jleechpe/k3s
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move longhorn, cert-manager and traefik to kustomize

Browse source
This commit is contained in:
JLP 2025-03-27 22:00:00 -04:00
parent 2017459a07
commit a002006169
No known key found for this signature in database
GPG key ID: 414E00D1FF7519DC
22 changed files with 233 additions and 97 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
namespaces/cert-manager/cloudflare-token.yaml → namespaces/cert-manager/cert-manager/extras/cloudflare-token.yaml
View file

29
namespaces/cert-manager/cert-manager/kustomization.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
transformers:
- |-
apiVersion: builtin
kind: NamespaceTransformer
metadata:
name: notImportantHere
namespace: cert-manager
unsetOnly: true
namePrefix: cert-manager-
resources:
- ../../../kustomize/helmchart-noaddons
- extras/cloudflare-token.yaml
patches:
- path: patches/chart.yaml
target:
kind: HelmChart
name: chart
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/appName: cert-manager
- pairs:
app.kubernetes.io/appNamespace: cert-manager

0
namespaces/cert-manager/chart.yaml → namespaces/cert-manager/cert-manager/patches/chart.yaml
View file

0
namespaces/cert-manager/cluster-issuer.yaml → namespaces/cert-manager/cert-manager/post/cluster-issuer.yaml
View file

0
namespaces/cert-manager/consultjlpdotcom-cert.yaml → namespaces/cert-manager/cert-manager/post/consultjlpdotcom-cert.yaml
View file

0
namespaces/cert-manager/jlptechdotconsulting-cert.yaml → namespaces/cert-manager/cert-manager/post/jlptechdotconsulting-cert.yaml
View file

0
namespaces/cert-manager/leechpepindotcom-cert.yaml → namespaces/cert-manager/cert-manager/post/leechpepindotcom-cert.yaml
View file

33
namespaces/homelab/secrets.yaml
View file

@ -1,33 +0,0 @@
---
apiVersion: secrets.infisical.com/v1alpha1
kind: InfisicalSecret
metadata:
name: homelab-sslcert-secrets
namespace: infisical
labels:
label-to-be-passed-to-managed-secret: homelab
annotations:
example.com/annotation-to-be-passed-to-managed-secret: "homelab"
spec:
hostAPI: https://app.infisical.com/api
resyncInterval: 10
authentication:
# Universal Auth
universalAuth:
secretsScope:
projectSlug: homelab-n-f-yj
envSlug: prod
secretsPath: "/homelab" # Root is "/"
recursive: true # Whether or not to use recursive mode (Fetches all secrets in an environment from a given secret path, and all folders inside the path) / defaults to false
credentialsRef:
secretName: universal-auth-credentials
secretNamespace: infisical
managedSecretReference:
secretName: infisical-self-signed-cert
secretNamespace: homelab
creationPolicy: "Orphan" ## Owner | Orphan
secretType: kubernetes.io/tls
template:
data:
tls.crt: "{{ .TLS_CERT.Value }}"
tls.key: "{{ .TLS_KEY.Value }}"

28
namespaces/infisical/infisical/kustomization.yaml Normal file
View file

@ -0,0 +1,28 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
transformers:
- |-
apiVersion: builtin
kind: NamespaceTransformer
metadata:
name: notImportantHere
namespace: infisical
unsetOnly: true
namePrefix: infisical-
resources:
- ../../../kustomize/helmchart-noaddons
patches:
- path: patches/chart.yaml
target:
kind: HelmChart
name: chart
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/appName: infisical
- pairs:
app.kubernetes.io/appNamespace: infisical

1
charts/infisical.yaml → namespaces/infisical/infisical/patches/chart.yaml
View file

@ -7,7 +7,6 @@ metadata:
- wrangler.cattle.io/on-helm-chart-remove - wrangler.cattle.io/on-helm-chart-remove
generation: 1 generation: 1
name: infisical-install name: infisical-install
namespace: default
spec: spec:
chart: secrets-operator chart: secrets-operator
repo: https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/ repo: https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/

7
namespaces/infisical/namespace.yaml Normal file
View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
labels:
homelab-access: "false"
name: infisical

39
namespaces/longhorn-system/longhorn-gateway.yaml
View file

@ -1,39 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: ReferenceGrant
metadata:
name: allow-routes-to-services
namespace: longhorn-system
spec:
from:
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: traefik
to:
- group: ""
kind: Service
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: longhorn-ui
namespace: traefik
spec:
parentRefs:
- name: traefik-gateway
sectionName: web
kind: Gateway
namespace: traefik
hostnames:
- longhorn.leechpepin.local
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: longhorn-frontend
namespace: longhorn-system
port: 80

23
namespaces/longhorn-system/storageclasses.yaml
View file

@ -1,23 +0,0 @@
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: longhorn-private
provisioner: driver.longhorn.io
allowVolumeExpansion: true
parameters:
numberOfReplicas: "2"
dataLocality: "best-effort"
diskSelector: "private"
nodeSelector: "private"
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: longhorn-public
provisioner: driver.longhorn.io
allowVolumeExpansion: true
parameters:
numberOfReplicas: "2"
dataLocality: "best-effort"
diskSelector: "public"

12
namespaces/longhorn/longhorn/extras/longhorn-private-storageclass.yaml Normal file
View file

@ -0,0 +1,12 @@
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: private
provisioner: driver.longhorn.io
allowVolumeExpansion: true
parameters:
numberOfReplicas: "2"
dataLocality: "best-effort"
diskSelector: "private"
nodeSelector: "private"

11
namespaces/longhorn/longhorn/extras/longhorn-public-storageclass.yaml Normal file
View file

@ -0,0 +1,11 @@
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: public
provisioner: driver.longhorn.io
allowVolumeExpansion: true
parameters:
numberOfReplicas: "2"
dataLocality: "best-effort"
diskSelector: "public"

99
namespaces/longhorn/longhorn/kustomization.yaml Normal file
View file

@ -0,0 +1,99 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
transformers:
- |-
apiVersion: builtin
kind: NamespaceTransformer
metadata:
name: notImportantHere
namespace: longhorn
unsetOnly: true
namePrefix: longhorn-
resources:
- ../../../kustomize/helmchart
- extras/longhorn-public-storageclass.yaml
- extras/longhorn-private-storageclass.yaml
patches:
- path: patches/chart.yaml
target:
kind: HelmChart
name: chart
- path: patches/secrets.yaml
target:
kind: InfisicalSecret
name: secrets
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/appName: longhorn
- pairs:
app.kubernetes.io/appNamespace: longhorn
- pairs:
app.kubernetes.io/chartServiceName: longhorn-frontend
replacements:
- source:
kind: HTTPRoute
name: http
fieldPath: metadata.labels.[app.kubernetes.io/chartServiceName]
targets:
- select:
kind: HTTPRoute
options:
create: true
delimiter: "."
index: 0
fieldPaths:
- spec.rules.0.backendRefs.0.name
- source:
kind: HTTPRoute
name: http
fieldPath: metadata.labels.[app.kubernetes.io/appName]
targets:
- select:
kind: HTTPRoute
options:
create: true
delimiter: "."
index: 0
fieldPaths:
- spec.hostnames.0
- select:
kind: InfisicalSecret
options:
delimiter: "-"
index: 0
fieldPaths:
- spec.managedSecretReference.secretName
- select:
kind: InfisicalSecret
options:
delimiter: "/"
index: 2
fieldPaths:
- spec.authentication.universalAuth.secretsScope.secretsPath
- source:
kind: HTTPRoute
name: http
fieldPath: metadata.labels.[app.kubernetes.io/appNamespace]
targets:
- select:
kind: HelmChart
name: chart
fieldPaths:
- spec.targetNamespace
- select:
kind: InfisicalSecret
options:
delimiter: "/"
index: 1
fieldPaths:
- spec.authentication.universalAuth.secretsScope.secretsPath
- select:
kind: InfisicalSecret
fieldPaths:
- spec.managedSecretReference.secretNamespace

1
charts/longhorn.yaml → namespaces/longhorn/longhorn/patches/chart.yaml
View file

@ -7,7 +7,6 @@ metadata:
- wrangler.cattle.io/on-helm-chart-remove - wrangler.cattle.io/on-helm-chart-remove
generation: 1 generation: 1
name: longhorn-install name: longhorn-install
namespace: default # This should be elsewhere but changing it would delete
spec: spec:
version: v1.7.2 version: v1.7.2
chart: longhorn chart: longhorn

5
namespaces/longhorn/longhorn/patches/secrets.yaml Normal file
View file

@ -0,0 +1,5 @@
$patch: delete
apiVersion: secrets.infisical.com/v1alpha1
kind: InfisicalSecret
metadata:
name: secrets

7
namespaces/longhorn/namespace.yaml Normal file
View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
labels:
homelab-access: "true"
name: longhorn

7
namespaces/traefik/namespace.yaml Normal file
View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
labels:
homelab-access: "true"
name: traefik

28
namespaces/traefik/traefik/kustomization.yaml Normal file
View file

@ -0,0 +1,28 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
transformers:
- |-
apiVersion: builtin
kind: NamespaceTransformer
metadata:
name: notImportantHere
namespace: traefik
unsetOnly: true
namePrefix: traefik-lb
resources:
- ../../../kustomize/helmchart-noaddons/
patches:
- path: patches/chart.yaml
target:
kind: HelmChart
name: chart
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/appName: traefik-lb
- pairs:
app.kubernetes.io/appNamespace: traefik

0
charts/traefik.yaml → namespaces/traefik/traefik/patches/chart.yaml
View file