From 532faccbba3b477936ccadc17bd02cfc580d0c17 Mon Sep 17 00:00:00 2001 From: JJGadgets Date: Mon, 30 Sep 2024 17:13:56 +0800 Subject: [PATCH] chore: cleanup --- kube/clusters/nuclear/talos/talconfig.yaml | 2 - kube/templates/test/app/hr.yaml | 43 +++++++++------------- kube/templates/test/ks.yaml | 1 + 3 files changed, 18 insertions(+), 28 deletions(-) diff --git a/kube/clusters/nuclear/talos/talconfig.yaml b/kube/clusters/nuclear/talos/talconfig.yaml index 538c518797..14a4f699ac 100755 --- a/kube/clusters/nuclear/talos/talconfig.yaml +++ b/kube/clusters/nuclear/talos/talconfig.yaml @@ -158,8 +158,6 @@ nodes: mtu: 9000 dhcp: false patches: - # required for Talos to initialize i915 VFIO devices - - *i915 # FRR routing - |- machine: diff --git a/kube/templates/test/app/hr.yaml b/kube/templates/test/app/hr.yaml index 3db891b65d..05c6ce28db 100644 --- a/kube/templates/test/app/hr.yaml +++ b/kube/templates/test/app/hr.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/common-3.4.0/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: @@ -9,7 +10,7 @@ spec: chart: spec: chart: app-template - version: 3.1.0 + version: 3.4.0 sourceRef: name: bjw-s kind: HelmRepository @@ -148,7 +149,7 @@ spec: # HTTP1.1 /v1/auth/valid: 400 Request Header Or Cookie Too Large # HTTP2 /v1/auth/valid: HTTP/2 stream was not closed cleanly before end of the underlying stream hosts: - - host: &host "${APP_DNS_APPNAME}" + - host: &host "${APP_DNS_APPNAME:=${APPNAME}}" paths: &paths - path: / pathType: Prefix @@ -157,29 +158,12 @@ spec: port: http tls: - hosts: [*host] - tailscale: - primary: false - className: tailscale - hosts: - - host: &host "${APPNAME}.${DNS_TS}" - paths: &paths - - path: / - pathType: Prefix - service: - name: frontend - port: http - tls: - - hosts: [*host] - # dnsConfig: - # options: - # - name: ndots - # value: "1" persistence: config: type: configMap name: ${APPNAME}-config advancedMounts: - main: + ${APPNAME}: main: - subPath: server.toml path: /data/server.toml @@ -190,8 +174,8 @@ spec: path: /data nfs: type: nfs - server: "${IP_TRUENAS}" - path: "${PATH_NAS_PERSIST_K8S}" + server: "${IP_TRUENAS:=127.0.0.1}" + path: "${PATH_NAS_PERSIST_K8S:=/home}" globalMounts: - subPath: ${APPNAME} path: /nfs @@ -206,7 +190,7 @@ spec: name: ${APPNAME}-tls defaultMode: 0400 advancedMounts: - main: + ${APPNAME}: main: - subPath: tls.crt path: /tls/fullchain.pem @@ -238,11 +222,15 @@ spec: automountServiceAccountToken: false enableServiceLinks: false hostAliases: - - ip: "${APP_IP_AUTHENTIK}" - hostnames: ["${APP_DNS_AUTHENTIK}"] + - ip: "${APP_IP_AUTHENTIK:=127.0.0.1}" + hostnames: ["${APP_DNS_AUTHENTIK:=authentik}"] + dnsConfig: + options: + - name: ndots + value: "1" securityContext: runAsNonRoot: true - runAsUser: &uid ${APP_UID_APPNAME} + runAsUser: &uid ${APP_UID_APPNAME:=1000} runAsGroup: *uid fsGroup: *uid fsGroupChangePolicy: Always @@ -263,8 +251,11 @@ spec: operator: DoesNotExist networkpolicies: same-ns: + # either controller: ${APPNAME} + # or podSelector: {} + # end policyTypes: [Ingress, Egress] rules: ingress: [from: [{podSelector: {}}]] diff --git a/kube/templates/test/ks.yaml b/kube/templates/test/ks.yaml index 17947b4701..08e871892a 100644 --- a/kube/templates/test/ks.yaml +++ b/kube/templates/test/ks.yaml @@ -29,6 +29,7 @@ spec: targetNamespace: "${APPNAME}" dependsOn: - name: 1-core-storage-volsync-app + - name: 1-core-storage-snapscheduler-app - name: 1-core-storage-rook-ceph-cluster postBuild: substitute: