000000000..7361e1bb8 --- /dev/null +++ b/kubernetes/apps/storage/longhorn/conf/recurringjobs/daily-backup.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: longhorn.io/v1beta1 +kind: RecurringJob +metadata: + name: daily-backup +spec: + name: daily-backup + concurrency: 2 + cron: 45 0 * * * + groups: + - normal + retain: 7 + task: backup diff --git a/kubernetes/apps/storage/longhorn/conf/recurringjobs/daily-cleanup.yaml b/kubernetes/apps/storage/longhorn/conf/recurringjobs/daily-cleanup.yaml new file mode 100755 index 000000000..47656a4a9 --- /dev/null +++ b/kubernetes/apps/storage/longhorn/conf/recurringjobs/daily-cleanup.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: longhorn.io/v1beta1 +kind: RecurringJob +metadata: + name: daily-cleanup +spec: + name: daily-cleanup + concurrency: 1 + cron: 45 4 * * * + groups: + - normal + retain: 1 + task: snapshot-cleanup diff --git a/kubernetes/apps/storage/longhorn/conf/recurringjobs/daily-delete.yaml b/kubernetes/apps/storage/longhorn/conf/recurringjobs/daily-delete.yaml new file mode 100755 index 000000000..56598cdc4 --- /dev/null +++ b/kubernetes/apps/storage/longhorn/conf/recurringjobs/daily-delete.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: longhorn.io/v1beta1 +kind: RecurringJob +metadata: + name: daily-delete +spec: + name: daily-delete + concurrency: 1 + cron: 45 3 * * * + groups: + - normal + retain: 1 + task: snapshot-delete diff --git a/kubernetes/apps/storage/longhorn/conf/recurringjobs/daily-trim.yaml b/kubernetes/apps/storage/longhorn/conf/recurringjobs/daily-trim.yaml new file mode 100755 index 000000000..994896f31 --- /dev/null +++ b/kubernetes/apps/storage/longhorn/conf/recurringjobs/daily-trim.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: longhorn.io/v1beta1 +kind: RecurringJob +metadata: + name: daily-trim +spec: + name: daily-trim + concurrency: 1 + cron: 45 22 * * * + groups: + - normal + retain: 1 + task: filesystem-trim diff --git a/kubernetes/apps/storage/longhorn/conf/recurringjobs/hourly-backup.yaml b/kubernetes/apps/storage/longhorn/conf/recurringjobs/hourly-backup.yaml new file mode 100755 index 000000000..ae5af79ab --- /dev/null +++ b/kubernetes/apps/storage/longhorn/conf/recurringjobs/hourly-backup.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: longhorn.io/v1beta1 +kind: RecurringJob +metadata: + name: hourly-backup +spec: + name: hourly-backup + concurrency: 2 + cron: 15 * * * * + groups: + - normal + retain: 6 + task: backup diff --git a/kubernetes/apps/storage/longhorn/conf/recurringjobs/kustomization.yaml b/kubernetes/apps/storage/longhorn/conf/recurringjobs/kustomization.yaml new file mode 100755 index 000000000..cb90caf07 --- /dev/null +++ b/kubernetes/apps/storage/longhorn/conf/recurringjobs/kustomization.yaml @@ -0,0 +1,12 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: longhorn-system +resources: + - 30min-snapshot.yaml + - daily-backup.yaml + - daily-cleanup.yaml + - daily-delete.yaml + - daily-trim.yaml + - hourly-backup.yaml diff --git a/kubernetes/apps/storage/longhorn/conf/snap-class.yaml b/kubernetes/apps/storage/longhorn/conf/snap-class.yaml new file mode 100755 index 000000000..ae2f0ae0d --- /dev/null +++ b/kubernetes/apps/storage/longhorn/conf/snap-class.yaml @@ -0,0 +1,9 @@ +--- +kind: VolumeSnapshotClass +apiVersion: snapshot.storage.k8s.io/v1 +metadata: + name: longhorn + labels: + velero.io/csi-volumesnapshot-class: "true" +driver: driver.longhorn.io +deletionPolicy: Retain diff --git a/kubernetes/apps/storage/longhorn/ks.yaml b/kubernetes/apps/storage/longhorn/ks.yaml new file mode 100644 index 000000000..6b2455f64 --- /dev/null +++ b/kubernetes/apps/storage/longhorn/ks.yaml @@ -0,0 +1,63 @@ +# --- +# # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +# apiVersion: kustomize.toolkit.fluxcd.io/v1 +# kind: Kustomization +# metadata: +# name: longhorn-prereq +# namespace: flux-system +# spec: +# targetNamespace: storage +# path: ./kubernetes/apps/storage/longhorn/prereq +# prune: true +# sourceRef: +# kind: GitRepository +# name: k8s-homelab +# wait: true # no flux ks dependents +# interval: 30m +# retryInterval: 1m +# timeout: 5m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app longhorn-app + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: storage + # dependsOn: + # - name: longhorn-prereq + path: ./kubernetes/apps/storage/longhorn/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app longhorn-conf + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: longhorn-app + path: ./kubernetes/apps/storage/longhorn/conf + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/storage/longhorn/prereq/kustomization.yaml b/kubernetes/apps/storage/longhorn/prereq/kustomization.yaml new file mode 100644 index 000000000..aaae13c21 --- /dev/null +++ b/kubernetes/apps/storage/longhorn/prereq/kustomization.yaml @@ -0,0 +1,12 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: storage +resources: +- longhorn-iscsi-installation.yaml +labels: +- includeSelectors: true + pairs: + app.kubernetes.io/instance: longhorn + app.kubernetes.io/name: longhorn diff --git a/kubernetes/apps/storage/longhorn/prereq/longhorn-iscsi-installation.yaml b/kubernetes/apps/storage/longhorn/prereq/longhorn-iscsi-installation.yaml new file mode 100644 index 000000000..e8b1f4f29 --- /dev/null +++ b/kubernetes/apps/storage/longhorn/prereq/longhorn-iscsi-installation.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: longhorn-iscsi-installation + labels: + app: longhorn-iscsi-installation + annotations: + command: &cmd sudo apt-get update -q -y && sudo apt-get install -q -y open-iscsi + && sudo systemctl -q enable iscsid && sudo systemctl start iscsid && sudo modprobe + iscsi_tcp && if [ $? -eq 0 ]; then echo "iscsi install successfully"; else echo + "iscsi install failed error code $?"; fi +spec: + selector: + matchLabels: + app: longhorn-iscsi-installation + template: + metadata: + labels: + app: longhorn-iscsi-installation + spec: + hostNetwork: true + hostPID: true + initContainers: + - name: iscsi-installation + command: + - nsenter + - --mount=/proc/1/ns/mnt + - -- + - bash + - -c + - *cmd + image: alpine:3.20 + securityContext: + privileged: true + containers: + - name: sleep + image: registry.k8s.io/pause:3.10 + updateStrategy: + type: RollingUpdate diff --git a/kubernetes/apps/storage/namespace.yaml b/kubernetes/apps/storage/namespace.yaml new file mode 100644 index 000000000..84d9cd3ff --- /dev/null +++ b/kubernetes/apps/storage/namespace.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: storage + annotations: + volsync.backube/privileged-movers: "true" + labels: + kustomize.toolkit.fluxcd.io/prune: disabled + goldilocks.fairwinds.com/enabled: "true" diff --git a/kubernetes/apps/storage/snapshot-controller/app/helmrelease.yaml b/kubernetes/apps/storage/snapshot-controller/app/helmrelease.yaml new file mode 100644 index 000000000..56f17ab3d --- /dev/null +++ b/kubernetes/apps/storage/snapshot-controller/app/helmrelease.yaml @@ -0,0 +1,40 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app snapshot-controller +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: snapshot-controller + version: 2.2.2 + sourceRef: + kind: HelmRepository + name: piraeus + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + controller: + serviceMonitor: + create: true + webhook: + enabled: true + tls: + certManagerIssuerRef: + name: snapshot-controller-webhook-ca + kind: Issuer diff --git a/kubernetes/apps/storage/snapshot-controller/app/kustomization.yaml b/kubernetes/apps/storage/snapshot-controller/app/kustomization.yaml new file mode 100755 index 000000000..5d58b7bc4 --- /dev/null +++ b/kubernetes/apps/storage/snapshot-controller/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./pki.yaml + - ./helmrelease.yaml diff --git a/kubernetes/apps/storage/snapshot-controller/app/pki.yaml b/kubernetes/apps/storage/snapshot-controller/app/pki.yaml new file mode 100644 index 000000000..3f40f86c1 --- /dev/null +++ b/kubernetes/apps/storage/snapshot-controller/app/pki.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: snapshot-controller-webhook-selfsign +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: snapshot-controller-webhook-ca +spec: + secretName: snapshot-controller-webhook-ca + duration: 43800h # 5y + issuerRef: + name: snapshot-controller-webhook-selfsign + kind: Issuer + commonName: "ca.k8s-ycl.cert-manager" + isCA: true +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: snapshot-controller-webhook-ca +spec: + ca: + secretName: snapshot-controller-webhook-ca diff --git a/kubernetes/apps/storage/snapshot-controller/ks.yaml b/kubernetes/apps/storage/snapshot-controller/ks.yaml new file mode 100644 index 000000000..383587be4 --- /dev/null +++ b/kubernetes/apps/storage/snapshot-controller/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app snapshot-controller + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + targetNamespace: storage + path: ./kubernetes/apps/storage/snapshot-controller/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/storage/velero/app/helmrelease.yaml b/kubernetes/apps/storage/velero/app/helmrelease.yaml new file mode 100644 index 000000000..fed021aab --- /dev/null +++ b/kubernetes/apps/storage/velero/app/helmrelease.yaml @@ -0,0 +1,132 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app velero +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: velero + version: 6.5.0 + sourceRef: + kind: HelmRepository + name: vmware-charts + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + configuration: + uploaderType: kopia + backupStorageLocation: + - name: velero-minio + bucket: velero + defaultVolumesToFsBackup: False + provider: aws + default: true + credential: + name: velero-minio + key: cloud + config: + region: us-east-1 + s3ForcePathStyle: "true" + s3Url: "http://minio.lab.tdeutsch.ch:9091" + volumeSnapshotLocation: + - name: local + provider: csi + initContainers: + - name: velero-plugin-for-csi + image: velero/velero-plugin-for-csi:v0.7.1 + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /target + name: plugins + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws:v1.9.2 + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /target + name: plugins + deployNodeAgent: true + features: EnableCSI + schedules: + minio: + disabled: false + schedule: 12 */6 * * * + useOwnershipReferencesInBackup: false + template: + resourcePolicy: + kind: configmap + name: resource-policy + ttl: 168h + includedNamespaces: + - default + excludedResources: + - orders.acme.cert-manager.io + - challenges.acme.cert-manager.io + - certificaterequests.cert-manager.io + snapshotVolumes: true + storageLocation: velero-minio + snapshotMoveData: true + datamover: velero + # initContainers: + # - name: velero-plugin-for-aws + # image: velero/velero-plugin-for-aws:v1.9.2 + # imagePullPolicy: IfNotPresent + # volumeMounts: + # - mountPath: /target + # name: plugins + # configuration: + # backupStorageLocation: + # - name: velero-minio + # provider: aws + # bucket: velero + # default: true + # accessMode: ReadWrite # change to ReadOnly during migrations/restores + # credential: + # name: velero-minio + # key: cloud + # config: + # region: us-east-1 + # s3ForcePathStyle: "true" + # s3Url: "http://minio.lab.tdeutsch.ch:9091" + # volumeSnapshotLocation: + # - name: velero-local + # provider: csi + # # uploaderType: restic + # # backupSyncPeriod: 240m + # # restoreOnlyMode: false + # # defaultVolumesToFsBackup: true + # schedules: + # minio: + # disabled: false + # schedule: 12 */6 * * * + # useOwnershipReferencesInBackup: false + # template: + # resourcePolicy: + # kind: configmap + # name: resource-policy + # ttl: 168h + # includedNamespaces: + # - default + # excludedResources: + # - orders.acme.cert-manager.io + # - challenges.acme.cert-manager.io + # - certificaterequests.cert-manager.io + # snapshotVolumes: true + # storageLocation: velero-minio + # snapshotMoveData: false + # datamover: velero diff --git a/kubernetes/apps/storage/velero/app/kustomization.yaml b/kubernetes/apps/storage/velero/app/kustomization.yaml new file mode 100755 index 000000000..20ea7c84d --- /dev/null +++ b/kubernetes/apps/storage/velero/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml + - ./resourcepolicy.yaml + - ./secret.sops.yaml diff --git a/kubernetes/apps/storage/velero/app/resourcepolicy.yaml b/kubernetes/apps/storage/velero/app/resourcepolicy.yaml new file mode 100644 index 000000000..2e6a17d3d --- /dev/null +++ b/kubernetes/apps/storage/velero/app/resourcepolicy.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: resource-policy +data: + template.yaml: | + version: v1 + volumePolicies: + - conditions: + csi: + driver: nfs.csi.k8s.io + storageClass: + - csi-nfs + action: + type: skip diff --git a/kubernetes/apps/storage/velero/app/secret.sops.yaml b/kubernetes/apps/storage/velero/app/secret.sops.yaml new file mode 100644 index 000000000..7fe0290cd --- /dev/null +++ b/kubernetes/apps/storage/velero/app/secret.sops.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Secret +metadata: + name: velero-minio +stringData: + cloud: ENC[AES256_GCM,data:M9uJR4wnUy+6RfTWHiCJFWhYjmLg4PPlym1muGZ4EPUI7yoHg3vr3bd1zpqN4ozlH6BPqUY+obwHVrND2iwZDuUcA5atPgtRZOVOjv1oPF+I+NVYZycb,iv:WTp6a7uPtWVHtGAx5YJdwP2jyVUXVlt9pOS9gs1Qg9k=,tag:UKqJ850TbgSKMMqNxrzMrg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMHRiSW44elUrTCsrdW5B + dHdsUUNmT2x2MUtYcXU3bTNmbnRVaUxYR0JBCkEyUUlwSXRGR0RWSnUzVzhzdjBn + TjJMTHg2WUlFZU5wRnBtdGt2RlZjR0EKLS0tIGRwd1ZUcG9CdTNiZnJBd21qd3pH + Z1p2UjNzNVlqMDdmbnJ2VzNLbnpSRDgKqOXGIMGh+guklWK6HD2aJY7dvWlYeqh+ + 70H8dXdrNQ65dwkj+pQEdupfSMuaG69tg2RvIz17jKNKr7k6BDmQHA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-01-31T15:41:07Z" + mac: ENC[AES256_GCM,data:IgfGZSg8txgjBqDYVwsJ/bZW73oUHSq+N5GsBLpy07Bn0d1VFBMjppcC8NcIwuj5hEX/p89Khahu+cseWa6Iz4EXqsWOreqST4538qT4zyH6TuPVfaroQZgi28/3iBkXK/qQTc04vX52yhcg+OBB4FEZP/qcfqH5dkF4G8JgPnE=,iv:Fr9TF73hRzxFU/qg8g22yWFomh8En+zE7/k6JcSBUIc=,tag:IyPlh+x2nGcnlozXlnWZMg==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 diff --git a/kubernetes/apps/storage/velero/ks.yaml b/kubernetes/apps/storage/velero/ks.yaml new file mode 100644 index 000000000..9ed6ae07f --- /dev/null +++ b/kubernetes/apps/storage/velero/ks.yaml @@ -0,0 +1,24 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app velero + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: csi-driver-nfs + - name: snapshot-controller + targetNamespace: storage + path: ./kubernetes/apps/storage/velero/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/storage/volsync/app/helmrelease.yaml b/kubernetes/apps/storage/volsync/app/helmrelease.yaml new file mode 100644 index 000000000..e7777e658 --- /dev/null +++ b/kubernetes/apps/storage/volsync/app/helmrelease.yaml @@ -0,0 +1,36 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app volsync +spec: + interval: 15m + timeout: 15m + chart: + spec: + chart: volsync + version: 0.9.1 + sourceRef: + kind: HelmRepository + name: backube + namespace: flux-system + maxHistory: 2 + install: + crds: CreateReplace + createNamespace: true + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + manageCRDs: true + metrics: + disableAuth: true + image: + repository: ghcr.io/onedr0p/volsync diff --git a/kubernetes/apps/storage/volsync/app/kustomization.yaml b/kubernetes/apps/storage/volsync/app/kustomization.yaml new file mode 100755 index 000000000..5e0988437 --- /dev/null +++ b/kubernetes/apps/storage/volsync/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml + - ./prometheusrule.yaml diff --git a/kubernetes/apps/storage/volsync/app/prometheusrule.yaml b/kubernetes/apps/storage/volsync/app/prometheusrule.yaml new file mode 100644 index 000000000..a5169ec4a --- /dev/null +++ b/kubernetes/apps/storage/volsync/app/prometheusrule.yaml @@ -0,0 +1,28 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/monitoring.coreos.com/prometheusrule_v1.json +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: volsync +spec: + groups: + - name: volsync.rules + rules: + - alert: VolSyncComponentAbsent + annotations: + summary: VolSync component has disappeared from Prometheus target discovery. + expr: | + absent(up{job="volsync-metrics"}) + for: 15m + labels: + severity: critical + - alert: VolSyncVolumeOutOfSync + annotations: + summary: >- + {{ $labels.obj_namespace }}/{{ $labels.obj_name }} volume + is out of sync. + expr: | + volsync_volume_out_of_sync == 1 + for: 15m + labels: + severity: critical diff --git a/kubernetes/apps/storage/volsync/ks.yaml b/kubernetes/apps/storage/volsync/ks.yaml new file mode 100644 index 000000000..2db6c6820 --- /dev/null +++ b/kubernetes/apps/storage/volsync/ks.yaml @@ -0,0 +1,24 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app volsync + namespace: flux-system +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: snapshot-controller + - name: kube-prometheus-stack + targetNamespace: storage + path: ./kubernetes/apps/storage/volsync/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + wait: false # no flux ks dependents + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/bootstrap/flux/kustomization.yaml b/kubernetes/bootstrap/flux/kustomization.yaml new file mode 100644 index 000000000..4a669d63e --- /dev/null +++ b/kubernetes/bootstrap/flux/kustomization.yaml @@ -0,0 +1,61 @@ +# IMPORTANT: This file is not tracked by flux and should never be. Its +# purpose is to only install the Flux components and CRDs into your cluster. +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - github.com/fluxcd/flux2/manifests/install?ref=v2.3.0 +patches: + # Remove the default network policies + - patch: |- + $patch: delete + apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: not-used + target: + group: networking.k8s.io + kind: NetworkPolicy + # Resources renamed to match those installed by oci://ghcr.io/fluxcd/flux-manifests + - target: + kind: ResourceQuota + name: critical-pods + patch: | + - op: replace + path: /metadata/name + value: critical-pods-flux-system + - target: + kind: ClusterRoleBinding + name: cluster-reconciler + patch: | + - op: replace + path: /metadata/name + value: cluster-reconciler-flux-system + - target: + kind: ClusterRoleBinding + name: crd-controller + patch: | + - op: replace + path: /metadata/name + value: crd-controller-flux-system + - target: + kind: ClusterRole + name: crd-controller + patch: | + - op: replace + path: /metadata/name + value: crd-controller-flux-system + - target: + kind: ClusterRole + name: flux-edit + patch: | + - op: replace + path: /metadata/name + value: flux-edit-flux-system + - target: + kind: ClusterRole + name: flux-view + patch: | + - op: replace + path: /metadata/name + value: flux-view-flux-system diff --git a/kubernetes/bootstrap/helmfile.yaml b/kubernetes/bootstrap/helmfile.yaml new file mode 100644 index 000000000..7e743b1e5 --- /dev/null +++ b/kubernetes/bootstrap/helmfile.yaml @@ -0,0 +1,59 @@ +--- +helmDefaults: + wait: true + waitForJobs: true + timeout: 600 + recreatePods: true + force: true + +repositories: + - name: cilium + url: https://helm.cilium.io + - name: coredns + url: https://coredns.github.io/helm + - name: postfinance + url: https://postfinance.github.io/kubelet-csr-approver + +releases: + - name: prometheus-operator-crds + namespace: observability + chart: oci://ghcr.io/prometheus-community/charts/prometheus-operator-crds + version: 12.0.0 + - name: cilium + namespace: kube-system + chart: cilium/cilium + version: 1.15.5 + values: + - ../apps/kube-system/cilium/app/helm-values.yaml + needs: + - observability/prometheus-operator-crds + - name: coredns + namespace: kube-system + chart: coredns/coredns + version: 1.30.0 + values: + - ../apps/kube-system/coredns/app/helm-values.yaml + needs: + - observability/prometheus-operator-crds + - kube-system/cilium + - name: kubelet-csr-approver + namespace: kube-system + chart: postfinance/kubelet-csr-approver + version: 1.2.1 + values: + - ../apps/kube-system/kubelet-csr-approver/app/helm-values.yaml + needs: + - observability/prometheus-operator-crds + - kube-system/cilium + - kube-system/coredns + - name: spegel + namespace: kube-system + chart: oci://ghcr.io/spegel-org/helm-charts/spegel + version: v0.0.22 + values: + - ../apps/kube-system/spegel/app/helm-values.yaml + needs: + - observability/prometheus-operator-crds + - kube-system/cilium + - kube-system/coredns + - kube-system/kubelet-csr-approver diff --git a/kubernetes/bootstrap/talos/clusterconfig/.gitignore b/kubernetes/bootstrap/talos/clusterconfig/.gitignore new file mode 100644 index 000000000..abdc20ecb --- /dev/null +++ b/kubernetes/bootstrap/talos/clusterconfig/.gitignore @@ -0,0 +1,5 @@ +talos-test-talos-test01.yaml +talos-test-talos-test02.yaml +talos-test-talos-test03.yaml +talos-test-talos-test04.yaml +talosconfig diff --git a/kubernetes/bootstrap/talos/talconfig.yaml b/kubernetes/bootstrap/talos/talconfig.yaml new file mode 100644 index 000000000..bcbe2bdd5 --- /dev/null +++ b/kubernetes/bootstrap/talos/talconfig.yaml @@ -0,0 +1,200 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/budimanjojo/talhelper/master/pkg/config/schemas/talconfig.json +--- +# renovate: datasource=docker depName=ghcr.io/siderolabs/installer +talosVersion: v1.7.4 +# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet +kubernetesVersion: v1.30.1 + +clusterName: "talos-test" +endpoint: https://192.168.13.10:6443 +clusterPodNets: + - "10.69.0.0/16" +clusterSvcNets: + - "10.96.0.0/16" +additionalApiServerCertSans: &sans + - "192.168.13.10" + - 127.0.0.1 # KubePrism +additionalMachineCertSans: *sans + +# Disable built-in Flannel to use Cilium +cniConfig: + name: none + +nodes: + - hostname: "talos-test01" + ipAddress: "192.168.13.11" + installDisk: "/dev/sda" + talosImageURL: factory.talos.dev/installer/a28d86375cf9debe952efbcbe8e2886cf0a174b1f4dd733512600a40334977d7 + controlPlane: true + networkInterfaces: + - deviceSelector: + hardwareAddr: "1e:4d:1a:c6:ac:05" + dhcp: false + addresses: + - "192.168.13.11/24" + routes: + - network: 0.0.0.0/0 + gateway: "192.168.13.1" + mtu: 1500 + vip: + ip: "192.168.13.10" + - hostname: "talos-test02" + ipAddress: "192.168.13.12" + installDisk: "/dev/sda" + talosImageURL: factory.talos.dev/installer/a28d86375cf9debe952efbcbe8e2886cf0a174b1f4dd733512600a40334977d7 + controlPlane: true + networkInterfaces: + - deviceSelector: + hardwareAddr: "d6:47:e7:2b:e3:a1" + dhcp: false + addresses: + - "192.168.13.12/24" + routes: + - network: 0.0.0.0/0 + gateway: "192.168.13.1" + mtu: 1500 + vip: + ip: "192.168.13.10" + - hostname: "talos-test03" + ipAddress: "192.168.13.13" + installDisk: "/dev/sda" + talosImageURL: factory.talos.dev/installer/a28d86375cf9debe952efbcbe8e2886cf0a174b1f4dd733512600a40334977d7 + controlPlane: true + networkInterfaces: + - deviceSelector: + hardwareAddr: "86:26:06:02:1f:ce" + dhcp: false + addresses: + - "192.168.13.13/24" + routes: + - network: 0.0.0.0/0 + gateway: "192.168.13.1" + mtu: 1500 + vip: + ip: "192.168.13.10" + - hostname: "talos-test04" + ipAddress: "192.168.13.14" + installDisk: "/dev/sda" + talosImageURL: factory.talos.dev/installer/a28d86375cf9debe952efbcbe8e2886cf0a174b1f4dd733512600a40334977d7 + controlPlane: false + networkInterfaces: + - deviceSelector: + hardwareAddr: "be:4a:51:49:b9:6d" + dhcp: false + addresses: + - "192.168.13.14/24" + routes: + - network: 0.0.0.0/0 + gateway: "192.168.13.1" + mtu: 1500 + +patches: + # Configure containerd + - |- + machine: + files: + - op: create + path: /etc/cri/conf.d/20-customization.part + content: |- + [plugins."io.containerd.grpc.v1.cri"] + enable_unprivileged_ports = true + enable_unprivileged_icmp = true + [plugins."io.containerd.grpc.v1.cri".containerd] + discard_unpacked_layers = false + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + discard_unpacked_layers = false + + # Disable search domain everywhere + - |- + machine: + network: + disableSearchDomain: true + + # Enable cluster discovery + - |- + cluster: + discovery: + registries: + kubernetes: + disabled: false + service: + disabled: false + + # Configure kubelet + - |- + machine: + kubelet: + extraArgs: + rotate-server-certificates: true + nodeIP: + validSubnets: + - 192.168.13.0/24 + + + + # Custom sysctl settings + - |- + machine: + sysctls: + fs.inotify.max_queued_events: "65536" + fs.inotify.max_user_watches: "524288" + fs.inotify.max_user_instances: "8192" + net.core.rmem_max: "2500000" + net.core.wmem_max: "2500000" + + # Mount openebs-hostpath in kubelet + - |- + machine: + kubelet: + extraMounts: + - destination: /var/openebs/local + type: bind + source: /var/openebs/local + options: + - bind + - rshared + - rw + + + +controlPlane: + patches: + # Cluster configuration + - |- + cluster: + allowSchedulingOnControlPlanes: true + controllerManager: + extraArgs: + bind-address: 0.0.0.0 + coreDNS: + disabled: true + proxy: + disabled: true + scheduler: + extraArgs: + bind-address: 0.0.0.0 + + # ETCD configuration + - |- + cluster: + etcd: + extraArgs: + listen-metrics-urls: http://0.0.0.0:2381 + advertisedSubnets: + - 192.168.13.0/24 + + # Disable default API server admission plugins. + - |- + - op: remove + path: /cluster/apiServer/admissionControl + + # Enable K8s Talos API Access + - |- + machine: + features: + kubernetesTalosAPIAccess: + enabled: true + allowedRoles: + - os:admin + allowedKubernetesNamespaces: + - system-upgrade diff --git a/kubernetes/bootstrap/talos/talsecret.sops.yaml b/kubernetes/bootstrap/talos/talsecret.sops.yaml new file mode 100644 index 000000000..a65baf005 --- /dev/null +++ b/kubernetes/bootstrap/talos/talsecret.sops.yaml @@ -0,0 +1,43 @@ +cluster: + id: ENC[AES256_GCM,data:1J8LXN8lq1ZqPWHUu70xmIwqFWRpDzNDe7MFMgEY0D54Q9cd2q9tTCQpE7I=,iv:3xIlPN+sjKABz/W6RI+f8Tlr4Xi6fHJTnCYwH04GZes=,tag:nh/NnR5ssVoBHLZtV11PPg==,type:str] + secret: ENC[AES256_GCM,data:XvajpHaTntuGAGzD1tSH8E7BWqNdT7KSzWm5EI3OamkhYhqnVohKCqfB9g4=,iv:c6PqDN6EN17VU2iTs3k5gJ0xXoUKe7ynvU3Gte5Fh/g=,tag:GfsJfxEnUdtFLUmYqnErKg==,type:str] +secrets: + bootstraptoken: ENC[AES256_GCM,data:edKxGwbMX4p95kBWgfyem5Ag5ldoVXg=,iv:qUxtOHp6CMi98gZ1YysXIGW5LaIvvxOVq6CzU5D2BoI=,tag:YYNzaRpUbI80natJMDVg3g==,type:str] + secretboxencryptionsecret: ENC[AES256_GCM,data:YXphYJwd0/Zyh32MxJgKtf2aVKIoSX1SS147mv+h38P+ZrqKrX9T1M1+15E=,iv:bH7iyWobpFbvai3fOvmkr3ih6azv0GFd6/qwVsG/uFo=,tag:1uRtO9ilhd1qAYi1JrkDZw==,type:str] +trustdinfo: + token: ENC[AES256_GCM,data:iuhW0x2rEWFclR/rr9SziuWGPy/RGmQ=,iv:IOTK50j0zRt3JW3iUf+TQyozfc/fcZmWcXyIucPz3xA=,tag:mwZggBazgEzznMNdtB0zlg==,type:str] +certs: + etcd: + crt: ENC[AES256_GCM,data:O6qICAJNsHLgFP1a1zzIx7HUlvmOJarJ7HVjFOauG0Lz5WeBLChKkZgfHELYd0AV8C98+TmueYkrWty6Y/drz+v7Vl4wt4uH4LmxgrLnYaggdMU9g89pPel2CtMSKs6e5vfU7LdZ6Og+SwAQOZt2ECRJmLdBqSVFZJdpg0rhJcTWzGQ4mC02yWkaiaDlTyK2kpnKdbQO8dp6PlcWQ4FYfB49rUWSCs8M/yioHvMH1iQb5EqI2auAJLzA1c5wAQpomNp4DUk+733VfVQfZ+bFV20aZT9JsZcneEPaGXw9ehoK+tD3grxg/DdbeqNosKnuExtx2Axxh3pk0aqU87x3rlvDRy2C2F/kTznEN0vajO0veSFLepGuZnTro9qIjze34gtVIUum1jEbFnkOMCB556GtbipmIZflNZliLlixhgHR5xECyBRBFWU79TTQq6qjxuXlnKI//Z+l4vOWiPcwXQ6x5FlUc/Nw86KB2dKCCW6NNAlSqM2kmdM2TzRgDJPV8lh1sKvYY9UyoW5G9i+XORG69pUDzzu1REdI3PIy1QJ1sJYLXOZs6udwNm1P5F6b67TqWhHXjt8vWFxCx9LzLI03pncHVCdNGLGeau22sEWhizh4ZbU6uyyrZtqVme0LsaDpLVAcLzdzBSGrZtOQCRhp7dornjdCh0biuOCBbPjDhCZhYR4dytk4HthnoNuCBw+wAhSpn6Ij7RyNtma57qQ+Iv6g5U4LrUO1hAKPakg8nwFu+BXmBaUClGWE6IU+CEcJ3K1FN+eM7cBv00KaXnI/+H6tsEEafR5Z5g6oNg5Kj6PnQyPPhVaykGSQTnXooApjNcRB3gD+8nURAioIRb2dui1JKee4HMfwpY3lS1EMo1EofRkSCtTDqmevf77e8At9jSIyg1ldX5YMRfo3SOv9c1AyDDDS0fxs68c6WTdlxggj5/kXWkZCVR26/WsIQydt2tT8iyTo1Hv+0JP/F7NLIDoHl+evcYfY6toUeNfAOz5q/BKBUeTm+rQLXKUOkKVcZw==,iv:v/BEak6ncs25wvSO6XL4a6bxt3IvdGMQQ93CVgCoMKo=,tag:usrKo4kOo2k6tk4yiOLxMw==,type:str] + key: ENC[AES256_GCM,data:kJa+27e/lFuROl/5gtDCV9xjaXM3esQPj2WcDXaDz4KopR+juDpM9ofUerd65bPc8BQtNlxjTvnBeYcN/RclJoKil6vNXYEQqgmOQSaVSk0UThzEFz6x9vbUjxOqlNqV2k3DjbmCe0o6xeo/Eak5dULWCfSiLbDzTr7fVQTKzDnaIoMj9BDPAkGGYUXIZallM9CB9uk+XReruWVmFCdMrHxVLbGizQ5S72flPjlj1aur6qouFGgpvG4hRo2KaEb5VtlyQgKsEgOQE4+Zm6LkrPcIVQ2io4Rpl1qa8DCpsPRpS3zymZdmf/WZ0oA1IR8mwGpfa2oGmoMB7fXfUB98iKts+dW2K6cvOTd1VnSpm5cxa68AsqmSTtc57uQ3varM/k9pN9dezcyLgXOn5T4DSQ==,iv:/bV2YgyrqjO/Wl9aSjGDYRCyANhC1EJWprmPQfx5auA=,tag:EC3NzI+km3N98xCY1eRabA==,type:str] + k8s: + crt: ENC[AES256_GCM,data:dkCRXlNb7iXaTqFnv8dG9BiwRIW7pwuKNXVLLjC4h3JkKG+fXaqGZO4axp1rWvKRrE0gXW8G5RNC3gL/vB0tjVXP1TJ3MONSy49DKIHG6yHyzkVJRtG8CqudIA2By3eWAwgCl1WwSaCuuoZxHWGvt12+weTuB57i6+hKUKJ/os07E5VWWjzIlxEk3oPBwSGdOO/C8oF82cXdJJJkhMszDL+FtaX6wErvU30Nfcuy/HYueOA54ZafAhaGzF6Lb2dBJewPo05LAZDgYI8/09wxI0Y7OHmoQFABTYwLW4j5TnIxZcigaO6e7orF5LjEFujJDCaObwNYUs81WK0vBuIMFqMdNSRSG+gi2dvNJnJWIYDnIOisEp7VmIMDoTEPQeVMURx4Jr6Mv28BcKL4INmfnOOjU611JT88L2skcYZsjKAJhJtMyPx35l8szJPuPcDdGy9gHaYnOpH2GiJnp5Ujn/A+O12WPAA5+u76/4sqS9adCB9WZPTKQseyu5a5ry5b7sV7zkW8eiYhXU8YjmHjYTyJU67jlFcvZp+xmQNGYVZ82GuPwZsF1LnQRb+hTfZvZAoKLES6VpF6bVjqIzx9WDYoJz2JXVgicuJfvNkiRNqWfOj7Y3mEcOS6W8adj3gdQ2hZIeTcrM1hwXHJJHIINt9ZOxx6TwufmR38GlFmWSAUEYHd1XFc+pSXWssCdBQY8peczclQwg+jnYCZywMiXlND2gcJYTbAGP7lA8E8kGC4gL+5P6bq+KQWitpRCmUR7pYcgL7DBLWJrxBLsYlJLYfkeVSqtEBhtxRm4iXlGuLZDIybJZihYMzwXKUieqAkmPy2TeEB3V7asPUQeE4Fo/ngJMidtUOctyOHfn9zct+XP7ezVALeiIM6N7pkYTA25lQlw8A2NiV8+Ru6mCMFHf2ZxkmoML/RyQaeqLqtaLmyMV4X1Mux5BwKYYq/twdDiSF0rC4tpT8Vply+bt/OiS4RNnED402mn2LrY1RrpT4eQCcBx/MBeMfZ2a98/w4NW/mB2YPpu5kOL2i3V6eWOCNsNrI=,iv:cpxWgIHfsAefDclqOuwTz6BNIdt84hqDofA8exkqRgE=,tag:cUETXzj7MvB+tpKWhdBzQw==,type:str] + key: ENC[AES256_GCM,data:Mo6X7+05RFTjvUi/2MRnhzYP/0wSJBi+Wn9LA0Rcqu88E71gTfDw8Mf4vDsgtczVSIhedPUyUnCTW6k7p39kQLjCdkGcv0qZwpGbFxazgYS74PE/e9Ddk+SVMjb2eHR9xCztJDSuqU2xqE1bHTUyE50PC35QCtlh57GzGPA56X6oZwUKCGWEjGJmNyQgsU7gG5xgUq4eHkLrEwujCdYERALYkZ/TzCLQnWpwYwvh5tMvMF3BbqraVGmM9J3aE6XicVnVCoAZTeeqObAf3Kg+u1rwZO9LdRDmxUooxfvyJw2fzSzVkfdRMHu7KMePoo+Md/yBbvIOR7Wu6EK8MvNbIdo417EpaAoxk+781nF/ll9r1TjfBcrrRDPsqAax3YqLkwXQn56iXWxv6ihNVaCNFg==,iv:W8TtqN+AuEwe6v88S92Lq0wPP9/Fk0gYv9s2rw//g5E=,tag:oNdQ3HoZuyy891nEqz3iFg==,type:str] + k8saggregator: + crt: ENC[AES256_GCM,data:LzlkicwYLb1JxEQtVi8E7XI7m2MIhjNCmpcaXNxsENC1gCwBQpKgzO1Ddu24zbye8WX0RCYcARMxyVZP7YIoKFEvhbOsr6eqGXILyJhs10UQcJrmqU5syEyKVTfB5KYoYxsPYowgYRA1NqU9a6bftxr4uea2fzIHbFD1vkasaS7d8iPuIzKVz9T4iRT1OUCj1FSOLtzVOglWMo7k4HwnAnz7f6Zs6x/q+Ov7wc8fU3dWuiDIfnLomhafMCqk4V5p2z5oF3B/SuFJRCat3IThCXRZgfUzcpHutKbymm4voTVev8ArW7RWq45AxSMeH1gAfWIZIQfIwMpS8iTdHKkgvmIjiq4tmy3GVKz3VE9THt9p5/8er2Z7jvWC94LBiewSi5gXhssVcnl3a2kn6wmlCYpXpvOXYWD006IGHbyyjmtouj4GUQLfLhc8PcFLuYkQvhmH5N/Ymd4vLQ7p09gSmoEiXoxRg75LDwm4i0l87OEDiZD8fOB7wqaB2FQ40+qVeV7+7BLwMgewfD0b/5h4BE7mhjn3KGDbnKRxPP1YfKPD2noYH+ywbn6xJYmueakplXu7fItf6K57+eTMpzM66tCKSHgxKRl+jDYDc5LSet4vd940DTdXTbTIQac1OWkgGJdlxvKBnfUDLYpEufGR0BINXSDlqT4Kca669+rlXr1jtWUkrrqGiPw/0Icy3G9+wPuVy8Fa4631EOiVE8ssQtA4X/qJ0w0dGq339TddNsOFGjyn4S+LgQYPlJTyXPMKBVmWxqo7iKwsFOMqGYdNsYImOt/VMytXfLaQ3IrluvZ5ZnFssMQKaL8M2a+oBYc7lsVqwaIu4+MzA/Fx8/8L75q/HtHqkJof/xHl9rpvvXjocdO54/gCDoTDqtR0a86dmJUVrk8aNlJkNj3+PBjlWZgaFsJ4crzREECWZ7U458DK15E0eWguZ7ULZPmgpcPx,iv:zR5Rp3bi3JFDccSezL/x0wdomZ5zElDUxmYPUzYjbHg=,tag:d6oUNOs45NCPrzXQtpGYNA==,type:str] + key: ENC[AES256_GCM,data:VdVjaa73MKj10p7hIr24RNrIdQD/akQ1a4wZ1r+Ckpv8PiUn62POxvSZIV7/JjBDn0nerGtqYSPSGlskb5wvVtrj/h/fq8mrEVIckW0oWt/NmG6XKUesUcZ79hTeeyfv1qwBjZmV0/Yao0ZEEbLE2NRdT01z0NLqss7D5swIn0LAvedy8zrE15yUVG7gnwmt2h8ccR5MtDKEbk6v0GTIaf8ualyfpq2K+7afEVDaI39Fhoi2QiyxQLre1mAR7GjFA9SD1mmJmt8zPIKZE+xpOi/RoZNweuzUpTg4ULeFZj1LuzBuls9zRLkSTHPH7Pk+NMd91YkpSK9P4Gl2itHW5hCpLnvlMOTn9+5oe3/FmRHUjOA2sOl0LXWEEAkSfIwjiyLUZgtGkUQ0ZnLKHNxCqw==,iv:yQJxbDFslYrX4bfehK7Osj46qVmF803ayHae90sJT2A=,tag:3Q0RLn/6xt0lSSIl987FuQ==,type:str] + k8sserviceaccount: + key: ENC[AES256_GCM,data:5bXLdj0AWpIMg82908jEV6fDPJ7NTfewMYMVBUs7CmAGvG5vNHY6FwrjtJBKvdMUdh0OeLxFuH7xYdUAMr6JV+lOactOqw4BZSHImVaHVot7JJWjpmM4dndcHX8xwhKi5LHSuoS6jzkEpnc/f0FC8T07UlwGWrEFvIVk+otiQvbqEgzivo5YGbW+9iQl44AhfnnDlYd78FPCgvUlBYJj20XLS7DOACN/5saSZLPCCRvWuTQ1k0Vxh8/5B+MKFSG99iwEfAbftyA1CWOWQqay3i74zQfBpvOsJYDXznYaDdmhbxa2I/jxce010/0RMiaKrhCkyxPyAfTwbpRMhDlzla7tefRs7kBvv4WiS1B7vMOswuMqQaRnltr0B5Yc0TRJpKBpxyq7rESt7tSSVhZTm7HKs/07ZfMGwpnrmIw/btO6VJ+jYLQqUBv85iNJ+AS6xusDxJMqlhLYFKcvQNVCslJGSZgH1nuHXRyQxa2pRo5zlaAAMDs4EUbayBTEJTieAb+a0O8+BdSyALyXAgYGO2Fsc89u54wVc1aFZFpkxUwILWGdIYtuhBguLU+C98h03rwJdaQQZY55plhmAhwJ6lkgGGRwCpuJeC8ITOCdAscTBkBcw7qDiru93ZTO8JlR2BwvFYCzc0zcEpurhxu7B/3zJELko4gsjMj5VEVYlRo2tje7nj1xfrKTwxrEavubUBwkxK+PD0eUNkRPdFOcpbBaPMOmFEYyftvXPlMkOEEIa+cG7rrgEH83TIAqFbjFg8EqvtYNQVr0cTkUmxBkCfL4oYrDEDbZJhYCIATMnSyVKZU63iD/SlPCOS9mlcNBBEuZndlGme8N5uFGjRywjr21l1msAO4rLmVRq2tcPGHiGMJB45pSYBKxnD4Ntnq1W81h0fIvd2JWmzgoZ6jettFo59jcf6LTd2Mup4P7cUgPlbuIFiVjyrskCdRs+snGRvMnHRsz2XxUaq5kRFMDsvZT603kNhY5RSlupABRG90O7JoThD8aaMGuUkHx45vnknkQYw4EyMtcH520B9ly4JTJZ6J4Z/YrQBK+i1PCi1LHZPPzYzVbeULo3XkKKqDQ1NWLTjh/CfpC/JE3uilbWjym8kxjHYh+Sm/kRoc9FMtoc3jR06EYtUMhlGKnHSdvmfmvpQiF6lB6QsaItdwYT78WxVNCCuavwdGVB22fgv1mJb1lBmsBbLyf2+RyQ6hOgGxzf1SNmw+0XoojGlknURBcDNZ47GsBjekf0AYYJievOLOEYIJw+yPb6KJe9yJAp9U949OcDk5Tb8t/HjBCll9a9BTv/puM4Z8rsW5JVhDFjh2zxeDfmRVOdokJM4OLo7iqkSfZ88mVQc1L6nh1Gs0HLgwTwB6DP56P7fgWoxlcOBZ8uxzU63Hea8JCGIhDabNVt0i/aIgK2W4OuPbxPraf4FT21m0yAUcJhy/Nu8h0Y4S/xWaLlJCiYSduOTv09YW7NP03xWP0Lxw2sLzFiZvn21sWmJtfCVzIymZAnGM4IFmK5p4xd3UOxnpNpy1EyhgqZDkNRIQDE/ckWpl5IR0Nt+/TBzB4eypvMLk/dJWDiL67jLSmPQ9Xt+eqP/MjQGmeXxE3AedUTrmNR2rGnVlLAKTcwDf54mRlzjJC4N9Owq6ztwYbHyo9GLleTmT+OQBwgr9p9PqkWJdgXAjwrviXvWj/84/LS424mbuM+61XnC9OlFpFecrNdFHwI5y9A70f3WXJmTfk8zvNT0ncHkaWdbOZoYJDJxvoxg3MJ8d22zM7JbjgJHANLFZtIeRafJ9M107a2rgPWK3bbsti+Wr3+wW6ga+KhdzY1tTTcpDn2UfRVtdWv/FbKM9nHXsMNsx98VPZdsIj5ucsXXD9++r4ponOtvb29D0Rl92In8QVM9U2/p/rizdwdKEIGyS3DO+rIMu4o8QtQNciXnBOdePh25SiPxBSFkNuBhPtmuurKOXPPIMTA936YVoR8M4ypMKwxpOE2KIZco2oCAMnnt15wH7Xt07Gu4hL3+c07JZVtgpE4SQVzTXmLh2xMhroYMhSJ3jjGoAuWusKYM3M3pbMvBEtvkLypiXM7I6Hrswr9h2tWC4nB4tTgiION7KTCp3cgt93B68OzGnUhn0XQ0Aki/KiAmnTWQfMD983Dnfz0zkNUdwBtrTWoPO3Y4NKx61xkl39paFGinGfeowwDVe/InIq2mZ2TJ9HM04OQ0CFQKzwj8irfZx5rloxX/y+D9rm/7/kavcXXRPuXmjdlEJraPWA3b+9Pg9+h0FdJKiBJXxkuG2AJt7CEIFDpIy76cQH0R24WM/2/SLy8+eBmpH+3i7KW3f8MqoUG3tMMiQcDiLuZi7XWTurCXztaKNEIADjl5InTZvsz5FPOe1Hp9xeam6Q6qOzUsI/9wTqfZnpk31RBFpXKgdsxBeMhFU6ot5ZsIAuUVjADAkpUJl8DmoIu1L7qgLzg8EriJvG9UOZKpGBxmiFCedxIJ/w4XSDDEuqePKdYEIsdnF/0vm9vHjQVU+72dKs/fdN5ON1hLeHMwI76WjXjNv101fsKxhbXyO1vDWd+QCjVVQZgwjl5ZBGfyUsKIwH+0tLBvcuZ2roQfc4M6LEtb0dV20k3k5pko9ThhVcqsR3VXstc1hn6WRKkdvytB8jeHy8IoIGfbDx33BN1dmxTiMcLo1ClHOTxXnJNP5drruFXcRCLiPn8IFUNYMD465Ak4nnj1aTIARi4YPkZ60HRFmQAshTUyarNlJKpEYi8A8av3R2nM47LayFTg6f5GGE3OQ9SOqd0WA8nbv/oqfLTe9NzTpQxzcdL7ZCoCdVdLOgKzO5VRby1tJxFmM8kH5kxTDyKQ7cqbxYHf2r2kHsQvsq6OFQK1RGK0dLczg1iHZqZ3Bc5bipS7ZwCbjqFRD01zwquqVpAxOq/L44fEpJvvrm2nl+cY5LdtcRqjnCYgiT1QIECbjQr5NjRll6VbFXx7jwvrs9GTZuaRiePiPg7jSlekxiHekLkEvrdipYgsX7sWs3Fjqu04+BlCyvvFojTNs/hpI4e6pg1n85hCk5ifRjcmLyWd34+O7+7zoNHq0L84F/ErDAv2UI+bE3hMmSr7JcVY6/gzf5qP9xb7PhDoOLpKeE8KokvhqlpGROZZ1DOTCE9VrhqKO3z1P0ZbCu4cJSOrQ5X+sNZAAOG/CszdpS5PdH8mNgOtZo9Kfg72xBZy3NCPbaJH+scIi8XtMbv3qoBqZb15lyqjcwIlryFOYROHALQ1nUson4WnUdHZBYROD4ddm9fDaBX3FTQTneX11WRSocO/eG6Dr3YTCkhOfrSsY78Uj+vWWoDZpTSUJ0JZaTDt6bGZd9gvDKIZaYzmElwrWW4hKexelVDcXK5q963a/lf7X0YjFuHuq8UJmoV/OnY7sZcAaAqJ45qA+TCKPz8hmZsu40DcaSSKPzoN3I4gEMo0ujppMEDQE6DAjK5iTPP5y3Etjd8sfbF6PW59YiyrP+PZ0w4pmfZQ/ICE9wxTiaNiht3MT7k25LTQovBiCBXqFdMxLXi2LKTM47IgiL4uaz4d+RxvOEfuVs8sD/duZriRKCfqD0BMhOQiEOaLDfDfbZKSBk82EQF1OzGbJ1h1G1+TZRr3RlMDTNAjffxCxMrpdPZafJ5VVm3tKKU485OhvpGoaxvCvIZ9xTA16FfQWPpDsVPVjfExvYu+UWFwS9ku7BFPyOjE+4sbFeG3AsBSgvO+mW+I4bQ9gMw+Y02X4kJxFcfwbglxXzcnx3emUb8gXznMytyD6hEsc2EKYjxQPWU0Irw0U4NWPNfE+brglDoen+a4CuIUGTOEtI17Tw3Y8GRCrJ5ik22vgGmo5RhDwHiEGbqLkTVsgCgBPYj1eQZUdyqAML3KchGICMeQK6yn8A8MBwkXFXmOEHwvj48OVZJMF1s+UyeLbACE9XIpigRCrK5VNbx7AEP3HQx0hxyoMYBMgI+DcKTK1xni1bOhRKq9ipbAnCc5mup0Ws8xNM0Wh67Cndw4rRtXSPAVxQXpAopXkgyatZzZEmuNy0IuoOLVFw3szveg/vId2mlC/zHnNzuPobXagBNGqEZUAQIJPYumyOWiOYIe2YLyZQuYoLKGOtCcBJXUtPa3T3lEtIPL5tnEe4aavj0jjBaVzclmWM8+61BYEuBiWeSYwURBuudhRvNgzHy0NOHOB12ywicrViWZqL8JtoWbkHxbFvOnq1RCgZiLGPQ76Bnrf+7ZTs/MQsxCpiIzb0LmwkMeDI7A4S1RaaADbnSjQyZORA0ucTqs/11E0TSNYsWR5fTbbrDdwrG613IjqPq51w44uGwAqsKRDexkIpUPZ9S2r0CkFXNENyV1sAYnUJpdXV2znMp0v/9Ns1a4R7u22vLT1iT/0otumyH9YYYptp3zi6YwX7k/dL2Da3CD+deOoXRY/5+AX6mnR/5f+3RbPUi/VOfMPnlzyzFSLZL2WpCPw1NUIY0st685RjTQ+HQpcJSFDvufdOKL2+2wWj5TIGWdOdDKk1bVKpTsLmgdGc2p1ewf/XMUBrd+2fH963L78C2SjS9runIw46nQNucN2LVg4tE6bWUOrw94ix6ryW0Fx65xqQhY99qKEicdn1bpiVdNfzObo2yklgN//a2fe73M0NCCaSNxU7KIiU84vq++SmuZAkSdXlWoCSbD+CDtGp5lYMcGf3EgXZn89JE9RyzLmZgUaDwxJxA9ZfVtxSz02k+ea/+SM48IGSWSPZyDrFClq0anyMW7nXzIO3udhfGi6FZkJ9dEfZKFn6/JB5fwvxWaupdol6GBJ0Bq0+Xt+BLwP37a3/X8Zo5pTJ69F3sxEeACVmydqwK+t8s8+nGDsuJ3WrOl2cD/pZtgHKqsJOrUWknBnzN0G7YzQys5e8JuwRQ2KklU4LlxIJ5XooJee5Uy7Obs8id10T+L/mg8GoMKRP4bpEzuZvI3aDYJUoyxBoRpNedq0/V359fw5ciqm6mjg3pBZHRHjZDSsaC7uhjb0PsYhcSDlWC/pK+GKq5RNOdWsUoCTNkghzs2dskmCRYGIR39nJC6kGDUhmR7cVLNkMT3BmW4/Ans1KammjuszjGc0HoYv3d9S32CZUmBEIq7rWQt7cXZnQoDejFslTVRVR1FgXEXBnQcItsxibdaspnmDDyPrdMPmnjH94fa/ptWXTvBpvhocBqo1xWM+FLJSYa7LHO/sRHKKTXuFsda2G3AZGR9LuSx3dyIkWVMDrTjdz7151mZlRu9vt3FHhYdf63WILSKXgmOIPVoX0hoGpNBLoNLeUKxqQ1Yak/+v+uu5j5qqrQZ8jpgoDZRhniNgENZPBsStzs5r9gBHozeprANnQ7lZij5/Bn4XB4oV4+uf6/b2S/Wda/fdl+PW276J8PfQHCFQlzQ7xM3qemNPQ/zy77jzt430MPYeINtH5+Q1wQzAMmyRho9R7+J8B3zCmzBuk7XZ9bRVuRPgLHjZB4317wO+l7YZvJ1Ngmy4UDsLDTgTemjQLxhkjhe+7tZIYlKmdXsaaHNgJudf3ai1nJvbtKcwI1j/sW/NyRK/Pj4Wm7dK6yPtBZbDixk/Qd4NaKU0FxhZjWQTOgNjARKQmwBhAlDQFAh9yRx/5bb3FDE88Lijgvze/soVrF7YRRJaj3RakCN4o7JkomWIy1aiYPD6CYLKnZCpRSB78618zPusdhJVEkhv6xXsOMRxwI2+cy1T7cdLdlbGnp47fC32Bg8DPfGFBA5CDUcmR1cEHLrxSadRv/g==,iv:QeKObYEgVaX8wH9Nue7Yj0gLyg7hbQaXO08+9wQPxys=,tag:5pY5Sm95X1HIPhXEOFgqTA==,type:str] + os: + crt: ENC[AES256_GCM,data:D+3h8MX6Nlebb/etFe6KJBaC8c9qiKy4AG097S6/HAoOjql5c0uADcpTxZo4FUfCGkZcftLuDp8PFb+cdDhsQ0ZY47U1y7BCTXqNqMnNDCLjUiNxuphZjWjcvxSFhqrrlc6QJFnG0TFoiRGoYp8KM9e9e0YXNajmOF98gDYaTC1+vOjjuLxx3Y0NXkMD0I/CjUDjryOvE4cJFuuXbvR2OExG3LmTWx1XtiNgvO+r0CTOszcu+uH/LTgoo2dx3p5LDauu7HFenEeCPS0vm8nKpCpfEtJYoJZwmj7W4vuB8fYdO1U32Qohkpg28L+py2nNAIj2K/af6psjirg1pGIee+34M71HPIp+HBvYsjA1S2mwKEQErw0ga4VKHHChQHVXrpnPIIExAm+ASo/e5EP9c6tLueQx/O0quBYWaK3lJxnDJmV6puTTWWOIo9nSdVC3mSjRM+xSA4UNPU0a5zzuqmYD/f6X1+Pt5LMx5cCt8g9pm+/csoEf66uAbjl2e5SLiPQ6qS7+kbjsO3AnKRPavy5Yh9G/ot0QDhE0nKJSfAcgcRHgyN4z4H1rbw/RxOe3o/ap2UCbvsa9CxlBksbX0guUe2U+X50kDaK1xZHSvpqvW36ZCxJj6imoNfG5TdcrFGIIiq8n5aBNIe4p0SZonSlpTeMQ9gGvL7iCq5rtRbwbb4F0WnlG1V/UaMUfugCT2Sl0zxvEiYLOQBBnOC9bVBAslh6a1VYcOnsLHGpLgpmkxM1vx6EQ8XSZCH/6hXfpiLYJibJDTCmwoyox7SjMGTinDqnrTmOmmXFtFAdugVH3LjAy9C0PS3dfOviLi3fUIUxIWxudhoH8uGEIYQn5ULdL+j1e7TBMqXHBqwAHH8ERM/1F,iv:jFtG9dLKATTsm+S9bi+gKkAxkVT6yKmykdpAq8o1R6U=,tag:nNuZr9luvMhChNhOATchfQ==,type:str] + key: ENC[AES256_GCM,data:s1OKY1KeYN+8SKu5IC5+MBaLznQhfdGjr8d3/6H3y3QrCLY+ghKEMzSdwGpwKg3ecS/77W0X4fKBWhEf2qAVkizDUFY+6LOo6iPyQEkmS4ukcXXtQZNMcYOl4B/3HAxDphLPC4XdKDmNoljQzljASXpwaCasdtfebpuEm5Zum6Teko2L8NIDIeW0jiRztu8ivtKNW/2196M5re8Mp2VzsFo60EeRB9dI73ETLiA6+RDyNb7e,iv:fPd6uSU8xJnO3Wj9ePN7a+SsLcRsEID87koEVjyGLsw=,tag:JO+jvMfWX2yo4mfLh4X1qg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2cVRmY2FDcHFoSSt5ZHNK + ZHQ2ZjA3bGxqTGpYSU1pU2RIVThveTdzc3pjCnBHMTUwMElQUWhBVHBGaURmbWsv + a2tBNFNOL25LZ3FtSXNIdytMeEVPMzgKLS0tIFNkc3FSK3V4RmZ3ZHlaWmJqMEJ3 + WHVFNUgyK0VvSEFHMWRkNG0za3lwcnMKqi3TfqUM+yqSpVSDspeG+6bY86RzaGgz + YBRFgB/UONHDt+B0cUTTVgovw9u5bKKhTBAansjTEf77curtEdv9Tg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-31T13:31:56Z" + mac: ENC[AES256_GCM,data:TrhWnn2O3l7GqoQ5wIiuCk8Ga1rlQFQUVRKVLvc2SGoTKnYeaMRtWwiZtMCLbIBcfyIlyUrXdDgeXJb5YQdP3L70kvtFhvLVw+8aFbruLVoeZflGliSgdX0+YV1MDAq/dRGt7514QuBUGB+7Zn1k66Kp9wyAaA2Vl8nGXvC7Ar4=,iv:XD6veM/bnOkPVaTptsO6Yg08BTNbT2vf2vUtBYkiEYM=,tag:YE/2VxxbaKx1oS6/6hQVCA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/kubernetes/flux/apps.yaml b/kubernetes/flux/apps.yaml new file mode 100644 index 000000000..408c48bff --- /dev/null +++ b/kubernetes/flux/apps.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cluster-apps + namespace: flux-system +spec: + interval: 30m + path: ./kubernetes/apps + prune: true + sourceRef: + kind: GitRepository + name: k8s-homelab + decryption: + provider: sops + secretRef: + name: sops-age + postBuild: + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets + - kind: ConfigMap + name: cluster-user-settings + optional: true + - kind: Secret + name: cluster-user-secrets + optional: true + patches: + - patch: |- + apiVersion: kustomize.toolkit.fluxcd.io/v1 + kind: Kustomization + metadata: + name: not-used + spec: + decryption: + provider: sops + secretRef: + name: sops-age + postBuild: + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets + - kind: ConfigMap + name: cluster-user-settings + optional: true + - kind: Secret + name: cluster-user-secrets + optional: true + target: + group: kustomize.toolkit.fluxcd.io + kind: Kustomization + labelSelector: substitution.flux.home.arpa/disabled notin (true) diff --git a/kubernetes/flux/config/cluster.yaml b/kubernetes/flux/config/cluster.yaml new file mode 100644 index 000000000..e1712665a --- /dev/null +++ b/kubernetes/flux/config/cluster.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: k8s-homelab + namespace: flux-system +spec: + interval: 30m + url: "https://github.com/tuxpeople/k8s-homelab.git" + ref: + branch: "main" + ignore: | + # exclude all + /* + # include kubernetes directory + !/kubernetes +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cluster + namespace: flux-system +spec: + interval: 30m + path: ./kubernetes/flux + prune: true + wait: false + sourceRef: + kind: GitRepository + name: k8s-homelab + decryption: + provider: sops + secretRef: + name: sops-age + postBuild: + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets diff --git a/kubernetes/flux/config/flux.yaml b/kubernetes/flux/config/flux.yaml new file mode 100644 index 000000000..4f9bb975b --- /dev/null +++ b/kubernetes/flux/config/flux.yaml @@ -0,0 +1,86 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: OCIRepository +metadata: + name: flux-manifests + namespace: flux-system +spec: + interval: 10m + url: oci://ghcr.io/fluxcd/flux-manifests + ref: + tag: v2.3.0 +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: flux + namespace: flux-system +spec: + interval: 10m + path: ./ + prune: true + wait: true + sourceRef: + kind: OCIRepository + name: flux-manifests + patches: + # Remove the network policies + - patch: | + $patch: delete + apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: not-used + target: + group: networking.k8s.io + kind: NetworkPolicy + # Increase the number of reconciliations that can be performed in parallel and bump the resources limits + # https://fluxcd.io/flux/cheatsheets/bootstrap/#increase-the-number-of-workers + - patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --concurrent=8 + - op: add + path: /spec/template/spec/containers/0/args/- + value: --kube-api-qps=500 + - op: add + path: /spec/template/spec/containers/0/args/- + value: --kube-api-burst=1000 + - op: add + path: /spec/template/spec/containers/0/args/- + value: --requeue-dependency=5s + target: + kind: Deployment + name: (kustomize-controller|helm-controller|source-controller) + - patch: | + apiVersion: apps/v1 + kind: Deployment + metadata: + name: not-used + spec: + template: + spec: + containers: + - name: manager + resources: + limits: + cpu: 2000m + memory: 2Gi + target: + kind: Deployment + name: (kustomize-controller|helm-controller|source-controller) + # Enable Helm near OOM detection + # https://fluxcd.io/flux/cheatsheets/bootstrap/#enable-helm-near-oom-detection + - patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --feature-gates=OOMWatch=true + - op: add + path: /spec/template/spec/containers/0/args/- + value: --oom-watch-memory-threshold=95 + - op: add + path: /spec/template/spec/containers/0/args/- + value: --oom-watch-interval=500ms + target: + kind: Deployment + name: helm-controller diff --git a/kubernetes/flux/config/kustomization.yaml b/kubernetes/flux/config/kustomization.yaml new file mode 100644 index 000000000..ef231746a --- /dev/null +++ b/kubernetes/flux/config/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./flux.yaml + - ./cluster.yaml diff --git a/kubernetes/flux/repositories/git/kustomization.yaml b/kubernetes/flux/repositories/git/kustomization.yaml new file mode 100644 index 000000000..ccb4b09e7 --- /dev/null +++ b/kubernetes/flux/repositories/git/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - local-path-provisioner.yaml diff --git a/kubernetes/flux/repositories/git/local-path-provisioner.yaml b/kubernetes/flux/repositories/git/local-path-provisioner.yaml new file mode 100644 index 000000000..7bfb50f2c --- /dev/null +++ b/kubernetes/flux/repositories/git/local-path-provisioner.yaml @@ -0,0 +1,17 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: local-path-provisioner + namespace: flux-system +spec: + interval: 30m + url: https://github.com/rancher/local-path-provisioner + ref: + tag: v0.0.27 + ignore: |- + # exclude all + /* + # include kubernetes directory + !/deploy/chart/local-path-provisioner diff --git a/kubernetes/flux/repositories/git/synology-csi-chart.yaml b/kubernetes/flux/repositories/git/synology-csi-chart.yaml new file mode 100644 index 000000000..1a6e78fe7 --- /dev/null +++ b/kubernetes/flux/repositories/git/synology-csi-chart.yaml @@ -0,0 +1,17 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: synology-csi-chart + namespace: flux-system +spec: + interval: 30m + url: https://github.com/SynologyOpenSource/synology-csi + ref: + branch: main + ignore: |- + # exclude all + /* + # include kubernetes directory + !/deploy/helm diff --git a/kubernetes/flux/repositories/helm/backube.yaml b/kubernetes/flux/repositories/helm/backube.yaml new file mode 100644 index 000000000..f2335deaf --- /dev/null +++ b/kubernetes/flux/repositories/helm/backube.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: backube + namespace: flux-system +spec: + interval: 1h + url: https://backube.github.io/helm-charts/ diff --git a/kubernetes/flux/repositories/helm/bitnami.yaml b/kubernetes/flux/repositories/helm/bitnami.yaml new file mode 100644 index 000000000..1dcdba438 --- /dev/null +++ b/kubernetes/flux/repositories/helm/bitnami.yaml @@ -0,0 +1,11 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: bitnami + namespace: flux-system +spec: + type: oci + interval: 1h + url: oci://registry-1.docker.io/bitnamicharts diff --git a/kubernetes/flux/repositories/helm/bjw-s.yaml b/kubernetes/flux/repositories/helm/bjw-s.yaml new file mode 100644 index 000000000..a40b5d778 --- /dev/null +++ b/kubernetes/flux/repositories/helm/bjw-s.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: bjw-s + namespace: flux-system +spec: + type: oci + interval: 5m + url: oci://ghcr.io/bjw-s/helm diff --git a/kubernetes/flux/repositories/helm/cilium.yaml b/kubernetes/flux/repositories/helm/cilium.yaml new file mode 100644 index 000000000..3aee36788 --- /dev/null +++ b/kubernetes/flux/repositories/helm/cilium.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: cilium + namespace: flux-system +spec: + interval: 1h + url: https://helm.cilium.io diff --git a/kubernetes/flux/repositories/helm/coredns.yaml b/kubernetes/flux/repositories/helm/coredns.yaml new file mode 100644 index 000000000..3bdbbafbe --- /dev/null +++ b/kubernetes/flux/repositories/helm/coredns.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: coredns + namespace: flux-system +spec: + interval: 1h + url: https://coredns.github.io/helm diff --git a/kubernetes/flux/repositories/helm/crossplane.yaml b/kubernetes/flux/repositories/helm/crossplane.yaml new file mode 100644 index 000000000..e4303d548 --- /dev/null +++ b/kubernetes/flux/repositories/helm/crossplane.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: crossplane + namespace: flux-system +spec: + interval: 1h + url: https://charts.crossplane.io/stable diff --git a/kubernetes/flux/repositories/helm/csi-driver-nfs.yaml b/kubernetes/flux/repositories/helm/csi-driver-nfs.yaml new file mode 100644 index 000000000..f046387f5 --- /dev/null +++ b/kubernetes/flux/repositories/helm/csi-driver-nfs.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: csi-driver-nfs + namespace: flux-system +spec: + interval: 1h + url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts diff --git a/kubernetes/flux/repositories/helm/deliveryheroio.yaml b/kubernetes/flux/repositories/helm/deliveryheroio.yaml new file mode 100644 index 000000000..54b68118b --- /dev/null +++ b/kubernetes/flux/repositories/helm/deliveryheroio.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: deliveryheroio + namespace: flux-system +spec: + interval: 1h + url: https://charts.deliveryhero.io diff --git a/kubernetes/flux/repositories/helm/democratic-csi.yaml b/kubernetes/flux/repositories/helm/democratic-csi.yaml new file mode 100644 index 000000000..f86db37fe --- /dev/null +++ b/kubernetes/flux/repositories/helm/democratic-csi.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: democratic-csi + namespace: flux-system +spec: + interval: 1h + url: https://democratic-csi.github.io/charts/ diff --git a/kubernetes/flux/repositories/helm/external-dns.yaml b/kubernetes/flux/repositories/helm/external-dns.yaml new file mode 100644 index 000000000..a44512667 --- /dev/null +++ b/kubernetes/flux/repositories/helm/external-dns.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: external-dns + namespace: flux-system +spec: + interval: 1h + url: https://kubernetes-sigs.github.io/external-dns diff --git a/kubernetes/flux/repositories/helm/external-secrets.yaml b/kubernetes/flux/repositories/helm/external-secrets.yaml new file mode 100644 index 000000000..bcf54eb5e --- /dev/null +++ b/kubernetes/flux/repositories/helm/external-secrets.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: external-secrets + namespace: flux-system +spec: + interval: 1h + url: https://charts.external-secrets.io diff --git a/kubernetes/flux/repositories/helm/fairwinds.yaml b/kubernetes/flux/repositories/helm/fairwinds.yaml new file mode 100755 index 000000000..3c23554c0 --- /dev/null +++ b/kubernetes/flux/repositories/helm/fairwinds.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: fairwinds + namespace: flux-system +spec: + interval: 1h + url: https://charts.fairwinds.com/stable diff --git a/kubernetes/flux/repositories/helm/grafana.yaml b/kubernetes/flux/repositories/helm/grafana.yaml new file mode 100644 index 000000000..b8350a97c --- /dev/null +++ b/kubernetes/flux/repositories/helm/grafana.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: grafana + namespace: flux-system +spec: + interval: 1h + url: https://grafana.github.io/helm-charts diff --git a/kubernetes/flux/repositories/helm/hajimari.yaml b/kubernetes/flux/repositories/helm/hajimari.yaml new file mode 100644 index 000000000..26d997d82 --- /dev/null +++ b/kubernetes/flux/repositories/helm/hajimari.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: hajimari + namespace: flux-system +spec: + interval: 1h + url: https://hajimari.io diff --git a/kubernetes/flux/repositories/helm/ingress-nginx.yaml b/kubernetes/flux/repositories/helm/ingress-nginx.yaml new file mode 100644 index 000000000..82a0d0fff --- /dev/null +++ b/kubernetes/flux/repositories/helm/ingress-nginx.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: ingress-nginx + namespace: flux-system +spec: + interval: 1h + url: https://kubernetes.github.io/ingress-nginx diff --git a/kubernetes/flux/repositories/helm/jetstack.yaml b/kubernetes/flux/repositories/helm/jetstack.yaml new file mode 100644 index 000000000..737e06af0 --- /dev/null +++ b/kubernetes/flux/repositories/helm/jetstack.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: jetstack + namespace: flux-system +spec: + interval: 1h + url: https://charts.jetstack.io diff --git a/kubernetes/flux/repositories/helm/k8s-gateway.yaml b/kubernetes/flux/repositories/helm/k8s-gateway.yaml new file mode 100644 index 000000000..63a90615e --- /dev/null +++ b/kubernetes/flux/repositories/helm/k8s-gateway.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: k8s-gateway + namespace: flux-system +spec: + interval: 1h + url: https://ori-edge.github.io/k8s_gateway diff --git a/kubernetes/flux/repositories/helm/kubereboot.yaml b/kubernetes/flux/repositories/helm/kubereboot.yaml new file mode 100755 index 000000000..f6a50edbc --- /dev/null +++ b/kubernetes/flux/repositories/helm/kubereboot.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: kubereboot + namespace: flux-system +spec: + interval: 1h + url: https://kubereboot.github.io/charts/ diff --git a/kubernetes/flux/repositories/helm/kubernetes-dashboard.yaml b/kubernetes/flux/repositories/helm/kubernetes-dashboard.yaml new file mode 100644 index 000000000..e82e8c69d --- /dev/null +++ b/kubernetes/flux/repositories/helm/kubernetes-dashboard.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: kubernetes-dashboard + namespace: flux-system +spec: + interval: 1h + url: https://kubernetes.github.io/dashboard/ diff --git a/kubernetes/flux/repositories/helm/kubernetes-sigs-descheduler-charts.yaml b/kubernetes/flux/repositories/helm/kubernetes-sigs-descheduler-charts.yaml new file mode 100644 index 000000000..34c93c98f --- /dev/null +++ b/kubernetes/flux/repositories/helm/kubernetes-sigs-descheduler-charts.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: kubernetes-sigs-descheduler-charts + namespace: flux-system +spec: + interval: 1h + url: https://kubernetes-sigs.github.io/descheduler diff --git a/kubernetes/flux/repositories/helm/kustomization.yaml b/kubernetes/flux/repositories/helm/kustomization.yaml new file mode 100644 index 000000000..c909c63d9 --- /dev/null +++ b/kubernetes/flux/repositories/helm/kustomization.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - bjw-s.yaml + - coredns.yaml + - openebs.yaml + - postfinance.yaml + - spegel.yaml + - backube.yaml + - bitnami.yaml + - cilium.yaml + - crossplane.yaml + - csi-driver-nfs.yaml + - deliveryheroio.yaml + - democratic-csi.yaml + - external-dns.yaml + - external-secrets.yaml + - fairwinds.yaml + - grafana.yaml + - hajimari.yaml + - ingress-nginx.yaml + - jetstack.yaml + - k8s-gateway.yaml + - kubereboot.yaml + - kubernetes-dashboard.yaml + - kubernetes-sigs-descheduler-charts.yaml + - longhorn.yaml + - mariadb-operator.yaml + - metallb.yaml + - metrics-server.yaml + - minecraft-server-charts.yaml + - minio.yaml + - mittwald-charts.yaml + - netdata.yaml + - piraeus.yaml + - prometheus-community.yaml + - rancher.yaml + - s3gw-charts.yaml + - stakater.yaml + - traefik-charts.yaml + - vector-charts.yaml + - vmware-charts.yaml + - weave-gitops.yaml diff --git a/kubernetes/flux/repositories/helm/longhorn.yaml b/kubernetes/flux/repositories/helm/longhorn.yaml new file mode 100755 index 000000000..d9c4116dc --- /dev/null +++ b/kubernetes/flux/repositories/helm/longhorn.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: longhorn + namespace: flux-system +spec: + interval: 1h + url: https://charts.longhorn.io diff --git a/kubernetes/flux/repositories/helm/mariadb-operator.yaml b/kubernetes/flux/repositories/helm/mariadb-operator.yaml new file mode 100644 index 000000000..90068fb12 --- /dev/null +++ b/kubernetes/flux/repositories/helm/mariadb-operator.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: mariadb-operator + namespace: flux-system +spec: + interval: 1h + url: https://mariadb-operator.github.io/mariadb-operator diff --git a/kubernetes/flux/repositories/helm/metallb.yaml b/kubernetes/flux/repositories/helm/metallb.yaml new file mode 100644 index 000000000..99862cd90 --- /dev/null +++ b/kubernetes/flux/repositories/helm/metallb.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: metallb + namespace: flux-system +spec: + interval: 1h + url: https://metallb.github.io/metallb diff --git a/kubernetes/flux/repositories/helm/metrics-server.yaml b/kubernetes/flux/repositories/helm/metrics-server.yaml new file mode 100644 index 000000000..27a44828a --- /dev/null +++ b/kubernetes/flux/repositories/helm/metrics-server.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: metrics-server + namespace: flux-system +spec: + interval: 1h + url: https://kubernetes-sigs.github.io/metrics-server diff --git a/kubernetes/flux/repositories/helm/minecraft-server-charts.yaml b/kubernetes/flux/repositories/helm/minecraft-server-charts.yaml new file mode 100644 index 000000000..387a5fa77 --- /dev/null +++ b/kubernetes/flux/repositories/helm/minecraft-server-charts.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: minecraft-server-charts + namespace: flux-system +spec: + interval: 1h + url: https://itzg.github.io/minecraft-server-charts/ diff --git a/kubernetes/flux/repositories/helm/minio.yaml b/kubernetes/flux/repositories/helm/minio.yaml new file mode 100644 index 000000000..513eb9d6d --- /dev/null +++ b/kubernetes/flux/repositories/helm/minio.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: minio + namespace: flux-system +spec: + interval: 1h + url: https://charts.min.io/ diff --git a/kubernetes/flux/repositories/helm/mittwald-charts.yaml b/kubernetes/flux/repositories/helm/mittwald-charts.yaml new file mode 100755 index 000000000..d501dbe7e --- /dev/null +++ b/kubernetes/flux/repositories/helm/mittwald-charts.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: mittwald-charts + namespace: flux-system +spec: + interval: 1h + url: https://helm.mittwald.de diff --git a/kubernetes/flux/repositories/helm/netdata.yaml b/kubernetes/flux/repositories/helm/netdata.yaml new file mode 100644 index 000000000..1e0a67505 --- /dev/null +++ b/kubernetes/flux/repositories/helm/netdata.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: netdata + namespace: flux-system +spec: + interval: 1h + url: https://netdata.github.io/helmchart/ diff --git a/kubernetes/flux/repositories/helm/openebs.yaml b/kubernetes/flux/repositories/helm/openebs.yaml new file mode 100644 index 000000000..4f48013ee --- /dev/null +++ b/kubernetes/flux/repositories/helm/openebs.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: openebs + namespace: flux-system +spec: + interval: 1h + url: https://openebs.github.io/openebs diff --git a/kubernetes/flux/repositories/helm/piraeus.yaml b/kubernetes/flux/repositories/helm/piraeus.yaml new file mode 100644 index 000000000..48f1ade3c --- /dev/null +++ b/kubernetes/flux/repositories/helm/piraeus.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: piraeus + namespace: flux-system +spec: + interval: 1h + url: https://piraeus.io/helm-charts/ diff --git a/kubernetes/flux/repositories/helm/postfinance.yaml b/kubernetes/flux/repositories/helm/postfinance.yaml new file mode 100644 index 000000000..b14a64d8e --- /dev/null +++ b/kubernetes/flux/repositories/helm/postfinance.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: postfinance + namespace: flux-system +spec: + interval: 1h + url: https://postfinance.github.io/kubelet-csr-approver diff --git a/kubernetes/flux/repositories/helm/prometheus-community.yaml b/kubernetes/flux/repositories/helm/prometheus-community.yaml new file mode 100644 index 000000000..318a1a514 --- /dev/null +++ b/kubernetes/flux/repositories/helm/prometheus-community.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: prometheus-community + namespace: flux-system +spec: + type: oci + interval: 5m + url: oci://ghcr.io/prometheus-community/charts diff --git a/kubernetes/flux/repositories/helm/rancher.yaml b/kubernetes/flux/repositories/helm/rancher.yaml new file mode 100644 index 000000000..e1992c501 --- /dev/null +++ b/kubernetes/flux/repositories/helm/rancher.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: rancher-charts-release-2-7 + namespace: flux-system +spec: + interval: 1h + url: https://raw.githubusercontent.com/rancher/charts/release-v2.7 diff --git a/kubernetes/flux/repositories/helm/s3gw-charts.yaml b/kubernetes/flux/repositories/helm/s3gw-charts.yaml new file mode 100644 index 000000000..4ef26700d --- /dev/null +++ b/kubernetes/flux/repositories/helm/s3gw-charts.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: s3gw-charts + namespace: flux-system +spec: + interval: 1h + url: https://aquarist-labs.github.io/s3gw-charts/ diff --git a/kubernetes/flux/repositories/helm/spegel.yaml b/kubernetes/flux/repositories/helm/spegel.yaml new file mode 100644 index 000000000..d9a8b2cd3 --- /dev/null +++ b/kubernetes/flux/repositories/helm/spegel.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: spegel + namespace: flux-system +spec: + type: oci + interval: 5m + url: oci://ghcr.io/spegel-org/helm-charts diff --git a/kubernetes/flux/repositories/helm/stakater.yaml b/kubernetes/flux/repositories/helm/stakater.yaml new file mode 100644 index 000000000..98a3f6455 --- /dev/null +++ b/kubernetes/flux/repositories/helm/stakater.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: stakater + namespace: flux-system +spec: + interval: 1h + url: https://stakater.github.io/stakater-charts diff --git a/kubernetes/flux/repositories/helm/traefik-charts.yaml b/kubernetes/flux/repositories/helm/traefik-charts.yaml new file mode 100755 index 000000000..961c2e89c --- /dev/null +++ b/kubernetes/flux/repositories/helm/traefik-charts.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: traefik-charts + namespace: flux-system +spec: + interval: 1h + url: https://helm.traefik.io/traefik diff --git a/kubernetes/flux/repositories/helm/vector-charts.yaml b/kubernetes/flux/repositories/helm/vector-charts.yaml new file mode 100644 index 000000000..c5d5db948 --- /dev/null +++ b/kubernetes/flux/repositories/helm/vector-charts.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: vector-charts + namespace: flux-system +spec: + interval: 1h + url: https://helm.vector.dev diff --git a/kubernetes/flux/repositories/helm/vmware-charts.yaml b/kubernetes/flux/repositories/helm/vmware-charts.yaml new file mode 100644 index 000000000..184bad3d1 --- /dev/null +++ b/kubernetes/flux/repositories/helm/vmware-charts.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: vmware-charts + namespace: flux-system +spec: + interval: 1h + url: https://vmware-tanzu.github.io/helm-charts diff --git a/kubernetes/flux/repositories/helm/weave-gitops.yaml b/kubernetes/flux/repositories/helm/weave-gitops.yaml new file mode 100644 index 000000000..49362c1d8 --- /dev/null +++ b/kubernetes/flux/repositories/helm/weave-gitops.yaml @@ -0,0 +1,11 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: weave-gitops + namespace: flux-system +spec: + type: oci + interval: 1h + url: oci://ghcr.io/weaveworks/charts diff --git a/kubernetes/flux/repositories/kustomization.yaml b/kubernetes/flux/repositories/kustomization.yaml new file mode 100644 index 000000000..d158d426e --- /dev/null +++ b/kubernetes/flux/repositories/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./git + - ./helm + - ./oci diff --git a/kubernetes/flux/repositories/oci/kustomization.yaml b/kubernetes/flux/repositories/oci/kustomization.yaml new file mode 100644 index 000000000..fe0f332a9 --- /dev/null +++ b/kubernetes/flux/repositories/oci/kustomization.yaml @@ -0,0 +1,4 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: [] diff --git a/kubernetes/flux/vars/cluster-secrets.sops.yaml b/kubernetes/flux/vars/cluster-secrets.sops.yaml new file mode 100644 index 000000000..49fee87cf --- /dev/null +++ b/kubernetes/flux/vars/cluster-secrets.sops.yaml @@ -0,0 +1,56 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cluster-secrets + namespace: flux-system +stringData: + SECRET_DOMAIN: ENC[AES256_GCM,data:AQnk/6O+9a7GqTOtocP+,iv:sGI8XQI8FoP1aJgLU9aExvaWISbqSJXeovie9cF/efw=,tag:l9bAUh9mk8gzifcIpf63Dg==,type:str] + SECRET_CH_DOMAIN: ENC[AES256_GCM,data:T0a3mVOS+Vw54d4=,iv:pHHSUWK8k7F3UWOaQzqFTfgWtrR8DlWEtCRwYumdAgI=,tag:UnA3OkV3gHaYCfCuR0CGCA==,type:str] + SECRET_ACME_EMAIL: ENC[AES256_GCM,data:AzkD9UR3YvVLeaoiP5wzAf2/RgM=,iv:50ouAodVHtU+mKDTcw8Gf2tbMONXeru/Y2lzRqq8eNc=,tag:UIdWBeEpUTFp3bEpLZ14UQ==,type:str] + SECRET_DNS_TARGET: ENC[AES256_GCM,data:vc/03+qUJ64j+oC+r2thCe/oM3IkAeLR+u/Hzw==,iv:XD6fJ/vlipSCk1mWnijuCO0BPceQpIGsHn3acEyRYk8=,tag:CG6FAJF4mfbV3B34OxXcgA==,type:str] + SECRET_ALERT_MANAGER_DISCORD_WEBHOOK: ENC[AES256_GCM,data:T5exoxlyZsqZxmrRXucIpJMPHkYky4CRRmF5Fbo69XpNTLdfSwWu0jMXc3Xc817fDv12HAOIC+0W1iVQTGh3u+ZvCyZr1eQ0H9p69M9J5hBpIG+IiVYAlp0P63D6AjUB2yEGj6CG1QBxprehJg2iEPt29OKaElY2eY0=,iv:FxgBi0MN+58L89EkceerI1cAZ6QdIekF05Kf6T4vEOc=,tag:yFmDoBHF5niq2GBkLvvXsw==,type:str] + #ENC[AES256_GCM,data:kts04vU=,iv:I9sMTk8KeXiCnpOfFVL/Xsggj6bCprl/kupvWSAMmE4=,tag:xMZlyDMcwXJf0tJ4anYEpg==,type:comment] + SECRET_OIDC_CLIENT_SECRET_GRAFANA: ENC[AES256_GCM,data:J4OqXkUXVksbBydzj7f32Guo+r6+MMXiKsIXD/NC8NHe6fD4slK4z27loqfQCsigThOh35ZloIewcxKnnm39U/2+Kpc1caOq,iv:K6E5Vc+MwN6WCU1KvFngTlkuiOrqUqWZ03gqBH5y7bE=,tag:T2oIEsWEbt8bPFz+NgUvyQ==,type:str] + SECRET_OIDC_CLIENT_SECRET_SHARRY: ENC[AES256_GCM,data:Ax9ijTdpGsN1XXxizZlZroJqb9HZIw93IFjyAgME2DzGzRZ4Ieh+IBZP+/PS3mrDLYic01qREgMCkjmoTJ2lBxtClPqFXoNC,iv:NVvVUW/SbI8qbEQlq7vq5FaXqS6QGc2Afc9qx9jDKeg=,tag:UUooY3V/17mHXz5lXh2DQQ==,type:str] + #ENC[AES256_GCM,data:sbJJqXPZBmXb,iv:AIicm3upbT/n1v6ozZIyiGhOq71mdrqoDXoGNY9VYuA=,tag:OFLG0mVjeLhWZGEUKFscww==,type:comment] + SECRET_PLEXTOKEN: ENC[AES256_GCM,data:36jDgZpWryIsSGbjtLLR1oChPf0=,iv:2h7ZwpQwHLJzwCYoeFMGq41uzOB6ISPMfU8j6Z/RpR0=,tag:RMzs5x+YgWvwuPXCqMUWaw==,type:str] + SECRET_SONARR_URL: ENC[AES256_GCM,data:9OB3lhXDoByOy6U23XaDWU3qHCiIZWE=,iv:95YiZvdYceAS/aCFwBJjlOVl+xctbCOAo8QdxSw24iM=,tag:NjgIKmA4sJm0Cce5/H3dMg==,type:str] + SECRET_SONARR_API_KEY: ENC[AES256_GCM,data:UxQ5OOBL/StzU4hNfertvvvW6e5TxHqaoCPelo1rIL4=,iv:xry7dWzm+mvb7u/4LX/pdC4lkEN6W8GpImG4FZQpN3E=,tag:npdSsTg+SiTrXybIvsJ7Vg==,type:str] + SECRET_RADARR_URL: ENC[AES256_GCM,data:SY9IJlBTc4iSOSQKuUoug/kZyLIGIxc=,iv:5bcW0bvkzvkpr8HjciEzXXhzp0eNI3Mct9F2jX/PRGI=,tag:RkFv1NIJWwPxxWx9wVdv5A==,type:str] + SECRET_RADARR_API_KEY: ENC[AES256_GCM,data:R+BEsPWcRqMRQB0e/Db/8ZC6g8jFgsI5Vi7og4kxJtY=,iv:MCs0yDCUCoDZERConzBd1lN73DjCC7xhj4fKTVhV53s=,tag:ZXLoXJ2f6pYhF9qtulyM+A==,type:str] + SECRET_TAUTULLI_URL: ENC[AES256_GCM,data:q/o5b3KknJOZNSkcERlOZTjgoJg8pQhSkBB3mx0Pj0JgRfBfg3Od3L0hn6Q=,iv:EIcM9poI7Ilm9SOB0CJInEQJemOycHcCyuRAKUEq29M=,tag:AUi3IzisX//YTOT2aKx8BQ==,type:str] + SECRET_TAUTULLI_API_KEY: ENC[AES256_GCM,data:6/w3LF3aV/hhzqwVDN3SRqs32se3PqlNIEXbgjj/Klc=,iv:E+gY8kJswT+c+OEtykwJwhG8eshDUtFCZCiHvOwLP50=,tag:mgM8RcerCvtavV69seJrzQ==,type:str] + SECRET_PROWLARR_URL: ENC[AES256_GCM,data:tx+uQp0JqexbQp0SLci8gjoF4Anyll0=,iv:hP6bxxz9ka6oLkdpKuhNbmGBKz8sPf4a5q0P6THHjn4=,tag:9aPo50iwXdtUhefOZPFuaQ==,type:str] + SECRET_PROWLARR_API_KEY: ENC[AES256_GCM,data:18/rf44X+RJeqe92lEqtPHJeAvULS/wH0dYJhdEVeN8=,iv:uCKJ97M5Uv1sva0hJV1zMgIUvZGuK8jrXr+X+JJI80E=,tag:cnXSf0kPnRueL40CNX/2Pg==,type:str] + #ENC[AES256_GCM,data:iulkxLHR+g==,iv:5Hz+HTdZUXdbghI7uT6+fFvcTHTXfRdcYtNw4p9Sc9U=,tag:i9GXdAMDWbHJPGFEnVLT3g==,type:comment] + CODESERVER_PASSWORD: ENC[AES256_GCM,data:CIAckUgeUewOn6eo,iv:hhX5bZvxuAI170XwD1Yyh1+CzhsURMPH6hX+8kvrLhQ=,tag:myv5cpAqTRU7P/y/9BQeLA==,type:str] + #ENC[AES256_GCM,data:FcPRaiTT,iv:MtdaPsjz+kYmymisIr5jgF8ZTTE4oIdrnpu6mhCLwJ8=,tag:4XVfaTbYRzFenmKCtVC1fA==,type:comment] + SECRET_MINIO_ACCESSKEY: ENC[AES256_GCM,data:odNvfDY=,iv:g0d58AUoNeusF3Qvf5twnAFL+C3t3VNuyA4f83LlMek=,tag:fWfGQBOy+lhxRLw8HfroQQ==,type:str] + SECRET_MINIO_SECRETKEY: ENC[AES256_GCM,data:BYIl+WMToImSDaa2hNwS8lPwBCdC/i4zm9ESUYwx,iv:v4wyavKbLnmK/fsqhK2QK9p8EIddX7oyjSJhrbwqFY8=,tag:G/MSTbmWeG0TTIb/JmTB1g==,type:str] + SECRET_MINIO_BEARERTOKEN: ENC[AES256_GCM,data:aFHUUpvxGCZ/crrr2jh6n8kGbqXPjopV6dJ2VbJhyrEIPJbCm6l7jgRr7G+TFSjMPuPoLxT29WfXhx0cmzBRR6mpR454UWm6b6e/nKYVQUtNODYo6Wj5MAhS6WMGY61hT4g2a8SKbpiKq4cRF+IYMHPLT3Yq13v+0sch3rNqNq+YQOPU9bgs+X6SRIYba5zZooiN+ax95B5cCOVhUyoE78gmAmqIcXDoX1RaiJA+npzLeWO6PYKc1hZlT7Gy3Ql0,iv:q9fzAY+Cp9JWe1+c7Ci2hczdLNBWHOBil9FYpwCgAEk=,tag:MnE1r/r/R0Bqi0qfTewRAQ==,type:str] + #ENC[AES256_GCM,data:0epvlPUKnGQ=,iv:R0h8HYS3NKjHIZ0yosP7NHNq1wydPtF2k2WovZC9Xto=,tag:4vWBJ0MXeScfPZ9WMB7gpA==,type:comment] + SECRET_YOUTUBE_TOKEN: ENC[AES256_GCM,data:mCzrgzcVcDqNZdXkp6bZrI6M+DNM9exvJzZyF4NZ4QBSLfKJZDyF,iv:UeQYNCa3VjoHv3+QCJ8Polqc0ISN3XgKp8T+IzLnedE=,tag:Cntf3jQOuZCw3AHD2MY09w==,type:str] + #ENC[AES256_GCM,data:XVXC3A==,iv:YLRaC2DYj3/c93j56lqU7lKk2ocodVRw900szduQvK8=,tag:R/8/GnDalzKbvy5GSSsReQ==,type:comment] + NAS_ADDRESS: ENC[AES256_GCM,data:jBHBzqLLUdpvYng=,iv:hAYNKZ4Y6t9lobtr87oZ8f6O/FbqOn6W0iUkxRZamwk=,tag:n180VkxVNXIDP5C90LF8eg==,type:str] + CSI_USERNAME: ENC[AES256_GCM,data:O5+2Ise8DmQ=,iv:yICNhsjNRn7hSeBv5OVTrFoVBF+0d2EjFta1l4q1wRI=,tag:4LzXWJxnIBK2d8A7EhwvGw==,type:str] + CSI_PASSWORD: ENC[AES256_GCM,data:D5FOeKPMbgyG+4jV5A==,iv:rGOUXa5NX4FJ2tP0UMWrRtpfuJgltHKanxSAchw454o=,tag:Rvru90y+XjeWFS9suVwoUw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUnVVRGhUempRRFAyczJF + bHZraFM1V2tYaWpnNnlzZzZ3c0l3Q29acFhnCjZJdzNzMkI3Vjl6MEJaS1dMWGt1 + Yk1RNTFVWE5tRkJNbW95VWY0Q21vMFkKLS0tIGZ2U1huTjRUOTZtclowTVBHa3lw + QmRwenZ2dnRhWWN6V1Rpd21hWUtFdFUK0SJxmwzKrJz0o/+JpokO8keflLaGvJHf + XNhAaCGFyaHO14DXDPATpmJgarQLJievIZuvB165T2CwhKJfpRZkfg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-05T06:56:07Z" + mac: ENC[AES256_GCM,data:Y6R9HXKoPtHMddZ8HlVTuY5wO0Ub0he3gDHNVh9rJ0ZS5+TgV5I6hCMdpDLGHlg8XXpMnw3teKxJYAx9NPD5aBZmmKbpqjZfShQLWmbBND/pNLmj4zgLBTjNpYOfURmTOS8mbZutD9TCm7qkj2bsOQ0ZULXaq7zgWkinfEjzSeM=,iv:WUzgUTUlOmMlYxO7siWzDZfqnpawOUQINIuZzjZDY+c=,tag:1cYoO11Io9FSyJzmETqd1w==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 diff --git a/kubernetes/flux/vars/cluster-settings.yaml b/kubernetes/flux/vars/cluster-settings.yaml new file mode 100644 index 000000000..875fa7d1f --- /dev/null +++ b/kubernetes/flux/vars/cluster-settings.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-settings + namespace: flux-system +data: + TIMEZONE: Europe/Zurich + STORAGE_KUST: longhorn-app + MAIN_SC: longhorn + CILIUM_LB_RANGE: 192.168.13.64/27 # Network range 192.168.13.64 - 192.168.13.95 / Usable range 192.168.13.65 - 192.168.13.94 + CILIUM_LB_SMTP_ADDR: 192.168.13.72 + CILIUM_LB_VECTOR_ADDR: 192.168.13.71 + CILIUM_LB_MINECRAFT4_ADDR: 192.168.13.70 + CILIUM_LB_MINECRAFT3_ADDR: 192.168.13.69 + CILIUM_LB_MINECRAFT2_ADDR: 192.168.13.68 + CILIUM_LB_MINECRAFT1_ADDR: 192.168.13.67 + CILIUM_LB_K8S_GATEWAY_ADDR: 192.168.13.66 + CILIUM_LB_INGRESS_ADDR: 192.168.13.65 + KUBE_VIP_ADDR: 192.168.13.110 + CLUSTER_CIDR: 10.42.0.0/16 + SERVICE_CIDR: 10.43.0.0/16 diff --git a/kubernetes/flux/vars/kustomization.yaml b/kubernetes/flux/vars/kustomization.yaml new file mode 100644 index 000000000..8db2fe911 --- /dev/null +++ b/kubernetes/flux/vars/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./cluster-settings.yaml + - ./cluster-secrets.sops.yaml diff --git a/kubernetes/shared/gatus/check/configmap.yaml b/kubernetes/shared/gatus/check/configmap.yaml new file mode 100644 index 000000000..fbf130960 --- /dev/null +++ b/kubernetes/shared/gatus/check/configmap.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: "${APP}-gatus" + labels: + gatus.io/enabled: "true" +data: + config.yaml: | + endpoints: + - name: "${APP}" + group: external + url: "https://${GATUS_SUBDOMAIN:-${APP}}.${SECRET_DOMAIN}${GATUS_PATH:-/}" + interval: 1m + ui: + hide-hostname: true + hide-url: true + client: + dns-resolver: tcp://192.168.8.1:53 + conditions: + - "[STATUS] == ${GATUS_STATUS:-200}" + alerts: + - type: discord diff --git a/kubernetes/shared/gatus/check/kustomization.yaml b/kubernetes/shared/gatus/check/kustomization.yaml new file mode 100644 index 000000000..e09060b99 --- /dev/null +++ b/kubernetes/shared/gatus/check/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./configmap.yaml diff --git a/kubernetes/shared/gatus/dns-only/configmap.yaml b/kubernetes/shared/gatus/dns-only/configmap.yaml new file mode 100644 index 000000000..b35291a37 --- /dev/null +++ b/kubernetes/shared/gatus/dns-only/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: "${APP}-gatus" + labels: + gatus.io/enabled: "true" +data: + config.yaml: | + endpoints: + - name: "${APP}" + group: guarded + url: 1.1.1.1 + interval: 1m + ui: + hide-hostname: true + hide-url: true + dns: + query-name: "${GATUS_SUBDOMAIN:-${APP}}.${SECRET_DOMAIN}" + query-type: A + conditions: + - "len([BODY]) == 0" + alerts: + - type: discord diff --git a/kubernetes/shared/gatus/dns-only/kustomization.yaml b/kubernetes/shared/gatus/dns-only/kustomization.yaml new file mode 100644 index 000000000..e09060b99 --- /dev/null +++ b/kubernetes/shared/gatus/dns-only/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./configmap.yaml diff --git a/kubernetes/shared/volsync/claim.yaml b/kubernetes/shared/volsync/claim.yaml new file mode 100644 index 000000000..6602d0691 --- /dev/null +++ b/kubernetes/shared/volsync/claim.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: "${APP}" +spec: + accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] + dataSourceRef: + kind: ReplicationDestination + apiGroup: volsync.backube + name: "${APP}-dst" + resources: + requests: + storage: "${VOLSYNC_CAPACITY}" + storageClassName: "${VOLSYNC_STORAGECLASS:-longhorn}" diff --git a/kubernetes/shared/volsync/kustomization.yaml b/kubernetes/shared/volsync/kustomization.yaml new file mode 100644 index 000000000..8b8cd32d8 --- /dev/null +++ b/kubernetes/shared/volsync/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./claim.yaml + - ./minio.yaml diff --git a/kubernetes/shared/volsync/minio.yaml b/kubernetes/shared/volsync/minio.yaml new file mode 100644 index 000000000..78e2427c1 --- /dev/null +++ b/kubernetes/shared/volsync/minio.yaml @@ -0,0 +1,75 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: "${APP}-volsync" +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword + target: + name: "${APP}-volsync-secret" + template: + engineVersion: v2 + data: + RESTIC_REPOSITORY: "s3:{{ .BUCKET_HOST }}/velero/${APP}" + RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}" + AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}" + AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}" + dataFrom: + - extract: + key: minio + - extract: + key: volsync-minio-restic +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: "${APP}" +spec: + sourcePVC: "${APP}" + trigger: + schedule: "0 * * * *" + restic: + copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}" + pruneIntervalDays: 7 + repository: "${APP}-volsync-secret" + volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-longhorn}" + cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}" + cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-longhorn}" + cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"] + storageClassName: "${VOLSYNC_STORAGECLASS:-longhorn}" + accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] + moverSecurityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + retain: + hourly: 24 + daily: 7 + weekly: 5 +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationdestination_v1alpha1.json +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationDestination +metadata: + name: "${APP}-dst" +spec: + trigger: + manual: restore-once + restic: + repository: "${APP}-volsync-secret" + copyMethod: Snapshot # must be Snapshot + volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-longhorn}" + cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-longhorn}" + cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"] + cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}" + storageClassName: "${VOLSYNC_STORAGECLASS:-longhorn}" + accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"] + capacity: "${VOLSYNC_CAPACITY}" + # moverSecurityContext: + # runAsUser: 568 + # runAsGroup: 568 + # fsGroup: 568 diff --git a/makejinja.toml b/makejinja.toml new file mode 100644 index 000000000..52845a379 --- /dev/null +++ b/makejinja.toml @@ -0,0 +1,18 @@ +[makejinja] +inputs = ["./bootstrap/overrides","./bootstrap/templates"] +output = "./" +exclude_patterns = [".mjfilter.py", "*.partial.yaml.j2"] +data = ["./config.yaml"] +import_paths = ["./bootstrap/scripts"] +loaders = ["plugin:Plugin"] +jinja_suffix = ".j2" +force = true +undefined = "chainable" + +[makejinja.delimiter] +block_start = "#%" +block_end = "%#" +comment_start = "#|" +comment_end = "#|" +variable_start = "#{" +variable_end = "}#" diff --git a/readme.md b/readme.md old mode 100755 new mode 100644 index d75e4ea10..852d986dc --- a/readme.md +++ b/readme.md @@ -1,27 +1,412 @@ - +# ⛵ Cluster Template -# My home Kubernetes cluster :sailboat: -_... managed by Flux and serviced with RenovateBot_ :robot: +Welcome to my opinionated and extensible template for deploying a single Kubernetes cluster. The goal of this project is to make it easier for people interested in using Kubernetes to deploy a cluster at home on bare-metal or VMs. -
-
-
+At a high level this project makes use of [makejinja](https://github.com/mirkolenz/makejinja) to read in a [configuration file](./config.sample.yaml) which renders out templates that will allow you to install and manage your Kubernetes cluster with. -[![k3s](https://img.shields.io/badge/v1.25.5-orange?style=for-the-badge)](https://k3s.io/) -[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white&style=for-the-badge)](https://github.com/pre-commit/pre-commit) -[![renovate](https://img.shields.io/badge/renovate-enabled-green?style=for-the-badge&logo=data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjUgNSAzNzAgMzcwIj48Y2lyY2xlIGN4PSIxODkiIGN5PSIxOTAiIHI9IjE4NCIgZmlsbD0iI2ZlMiIvPjxwYXRoIGZpbGw9IiM4YmIiIGQ9Ik0yNTEgMjU2bC0zOC0zOGExNyAxNyAwIDAxMC0yNGw1Ni01NmMyLTIgMi02IDAtN2wtMjAtMjFhNSA1IDAgMDAtNyAwbC0xMyAxMi05LTggMTMtMTNhMTcgMTcgMCAwMTI0IDBsMjEgMjFjNyA3IDcgMTcgMCAyNGwtNTYgNTdhNSA1IDAgMDAwIDdsMzggMzh6Ii8+PHBhdGggZmlsbD0iI2Q1MSIgZD0iTTMwMCAyODhsLTggOGMtNCA0LTExIDQtMTYgMGwtNDYtNDZjLTUtNS01LTEyIDAtMTZsOC04YzQtNCAxMS00IDE1IDBsNDcgNDdjNCA0IDQgMTEgMCAxNXoiLz48cGF0aCBmaWxsPSIjYjMwIiBkPSJNMjg1IDI1OGw3IDdjNCA0IDQgMTEgMCAxNWwtOCA4Yy00IDQtMTEgNC0xNiAwbC02LTdjNCA1IDExIDUgMTUgMGw4LTdjNC01IDQtMTIgMC0xNnoiLz48cGF0aCBmaWxsPSIjYTMwIiBkPSJNMjkxIDI2NGw4IDhjNCA0IDQgMTEgMCAxNmwtOCA3Yy00IDUtMTEgNS0xNSAwbC05LThjNSA1IDEyIDUgMTYgMGw4LThjNC00IDQtMTEgMC0xNXoiLz48cGF0aCBmaWxsPSIjZTYyIiBkPSJNMjYwIDIzM2wtNC00Yy02LTYtMTctNi0yMyAwLTcgNy03IDE3IDAgMjRsNCA0Yy00LTUtNC0xMSAwLTE2bDgtOGM0LTQgMTEtNCAxNSAweiIvPjxwYXRoIGZpbGw9IiNiNDAiIGQ9Ik0yODQgMzA0Yy00IDAtOC0xLTExLTRsLTQ3LTQ3Yy02LTYtNi0xNiAwLTIybDgtOGM2LTYgMTYtNiAyMiAwbDQ3IDQ2YzYgNyA2IDE3IDAgMjNsLTggOGMtMyAzLTcgNC0xMSA0em0tMzktNzZjLTEgMC0zIDAtNCAybC04IDdjLTIgMy0yIDcgMCA5bDQ3IDQ3YTYgNiAwIDAwOSAwbDctOGMzLTIgMy02IDAtOWwtNDYtNDZjLTItMi0zLTItNS0yeiIvPjxwYXRoIGZpbGw9IiMxY2MiIGQ9Ik0xNTIgMTEzbDE4LTE4IDE4IDE4LTE4IDE4em0xLTM1bDE4LTE4IDE4IDE4LTE4IDE4em0tOTAgODlsMTgtMTggMTggMTgtMTggMTh6bTM1LTM2bDE4LTE4IDE4IDE4LTE4IDE4eiIvPjxwYXRoIGZpbGw9IiMxZGQiIGQ9Ik0xMzQgMTMxbDE4LTE4IDE4IDE4LTE4IDE4em0tMzUgMzZsMTgtMTggMTggMTgtMTggMTh6Ii8+PHBhdGggZmlsbD0iIzJiYiIgZD0iTTExNiAxNDlsMTgtMTggMTggMTgtMTggMTh6bTU0LTU0bDE4LTE4IDE4IDE4LTE4IDE4em0tODkgOTBsMTgtMTggMTggMTgtMTggMTh6bTEzOS04NWwyMyAyM2M0IDQgNCAxMSAwIDE2TDE0MiAyNDBjLTQgNC0xMSA0LTE1IDBsLTI0LTI0Yy00LTQtNC0xMSAwLTE1bDEwMS0xMDFjNS01IDEyLTUgMTYgMHoiLz48cGF0aCBmaWxsPSIjM2VlIiBkPSJNMTM0IDk1bDE4LTE4IDE4IDE4LTE4IDE4em0tNTQgMThsMTgtMTcgMTggMTctMTggMTh6bTU1LTUzbDE4LTE4IDE4IDE4LTE4IDE4em05MyA0OGwtOC04Yy00LTUtMTEtNS0xNiAwTDEwMyAyMDFjLTQgNC00IDExIDAgMTVsOCA4Yy00LTQtNC0xMSAwLTE1bDEwMS0xMDFjNS00IDEyLTQgMTYgMHoiLz48cGF0aCBmaWxsPSIjOWVlIiBkPSJNMjcgMTMxbDE4LTE4IDE4IDE4LTE4IDE4em01NC01M2wxOC0xOCAxOCAxOC0xOCAxOHoiLz48cGF0aCBmaWxsPSIjMGFhIiBkPSJNMjMwIDExMGwxMyAxM2M0IDQgNCAxMSAwIDE2TDE0MiAyNDBjLTQgNC0xMSA0LTE1IDBsLTEzLTEzYzQgNCAxMSA0IDE1IDBsMTAxLTEwMWM1LTUgNS0xMSAwLTE2eiIvPjxwYXRoIGZpbGw9IiMxYWIiIGQ9Ik0xMzQgMjQ4Yy00IDAtOC0yLTExLTVsLTIzLTIzYTE2IDE2IDAgMDEwLTIzTDIwMSA5NmExNiAxNiAwIDAxMjIgMGwyNCAyNGM2IDYgNiAxNiAwIDIyTDE0NiAyNDNjLTMgMy03IDUtMTIgNXptNzgtMTQ3bC00IDItMTAxIDEwMWE2IDYgMCAwMDAgOWwyMyAyM2E2IDYgMCAwMDkgMGwxMDEtMTAxYTYgNiAwIDAwMC05bC0yNC0yMy00LTJ6Ii8+PC9zdmc+)](https://github.com/renovatebot/renovate) -[![GitHub stars](https://img.shields.io/github/stars/tuxpeople/k8s-homelab?color=green&style=flat-square)](https://github.com/tuxpeople/k8s-homelab/stargazers) -[![GitHub issues](https://img.shields.io/github/issues/tuxpeople/k8s-homelab?style=flat-square)](https://github.com/tuxpeople/k8s-homelab/issues) -[![GitHub last commit](https://img.shields.io/github/last-commit/tuxpeople/k8s-homelab?color=purple&style=flat-square)](https://github.com/tuxpeople/k8s-homelab/commits/master) +## ✨ Features ---- +The features included will depend on the type of configuration you want to use. There are currently **2 different types** of **configurations** available with this template. -## :book:  Overview +1. **"Flux cluster"** - a Kubernetes cluster deployed on-top of [Talos Linux](https://github.com/siderolabs/talos) with an opinionated implementation of [Flux](https://github.com/fluxcd/flux2) using [GitHub](https://github.com/) as the Git provider and [sops](https://github.com/getsops/sops) to manage secrets. -This repository _is_ my home Kubernetes cluster in a declarative state. [Flux](https://github.com/fluxcd/flux2) watches my [cluster](./kubernetes/) folder and makes the changes to my cluster based on the YAML manifests. + - **Required:** Some knowledge of [Containers](https://opencontainers.org/), [YAML](https://yaml.org/), and [Git](https://git-scm.com/). + - **Components:** [flux](https://github.com/fluxcd/flux2), [Cilium](https://github.com/cilium/cilium),[cert-manager](https://github.com/cert-manager/cert-manager), [spegel](https://github.com/spegel-org/spegel), [reloader](https://github.com/stakater/Reloader), and [openebs](https://github.com/openebs/openebs). -Feel free to open a [Github issue](https://github.com/tuxpeople/k8s-homelab/issues/new/choose) if you have any questions. +2. **"Flux cluster with Cloudflare"** - An addition to "**Flux cluster**" that provides DNS and SSL with [Cloudflare](https://www.cloudflare.com/). [Cloudflare Tunnel](https://www.cloudflare.com/products/tunnel/) is also included to provide external access to certain applications deployed in your cluster. -This repository ispired by many other here on Github. Most of them are based on the [k8s-at-home/template-cluster-k3s](https://github.com/k8s-at-home/template-cluster-k3s) repository. + - **Required:** A Cloudflare account with a domain managed in your Cloudflare account. + - **Components:** [ingress-nginx](https://github.com/kubernetes/ingress-nginx/), [external-dns](https://github.com/kubernetes-sigs/external-dns) and [cloudflared](https://github.com/cloudflare/cloudflared). -To see more like this repo, take a look at their [curated list](https://github.com/k8s-at-home/awesome-k8s-homelab). +**Other features include:** + +- A [Renovate](https://www.mend.io/renovate)-ready repository with pull request diffs provided by [flux-local](https://github.com/allenporter/flux-local) +- Integrated [GitHub Actions](https://github.com/features/actions) with helpful workflows. + +## 💻 Machine Preparation + +### System requirements + +> [!NOTE] +> 1. The included behaviour of Talos is that all nodes are able to run workloads, **including** the controller nodes. **Worker nodes** are therefore **optional**. +> 2. Do you have 3 or more nodes? It is highly recommended to make 3 of them controller nodes for a highly available control plane. +> 3. Running the cluster on Proxmox VE? My thoughts and recommendations about that are documented [here](https://onedr0p.github.io/home-ops/notes/proxmox-considerations.html). + +| Role | Cores | Memory | System Disk | +|---------|----------|---------------|---------------------------| +| Control | 4 _(6*)_ | 8GB _(24GB*)_ | 120GB _(500GB*)_ SSD/NVMe | +| Worker | 4 _(6*)_ | 8GB _(24GB*)_ | 120GB _(500GB*)_ SSD/NVMe | +| _\* recommended_ | + +1. Head over to and follow the instructions which will eventually lead you to download a Talos Linux iso file (or for SBCs the `.raw.xz`). Make sure to note the schematic ID you will need this later on. + +2. Flash the iso or raw file to a USB drive and boot to Talos on your nodes with it. + +3. Continue on to 🚀 [**Getting Started**](#-getting-started) + +## 🚀 Getting Started + +Once you have installed Talos on your nodes, there are six stages to getting a Flux-managed cluster up and runnning. + +> [!NOTE] +> For all stages below the commands **MUST** be ran on your personal workstation within your repository directory + +### 🎉 Stage 1: Create a Git repository + +1. Create a new **public** repository by clicking the big green "Use this template" button at the top of this page. + +2. Clone **your new repo** to you local workstation and `cd` into it. + +3. Continue on to 🌱 [**Stage 2**](#-stage-2-setup-your-local-workstation-environment) + +### 🌱 Stage 2: Setup your local workstation + +You have two different options for setting up your local workstation. + +- First option is using a `devcontainer` which requires you to have Docker and VSCode installed. This method is the fastest to get going because all the required CLI tools are provided for you in my [devcontainer](https://github.com/onedr0p/cluster-template/pkgs/container/cluster-template%2Fdevcontainer) image. +- The second option is setting up the CLI tools directly on your workstation. + +#### Devcontainer method + +1. Start Docker and open your repository in VSCode. There will be a pop-up asking you to use the `devcontainer`, click the button to start using it. + +2. Continue on to 🔧 [**Stage 3**](#-stage-3-bootstrap-configuration) + +#### Non-devcontainer method + +1. Install the most recent version of [task](https://taskfile.dev/), see the [installation docs](https://taskfile.dev/installation/) for other supported platforms. + + ```sh + # Homebrew + brew install go-task + # or, Arch + pacman -S --noconfirm go-task && ln -sf /usr/bin/go-task /usr/local/bin/task + ``` + +2. Install the most recent version of [direnv](https://direnv.net/), see the [installation docs](https://direnv.net/docs/installation.html) for other supported platforms. + + ```sh + # Homebrew + brew install direnv + # or, Arch + pacman -S --noconfirm direnv + ``` + +3. [Hook `direnv` into your preferred shell](https://direnv.net/docs/hook.html), then run: + + ```sh + task workstation:direnv + ``` + + 📍 _**Verify** that `direnv` is setup properly by opening a new terminal and `cd`ing into your repository. You should see something like:_ + + ```sh + cd /path/to/repo + direnv: loading /path/to/repo/.envrc + direnv: export +ANSIBLE_COLLECTIONS_PATH ... +VIRTUAL_ENV ~PATH + ``` + +4. Install the additional **required** CLI tools + + 📍 _**Not using Homebrew or ArchLinux?** Try using the generic Linux task below, if that fails check out the [Brewfile](.taskfiles/Workstation/Brewfile)/[Archfile](.taskfiles/Workstation/Archfile) for what CLI tools needed and install them._ + + ```sh + # Homebrew + task workstation:brew + # or, Arch with yay/paru + task workstation:arch + # or, Generic Linux (YMMV, this pulls binaires in to ./bin) + task workstation:generic-linux + ``` + +5. Setup a Python virual environment by running the following task command. + + 📍 _This commands requires Python 3.11+ to be installed._ + + ```sh + task workstation:venv + ``` + +6. Continue on to 🔧 [**Stage 3**](#-stage-3-bootstrap-configuration) + +### 🔧 Stage 3: Bootstrap configuration + +> [!NOTE] +> The [config.sample.yaml](./config.sample.yaml) file contains config that is **vital** to the bootstrap process. + +1. Generate the `config.yaml` from the [config.sample.yaml](./config.sample.yaml) configuration file. + + ```sh + task init + ``` + +2. Fill out the `config.yaml` configuration file using the comments in that file as a guide. + +3. Run the following command which will generate all the files needed to continue. + + ```sh + task configure + ``` + +4. Push you changes to git + + 📍 _**Verify** all the `./kubernetes/**/*.sops.*` files are **encrypted** with SOPS_ + + ```sh + git add -A + git commit -m "Initial commit :rocket:" + git push + ``` + +### ⛵ Stage 4: Install Kubernetes + +1. Deploy your cluster and bootstrap it. This generates secrets, generates the config files for your nodes and applies them. It bootstraps the cluster afterwards, fetches the kubeconfig file and installs Cilium and kubelet-csr-approver. It finishes with some health checks. + + ```sh + task talos:bootstrap + ``` + +2. ⚠️ It might take a while for the cluster to be setup (10+ minutes is normal), during which time you will see a variety of error messages like: "couldn't get current server API group list," "error: no matching resources found", etc. This is a normal. If this step gets interrupted, e.g. by pressing Ctrl + C, you likely will need to [nuke the cluster](#-Nuke) before trying again. + +#### Cluster validation + +1. The `kubeconfig` for interacting with your cluster should have been created in the root of your repository. + +2. Verify the nodes are online + + 📍 _If this command **fails** you likely haven't configured `direnv` as [mentioned previously](#non-devcontainer-method) in the guide._ + + ```sh + kubectl get nodes -o wide + # NAME STATUS ROLES AGE VERSION + # k8s-0 Ready control-plane,etcd,master 1h v1.30.1 + # k8s-1 Ready worker 1h v1.30.1 + ``` + +3. Continue on to 🔹 [**Stage 6**](#-stage-6-install-flux-in-your-cluster) + +### 🔹 Stage 6: Install Flux in your cluster + +1. Verify Flux can be installed + + ```sh + flux check --pre + # ► checking prerequisites + # ✔ kubectl 1.30.1 >=1.18.0-0 + # ✔ Kubernetes 1.30.1 >=1.16.0-0 + # ✔ prerequisites checks passed + ``` + +2. Install Flux and sync the cluster to the Git repository + + 📍 _Run `task flux:github-deploy-key` first if using a private repository._ + + ```sh + task flux:bootstrap + # namespace/flux-system configured + # customresourcedefinition.apiextensions.k8s.io/alerts.notification.toolkit.fluxcd.io created + # ... + ``` + +1. Verify Flux components are running in the cluster + + ```sh + kubectl -n flux-system get pods -o wide + # NAME READY STATUS RESTARTS AGE + # helm-controller-5bbd94c75-89sb4 1/1 Running 0 1h + # kustomize-controller-7b67b6b77d-nqc67 1/1 Running 0 1h + # notification-controller-7c46575844-k4bvr 1/1 Running 0 1h + # source-controller-7d6875bcb4-zqw9f 1/1 Running 0 1h + ``` + +### 🎤 Verification Steps + +_Mic check, 1, 2_ - In a few moments applications should be lighting up like Christmas in July 🎄 + +1. Output all the common resources in your cluster. + + 📍 _Feel free to use the provided [kubernetes tasks](.taskfiles/Kubernetes/Taskfile.yaml) for validation of cluster resources or continue to get familiar with the `kubectl` and `flux` CLI tools._ + + ```sh + task kubernetes:resources + ``` + +2. ⚠️ It might take `cert-manager` awhile to generate certificates, this is normal so be patient. + +3. 