chore: cleanup

kube/clusters/nuclear/talos/talconfig.yaml

@@ -158,8 +158,6 @@ nodes:
         mtu: 9000
         dhcp: false
     patches:
-      # required for Talos to initialize i915 VFIO devices
-      - *i915
       # FRR routing
       - |-
         machine:

kube/templates/test/app/hr.yaml

@@ -1,4 +1,5 @@
 ---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/common-3.4.0/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
@@ -9,7 +10,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.1.0
+      version: 3.4.0
       sourceRef:
         name: bjw-s
         kind: HelmRepository
@@ -148,7 +149,7 @@ spec:
           # HTTP1.1 /v1/auth/valid: 400 Request Header Or Cookie Too Large
           # HTTP2 /v1/auth/valid: HTTP/2 stream was not closed cleanly before end of the underlying stream
         hosts:
-          - host: &host "${APP_DNS_APPNAME}"
+          - host: &host "${APP_DNS_APPNAME:=${APPNAME}}"
             paths: &paths
               - path: /
                 pathType: Prefix
@@ -157,29 +158,12 @@ spec:
                   port: http
         tls:
           - hosts: [*host]
-      tailscale:
-        primary: false
-        className: tailscale
-        hosts:
-          - host: &host "${APPNAME}.${DNS_TS}"
-            paths: &paths
-              - path: /
-                pathType: Prefix
-                service:
-                  name: frontend
-                  port: http
-        tls:
-          - hosts: [*host]
-    #     dnsConfig:
-    #       options:
-    #         - name: ndots
-    #           value: "1"
     persistence:
       config:
         type: configMap
         name: ${APPNAME}-config
         advancedMounts:
-          main:
+          ${APPNAME}:
             main:
               - subPath: server.toml
                 path: /data/server.toml
@@ -190,8 +174,8 @@ spec:
             path: /data
       nfs:
         type: nfs
-        server: "${IP_TRUENAS}"
-        path: "${PATH_NAS_PERSIST_K8S}"
+        server: "${IP_TRUENAS:=127.0.0.1}"
+        path: "${PATH_NAS_PERSIST_K8S:=/home}"
         globalMounts:
           - subPath: ${APPNAME}
             path: /nfs
@@ -206,7 +190,7 @@ spec:
         name: ${APPNAME}-tls
         defaultMode: 0400
         advancedMounts:
-          main:
+          ${APPNAME}:
             main:
               - subPath: tls.crt
                 path: /tls/fullchain.pem
@@ -238,11 +222,15 @@ spec:
       automountServiceAccountToken: false
       enableServiceLinks: false
       hostAliases:
-        - ip: "${APP_IP_AUTHENTIK}"
-          hostnames: ["${APP_DNS_AUTHENTIK}"]
+        - ip: "${APP_IP_AUTHENTIK:=127.0.0.1}"
+          hostnames: ["${APP_DNS_AUTHENTIK:=authentik}"]
+      dnsConfig:
+        options:
+          - name: ndots
+            value: "1"
       securityContext:
         runAsNonRoot: true
-        runAsUser: &uid ${APP_UID_APPNAME}
+        runAsUser: &uid ${APP_UID_APPNAME:=1000}
         runAsGroup: *uid
         fsGroup: *uid
         fsGroupChangePolicy: Always
@@ -263,8 +251,11 @@ spec:
                     operator: DoesNotExist
     networkpolicies:
       same-ns:
+        # either
         controller: ${APPNAME}
+        # or
         podSelector: {}
+        # end
         policyTypes: [Ingress, Egress]
         rules:
           ingress: [from: [{podSelector: {}}]]

kube/templates/test/ks.yaml

@@ -29,6 +29,7 @@ spec:
   targetNamespace: "${APPNAME}"
   dependsOn:
     - name: 1-core-storage-volsync-app
+    - name: 1-core-storage-snapscheduler-app
     - name: 1-core-storage-rook-ceph-cluster
   postBuild:
     substitute: