Merge branch 'main' of github.com:tyriis/home-ops

tyriis · Feb 3, 2025 · 31d57ba · 31d57ba
2 parents a93d3e0 + 63ef36d
commit 31d57ba
Show file tree

Hide file tree

Showing 70 changed files with 300 additions and 165 deletions.
diff --git a/kubernetes/base/flux/repositories/helm/cilium-charts.yaml b/kubernetes/base/flux/repositories/helm/cilium-charts.yaml
@@ -6,5 +6,6 @@ metadata:
   name: cilium-charts
   namespace: flux-system
 spec:
-  interval: 2h
+  interval: 1h
+  timeout: 3m
   url: https://helm.cilium.io
diff --git a/kubernetes/base/flux/repositories/helm/coredns-charts.yaml b/kubernetes/base/flux/repositories/helm/coredns-charts.yaml
@@ -6,5 +6,6 @@ metadata:
   name: coredns-charts
   namespace: flux-system
 spec:
-  interval: 2h
+  interval: 1h
+  timeout: 3m
   url: https://coredns.github.io/helm
diff --git a/kubernetes/base/flux/repositories/helm/flux-iac-charts.yaml b/kubernetes/base/flux/repositories/helm/flux-iac-charts.yaml
@@ -6,6 +6,7 @@ metadata:
   name: flux-iac-charts
   namespace: flux-system
 spec:
-  interval: 1h
   type: oci
+  interval: 1h
+  timeout: 3m
   url: oci://ghcr.io/flux-iac/charts
diff --git a/kubernetes/base/flux/repositories/helm/harbor-charts.yaml b/kubernetes/base/flux/repositories/helm/harbor-charts.yaml
@@ -6,6 +6,6 @@ metadata:
   name: harbor-charts
   namespace: flux-system
 spec:
-  interval: 2h
+  interval: 1h
   timeout: 3m
   url: https://helm.goharbor.io
diff --git a/kubernetes/base/flux/repositories/helm/ingress-nginx-charts.yaml b/kubernetes/base/flux/repositories/helm/ingress-nginx-charts.yaml
@@ -6,5 +6,6 @@ metadata:
   name: ingress-nginx-charts
   namespace: flux-system
 spec:
-  interval: 2h
+  interval: 1h
+  timeout: 3m
   url: https://kubernetes.github.io/ingress-nginx
diff --git a/kubernetes/base/flux/repositories/helm/openebs-charts.yaml b/kubernetes/base/flux/repositories/helm/openebs-charts.yaml
@@ -6,5 +6,6 @@ metadata:
   name: openebs-charts
   namespace: flux-system
 spec:
-  interval: 2h
+  interval: 1h
+  timeout: 3m
   url: https://openebs.github.io/openebs
diff --git a/kubernetes/kube-nas/apps/auth-system/kustomization.yaml b/kubernetes/kube-nas/apps/auth-system/kustomization.yaml
@@ -3,5 +3,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./namespace.yaml
+  - namespace.yaml
   - ./oauth2-proxy/flux-sync.yaml
diff --git a/kubernetes/kube-nas/apps/auth-system/oauth2-proxy/app/helm-release.yaml b/kubernetes/kube-nas/apps/auth-system/oauth2-proxy/app/helm-release.yaml
@@ -6,6 +6,7 @@ metadata:
   name: oauth2-proxy
 spec:
   interval: 30m
+  timeout: 5m
   chart:
     spec:
       chart: app-template
@@ -22,6 +23,8 @@ spec:
     remediation:
       strategy: rollback
       retries: 3
+  uninstall:
+    keepHistory: false
   values:
     controllers:
       oauth2-proxy:

diff --git a/kubernetes/kube-nas/apps/auth-system/oauth2-proxy/app/kustomization.yaml b/kubernetes/kube-nas/apps/auth-system/oauth2-proxy/app/kustomization.yaml
@@ -2,7 +2,6 @@
 # yaml-language-server: $schema=https://json.schemastore.org/kustomization
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: auth-system
 resources:
   - secrets.sops.yaml
   - helm-release.yaml
diff --git a/kubernetes/kube-nas/apps/auth-system/oauth2-proxy/flux-sync.yaml b/kubernetes/kube-nas/apps/auth-system/oauth2-proxy/flux-sync.yaml
@@ -3,19 +3,21 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
-  name: oauth2-proxy
+  name: &appname oauth2-proxy
   namespace: flux-system
 spec:
-  dependsOn:
-    - name: dragonfly-cluster
-  interval: 10m
+  targetNamespace: auth-system
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *appname
   path: ./kubernetes/kube-nas/apps/auth-system/oauth2-proxy/app
   prune: true
   sourceRef:
     kind: GitRepository
     name: home-ops
-  targetNamespace: auth-system
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: oauth2-proxy
   wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  dependsOn:
+    - name: dragonfly-cluster
diff --git a/kubernetes/kube-nas/apps/backup-system/snapshot-controller/app/helm-release.yaml b/kubernetes/kube-nas/apps/backup-system/snapshot-controller/app/helm-release.yaml
@@ -6,6 +6,7 @@ metadata:
   name: snapshot-controller
 spec:
   interval: 30m
+  timeout: 5m
   chart:
     spec:
       chart: snapshot-controller
@@ -24,6 +25,8 @@ spec:
     remediation:
       strategy: rollback
       retries: 3
+  uninstall:
+    keepHistory: false
   values:
     controller:
       replicaCount: 1

diff --git a/kubernetes/kube-nas/apps/backup-system/volsync/app/helm-release.yaml b/kubernetes/kube-nas/apps/backup-system/volsync/app/helm-release.yaml
@@ -5,7 +5,8 @@ kind: HelmRelease
 metadata:
   name: volsync
 spec:
-  interval: 15m
+  interval: 30m
+  timeout: 5m
   chart:
     spec:
       chart: volsync
@@ -14,14 +15,15 @@ spec:
         kind: HelmRepository
         name: backube-charts
         namespace: flux-system
-  maxHistory: 15
   install:
-    createNamespace: true
+    crds: CreateReplace
     remediation:
       retries: 3
   upgrade:
     cleanupOnFail: true
+    crds: CreateReplace
     remediation:
+      strategy: rollback
       retries: 3
   uninstall:
     keepHistory: false

diff --git a/kubernetes/kube-nas/apps/backup-system/volsync/app/kustomization.yaml b/kubernetes/kube-nas/apps/backup-system/volsync/app/kustomization.yaml
@@ -3,4 +3,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./helm-release.yaml
+  - helm-release.yaml
diff --git a/kubernetes/kube-nas/apps/backup-system/volsync/flux-sync.yaml b/kubernetes/kube-nas/apps/backup-system/volsync/flux-sync.yaml
@@ -8,17 +8,18 @@ metadata:
   labels:
     substitution.flux.home.arpa/enabled: "true"
 spec:
+  targetNamespace: backup-system
   commonMetadata:
     labels:
       app.kubernetes.io/name: *appname
-  targetNamespace: backup-system
-  dependsOn:
-    - name: snapshot-controller
-  interval: 10m
   path: ./kubernetes/kube-nas/apps/backup-system/volsync/app
   prune: true
-  wait: true
   sourceRef:
     kind: GitRepository
     name: home-ops
-  timeout: 3m
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  dependsOn:
+    - name: snapshot-controller
diff --git a/kubernetes/kube-nas/apps/bunkerweb-ingress/bunkerweb/app/helm-release.yaml b/kubernetes/kube-nas/apps/bunkerweb-ingress/bunkerweb/app/helm-release.yaml
@@ -6,6 +6,7 @@ metadata:
   name: &app bunkerweb
 spec:
   interval: 30m
+  timeout: 5m
   chart:
     spec:
       chart: app-template
@@ -22,6 +23,8 @@ spec:
     remediation:
       strategy: rollback
       retries: 3
+  uninstall:
+    keepHistory: false
   values:
     serviceAccount:
       create: true

diff --git a/kubernetes/kube-nas/apps/bunkerweb-ingress/bunkerweb/flux-sync.yaml b/kubernetes/kube-nas/apps/bunkerweb-ingress/bunkerweb/flux-sync.yaml
@@ -12,14 +12,14 @@ spec:
   commonMetadata:
     labels:
       app.kubernetes.io/name: *appname
-  interval: 10m
-  dependsOn:
-    - name: cert-manager-issuers
   path: ./kubernetes/kube-nas/apps/bunkerweb-ingress/bunkerweb/app
   prune: true
   sourceRef:
     kind: GitRepository
     name: home-ops
   wait: true
+  interval: 30m
   retryInterval: 1m
   timeout: 5m
+  dependsOn:
+    - name: cert-manager-issuers
diff --git a/kubernetes/kube-nas/apps/bunkerweb-ingress/kustomization.yaml b/kubernetes/kube-nas/apps/bunkerweb-ingress/kustomization.yaml
@@ -3,5 +3,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./namespace.yaml
+  - namespace.yaml
   - ./bunkerweb/flux-sync.yaml
diff --git a/kubernetes/kube-nas/apps/cert-manager/cert-manager/app/helm-release.yaml b/kubernetes/kube-nas/apps/cert-manager/cert-manager/app/helm-release.yaml
@@ -6,6 +6,7 @@ metadata:
   name: cert-manager
 spec:
   interval: 30m
+  timeout: 5m
   chart:
     spec:
       chart: cert-manager
@@ -14,15 +15,17 @@ spec:
         kind: HelmRepository
         name: jetstack-charts
         namespace: flux-system
-      interval: 30m
   install:
     crds: CreateReplace
     remediation:
       retries: 5
   upgrade:
+    cleanupOnFail: true
     crds: CreateReplace
     remediation:
       retries: 5
+  uninstall:
+    keepHistory: false
   values:
     installCRDs: true
     extraArgs:

diff --git a/kubernetes/kube-nas/apps/cert-manager/cert-manager/app/kustomization.yaml b/kubernetes/kube-nas/apps/cert-manager/cert-manager/app/kustomization.yaml
@@ -2,6 +2,5 @@
 # yaml-language-server: $schema=https://json.schemastore.org/kustomization
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: cert-manager
 resources:
   - helm-release.yaml
diff --git a/kubernetes/kube-nas/apps/cert-manager/cert-manager/flux-sync.yaml b/kubernetes/kube-nas/apps/cert-manager/cert-manager/flux-sync.yaml
@@ -3,30 +3,43 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
-  name: cert-manager
+  name: &appname cert-manager
   namespace: flux-system
 spec:
-  interval: 10m
+  targetNamespace: cert-manager
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *appname
   path: ./kubernetes/kube-nas/apps/cert-manager/cert-manager/app
   prune: true
   sourceRef:
     kind: GitRepository
     name: home-ops
   wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+
 ---
 # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
-  name: cert-manager-issuers
+  name: &appname cert-manager-issuers
   namespace: flux-system
 spec:
-  interval: 10m
+  targetNamespace: cert-manager
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *appname
   path: ./kubernetes/kube-nas/apps/cert-manager/cert-manager/issuers
   prune: true
   sourceRef:
     kind: GitRepository
     name: home-ops
   wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
   dependsOn:
     - name: cert-manager
diff --git a/kubernetes/kube-nas/apps/cert-manager/cert-manager/issuers/kustomization.yaml b/kubernetes/kube-nas/apps/cert-manager/cert-manager/issuers/kustomization.yaml
@@ -2,7 +2,6 @@
 # yaml-language-server: $schema=https://json.schemastore.org/kustomization
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: cert-manager
 resources:
   - cluster-issuer-self-signed.yaml
   - secret.sops.yaml

diff --git a/kubernetes/kube-nas/apps/cert-manager/kustomization.yaml b/kubernetes/kube-nas/apps/cert-manager/kustomization.yaml
@@ -3,5 +3,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./namespace.yaml
+  - namespace.yaml
   - ./cert-manager/flux-sync.yaml
diff --git a/kubernetes/kube-nas/apps/database-system/cloudnative-pg/flux-sync.yaml b/kubernetes/kube-nas/apps/database-system/cloudnative-pg/flux-sync.yaml
@@ -6,19 +6,19 @@ metadata:
   name: &appname cloudnative-pg
   namespace: flux-system
 spec:
+  targetNamespace: database-system
   commonMetadata:
     labels:
       app.kubernetes.io/name: *appname
-  interval: 30m
   path: ./kubernetes/kube-nas/apps/database-system/cloudnative-pg/operator
   prune: true
-  retryInterval: 1m
   sourceRef:
     kind: GitRepository
     name: home-ops
-  targetNamespace: database-system
-  timeout: 3m
   wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
 
 ---
 # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
@@ -28,21 +28,21 @@ metadata:
   name: &appname cloudnative-pg-cluster
   namespace: flux-system
 spec:
+  targetNamespace: database-system
   commonMetadata:
     labels:
       app.kubernetes.io/name: *appname
-  dependsOn:
-    - name: cloudnative-pg
-    - name: dbman
-    - name: minio
-    - name: openebs
-  interval: 30m
   path: ./kubernetes/kube-nas/apps/database-system/cloudnative-pg/cluster
   prune: true
-  retryInterval: 15s
   sourceRef:
     kind: GitRepository
     name: home-ops
-  targetNamespace: database-system
-  timeout: 3m
   wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  dependsOn:
+    - name: cloudnative-pg
+    - name: dbman
+    - name: minio
+    - name: openebs