🏆 **Congratulations** if all goes smooth you will have a Kubernetes cluster managed by Flux and your Git repository is driving the state of your cluster. + +4. 🧠 Now it's time to pause and go get some motel motor oil ☕ and admire you made it this far! + +## 📣 Flux w/ Cloudflare post installation + +#### 🌐 Public DNS + +The `external-dns` application created in the `networking` namespace will handle creating public DNS records. By default, `echo-server` and the `flux-webhook` are the only subdomains reachable from the public internet. In order to make additional applications public you must set set the correct ingress class name and ingress annotations like in the HelmRelease for `echo-server`. + +#### 🏠 Home DNS + +`k8s_gateway` will provide DNS resolution to external Kubernetes resources (i.e. points of entry to the cluster) from any device that uses your home DNS server. For this to work, your home DNS server must be configured to forward DNS queries for `${bootstrap_cloudflare.domain}` to `${bootstrap_cloudflare.gateway_vip}` instead of the upstream DNS server(s) it normally uses. This is a form of **split DNS** (aka split-horizon DNS / conditional forwarding). + +> [!TIP] +> Below is how to configure a Pi-hole for split DNS. Other platforms should be similar. +> 1. Apply this file on the Pihole server while substituting the variables +> ```sh +> # /etc/dnsmasq.d/99-k8s-gateway-forward.conf +> server=/${bootstrap_cloudflare.domain}/${bootstrap_cloudflare.gateway_vip} +> ``` +> 2. Restart dnsmasq on the server. +> 3. Query an internal-only subdomain from your workstation (any `internal` class ingresses): `dig @${home-dns-server-ip} echo-server-internal.${bootstrap_cloudflare.domain}`. It should resolve to `${bootstrap_cloudflare.ingress_vip}`. + +If you're having trouble with DNS be sure to check out these two GitHub discussions: [Internal DNS](https://github.com/onedr0p/cluster-template/discussions/719) and [Pod DNS resolution broken](https://github.com/onedr0p/cluster-template/discussions/635). + +... Nothing working? That is expected, this is DNS after all! + +#### 📜 Certificates + +By default this template will deploy a wildcard certificate using the Let's Encrypt **staging environment**, which prevents you from getting rate-limited by the Let's Encrypt production servers if your cluster doesn't deploy properly (for example due to a misconfiguration). Once you are sure you will keep the cluster up for more than a few hours be sure to switch to the production servers as outlined in `config.yaml`. + +📍 _You will need a production certificate to reach internet-exposed applications through `cloudflared`._ + +#### 🪝 Github Webhook + +By default Flux will periodically check your git repository for changes. In order to have Flux reconcile on `git push` you must configure Github to send `push` events to Flux. + +> [!NOTE] +> This will only work after you have switched over certificates to the Let's Encrypt Production servers. + +1. Obtain the webhook path + + 📍 _Hook id and path should look like `/hook/12ebd1e363c641dc3c2e430ecf3cee2b3c7a5ac9e1234506f6f5f3ce1230e123`_ + + ```sh + kubectl -n flux-system get receiver github-receiver -o jsonpath='{.status.webhookPath}' + ``` + +2. Piece together the full URL with the webhook path appended + + ```text + https://flux-webhook.${bootstrap_cloudflare.domain}/hook/12ebd1e363c641dc3c2e430ecf3cee2b3c7a5ac9e1234506f6f5f3ce1230e123 + ``` + +3. Navigate to the settings of your repository on Github, under "Settings/Webhooks" press the "Add webhook" button. Fill in the webhook url and your `bootstrap_github_webhook_token` secret and save. + +## 💥 Nuke + +There might be a situation where you want to destroy your Kubernetes cluster. The following command will reset your nodes back to maintenance mode, append `--force` to completely format your the Talos installation. Either way the nodes should reboot after the command has run. + +```sh +task talos:nuke +``` + +## 🤖 Renovate + +[Renovate](https://www.mend.io/renovate) is a tool that automates dependency management. It is designed to scan your repository around the clock and open PRs for out-of-date dependencies it finds. Common dependencies it can discover are Helm charts, container images, GitHub Actions, Ansible roles... even Flux itself! Merging a PR will cause Flux to apply the update to your cluster. + +To enable Renovate, click the 'Configure' button over at their [Github app page](https://github.com/apps/renovate) and select your repository. Renovate creates a "Dependency Dashboard" as an issue in your repository, giving an overview of the status of all updates. The dashboard has interactive checkboxes that let you do things like advance scheduling or reattempt update PRs you closed without merging. + +The base Renovate configuration in your repository can be viewed at [.github/renovate.json5](./.github/renovate.json5). By default it is scheduled to be active with PRs every weekend, but you can [change the schedule to anything you want](https://docs.renovatebot.com/presets-schedule), or remove it if you want Renovate to open PRs right away. + +## 🐛 Debugging + +Below is a general guide on trying to debug an issue with an resource or application. For example, if a workload/resource is not showing up or a pod has started but in a `CrashLoopBackOff` or `Pending` state. + +1. Start by checking all Flux Kustomizations & Git Repository & OCI Repository and verify they are healthy. + + ```sh + flux get sources oci -A + flux get sources git -A + flux get ks -A + ``` + +2. Then check all the Flux Helm Releases and verify they are healthy. + + ```sh + flux get hr -A + ``` + +3. Then check the if the pod is present. + + ```sh + kubectl -n get pods -o wide + ``` + +4. Then check the logs of the pod if its there. + + ```sh + kubectl -n logs -f + # or + stern -n + ``` + +5. If a resource exists try to describe it to see what problems it might have. + + ```sh + kubectl -n describe + ``` + +6. Check the namespace events + + ```sh + kubectl -n get events --sort-by='.metadata.creationTimestamp' + ``` + +Resolving problems that you have could take some tweaking of your YAML manifests in order to get things working, other times it could be a external factor like permissions on NFS. If you are unable to figure out your problem see the help section below. + +## ⬆️ Upgrading Talos and Kubernetes + +### Manual + +```sh +# Upgrade Talos to a newer version +# NOTE: This needs to be run once on every node +task talos:upgrade node=? image=? +# e.g. +# task talos:upgrade node=192.168.42.10 image=factory.talos.dev/installer/${schematic_id}:v1.7.4 +``` + +```sh +# Upgrade Kubernetes to a newer version +# NOTE: This only needs to be run once against a controller node +task talos:upgrade-k8s controller=? to=? +# e.g. +# task talos:upgrade-k8s controller=192.168.42.10 to=1.30.1 +``` + +## 👉 Help + +- Make a post in this repository's Github [Discussions](https://github.com/onedr0p/cluster-template/discussions). +- Start a thread in the `#support` or `#cluster-template` channels in the [Home Operations](https://discord.gg/home-operations) Discord server. + +## ❔ What's next + +The cluster is your oyster (or something like that). Below are some optional considerations you might want to review. + +### Ship it + +To browse or get ideas on applications people are running, community member [@whazor](https://github.com/whazor) created [Kubesearch](https://kubesearch.dev) as a creative way to search Flux HelmReleases across Github and Gitlab. + +### Storage + +The included CSI (openebs in local-hostpath mode) is a great start for storage but soon you might find you need more features like replicated block storage, or to connect to a NFS/SMB/iSCSI server. If you need any of those features be sure to check out the projects like [rook-ceph](https://github.com/rook/rook), [longhorn](https://github.com/longhorn/longhorn), [openebs](https://github.com/openebs/openebs), [democratic-csi](https://github.com/democratic-csi/democratic-csi), [csi-driver-nfs](https://github.com/kubernetes-csi/csi-driver-nfs), +and [synology-csi](https://github.com/SynologyOpenSource/synology-csi). + +## 🙌 Related Projects + +If this repo is too hot to handle or too cold to hold check out these following projects. + +- [khuedoan/homelab](https://github.com/khuedoan/homelab) - _Modern self-hosting framework, fully automated from empty disk to operating services with a single command._ +- [danmanners/aws-argo-cluster-template](https://github.com/danmanners/aws-argo-cluster-template) - _A community opinionated template for deploying Kubernetes clusters on-prem and in AWS using Pulumi, SOPS, Sealed Secrets, GitHub Actions, Renovate, Cilium and more!_ +- [ricsanfre/pi-cluster](https://github.com/ricsanfre/pi-cluster) - _Pi Kubernetes Cluster. Homelab kubernetes cluster automated with Ansible and ArgoCD_ +- [techno-tim/k3s-ansible](https://github.com/techno-tim/k3s-ansible) - _The easiest way to bootstrap a self-hosted High Availability Kubernetes cluster. A fully automated HA k3s etcd install with kube-vip, MetalLB, and more_ + +## ⭐ Stargazers + +
+ +[![Star History Chart](https://api.star-history.com/svg?repos=onedr0p/cluster-template&type=Date)](https://star-history.com/#onedr0p/cluster-template&Date) + +
+ +## 🤝 Thanks + +Big shout out to all the contributors, sponsors and everyone else who has helped on this project. diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 000000000..8d76919b5 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,4 @@ +cloudflare==2.20.0 +email-validator==2.1.1 +makejinja==2.6.0 +netaddr==1.3.0 diff --git a/scripts/kubeconform.sh b/scripts/kubeconform.sh new file mode 100755 index 000000000..a69308b1f --- /dev/null +++ b/scripts/kubeconform.sh @@ -0,0 +1,52 @@ +#!/usr/bin/env bash +set -o errexit +set -o pipefail + +KUBERNETES_DIR=$1 + +[[ -z "${KUBERNETES_DIR}" ]] && echo "Kubernetes location not specified" && exit 1 + +kustomize_args=("--load-restrictor=LoadRestrictionsNone") +kustomize_config="kustomization.yaml" +kubeconform_args=( + "-strict" + "-ignore-missing-schemas" + "-skip" + "Secret" + "-schema-location" + "default" + "-schema-location" + "https://kubernetes-schemas.pages.dev/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json" + "-verbose" +) + +echo "=== Validating standalone manifests in ${KUBERNETES_DIR}/flux ===" +find "${KUBERNETES_DIR}/flux" -maxdepth 1 -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; + do + kubeconform "${kubeconform_args[@]}" "${file}" + if [[ ${PIPESTATUS[0]} != 0 ]]; then + exit 1 + fi +done + +echo "=== Validating kustomizations in ${KUBERNETES_DIR}/flux ===" +find "${KUBERNETES_DIR}/flux" -type f -name $kustomize_config -print0 | while IFS= read -r -d $'\0' file; + do + echo "=== Validating kustomizations in ${file/%$kustomize_config} ===" + kustomize build "${file/%$kustomize_config}" "${kustomize_args[@]}" | \ + kubeconform "${kubeconform_args[@]}" + if [[ ${PIPESTATUS[0]} != 0 ]]; then + exit 1 + fi +done + +echo "=== Validating kustomizations in ${KUBERNETES_DIR}/apps ===" +find "${KUBERNETES_DIR}/apps" -type f -name $kustomize_config -print0 | while IFS= read -r -d $'\0' file; + do + echo "=== Validating kustomizations in ${file/%$kustomize_config} ===" + kustomize build "${file/%$kustomize_config}" "${kustomize_args[@]}" | \ + kubeconform "${kubeconform_args[@]}" + if [[ ${PIPESTATUS[0]} != 0 ]]; then + exit 1 + fi +done