steps towards a completely managed cluster

2024-03-20 23:45:08 +01:00
parent 84a47b15b6
commit 443da20ff9
19 changed files with 223 additions and 17 deletions
--- a/infrastructure/external/kustomization.yaml
+++ b/infrastructure/external/kustomization.yaml
@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: external
+
+
+resources:
+  - omv-s3.ingress.yaml
+  - openmediavault.ingress.yaml
+  - proxmox.ingress.yaml
--- a/infrastructure/external/omv-s3.ingress.yaml
+++ b/infrastructure/external/omv-s3.ingress.yaml
@@ -2,7 +2,6 @@ apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
  name: omv-s3-ingressroute
-  namespace: external
 spec:
  entryPoints:
    - websecure
@@ -20,7 +19,6 @@ apiVersion: v1
 kind: Endpoints
 metadata:
  name: omv-s3
-  namespace: external
 subsets:
  - addresses:
      - ip: 192.168.1.157
@@ -31,7 +29,6 @@ apiVersion: v1
 kind: Service
 metadata:
  name: omv-s3
-  namespace: external
 spec:
  ports:
    - port: 9000
--- a/infrastructure/nfs/kustomization.yaml
+++ b/infrastructure/nfs/kustomization.yaml
@@ -3,8 +3,6 @@ kind: Kustomization

 namespace: nfs-provisioner

-bases:
-
 resources:
  - github.com/kubernetes-sigs/nfs-subdir-external-provisioner//deploy
  - namespace.yaml
--- a/infrastructure/sealedsecrets/README.md
+++ b/infrastructure/sealedsecrets/README.md
@@ -0,0 +1,9 @@
+### Restoring sealed secrets
+```bash
+# install the sealed secrets controller
+kubectl kustomize . | kubectl apply -f -
+# restore the sealed secrets
+kubectl apply -f main.key
+# restart pod
+kubectl delete pod -n kube-system -l name=sealed-secrets-controller
+```
--- a/infrastructure/sealedsecrets/controller.yaml
+++ b/infrastructure/sealedsecrets/controller.yaml
@@ -6,7 +6,6 @@ metadata:
  labels:
    name: sealed-secrets-service-proxier
  name: sealed-secrets-service-proxier
-  namespace: kube-system
 rules:
 - apiGroups:
  - ""
@@ -35,7 +34,6 @@ metadata:
  labels:
    name: sealed-secrets-controller
  name: sealed-secrets-controller
-  namespace: kube-system
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@@ -43,7 +41,6 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: sealed-secrets-controller
-  namespace: kube-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -52,7 +49,6 @@ metadata:
  labels:
    name: sealed-secrets-key-admin
  name: sealed-secrets-key-admin
-  namespace: kube-system
 rules:
 - apiGroups:
  - ""
@@ -116,7 +112,6 @@ metadata:
  labels:
    name: sealed-secrets-service-proxier
  name: sealed-secrets-service-proxier
-  namespace: kube-system
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@@ -133,7 +128,6 @@ metadata:
  labels:
    name: sealed-secrets-controller
  name: sealed-secrets-controller
-  namespace: kube-system
 spec:
  minReadySeconds: 30
  replicas: 1
@@ -157,7 +151,7 @@ spec:
        command:
        - controller
        env: []
-        image: docker.io/bitnami/sealed-secrets-controller:v0.23.1
+        image: controller
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:
@@ -342,7 +336,6 @@ metadata:
  labels:
    name: sealed-secrets-controller
  name: sealed-secrets-controller
-  namespace: kube-system
 spec:
  ports:
  - port: 8080
@@ -365,7 +358,6 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: sealed-secrets-controller
-  namespace: kube-system
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -374,4 +366,3 @@ metadata:
  labels:
    name: sealed-secrets-controller
  name: sealed-secrets-controller
-  namespace: kube-system
--- a/infrastructure/sealedsecrets/kustomization.yaml
+++ b/infrastructure/sealedsecrets/kustomization.yaml
@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: kube-system
+
+resources:
+  - controller.yaml
+
+images:
+  - name: controller
+    newName: docker.io/bitnami/sealed-secrets-controller
+    newTag: v0.23.1